Product Documentation
manageSKFSCreds.sh is a bash client used for the following credential operations:
- Get a list of Service Credential Identifiers (SCID)
- Get a list of Groups
- Get a list of Groups a specific SCID is a member of
- Add a SCID
- Add a Group
- Add SCID to Groups
- Remove SCID from Groups
- Change SCID Password
- Delete SCID
The script must be run as root. It is located in the SKFS installation directory.
Usage
manageSKFSCreds.sh getUsers
manageSKFSCreds.sh getGroups
manageSKFSCreds.sh getUserGroups
manageSKFSCreds.sh addUser
manageSKFSCreds.sh addGroup
manageSKFSCreds.sh addUserToGroup
manageSKFSCreds.sh removeUserFromGroup
manageSKFSCreds.sh changeUserPassword
manageSKFSCreds.sh deleteUser
Get Users
Usage
Usage:
manageSKFSCreds.sh getUsers -did <domain id> [-p <LDAP bind password>]
Description:
This operation returns the list of users that exist within the LDAP for the provided domain.
Options:
-did, --domainid
The ID for the domain to perform this LDAP action on.
-p, --password
The LDAP bind password to access the local LDAP.
If this flag is omitted, this script will attempt to use the default LDAP password, 'Abcd1234!'. If this fails, the password will be prompted.
If the value of this flag is incorrect, this script will prompt for the bind password.span>
Get the users of Domain ID 1:
pan style="font-size: 12pt;">manageSKFSCreds.sh getUsers -did 1
Example Output
*****************************************************************************
$ fidoserver> ./manageSKFSCreds.sh getUsers -did 1
service-cc-ce
svcfidouser
fidoadminuser
skceping
skceadmin
encryptonly
decryptonly
encryptdecrypt
*****************************************************************************
Get Groups
Usage
Usage:
manageSKFSCreds.sh getGroups -did <domain id> [-p <LDAP bind password>]
Description:
This operation returns the list of groups that exist within the LDAP for the provided domain.
Options:
-did, --domainid
The ID for the domain to perform this LDAP action on.
-p, --password
The LDAP bind password to access the local LDAP.
If this flag is omitted, this script will attempt to use the default LDAP password, 'Abcd1234!'. If this fails, the password will be prompted.
If the value of this flag is incorrect, this script will prompt for the bind password.span>
Get the groups of Domain ID 1:
pan style="font-size: 12pt;">manageSKFSCreds.sh getGroups -did 1
Example Output
*****************************************************************************
$ fidoserver> ./manageSKFSCreds.sh getGroups -did 1
AdminAuthorized
FIDOUsers
Services
FidoRegistrationService-AuthorizedServiceCredentials
FidoAuthenticationService-AuthorizedServiceCredentials
FidoAuthorizationService-AuthorizedServiceCredentials
FidoAdministrationService-AuthorizedServiceCredentials
FidoCredentialService-AuthorizedServiceCredentials
FidoPolicyManagementService-AuthorizedServiceCredentials
FidoMonitoringService-AuthorizedServiceCredentials
EncryptionAuthorized
DecryptionAuthorized
*****************************************************************************
Add User
Usage
Usage:
manageSKFSCreds.sh addUser -did <domain id> -u [-p <LDAP bind password>]
Description:
This operation creates a LDAP user.
Options:
-did, --domainid
The ID for the domain to perform this LDAP action on.
-u, --user
The LDAP user to perform this LDAP operation on.
-p, --password
The LDAP bind password to access the local LDAP.
If this flag is omitted, this script will attempt to use the default LDAP password, 'Abcd1234!'. If this fails, the password will be prompted.
If the value of this flag is incorrect, this script will prompt for the bind password.
Create a new SCID user1 that is part of Domain 1:
manageSKFSCreds.sh addUser -did 1 -u user1
Example Output
*****************************************************************************
$ fidoserver> ./manageSKFSCreds.sh addUser -did 1 -u user1
Enter Password for New User:
New password:
Re-enter new password:
adding new entry "cn=user1,did=1,ou=users,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com"
Added User 'user1'
This User is currently a Member of NO Groups!
Please use the addUserToGroup operation and specify which of the following LDAP groups in domain 1 you wish for user1 to be a member of:
AdminAuthorized
FIDOUsers
Services
FidoRegistrationService-AuthorizedServiceCredentials
FidoAuthenticationService-AuthorizedServiceCredentials
FidoAuthorizationService-AuthorizedServiceCredentials
FidoAdministrationService-AuthorizedServiceCredentials
FidoCredentialService-AuthorizedServiceCredentials
FidoPolicyManagementService-AuthorizedServiceCredentials
FidoMonitoringService-AuthorizedServiceCredentials
EncryptionAuthorized
DecryptionAuthorized
*****************************************************************************
Add Group
Usage
Usage:
manageSKFSCreds.sh addGroup -did <domain id> -g [-u ] [-p <LDAP bind password>]
Description:
This operation creates a LDAP group. Each LDAP group must contain at least one member, so a LDAP user must either be specified in the command or when prompted.
Options:
-did, --domainid
The ID for the domain to perform this LDAP action on.
-g, --group
The LDAP group to perform this operation on.
-p, --password
The LDAP bind password to access the local LDAP.
If this flag is omitted, this script will attempt to use the default LDAP password, 'Abcd1234!'. If this fails, the password will be prompted.
If the value of this flag is incorrect, this script will prompt for the bind password.
Create a new group that is part of Domain 1 and add user1 as a member of this group:
manageSKFSCreds.sh addGroup -did 1 -g newgroup -u user1
Example Output
*****************************************************************************
$ fidoserver> ./manageSKFSCreds.sh addGroup -did 1 -g newgroup -u user1
adding new entry "cn=newgroup,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com"
Added Group: 'newgroup'
*****************************************************************************
Add User to Group(s)
Usage
Usage:
manageSKFSCreds.sh addUserToGroup -did <domain id> -u -g [-p <LDAP bind password>]
Description:
This operation adds the specified user as a member of the provided comma-separated list of groups.
Options:
-did, --domainid
The ID for the domain to perform this LDAP action on.
-u, --user
The LDAP user to perform this LDAP operation on.
-g, --group
The LDAP group to perform this operation on.
-p, --password
The LDAP sword to access the local LDAP.
If this flag is omitted, this script will attempt to use the default LDAP password, 'Abcd1234!'. If this fails, the password will be prompted.
If the value of this flag is incorrect, this script will prompt for the bind password.
Add user1 as a member of a group or list of groups in Domain 1:
manageSKFSCreds.sh addUserToGroup -did 1 -u user1 -g FidoRegistrationService-AuthorizedServiceCredentials,FidoAuthenticationService-AuthorizedServiceCredentials,FidoAuthorizationService-AuthorizedServiceCredentials
Example Output
*****************************************************************************
$ fidoserver> ./manageSKFSCreds.sh addUserToGroup -did 1 -u user1 -g FidoRegistrationService-AuthorizedServiceCredentials,FidoAuthenticationService-AuthorizedServiceCredentials,FidoAuthorizationService-AuthorizedServiceCredentials
modifying entry "cn=FidoRegistrationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com"
Added User 'user1' to Group 'FidoRegistrationService-AuthorizedServiceCredentials'
modifying entry "cn=FidoAuthenticationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com"
Added User 'user1' to Group 'FidoAuthenticationService-AuthorizedServiceCredentials'
modifying entry "cn=FidoAuthorizationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com"
Added User 'user1' to Group 'FidoAuthorizationService-AuthorizedServiceCredentials'
Done!
*****************************************************************************
Get User Group(s)
Usage
Usage:
manageSKFSCreds.sh getUserGroups -did <domain id> -u [-p <LDAP bind password>]
Description:
This operation returns the LDAP groups that the specified user is a member of.
Options:
-did, --domainid
The ID for the domain to perform this LDAP action on.
-u, --user
The LDAP user to perform this LDAP operation on.
-p, --password
The LDAP bind password to access the local LDAP.
If this flag is omitted, this script will attempt to use the default LDAP password, 'Abcd1234!'. If this fails, the password will be prompted.
If the value of this flag is incorrect, this script will prompt for the bind password.
Get the groups that user1 is part of in Domain 1:
manageSKFSCreds.sh getUserGroups -did 1 -u user1
Example Output
*****************************************************************************
$ fidoserver> ./manageSKFSCreds.sh getUserGroups -did 1 -u user1
User 'user1' is a part of the following groups:
cn=FidoRegistrationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com
cn=FidoAuthenticationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com
cn=FidoAuthorizationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com
cn=newgroup,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com
*****************************************************************************
This is communicating that user1 is in the following groups:
- FidoRegistrationService-AuthorizedServiceCredentials
- FidoAuthenticationService-AuthorizedServiceCredentials
- FidoAuthorizationService-AuthorizedServiceCredentials
- newgroup
Remove User from Group
Usage
Usage:
manageSKFSCreds.sh removeUserFromGroup -did <domain id> -u -g [-p <LDAP bind password>]
Description:
This operation removes the specified user from the provided comma-separated list of groups.
Options:
-did, --domainid
The ID for the domain to perform this LDAP action on.
-u, --user
The LDAP user to perform this LDAP operation on.
-g, --group
The LDAP group to perform this operation on.
-p, --password
The LDAP bind password to access the local LDAP.
If this flag is omitted, this script will attempt to use the default LDAP password, 'Abcd1234!'. If this fails, the password will be prompted.
If the value of this flag is incorrect, this script will prompt for the bind password.
Remove user1 from the group FidoRegistrationService-AuthorizedServiceCredentials in Domain 1:
manageSKFSCreds.sh removeUserFromGroup -did 1 -u user1 -g FidoRegistrationService-AuthorizedServiceCredentials
Example Output
*****************************************************************************
$ fidoserver> ./manageSKFSCreds.sh removeUserFromGroup -did 1 -u user1 -g FidoRegistrationService-AuthorizedServiceCredentials
modifying entry "cn=FidoRegistrationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com"
Removed User 'user1' from Group 'FidoRegistrationService-AuthorizedServiceCredentials'
Done!
*****************************************************************************
Change User Password
Usage
Usage:
manageSKFSCreds.sh changeUserPassword -did <domain id> -u [-p <LDAP bind password>]
Description:
This operation changes the password for the specified LDAP user.
Options:
-did, --domainid
The ID for the domain to perform this LDAP action on.
-u, --user
The LDAP user to perform this LDAP operation on.
-p, --password
The LDAP bind password to access the local LDAP.
If this flag is omitted, this script will attempt to use the default LDAP password, 'Abcd1234!'. If this fails, the password will be prompted.
If the value of this flag is incorrect, this script will prompt for the bind password.
Change the password for user1 in Domain 1:
manageSKFSCreds.sh changeUserPassword -did 1 -u user1
Example Output
*****************************************************************************
$ fidoserver> ./manageSKFSCreds.sh changeUserPassword -did 1 -u user1
New password:
Re-enter new password:
Changed Password for User: 'user1'
*****************************************************************************
Delete User
Usage
Usage:
manageSKFSCreds.sh deleteUser -did <domain id> -u [-p <LDAP bind password>]
Description:
This operation removes the specified user from all groups they are a member of and deletes the user.
Options:
-did, --domainid
The ID for the domain to perform this LDAP action on.
-u, --user
The LDAP user to perform this LDAP operation on.
-p, --password
The LDAP bind password to access the local LDAP.
If this flag is omitted, this script will attempt to use the default LDAP password, 'Abcd1234!'. If this fails, the password will be prompted.
If the value of this flag is incorrect, this script will prompt for the bind password.
Delete the credential for user1 of Domain ID 1:
manageSKFSCreds.sh deleteUser -did 1 -u user1
Example Output
*****************************************************************************
$ fidoserver> ./manageSKFSCreds.sh deleteUser -did 1 -u user1
Removed User 'user1' from Group 'FidoAuthenticationService-AuthorizedServiceCredentials'
Removed User 'user1' from Group 'FidoAuthorizationService-AuthorizedServiceCredentials'
Deleted User: 'user1'
*****************************************************************************