7-6 Oracle WebLogic Communications Server Administration Guide locked or if it perhaps should be a temporarily account. Aliases: [no aliases] Syntax: account Sub-commands: Adds a new account to the system account add uid=string [ active=true|false ] [ locked=true|false ] [ accountExpiresAt=accountExpiresAt ] [ tempAccount=true|false ] [ description=string ] [ lockExpiresAt=lockExpiresAt ] [ currentFailedLogins=integer ] Deletes an account account delete uid=string Updates an account account update uid=string [ active=true|false ] [ locked=true|false ] [ accountExpiresAt=accountExpiresAt ] [ tempAccount=true|false ] [ description=string ] [ lockExpiresAt=lockExpiresAt ] [ currentFailedLogins=integer ] Retrieve information about a particular account account info uid=string In addition to the overview of the command group, the information displayed by entering help command also includes the aliases if any to the command. For example, the overview of the account command illustrated in Example 7–2 notes [no aliases] for the command. Some commands require parameters. For example, if you enter help role system add, the system informs you that the add command requires the name of the role and an optional command for setting the description as well by displaying role system add name=string [description=string]. The system alerts you if you omit a mandatory parameter or if you pass in a parameter that is not recognized. Note: The delete command used with account, role, role system, role user, privateIdentity, publicIdentity, and identity has the following aliases: ■ remove ■ del ■ rm Note: Optional commands such as [description=string] are enclosed within square brackets [...]. Provisioning Users With Sash 7-7

7.4 Creating a User

This section describes the publicIdentity and privateIdentity commands and how to use them in conjunction with the add, account, role, and credentials subcommands listed in Table 7–1 to provision a user account to the Oracle database. The Private Identity privateIdentity uniquely identifies a user within a given authentication realm. The Public Identity publicIdentity is the SIP address that users enter to register devices. This address is the user’s AOR Address of Record, and the means through which users call one another. A user can have only one Private Identity, but can have several Public Identities associated with that Private Identity. To create a user, first add the user to the system by creating a private identity and then a public identity for the user using the privateIdentity and publicIdentity commands with the add privateId and add publicId subcommands, respectively. Once you create the private and public identity for the user, create an account for the user with the account add uid command and optionally set the status of the account such as active or locked. The role command sets the role memberships for role-based permissions. Set the level of permissions for the users using the role command, and then set user credentials by defining the user’s realm and password with the credentials command.

7.4.1 Creating a User from the Sash Command-Line Prompt

This section illustrates how to create a user from the Sash command prompt sash, illustrated in Example 7–3 by creating an OWLCS user known as alice using the commands described in Table 7–1 .

1. Create a user using the privateIdentity command as follows:

privateIdentity add privateId=alice

2. Create the public identity for alice by entering the SIP address:

publicIdentity add publicId=sip:alicetest.company.com privateId=alice

3. Add an account for alice and use one of the optional commands described in

Table 7–1 to set the status of the account. To create an active account for alice, enter the following: account add uid=alice active=true Note: To enable authentication to third-party databases such as RADIUS, user accounts that contain authentication data and are stored externally must match the Private Identity to ensure the proper functioning of the Proxy Registrar and other applications that require authentication. 7-8 Oracle WebLogic Communications Server Administration Guide 4. Use the role command to add alice to the Location Service user group. Doing so grants alice permission to the Proxy Registrar’s Location Service lookup: role user add uid=alice name=Location Service 5. Add user authentication credentials for alice: credentials add uid=alice realm=test.company.com password=welcome1 The credentials command is not needed for applications configured to use the RADIUS Login Module to authenticate users against RADIUS servers. Fore more information on these login modules, see Chapter 5, Administering Security Features . Example 7–3 Creating a User from the Sash Command-Line Prompt