'\" t .\" Title: usermgr .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.75.2 .\" Date: 04/29/2016 .\" Manual: RAD Module Definitions .\" Source: SunOS 5.11 .\" Language: English .\" .TH "USERMGR" "3rad" "04/29/2016" "SunOS 5.11" "RAD Module Definitions" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" usermgr .SH "SYNOPSIS" .SS "interface UserMgr" .sp .nf User[]\ \&users\ \&; . Group[]\ \&groups\ \&; . string[]\ \&shells\ \&; . User\ \&defaultUser\ \&; . string[]\ \&scopes\ \&; . string[]\ \&roles\ \&; . string[]\ \&profiles\ \&; . string[]\ \&auths\ \&; . string[]\ \&defaultPrivs\ \&; . string[]\ \&limitPrivs\ \&; . string[]\ \&supplGroups\ \&; . string[]\ \&auditClasses\ \&; . string[]\ \&pamUserConfFiles\ \&; .fi .sp .nf User\ \&getUser(string\ \&username); .fi .sp .nf User\ \&addUser(User\ \&user, . \ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&secret\ \&password); .fi .sp .nf User\ \&modifyUser(User\ \&user, . \ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&UserChangeFields\ \&changeFields, . \ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&secret\ \&password); .fi .sp .nf deleteUser(string\ \&username); .fi .sp .nf selectScope(ScopeType\ \&scope); .fi .sp .nf setFilter(UserType\ \&usertype, . \ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&\ \&string\ \&searchstring); .fi .sp .nf boolean\ \&isSystemLabeled(); .fi .sp .nf UserType\ \&getUserType(string\ \&username); .fi .SH "DESCRIPTION" .PP \fBapi com\&.oracle\&.solaris\&.rad\&.usermgr\fR .SH "INTERFACES" .SS "interface UserMgr" .PP Set of operations that can be performed on users and roles\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBUserMgr Properties\fR .RS 4 .PP \fBUser\fR\fB[]\fR\ \&\fBusers\fR (\fIread\-only\fR) \(em Lists users\&. .RS 4 .PP Lists the users present in the selected scope based on the filter options\&. .RE .RS 4 .PP \fBRead Error:\fR \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read user after .RE .RE .RE .PP \fBGroup\fR\fB[]\fR\ \&\fBgroups\fR (\fIread\-only\fR) \(em Lists groups\&. .RS 4 .PP Lists the groups present in the selected scope\&. .RE .RS 4 .PP \fBRead Error:\fR \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read the groups database\&. .RE .RE .RE .PP \fBstring[]\fR\ \&\fBshells\fR (\fIread\-only\fR) \(em Lists shells\&. .RS 4 .PP Lists the set of available shells that can be set as default shell for users\&. .RE .RS 4 .PP \fBRead Error:\fR \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read the default shells\&. .RE .RE .RE .PP \fBUser\fR\ \&\fBdefaultUser\fR (\fIread\-only\fR) \(em Lists user defaults\&. .RS 4 .PP Lists the default values for groups, basedir, project, shell, skel, inactive, expire, auths, profiles, roles, limitPriv, defaultPriv, lockAfterRetries used for creation of users and roles\&. .RE .RS 4 .PP \fBRead Error:\fR \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read default user properties\&. .RE .RE .RE .PP \fBstring[]\fR\ \&\fBscopes\fR (\fIread\-only\fR) \(em Lists scopes\&. .RS 4 .PP Lists the set of name service repositories that can be administered\&. .RE .RS 4 .PP \fBRead Error:\fR \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read the name services that can be managed\&. .RE .RE .RE .PP \fBstring[]\fR\ \&\fBroles\fR (\fIread\-only\fR) \(em Lists assigned roles\&. .RS 4 .PP Lists the roles assigned to a user\&. .RE .RS 4 .PP \fBRead Error:\fR \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read user roles .RE .RE .RE .PP \fBstring[]\fR\ \&\fBprofiles\fR (\fIread\-only\fR) \(em Lists assigned profiles\&. .RS 4 .PP Lists the profiles assigned to a user\&. .RE .RS 4 .PP \fBRead Error:\fR \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read user profiles\&. .RE .RE .RE .PP \fBstring[]\fR\ \&\fBauths\fR (\fIread\-only\fR) \(em Lists assigned authorizations\&. .RS 4 .PP Lists the authorizations assigned to a user\&. .RE .RS 4 .PP \fBRead Error:\fR \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read user authorizations\&. .RE .RE .RE .PP \fBstring[]\fR\ \&\fBdefaultPrivs\fR (\fIread\-only\fR) \(em Lists default privileges\&. .RS 4 .PP Lists the default privileges assigned to a user\&. .RE .RS 4 .PP \fBRead Error:\fR \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read user\'s default privileges\&. .RE .RE .RE .PP \fBstring[]\fR\ \&\fBlimitPrivs\fR (\fIread\-only\fR) \(em Lists limit privileges\&. .RS 4 .PP Lists the limit privileges assigned to a user\&. .RE .RS 4 .PP \fBRead Error:\fR \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read user\'s limit privileges\&. .RE .RE .RE .PP \fBstring[]\fR\ \&\fBsupplGroups\fR (\fIread\-only\fR) \(em Lists supplemental groups\&. .RS 4 .PP Lists the supplemental groups that the user is a member of\&. .RE .RS 4 .PP \fBRead Error:\fR \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read user\'s supplemental groups\&. .RE .RE .RE .PP \fBstring[]\fR\ \&\fBauditClasses\fR (\fIread\-only\fR) \(em Lists Assigned Audit Classes\&. .RS 4 .PP Lists the audit classes that are assigned to the user\&. .RE .RS 4 .PP \fBRead Error:\fR \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read user\'s assigned audit classes\&. .RE .RE .RE .PP \fBstring[]\fR\ \&\fBpamUserConfFiles\fR (\fIread\-only\fR) \(em Lists users PAM configuration files\&. .RS 4 .PP Lists the per\-user PAM configuration files\&. .RE .RS 4 .PP \fBRead Error:\fR \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read user specific PAM configuration files\&. .RE .RE .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBUserMgr Methods\fR .RS 4 .PP \fBUser\fR \fBgetUser\fR(\fBstring\fR\ \&\fIusername\fR) .RS 4 .PP gets User information for a given username\&. .PP Gets the user information for a given username from the name service repository based on the filter options\&. .PP \fBArguments:\fR .PP \fIusername\fR \(em Specifies the username for which the account information is to be retrieved\&. .PP \fBResult:\fR .PP \fBUser\fR .PP \fBError:\fR .PP \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read user .RE .RE .RE .PP \fBUser\fR \fBaddUser\fR(\fBUser\fR\ \&\fIuser\fR, \fBsecret\fR\ \&\fIpassword\fR) .RS 4 .PP Add user or role\&. .PP Adds a user or role to the selected name service repository based on the filter options\&. Applies the properties set in the user object as the account, password, security attributes\&. Sets INVALIDDATA error when arguments are not valid\&. Sets PASSERROR error when password update fails\&. Sets READERROR error when unable to read user after successful addition of new user\&. Sets USEREXISTS error user already exists with same username\&. .PP \fBArguments:\fR .PP \fIuser\fR \(em user object which contains attributes of new user account to be created\&. .PP \fIpassword\fR \(em password to be set for the new user account\&. .PP \fBResult:\fR .PP \fBUser\fR .PP \fBError:\fR .PP \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} INVALIDDATA \- when arguments are not valid\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} INVALIDDATA \- when arguments are not valid\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read user after adding new user\&. .RE .RE .RE .PP \fBUser\fR \fBmodifyUser\fR(\fBUser\fR\ \&\fIuser\fR, \fBUserChangeFields\fR\ \&\fIchangeFields\fR, \fBsecret\fR\ \&\fIpassword\fR) .RS 4 .PP Modify user or role\&. .PP Modifies users or roles present in the selected scope based on the filter options\&. Applies the changed fields in the user object to the user or role attributes\&. Sets INVALIDDATA error when arguments are not valid\&. Sets PASSERROR error when password update fails\&. Sets READERROR error when unable to read user after successful modification of user\&. .PP \fBArguments:\fR .PP \fIuser\fR \(em user object which contains user attributes to be modified\&. .PP \fIchangeFields\fR \(em Indicates which fields have been modified in the user object by the client\&. .PP \fIpassword\fR (\fInullable\fR) \(em password to be set for the new user account\&. .PP \fBResult:\fR .PP \fBUser\fR .PP \fBError:\fR .PP \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} INVALIDDATA \- when arguments are not valid\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} INVALIDDATA \- when arguments are not valid\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read user after adding new user\&. .RE .RE .RE .PP \fBdeleteUser\fR(\fBstring\fR\ \&\fIusername\fR) .RS 4 .PP Delete user\&. .PP Deletes user or role based on username present in the selected scope based on the filter options\&. Sets READERROR error on failure\&. .PP \fBArguments:\fR .PP \fIusername\fR \(em username of account that needs to be deleted\&. .PP \fBError:\fR .PP \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when unable to read user .RE .RE .RE .PP \fBselectScope\fR(\fBScopeType\fR\ \&\fIscope\fR) .RS 4 .PP sets the name\-service repository scope\&. .PP Sets the name\-service repository scope\&. All subsequent operations will use the specified scope\&. .PP \fBArguments:\fR .PP \fIscope\fR \(em Specifies the name\-service scope to be used for managing users\&. .RE .PP \fBsetFilter\fR(\fBUserType\fR\ \&\fIusertype\fR, \fBstring\fR\ \&\fIsearchstring\fR) .RS 4 .PP Sets the filter options\&. .PP Sets the filter options which are used for all the subsequent operations\&. The options are user or role and search string\&. The default search string is empty string ("")\&. .PP \fBArguments:\fR .PP \fIusertype\fR \(em Specifies if users or roles will be managed\&. .PP \fIsearchstring\fR \(em Specifies the string to match against user or role names to be managed\&. .RE .PP \fBboolean\fR \fBisSystemLabeled\fR() .RS 4 .PP Checks if System is Labeled\&. .PP Checks if the Trusted Extensions feature is enabled on the system\&. Returns true if successful and sets Sets READERROR error on failure\&. .PP \fBResult:\fR .PP \fBboolean\fR .PP \fBError:\fR .PP \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when checking if Trusted Extensions is enabled fails\&. .RE .RE .RE .PP \fBUserType\fR \fBgetUserType\fR(\fBstring\fR\ \&\fIusername\fR) .RS 4 .PP Gets the user type\&. .PP Checks if the user is role or normal user\&. Returns UserType set to role or normal user\&. Sets READERROR error on failure\&. .PP \fBArguments:\fR .PP \fIusername\fR \(em Specifies user name to check for user or role\&. .PP \fBResult:\fR .PP \fBUserType\fR .PP \fBError:\fR .PP \fBUserMgrError\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} READERROR \- when checking if Trusted Extensions is enabled fails\&. .RE .RE .RE .RE .SH "ENUMERATED TYPES" .PP \fBenum UserMgrErrorType\fR \(em User Manager api error types .RS 4 .PP INVALIDDATA (0) .PP USEREXISTS (1) .PP PERMDENIED (2) .PP READERROR (3) .PP LASTADMIN (4) .PP ROOTADMIN (5) .PP PASSERROR (6) .RE .PP \fBenum ScopeType\fR \(em Name service scope types .RS 4 .PP FILES (0) .PP LDAP (1) .RE .PP \fBenum UserType\fR .RS 4 .PP NORMAL (0) .PP ROLE (1) .RE .SH "STRUCTURE TYPES" .PP \fBstruct Group\fR \(em describes a Solaris group .RS 4 .PP Fully describes a Solaris group, contains group name, group id, group members\&. .RE .RS 4 .PP \fBFields:\fR .PP \fBstring\fR\ \&\fIgroupName\fR \(em Specifies the group name\&. .PP \fBuinteger\fR\ \&\fIgroupID\fR \(em Specifies the Gid of the group\&. .PP \fBstring[]\fR\ \&\fIgroupMembers\fR \(em Specifies the members of the group\&. .RE .PP \fBstruct User\fR \(em describes a Solaris user .RS 4 .PP Fully describes a Solaris user, contains account, home directory and security attributes associated with a user\&. See man passwd(4), shadow(4), userattr(4) for more info on fields\&. .RE .RS 4 .PP \fBFields:\fR .PP \fBstring\fR\ \&\fIusername\fR \(em username for the account\&. .PP \fBuinteger\fR\ \&\fIuserID\fR \(em UID for the account\&. .PP \fBuinteger\fR\ \&\fIgroupID\fR \(em GID for the account\&. .PP \fBstring\fR\ \&\fIdescription\fR (\fInullable\fR) \(em gecos info for the account\&. .PP \fBstring\fR\ \&\fIhomeDirectory\fR (\fInullable\fR) \(em homedirectory location for the account\&. .PP \fBstring\fR\ \&\fIdefaultShell\fR (\fInullable\fR) \(em default shell for the account\&. .PP \fBinteger\fR\ \&\fIinactive\fR \(em Number of inactivity days allowed for the account\&. .PP \fBinteger\fR\ \&\fImin\fR \(em Minimum number of days between password changes for the account\&. .PP \fBinteger\fR\ \&\fImax\fR \(em Maximum cemunber of days the password is valid for the account\&. .PP \fBinteger\fR\ \&\fIwarn\fR \(em Number of days before password expires the user is warned\&. .PP \fBstring\fR\ \&\fIexpire\fR (\fInullable\fR) \(em The date after which login will not be allowed for the account\&. The date format is %y\-%m\-%d %H:%M:%S\&. .PP \fBstring\fR\ \&\fIlockAfterRetries\fR (\fInullable\fR) \(em Specifies whether the account is locked after failed logins execeeds the allowable limit\&. .PP \fBstring\fR\ \&\fIalwaysAuditFlags\fR (\fInullable\fR) \(em Specifies per\-user always audit pre\-selection flags\&. .PP \fBstring\fR\ \&\fIneverAuditFlags\fR (\fInullable\fR) \(em Specifies per\-user never\-audit pre\-selection flags\&. .PP \fBstring\fR\ \&\fItype\fR (\fInullable\fR) \(em specifies whether account is role or user\&. .PP \fBstring\fR\ \&\fIdefaultProj\fR (\fInullable\fR) \(em specifies the default project for the account\&. .PP \fBstring\fR\ \&\fIclearance\fR (\fInullable\fR) \(em Specifies the max label at which the user can operate\&. .PP \fBstring\fR\ \&\fIminLabel\fR (\fInullable\fR) \(em Specifies the min labelthat the user can login \&. .PP \fBstring\fR\ \&\fIroleAuth\fR (\fInullable\fR) \(em Specifies whether the account user role or user password for role authentication\&. .PP \fBstring\fR\ \&\fIidleCmd\fR (\fInullable\fR) \(em Specifies when the desktop session for the user gets locked\&. .PP \fBstring\fR\ \&\fIidleTime\fR (\fInullable\fR) \(em Specifies the idle time before the idlecmd is executed\&. .PP \fBstring\fR\ \&\fIaccountStatus\fR (\fInullable\fR) \(em Specifies the status of the account\&. .PP \fBstring[]\fR\ \&\fIroles\fR (\fInullable\fR) \(em Specifies the roles that have been assigned to the account\&. .PP \fBstring[]\fR\ \&\fIprofiles\fR (\fInullable\fR) \(em Specifies the profiles that have been assigned to the account\&. .PP \fBstring[]\fR\ \&\fIauthProfiles\fR (\fInullable\fR) \(em Specifies the authenticated profiles that have been assigned to the account\&. .PP \fBstring[]\fR\ \&\fIauths\fR (\fInullable\fR) \(em Specifies the authorizations that have been assigned to the account\&. .PP \fBstring[]\fR\ \&\fIdefaultPriv\fR (\fInullable\fR) \(em Specifies the default set of privileges assigned to user at login\&. .PP \fBstring[]\fR\ \&\fIlimitPriv\fR (\fInullable\fR) \(em Specifies the maximum set of privileges the user or process started by the user can obtain\&. .PP \fBstring[]\fR\ \&\fIgroups\fR (\fInullable\fR) \(em Specifies the supplemental groups that have been assigned to the account\&. .RE .PP \fBstruct UserChangeFields\fR \(em Keeps track of all the fields that have been changed in the user object\&. .RS 4 .PP Keeps track of all the fields that have been changed in the user object\&. For every field that has been changed in the User object the respective changeField will be set to true\&. .RE .RS 4 .PP \fBFields:\fR .PP \fBboolean\fR\ \&\fIgidChanged\fR .PP \fBboolean\fR\ \&\fIdescChanged\fR .PP \fBboolean\fR\ \&\fIhomedirChanged\fR .PP \fBboolean\fR\ \&\fIdefShellChanged\fR .PP \fBboolean\fR\ \&\fIprofilesChanged\fR .PP \fBboolean\fR\ \&\fIauthProfilesChanged\fR .PP \fBboolean\fR\ \&\fIrolesChanged\fR .PP \fBboolean\fR\ \&\fIauthsChanged\fR .PP \fBboolean\fR\ \&\fIlimitPrivChanged\fR .PP \fBboolean\fR\ \&\fIgroupsChanged\fR .PP \fBboolean\fR\ \&\fIlockAfterRetriesChanged\fR .PP \fBboolean\fR\ \&\fIalwaysAuditChanged\fR .PP \fBboolean\fR\ \&\fIneverAuditChanged\fR .PP \fBboolean\fR\ \&\fItypeChanged\fR .PP \fBboolean\fR\ \&\fIdefaultProjChanged\fR .PP \fBboolean\fR\ \&\fIminLabelChanged\fR .PP \fBboolean\fR\ \&\fIroleAuthChanged\fR .PP \fBboolean\fR\ \&\fIidleCmdChanged\fR .PP \fBboolean\fR\ \&\fIidleTimeChanged\fR .PP \fBboolean\fR\ \&\fIexpireChanged\fR .PP \fBboolean\fR\ \&\fIminChanged\fR .PP \fBboolean\fR\ \&\fImaxChanged\fR .PP \fBboolean\fR\ \&\fIwarnChanged\fR .PP \fBboolean\fR\ \&\fIuidChanged\fR .RE .PP \fBstruct UserMgrError\fR .RS 4 .PP \fBFields:\fR .PP \fBUserMgrErrorType\fR\ \&\fIerrorCode\fR .RE .PP \fBVersion:\fR (1\&.0)