Sun Desktop Manager 1.0 Administration Guide: Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A

SunDesktopManager 1.
0
AdministrationGuide
Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA95054
U.S.A.
Part No: 8192726
January, 2006
Copyright 2006 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA95054 U.S.A. All rights reserved.
This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this
product or document may be reproduced in any formby any means without prior written authorization of Sun and its licensors, if any. Third-party software,
including font technology, is copyrighted and licensed fromSun suppliers.
Parts of the product may be derived fromBerkeley BSDsystems, licensed fromthe University of California. UNIXis a registered trademark in the U.S. and other
countries, exclusively licensed through X/Open Company, Ltd.
Sun, Sun Microsystems, the Sun logo, docs.sun.com, AnswerBook, AnswerBook2, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in
the U.S. and other countries. All SPARCtrademarks are used under license and are trademarks or registered trademarks of SPARCInternational, Inc. in the U.S. and
other countries. Products bearing SPARCtrademarks are based upon an architecture developed by Sun Microsystems, Inc.
The OPENLOOKand Sun Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of
Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license fromXerox to the
Xerox Graphical User Interface, which license also covers Suns licensees who implement OPENLOOKGUIs and otherwise comply with Suns written license
agreements.
U.S. Government Rights Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions
of the FARand its supplements.
DOCUMENTATIONIS PROVIDEDAS IS ANDALLEXPRESS ORIMPLIEDCONDITIONS, REPRESENTATIONS ANDWARRANTIES, INCLUDINGANY
IMPLIEDWARRANTYOF MERCHANTABILITY, FITNESS FORAPARTICULARPURPOSE ORNON-INFRINGEMENT, ARE DISCLAIMED, EXCEPTTO
THE EXTENTTHATSUCHDISCLAIMERS ARE HELDTOBE LEGALLYINVALID.
Copyright 2006 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA95054 U.S.A. Tous droits rservs.
Ce produit ou document est protg par un copyright et distribu avec des licences qui en restreignent lutilisation, la copie, la distribution, et la dcompilation.
Aucune partie de ce produit ou document ne peut tre reproduite sous aucune forme, par quelque moyen que ce soit, sans lautorisation pralable et crite de Sun et
de ses bailleurs de licence, sil y en a. Le logiciel dtenu par des tiers, et qui comprend la technologie relative aux polices de caractres, est protg par un copyright et
licenci par des fournisseurs de Sun.
Des parties de ce produit pourront tre drives du systme Berkeley BSDlicencis par lUniversit de Californie. UNIXest une marque dpose aux Etats-Unis et
dans dautres pays et licencie exclusivement par X/Open Company, Ltd.
Sun, Sun Microsystems, le logo Sun, docs.sun.com, AnswerBook, AnswerBook2, et Solaris sont des marques de fabrique ou des marques dposes, de Sun
Microsystems, Inc. aux Etats-Unis et dans dautres pays. Toutes les marques SPARCsont utilises sous licence et sont des marques de fabrique ou des marques
dposes de SPARCInternational, Inc. aux Etats-Unis et dans dautres pays. Les produits portant les marques SPARCsont bass sur une architecture dveloppe par
Sun Microsystems, Inc.
Linterface dutilisation graphique OPENLOOKet Sun a t dveloppe par Sun Microsystems, Inc. pour ses utilisateurs et licencis. Sun reconnat les efforts de
pionniers de Xerox pour la recherche et le dveloppement du concept des interfaces dutilisation visuelle ou graphique pour lindustrie de linformatique. Sun dtient
une licence non exclusive de Xerox sur linterface dutilisation graphique Xerox, cette licence couvrant galement les licencis de Sun qui mettent en place linterface
dutilisation graphique OPENLOOKet qui en outre se conforment aux licences crites de Sun.
CETTE PUBLICATIONESTFOURNIE ENLETAT ETAUCUNE GARANTIE, EXPRESSE OUIMPLICITE, NESTACCORDEE, YCOMPRIS DES
GARANTIES CONCERNANTLAVALEURMARCHANDE, LAPTITUDE DE LAPUBLICATIONAREPONDREAUNE UTILISATIONPARTICULIERE, OU
LE FAITQUELLE NE SOITPAS CONTREFAISANTE DE PRODUITDE TIERS. CE DENI DE GARANTIE NE SAPPLIQUERAITPAS, DANS LAMESURE OU
ILSERAITTENUJURIDIQUEMENTNULETNONAVENU.
060223@13996
Contents
Preface ............................................................................................................................................................. 7
1 Concepts andArchitecture ........................................................................................................................... 9
Scope of the Desktop Manager ...................................................................................................................... 9
Architecture ................................................................................................................................................... 10
Conguration Repositories ................................................................................................................. 10
Management Tools ............................................................................................................................... 13
Templates ............................................................................................................................................... 13
CongurationAgent ............................................................................................................................. 14
CongurationAdapters ....................................................................................................................... 14
FromConguration Proles toApplication Settings ............................................................................... 14
Conguration Data Sources ................................................................................................................ 14
Construction of the Prole Conguration Data ............................................................................... 14
Conguration Data Source Combination ......................................................................................... 16
2 Using the Desktop Manager GUI ............................................................................................................... 17
Introduction .................................................................................................................................................. 17
Conguration Repositories Window ......................................................................................................... 17
Conguration Repositories Table ....................................................................................................... 18
MCreating a NewConguration Repository ............................................................................ 19
MRemoving a Conguration Repository .................................................................................. 20
MRenaming a Conguration Repository .................................................................................. 20
MSynchronizing Conguration Repositories .......................................................................... 20
Proles Tree View ..................................................................................................................................... 21
NavigationArea .................................................................................................................................... 21
MSearching for an Element ........................................................................................................ 22
MUsing the Find Function .......................................................................................................... 23
Content Area ......................................................................................................................................... 23
3
MCreating a newProle .............................................................................................................. 24
MDeleting a Prole ...................................................................................................................... 24
MAssigning a Prole .................................................................................................................... 25
MUnassigning a Prole ............................................................................................................... 25
MRenaming a Prole ................................................................................................................... 25
MCopying and Moving a Prole ................................................................................................ 25
MImporting Proles .................................................................................................................... 26
MExporting Proles ..................................................................................................................... 26
MViewing Effective Settings ............................................................................................................... 26
Proles All ................................................................................................................................................. 27
MCreating a newProle ...................................................................................................................... 27
MDeleting a Prole .............................................................................................................................. 28
MRenaming a Prole ........................................................................................................................... 28
MCopying and Moving a Prole ........................................................................................................ 28
MImporting Proles ............................................................................................................................ 28
MExporting Proles ............................................................................................................................ 29
Prole Editor ................................................................................................................................................. 29
General Properties ................................................................................................................................ 29
MSpecifying General Properties for a Prole ........................................................................... 30
Conguration Settings ......................................................................................................................... 30
MViewing and Editing a Proles Conguration Settings ...................................................... 30
Assigned Elements ................................................................................................................................ 31
MAssigning an Element to a Prole ........................................................................................... 31
MUnassigning an Element froma Prole ................................................................................. 32
Settings Summary ................................................................................................................................. 32
Advanced Options ................................................................................................................................ 32
MChanging the Application fromLocation ............................................................................. 33
MAssigning a Merge Order to a Prole ..................................................................................... 33
3 Using the Command Line Interface .......................................................................................................... 35
Overviewof the Desktop Manager CLI ...................................................................................................... 35
Working with the CLI ................................................................................................................................... 35
Invoking CLI Commands .................................................................................................................... 35
Bootstrapping Information Required by the CLI ............................................................................. 36
Authentication by Username and Password ..................................................................................... 36
Running a Command ........................................................................................................................... 37
Contents
Sun Desktop Manager 1.0Administration Guide January, 2006 4
Representing Elements ......................................................................................................................... 37
CLI Commands ............................................................................................................................................. 38
Help ........................................................................................................................................................ 38
Version Information ............................................................................................................................. 38
Add ......................................................................................................................................................... 38
Create ..................................................................................................................................................... 39
Delete ...................................................................................................................................................... 39
Export ..................................................................................................................................................... 40
Import .................................................................................................................................................... 40
List .......................................................................................................................................................... 41
Login ....................................................................................................................................................... 42
Modify .................................................................................................................................................... 43
Remove ................................................................................................................................................... 43
Rename .................................................................................................................................................. 44
Command Summary .................................................................................................................................... 44
4 Migration ....................................................................................................................................................... 47
Object Model and Terminology .................................................................................................................. 47
Prole Management ..................................................................................................................................... 47
Prole Format ............................................................................................................................................... 48
DelegatedAdministration ........................................................................................................................... 48
Contents
5
6
Preface
The Sun Desktop Manager 1.0 Administration Guide provides information about the concepts and
usage of the Sun Desktop Manager 1.0. It contains a detailed description of the Graphical User
Interface and its functionality, as well as a description of the Command Line Interface.
HowThis BookIs Organized
Chapter 1 provides an overviewof the Sun Desktop Manager.
Chapter 2 provides information about howto use the Sun Desktop Manager GUI.
Chapter 3 describes the commands used in the Sun Desktop Manager CLI.
Chapter 4 describes howto migrate fromthe Java Desktop SystemConguration Manager 1.1 to the
Sun Desktop Manager 1.0.
RelatedBooks
The following books provide additional information about the Desktop Manager:
I
Sun Desktop Manager 1.0 Installation Guide
I
Sun Desktop Manager 1.0 Developer Guide
AccessingSunDocumentationOnline
The docs.sun.com
SM
Web site enables you to access Sun technical documentation online. You can
browse the docs.sun.comarchive or search for a specic book title or subject. The URLis
http://docs.sun.com.
7
8
Concepts andArchitecture
The Sun Desktop Manager provides a framework to store conguration settings for applications on a
network in a central location for users, organizations, and host machines that run the application.
This chapter describes the general architecture and the key concepts of the Desktop Manager.
Scope of the DesktopManager
The Desktop Manager directly supports the following conguration settings:
I
Gconf (Gnome conguration framework)
I
StarOfce Registry
I
Mozilla Preferences
I
Java Preferences
I
Desktop launchers
I
Menu entries
I
Startup applications
Note The Desktop Manager only supports applications that use these settings.
By default, only the settings that are relevant to a systemadministrator can be congured with the
Desktop Manager. However, you can use templates that are included with the installation to extend
the functionality of the Desktop Manager to include the conguration settings that you want to
control. Furthermore, desktop applications that do not use the supported conguration systems can
access central conguration data through the legacy data framework.
1
C H A P T E R 1
9
Architecture
FIGURE 11 High-level architecture
The Desktop Manager contains the following components:
I
Conguration Repositories: Conguration repositories store the conguration proles and
organizational structures.
I
Management Tools: Management tools refers to both the Desktop Manager web-based
administration GUI and the command line interface (CLI). With these tools, you can create,
modify, delete, and assign conguration proles.
The management tools access the data in a conguration repository and use templates to display
the data in a browser window.
I
CongurationAgent and adapters: The agent retrieves and caches the conguration settings on
the conguration repositories for the user applications. The adapters apply the settings. The
agent and the adapters must be installed on every client.
I
Templates: Templates render the conguration data in a web browser window.
CongurationRepositories
The Desktop Manager stores conguration data in a conguration repository. Aconguration
repository stores the following three types of conguration data:
I
Organization structure: describes the structure of an organization. Asingle object of an
organization structure is called an element. The conguration data for an organization structure
provides the following information:
I
Atree that represents the Organization/Sub-Organizations structure. This includes a list of
users that are part of the organization, as well as the location of the users in the organization
structure.
I
Atree that represents the host Domain/Sub-Domain structure.
I
Conguration proles: dene sets of conguration data, called conguration proles, for
applications or modules. Proles can be assigned to organizations, domains, hosts, and users. A
prole provides a default value for a conguration setting or enforces a value for a conguration
key. Aprole can also contain proles that cover multiple applications.
Architecture
You can use conguration proles to dene default conguration settings for an organization,
such as the default unit of measure for rulers in StarOfce Writer. However, a user can set
preferences manually in an application to override such defaults.
Note You can change the value of a conguration setting to enforce a default setting in a prole,
so that a user cannot change the setting manually.
Conguration proles are stored at an element node in an organization or domain structure.
The assignment of proles associates the conguration data that is contained in a prole to an
element. You can only assign a prole to the element that stores the prole, or to elements that
occur belowthe storage element in the hierarchy.
Architecture
Chapter 1 Concepts andArchitecture 11
The Desktop Manager also stores a priority with conguration proles. Priorities determine the
order that the proles are assigned when you create the Prole Conguration Data (see
Construction of the Prole Conguration Data on page 14). You cannot store more than one
conguration prole with the same priority in an element.
You can also use the Desktop Manager to store local, user-specic conguration proles directly
on desktop machines.
I
Assignments: Assignments dene the relationship between one or many elements of an
organization and a prole. Assignments dene the elements of the organization or domain that
the conguration data can be applied to.
Child elements inherit the assignments of the parent element in the organization hierarchy.
Available CongurationRepositories
There are three types of conguration repositories that can be implemented:
I
LDAP: stores the conguration data on an LDAPdirectory server as additional entries. Desktop
Manager supports the following LDAPdirectory servers:
I
Sun Java Systems Directory Server
I
OpenLDAP
I
Microsoft Active Directory
Architecture
The access protocol to query this type of repository is LDAP. However, any other LDAPv3
compliant directory can be used as a repository.
I
File: stores the conguration data in a lesystem. The Desktop Manager accesses this type of
repository directly fromthe lesystemor through HTTP/HTTPS. For HTTP/HTTPS access, you
need to congure a web server so that the Agent can access the conguration repository; the
management tools require read/write access to the le systemthat stores the proles and
assignments.
I
Hybrid: a hybrid repository reads the organizational structure of the company froman LDAP
server, and then read/writes the conguration settings into a le system.
Note The LDAPConguration Repository provides the best overall performance. The hybrid
repository is best for when you do not have write access to the LDAPdirectory. The le-based
repository is only useful for evaluation purposes.
Management Tools
The management tools provide a web-based graphical user interface and a command-line interface
where you can manage the conguration data. The tools only operate on the conguration
repository and do not require the agents to run.
If you use an LDAPconguration repository, you can deploy the management tools in a separate
systemfromthe one that holds the LDAPservice. If you use the le-based repository, the
management tools require direct access as well as read/write permissions to the repository for the
noaccess user, or the user under which the Java Web Console is executed. That is, the tools must be in
the same systemas the repository, or the repository must be an NFS mount with read/write access for
the tools. The noaccess user runs the Desktop Manager GUI, and must be created when you install
the tools.
You can use the management tools to create, delete, modify, assign, and unassign proles. You cannot
use the tools to add, delete, and modify elements in the hierarchy, for example, to add users.
Templates
Desktop Manager uses templates to view, dene, and enforce conguration settings in the
conguration repository and to render the GUI for displaying these conguration settings. The
templates are deployed by the web-based Management tools.
For more information on templates, see the Sun Desktop Manager 1.0 Developer Guide.
Architecture
CongurationAgent
To access the conguration data fromthe Desktop Manager, a desktop client requires the Desktop
Manager CongurationAgent. The CongurationAgent communicates with the remote
conguration data repository and the adapters, as well as integrates data into specic conguration
systems. The conguration systems that are currently supported are GConf, Java Preferences,
Mozilla Preferences, and StarOfce Registry.
CongurationAdapters
Conguration adapters query the conguration agent for conguration data and provide the data to
the applications. The adapters must be installed on every client that you want to manage centrally.
FromCongurationProles toApplicationSettings
This section describes howthe conguration data is processed to end up with user settings for a
specic application running in a specic host.
CongurationData Sources
Each user application receives conguration data fromthe following sources:
I
Default conguration data source: stores the default settings for an application. This
conguration data source is deployed with the application and remains mostly unchanged
throughout its lifetime. The query mechanisms and the format for this data source are dened by
each application. Some applications use a "proprietary" method to store conguration data, while
other applications use a shared subsystemfor the conguration data, for example, GConf.
I
User conguration data source: stores user settings for an application. The query/update
mechanisms and format for this data source are dened by each application.
I
Prole Conguration data source: this data source is provided by the Sun Desktop Manager 1.0.
The conguration data is stored in the conguration repositories. The mechanisms to access that
data are provided by the CongurationAgent and the CongurationAdapters.
The application settings for a user on a host are calculated in two steps. The prole conguration tree
is constructed, and then the conguration data sources are combined.
Constructionof the Prole CongurationData
The prole conguration data holds the conguration prole for a user application that runs on a
specic host.
The organizational units of an organization, along with the users, are stored in the conguration
repository hierarchically. The same applies to the domain components.
FromConguration Proles toApplication Settings
Conguration proles are assigned to elements in the hierarchies. Conguration proles that are
assigned to an element are inherited by the children of that element.
The conguration data of an application depends on the user who runs the application and the host
where the application runs.
The conguration settings that affect a user depend on the conguration proles that are assigned to
the elements in the path fromthe user element to the root of the tree. These proles must be merged
together to build the set of conguration settings for the user.
Since it is possible to dene proles based on the host where the application of the user is running,
the proles assigned to the host, or to any of the elements that are in the path fromthe host to the
root of the tree should also be merged together with the conguration proles that affects the user.
FIGURE 12 CongurationProcess
The following rules are used to construct the prole conguration:
I
Order of processing: The order in which proles are merged is important. The Host Local set of
conguration proles are processed rst, followed by the Host Global set, the User Local set, and
then the User Global set.
If there is more than one conguration prole in a set, the priority number that is associated with
a prole determines the precessing order for the prole, that is, the lowest number is processed
rst.
I
Properties and Values: Aproperty is an element in the conguration that can be dened, for
example, "background color". Avalue is the value that you assign to a property, for example, the
value for the property "background color" is "white".
If a newproperty is introduced by one prole, the property and its value are added to the merged
conguration tree.
If a property has a value that is marked as enforced, the newvalue is stored in the merged tree.
Newvalues for the property that occur in other proles are ignored.
If a property already has a value when a newvalue is dened in a prole that is being processed,
the newvalue is assigned to the property.
CongurationData Source Combination
The conguration data provided by the three different conguration data sources must be combined
to produce a single set of settings for the user application to use at runtime.
1. The conguration data provided by the default conguration provider is read and a
conguration tree is constructed.
2. Aprole conguration data is constructed based on the user and host of the client application.
3. The user settings are read and a conguration tree is constructed.
4. The three trees are combined into one to get the conguration settings that the application will
use. The rules followed in this process are the same that where used to construct the prole
conguration data.
The resulting tree will be used by the application adapters to provide the conguration settings.
Using the Desktop Manager GUI
This chapter provides information about the Desktop Manager functionality and usage.
Introduction
The following are some terms you should knowin order to work with the Desktop Manager:
I
Conguration Repository: The organization and domain tree container, together with the proles
stored in it.
I
Domain: An element in the domain tree. Represents a realmin a computer network. May contain
domains and hosts.
I
Element: Alogical object to which conguration data can be assigned. Users, roles/groups, and
organizations are examples of entities known to the Desktop Manager
I
LDAP: Lightweight Directory Access Protocol. LDAPis a directory service protocol that runs
over TCP/IP. The details of LDAPare dened in RFC1777 The Lightweight Directory Access
Protocol.
I
Organization: An element in the organization tree. Represents an organization or a
sub-organization, for example, Call Center. May contain organizations, users, or roles.
I
Prole: Anamed container for conguration settings. It is stored in a conguration repository
and can be assigned to elements.
CongurationRepositories Window
The conguration repository is the storage location for the conguration data that you need to
congure your applications and where organizational hierarchy information is stored, along with
prole and assignment data for each element. In the Conguration Repositories window, you can
create newrepositories, as well as work with and synchronize existing repositories.
The Conguration Repositories Windowconsists of a masthead and the Conguration Repositories
list.
2
C H A P T E R 2
17
The masthead provides a number of general links. The upper part of the masthead contains the
Utility Bar, which contains four links (fromleft to right):
I
The Console button opens the Java Web Console launch page.
I
The Version button opens a windowthat displays version information about the Desktop
Manager.
I
The Log Out button logs you out of the Java Web Console, and thus the Conguration Manager,
returning you to the Login page.
I
The Help button opens the online help pages.
The lower section of the masthead contains the product name, the server name, and the name of the
administrator currently logged in.
CongurationRepositories Table
The Conguration Repositories table consists of ve columns:
I
The Selection column, which contains check boxes to select repositories
By selecting one or more repositories, the Remove, Rename, and Synchronize functions are
enabled.
Note Selecting a repository disables the Newbutton.
I
Name: contains the name of the repositories
The contents of the Name column are links. If you click on one of these links, the Conguration
Repositories viewis replaced by the Prole Editor page for the selected repository.
I
Type: can be one of three types, LDAP, le, or hybrid
I
LDAP: an LDAPrepository reads the organizational structure (users, organization, hosts,
domains, and so on) of the company froman LDAPserver and reads/writes the conguration
settings using that same LDAPserver.
I
File: a le repository reads the organizational structure of the company fromthe le system,
and reads/writes the conguration settings using that same le system.
I
Hybrid: a hybrid repository reads the organizational structure of the company froman LDAP
server, and then read/writes the conguration settings into a le system.
I
Location of Organization Data: either a le, if a le repository, or LDAPURL, if an LDAPor
hybrid repository. Designates the storage location of the organizational data.
I
Location of Prole Data: either a le, if a le repository, or LDAPURL, if an LDAPor hybrid
repository. Designates the storage location of the conguration settings. Aprole is a named
collection of conguration settings that is assigned to users, organizations, hosts, and domains.
You can performthe following actions within the Conguration Repositories table:
I
New: creates a newconguration repository
Conguration Repositories Window
I
Remove: removes an existing conguration repository
I
Rename: renames a conguration repository
I
Synchronize: synchronizes conguration repositories
This function is only enabled when one or two repositories are selected
M
Creatinga NewCongurationRepository
Aconguration repository is a place where organizational hierarchy information is stored, along
with prole and assignment data for each element.
Click the Newbuttoninthe CongurationRepositories table
The NewConguration Repository Wizard opens. The wizard is used to create a conguration
repository for use with the Desktop Manager.
Inthe Repository Name eld, type a name for the newcongurationrepository, andthenclick Next.
Select the repository type fromthe Repository Type list.
The wizard can be used to congure three types of repositories:
I
LDAP: The hierarchy is taken fromLDAP, and all data is stored in LDAP.
I
File-Based: The hierarchy is taken froma le, and all data is stored in directories and les.
I
Hybrid: The hierarchy is taken fromLDAP, but all data is stored in directories and les.
Click the Next button.
Enter the details of the LDAPserver that youwant tocongure for this repository.
The Hostname and Port on which the server runs are required. You can also choose whether or not to
connect to this server using SSL.
Note Note To connect to the server using SSL, the proper certifcate needs to be present in the
Desktop Manager key store. This key store is located in /etc/opt/webconsole/keystore, and either
the CertifcationAuthority or the LDAPserver certifcate needs to be present in that store. Acertifcate
can be added to that location by running the command:
keytool -import -file <certificate file> -keystore /etc/opt/webconsole/keystore
The default password for that key store is changeit. The Java Web Console must be restarted using
the smcwebserver restart command for the newcertifcate to be recognized by the Desktop Manager.
Further steps are determinedby the choices made inthe precedingsteps. Followthe instructions
providedby the wizard.
1
2
3
4
5
6
Chapter 2 Using the Desktop Manager GUI 19
Note The directory whose URLis provided for the creation of le-based or hybrid repositories must
be owned by user noaccess, group noaccess, and have permissions 755 set. This results in read and
write permissions for user noaccess, and read only permissions for all others.
M
Removinga CongurationRepository
Select the check box correspondingtothe congurationrepository that youwant toremove.
Click the Remove button.
Aconrmation dialog appears.
If youreally want toremove the congurationrepository, click the OKbuttoninthe conrmation
dialog.
M
Renaminga CongurationRepository
Select the check box correspondingtothe congurationrepository that youwant torename.
Click the Rename button.
ARename dialog opens.
Type the newname of the congurationrepository inthe text eldof the dialog, andclick OK.
M
SynchronizingCongurationRepositories
With the Desktop Manager you can manage multiple back ends in parallel. This allows you to dene
one back end for testing and one back end for the nal production. Conguration changes can now
be dened and evaluated rst in the test back end. Thereafter you can synchronize parts or the
complete test back end with the production back end to apply the required changes quickly and
safely to the production system. This method can also be used for a simple backup and restore
mechanismof the production back end. The Synchronization windowallows you to performthis
synchronization.
Inthe CongurationRepositories window, select the repository that youwant tosynchronize.
The Synchronization windowopens.
Select the source repository fromthe Source CongurationRepository list.
You can change the source repository which serves as source for the changes. This repository is not
changed.
1
2
3
1
2
3
1
2
(Optional) Youcanrestrict the source repository by clickingthe Change buttonnext toSource
StartingPoint.
This species another element than the root as the source starting point for the synchronization.
Adialog opens, which allows you to navigate to the desired organization or domain element. Once
an element is selected, the newpath is reected in the Source Starting Point.
Select a target repository fromthe Target CongurationRepository list.
You can change the target repository which serves as target for the changes. This repository is
changed.
(Optional) Youcanrestrict the target repository by clickingthe Change buttonnext toTarget Starting
Point.
This species another element than the root as the target for the synchronization.
Adialog opens, which allows you to navigate to the desired organization or domain element. Once
an element is selected, the newpath is reected in the Target Starting Point.
Click the Compare button.
The two trees are compared and all differences are listed in a table.
Select the check boxes next tothe table rows containingthe proles youwant tosynchronize and
click the Synchronize button.
When the synchronization is nished the target repository matches the source repository regarding
the selected proles.
Proles Tree View
The Proles Tree Viewpage displays all available proles that are currently assigned to an element.
On the left side of the page is a navigation area, where you can browse through the tree hierarchies to
nd proles. On the right side of the page is the Content area, which displays information about any
prole selected in the navigation area.
NavigationArea
The navigation tree is used to browse through the organization and domain trees to select an
element. The tree reects the hierarchy of the elements. If a node has subnodes, a blue triangle is
displayed to the left of the node name. Clicking the blue triangle, the node is expanded, and some
subnodes are shown.
3
4
5
6
7
Proles Tree View
Note By default, only 10 subnodes are displayed for each expanded node. If there are more than 10
subnodes, the 11th node does not refer to an element, but indicates that there are nodes that are not
displayed: ... some elements not displayed. Clicking this node opens the Find function.
To select an element, navigate the tree and click on the desired element. Once an element has been
selected, the element is highlighted, and the content area displays the elements assigned and
inherited proles.
The navigation also provides a mechanismfor a recursive search (see Searching for an Element
on page 22) and a non-recursive nd (see Using the Find Function on page 23), in order to locate
elements in the tree hierarchies. Clicking the Search button opens the Search window.
M
Searchingfor anElement
The Search function allows you to recursively search for an element in the domain or organization
hierarchy. It searches for not only the direct children of an element, but also all descendents. To
performa search of only the direct children of an element, use the Find function.
Asearch opens the Search window, which also allows you to performa more advanced search.
Note The Search feature only supports LDAPand hybrid repositories, but does not support
le-based repositories. If you performa search on a le-based repository, the result is always reported
as Elements Found (0).
Type the name or partial name of the element that youwishtosearchfor intothe searcheld.
Note The search is not case-sensitive and not strict, for example, the search string "bc" will match
"ABC" and "bcd". An asterisk (*) denotes an arbitrary sequence of characters within a search string.
You can use more than one asterisk at any location in the string. An empty eld is equivalent to a eld
with the search string *.
Click the Searchbutton.
The Search windowopens. Any string that you typed into the search eld of the Navigation area is
moved fromthat search eld to the search eld of the Search window, and a search for that string is
started automatically. Any results are then displayed in a results table, which shows the name, type
and path of any found elements.
Note The maximumnumber of results is capped at 100.
If no results were found, or if you left the search eld in the Navigation area blank, you can type in the
name of an element in the search eld of the Search window.
1
2
Proles Tree View
Tip Use the type modier list, located next to the search eld, to search for a specic element type,
such as Search domains.
If necessary, addadvancedoptions tothe searchby clickingthe ShowAdvancedOptions button.
The advanced options consist of the following:
I
Restrict to: you can determine the element at which the search algorithmshould start to traverse
through the tree.
I
Results displayed per page: allows you to determine the number of results displayed on every
page of the results table.
Click the Searchbuttonagaintoviewresults for a newor modiedsearch.
Note Clicking the Reset button changes all search parameters to the default and clears the Search
eld.
M
Usingthe FindFunction
The Find function allows you to performa qualied nd for all elements that are direct children of
the expanded element. This is in contrast to the search function, which provides a recursive search
for elements.
Click the Some Elements are not Displayednode inthe navigationtree.
The Find windowopens.
Type a stringor partial stringintothe Findeld.
The search is not case-sensitive and not strict, for example, the search string "bc" will match "ABC"
and "bcd". An asterisk (*) denotes an arbitrary sequence of characters within a search string. You can
use more than one asterisk at any location in the search string. An empty eld is equivalent to a eld
with the search string *.
Click the Findbutton.
Alist of results is displayed. The number of results is capped at 100.
Toadda foundelement tothe navigationtree, click the desiredelement inthe results list.
The Find windowcloses, and the element is added to the list of subnodes in the navigation tree.
Content Area
When you select an element, information about that element is displayed in the content area of the
Proles Tree Viewpage. The content area can contain up to three tables:
3
4
1
2
3
4
Proles Tree View
I
Assigned Proles table: this table is always displayed. This table shows the proles that are
assigned to the currently selected element. It contains three columns, Name, Author, and Last
Modied. The value of the Last Modied column changes only if a setting of the prole is
changed, but not if the prole itself is renamed, moved or re-prioritized.
I
Inherited Proles table: this table is displayed if any element above the selected element in the
hierarchy has an assigned prole. This prole is listed in the table. It contains two columns,
Name andAssigned To. Assigned To shows the path and name of the element that the prole is
assigned to.
I
Users or Roles table: this table appears when an element of user or role type is selected. If the
element is a user who is a member of at least one role, then those roles are shown in the Roles
table. If the element is a role that has members, these members are displayed in the Users table.
M
Creatinga newProle
Click the Newbutton.
The Prole Editor opens.
Followthe instructions providedby the Prole Editor.
For more information about howto use the Prole Editor to create a newprole, see Prole Editor
on page 29.
Note When you have nished creating the newprole, it is automatically assigned to the currently
selected element.
M
Deletinga Prole
Select the check box correspondingtothe prole that youwant todelete.
Aconrmation dialog appears.
Caution It is important to understand that Delete removes all assignments and then physically
deletes the prole. You cannot retrieve it, it is gone. Deleting a prole also causes assignments to
other elements besides the current element to be removed. To simply remove a prole assignment
froman element, use Unassign.
Click the Delete button.
If youreally want todelete the prole, click the OKbuttoninthe conrmationdialog.
1
2
1
2
3
Proles Tree View
M
Assigninga Prole
Click the AssignProle button.
Adialog opens, listing all available proles that can be assigned to the selected element.
Note Proles already assigned to the selected element, as well as proles that are not stored at or
above the currently selected element, are not listed.
Select one or more of the listedproles, andclick OK.
The newly assigned proles nowappear in the Assigned Proles table.
M
Unassigninga Prole
Select the check box correspondingtothe prole that youwant tounassign.
Click the UnassignProle button.
The prole is nowunassigned, and disappears fromthe Assigned Proles table.
Caution There is no warning dialog, so if you clicked the Unassign Prole button by mistake, you
can reverse this by using the Assign Prole function.
M
Renaminga Prole
Select the check box correspondingtothe prole that youwant torename.
Choose Rename fromthe actions list.
ARename dialog opens.
Type the newname of the prole inthe text eldof the dialog, andclick OK.
M
CopyingandMovinga Prole
Select the check box correspondingtothe prole that youwant tocopy or move.
Choose Copy andMove fromthe actions list.
The Copy and Move wizard opens.
Followthe instructions providedby the Copy andMove wizardtoperformyour task.
1
2
1
2
1
2
3
1
2
3
Proles Tree View
M
ImportingProles
Make sure all check boxes are deselected.
Choose Import fromthe actions list.
The Import Prole dialog opens.
Enter the pathof the le that youwant toimport, or click the Browse buttontochoose a le fromthe
default le chooser dialogof your operatingsystem.
Click the Import button.
M
ExportingProles
Select the check box correspondingtothe prole that youwant toexport.
Choose Export fromthe actions list.
Adialog opens, which allows you to specify the location to which you want to export the le.
Select the Save toDisk optioninthe dialogandclick OK.
Choose the locationwhere youwant tosave the exportedle andclick OK.
M
ViewingEffective Settings
Effective Settings is a read-only viewof the effective conguration settings for a given element, such
as an organization, domain or host.
The effective settings of a specic user are the result of a merge process, including the conguration
settings stored at the involved organization level(s), role(s), and the user. You can display the merged
conguration settings of a selected element in a separate Effective Settings window. This allows for
easy verication and also error debugging. An Effective Settings report can also be printed and stored
for archival purposes.
Click the Effective Settings buttoninthe AssignedProles table.
When rst opened, the effective settings for the selected element in the navigation tree are displayed.
The Effective Settings windowconsists of the following two sections:
I
In the Modify Effective Settings Parameters section, the Create the Effective Settings Using area
lets you choose which tree to take into account. The Select an element fromthe Domain Tree
option lets you choose which entities to generate a Effective Settings report for. Use the Browse
button to select an element in the organization or domain tree.
I
The Effective Settings section displays the following:
1
2
3
4
1
2
3
4
1
Proles Tree View
I
The location of the selected element in the hierarchy and the hostname.
I
The time and date when the current effective settings report was generated.
I
In the Proles Involved section, the list of proles involved in generating the effective settings
report for the current element. They are listed in merge order formmost relevant to least
relevant. Each prole is a link that opens the Prole Editor windowfor the prole.
I
The Settings Summary area displays the conguration settings for the current effective
settings report, grouped into categories. The Settings Summary contains Name, Value, and
Status elds.
The Status column contains entries of the type Dened In <poleName>, where
<proleName> is a link that opens the Prole Editor for that prole on the Conguration
Settings tab, and navigates to the particular setting within this prole.
Youcanmodify a generatedeffective settings report by changingany relevant effective settings
parameters, andthenclickingthe Generate Effective Settings buttonat the topof the Effective
Settings window.
Anewreport is then displayed in the Effective Settings window.
Toprint aneffective settings report, click the Print buttonat the topor bottomof the Effective
Settings Window.
Proles All
The Proles All page displays all available proles, including those that are not assigned to an
element. The proles are shown in two tables, one for domain proles and one for organization
proles.
The prole tables let you performthe following actions:
I
Creating a newProle
I
Deleting a Prole
I
Renaming a Prole
I
Copying and Moving a Prole
I
Importing Proles
I
Exporting Proles
M
Creatinga newProle
Click the Newbuttoninthe desiredprole table, either organizationor domain.
The Prole Editor wizard opens.
2
3
1
Proles All
Followthe instructions providedby the wizard.
For more information about creating a newprole using the Prole Editor, see Prole Editor
on page 29.
M
Deletinga Prole
Select the check box correspondingtothe prole that youwant todelete.
Click the Delete button.
M
Renaminga Prole
Select the check box correspondingtothe prole that youwant torename.
Choose Rename fromthe actions list.
Adialog box appears.
Type the newname of the prole inthe text eldof the dialog, andclick OK.
M
CopyingandMovinga Prole
Select the check box correspondingtothe prole that youwant tocopy or move.
Choose Copy andMove fromthe actions list.
The Copy and Move wizard opens.
Followthe instructions providedby the Copy andMove wizardtoperformyour task.
M
ImportingProles
Make sure all check boxes are deselected.
Choose Import fromthe actions list.
The Import Prole dialog opens.
Enter the pathof the le that youwant toimport, or click the Browse buttontochoose a le fromthe
default le chooser dialogof your operatingsystem.
Click the Import button.
2
1
2
1
2
3
1
2
3
1
2
3
4
Proles All
M
ExportingProles
Select the check box correspondingtothe prole that youwant toexport.
Choose Export fromthe actions list.
Adialog opens, which allows you to specify the location to which you want to export the le.
Select the Save toDisk optioninthe dialogandclick OK.
Choose the locationwhere youwant tosave the exportedle andclick OK.
Prole Editor
The Prole Editor is used to create newproles and edit existing proles. You can also viewthe
current settings and options for the currently selected prole.
You can open the Prole Editor by either clicking the name of a prole in one of the tables in the
Proles Tree Viewcontent area or in the Proles All page.
Tip To create a newprole, see Creating a newProle on page 24.
The Prole Editor contains the following tab pages:
I
General Properties
I
Conguration Settings
I
Assigned Elements
I
Settings Summary
I
Advanced Options
General Properties
The General Properties page allows you to specify general information about a prole. This page is
the default viewof the Prole Editor window.
Note The Prole Editor appears when the user creates a newprole by clicking the Newbutton.
1
2
3
4
Prole Editor
M
SpecifyingGeneral Properties for a Prole
Inthe Name eld, type the desiredname of the prole.
Addany comments intothe Comments eld.
You can leave the Comments eld blank.
Note The Author and Last Modied elds are read-only, and cannot be modied. The Author eld
displays the proles author, and the Last Modied eld shows the date and time of the last
modication.
Click the Save button.
If you close the windowbefore saving any newinformation, and warning dialog appears that
prompts you to save the settings.
CongurationSettings
The Conguration Settings page allows you to viewand edit the conguration settings that are stored
in the selected prole.
M
ViewingandEditinga Proles CongurationSettings
Toviewa proles congurationsetting, navigate tothe settingfromthe list of categories onthe
right side of the page.
The conguration settings are organized hierarchically into categories that directly correspond to the
conguration options of desktop applications, such as StarOfce, Mozilla, Evolution or Gnome.
Click the desiredcongurationsetting.
The selected proles settings appear, which displays the available settings for that prole. If
necessary, additional context information is provided, such as the effects of individual settings or the
allowed value range.
Note If you select a category rather than a conguration setting, a table appears that lists that
categories settings or sub-categories.
1
2
3
1
2
Prole Editor
For eachcongurationsetting, youcaneither specify a concrete value, or youcanleave the setting
undened.
If you leave the setting undened, the application will not be affected by this prole setting, and
instead takes advantage of its own factory built-in default value. In general, the Prole Editor lists
and applications default value through additional help text or, if possible, through a marker directly
in the settings options list.
Note It is important to understand that several proles might affect the same user. For example, you
can create a prole with settings for a specic organization. These settings are automatically available
for all users that are part of this organization. Similarly, you can dene additional proles with
conguration settings for sub-organizations. These may overwrite settings of the parent
organization, for example, different proxy settings for sub-organizations would be dened, but leave
other settings unchanged. The effective settings for a specic user would then be the result of a merge
process including all proles assigned to the organization, sub-organizations and probably the user.
Tip In some cases you might want to control this merge process and want to enforce a conguration
setting, meaning that it should not be possible for other proles to overwrite your setting and to
dene a different value. The Prole Editor allows to specify for each setting the desired merging
behavior. The default is that other "proles may overwrite" a setting. Deselecting this option will
enforce the setting and other proles can no longer overwrite your value.
AssignedElements
The Assigned Elements page lists the elements that are assigned to the current prole, and allows you
to assign or unassign elements.
The current proles elements are displayed in the Assigned Elements table, which contains the
following information:
I
Name: the name of the element to which the current prole is assigned.
I
Path: the location of the element to which the current prole is assigned.
M
AssigninganElement toa Prole
Click the AssignElement button.
Awindowcontaining a navigation tree appears.
Navigate the tree, andselect the desiredelement.
3
1
2
Prole Editor
Tip If you cant nd the desired element in the tree, you can click the Search button to open the
Search windowand nd the element.
The element then appears in the Assigned Elements table, nowassigned to the current prole.
M
UnassigninganElement froma Prole
Select the check box correspondingtothe element that youwant tounassign.
Click the UnassignElement button.
The element is nownot assigned to the current prole, and disappears fromthe Assigned Elements
table.
Settings Summary
The Settings Summary is a read-only viewof all conguration settings that contain data for the
selected prole.
The Settings Summary page contains the Settings Summary table. This table shows the conguration
settings that contain data for the current prole, grouped into categories. The table has the following
elds:
I
Name: the setting name
I
Value: the setting value
I
Status: the status column contains entries of the type Dened in <proleName>, where
<proleName> is a link that switches the Prole Editor to the Conguration Settings page, and
navigates to the particular setting within this prole.
AdvancedOptions
The Advanced Options page allows you to specify advanced options for the current prole. There are
two main options available on this page:
I
Applicable from: allows you to move the prole to a different storage location in the organization
or domain tree. By moving the storage location, you are also changing the set of elements that the
prole can be assigned or applied to. This is because a prole can only be assigned to the element
it is stored at, or assigned to the elements that are in the subtree belowthe element at which it is
stored.
1
2
Prole Editor
Caution You can not change the Application from parameter in a way that the resulting layout
would violate the rule mentioned above. For example, this would happen if you move a prole
down the tree hierarchy, and an existing assignment connecting the prole to an element below
the proles storage location would, after the movement of the prole, connect the prole to the
same element. But now, the element is above the storage location of the prole. If the you try this,
the action is cancelled, and a warning message is displayed.
I
Merge Order: species the order in which all proles stored at the same element are merged.
Because more than one prole can be assigned to a single element and more than one prole can
dene the same setting, the order in which the proles are merged for a single element must be
dened. This resolves the conicts of one setting being dened in two or more proles assigned
to the same element.
The storage location is used rst to determine the merge order. The prole stored at an element
that is located closer to the root of the tree is merged rst. As a consequence, the prole that is
stored deeper in the tree hierarchy is merged secondly. The settings of a prole merged later
overwrite the settings of a prole merged earlier.
M
ChangingtheApplicationfromLocation
Click the Change button.
Awindowcontaining a navigation tree appears.
Navigate the tree, andselect the desiredelement.
Tip If you cant nd the desired element in the tree, you can click the Search button to open the
Search windowand nd the element.
Click the OKbutton.
M
Assigninga Merge Order toa Prole
Select the desiredprole inthe Selectedlist.
Use the buttons onthe right of the list tomove the prole upor downwithinthe list.
1
2
3
1
2
Prole Editor
34
Using the Command Line Interface
This chapter provides information about the Sun Desktop Manager command line interface.
Overviewof the DesktopManager CLI
The CLI is used to create, manipulate, export, import and delete conguration proles. As with the
Desktop Manager GUI, the CLI allows the following actions:
I
Proles can be assigned and unassigned to or fromelements.
I
Proles can be exported and imported in XMLformat to or fromzip les. The prole settings in
these zip les can then be created, edited or deleted prior to importing the proles.
Note The CLI does not provide the equivalent of the GUI functionality for the following functions:
I
Navigation of element hierarchy.
I
Viewing merged prole settings for elements.
I
Generating reports.
I
Access to le based or hybrid back end, provides access to LDAPback end only.
Workingwiththe CLI
InvokingCLI Commands
The CLI consists of the command pgtool, which operates in a single-line command mode that
executes one command at a time. pgtool contains a number of sub-commands, options and
operands, which are described in Command Summary on page 44. The options can be specied
using either a full or a short keyword. In the following commands descriptions, the full keywords are
used, but the shortcuts that correspond to the commands can be found in Table 32.
3
C H A P T E R 3
35
BootstrappingInformationRequiredby the CLI
Bootstrapping information is required in order to locate and interrogate the datastore containing the
elements and proles. The bootstrapping information that is required is server, port number, base
distinguished name (DN) and username of the administrator. This information can be specied at
the command line or in a bootstrapping le.
Bootstrappingle
The boostrapping information can be read froma properties le. The location of this le can be
specied in the command line by the --file option.
--file=<bootstrap file> : fully qualied path to a bootstrapping le. The default le is
$HOME/pgtool.properties.
Example: --file=/var/opt/apoc/cli.properties.
The format of the le is described in the Appendix A, Conguration Parameters, in Sun Desktop
Manager 1.0 Installation Guide.
Bootstrappingoptions
The bootstrapping can be specied at the command line using the --url and --username options.
--url=<url> : the URLidentifying the datastore. The URLformat is
ldap://<hostname>:<port>/<base name> with <hostname> the name of the server (default is
localhost), <port> the port number on the server (default is 389) and <base name> the distinguished
name of the base entry.
Example: --url=ldap://server1.sun.com:399/o=apoc.
--username=<username> : the username of the administrator in the format used by the storage back
end. The administrator is then prompted for a password. If this option is not used, and the
administrator has not used the pgtool login sub-command, then the administrator is prompted to
enter a username and password.
Example: --username=jmonroe.
Authenticationby Username andPassword
Ausername and password are required for each execution of a command.
Authenticationby logincommand
The CLI provides a login command to allowusername/password pairs to be stored in a credentials
le in the administrators home directory. This le is named .apocpass. The .apocpass le has
restricted access.
Working with the CLI
If authentication is successful, a username/password pair entry is added to the .apocpass le. The
key for this pair is made up of the server/port/base DNand the username so that username/password
pairs can be stored for other back ends in the same le.
Once the login command has successfully completed, other CLI commands can be executed without
the necessity of specifying a username or password.
For more details on howto use the login command, see Login on page 42.
Authenticationfor the other commands
For other commands, the CLI rst checks to see if an .apocpass le exists for the current user.
If the le does not exist, the user is prompted for a username and password. If this username and
password is successfully authenticated, the command is executed.
If the credentials le does exist and a username has been specied at the command line, the CLI looks
for an entry for the host, port, base DNand username. If an entry exists, the stored user DNand
password is used to execute the command, otherwise the user is prompted for a password.
If a username is not specied at the command line, the .apocpass le is searched for keys using the
host/port and base DNcombination. If there is a unique entry for this combination, the stored user
DNand password is used to execute the command. If the entry is not unique, the user is prompted
for a username. If this matches an entry, the stored user DNand password is used to execute the
command. If this does not match, then the user is prompted for a password.
Where the user is prompted for a password, an entry fromthe .apocpass le for this
host/port/baseDNcombination is used to authenticate the username and password. If such an entry
does not exist, anonymous access is used for the authentication.
Runninga Command
Each use of a command creates and initializes a connection to the datastore and then exits once the
command has been executed. If the command exits with an error, no changes were applied to the
conguration proles.
RepresentingElements
An element is represented using the LDAPfull Distinguished Name (DN).
Example: uid=jmonroe,ou=People,o=apoc.
Working with the CLI
Chapter 3 Using the Command Line Interface 37
CLI Commands
This section describes the sub-commands of Desktop Manager CLI functionality.
Note For backward compatibility reasons, the CLI uses the --entity option to specify what is now
called an element in the Desktop Manager user interface. The terms are interchangeable. There is
no --element option.
Help
To obtain a list of all available CLI commands, type pgtool --help.
VersionInformation
To display version information, type pgtool --version.
Add
Assigns a prole to an element.
Syntax
add [--scope=<user|host>] [--entity=<entity>] <profile name> <target entity>
--scope=<user|host> : the scope for the prole, which can be either user or host. If not specied,
then defaults to the user scope.
--entity=<entity> : the element where the prole is located. If not specied, then defaults to root
organization or domain element, depending on the --scope option.
<profile name> : the name of the prole to be assigned to the element. If no prole or more than one
prole with this name and this scope can be found at this layer, then the command exits with an
error.
<target entity> : the element to which the prole is assigned.
EXAMPLE 31 Adding a prole to anelement
% pgtool add UserProfile1 cn=Role1,o=staff,o=apoc
The prole UserProle1 located in root organization was assigned to the element
cn=Role1,o=staff,o=apoc.
CLI Commands
Create
Creates a new, empty prole.
Syntax
create [--name=<profile name>] [--scope=<user|host>] [--entity=<entity>]
[--priority=<priority>]
--name=<profile name> : the name of the prole to be created. If a prole with this name and this
scope already exists at this layer, then the command exits with an error. If not specied, then the
command defaults to the rst prole name available in the series, for example, NewProle,
NewProle2, NewProle3, ...
then the command defaults to the user scope.
--entity=<entity> : the element where the prole is created. If not specied, then the command
defaults to root organization or domain element, depending on the --scope option.
--priority=<priority> : a strictly positive integer specifying the priority of the prole. If the
priority specied is the same as that of an existing prole of this scope at this layer, then the priority
option is ignored. If not specied, then the created prole will have the highest priority at this layer.
EXAMPLE 32 Creating a newprole
% pgtool create --scope=host --name=NewHostProfile1
Creates a newprole called NewHostProle1 in the domain root and whose scope is host.
Delete
Deletes a prole.
Syntax
delete --name=<profile name> [--scope=<user|host>] [--entity=<entity>]
--name=<profile name> : the name of the prole to be deleted. This option is mandatory. If no
prole or more than one prole with this name and this scope can be found at this layer, then the
command exits with an error.
CLI Commands
EXAMPLE 33 Deleting a prole
% pgtool delete --scope=host --name=renamedNewHostProfile1
Deleted the renamedNewHostProle1 prole located in root domain.
Export
Exports the proles contained in a prole to the specied target, using a zip le format.
Syntax
export --name=<profile name> [--scope=<user|host>] [--entity=<entity>] <target>
--name=<profile name> : the name of the prole to export. This option is mandatory. If no prole or
more than one prole with this name and this scope can be found at this layer, then the command
exits with an error.
<target> : the full path to the zip le where the prole is to be exported. If the path does not specify
any lename, then the lename defaults to <profile name>.zip. If the target is not writable, then
the command exits with an error.
EXAMPLE 34 Exporting a prole
% pgtool export --scope=host --name=HostProfile1 /tmp/newdir
Exported HostProle1 (located in root domain) to HostProfile1.zip, which was created in new
directory /tmp/newdir.
Import
Imports a prole stored in zip le format fromthe specied source. The source contains the proles
to be imported into the prole.
Syntax
import [--name=<profile name>] [--scope=<user|host>] [--entity=<entity>]
[--priority=<priority>] <source>
--name=<profile name> : the name of the prole to be imported. If not specied, then defaults to the
name of the .zip source le. If a prole of this name and scope already exists at this layer, then it is
overwritten.
CLI Commands
--priority=<priority> : a strictly positive integer specifying the priority of the prole. If the
priority specied is the same as that of an existing prole of this scope at this layer, then this option is
ignored. If not specied, then the imported prole will have the highest priority at this layer.
<source> : the full path to the zip le containing the proles to import.
EXAMPLE 35 Importing a prole
% pgtool import --scope=host --name=NewHostProfile1 --priority=7
/tmp/HostProfile1.zip
Prole with name NewHostProle1, scope host, priority 7 and located in root domain, was
imported fromHostProfile1.zip.
List
Lists all proles or element/prole assignments.
If neither --name option nor --entity option is specied, then all the user or host proles are listed,
depending on the --scope option.
If the --name option is specied, then all the elements assigned to this prole are listed.
If the --entity option is specied, then all the proles assigned to the element specied are listed.
Syntax
list [--scope=<user|host>] [--entity=<entity>] [--name =<profile name>]
--entity=<entity> : the element where the prole is located, if the --name option is specied.
Otherwise, the element to which proles to be listed are assigned. If not specied in the former case,
then defaults to the root organization or domain element, depending on the --scope option.
--name=<profile name> : the name of the prole whose assigned elements are to be listed. If no
prole or more than one prole with this name and this scope can be found at this layer, then the
EXAMPLE 36 Listingassignments
% pgtool list
Lists the proles assigned to root organization.
CLI Commands
EXAMPLE 36 Listingassignments (Continued)
% pgtool list --scope=host --name=HostProfile1
Lists elements assigned to prole HostProle1 located in root domain.
Login
Stores the username and password for the datastore back end after a successful authentication to this
datastore. This username and password can then be used in future invocations of pgtool.
The credentials are stored in a le named .apocpass in the administrators home directory. If this le
already exists and it does not have the correct permissions, then the command exits with an error.
If a username is specied, the administrator is prompted for a password, otherwise the administrator
is prompted for a username and a password. The username and password are authenticated using
anonymous access to the datastore. If anonymous access is not supported, then the administrator is
prompted to enter an authorized username and a password. If authentication by the authorized
username fails, then the command exits with an error.
Once authenticated, the username/password pair entry is stored in the administrators .apocpass
le using a key made up of a combination of the host/port/base DNand the username so that
username/password pairs can be stored for other back ends in the same le.
The bootstrapping information can be specied in the command using the --file option to
indicated the le where this information is found, or using the --url option to directly specify this
information. For more information about boostrapping, see Bootstrapping Information Required
by the CLI on page 36
If bootstrapping information is not available or the credentials le cannot be created, then the
If the credentials le is successfully created, then it is not necessary to specify username and password
for subsequent pgtool commands using this storage back end. The username and password details
stored in the credentials le are used.
Syntax
login [--username=<username>] [--file=<bootstrap file>] [--url=<url>]
--username=<username> : the username of the administrator in the format used by the storage back
end, for example jmonroe.
--file=<bootstrap file> : fully qualied path to a bootstrapping le. The default le is
$HOME/pgtool.properties. This option is not compatible with the --url option.
--url=<url> : the URLidentifying the datastore. The URLformat is
ldap://<hostname>:<port>/<base name> with <hostname> the name of the server (default is
localhost), <port> the port number on the server (default is 389) and <base name> the distinguished
name of the base entry.
CLI Commands
EXAMPLE 37 Login
% pgtool login --username=jmonroe [Enter the correct password when prompted]
Ale called ~/.apocpass created with entry for jmonroe and password, le has permissions 600.
The information about the back end to connect to is found in the default boostrapping le
~/pgtool.properties
Modify
Changes the priority of a prole.
Syntax
modify [--scope=<user|host>] [--entity=<entity>] <profile name> <priority>
<profile name> : the name of the prole to change priority to. If no prole or more than one prole
with this name and this scope can be found at this layer, then the command exits with an error.
<priority> : a strictly positive integer specifying the priority of the prole. If the priority specied is
the same as that of an existing prole of this scope at this layer, then the command exits with an error.
EXAMPLE 38 Changing the priority of a prole
% pgtool modify UserProfile1 15
Changed the priority of UserProle1, located in root organization, to 15.
Remove
Unassigns a prole froman element.
Syntax
remove [--scope=<user|host>] [--entity=<entity>] <profile name> <target entity>
CLI Commands
<profile name> : the name of the prole to unassign from the target element.
<target entity>: the element to from which to unassign the prole.
EXAMPLE 39 Unassigning a prole fromanelement
% pgtool remove UserProfile1 cn=Role1,o=staff,o=apoc
The prole UserProle1 located in root organization was unassigned fromthe element
cn=Role1,o=staff,o=apoc.
Rename
Renames a prole.
Syntax
rename [--scope=<user|host>] [--entity=<entity>] <profile name> <newname>
<profile name> : the current name of the prole to rename.
<newname> : the newname for the prole. If a prole of this name and scope already exists at the same
layer, then the command exits with an error.
EXAMPLE 310 Renaming a prole
% pgtool rename NewUserProfile2 renamedNewUserProfile2
Renamed NewUserProle2 located in root organization to renamedNewUserProle2.
CommandSummary
TABLE 31 Commands
Command Description
add Assigns a prole to an element.
create Creates a new, empty prole.
Command Summary
TABLE 31 Commands (Continued)
Command Description
delete Deletes a prole.
export Exports the proles contained in a prole to the specied target, using a zip
le format.
import Imports a prole stored in zip le format fromthe specied source. The
source contains the proles to be imported into the prole.
list Lists all the proles or the proles assigned to an element or the elements a
prole has been assigned to.
login Stores the username and password for this datastore back end in a le in the
administrators home directory. This username and password can then be
used in future invocations of pgtool.
modify Changes the priority of a prole.
remove Unassigns a prole froman element.
rename Renames a prole.
TABLE 32 Options
Option Description
-b <base name>, --base=<base name>,
DEPRECATED
The root entry of the storage back end. The format for
this base entry is determined by the storage back end
used. For example, an LDAPstorage back end with a
root entry of o=apoc: --base o=apoc.
DEPRECATED: use the --url option instead
-e <entity>, --entity=<entity> Represents a user, role, organization, host or domain
element. The entry format for the element is
determined by the storage back end used. For
example, an LDAPstorage back end with a user
jmonroe: -e
uid=jmonroe,ou=People,o=Staff,o=apoc.
-f <file>, --file=<file> The fully qualied path to the le detailing the
bootstrapping information to be used in the execution
of this command. For example: -f
/var/opt/apoc/cli.properties.
-h <hostname>, --hostname=<hostname>,
DEPRECATED
The name of the host for the storage back end. For
example: --host=server1.sun.com.
Command Summary
TABLE 32 Options (Continued)
Option Description
-i <priority>, --priority=<priority> Astrictly positive integer specifying the priority of the
prole. For example: -i 12.
-l <url>, --url=<url> the URLidentifying the datastore. The URLformat is
ldap://<hostname>:<port>/<base name> with
<hostname> the name of the server (default is
localhost), <port> the port number on the server
(default is 389) and <base name> the distinguished
name of the base entry. For example:
--url=ldap://server1.sun.com:399/o=apoc.
-m <name>, --name=<name> The name of the prole. For example:
--name=UserProfile1.
-p <port>, --port=<port>, DEPRECATED The port number for the storage back end. For
example: -p 399.
-s <scope>, --scope=<scope> the scope for the prole, which can be either user or
host. If not specied, then defaults to the user scope.
For example: --scope=host.
-t <type>, --type=<type>, DEPRECATED The type of storage back end. This defaults to LDAP.
For example: -t LDAP.
-u <username>, --username=<username> The username of the administrator in the format used
by the storage back end. The administrator is then
prompted for a password. If this option is not used,
and the administrator has not used the pgtool login
sub-command, then the administrator is prompted to
enter a username and password. For example:
--username=jmonroe.
-?, --help Displays the help information
-V, --version Displays the version information.
Command Summary
Migration
The Desktop Manager contains a number of changes and newfeatures to simplify the management
of conguration settings. If you want to migrate a Java Desktop SystemConguration Manager 1.1
installation to a Sun Desktop Manager 1.0 installation, you need to migrate your systempiece by
piece. For example, migrate the server component rst, followed by the client component (the
CongurationAgent). If you want, you can continue to use the Java Desktop SystemConguration
Manager 1.1 CongurationAgent with the Desktop Manager but without any of the Desktop
Manager features, such as delegated administration or the le-based prole repository.
Object Model andTerminology
The underlying object model for the Desktop Manager has been simplied, but remains compatible
with Java Desktop SystemConguration Manager. The Desktop Manager manages conguration
settings, which are collected and stored within proles. You can assign proles to hosts and groups of
a domain hierarchy, to users and groups of an organizational hierarchy. You can also assign more
than one prole to a single element. Proles that are assigned to higher level elements of a hierarchy
are inherited by their children.
Prole Management
Prole groups that you created in Java Desktop SystemConguration Manager 1.1 appear as
"proles" in the Desktop Manager You can only assign settings to an element after you create a
corresponding prole. Conguration settings that you assigned to entities in Java Desktop System
Conguration Manager automatically appear as proles with the label "Settings for ...." in the
Desktop Manager
4
C H A P T E R 4
47
Prole Format
When you use the Conguration Wizard in the Desktop Manager to congure an LDAPserver, the
wizard also detects existing Java Desktop SystemConguration Manager 1.1 proles, and offers to
migrate the proles to the newformat. This migration is optional and only improves the read
performance of the Desktop Manager agents. If you still need to support Conguration Manager 1.1
agents, do not migrate the proles. You can still viewand edit these proles without losing
compatibility.
DelegatedAdministration
With the Java Desktop SystemConguration Manager 1.1, you can only store proles under the root
of the organization and domain hierarchy in the LDAPserver. With the Desktop Manager, you can
store proles in different locations in the organization and domain hierarchy. This delegated
administration feature is especially useful if different administrators are responsible for the
conguration of different branches of the organization or domain hierarchy, which should not affect
each other.
When you migrate to the Desktop Manager, existing Conguration Manager 1.1 proles on the
LDAPserver remain under the root of the organization and domain hierarchy. If you want, you can
move these with the Copy/Move Wizard or in the advanced options settings of the prole to a new
location on the LDAPserver. However, when you move and existing prole to a newlocation, the
prole is no long compatible with the Java Desktop SystemConguration Manager 1.1. In other
words, only use the delegated administration feature if you have completely migrated your
Conguration Manager 1.1 agents to the Desktop Manager.
Prole Format

Sun Desktop Manager 1.0 Administration Guide: Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sun Desktop Manager 1.0 Administration Guide: Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A

Uploaded by

Copyright:

Available Formats

SunDesktopManager 1.

You might also like