Configuring agtgdmno
The Domino server script agent (agtgdmno) uses a configuration file that is specified as part of target system address. It has the following form:
"" "" = {
"<operation_1>" "" = {
....
}
"<operation_2>" "" = {
....
}
.
.
.
"<operation_N>" "" = {
....
}
}where the supported operations are:
change Changes the password for an account, from a known current value to a desired new value. If the application supports the concept of intruder lockout, then the intruder lockout counter is cleared and the account unlocked. If the application supports the concept of password expiry, then the expiry date is set according to the expiry policy of the application.
reset Administratively resets an account’s password to a new value. If the application supports the concept of intruder lockout, then the intruder lockout counter is cleared and the account unlocked. If the application supports the concept of password expiry, then the expiry date is set according to the expiry policy of the application. Disabled accounts will remain disabled.
adminverify Checks if a given password is the correct, current password for an account without triggering an intruder lockout if the password is not correct.
verifyreset Verifies if the account’s password matches the new password, and if the verification fails, administratively sets it to the new password. If the verification succeeds, then the reset is not necessary, and the operation returns success.
resetexpirepw Administratively resets an account’s password to a new value and expires the account’s new password, so that the user is forced to change his password the next time he logs in.
expirepw Expires an account’s password.
ispwexpired Checks if an account’s password is expired.
unexpirepw Unexpires an account’s password.
list List users, groups, and/or attributes,each one defined as a KVGroup inside of list.
verify Checks if a given password is the correct, current password for an account. If the application supports the concept of intruder lockout and the verification fails, the intruder lockout counter is incremented.
userattributes Lists attributes for a specified account.
isenabled Checks if an account is enabled.
enable Enables an account.
disable Disables an account.
rename Renames an existing account’s short ID.
create Creates a new account on the target system. This operation creates the account (possibly using a template for some attribute values), then sets other attribute values – including the password for the new account.
This operation should return the group ID.
delete Deletes an existing account on the target system. The typical behavior is to first ensure that the account being deleted exists.
update Updates attributes for an existing account.
This operation should return the group ID.
expireacct Expires an account.
isacctexpired Checks if an account is expired.
unexpireacct Unexpires an account.
lock Locks an account (sets the intruder lockout).
unlock Unlocks an account (clears the intruder lockout).
islocked Checks if an account is locked.
groupuseradd Adds an account to a group.
This operation must return a status.
groupuserdelete Removes an account from a group.
This operation must return a status.
movecontext Moves an account to a new context or location on a context-sensitive target. This operation should return the account’s long ID and short ID.
groupcreate Creates the specified group.
groupdelete Deletes the specified group.
How the file is configured depends on whether the target system database is names.nsf or a generic Domino database. Guidelines for creating the configuration file are provided for both scenarios. A sample configuration file (agtgdmno.cfg) is provided in the <instance>\samples\ directory.
If you cannot find the sample file, try re-running setup to modify your installation. Sample files are automatically installed with complete (typical) installations. You can select them in custom installations.
The agtgdnmo.cfg file must be saved in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory with UTF-8 encoding.