Friday, 23 January 2015

WebSphere Application Server - Listing users in a WIM registry

A few months back, I was asked how to create users and groups in WAS, using Jython scripts. This is the post from that time: -


Subsequently, I wanted to run a query against WIM to see what users existed, following an openLDAP integration.

Having determined the available Jython commands: -


which drew me to this: -

AdminTask.listRegistryUsers()

By default, this is what I get: -

print AdminTask.listRegistryUsers()

wasadmin
deAdmin
ldapbind
WebSphereAdmin
BPMAdmin

The Knowledge Centre provided more input: -


listRegistryUsers

The listRegistryUsers command displays the users in the user registry for a specific security realm, resource name, or domain name.

Target object

None.

Optional parameters

-securityDomainName

Specifies the name of the security domain of interest. The securityDomainName, resourceName, and securityRealmName parameters are mutually exclusive. Do not specify more than one of these parameters. If you do not specify the securityDomainName, resourceName, or securityRealmName parameter, the system uses the active user registry from the global security configuration. (String)

-resourceName

Specifies the name of the resource of interest. The securityDomainName, resourceName, and securityRealmName parameters are mutually exclusive. Do not specify more than one of these parameters. If you do not specify the securityDomainName, resourceName, or securityRealmName parameter, the system uses the active user registry from the global security configuration. (String)

-securityRealmName

Specifies the name of the security realm of interest. The securityDomainName, resourceName, and securityRealmName parameters are mutually exclusive. Do not specify more than one of these parameters. If you do not specify the securityDomainName, resourceName, or securityRealmName parameter, the system uses the active user registry from the global security configuration. (String)

-displayAccessIds

Specifies whether to display the access IDs for each group. Specify true to display the access ID and group name for each group that the command returns. (Boolean)

-userFilter

Specifies the filter that the command uses to query for users. For example, specify test* to display each user name that starts with the test string. By default, the command returns all users. (String)

-numberOfUsers

Specifies the number of users to return. The default number of groups that the command displays is 20. (Integer)

Using this as input, this is what I get: -

print AdminTask.listRegistryUsers(['-securityRealmName', 'defaultWIMFileBasedRealm', '-displayAccessIds', 'true'])

[[accessId user:defaultWIMFileBasedRealm/uid=wasadmin,o=defaultWIMFileBasedRealm] [name wasadmin@defaultWIMFileBasedRealm] ]
[[accessId user:defaultWIMFileBasedRealm/uid=deAdmin,o=defaultWIMFileBasedRealm] [name deAdmin@defaultWIMFileBasedRealm] ]
[[accessId user:defaultWIMFileBasedRealm/cn=BPMAdmin,ou=people,dc=uk,dc=ibm,dc=com] [name BPMAdmin@defaultWIMFileBasedRealm] ]
[[accessId user:defaultWIMFileBasedRealm/cn=ldapbind,ou=people,dc=uk,dc=ibm,dc=com] [name ldapbind@defaultWIMFileBasedRealm] ]
[[accessId user:defaultWIMFileBasedRealm/cn=WebSphereAdmin,ou=people,dc=uk,dc=ibm,dc=com] [name WebSphereAdmin@defaultWIMFileBasedRealm] ]


print AdminTask.listRegistryUsers(['-securityRealmName', 'defaultWIMFileBasedRealm'])

wasadmin@defaultWIMFileBasedRealm
deAdmin@defaultWIMFileBasedRealm
BPMAdmin@defaultWIMFileBasedRealm
ldapbind@defaultWIMFileBasedRealm
WebSphereAdmin@defaultWIMFileBasedRealm

which is nice.

No comments: