esfadmin Command Syntax

Restriction: This topic applies only when the Enterprise Server feature is enabled.

Syntax:

esfadmin [options] subcmd [keyword=value | keyword]...

Used to update the security definitions in active External Security Managers. It calls the Enterprise Server External Security Facility (ESF) to submit requests.

Parameters:

The options are:

-a
Do not audit. By default, esfadmin sends audit information for each request to the ESF Audit Facility.
-cconfig file
Specifies the name of a configuration file for the ESM Module. This is a text file, in the same format as the Configuration Information field in the Security Manager definition.

Usage: esfadmin -cldap-config.txt where ldap-config.txt contains: 

[LDAP] 
base=CN=Micro Focus,
CN=Program Data,
DC=mycorp,DC=com
-uESF user
A valid ES account that is being used to sign on to the ESF. The default value is SYSAD.

Usage: 

esfadmin -uSYSAD
-pESF password.
The associated password. The default value is SYSAD.
-UESM user
A valid username for the External Security Manager, for example, with MLDAP, a user account with appropriate access to the LDAP repository.

If this is not supplied, then for commands other than the LIST commands, esfadmin prompts for the ESM username. For LIST commands, esfadmin lets the ESM module use its default credentials.

Note: You must supply this username, either with -U or when prompted, even if the security manager does not require it. For VSAM ESM Module you can use any username and password.
-PESM password
The associated password.

If this is not supplied, then for commands other than the LIST commands, esfadmin prompts for a password.

-Sserver URL
Specifies the connection path for the ESM module. For MLDAP ESM Module, this is the URL of the LDAP server. For VSAM ESM Module it is the path to the data file directory.

Usage: 

esfadmin -S ldap://adhost
Note: You can specify a value up to 256 characters in length.
-ooptions file
Specifies the relative or absolute path and file name that contains the options to be used with the esfadmin command. Values containing spaces must be quoted. Options must be delimited with spaces and/or newlines.

The options file can contain any esfadmin options and positional parameters, except -o. An options file can be combined with command-line options. Parameters from the options file and the command line will be combined in the order they appear on the command line.

The options file is typically used to contain sensitive data such as the ESM password, or to simplify scripting a set of commands.

Note: The options file path and file name is limited to 256 bytes.
-Mmodule
Specifies the ESM module. The default is mldap_esm. Use -Mvsam_esm to specify the VSAM ESM Module.

The sub commands are:

  • ADDACE, ALTACE, DELACE
  • ADDUSER, ALTUSER, DELUSER, LISTUSER
  • ADDGROUP, ALTGROUP, DELGROUP, LISTGROUP
  • ADDCLASS, ALTCLASS, DELCLASS, LISTCLASS
  • ADDMEMBER, DELMEMBER
  • ADDRESOURCE, ALTRESOURCE, DELRESOURCE, LISTRESOURCE
  • LISTREFERENCES
  • SETPASSWORD, SETOPTIONS

Comments:

The subcommand specifies the function to be performed. Each function requires one or more parameters. Parameters consist of stand-alone keywords and keyword-value pairs. Keyword-value pairs must be entered without spaces between the keyword, the equal sign, and the value. Values that contain spaces or other special characters must be quoted, as required by the shell.

Parent topic: About the esfadmin Command
Related concepts
esfadmin Usage Notes
About the esfadmin Command
esfadmin Sub-commands
Related information
Setting User Passwords with esfadmin