Creates a new service object.
By default, new service objects are enabled and added in the last position in the list of service objects.
See Section 2.8.4, “Using Service Objects” for more details about service objects.
tarantella service new { --nameobj
--type ldap|ad --urlurl
... [ --positionpos
] [ --enabled 0|1 ] [ --operation-timeouttimeout
] [ --base-domaindomain
] [ --default-domaindomain
] [ --black-listlist
] [ --white-listlist
] [ --security-mode ""|clientcerts] [ --auth-mode kerberos|ssl ] [ --site-aware 0|1 ] [ --site-namename
] [ --check-pwd-policy 0|1 ] [ --pwd-expiry-warn-thresholdthreshold
] [ --pwd-expiry-fail-thresholdthreshold
] [ --domain-listdomains
] [ --password-update-mode ldapuser|ldapadmin] [ --lookupcache-timeouttimeout
] [ --ad-alwaysusegc 0|1 ] [ --suffix-mappingsmappings
] } | --filefile
The following table shows the available options for this command.
Option | Description |
---|---|
| The name of the service object to create. See Section A.2.2, “Name” for more details. |
| The service object type, either LDAP or Active Directory. See Section A.2.3, “Type” for more details. |
| The URLs of the LDAP directories or the URL of an Active Directory forest. The URL(s) must be unique. Different service objects cannot use the same URL(s). See Section A.2.5, “URLs” for more details. |
| A number that specifies the position of the service object in the list of service objects. The number 1 means first position in the list. |
| Whether the service object is enabled for use. See Section A.2.4, “Enabled” for more details. |
| Period of time, in seconds, to wait for a directory server to respond to an LDAP operation. See Section 2.8.14, “LDAP Operation Timeout” for more details. |
| The domain that SGD uses for Active Directory authentication if users only supply a partial domain when they log in. See Section A.2.8, “Active Directory Base Domain” for more details. Applies only to Active Directory service objects. |
| The domain that SGD uses for Active Directory authentication if users do not supply a domain when they log in. See Section A.2.9, “Active Directory Default Domain” for more details. Applies only to Active Directory service objects. |
| A list of Active Directory servers which are never used for LDAP queries. See Section 2.8.9, “Blacklists” for more details. Applies only to Active Directory service objects. |
| A list of Active Directory servers which are always used for LDAP queries. Servers not included in the list cannot be used. See Section 2.8.8, “Whitelists” for more details. Applies only to Active Directory service objects. |
|
Whether client certificates are used to authenticate the
SSL connection to an Active Directory server. This
option is only used if
See Section 2.2.3.5, “SSL Connections to Active Directory” for more details. Applies only to Active Directory service objects. |
| The mechanism used to secure the connection to an Active Directory server, either Kerberos or SSL. Kerberos is used by default. See Section 2.2.3.5, “SSL Connections to Active Directory” for more details. Applies only to Active Directory service objects. |
|
Enables site awareness for the service object. If
See Section 2.8.7, “Sites” for more details. Applies only to Active Directory service objects. |
|
A site name for the service object. This option is only
used if See Section 2.8.7, “Sites” for more details. Applies only to Active Directory service objects. |
| Whether a user's password policy should be checked at authentication time. This option is used to enable LDAP password expiry features. See Section 2.8.5, “Password Expiry” for more details. |
| The period of time, in seconds, before password expiry where a warning message is shown on the webtop. See Section 2.8.5, “Password Expiry” for more details. |
| The period of time, in seconds, before password expiry where authentication is denied for a user and they are forced to update their password. See Section 2.8.5, “Password Expiry” for more details. |
| Defines a list of domains to be contacted when SGD starts. See Section 2.8.12, “Domain Lists” for more details. Applies only to Active Directory service objects. |
| Determines how aged passwords are handled.
The default setting is
A setting of See Section 2.8.6, “LDAP Password Update Mode” for more details. Applies only to LDAP service objects. |
| The length of time, in seconds, for which LDAP lookup cache entries on the SGD server are held. See Section 2.8.13, “Lookup Cache Timeout” for more details. |
| Whether the global catalog is always be used for lookups. Enabling this option can speed up LDAP searches. See Section 2.8.10, “Search Only the Global Catalog” for more details. Applies only to Active Directory service objects. |
| A list of mappings between domain names, used for Kerberos authentication.
Each entry should be of the form
See Section 2.8.11, “Suffix Mappings” for more details. Applies to Active Directory service objects and LDAP service objects that connect to Active Directory. |
| Specifies a file containing a batch of commands to edit service object attributes. |
The following example creates an LDAP service object called
mainldap
. The service object is set to third
position in the list of service objects and is enabled by default.
$ tarantella service new \ --name mainldap --type ldap \ --url "ldap://main1.example.com;ldap://main2.example.com" \ --position 3
The following example creates an Active Directory service object
called east
. The service object is in the last
position in the list of service objects by default, and is set to
disabled.
$ tarantella service new \ --name east --type ad \ --url "ad://east.example.com" \ --enabled 0