WAM CLI
Managing the Web Access Manager Server Using Command Lines and these commands are located in the directory $LPF_ROOT_DIR/bin, where $LPF_ROOT_DIR is the Web Access Manager installation directory (/usr/evidian/lpf) by default.
WAM Basic CLI
lpfversion
# Display the WAM Components Version
lpfversion
lpfstatus
# Display the WAM Services state
lpfstatus
usage: ./lpfstatus [-h] [-r] [-noadminserver] [-w] [-d <level>]
Possible options are:
-h: to display this help message
-r: output is produce in raw mode
-w: wait for a carriage return before exiting
-d <debug level>: debug level
./lpfstatus -r -d 3
lpfstart
# Start the WAM Services
lpfstart
usage: ./lpfstart [-h] [-r] [-noadminserver] [-w] [-d <level>]
Possible options are:
-h: to display this help message
-r: output is produce in raw mode
-noadminserver: do not start the Admin Server
-w: wait for a carriage return before exiting
-d <debug level>: debug level
./lpfstart -r -noadminserver -d 3
lpfrestart
# Restart the WAM Services
lpfrestart
usage: ./lpfrestart [-h] [-r] [-noadminserver] [-w] [-d <level>]
Possible options are:
-h: to display this help message
-r: output is produce in raw mode
-noadminserver: do not restart the Admin Server
-w: wait for a carriage return before exiting
-d <debug level>: debug level
./lpfstart -r -noadminserver -d 3
lpfstop
# Stop the WAM Services
lpfstop
usage: ./lpfstop [-h] [-r] [-noadminserver] [-w] [-d <level>]
Possible options are:
-h: to display this help message
-r: output is produce in raw mode
-noadminserver: do not stop the Admin Server
-w: wait for a carriage return before exiting
-d <debug level>: debug level
./lpfstop -r -noadminserver -d 3
lpfadmin
# Management of WAM Security Gateway administration server
lpfadmin
[root@oracle bin]# ./lpfadmin -h
*** Advanced command for support team ***
Management of WAM Security Gateway administration server
Usage: ./lpfadmin <action> [Options]
action: -create, -delete, -start, -stop, -restart, -status
Options:
-f: never check peer certificate with LDAPS
-d <trace level>: the trace level
-w <password>: old password for certificate database
-l: for a deferred operation
-b: for a background process
-t <tempo>: temporization in seconds
-p <ppid>: the parent process id
-u <admin server URL>: the URL of the Admin Server
-i [yes|no]>: does use IP listen ?
./lpfadmin -start -d 3
./lpfadmin -status -f -d 3
./lpfadmin -restart -d 3
lpfsendmail
lpfsendmail
lpftemplate
lpftemplate
Populate the WAM Directory with an LDIF file
Usage: lpftemplate <options>
Where options are:
-H <LDAP URL>: LDAP URL of the WAM Directory
-u <admin uid>: the uid of a WAM administrator
-p <admin password>: the password of a WAM administrator
-l <LDIF file>: the path of the LDIF template file
-k <key index>=<key value>: to specify a substitution
-d <debug>: to specify a debug level
-r: to replace multi-valuated attribute values instead of merging them
-i: to ignore existing entries
[root@oracle bin]#
lpfutil
lpfutil
lpfutil: illegal option -- h
*** This command is an internal tool: no external usage ***
Call at installation time to find free port.
Usage: ./lpfutil [options]
options:
-u <utility>: findfreeport or findfreeport1
-p <port>
-d <debug>
./lpfutil -u findfreeport -p 80 -d 3
./lpfutil -u findfreeport1 -p 80 -d 3
lpfivalidatecache
[root@oracle bin]# ./lpfvalidatecache -h
bash: ./lpfvalidatecache: No such file or directory
[root@oracle bin]# ./lpfvalid
bash: ./lpfvalid: No such file or directory
[root@oracle bin]#
[root@oracle bin]# ./lpfinvalidatecache -h
lpfinvalidatecache: illegal option -- h
Select a Users Directory:
1: Built-in User's Directory
2: Infrastructure Directory
3: Built-in Self-Registration Directory
4: Built-in Self-Synchronization Directory
5: WAM Administrators
Choice [1]:1
Primary user id: smith
lpf_InvalidateCachesOnMainServers found 0 errors. It takes 0 seconds
[root@oracle bin]#
lpfsnoop
[root@oracle bin]# ./lpfsnoop -h
Usage: ./lpfsnoop [-p <pid>] [-T <thread id>]
To analyse a dump file
Usage: ./lpfsnoop -s
To show snoop configuration
Usage: ./lpfsnoop -r
To show snoop configuration (formated output)
Usage: ./lpfsnoop -c <server port> -i <IP address>
To configure the Main Apache Server
Usage: ./lpfsnoop -A -i <IP address>
To configure the Admin Server
Usage: ./lpfsnoop -q
To stop this utility
[root@oracle bin]#
lpfSetPassword
[root@oracle bin]# ./lpfSetPassword -h
*** Advanced command for support team ***
To change a secondary password in an account container
or the primary password
Usage: ./lpfSetPassword [<options>] <service name> <account container name> <primary user id> <old password> <new password>
Usage: ./lpfSetPassword -p [<options>] <ldap user id> <old password> <new password>
Possible options are:
-d <debug level>: to set the debug level
[root@oracle bin]#
lpfusersessions
[root@oracle bin]# ./lpfusersessions -h
This program display the list of users that have an opened session.
If a user LDAP uid is specified, it display his session history
Usage: ./lpfusersessions <options>
Where options are:
-d <debug level>: to specify a debug level
-D <directory>: to specify a given User's Directory
-u <user ldap uid>: to specify the LDAP uid of a user
-l <loop number>: to specify a number of loop
-t <tempo>: to specify a temporization between two loops
[root@oracle bin]#
lpfquickstart
[root@oracle bin]# ./lpfquickstart -h
usage: ./lpfquickstart [-h] [-d <level>] [-f]
Possible options are:
-h: to display this help message
-d <debug level>: debug level
-f: force option
-g: to perform a graceful restart
[root@oracle bin]#
build_saml_assertion
[root@oracle bin]# ./build_saml_assertion -h
./build_saml_assertion: error while loading shared libraries: libnsl.so.3: cannot open shared object file: No such file or directory
[root@oracle bin]#
Curl
[root@oracle bin]# curl --help
Usage: curl [options...] <url>
-d, --data <data> HTTP POST data
-f, --fail Fail silently (no output at all) on HTTP errors
-h, --help <category> Get help for commands
-i, --include Include protocol response headers in the output
-o, --output <file> Write to file instead of stdout
-O, --remote-name Write output to a file named as the remote file
-s, --silent Silent mode
-T, --upload-file <file> Transfer local FILE to destination
-u, --user <user:password> Server user and password
-A, --user-agent <name> Send User-Agent <name> to server
-v, --verbose Make the operation more talkative
-V, --version Show version number and quit
This is not the full help, this menu is stripped into categories.
Use "--help category" to get an overview of all categories.
For all options use the manual or "--help all".
[root@oracle bin]#
c_rehash
[root@oracle bin]# ./c_rehash -h
Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]
-old use old-style digest
-h or -help print this help text
-v print files removed and linked
[root@oracle bin]#
curl-config
[root@oracle bin]# ./curl-config --help
Usage: curl-config [OPTION]
Available values for OPTION include:
--built-shared says 'yes' if libcurl was built shared
--ca ca bundle install path
--cc compiler
--cflags pre-processor and compiler flags
--checkfor [version] check for (lib)curl of the specified version
--configure the arguments given to configure when building curl
--features newline separated list of enabled features
--help display this help and exit
--libs library linking information
--prefix curl install prefix
--protocols newline separated list of enabled protocols
--ssl-backends output the SSL backends libcurl was built to support
--static-libs static libcurl library linking information
--version output version information
--vernum output the version information as a number (hexadecimal)
[root@oracle bin]#
LDAP Operation CLI
ldapadd
[root@oracle bin]# ./ldapadd -h
./ldapadd: option requires an argument -- 'h'
ldapadd: unrecognized option -h
Add or modify entries from an LDAP server
usage: ldapadd [options]
The list of desired operations are read from stdin or from the file
specified by "-f file".
Add or modify options:
-a add values (default)
-c continuous operation mode (do not stop on errors)
-E [!]ext=extparam modify extensions (! indicate s criticality)
-f file read operations from `file'
-M enable Manage DSA IT control (-MM to make critical)
-P version protocol version (default: 3)
-S file write skipped modifications to `file'
Common options:
-d level set LDAP debugging level to `level'
-D binddn bind DN
-e [!]<ext>[=<extparam>] general extensions (! indicates criticality)
[!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
[!]authzid=<authzid> (RFC 4370; "dn:<dn>" or "u:<user>")
[!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
one of "chainingPreferred", "chainingRequired",
"referralsPreferred", "referralsRequired"
[!]manageDSAit (RFC 3296)
[!]noop
ppolicy
[!]postread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]preread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]relax
[!]sessiontracking
abandon, cancel, ignore (SIGINT sends abandon/cancel,
or ignores response; if critical, doesn't wait for SIGINT.
not really controls)
-h host LDAP server
-H URI LDAP Uniform Resource Identifier(s)
-I use SASL Interactive mode
-n show what would be done but don't actually do it
-N do not use reverse DNS to canonicalize SASL host name
-O props SASL security properties
-o <opt>[=<optparam>] general options
nettimeout=<timeout> (in seconds, or "none" or "max")
ldif-wrap=<width> (in columns, or "no" for no wrapping)
-p port port on LDAP server
-Q use SASL Quiet mode
-R realm SASL realm
-U authcid SASL authentication identity
-v run in verbose mode (diagnostics to standard output)
-V print version info (-VV only)
-w passwd bind password (for simple authentication)
-W prompt for bind password
-x Simple authentication
-X authzid SASL authorization identity ("dn:<dn>" or "u:<user>")
-y file Read password from file
-Y mech SASL mechanism
-Z Start TLS request (-ZZ to require successful response)
[root@oracle bin]#
ldapcompare
[root@oracle bin]# ./ldapcompare -h
./ldapcompare: option requires an argument -- 'h'
ldapcompare: unrecognized option -h
usage: ldapcompare [options] DN <attr:value|attr::b64value>
where:
DN Distinguished Name
attr assertion attribute
value assertion value
b64value base64 encoding of assertion value
Compare options:
-E [!]<ext>[=<extparam>] compare extensions (! indicates criticality)
!dontUseCopy (Don't Use Copy)
-M enable Manage DSA IT control (-MM to make critical)
-P version protocol version (default: 3)
-z Quiet mode, don't print anything, use return values
Common options:
-d level set LDAP debugging level to `level'
-D binddn bind DN
-e [!]<ext>[=<extparam>] general extensions (! indicates criticality)
[!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
[!]authzid=<authzid> (RFC 4370; "dn:<dn>" or "u:<user>")
[!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
one of "chainingPreferred", "chainingRequired",
"referralsPreferred", "referralsRequired"
[!]manageDSAit (RFC 3296)
[!]noop
ppolicy
[!]postread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]preread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]relax
[!]sessiontracking
abandon, cancel, ignore (SIGINT sends abandon/cancel,
or ignores response; if critical, doesn't wait for SIGINT.
not really controls)
-h host LDAP server
-H URI LDAP Uniform Resource Identifier(s)
-I use SASL Interactive mode
-n show what would be done but don't actually do it
-N do not use reverse DNS to canonicalize SASL host name
-O props SASL security properties
-o <opt>[=<optparam>] general options
nettimeout=<timeout> (in seconds, or "none" or "max")
ldif-wrap=<width> (in columns, or "no" for no wrapping)
-p port port on LDAP server
-Q use SASL Quiet mode
-R realm SASL realm
-U authcid SASL authentication identity
-v run in verbose mode (diagnostics to standard output)
-V print version info (-VV only)
-w passwd bind password (for simple authentication)
-W prompt for bind password
-x Simple authentication
-X authzid SASL authorization identity ("dn:<dn>" or "u:<user>")
-y file Read password from file
-Y mech SASL mechanism
-Z Start TLS reque
ldapdelete
[root@oracle bin]# ./ldapdelete -h
./ldapdelete: option requires an argument -- 'h'
ldapdelete: unrecognized option -h
Delete entries from an LDAP server
usage: ldapdelete [options] [dn]...
dn: list of DNs to delete. If not given, it will be readed from stdin
or from the file specified with "-f file".
Delete Options:
-c continuous operation mode (do not stop on errors)
-f file read operations from `file'
-M enable Manage DSA IT control (-MM to make critical)
-P version protocol version (default: 3)
-r delete recursively
Common options:
-d level set LDAP debugging level to `level'
-D binddn bind DN
-e [!]<ext>[=<extparam>] general extensions (! indicates criticality)
[!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
[!]authzid=<authzid> (RFC 4370; "dn:<dn>" or "u:<user>")
[!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
one of "chainingPreferred", "chainingRequired",
"referralsPreferred", "referralsRequired"
[!]manageDSAit (RFC 3296)
[!]noop
ppolicy
[!]postread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]preread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]relax
[!]sessiontracking
abandon, cancel, ignore (SIGINT sends abandon/cancel,
or ignores response; if critical, doesn't wait for SIGINT.
not really controls)
-h host LDAP server
-H URI LDAP Uniform Resource Identifier(s)
-I use SASL Interactive mode
-n show what would be done but don't actually do it
-N do not use reverse DNS to canonicalize SASL host name
-O props SASL security properties
-o <opt>[=<optparam>] general options
nettimeout=<timeout> (in seconds, or "none" or "max")
ldif-wrap=<width> (in columns, or "no" for no wrapping)
-p port port on LDAP server
-Q use SASL Quiet mode
-R realm SASL realm
-U authcid SASL authentication identity
-v run in verbose mode (diagnostics to standard output)
-V print version info (-VV only)
-w passwd bind password (for simple authentication)
-W prompt for bind password
-x Simple authentication
-X authzid SASL authorization identity ("dn:<dn>" or "u:<user>")
-y file Read password from file
-Y mech SASL mechanism
-Z Start TLS request (-ZZ to require successful response)
[root@oracle bin]#
ldapexop
[root@oracle bin]# ./ldapexop -h
./ldapexop: option requires an argument -- 'h'
ldapexop: unrecognized option -h
Issue LDAP extended operations
usage: ldapexop [options] <oid|oid:data|oid::b64data>
ldapexop [options] whoami
ldapexop [options] cancel <id>
ldapexop [options] refresh <DN> [<ttl>]
Common options:
-d level set LDAP debugging level to `level'
-D binddn bind DN
-e [!]<ext>[=<extparam>] general extensions (! indicates criticality)
[!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
[!]authzid=<authzid> (RFC 4370; "dn:<dn>" or "u:<user>")
[!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
one of "chainingPreferred", "chainingRequired",
"referralsPreferred", "referralsRequired"
[!]manageDSAit (RFC 3296)
[!]noop
ppolicy
[!]postread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]preread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]relax
[!]sessiontracking
abandon, cancel, ignore (SIGINT sends abandon/cancel,
or ignores response; if critical, doesn't wait for SIGINT.
not really controls)
-h host LDAP server
-H URI LDAP Uniform Resource Identifier(s)
-I use SASL Interactive mode
-n show what would be done but don't actually do it
-N do not use reverse DNS to canonicalize SASL host name
-O props SASL security properties
-o <opt>[=<optparam>] general options
nettimeout=<timeout> (in seconds, or "none" or "max")
ldif-wrap=<width> (in columns, or "no" for no wrapping)
-p port port on LDAP server
-Q use SASL Quiet mode
-R realm SASL realm
-U authcid SASL authentication identity
-v run in verbose mode (diagnostics to standard output)
-V print version info (-VV only)
-w passwd bind password (for simple authentication)
-W prompt for bind password
-x Simple authentication
-X authzid SASL authorization identity ("dn:<dn>" or "u:<user>")
-y file Read password from file
-Y mech SASL mechanism
-Z Start TLS request (-ZZ to require successful response)
[root@oracle bin]#
ldapmodify
[root@oracle bin]# ./ldapmodify -h
./ldapmodify: option requires an argument -- 'h'
ldapmodify: unrecognized option -h
Add or modify entries from an LDAP server
usage: ldapmodify [options]
The list of desired operations are read from stdin or from the file
specified by "-f file".
Add or modify options:
-a add values (default is to replace)
-c continuous operation mode (do not stop on errors)
-E [!]ext=extparam modify extensions (! indicate s criticality)
-f file read operations from `file'
-M enable Manage DSA IT control (-MM to make critical)
-P version protocol version (default: 3)
-S file write skipped modifications to `file'
Common options:
-d level set LDAP debugging level to `level'
-D binddn bind DN
-e [!]<ext>[=<extparam>] general extensions (! indicates criticality)
[!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
[!]authzid=<authzid> (RFC 4370; "dn:<dn>" or "u:<user>")
[!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
one of "chainingPreferred", "chainingRequired",
"referralsPreferred", "referralsRequired"
[!]manageDSAit (RFC 3296)
[!]noop
ppolicy
[!]postread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]preread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]relax
[!]sessiontracking
abandon, cancel, ignore (SIGINT sends abandon/cancel,
or ignores response; if critical, doesn't wait for SIGINT.
not really controls)
-h host LDAP server
-H URI LDAP Uniform Resource Identifier(s)
-I use SASL Interactive mode
-n show what would be done but don't actually do it
-N do not use reverse DNS to canonicalize SASL host name
-O props SASL security properties
-o <opt>[=<optparam>] general options
nettimeout=<timeout> (in seconds, or "none" or "max")
ldif-wrap=<width> (in columns, or "no" for no wrapping)
-p port port on LDAP server
-Q use SASL Quiet mode
-R realm SASL realm
-U authcid SASL authentication identity
-v run in verbose mode (diagnostics to standard output)
-V print version info (-VV only)
-w passwd bind password (for simple authentication)
-W prompt for bind password
-x Simple authentication
-X authzid SASL authorization identity ("dn:<dn>" or "u:<user>")
-y file Read password from file
-Y mech SASL mechanism
ldapmodrdn
[root@oracle bin]# ./ldapmodrdn -h
./ldapmodrdn: option requires an argument -- 'h'
ldapmodrdn: unrecognized option -h
Rename LDAP entries
usage: ldapmodrdn [options] [dn rdn]
dn rdn: If given, rdn will replace the RDN of the entry specified by DN
If not given, the list of modifications is read from stdin or
from the file specified by "-f file" (see man page).
Rename options:
-c continuous operation mode (do not stop on errors)
-f file read operations from `file'
-M enable Manage DSA IT control (-MM to make critical)
-P version protocol version (default: 3)
-r remove old RDN
-s newsup new superior entry
Common options:
-d level set LDAP debugging level to `level'
-D binddn bind DN
-e [!]<ext>[=<extparam>] general extensions (! indicates criticality)
[!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
[!]authzid=<authzid> (RFC 4370; "dn:<dn>" or "u:<user>")
[!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
one of "chainingPreferred", "chainingRequired",
"referralsPreferred", "referralsRequired"
[!]manageDSAit (RFC 3296)
[!]noop
ppolicy
[!]postread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]preread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]relax
[!]sessiontracking
abandon, cancel, ignore (SIGINT sends abandon/cancel,
or ignores response; if critical, doesn't wait for SIGINT.
not really controls)
-h host LDAP server
-H URI LDAP Uniform Resource Identifier(s)
-I use SASL Interactive mode
-n show what would be done but don't actually do it
-N do not use reverse DNS to canonicalize SASL host name
-O props SASL security properties
-o <opt>[=<optparam>] general options
nettimeout=<timeout> (in seconds, or "none" or "max")
ldif-wrap=<width> (in columns, or "no" for no wrapping)
-p port port on LDAP server
-Q use SASL Quiet mode
-R realm SASL realm
-U authcid SASL authentication identity
-v run in verbose mode (diagnostics to standard output)
-V print version info (-VV only)
-w passwd bind password (for simple authentication)
-W prompt for bind password
-x Simple authentication
-X authzid SASL authorization identity ("dn:<dn>" or "u:<user>")
-y file Read password from file
-Y mech SASL mechanism
-Z Start TLS request (-ZZ to require success
ldappasswd
[root@oracle bin]# ./ldappasswd -h
./ldappasswd: option requires an argument -- 'h'
ldappasswd: unrecognized option -h
Change password of an LDAP user
usage: ldappasswd [options] [user]
user: the authentication identity, commonly a DN
Password change options:
-a secret old password
-A prompt for old password
-t file read file for old password
-s secret new password
-S prompt for new password
-T file read file for new password
Common options:
-d level set LDAP debugging level to `level'
-D binddn bind DN
-e [!]<ext>[=<extparam>] general extensions (! indicates criticality)
[!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
[!]authzid=<authzid> (RFC 4370; "dn:<dn>" or "u:<user>")
[!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
one of "chainingPreferred", "chainingRequired",
"referralsPreferred", "referralsRequired"
[!]manageDSAit (RFC 3296)
[!]noop
ppolicy
[!]postread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]preread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]relax
[!]sessiontracking
abandon, cancel, ignore (SIGINT sends abandon/cancel,
or ignores response; if critical, doesn't wait for SIGINT.
not really controls)
-h host LDAP server
-H URI LDAP Uniform Resource Identifier(s)
-I use SASL Interactive mode
-n show what would be done but don't actually do it
-N do not use reverse DNS to canonicalize SASL host name
-O props SASL security properties
-o <opt>[=<optparam>] general options
nettimeout=<timeout> (in seconds, or "none" or "max")
ldif-wrap=<width> (in columns, or "no" for no wrapping)
-p port port on LDAP server
-Q use SASL Quiet mode
-R realm SASL realm
-U authcid SASL authentication identity
-v run in verbose mode (diagnostics to standard output)
-V print version info (-VV only)
-w passwd bind password (for simple authentication)
-W prompt for bind password
-x Simple authentication
-X authzid SASL authorization identity ("dn:<dn>" or "u:<user>")
-y file Read password from file
-Y mech SASL mechanism
-Z Start TLS request (-ZZ to require successful response)
[root@oracle bin]#
ldapsearch
[root@oracle bin]# ./ldapsearch -h
./ldapsearch: option requires an argument -- 'h'
ldapsearch: unrecognized option -h
usage: ldapsearch [options] [filter [attributes...]]
where:
filter RFC 4515 compliant LDAP search filter
attributes whitespace-separated list of attribute descriptions
which may include:
1.1 no attributes
* all user attributes
+ all operational attributes
Search options:
-a deref one of never (default), always, search, or find
-A retrieve attribute names only (no values)
-b basedn base dn for search
-c continuous operation mode (do not stop on errors)
-E [!]<ext>[=<extparam>] search extensions (! indicates criticality)
[!]domainScope (domain scope)
!dontUseCopy (Don't Use Copy)
[!]mv=<filter> (RFC 3876 matched values filter)
[!]pr=<size>[/prompt|noprompt] (RFC 2696 paged results/prompt)
[!]sss=[-]<attr[:OID]>[/[-]<attr[:OID]>...]
(RFC 2891 server side sorting)
[!]subentries[=true|false] (RFC 3672 subentries)
[!]sync=ro[/<cookie>] (RFC 4533 LDAP Sync refreshOnly)
rp[/<cookie>][/<slimit>] (refreshAndPersist)
[!]vlv=<before>/<after>(/<offset>/<count>|:<value>)
(ldapv3-vlv-09 virtual list views)
[!]deref=derefAttr:attr[,...][;derefAttr:attr[,...][;...]]
[!]<oid>[=:<b64value>] (generic control; no response handling)
-f file read operations from `file'
-F prefix URL prefix for files (default: file:///tmp/)
-l limit time limit (in seconds, or "none" or "max") for search
-L print responses in LDIFv1 format
-LL print responses in LDIF format without comments
-LLL print responses in LDIF format without comments
and version
-M enable Manage DSA IT control (-MM to make critical)
-P version protocol version (default: 3)
-s scope one of base, one, sub or children (search scope)
-S attr sort the results by attribute `attr'
-t write binary values to files in temporary directory
-tt write all values to files in temporary directory
-T path write files to directory specified by path (default: /tmp)
-u include User Friendly entry names in the output
-z limit size limit (in entries, or "none" or "max") for search
Common options:
-d level set LDAP debugging level to `level'
-D binddn bind DN
-e [!]<ext>[=<extparam>] general extensions (! indicates criticality)
[!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
[!]authzid=<authzid> (RFC 4370; "dn:<dn>" or "u:<user>")
[!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
one of "chainingPreferred", "chainingRequired",
"referralsPreferred", "referralsRequired"
[!]manageDSAit (RFC 3296)
[!]noop
ppolicy
[!]postread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]preread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]relax
[!]sessiontracking
abandon, cancel, ignore (SIGINT sends abandon/cancel,
or ignores response; if critical, doesn't wait for SIGINT.
not really controls)
-h host LDAP server
-H URI LDAP Uniform Resource Identifier(s)
-I use SASL Interactive mode
-n show what would be done but don't actually do it
-N do not use reverse DNS to canonicalize SASL host name
-O props SASL security properties
-o <opt>[=<optparam>] general options
nettimeout=<timeout> (in seconds, or "none" or "max")
ldif-wrap=<width> (in columns, or "no" for no wrapping)
-p port port on LDAP server
-Q use SASL Quiet mode
-R realm SASL realm
-U authcid SASL authentication identity
-v run in verbose mode (diagnostics to standard output)
-V print version info (-VV only)
-w passwd bind password (for simple authentication)
-W prompt for bind password
-x Simple authentication
-X authzid SASL authorization identity ("dn:<dn>" or "u:<user>")
-y file Read password from file
-Y mech SASL mechanism
-Z Start TLS request (-ZZ to require successful response)
[root@oracle bin]#
ldapurl
[root@oracle bin]# ./ldapurl -h
./ldapurl: option requires an argument -- 'h'
usage: ldapurl [options]
generates RFC 4516 LDAP URL with extensions
URL options:
-a attrs comma separated list of attributes
-b base (RFC 4514 LDAP DN)
-E ext (format: "ext=value"; multiple occurrences allowed)
-f filter (RFC 4515 LDAP filter)
-h host
-p port (default: 389 for ldap, 636 for ldaps)
-s scope (RFC 4511 searchScope and extensions)
-S scheme (RFC 4516 LDAP URL scheme and extensions)
[root@oracle bin]#
ldapwhoami
[root@oracle bin]# ./ldapwhoami -h
./ldapwhoami: option requires an argument -- 'h'
ldapwhoami: unrecognized option -h
Issue LDAP Who am I? operation to request user's authzid
usage: ldapwhoami [options]
Common options:
-d level set LDAP debugging level to `level'
-D binddn bind DN
-e [!]<ext>[=<extparam>] general extensions (! indicates criticality)
[!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
[!]authzid=<authzid> (RFC 4370; "dn:<dn>" or "u:<user>")
[!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
one of "chainingPreferred", "chainingRequired",
"referralsPreferred", "referralsRequired"
[!]manageDSAit (RFC 3296)
[!]noop
ppolicy
[!]postread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]preread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]relax
[!]sessiontracking
abandon, cancel, ignore (SIGINT sends abandon/cancel,
or ignores response; if critical, doesn't wait for SIGINT.
not really controls)
-h host LDAP server
-H URI LDAP Uniform Resource Identifier(s)
-I use SASL Interactive mode
-n show what would be done but don't actually do it
-N do not use reverse DNS to canonicalize SASL host name
-O props SASL security properties
-o <opt>[=<optparam>] general options
nettimeout=<timeout> (in seconds, or "none" or "max")
ldif-wrap=<width> (in columns, or "no" for no wrapping)
-p port port on LDAP server
-Q use SASL Quiet mode
-R realm SASL realm
-U authcid SASL authentication identity
-v run in verbose mode (diagnostics to standard output)
-V print version info (-VV only)
-w passwd bind password (for simple authentication)
-W prompt for bind password
-x Simple authentication
-X authzid SASL authorization identity ("dn:<dn>" or "u:<user>")
-y file Read password from file
-Y mech SASL mechanism
-Z Start TLS request (-ZZ to require successful response)
[root@oracle bin]#
WAM Advanced CLI
lpfauditdb
[root@oracle bin]# ./lpfauditdb -h
This command can lock the audit database for a long time and block the other processes reading or writing to that database.
Run the 'lpfstop' command before launching the 'lpfauditdb' command.
Usage: ./lpfauditdb -u <utility> -f <audit database path>
Where utility is:
compact: to compact the audit database file
check: to check the audit database file
createindexondate: to create an index on the 'DateTime' column
dropindexondate: to remove the previous index
[root@oracle bin]#
lpfcertificate
[root@oracle bin]# ./lpfcertificate -h
Usage: ./lpfcertificate <action> [<common name>] [-key <key name>] [<Options>]*
Action:
-genkey: to generate a key pair (public and private key).
-gencertreq: to generate a certificate request using OpenSSL.
-gencert: to generate a temporary certificate using OpenSSL.
-import: to import a certificate database from the WAM Directory to the disk.
-export: to export a certificate database from the disk to the WAM Directory.
-list_local: to list all local defined keys.
-list: to list all keys.
-updpasswd: to update the password used to protect the local certificate database.
-infocertreq: to have information about the certificate request of a given key.
-infocert: to have information about the certificate of a given key.
-matchcert: to match a certificate to a key.
-delkey: to remove an existing key.
-setuppxpca: to setup the Built-in Certificate Authority on the master Admin Server.
-pxpopenldap: to configure a local WAM OpenLDAP Directory to be used with LDAPS.
-wgssoi: to configure E-SSO Interface to be used with LDAPS.
-importkey: to create a WAM key with a external key pair.
-pkcs12: to generate the PKCS 12 file for a given WAM key.
-importpkcs12: to import the WAM key and certificate from a PKCS 12 file .
-pxpadam: to generate files to be able to configure a WAM ADAM/AD LDS Directory in LDAPS.
-renewcacert: to renew the certificate of the Built-in CA
-usercert: to generate a user's certificate
-dhparam: to generate the Diffie Hellman parameter
-setupocsp: to setup the OCSP server associated with the Built-in CA
-startocsp: to start the OCSP server associated with the Built-in CA
<common name>: common name found in the certificate.
For an SSL Server certificate, it is a host name
Mandatory for all actions except -genkey, -list, -updpasswd, -matchcert, -importkey
<key name>: common name of the key in the WAM Directory.
Mandatory for -genkey, -gencertreq, -gencert, -import, -export, -infocertreq, -infocert, -importkey
Options:
-h: to display the current usage
-n <display name>: the display name of the key to be created for -genkey and -importkey
-f <file name> : the input file name for -gencertreq and -matchcert
or the output file name for -infocertreq or -infocert
(if no file is given for these two actions, output is stdout.)
-p <password>: the password used to protect the certificate databases is stored in lpf.conf file. This option overrides this value.
-l <key length>: the length of the private key to be created for -genkey
-D <description>: the description of the key to be created for -genkey and -importkey
-d <trace level>: to activate and set the trace level (possible values are: 1, 2, 3)
-sslserver: to generate a certificate request for a SSL Server
Used with the -gencertreq action
-objectsigning: to generate a certificate request for object Signing
Used with the -gencertreq action
-c: used with the -list action to retrieve the association between the common name and the display name of all WAM keys
-O <WAM OpenLDAP installation directory>: used with the -pxpopenldap
action to specify the local WAM OpenLDAP installation directory
-F [Unix|Windows]: used with the -pxpopenldap action to generate the key
configuration for the WAM OpenLDAP to a file
- Unix: the WAM OpenLDAP directory runs on a Unix platform
- Windows: the WAM OpenLDAP directory runs on a Windows platform
-s <ldaps port>: used with the -pxpopenldap and -wgssoi action to specify a LDAPS port
-v <validity duration>: the validity duration, in days, of the Built-in CA.
Used with the -setuppxpca and -renewcacert actions
[root@oracle bin]#
lpfCheckRadiusUser
[root@oracle bin]# ./lpfCheckRadiusUser -h
*** Advanced command for support team ***
Usage: ./lpfCheckRadiusUser [<options>] <portal name> <radius server name> [<login> <password>]+
Note that the "portal name" parameter is no more used
Possible options are:
-d <debug level>: debug level
-s <LDAP attribute name>: to specify a not binary attribute name in the user object class
-b <LDAP attribute name>: to specify a binary attribute name in the user object class
-l <loop nb>: number of loop
[root@oracle bin]#
lpfdecodelog
[root@oracle bin]# ./lpfdecodelog -h
Usage: lpfdecodelog <log path>
[root@oracle bin]#
lpfgateway
[root@oracle bin]# ./lpfgateway -h
Usage: ./lpfgateway -start [<gatewayName>] [-p <port>] [-d <trace level>] [-w <password>] [-a]
To start a Security Gateway or a Browsing Administration Assistant
or all Security Gateways and Browsing Administration Assistants
if no portal name is given
Usage: ./lpfgateway -stop [<gatewayName>] [-d <trace level>] [-a]
To stop a Security Gateway or a Browsing Administration Assistant
or all Security Gateways and Browsing Administration Assistants
if no portal name is given
Usage: ./lpfgateway -restart [<gatewayName>] [-p port] [-d <trace level>] [-w <password>] [-a]
To restart a Security Gateway or a Browsing Administration Assistant
or all Security Gateways and Browsing Administration Assistants
if no portal name is given
Usage: ./lpfgateway -status <gatewayName> [-d <trace level>] [-a]
To have the status of a Security Gateway or
a Browsing Administration Assistant
Usage: ./lpfgateway -status [-d <trace level>] [-a]
To have the status of all Security Gateways
or all Browsing Administration Assistants
Usage: ./lpfgateway -create <gatewayName> [-p <port>] [-d <trace level>] [-a]
To create a Security Gateway or a Browsing Administration Assistant
Usage: ./lpfgateway -delete <gatewayName> [-d <trace level>] [-a]
To delete a Security Gateway or a Browsing Administration Assistant
Usage: ./lpfgateway -showconf <gatewayName> [-d <trace level>]
To show the configuration of a portal
Usage: ./lpfgateway -list_local [-d <trace level>] [-v]
To have the list of installed Security Gateways
and Browsing Administration Assistants
Usage: ./lpfgateway -list [-d <trace level>] [-v]
To have the list of portals defined in the WAM Directory
Usage: ./lpfgateway -running [-d <trace level>]
To have the list of running Security Gateways
and Browsing Administration Assistants
Usage: ./lpfgateway -processes [<gatewayName>] [-a]
To survey processes for a given Security Gateway or a Browsing Administration Assistant
Usage: ./lpfgateway -check_deployed [-d <trace level>] [-v]
To check the list of installed Security Gateways
and Browsing Administration Assistants
Usage: ./lpfgateway -chk_web_agent_grp <gatewayName> [-d <trace level>]
To check the configuration for a group of Web Agents
Usage: ./lpfgateway -mobilesdk <gatewayName> [-d <trace level>]
To generate the configuration for Mobile SDK applications
Where options are:
-p <port>: override a port defined in the WAM Directory
-d <trace level>: select the trace level
-w <password>: override the password used to decrypt certificate database
-a: to select Browsing Administration Assistants instead of Security Gateways
-v: verbose option
-s <scope>: the scope of the command (no scope means all portals and Web Agents)
Possible values:
portal: the command apply only to portals
webagent: the command apply only to Web Agents
local_wa: the command apply only to local Web Agents
remote_wa: the command apply only to remote Web Agents
[root@oracle bin]#
# To start a Security Gateway
# or a Browsing Administration Assistant
# or all Security Gateways and Browsing Administration Assistants
# if no portal name is given
./lpfgateway -start [<gatewayName>]
# To stop a Security Gateway or a Browsing Administration Assistant
# or all Security Gateways and Browsing Administration Assistants
# if no portal name is given
./lpfgateway -stop [<gatewayName>]
# To restart a Security Gateway or a Browsing Administration Assistant
# or all Security Gateways and Browsing Administration Assistants
# if no portal name is given
./lpfgateway -restart [<gatewayName>]
# To have the status of a Security Gateway
# or a Browsing Administration Assistant
./lpfgateway -status [<gatewayName>]
# To Create / Deploy a Security Gateway or a Browsing Administration Assistant
# or all Security Gateways and Browsing Administration Assistants
# if no portal name is given
./lpfgateway -create <gatewayName> [-p <port>]
# To delete / Undeploy a Security Gateway
# or a Browsing Administration Assistant
./lpfgateway -delete <gatewayName>
# To show the configuration of a portal
./lpfgateway -showconf <gatewayName>
# To have the list of installed Security Gateways
# and Browsing Administration Assistants
./lpfgateway -list_local
# To have the list of installed Security Gateways
./lpfgateway -list_local
# To show the configuration of a portal
/lpfgateway -showconf <gatewayName>
# To have the list of portals defined in the WAM Directory
./lpfgateway -list
# To have the list of running Security Gateways
./lpfgateway -running -v
# To survey processes for a given Security Gateway
# or a Browsing Administration Assistant
./lpfgateway -processes [<gatewayName>]
# To check the list of installed Security Gateways
# And Browsing Administration Assistants
./lpfgateway -processes [<gatewayName>]
# To check the configuration for a group of Web Agents
./lpfgateway -chk_web_agent_grp <gatewayName>
# To generate the configuration for Mobile SDK applications
./lpfgateway -mobilesdk <gatewayName>
The options are:
-p <port>: override a port defined in the WAM Directory
-d <trace level>: select the trace level
-w <password>: override the password used to decrypt certificate database
-a: to select Browsing Administration Assistants instead of Security Gateways
-v: verbose option
-s <scope>: the scope of the command (no scope means all portals and Web Agents)
Possible values:
portal: the command apply only to portals
webagent: the command apply only to Web Agents
local_wa: the command apply only to local Web Agents
remote_wa: the command apply only to remote Web Agents
Browsing Administration Assistant Port - 9170
lpfgenkey
[root@oracle bin]# ./lpfGenKey -h
Usage : lpfGenKey
To generate WAM Cookie Key.
With no attribut, this command is used by WAM to generate the Customer Cipher Key (LCCK) at installation time.
Usage : lpfGenKey -cookiekey -gateway <gatewayName>
With 'cookiekey' and 'gateway' options, this command generate the cookie key for a gateway
Usage : lpfGenKey -cookiekey -authsrv
With 'cookiekey' and 'auth' options, this command generate the cookie key for an Authentication Server
[root@oracle bin]#
lpfGetAllowedServices
[root@oracle bin]# ./lpfGetAllowedServices -h
*** Advanced command for support team ***
To get allowed services for a given user list on the given portal.
Usage: ./lpfGetAllowedServices [<options>] <portalName> [<user id list>]
Possible options are:
-l <loop number>: number of loop done in each process
-p <process number>: number of processes in the pool
-T <thread number>: number of threads in child processes
-t <temporisation>: temporisation done in child processes before looping
-d <debug level>: debug level
-s: use the simple synchronous search request
-L: list of local Web Agents to take into account
-R: list of remote Web Agents to take into account
-S: build the list of services that require secondary SSO data
-O: build the list of services for the logout page
-D: to activate specific debug for the list of services
[root@oracle bin]#
lpfgetcrl
[root@oracle bin]# ./lpfgetcrl -h
Usage: ./lpfgetcrl [-auto] [-clean] [-force] [-proxy <host:port>] [-d <level>]
Options:
-auto: switch to automatic mode
-clean: clean CRL deposit
-force: force CRL to be downloaded
-proxy <host:port>: HTTP proxy to be used
-nosig: do not verify CRL signature
-d <level>: debug level
[root@oracle bin]#
lpfGetGroups
[root@oracle bin]# ./lpfGetGroups -h
*** Advanced command for support team ***
To get the groups which include the given user list.
Usage: ./lpfGetGroups [<options>] [<user id list>]
Possible options are:
-l <loop number>: number of loop done in each process
-p <process number>: number of processes in the pool
-T <thread number>: number of threads in child processes
-t <temporisation>: temporisation done in child processes before looping
-d <debug level>: debug level
[root@oracle bin]#
lpfgetpass
[root@oracle bin]# ./lpfgetpass --help
[root@oracle bin]#
lpfldaputil
[root@oracle bin]# ./lpfldaputil -h
lpfldaputil: option requires an argument -- h
-u utility required
*** Advanced command for support team ***
Usage: ./lpfldaputil -u <utility> [-d <debug level>] [-I <time limit>] <other options>
Where utility is:
getpxpdir: to retrieve information about the WAM Directory
setpxpdir: to update information about the WAM Directory
getclientdirectory: to retrieve information about the Users
Directory of the default Multi Directory
listusersdir: to list defined Users Directory
setusersdir: to create or update a Users Directory
setuseddir: to create or update the default Multi Directory
updateschema: update the WAM Directory schema
deleteschema: remove extensions in the WAM Directory schema
getschemaversion: retrieve the version of the schema for the
WAM Directory
populate: add objects in the WAM or Users Directory
unpopulate: remove objects added with the populate
utility
recordadminserver: create an Admin Server object in the
WAM Directory
getadminserver: retrieve the Admin Server object in the
WAM Directory
checkdirectory: retrieve the status of the WAM and all Users Directories
setadminuser: to create a WAM administrator or to check its password
updadminpasswd: to update an administrator password
setsamluser: to create a user in the Infrastructure Directory
or to check its password
updsamlpasswd: to update the password of a user in the Infrastructure Directory
setupsaml: to setup the Infrastructure Directory
export: to backup a Directory
getrttlogconfig: to get Rotation log configuration
authservconf: to generate the Authentication Server configuration file
updciphers: to update the list of OpenSSL supported ciphers
in the WAM Directory
updcacert: to register default Certificate Authorities
in the WAM Directory
createca: to register a new Certificate Authority
in the WAM Directory
s_client: to check the SSL communication with a Web Server, using
the command: openssl s_client ...
getstartbaaconfig: to know if the BAA must start with the gateway or not
checkbackup: To check the coherency of a backup of a WAM Directory
ldapsconfig: To configure protocol used to connect to Users Directories
updquestions: to register the default questions panel if necessary
recordauthserv: Register the built-in Authentication Server
in the WAM Directory
cleanconf: Perform some clean in the WAM Directory
endinstall: Update the installation status in lpf.conf
setwgssoi: to setup the E-SSO Interface
startwgssoi: to start the E-SSO Interface if necessary
stopwgssoi: to stop the E-SSO Interface if necessary
setbackupdirs: to register backup directories for a Users Directory
initsamldomains: create PAB structure for SAML domains
cleansamlpabs: clean PAB structure for SAML domains
dumppab: dump the Primary Account Base of a User's Directory
accountowner: check the owner of accounts for users in a User's Directory
licensecounters: to update license counters
disablelowciphers: to disable low ciphers on all Apache servers
checkcertauth: to perform some check on declared certificate authorities
checkpabs: to check or create all Primary Account Base
ldiftmpl: to register LDIF template to the WAM Directory
mailalert: to alert users by mail that their primary password will expire soon
dailytasks: perform daily tasks
cleantokens: to remove tokens that are older than <n> days
initqrentry: to register objects for QRentry registration
setupbuiltindirs: to register some built-in directories in the WAM Directory
loopforuser: retrieve periodically some information about a user
loopfortokens: retrieve periodically the list of tokens
adminroles: to register objectcs for administrator roles in the GUI
initcertdir: create PAB structure for certificate authorities
cleancertdir: clean PAB structure for certificate authorities
initsocialdir: create PAB structure for Social Auth Servers
cleansocialdir: clean PAB structure for Social Auth Servers
defaultmpmconf: restore default Apache MPM configuration
-d: debug option (values: 1, 2 or 3)
-I: for specifying a dedicated LdapTimeLimit different from lpf.conf, for connections to WAM Directory
The other options are used only for some utilities:
-o <format>: output format for these utilities
getpxpdir, getclientdirectory
(values: colon or url, url by default)
-i: enable the interactive mode for these utilities:
setpxpdir, setusersdir,
setuseddir, recordadminserver
setadminuser, setsamluser
-l: for the checkdirectory utility, to limit the LDAP directory check
to the WAM one.
-l: for the export utility, do not export Primary Account Base
-l: for the populate utility, do not take into account objects that already exists
-l: for the licensecounters utility, just display the license counters, do not update them
-c: to use the Users directory in the default Multi Directory
instead of the WAM Directory.
Available for the populate, unpopulate and export utilities
-V <schema version>: schema version for these utilities:
updateschema, deleteschema,
populate, unpopulate, initpopulate
Optionnal for getschemaversion
-F <file name>: to populate or un-populate a directory with a given file name.
Optionnal for populate and unpopulate
Or to specify an output file for the updateschema option
-C <formatted data>: configuration in colon required for:
setpxpdir: [host|*:port|*:protocol|*:bindDN|*:bindPassword|*:vendor|*]
setusersdir: [host|*:LDAP port|*:LDAPS port|*:bindDN|*:bindPassword|*:baseDN|*:name:vendor|*]
Vendor strings for a WAM Directory: iplanet, SUN One, openldap, fedora, RedHat, 389 DS, ADAM/AD LDS, Oracle Unified Directory, DirX, Oracle Directory Server, OpenDJ
Vendor strings for a Users Directory: iplanet, SUN One, openldap, fedora, RedHat, 389 DS, ADAM/AD LDS, Oracle Unified Directory, DirX, Oracle Directory Server, OpenDJ, active, domino, Access Master SIB, novell, others
setuseddir: [directory name:GUI protocol|*]
recordadminserver: [host|*:port|*:protocol|*:user|*:userPassword|*:description|*]
setadminuser: [user|*:userPassword|*]
updadminpasswd: [user:oldPassword:newPassword]
setsamluser: [user|*:userPassword|*]
-P <portal name>: to specify a portal name for the populate, unpopulate and getstartbaaconfig options
-t <portal port>: to specify a portal port for the populate and unpopulate options
-h <host name>: to specify a host for the getadminserver options
-m: to active the data migration feature for the option populate
-b: to set the base DN of the 'export' option
-a: to have a detailled output of the 'listusersdir' option
-r: to replace multi-valuated attribute values instead of merging them for the populate option
-s <previous version>: to specify the previous shema version
This option should only be used in a development
sandboxe with the updateschema option
-e <port|url>: to specify the port or url to be used with
the 's_client' utility. May have one of the following form:
- NULL or empty: use the LDAPS port found in lpf.conf
- <port>: to specify the ldaps port of the PXP directory
- <host>:<port>: to specify a remote ldaps server
- <ldaps|https>://<host>:<port>: full URL of a SSL web server
-y <trusted string>: used with the 'createca' option to specify if
the certificate authority is trusted for client
authentication (client), for HTTP servers (http),
for LDAP servers (ldap), for object signing (object).
The special keyword 'all' specify that the certificate
authority is trusted for every things
-k <key name>: name of the key to use to configure client authentication with certificate for the 's_client' option
-T <thread number>: the number of thread used for the 'checkpabs' option
-D <day number>: the number of days for the 'cleantokens' option
-D <loop number>: the number of loop for 'loopforuser' and 'loopfortokens' options
-g: for the 'export' utility, ignore authentication tokens
-g: for the 'populate' utility, expired tokens are populated to the WAM Directory
[root@oracle bin]#
lpfLdifProcessing
[root@oracle bin]# ./lpfLdifProcessing -h
lpfMigKey
[root@oracle bin]# ./lpfMigKey -h
Please contact the Evidian support to retrieve a working version of this binary
[root@oracle bin]#
lpfSetRadiusUid
[root@oracle bin]# ./lpfSetRadiusUid -h
*** Advanced command for support team ***
To change a Radius Uid in the Primary Account Base
Usage: ./lpfSetRadiusUid [<options>] <user id> <Radius Server CN> <Radius uid>
Possible options are:
-d <debug level>: to set the debug level
[root@oracle bin]#
lpfsetuputil
[root@oracle bin]# ./lpfsetuputil -h
lpfsetuputil: illegal option -- h
-u utility required
*** Advanced command for support team ***
Usage: ./lpfsetuputil -u <utility> [-d <debug level>] [-U <admin uid>] [-P <admin password>] <other options>
Where utility is:
verify: to verify a WAM installation
snapshot: to perform a snapshot of WAM
checkbuiltinca: to check if the Built-in CA need to be deployed
builtinca: to create the Built-in CA and generate keys for HTTPS purpose
rollback: to rollback a WAM installation
rmservers: to remove all servers
remove: to remove a WAM installation
confall: to configure all components
ldapconf: to configure the LDAP component
guiconf: to configure the GUI component
ap2conf: to configure the AP2 component
sgconf: to configure the SG component
authsrvconf: to configure Authentication Servers
euaconf: to configure the EUA component
splconf: to configure the SPL (Tutorials) component
apiconf: to configure the API (Tomcat + JSP) component
wgssoiconf: to configure the E-SSO Interface component
createportal: to create or deploy portals at the
end of the installation
endinstall: to perform other operations done at the
end of the installation
Options:
-d: debug option (values: 1, 2 or 3)
-U <uid>: LDAP uid of a WAM administrator
-P <password>: LDAP password of a WAM administrator
The other options are used only for some utilities:
-H <host name>: a host name
-p <port>: a port
-t <port>: another port, when it is necessary
-f: batch mode
-F <LDIF file path>: LDIF file for remote migration
and the confall utility
-F <conf file path>: path of the configuration file to create the
Built-in CA in batch mode for the builtinca utility
-D <directory path>: to specify a temporary directory
for the snapshot utility
-D <directory path>: to specify a previous installation
directory for local migration and the confall utility
-c: to customize options of the snapshot utility
-m <max log index>: to specify the max log index to archive
with the snapshot utility
-T <thread number>: to specify the number of threads for LDAP
-s <LDAPS port>: to switch from a LDAP to LDAPS WAM Directory
-l <delay>: deferred operation
Example: -l 30: the operation will start in 30 seconds
Example: -l 15m: the operation will start in 15 minutes
Example: -l 2h: the operation will start in 2 hours
-S: to stop WAM before processing the operation
[root@oracle bin]#
lpfwebserver
[root@oracle bin]# ./lpfwebserver -h
*** Advanced command for support team ***
Usage: ./lpfwebserver -u <utility> -t <component> [-n <Authentication Server name>] [-d <debug level>] [-s <protocol>] [-H <host name>] [-p <port>] [-v]
Where utility is:
start: to start the Web Server
stop: to stop the Web Server
restart: to restart the Web Server
status: to retrieve the Web Server status
setup: to create the Web Server
delete: to delete the Web Server
url: to retrieve the Web Server URL
Where component is:
eua: the Web Server for the End User Administration
jsp: the Web Server for JSP
spl: the Web Server for tutorials
authsrv: the WAM Authentication Server
main: the main Apache server
Additionnal utilities for the WAM Authentication Server:
showconf: display the Authentication Policy configuration
list: to have the list of the Authentication Servers
defined in the WAM Directory
list_local: to have the list of installed
Authentication Servers
[root@oracle bin]#
openssl
[root@oracle bin]# openssl --help
help:
Standard commands
asn1parse ca ciphers cmp
cms crl crl2pkcs7 dgst
dhparam dsa dsaparam ec
ecparam enc engine errstr
fipsinstall gendsa genpkey genrsa
help info kdf list
mac nseq ocsp passwd
pkcs12 pkcs7 pkcs8 pkey
pkeyparam pkeyutl prime rand
rehash req rsa rsautl
s_client s_server s_time sess_id
smime speed spkac srp
storeutl ts verify version
x509
Message Digest commands (see the `dgst' command for more details)
blake2b512 blake2s256 md2 md4
md5 rmd160 sha1 sha224
sha256 sha3-224 sha3-256 sha3-384
sha3-512 sha384 sha512 sha512-224
sha512-256 shake128 shake256 sm3
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb
aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb
aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1
aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb
aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8
aria-256-ctr aria-256-ecb aria-256-ofb base64
bf bf-cbc bf-cfb bf-ecb
bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc
camellia-192-ecb camellia-256-cbc camellia-256-ecb cast
cast-cbc cast5-cbc cast5-cfb cast5-ecb
cast5-ofb des des-cbc des-cfb
des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb
des-ede3-ofb des-ofb des3 desx
idea idea-cbc idea-cfb idea-ecb
idea-ofb rc2 rc2-40-cbc rc2-64-cbc
rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40 rc5 rc5-cbc
rc5-cfb rc5-ecb rc5-ofb seed
seed-cbc seed-cfb seed-ecb seed-ofb
zlib
[root@oracle bin]#
lpfrcmd
[root@oracle bin]# ./lpfrcmd
Sanity check failed -1
[root@oracle bin]#
chmod 4750 lpfrcmd
to set the bit
Then
chown root:lpfadmin lpfrcmd
to set the correct owner
Restart the WAM
./lpfrestart