streamtool setldapadminconfig

Usage

setldapadminconfig [-d,--domain-id <did>] [--force] {[--remove] | [--ldap-admin-user <ldap-admin-user> [--ldap-admin-password <ldap-admin-password>]]} [-U,--User <user>] [-h,--help] [--trace <level>] [-v,--verbose <level>] [--zkconnect {<host>:<port>},... | --embeddedzk]

The streamtool setldapadminconfig command changes the Lightweight Directory Access Protocol (LDAP) administrator authentication credentials for a domain.

Authority

You must have write authority for the config domain object. By default, the DomainAdministrator role has this authority. For more information about access control lists, see streamtool getdomainacl.

Description

If you want a domain to use an LDAP user secondary lookup query and an LDAP server that does not enable anonymous binds, you must specify LDAP administrator authentication credentials when you create the domain. In particular, you must specify a valid user ID and password for the following properties: security.ldapAdministratorUser; security.ldapAdministratorPassword. Streams uses these credentials when it runs LDAP queries during the authentication process.

To change the LDAP administrator credentials, run the streamtool setldapadminconfig command.

The command verifies that the credentials can successfully access the LDAP server before it stores those credentials. It also verifies that the user that runs the command has the appropriate authority to make these changes in Streams. The user that created the domain can run the command and skip the authorization step by using the --force parameter.

Options

-d,--domain-id <did>
Specifies the domain identifier.

If you do not specify this option, Streams uses the domain name that is set in the STREAMS_DOMAIN_ID environment variable. By default, that domain name is StreamsDomain. If you are using the interactive streamtool interface, it uses the name of the active domain for the current streamtool session or else it prompts you for the domain name.

The active domain for the current streamtool session is set every time that you successfully run a streamtool command with a -d or --domain-id option. Alternatively, you can run the streamtool domain command in the interactive interface.

--embeddedzk

Specifies to use the embedded copy of ZooKeeper. This option is not supported within the interactive streamtool interface.

If you are not using the interactive streamtool interface and you do not specify either this option or the --zkconnect option, Streams uses the ZooKeeper connection that is associated with the active domain or the domain that is specified in the --domain-id option. Streams determines which connection maps to the domain by using cached information about the domains. In this scenario, if the domain identifier is not unique in the Streams configuration cache, the command fails.

--force
Specifies that the command does not authenticate the user. Rather, the command verifies that the user is the same one that created the domain.
-h,--help
Specifies to show the command syntax.
--ldap-admin-password <ldap-admin-password>
Specifies the password for the user that is the LDAP administrator.
--ldap-admin-user <ldap-admin-user>
Specifies a user that is an LDAP administrator.
--remove
Specifies to remove the information about the user ID and password of the LDAP administrator from the domain.
--trace <level>
Specifies the trace setting. The following valid levels are listed in order of increasing verbosity, which is to say that the first level in the list generates the least amount of information:
  • off
  • error
  • warn
  • info
  • debug
  • trace
The default value is off.
-U,--User <user>
Specifies an Streams user ID that has authority to run the command.
-v,--verbose <level>
Specifies to provide more detailed command output. The verbosity level can be 0-3, where 0 disables detailed reporting and each increment provides more detailed output.
--zkconnect <{<host>:<port>},...>

The name of one or more host and port pairs that specify the configured ZooKeeper servers. This option is not supported within the interactive streamtool interface.

If you are not using the interactive streamtool interface and you do not specify this option, Streams tries to use:

  1. The --embeddedzk option
  2. The value from the STREAMS_ZKCONNECT environment variable
  3. A ZooKeeper connection string that is derived from cached information about the current domain.