To update ES with changes in an External Security Manager using the esfupdate utility

If you are using an external Security Manager and changes are made to the security information (such as adding a user or changing group membership), there are two ways in which you can notify Enterprise Server so that it uses the updated information:

The Enterprise Server Administration interface .
The esfupdate utility

This topic describes the steps required to use the esfupdate utility.

The syntax of the esfupdate utility is as follows:

esfupdate [options]update-type[entity-name]

Options

A series of actions to perform. Possible values are:

Switch	Action	Meaning
-a	action	The update action to perform. One of "add", "delete", "modify" or "other". The default is "modify"
-u	user	The username for binding to Directory Server
-p	password	The password for binding to Directory Server
-m	host[:port]	The location of Directory Server. The default is localhost:86
-r	server	The name of the server(s) to update. This can include wildcards
-M		Updates the Directory Server
-v		Displays version information and exit
-h		Displays syntax information and ex

update-type

One of "user", "group", "resource", "users", "groups", "resources", or "all".

entity-name

Must be supplied if update-type is "user", "group" or "resource". Otherwise omitted.

注意: If user and password are not supplied, esfupdate attempts to bind to Directory Server anonymously.

If user is supplied but not password, you will be prompted for it.

If neither -M nor -r are specified, update notifications are sent to Directory Server and all running servers.

The example below notifies the Directory Server and any running enterprise servers that the user SAFU has been modified. This could mean that its Mainframe Transaction Option user attributes (such as user priority) have been changed, or that it has been added to (or removed from) a group. It will bind to Directory Server as the "SYSAD" user.

esfupdate -u CN=SYSAD -p SYSAD user SAFU