Edits one or more attributes for a service object.
See Section 2.8.4, “Using Service Objects” for more details about service objects.
tarantella service edit { --nameobj
[ --urlurl
... ] [ --positionpos
] [ --enabled 0|1 ] [ --operation-timeouttimeout
] [ --base-domaindomain
] [ --default-domaindomain
] [ --black-listlist
] [ --white-listlis
t ] [ --security-mode ""|clientcerts] [ --auth-mode kerberos|ssl ] [ --site-aware 0|1 ] [ --site-namename
] [ --check-pwd-policy 0|1 ] [ --pwd-expiry-warn-thresholdthreshold
] [ --pwd-expiry-fail-thresholdthreshold
] [ --domain-listdomains
] [ --password-update-mode ldapuser|ldapadmin] [ --lookupcache-timeouttimeout
] [ --ad-alwaysusegc 0|1 ] [ --suffix-mappingsmappings
] } | --filefile
The following table shows the available options for this command.
Option | Description |
---|---|
| The name of the service object to edit. See Section A.2.2, “Name” for more details. |
| The URLs of the LDAP directories or the URL of an Active Directory forest. The URL(s) must be unique. Different service objects cannot use the same URL(s). See Section A.2.5, “URLs” for more details. |
| A number that specifies the position of the service object in the list of service objects. The number 1 means first position in the list. |
| Whether the service object is enabled for use for authentication. See Section A.2.4, “Enabled” for more details. |
| Period of time, in seconds, to wait for a directory server to respond to an LDAP operation. See Section 2.8.14, “LDAP Operation Timeout” for more details. |
| The domain that SGD uses for Active Directory authentication if users only supply a partial domain when they log in. See Section A.2.8, “Active Directory Base Domain” for more details. Applies only to Active Directory service objects. |
| The domain that SGD uses for Active Directory authentication if users do not supply a domain when they log in. See Section A.2.9, “Active Directory Default Domain” for more details. Applies only to Active Directory service objects. |
| A list of Active Directory servers which are never used for LDAP queries. See Section 2.8.9, “Blacklists” for more details. Applies only to Active Directory service objects. |
| A list of Active Directory servers which are always used for LDAP queries. Servers not included in the list cannot be used. See Section 2.8.8, “Whitelists” for more details. Applies only to Active Directory service objects. |
|
Whether client certificates are used to authenticate the
SSL connection to an Active Directory server. This
option is only used if
See Section 2.2.3.5, “SSL Connections to Active Directory” for more details. Applies only to Active Directory service objects. |
| The mechanism used to secure the connection to an Active Directory server, either Kerberos or SSL. Kerberos is used by default. See Section 2.2.3.5, “SSL Connections to Active Directory” for more details. Applies only to Active Directory service objects. |
|
Enables site awareness for the service object. If
See Section 2.8.7, “Sites” for more details. Applies only to Active Directory service objects. |
|
A site name for the service object. This option is only
used if See Section 2.8.7, “Sites” for more details. Applies only to Active Directory service objects. |
| Whether a user's password policy should be checked at authentication time. This option is used to enable LDAP password expiry features. See Section 2.8.5, “Password Expiry” for more details. |
| The period of time, in seconds, before password expiry where a warning message is shown on the webtop. See Section 2.8.5, “Password Expiry” for more details. |
| The period of time, in seconds, before password expiry where authentication is denied for a user and they are forced to update their password. See Section 2.8.5, “Password Expiry” for more details. |
| Defines a list of domains to be contacted when SGD starts. See Section 2.8.12, “Domain Lists” for more details. Applies only to Active Directory service objects. |
| Determines how aged passwords are handled.
The default setting is
A setting of See Section 2.8.6, “LDAP Password Update Mode” for more details. Applies only to LDAP service objects. |
| The length of time, in seconds, for which LDAP lookup cache entries on the SGD server are held. See Section 2.8.13, “Lookup Cache Timeout” for more details. |
| Whether the global catalog is always be used for lookups. Enabling this option can speed up LDAP searches. See Section 2.8.10, “Search Only the Global Catalog” for more details. Applies only to Active Directory service objects. |
| A list of mappings between domain names, used for Kerberos authentication.
Each entry should be of the form
See Section 2.8.11, “Suffix Mappings” for more details. Applies to Active Directory service objects and LDAP service objects that connect to Active Directory. |
| Specifies a file containing a batch of commands to edit service object attributes. |
The following example disables the testldap
service object.
$ tarantella service edit --name testldap --enabled 0
The following example changes the position of the
mainldap
service object to third in the list of
service objects.
$ tarantella service edit --name mainldap --position 3