This section describes the following platform configuration file statements:
The ADMINPASSWORD statement specifies the password of the administrative user specified by the ADMINUSER statement. If there is no ADMINPASSWORD statement, you are prompted to enter the password when obtaining a platform security certificate.
Syntax:
ADMINPASSWORD Pswd
Pswd specifies the password of the administrative user.
Example:
ADMINPASSWORD 18emf25dhf
The ADMINUSER statement specifies the fully distinguished name of an eDirectory user with Read and Create object rights to the ASAM System container. If there is no ADMINUSER statement, you are prompted to enter a user object name when obtaining a platform security certificate.
Syntax:
ADMINUSER Fdn
Fdn specifies the fully distinguished name of an eDirectory user with Read and Create object rights to the ASAM System container.
Example:
ADMINUSER .Admin.DigitalAirlines
AM.GROUP.INCLUDE and AM.GROUP.EXCLUDE provide a list of specific groups or group masks to be included or excluded from Identity Provisioning. This can be useful for installation verification and early implementation and for special groups that should be managed locally. Multiple AM.GROUP.INCLUDE and AM.GROUP.EXCLUDE statements can be coded, and they can be mixed together. There is no limit to the number of groups that can be included or excluded.
Syntax:
AM.GROUP.INCLUDE GroupMask[ GroupMask, GroupMask ...]
AM.GROUP.EXCLUDE GroupMask[ GroupMask, GroupMask ...]
GroupMask can be a single complete group name, or it can include masking characters to represent more than one group. If more than one GroupMask matches a given group, the most specific GroupMask is used. GroupMask is case-insensitive. For more information, see Mask Characters and Examples.
Unless AM.GROUP.EXCLUDE * is coded, AM.GROUP.INCLUDE * is always assumed. Certain special groups are always excluded unless the IGNORESTANDARDEXCLUDES statement is specified. For details, see IGNORESTANDARDEXCLUDES Statement.
Do not code both an AM.GROUP.INCLUDE statement and an AM.GROUP.EXCLUDE statement.
For more information, see Section 10.4, Using Include and Exclude Configuration Statements.
Example:
AM.GROUP.EXCLUDE sales, mkt*
AM.USER.INCLUDE and AM.USER.EXCLUDE provide a list of specific user IDs or user ID masks to be included or excluded from Identity Provisioning. This can be useful for installation verification and early implementation and for special user IDs that should be managed locally. Multiple AM.USER.INCLUDE and AM.USER.EXCLUDE statements can be coded, and they can be mixed together. There is no limit to the number of users that can be included or excluded.
Syntax:
AM.USER.INCLUDE UserMask[ UserMask, UserMask ...]
AM.USER.EXCLUDE UserMask[ UserMask, UserMask ...]
UserMask can be a single complete user ID, or it can include masking characters to represent more than one user ID. If more than one UserMask matches a given user ID, the most specific UserMask is used. UserMask is case-insensitive. For more information, see Mask Characters and Examples.
Unless AM.USER.EXCLUDE * is coded, AM.USER.INCLUDE * is always assumed. Certain special users are always excluded unless the INGORESTANDARDEXCLUDES statement is specified. For details, see IGNORESTANDARDEXCLUDES Statement.
Do not code both an AM.USER.INCLUDE * statement and an AM.USER.EXCLUDE * statement.
Identity Manager Fan-Out Driver Linux/UNIX platforms always manage root locally.
For more information, see Section 10.4, Using Include and Exclude Configuration Statements.
Example:
AM.USER.EXCLUDE act*, billing%, sys*, sales48
AS.USER.INCLUDE and AS.USER.EXCLUDE provide a list of specific user IDs or user ID masks to be included or excluded from Authentication Services. This can be useful for installation verification and early implementation and for special user IDs that should be authenticated locally. Multiple AS.USER.INCLUDE and AS.USER.EXCLUDE statements can be coded, and they can be mixed together. There is no limit to the number of users that can be included or excluded, although a large list can cause a performance impact because it must be searched for every user login. These statements apply to system authentications only and are not used by the AS Client API routines (although there is an API call to test whether a user ID is excluded).
Syntax:
AS.USER.INCLUDE UserMask[ UserMask, UserMask ...]
AS.USER.EXCLUDE UserMask[ UserMask, UserMask ...]
UserMask can be a single complete user ID, or it can include masking characters to represent more than one user ID. If more than one UserMask matches a given user ID, the most specific UserMask is used. UserMask is case-insensitive. For more information, see Mask Characters and Examples.
Unless AS.USER.EXCLUDE * is coded, AS.USER.INCLUDE * is always assumed. Certain special users are always excluded unless the INGORESTANDARDEXCLUDES statement is specified. For details, see IGNORESTANDARDEXCLUDES Statement.
Do not code both an AS.USER.INCLUDE * statement and an AS.USER.EXCLUDE * statement.
For more information, see Section 10.4, Using Include and Exclude Configuration Statements.
Example:
AS.USER.EXCLUDE act*, billing%, sys*, sales48
The ASAMDIR statement specifies the file path where the Identity Manager Fan-Out Driver is installed. Fan-Out Driver components use ASAMDIR to find files needed for execution.
Syntax:
ASAMDIR FilePath
FilePath specifies the location in file system where the component is installed. If there is no ASAMDIR statement, FilePath defaults as follows:
z/OS: /usr/local/ASAM in HFS
IBM i: /usr/local/ASAM
Linux and UNIX: /usr/local/ASAM
Windows: c:\novell\asam
Example:
ASAMDIR c:\novell\asam
The AUTHENTICATION statement specifies the network address and port of one Core Driver used for Authentication Services. In order to use Authentication Services, you must have at least one AUTHENTICATION statement in your configuration file.
A maximum of 100 AUTHENTICATION statements can be coded.
Syntax:
AUTHENTICATION Address [PORT PortNumber] [PREF PrefGroup]
Address specifies the DNS name or IP address of a Core Driver used for Authentication Services.
PortNumber specifies the TCP port number that is to be used to communicate with this Core Driver. PORT is optional. PortNumber defaults to 3451.
IMPORTANT:If you specify a port number other than the default, you must also use the Web interface to specify the same port number for the Core Driver configuration object.
PrefGroup specifies the Preference Group Number that determines the way a Core Driver is selected. It is optional, and the default is for all Core Drivers listed to be in Preference Group 1. Core Drivers within a Preference Group are selected equally for load balancing. Core Drivers with the lowest Preference Group Number are always tried first, followed by the Core Drivers with the next Preference Group Number, and so on, until a Core Driver can be contacted. Preference Group Number must be coded as a positive integer.
Examples:
AUTHENTICATION cdriver1.digitalairlines.com AUTHENTICATION cdriver2.digitalairlines.com AUTHENTICATION cdriver5.digitalairlines.com PORT 5009 PREF 2
The DEBUGLOGFILE statement specifies a destination file for debugging data written when the -d command line parameter is present for a component.
Syntax:
DEBUGLOGFILE FilePath
FilePath specifies the location in file system where the debugging output is to be written.
Example:
DEBUGLOGFILE /usr/local/ASAM/debug.txt
The DEBUGTOSTDOUT statement specifies that debugging data is to be written to the standard output channel stdout when the -d command line parameter is present for a component.
Syntax:
DEBUGTOSTDOUT
Example:
DEBUGTOSTDOUT
The DIRECTTOAUTHENTICATION statement causes Authentication Services to connect directly to a Core Driver for Authentication Services without using the Platform Services Process. Use the DIRECTTOAUTHENTICATION statement on platforms where the volume of traffic with Core Drivers is so low that running the Platform Services Process is not justified.
Platforms using the DIRECTTOAUTHENTICATION statement do not perform Core Driver load balancing, although failover support is available if you specify multiple AUTHENTICATION statements.
Syntax:
DIRECTTOAUTHENTICATION
Example:
DIRECTTOAUTHENTICATION
The IGNORESTANDARDEXCLUDES statement specifies that the standard list of users and groups excluded from Identity Provisioning and Authentication Services processing is not used. If this statement is not present, the standard list of excludes is used. For the standard list of excluded users and groups, see Section 8.9, Standard Exclude List.
Syntax:
IGNORESTANDARDEXCLUDES
Example:
IGNORESTANDARDEXCLUDES
The LOCALE statement identifies the language to be used by the component.
Syntax:
LOCALE Id
Id specifies the two-character ISO 639 language identifier.
Example:
LOCAL en
The PLATFORMNAME statement specifies the common name of the Platform object. If there is no PLATFORMNAME statement, you are prompted to enter the name when obtaining a platform security certificate.
Syntax:
PLATFORMNAME Cn
Cn specifies the common name of the Platform configuration object that was specified in the Web interface when platform was defined.
Example:
PLATFORMNAME WestCentral
The PROVISIONING statement specifies the network address and port of one Provisioning Manager Core Driver. A PROVISIONING statement must appear in the configuration file for the Platform Receiver and when obtaining a security certificate.
You can code more than one PROVISIONING statement. The first PROVISIONING statement in the file identifies the Provisioning Manager that is tried first. If a connection with the Provisioning Manager identified by the first PROVISIONING statement fails, the Provisioning Managers identified by any other PROVISIONING statements are tried, in the order the PROVISIONING statements appear in the configuration file, until a connection is successful or there are no more PROVISIONING statements.
Syntax:
PROVISIONING Address [PORT PortNumber]
Address specifies the DNS name or IP address of a Provisioning Manager.
PortNumber specifies the TCP port number that is to be used to communicate with the Provisioning Manager. PORT is optional. The default port number for the Provisioning Manager is 3451.
IMPORTANT:If you specify a port number other than the default, you must also use the Web interface to specify the same port number for the Core Driver configuration object.
Example:
PROVISIONING cdriver1.digitalairlines.com PROVISIONING cdriver4.digitalairlines.com
The RUNMODE statement specifies the mode of operation the Platform Receiver uses. Command line parameters that specify a mode of operation override the mode specified on the RUNMODE statement.
Syntax:
RUNMODE Mode
Mode specifies the mode of operation for the Platform Receiver. Possible values follow.
Table 10-1 Values For Specified Mode
Value |
Description |
---|---|
PERSISTENT |
The Platform Receiver uses Persistent Mode. |
POLLING |
The Platform Receiver uses Polling Mode. |
SCHEDULED |
The Platform Receiver uses Scheduled Mode. |
If no RUNMODE statement or mode-related command line parameter is present, the Platform Receiver uses persistent Mode.
For more information about Platform Receiver modes of operation, see Modes of Operation.
Example:
RUNMODE polling
The TRACEFILE statement specifies that debugging output is generated and the file path where it is written. If the TRACEFILE statement is present in the platform configuration file, full debugging output is generated even if the -d command line parameter is not present.
To obtain debugging output from the system intercepts when you use the DIRECTTOAUTHENTICATION statement, you must use either the TRACEFILE or the TRACETOSTDOUT statement.
Syntax:
TRACEFILE FilePath
FilePath specifies the location in the file system where debugging output is written.
Example:
TRACEFILE c:\novell\asam\debug.txt
The TRACETOSTDOUT statement specifies that debugging output is generated and that it is written to the standard output channel stdout. If the TRACETOSTDOUT statement is present in the platform configuration file, full debugging output is generated even if the -d command line parameter is not present.
To obtain debugging output from the system intercepts when you use the DIRECTTOAUTHENTICATION statement, you must use either the TRACEFILE or the TRACETOSTDOUT statement.
Syntax:
TRACETOSTDOUT
Example:
TRACETOSTDOUT