organization(1m) OSF organization(1m)
NAME [Toc] [Back]
organization - A dcecp object that manages an organization in the DCE
Security Service
SYNOPSIS [Toc] [Back]
organization add organization_name_list -member member_name_list
organization catalog [cell_name] [-simplename]
organization create organization_name_list
{-attribute extended_rgy_attr_list | -attribute value}
organization delete organization_name_list
organization help [operation | -verbose]
organization list organization_name_list [-simplename]
organization modify organization_name_list
{-add extended_rgy_attr_list |
-remove extended_rgy_attr_list [-types] |
-change extended_rgy_attr_list | -attribute value}
organization operations
organization remove organization_name_list -member member_name_list
organization rename organization_name -to new_organization_name
organization show organization_name_list
[-all | [-policies] [-xattrs]]
ARGUMENTS [Toc] [Back]
cell_name The name of a cell to contact when processing the catalog
operation. The name must be a fully qualified cell name,
such as /.: or /.../cell_name
operation The name of the organization operation for which to display
help information.
organization_name
The name of a single organization to act on. See
organization_name_list for the name format.
organization_name_list
A list of one or more names of organizations to act on.
Supply the names as follows:
Hewlett-Packard Company - 1 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
organization(1m) Open Software Foundation organization(1m)
+ Fully qualified names in the form:
/.../cell_name/organization_name,
/.:/organization_name, or organization_name@cell_name.
+ Cell-relative names in the form organization_name.
These names refer to an organization in the cell
identified in the _s(sec) convenience variable, or if
the _s(sec) convenience variable is not set, in the
local host's default cell.
Do not mix fully qualified names and cell-relative names in
a list. In addition, do not use the names of registry
database objects that contain organization information; in
other words, do not use names that begin with /.:/sec/org/.
DESCRIPTION [Toc] [Back]
The organization object represents registry organizations. Unless
otherwise noted, all organization operations take the names of the
organizations to act on as an argument.
When this command executes, it attempts to bind to the registry server
identified in the _s(sec) variable. If that server cannot process the
request or if the _s(sec) variable is not set, the command binds to
either an available slave server or the master registry server,
depending on the operation. Upon completion the command sets the
_b(sec) convenience variable to the name of the registry server to
which it bound.
ATTRIBUTES [Toc] [Back]
The organization object supports two kinds of attributes: organization
and policy.
+ Organization attributes consist of the organization's name,
Universal Unique Identifier (UUID), and organization identifier.
Organization attributes may or may not have default values. They
assume a default value or a value set by administrators.
+ Policy attributes regulate such things as account and password
lifetimes for all accounts associated with a particular
organization. If you do not set these attributes, they default
to the value set for the registry as a whole with the registry
modify command. Note that if a policy attribute value set for the
registry as a whole is stricter than the value you set for an
organization, the registry wide value is used.
Organization Attributes [Toc] [Back]
Hewlett-Packard Company - 2 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
organization(1m) Open Software Foundation organization(1m)
orgid integer
Used with the create operation to specify the organization
identifier for the organization. If this attribute is not
set when an organization is created, an organization
identifier is assigned automatically. Do not specify the
-orgid attribute when creating two or more organizations
with the same command. If you do, the second create
operation will fail, since the organization identifier is
already in use after the first is created. However, the
alias and orgid attributes can be specified to create
several aliases for an existing organization with one
command.
uuid hexadecimal number
Used with the create operation to specify the organization's
UUID, a unique internal identifier. Use the UUID attribute
only to adopt an orphaned UUID. Normally the UUID for a new
organization is generated by the registry. In cases where
data exists tagged with a UUID of an organization that has
been deleted from the registry, use the create operation to
specify the old UUID for a new organization. The UUID
specified must be an orphan, that is, a UUID for which no
name exists in the registry. An error occurs if you specify
a UUID that is already defined in the registry.
fullname string
Used with the create and modify operations to specify the
organization's full name, a name used for information
purposes only. The full name typically describes or expands
a primary name to allow easy recognition by users. For
example, an organization could have a primary name of abc
and a full name of Advanced Binary Corporation. The value
is a string. If it contains spaces, it is displayed in
quotation marks, on entry, must be enclosed in quotation
marks or braces. The fullname attribute defaults to the null
string (that is, blank).
reserved {yes | no}
Indicates whether the organization object is reserved or
not. The default is no. This attribute may not be set or
modified by the user.
Policy Attributes [Toc] [Back]
Since organization policy attributes do not exist on an organization
unless explicitly defined, they have no default values. The
organization policy attributes are as follows:
Hewlett-Packard Company - 3 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
organization(1m) Open Software Foundation organization(1m)
acctlife {relative_time | unlimited}
Defines the lifespan of accounts. Specify the time by using
the Distributed Time Service (DTS) relative time format ([-
]dd-hh:mm:ss) or the string unlimited.
pwdalpha {yes | no}
Defines whether passwords can consist entirely of
alphanumeric characters. Its value is either yes or no.
pwdexpdate {ISO_timestamp | none}
Defines a date on which a password expires. Specify the
date by using an ISO-compliant time format such as CC-MM-
DD-hh:mm:ss or the string none, which specifies that the
password not expire.
pwdlife {relative_time | unlimited}
Defines the lifespan of passwords. Specify the time by
using the DTS-relative time format ([-]DD-hh:mm:ss) or the
string unlimited.
pwdminlen integer
Defines the minimum number of characters in a password. Its
value is a positive integer or the integer 0, which means
there is no minimum length.
pwdspaces {yes | no}
Defines whether or not passwords can consist entirely of
spaces. Its value is either yes or no.
See the OSF DCE Administration Guide for more information about
organization and policy attributes.
OPERATIONS [Toc] [Back]
organization add
Adds members to a security organization. The syntax is as follows:
organization add organization_name_list -member member_name_list
Options [Toc] [Back]
-member member_name_list
Specifies a list of one or more names of principals to be
added to each organization in the argument.
The add operation adds members to an organization. The argument is a
list of names of organizations to be added to. The member_name_list
argument of the required -member option is a list of names of
Hewlett-Packard Company - 4 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
organization(1m) Open Software Foundation organization(1m)
principals to be added to each organization in the argument. If the
principals do not exist, the command returns an error. This operation
returns an empty string on success.
Privileges Required [Toc] [Back]
You must have r (read) and M (Member_list) permissions on the target
organization and r (read) permission on the principal being added.
Examples [Toc] [Back]
dcecp> organization add managers -member W_White
dcecp>
organization catalog
Returns a list of the names of all organizations in the registry. The
syntax is as follows:
organization catalog [cell_name] [-simplename]
Options [Toc] [Back]
-simplename
Returns a list of organization names in the registry without
prepending the cell name.
The catalog operation returns a list of the names of all organizations
in the local registry in lexical order. Use the cell_name argument to
return a list of organizations in another cell's registry. By
default, fully qualified names are returned in the form
cellname/organization_name. Use the -simplename option to return
them in the form organization_name.
Privileges Required [Toc] [Back]
You must have r (read) permission to the /.:/sec/org directory.
Examples [Toc] [Back]
dcecp> organization catalog
/.../my_cell.goodcompany.com/none
/.../my_cell.goodcompany.com/users
/.../my_cell.goodcompany.com/managers
dcecp>
dcecp> organization catalog -simplename
none
Hewlett-Packard Company - 5 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
organization(1m) Open Software Foundation organization(1m)
users
managers
dcecp>
organization create
Creates a new organization in the registry database. The syntax is as
follows:
organization create organization_name_list
{-attribute extended_rgy_attr_list | -attribute value}
Options [Toc] [Back]
-attribute value
As an alternative to using the -attribute option with an
attribute list, you can specify individual attribute options
by prepending a hyphen (-) to any attributes listed in the
ATTRIBUTES section of this reference page. You cannot use
this format to specify ERAs; it is only for the standard
attributes described in ATTRIBUTES.
-attribute extended_rgy_attr_list
Allows you to specify attributes, including ERAs, by using
an attribute list rather than individual attribute options.
The format of an attribute list is as follows:
{{extended_rgy_attr_list value}...{extended_rgy_attr_list value}}
See the OSF DCE Administration Guide for more information on ERAs.
The create operation creates a new organization. The argument is a
list of names of organizations to be created. Options specify the
attributes of the newly created organization. All options are applied
to all organizations in the argument list. This operation returns an
empty string on success.
Privileges Required [Toc] [Back]
You must have i (insert) permission to the directory in which the
organization is to be created.
Examples [Toc] [Back]
dcecp> organization create temps -fullname "Temporary Employees"
dcecp>
dcecp> organization create temps -attribute {fullname "Temporary Employees"}
Hewlett-Packard Company - 6 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
organization(1m) Open Software Foundation organization(1m)
dcecp>
dcecp> organization create temps@gumby_cell
dcecp>
organization delete
Deletes organizations from the registry. The syntax is as follows:
organization delete organization_name_list
The delete operation deletes organizations from the registry. The
argument is a list of names of organizations to be deleted. If a
named organization does not exist, an error is generated. This
operation returns an empty string on success.
This operation also deletes any accounts associated with organizations
that are deleted. To preserve accounts, add desired principals to a
different organization by using the organization add -member command.
Modify the principals' accounts to point to the new organization by
using the account modify command. Then you can delete the
organization by using the organization delete command.
Privileges Required [Toc] [Back]
You must have d (delete) permission to the directory in which the
target organization exists. You must have r (read) and D
(Delete_object) permissions on the organization to be deleted.
Examples [Toc] [Back]
dcecp> organization delete temps
dcecp>
organization help
Returns help information about the organization object and its
operations. The syntax is as follows:
organization help [operation | -verbose]
Options [Toc] [Back]
-verbose Displays information about the organization object.
Used without an argument or option, the organization help command
returns brief information about each organization operation. The
Hewlett-Packard Company - 7 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
organization(1m) Open Software Foundation organization(1m)
optional operation argument is the name of an operation about which
you want detailed information. Alternatively, you can use the -verbose
option for more detailed information about the organization object
itself.
Privileges Required [Toc] [Back]
No special privileges are needed to use the organization help command.
Examples [Toc] [Back]
dcecp> organization help
add Adds a member to the named organization.
catalog Returns a list of all the names of organizations.
create Creates an organization in the registry.
delete Deletes an organization from the registry.
list Returns a list of all the members of an organization.
modify Changes the information about an organization.
remove Removes a member from the named organization.
rename Renames the specified organization.
show Returns the attributes of an organization.
help Prints a summary of command-line options.
operations Returns a list of the valid operations for this command.
dcecp>
organization list
Returns a list of the names of all members of an organization. The
syntax is as follows:
organization list organization_name_list [-simplename]
Options [Toc] [Back]
-simplename
Returns a list of member names in the organization without
prepending the cell name.
The list operation returns a list of the names of all members of an
organization. The argument is a list of names of organizations. By
default, fully qualified names are returned in the form
cellname/member_name. If the -simplename option is given, the cell
name is not prepended to the member names. Names are returned in
lexical order.
Privileges Required [Toc] [Back]
Hewlett-Packard Company - 8 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
organization(1m) Open Software Foundation organization(1m)
You must have r (read) permission to the organization.
Examples [Toc] [Back]
dcecp> organization list managers
/.../my_cell.goodcompany.com/W_Ward
/.../my_cell.goodcompany.com/L_Jones
/.../my_cell.goodcompany.com/S_Preska
/.../my_cell.goodcompany.com/S_Rohrer
/.../my_cell.goodcompany.com/J_Wanders
dcecp>
dcecp> organization list {managers users}
/.../my_cell.goodcompany.com/W_Ward
/.../my_cell.goodcompany.com/L_Jones
/.../my_cell.goodcompany.com/S_Preska
/.../my_cell.goodcompany.com/S_Rohrer
/.../my_cell.goodcompany.com/J_Wanders
/.../my_cell.goodcompany.com/W_Ross
/.../my_cell.goodcompany.com/J_Severance
/.../my_cell.goodcompany.com/J_Hunter
/.../my_cell.goodcompany.com/B_Carr
/.../my_cell.goodcompany.com/E_Vliet
/.../my_cell.goodcompany.com/J_Egan
/.../my_cell.goodcompany.com/F_Willis
dcecp>
organization modify
Changes attributes and policies of organizations. The syntax is as
follows:
organization modify organization_name_list
{-add extended_rgy_attr_list |
-remove extended_rgy_attr_list [-types] |
-change extended_rgy_attr_list | -attribute value}
Options [Toc] [Back]
-attribute value
As an alternative to using the -add, -change, or -remove
options with attribute lists, you can specify individual
attribute options by prepending a hyphen (-) to any
attributes listed in the ATTRIBUTES section of this
reference page. You cannot use this format to specify ERAs;
it is only for the standard attributes described in
ATTRIBUTES.
Hewlett-Packard Company - 9 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
organization(1m) Open Software Foundation organization(1m)
-add extended_rgy_attr_list
Allows you to modify attributes, including ERAs, by using an
attribute list rather than individual attribute options.
The format of an attribute list is as follows:
{{extended_rgy_attr_list value}...{extended_rgy_attr_list value}}
-change extended_rgy_attr_list
Allows you to modify attributes, including ERAs, by using an
attribute list rather than individual attribute options. See
the -add option for the attribute list format.
-remove extended_rgy_attr_list
Allows you to modify attributes, including ERAs, by using an
attribute list rather than individual attribute options. See
the -add option for the attribute list format.
Without the -types option, -remove deletes individual
attribute instances attached to the group. In this case,
extended_rgy_attr_list is a list of attribute-value pairs.
With the -types option, -remove deletes attribute types (and
all instances of that type) attached to the group. In this
case, extended_rgy_attr_list is a list of attribute types.
-types Used with the -remove option to remove attribute types (and
all instances of that type) attached to the group.
See the OSF DCE Administration Guide for more information about ERAs.
The modify operation changes attributes and policies of organizations.
(To change registrywide policies, use the registry command.)
The argument is a list of names of organizations to be operated on.
All modifications are applied to all organizations named in the
argument. Organizations are modified in the order they are listed and
all modifications to an individual organization are atomic.
Modifications to multiple organizations are not atomic. A failure for
any one organization generates an error and cancels the rest of the
operation. This operation returns an empty string on success.
The -change option can modify the value of any standard attribute
except for orgid and uuid.
Privileges Required [Toc] [Back]
You must have r (read) permission on the organization to be modified
and f (full_name) permission to change the organization's fullname
and/or m (mgmt_info) permission to change the organization's managment
information.
Hewlett-Packard Company - 10 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
organization(1m) Open Software Foundation organization(1m)
Examples [Toc] [Back]
dcecp> organization modify temps -acctlife 180-00:00:00 \
-pwdalpha yes -pwdlife 30-00:00:00 \
-pwdexpdate 1995-12-31-23:59:59 -pwdspaces yes
dcecp>
dcecp> organization modify temps -add {test_era 101}
dcecp>
dcecp> organization show temps -all
{name temps}
{fullname {}}
{orgid 12}
{uuid 0000000c-03d5-21cf-9802-08000985b5a6}
{reserved no}
{test_era 101}
{acctlife +180-00:00:00.000I-----}
{pwdalpha yes}
{pwdexpdate 1995-12-31-23:59:59.000+00:00I-----}
{pwdlife +30-00:00:00.000I-----}
{pwdminlen 0}
{pwdspaces yes}
dcecp>
organization operations
Returns a list of the operations supported by the organization object.
The syntax is as follows:
organization operations
The list of available operations is in alphabetical order except for
help and operations, which are listed last.
Privileges Required [Toc] [Back]
No special privileges are needed to use the organization operations
command.
Examples [Toc] [Back]
dcecp> organization operations
add catalog create delete list modify remove rename show help operations
dcecp>
organization remove
Removes a member from an organization. The syntax is as follows:
Hewlett-Packard Company - 11 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
organization(1m) Open Software Foundation organization(1m)
organization remove organization_name_list -member member_name_list
Options [Toc] [Back]
-member member_name_list
Specifies a list of one or more names of principals to be
removed from each organization in the argument.
The remove operation removes members from an organization. The
argument is a list of names of organizations from which to remove
members. The value of the required -member option is a list of names
of principals to remove from the organizations listed in the argument.
When a member is removed from an organization, any accounts associated
with that principal and group are deleted. Remember that accounts are
associated with a principal, a group, and an organization; therefore,
any accounts whose principal name and organization name match those
given to this command are removed, but accounts for which only one
name matches are untouched. This operation returns an empty string on
success.
Privileges Required [Toc] [Back]
You must have r (read) and M (Member_list) permissions on the target
organizations and r (read) permission on the member to be removed.
Examples [Toc] [Back]
dcecp> organization remove managers -member J_Wanders
dcecp>
organization rename
This operation changes the name of a specified organization. The
syntax is as follows:
organization rename organization_name -to new_organization_name
Options [Toc] [Back]
-to new_organization_name
Specifies the new name of the organization.
See ARGUMENTS for a description of organization names.
Hewlett-Packard Company - 12 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
organization(1m) Open Software Foundation organization(1m)
The rename operation changes the name of a specified organization.
The argument is a single name of an organization to be renamed. The
required -to option specifies the new name, which cannot be a list.
This operation returns an empty string on success.
Privileges Required [Toc] [Back]
You must have r (read) and n (name) permission to the specified
organizations.
Examples [Toc] [Back]
dcecp> organization list rigel
/.../my_cell.goodcompany.com/H_Lewis
/.../my_cell.goodcompany.com/R_Mathews
/.../my_cell.goodcompany.com/K_Doe
/.../my_cell.goodcompany.com/W_Ross
/.../my_cell.goodcompany.com/W_Williams
/.../my_cell.goodcompany.com/D_White
dcecp>
dcecp> organization rename rigel -to sirus
dcecp>
dcecp> organization list rigel
Error: Registry object not found
dcecp>
dcecp> organization list sirus
/.../my_cell.goodcompany.com/H_Lewis
/.../my_cell.goodcompany.com/R_Mathews
/.../my_cell.goodcompany.com/K_Doe
/.../my_cell.goodcompany.com/W_Ross
/.../my_cell.goodcompany.com/W_Williams
/.../my_cell.goodcompany.com/D_White
dcecp>
organization show
Returns registry information for the specified organizations. The
syntax is as follows:
organization show organization_name_list
[-all | [-policies] [-xattrs]]
Options [Toc] [Back]
-policies Returns only the polices of the organization, with no other
attributes.
Hewlett-Packard Company - 13 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
organization(1m) Open Software Foundation organization(1m)
-xattrs Returns only the ERAs of the organization, with no other
attributes.
-all Return the attributes followed by the policies and ERAs.
The show operation returns an attribute list describing the specified
organizations. The argument is a list of names of organizations to be
operated on. If more than one organization is given, the attributes
are concatenated together.
Attributes are returned in the following order: fullname, orgid, uuid.
Policies are returned in the following order: acctlife, pwdalpha,
pwdexpdate, pwdlife, pwdminlen, and pwdspaces. If the organization
does not have any policies, then nopolicy is returned.
The policy set for an organization and the policy set for the registry
as a whole may differ. If this is the case, show displays both
policies and tags the registry policy with the label ``effective.''
The actual policy in effect is the stricter of the two displayed
policies, regardless of the effective label.
Privileges Required [Toc] [Back]
You must have r (read) permission on the specified organizations.
Examples [Toc] [Back]
dcecp> organization show temps
{name temps}
{fullname {Temporary Employees}}
{orgid 103}
{uuid 00000067-9402-21cd-a602-0000c08adf56}
{reserved no}
dcecp>
dcecp> organization show temps -policies
{acctlife +180-00:00:00.000I-----}
{pwdalpha yes}
{pwdexpdate 1995-12-31-23:59:59.000+00:00I-----}
{pwdlife +30-00:00:00.000I-----}
{pwdminlen 0}
{pwdspaces yes}
dcecp>
dcecp> organization show planets -policies
{acctlife 30 days}
{pwdalpha no}
{pwdexpdate none}
{pwdlife 4 effective 5 days}
{pwdminlen 6}
Hewlett-Packard Company - 14 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
organization(1m) Open Software Foundation organization(1m)
{pwdspaces no}
dcecp>
dcecp> organization show temps -all
{name temps}
{fullname {Temporary Employees}}
{orgid 103}
{uuid 00000067-9402-21cd-a602-0000c08adf56}
{reserved no}
{acctlife +180-00:00:00.000I-----}
{pwdalpha yes}
{pwdexpdate 1995-12-31-23:59:59.000+00:00I-----}
{pwdlife +30-00:00:00.000I-----}
{pwdminlen 0}
{pwdspaces yes}
dcecp>
RELATED INFORMATION [Toc] [Back]
Commands: dcecp(1m), dcecp_account(1m), dcecp_group(1m),
dcecp_principal(1m), dcecp_registry(1m), dcecp_xattrschema(1m).
Hewlett-Packard Company - 15 -�OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96 [ Back ] |
