- 1 Syntax
- 2 Parameters
- 3 Description
- 4 Examples
- 5 Switches
- 5.1 --command-file=file, -f file
- 5.2 --help, -?
- 5.3 --version, -V
- 5.4 --admin=type, -a type
- 5.5 --attrlist=attrs, -A attrs
- 5.6 --autocreate, -c
- 5.7 --bind-dn=binddn, -D binddn
- 5.8 --bind-pwfile=file, -j file
- 5.9 --default-domain=domain, -d domain
- 5.10 --dry-run, -n
- 5.11 --hostlist=host, -h host
- 5.12 --ldapattrval=avl, -p avl
- 5.13 --ldif=file, -l file
- 5.14 --logfile=file, -L file
- 5.15 --myhost=host, -H host
- 5.16 --novalidate
- 5.17 --orgdn=dn, -O dn
- 5.18 --postmaster=mailaddr, -M mailaddr
- 5.19 --port=port, -P port
- 5.20 --preserveCritical
- 5.21 --pwfile=file, -J file
- 5.22 --quiet, -q
- 5.23 --require-ssl, -Z
- 5.24 --verbose, -v
The inetuser utility is a very limited LDAP provisioning utility for Messaging Server.
inetuser --command-file=file inetuser --help inetuser --version inetuser create [switches]'user inetuser show [switches]'user inetuser checkpw [switches]'user inetuser show-domain [switches]'domain inetuser check-dssetup
This command uses LDAP configuration settings by default. However, commands that update LDAP generally require Directory Manager credentials and it is a best practice to limit the access rights available to the administrative account specified by base.ugldapbinddn and by base.ugldapbindcred. As a result, it's typically necessary to specify the
--bind-pwfile=file switches to specify a Directory Manager account when updating LDAP directly.
checkpw subcommands take a user identity as a parameter. The user identity is typically the value of the
uid LDAP attribute (possibly modified by the ldap_uid option) and may include
@domain to refer to an LDAP domain.
show-domain subcommand takes a domain provisioned in LDAP as a parameter.
No parameters are present when a top-level switch is used or other subcommands are used.
The inetuser utility is a very limited LDAP provisioning utility for Messaging Server that supports LDAP schema 1 and LDAP schema 2. This tool has been present in Messaging Server for some time and is used by the init-config utility to provision an initial administrative user, group, and associated default domain.
create subcommand is used to create users and domains.
show subcommand is used to show a user's LDAP entry.
checkpw subcommand is used to check a user's LDAP password against the directory. The
inetuser utility will return a status of
0 if the password is correct.
show-domain subcommand shows a domain's LDAP entry.
check-dssetup subcommand shows information from the
comms_dsseetup utility that is present in the LDAP directory.
The following command creates a user with common name "John Smith" and user identity 'jsmith'. With this command, the email address defaults to 'jsmith@defaultdomain' (this assumes the directory manager password is stored in the file pwfile in the current directory):
# inetuser create -D "cn=Directory Manager" -j pwfile -p "cn=John Smith" jsmith password:
The following command creates a new domain with a new administrative user:
# inetuser create -D "cn=Directory Manager" -j pwfile -a all -c firstname.lastname@example.org password:
This top-level switch reads and executes inetuser subcommands from the specified file instead of executing one subcommand from the command line.
This top-level switch displays command usage summary.
This top-level switch displays command version information.
This create subcommand switch specifies the type of admin user to create. Supported values are
all (store administrator) and
access (administrative account used by Messaging Server to authenticate). If not specified, the user account will not have administrative privilege.
This show subcommand switch specifies a comma-separated list of attributes to show from the user entry, instead of showing all known attributes.
This create subcommand switch will cause the domain to be created when creating a user if it doesn't already exist. Note that the tool requires the first user in a domain to be a store administrator so it's generally necessary to include the
--admin=all switch with this one.
This subcommand switch specifies the bind DN to use for LDAP server authentication. If not specified, the value of the base.ugldapbinddn option is used instead. The credentials specified by that option typically do not have permission to write to the LDAP directory so this switch is usually necessary with the
create subcommand (as is the
This subcommand switch specifies a file containing the bind password to use for LDAP server authentication. If not specified, the value of the base.ugldapbindcred option is used as the bind password instead.
This subcommand switch specifies the default domain to use if a domain is not explicitly specified. When this switch is not specified, the value of the base.defaultdomain option is used.
This subcommand switch prevents the tool from modifying the LDAP directory. It may be useful to combine this with the
This subcommand switch specifies one or more LDAP server host names to use when connecting to the LDAP server. If not provided, the value of the base.ugldaphost option is used. This may be needed with the
create subcommand if that option specifies a slave LDAP server rather than a master LDAP server.
This create subcommand switch specifies an LDAP attribute value list of additional known attributes to include when creating a user. The syntax of the list is attr1=value1,attr2=value2. Special characters may be escaped with backslash (\). Alternatively, the value can be base64-encoded by specifying a
$ symbol before the equals (
=) symbol. The set of known attributes is limited, so if the attribute name is not known by the utility, an error will result.
This create subcommand switch specifies a file that will record a copy of the LDIF generated internally by this tool that is used to modify the LDAP directory. Combing this with the
--dry-run switch is useful to review the changes the tool would make to LDAP. This may also be helpful to customers developing their own provisioning tools.
This subcommand switch requests that any diagnostics are appended to the specified file.
This subcommand switch specifies the name of the host used to provision store-related attributes such as
mailHost. If this is not provided, the value of the base.hostname option is used.
Normally the tool will prompt and abort if a mismatch or error is detected. This subcommand switch suppresses that behavior.
This create subcommand switch specifies the LDAP DN to use when provisioning a schema 1 organization group in LDAP when creating a domain. This switch is primarily for use by the init-config utility.
This create subcommand switch specifies the mail address of the user to include in the postmaster group when creating a domain with a postmaster group. This switch is primarily for use by the init-config utility.
This subcommand switch specifies the LDAP server port to use. If not specified, the value of the base.ugldapport option is used.
Normally the tool will prompt and default to overwrite certain critical attributes when performing a create operation and the specified user and/or domain already exists. The subcommand switch prevents the tool from overwriting such attributes.
This create subcommand switch specifies a file containing the password to use when creating a user. If this is not provided, the tool will prompt for a password.
This subcommand switch suppresses some prompts and diagnostics.
This subcommand switch require use of SSL when communicating with the LDAP server.
This subcommand switch requests additional diagnostics from the utility. May be used more than once to increase the amount of diagnostic information.