To add a user, the partition's SOSecurity officer - UKC partition administrator role. may use the following options:
- Add User Authenticated by CORE
- Add User Authenticated by LDAPLightweight Directory Access Protocol
ucl user create -n tester1 -d Tester1! --role CodeSigner -p CodeSign1
--name as specified in the LDAPLightweight Directory Access Protocol directory. Use single quotes to enclose space-separated strings:
ucl user create --ldap --name 'Alice B. Doe' --role Verifier -p CodeSign1
LDAPLightweight Directory Access Protocol-managed username is accepted as is.
This feature allows adding new LDAPLightweight Directory Access Protocol users to a system that is currently disconnected from the LDAPLightweight Directory Access Protocol provider or even before the LDAPLightweight Directory Access Protocol provider has been defined in the system settings.
To list the partition's user names, its SOSecurity officer - UKC partition administrator role. uses the following command.
ucl user list
To review a user's role, failed password count, and status:
In the case of CORE or LDAPLightweight Directory Access Protocol based authentication ("
auth type") of the user, the output presents its attributes related to the user's password and its validation status:
retries- current count of consecutive login rejections.
is user locked- true, if the user has been locked.
- The number of login errors exceeds the partition's threshold x-DY_USER_LOGIN_RETRIES. See Partition Settings Summary.
To unlock a user, reset its password.
role- name of the role that is assigned to the user. This field is not shown if user has no specific role. In such a case, the user's privileges are granted through its membership in user groups.
groups- list of User groups that the user is a member of.
aliases- list of SSOSingle Sign-On users that are represented by this user. For example:
A user without a role and without membership in user group(s) is practically disabled.
Users with the following usernames can't be deleted: USER and SOSecurity officer - UKC partition administrator role..
To change its password, user executes the following command.
To reset a partition user's password, the partition 's SOSecurity officer - UKC partition administrator role. uses the following command:
For example, the default "so" resets the password of "tester1". Interactive approach:
To unlock a user, reset the user's password. The new password may be equal to the old one.
In the extreme case when none of a partition's SOSecurity officer - UKC partition administrator role. can log in, the specific user's password (particularly, the partition's SOSecurity officer - UKC partition administrator role. password) may be recovered by the Root SOSecurity officer - UKC partition administrator role..
[-d <SO new password> //if omitted, you are prompted to provide one]
ucl user recover-pwd -p codesign -n so2 -d Password2!
To recover the password of Root SOSecurity officer - UKC partition administrator role., use ekm_recover_root_so_pwd.