Set Commands

The dicfg set commands set information about the DiveLine server configuration and resources, such as the server authentication type and security level, user password requirements, default and object ACL settings, and user and group settings. The sub-commands of the set command use one of the following syntax structures:

The sub-command is set directly and supports one value:

dicfg set <sub-command name> <value>
The sub-command is set directly and supports one or more keyword-value pairs:

dicfg set <sub-command name> -<keyword> <value>
The sub-command sets a Boolean value with the set boolean command:

dicfg set boolean -name <sub-command name> -value <TRUE | FALSE>
The sub-command sets an integer value with the set integer command:

dicfg set integer -name <sub-command name> -value <integer>
The sub-command sets a string value with the set string command:

dicfg set string -name <sub-command name> -value <string>

The dicfg set command has the following sub-commands. Click a command name to display a description, including any additional command options.

acl

Command	Description
`dicfg set acl`	Creates a new object ACL or modifies settings of an existing object's ACL.
`-object <name>`	Specifies the name of the object for which to set the ACL access control list. The security tool that DiveLine 6.x uses to control user and group access to the server. DiveLine 7.x applies access control rules to projects and can apply ACLs to non-project resources that use the 6.4 DiveLine namespace.. For example, demo_drl.mdl.
`-default`	Sets values from the default ACL.
`-locked <TRUE \| FALSE>`	Temporarily blocks access to a model from non-administrative users, without having to change the ACL access. For example, this option can be used to lock a model that did not build properly while it is being rebuilt.
`-password <value>`	Specifies the password for a model. Use this argument if the specified model is password protected.
`-user <name>`	Specifies the name of the user for whom to set the ACL settings for the specified ACL object.
`-group <name>`	Specifies the name of the group for which to set the ACL settings for the specified ACL object.
`-access <rwldmaut>`	Sets the level of access that is granted in the specified ACL object. Valid access levels are r=read, w=write, l=list, d=download, m=modify, a=append, u=update, and t=tunnel.
`-limits "<name>(<value>)"` OR `-limits "<name>(\"<value>\"value>\", \"<value>\",...)", "<name>(\"<value>\", \"<value>\",...)"`	Sets any number of limit An ACL setting within DiveLine 6.x. Limit restricts which values in a particular dimension or info field can be seen by the specified user or group. values for the specified ACL object. For example, the following command limits the access of the user named "test" to the North and Boston sales regions of the sales model for the months of July and May: `set acl -object /sales.mdl -user test -limits "Sales Region(\"North\",\"Boston\")", "Month(\"M07 July\","\M05 May\")"` NOTE: You must use escaped quotes around the dimension values, as well as quotes around the whole limit string, when multiple values separated by commas are included in the same dimension value block, as in the example.
`-deletes "<name>,<name>,..."`	Sets any number of delete An ACL setting within DiveLine 6.x. Delete hides selected dimensions, summaries, or info fields from the specified user or group. values for the specified ACL object.
`-append`	Adds to an existing ACL, without overwriting it.

audit_column_max_rows

Command	Description
`dicfg set integer`	See dicfg set integer.
`-name audit_column_max_rows`	Sets the limit for the number of rows of data logged when auditing a column.
`-value <integer>`	Specifies the maximum number of values to log in a column when recording a triggered window to the audit log.

auth_scheme

Command	Description
`dicfg set auth_scheme`	Sets the Authentication Type for the DiveLine server. Options include OWN, SYSTEM, Web Server (CGI), or LDAP.
`<OWN \| SYSTEM \| CGI \| LDAP>`	Specifies the Authentication Type. Must be entered in all capital letters. NOTE: CGI is Web Server.

Command

Description

dicfg set auth_scheme

Sets the Authentication Type for the DiveLine server. Options include OWN, SYSTEM, Web Server (CGI), or LDAP.

<OWN | SYSTEM | CGI | LDAP>

Specifies the Authentication Type. Must be entered in all capital letters.

NOTE: CGI is Web Server.

auto_account_unlock_after

Command	Description
`dicfg set integer`	See dicfg set integer.
`-name auto_account_unlock_after`	Sets the amount of time after which a locked user account is unlocked.
`-value <integer>`	Specifies the amount of time in minutes.

boolean

Command	Description
`dicfg set boolean`	Sets a Boolean value.
`-name <name>`	Specifies the name of the Boolean item.
`-value <TRUE \| FALSE>`	Sets the Boolean value for the named item. For example: Prevents users from being required to change their password: `dicfg set boolean -name reset_passwords_for_new_hash -value FALSE` Prevents removal of the old hash: `dicfg set boolean -name keep_old_hashes -value TRUE` Suppresses the display of the DivePort URL in password reset email messages: `dicfg set boolean -name password_reset_hide_URL -value TRUE` Enables logging of DivePort queries generated by portlets. The queries are captured in the DiveLine session logs. `dicfg set boolean -name log_spectre_requests -value TRUE` Enables logging, in accordance with defined audit rules, of Dive requests from DivePort portlets using Spectre data sources without markers. This is on by default. `dicfg set boolean -name audit_spectre_requests -value TRUE` Disables the creation of DiveLine session logs: `dicfg set boolean -name` `session_logging` `-value FALSE` Enables the capture in DiveLine event logs, activities for any connected ProDiver user that prints, saves, or copies a window to the clipboard: `dicfg set boolean -name` `log_data_export` `-value TRUE`

Command

Description

dicfg set boolean

Sets a Boolean value.

-name <name>

Specifies the name of the Boolean item.

-value <TRUE | FALSE>

Sets the Boolean value for the named item.

For example:

Prevents users from being required to change their password:

dicfg set boolean -name reset_passwords_for_new_hash -value FALSE

Prevents removal of the old hash:

dicfg set boolean -name keep_old_hashes -value TRUE

Suppresses the display of the DivePort URL in password reset email messages:

dicfg set boolean -name password_reset_hide_URL -value TRUE

Enables logging of DivePort queries generated by portlets. The queries are captured in the DiveLine session logs.

dicfg set boolean -name log_spectre_requests -value TRUE

Enables logging, in accordance with defined audit rules, of Dive requests from DivePort portlets using Spectre data sources without markers. This is on by default.

dicfg set boolean -name audit_spectre_requests -value TRUE

Disables the creation of DiveLine session logs:

dicfg set boolean -name session_logging -value FALSE

Enables the capture in DiveLine event logs, activities for any connected ProDiver user that prints, saves, or copies a window to the clipboard:

dicfg set boolean -name log_data_export -value TRUE

create_utf8_filenames_in_diveline_namespace

Command

Description

dicfg set Boolean

See dicfg set boolean.

-name create_utf8_filenames_in_diveline_namespace

Controls encoding of new files created in the DiveLine Namespace on Linux. Use this command to ensure creation of UTF8-encoded filenames when using non-Unicode DiveLines.

-value <TRUE | FALSE>

When set to TRUE, new filenames are UTF8-encoded rather than ANSI-encoded when using a non-Unicode DiveLine.

When set to FALSE, new filenames are UTF8-encoded only if the DiveLine is Unicode.

default_acl

Command	Description
`dicfg set default_acl`	Sets the Default File ACL that applies to all objects within a directory.
`-object <name>`	Specifies the name of the DiveLine directory for which to set the Default File ACL. For example, \Home or \Users.
`-locked <TRUE \| FALSE>`	Temporarily blocks access to a model from non-administrative users, without having to change the ACL access. This option can be used to lock a model that did not build properly, while it is being rebuilt.
`-password <value>`	Specifies the password for a model, if the specified model is password protected. This is a legacy feature.
`-user <name>`	Specifies the name of the user for whom to set the default File ACL settings for the specified default ACL object.
`-group <name>`	Specifies the name of the group for which to set the default File ACL settings for the specified default ACL object.
`-access <rwldmaut>`	Sets the level of access being granted in the specified default File ACL object. Valid access levels are r=read, w=write, l=list, d=download, m=modify, a=append, u=update, and t=tunnel.
`-limits "<name>(<value>)"` OR `-limits "<name>(\"<value>\",\"<value>\",...)", "<name>(\"<value>\", \"<value>\",...)"`	Sets any number of Limit values for the specified Default File ACL object.
`-deletes "<name>,<name>,..."`	Sets any number of delete An ACL setting within DiveLine 6.x. Delete hides selected dimensions, summaries, or info fields from the specified user or group. values for the specified default File ACL object.
`-allow_missing_limit <TRUE \| FALSE>`	Allows access if a limit An ACL setting within DiveLine 6.x. Limit restricts which values in a particular dimension or info field can be seen by the specified user or group. column is not found in the model.
`-allows_missing_delete <TRUE \| FALSE>`	Allows access if a delete column is not found in model.
`-append`	Adds to an existing default ACL, without overwriting it.

default_search_path

Command	Description
`dicfg set default_search_path`	Sets the default search paths specified. This command overwrites all paths previously entered.
`-sp <path>,<path>,...`	Specifies the default search paths to set.

disable_after_failed_logins

Command	Description
`dicfg set boolean`	See dicfg set boolean.
`-name disable_after_failed_logins`	Controls whether user accounts are disabled after failed logon attempts.
`-value <TRUE, FALSE>`	When set to `TRUE`, use the `num_failed_logins` command to set the number of failed logon attempts allowed before the account is locked.

disallow_username_in_password

Command	Description
`dicfg set disallow_username_in_password <TRUE, FALSE>`	Indicates whether or not a username can be included in a password. TRUE indicates that a username cannot be included. Applies to authenticate type OWN.

forgive_failed_logins_after

Command	Description
`dicfg set integer`	See dicfg set integer.
`-name forgive_failed_logins_after`	Sets the period of time after which the number of failed logon attempts is reset to 0. After integer minutes of no logon attempts, or after any successful logon, all past logon failures are forgiven.
`-value <integer>`	Specifies the period of time in minutes. The default is 240 minutes.

group

Command	Description
`dicfg set group`	Defines or resets a group.
`-group <name>`	Specifies a name for the group.
`-owner <name>`	Sets the owner of the specified group, if sub-administration is being used. The owner can be set to a single user by entering the desired username, or to a group by entering group:<groupname> as the owner value.
`-description <string>`	Sets the description of the specified group.

home-project

Command	Description
`dicfg set string`	See dicfg set string.
`-name home_project`	Enables the Home Project feature.
`-value <name>`	Specifies the name of the home project.

integer

Command	Description
`dicfg set integer`	Specifies an integer value.
`-name <name>`	Specifies the item name.
`-value <integer>`	Sets the integer value for the item name entered. For example: Sets the client_keep_alive item in the atlcfg.cfg file to 5: `dicfg set integer -name client_keep_alive -value 5` Sets the automated reporting on. If on, DiveLine clients that support this feature trigger report-sending code when certain failures occur. The report is sent to DI via HTTP, so the server must have external access for this to work. Set the value to 0 to turn off automatic reporting. `dicfg set integer -name automated_reporting -value 1`

Command

Description

dicfg set integer

Specifies an integer value.

-name <name>

Specifies the item name.

-value <integer>

Sets the integer value for the item name entered. For example:

Sets the client_keep_alive item in the atlcfg.cfg file to 5:

dicfg set integer -name client_keep_alive -value 5

Sets the automated reporting on. If on, DiveLine clients that support this feature trigger report-sending code when certain failures occur. The report is sent to DI via HTTP, so the server must have external access for this to work. Set the value to 0 to turn off automatic reporting.

dicfg set integer -name automated_reporting -value 1

ldaps_debug_skip_cert_verification

Command

Description

dicfg set Boolean

See dicfg set boolean.

-name ldaps_debug_skip_cert_verification

Controls certification verification for LDAPS connections on Windows. Use this command to temporarily disable certification verification when trouble shooting LDAPS connections.

-value <TRUE | FALSE>

When set to TRUE, skips certificate verification and accepts all certificates. Use TRUE only for troubleshooting.

When set to FALSE, verifies certificates. Always set to FALSE after troubleshooting.

ldap_tls

Command

Description

dicfg set string

See dicfg set string.

-name ldap_tls

Controls the encryption when using LDAP on Linux.

-value <string>

Valid strings:

“always”—Requires encryption via STARTTLS when using ldap:// URI.
“none”—Do not attempt STARTTLS.
“optional”—Encryption not required. Use only for debugging.

log_config_changes

Command	Description
`dicfg set Boolean`	See dicfg set boolean.
`-name log_config_changes`	Specifies whether to log changes to the DiveLine server configuration.
`-value <TRUE \| FALSE>`	Set to TRUE to log details that can help with monitoring security. Log files are located in \dl-dataroot\logs\configuration-changes. The default is TRUE.

max_users

Command	Description
`dicfg set max_users <value>`	Sets the maximum number of concurrent users allowed on the DiveLine server.

message_of_the_day

Command	Description
`dicfg set string`	See Set String.
`-name message_of_the_day`	Sets the DiveLine message to display to users at logon.
`-value <string>`	Defines the text of the message for the end-users for all clients. How the client displays the message might vary. This command can be used to help with information security.

minimum_length

Command	Description
`dicfg set minimum_length <integer>`	Specifies the minimum number of characters allowed in a password. Applies to authentication type OWN.

new_user_homedir_world_readable

Command

Description

dicfg set boolean

See dicfg set boolean.

-name new_user_homedir_world_readable

Sets the default value for the Home Project feature's access control setting.

-value <TRUE | FALSE>

When set to TRUE, the home directory owner has read/write access, and other users have read-only access.

When set to FALSE, other users have no access.

num_failed_logins

Command

Description

dicfg set integer

See dicfg set integer.

-name num_failed_logins

Sets the number of failed logon attempts allowed before the account is locked.

Use this command with the disable_after_failed_logins command to control whether user accounts are disabled after the specified number of failed logon attempts.

-value <integer>

Specifies the number of failed logon attempts.

oidc

Command	Description
`dicfg set oidc`	Adds a new OIDC identity provider.
`-name <name>`	Sets the name of the OIDC identity provider. Required.
`-issuer <url>`	Sets the name of the OIDC issuer.
`-client_id <id>`	Sets the client ID token supplied by the identity provider.
`-drop_domain <TRUE \| FALSE>`	When set to TRUE, any username formatted as [email protected] has the domain.com portion removed before looking for a matching user in the DiveLine user list.
`-domains <domain>, <domain>, ...`	Sets a comma-separated list of which domains are used with the given Issuer and Client ID combination.
`-username_claim <attribute>`	Sets names that might contain a DiveLine username as a value. This field accepts a comma-separated list for multiple potential names. This field accepts array notation. For example, given an array of usernames named users, providing `users[0]` returns the first element in the users array.
`-scopes <scope-list>`	Sets a comma-seaprated list of values that, when sent to an Identity Provider, determines what, if any, additional information needs to be sent back to assist in authorization.
`-client_secret <secret>`	Sets a unique string of information only shared by the Identity Provider and DiveLine. Specific to OIDC implementations that use Google as an Identity Provider.
`-discovery_endpoint <string>`	Sets the Identity Provider's discovery URI.
`-authorization_endpoint <string>`	Sets the Identity Provider's authorization URI.
`-token_endpoint <string>`	Sets the Identity Provider's token URI.
`-metadata_uri <string>`	Sets the Identity Provider's metadata URI.
`-jwks_url <url>`	Sets the Identity Provider's JWKS URL.
`-webapp_response_ mode <string>`	Sets the mode used when returning the OIDC response and parameters. The only available value is currently `query`.

password_reset_email_body_web

Command	Description
`dicfg set string`	See dicfg set string.
`-name password_reset_email_body_web`	Specifies a custom email body for password-reset for DivePort clients. Applies to authenticate type OWN.
`-value <string>`	Specifies the email body.

password_reset_email_from_address

Command

Description

dicfg set string

See dicfg set string.

-name password_reset_email_from_address

Sets the required From: address on the password reset email. Applies to authenticate type OWN.

-value <string>

Specifies the email From: address.

password_reset_email_subject

Command	Description
`dicfg set string`	See dicfg set string.
`-name password_reset_email_subject`	Sets an optional subject for the custom password reset email. Applies to authenticate type OWN.
`-value <string>`	Specifies the email subject.

password_reset_email_validity

Command	Description
`dicfg set integer`	See dicfg set integer.
`-name password_reset_email_validity`	Sets the time that the password reset link is valid for. Applies to authenticate type OWN.
`-value <integer>`	Specifies the time in minutes. The default is 60 minutes.

password_reset_enabled

Command

Description

dicfg set Boolean

See dicfg set boolean.

-name password_reset_enabled

Enables the password reset option. Applies to authenticate type OWN.

-value <TRUE | FALSE>

Specifies whether to enable password reset.

When set to TRUE, set the required email From: address with the password_reset_email_from_address command.

When set to FALSE, the password reset feature is not available.

passwords_expire

Command	Description
`dicfg set passwords_expire <TRUE \| FALSE>`	Controls whether all user account passwords are set to expire. Applies to authenticate type OWN.

require_digit

Command	Description
`dicfg set require_digit <TRUE \| FALSE>`	Specifies whether or not passwords require a digit. TRUE indicates that a digit is required. Applies to authentication OWN.

require_punctuation

Command	Description
`dicfg set require_punctuation <TRUE \| FALSE>`	Specifies whether or not passwords require punctuation. TRUE indicates that a punctuation mark is required. Applies to authentication OWN.

require_upper_and_lower_cases

Command	Description
`dicfg set require_upper_and_lower_cases <TRUE \| FALSE>`	Specifies whether or not passwords require both upper and lower case characters. TRUE indicates that both upper and lower case characters are required. Applies to authentication OWN.

restrict_previous_passwords

Command	Description
`dicfg set restrict_previous_passwords <integer>`	Specifies the number of previous passwords a user can reuse. Applies to authentication OWN.

security_level

Command	Description
`dicfg set security_level`	Sets the security level for the DiveLine server. See Security Levels (6.4 DiveLine Namespace).
`<0,1,2>`	Specifies the security level to set. Valid values are 0, 1, or 2.

Command

Description

dicfg set security_level

Sets the security level for the DiveLine server.

See Security Levels (6.4 DiveLine Namespace).

<0,1,2>

Specifies the security level to set. Valid values are 0, 1, or 2.

show_last_login_info

Command	Description
`dicfg set Boolean`	See dicfg set boolean.
`-name show_last_login_info`	Specifies whether or not to display information about the last logon by the user.
`-value <TRUE \| FALSE>`	TRUE indicates that after login, the client displays the last time the user was connected to the DiveLine and the client used. Default is FALSE. Use to help with information security.

string

Command	Description
`dicfg set string`	Sets a string value.
`-name <name>`	Specifies the name of the string.
`-value <string>`	Sets the string value for the item name entered. For example: Sets the address for the broadcast_from_address item in the atlcfg.cfg file to [email protected]: `dicfg set string -name broadcast_from_address -value [email protected]` Sets the identification for automated error reporting: `dicfg set string -name automated_reporting_id -value "GreenPants, Inc (contact [email protected])"` Sets the DiveLine greetings that is displayed to users before logon. Defines the text of the message for the end-users for all clients. This command can be used to help with information security. `dicfg set string -name welcome_message -value "Welcome to my DiveLine"`

Command

Description

dicfg set string

Sets a string value.

-name <name>

Specifies the name of the string.

-value <string>

Sets the string value for the item name entered. For example:

Sets the address for the broadcast_from_address item in the atlcfg.cfg file to [email protected]:

dicfg set string -name broadcast_from_address -value [email protected]

Sets the identification for automated error reporting:

dicfg set string -name automated_reporting_id -value "GreenPants, Inc (contact [email protected])"

Sets the DiveLine greetings that is displayed to users before logon. Defines the text of the message for the end-users for all clients. This command can be used to help with information security.

dicfg set string -name welcome_message -value "Welcome to my DiveLine"

top_level

Command	Description
`dicfg set top_level`	Sets the top-level directory for the DiveLine server, which is usually the DiveLine dataroot.
`<path>`	Specifies the path to the top-level directory.

user

Command	Description
`dicfg set user`	Creates a new user or modifies settings of an existing user.
`-user <name>`	Identifies the user.
`-password <string>`	Sets the password of the specified user. Applies to authentication type OWN only.
`-encrypt_password <string>`	Sets the encrypted password of the specified user. Applies to authentication type OWN only.
`-delete_password`	Deletes the password of the specified user. Found in DiveLine 7.2(32).
`-homedir <path>`	Sets the home directory of the specified user.
`-hide_username <TRUE \| FALSE>`	Controls whether to display or hide the user’s logon information in the ProDiver status bar. If set to TRUE, the information is hidden.
`-divebook <path>`	Sets a default DiveBook for the specified user. The path entered must be a DiveLine path, not a system path.
`-sp <path>,<path>,...`	Sets DiveLine search paths for the specified user.
`-sp_add <path>,<path>,...`	Adds new DiveLine search paths for the specified existing user.
`-sp_remove <path>,<path>,...`	Removes DiveLine search paths for the specified existing user.
`-groups <name>,<name>,...`	Assigns the specified user to the groups that are named. Entering any new groups overwrites the existing groups, so be sure to include all groups when using dicfg set group. See groups_add.
`-groups_add <name>,<name>,...`	Adds the specified groups to the user’s group attribute.
`-groups_remove <name>,<name>,...`	Removes the specified groups from the user’s group attribute.
`-owner <name>`	Assigns the user to the specified sub-administrative owner. The owner can be set to a single user by entering the desired username, or to a group by entering group:<groupname> as the owner value.
`-admin_flag <TRUE \| FALSE>`	Controls whether the user is a DiveLine administrator. If set to TRUE, the user is an administrator.
`-administrator <TRUE \| FALSE>`	Controls whether the user is a DiveLine administrator. If set to TRUE, the user is an administrator.
`-subadmin_flag <TRUE \| FALSE>`	Controls whether the user is a DiveLine sub-administrator. If set to TRUE, the user is a sub-administrator.
`-apptpl <path>`	Sets a default application template for the specified user.
`-description <string>`	Sets the description of the specified user.
`-fullname <string>`	Sets the full name for the specified user.
`-shortname <string>`	Sets the short name for the specified user.
`-email <string>`	Sets the email address for the specified user.
`-can_change_password <TRUE \| FALSE>`	Specifies whether or not the named user is allowed to change their password.
`-requires_password_change <TRUE \| FALSE>`	Specifies whether or not the named user is required to change their password at the next logon.
`-disabled <TRUE \| FALSE>`	Disables or enables the specified user account. When set to TRUE, the user account is disabled.
`-disable_netdiver <TRUE \| FALSE>`	Disables or enables NetDiver access for the specified user account.
`-locked_out`	Locks the specified user account.
`-licensing <string>`	Sets the licensing level for the specified user. Available categories for Diver Platform are any of the user categories, specified in camel case, that are listed in your license, such as: Developer, ProDiver, DivePort, and DiveTab. If a user belongs to more than one category, use a comma-delimited list without spaces to set all the values. Available categories for Diver Solution are Casual, General, Advanced, and Developer. If none specified, defaults to Advanced.
`-auth_override <OWN \| LDAP>`	Resets authentication for this user.

welcome_message

Command	Description
`dicfg set string`	See Set String.
`-name welcome_message`	Sets the DiveLine greeting that displays to users before logon.
`-value <string>`	Defines the text of the message for the all end-user clients. This command can be used to help with information security.

Sample set commands:

dicfg set default_acl -object hr -user bob -access r

dicfg set user -user bob -homedir /home/$USER

dicfg -dataroot c:\di\solution\dl-dataroot set acl -object /local_data/demo_drs.mdl -user test -append -limits "Product

Family(\"Butter\",\"Cheese\",\"Cream\",\"Egg\",\"Milk\",\"Yogurt")"

NOTE: You must use escaped quotes around the dimension values, as well as quotes around the whole limit string, when multiple values separated by commas are included in the same dimension value block, as in the example. However, if only one value is included, it can be entered as:-limits "<name>(<value>)".

dicfg set default_acl -object hr -user bob -limits "Hospital(Paoli,Powers)"

dicfg set default_acl -object /demo_drs.mdl -user "test" -limits "Product Family(Butter)"

dicfg set user -user Larry -licensing ProDiver,DivePort

dicfg set user -user Doug -licensing Developer

dicfg set user -user bob -homedir /home/$USER -licensing Developer -admin_flag TRUE

dicfg set user -user bob -encrypt_password "$.....="

dicfg set string -name "welcome_message" -value "New text"

dicfg set string -name "message_of_the_day" -value "New text"

If the subadmin_flag option is set to TRUE, non-administrative users can perform the following administrative tasks:

Change user attributes of users that they own.
Add or delete users from groups that they own.
Use proxy logon in DivePort and ProDiver.
Update permissions on existing ACLs for a user or group that they own.