Set Commands
The dicfg set commands set information about the DiveLine server configuration and resources, such as the server authentication type and security level, user password requirements, default and object ACL settings, and user and group settings. The sub-commands of the set command use one of the following syntax structures:
-
The sub-command is set directly and supports one value:
dicfg set <sub-command name> <value>
-
The sub-command is set directly and supports one or more keyword-value pairs:
dicfg set <sub-command name> -<keyword> <value>
-
The sub-command sets a Boolean value with the set boolean command:
dicfg set boolean -name <sub-command name> -value <TRUE | FALSE>
-
The sub-command sets an integer value with the set integer command:
dicfg set integer -name <sub-command name> -value <integer>
-
The sub-command sets a string value with the set string command:
dicfg set string -name <sub-command name> -value <string>
The dicfg set command has the following sub-commands. Click a command name to display a description, including any additional command options.
Command | Description |
---|---|
dicfg set acl | Creates a new object ACL or modifies settings of an existing object's ACL. |
-object <name>
|
Specifies the name of the object for which to set the ACL access control list. The security tool that DiveLine 6.x uses to control user and group access to the server. DiveLine 7.x applies access control rules to projects and can apply ACLs to non-project resources that use the 6.4 DiveLine namespace.. For example, demo_drl.mdl. |
-default
|
Sets values from the default ACL. |
-locked <TRUE | FALSE>
|
Temporarily blocks access to a model from non-administrative users, without having to change the ACL access. For example, this option can be used to lock a model that did not build properly while it is being rebuilt. |
-password <value>
|
Specifies the password for a model. Use this argument if the specified model is password protected. |
-user <name>
|
Specifies the name of the user for whom to set the ACL settings for the specified ACL object. |
-group <name>
|
Specifies the name of the group for which to set the ACL settings for the specified ACL object. |
-access <rwldmaut>
|
Sets the level of access that is granted in the specified ACL object. Valid access levels are r=read, w=write, l=list, d=download, m=modify, a=append, u=update, and t=tunnel. |
-limits "<name>(<value>)"
OR
-limits "<name>(\"<value>\"value>\",
\"<value>\",...)",
"<name>(\"<value>\",
\"<value>\",...)"
|
Sets any number of limit An ACL setting within DiveLine 6.x. Limit restricts which values in a particular dimension or info field can be seen by the specified user or group. values for the specified ACL object. For example, the following command limits the access of the user named "test" to the North and Boston sales regions of the sales model for the months of July and May: set acl -object /sales.mdl -user test -limits "Sales Region(\"North\",\"Boston\")", "Month(\"M07 July\","\M05 May\")" NOTE: You must use escaped quotes around the dimension values, as well as quotes around the whole limit string, when multiple values separated by commas are included in the same dimension value block, as in the example. |
-deletes "<name>,<name>,..."
|
Sets any number of delete An ACL setting within DiveLine 6.x. Delete hides selected dimensions, summaries, or info fields from the specified user or group. values for the specified ACL object. |
-append
|
Adds to an existing ACL, without overwriting it. |
Command | Description |
---|---|
dicfg set integer | See dicfg set integer. |
-name audit_column_max_rows
|
Sets the limit for the number of rows of data logged when auditing a column. |
-value <integer>
|
Specifies the maximum number of values to log in a column when recording a triggered window to the audit log. |
Command | Description |
---|---|
dicfg set auth_scheme | Sets the Authentication Type for the DiveLine server. Options include OWN, SYSTEM, Web Server (CGI), or LDAP. |
<OWN | SYSTEM | CGI | LDAP>
|
Specifies the Authentication Type. Must be entered in all capital letters. NOTE: CGI is Web Server. |
Command | Description |
---|---|
dicfg set integer | See dicfg set integer. |
-name auto_account_unlock_after
|
Sets the amount of time after which a locked user account is unlocked. |
-value <integer>
|
Specifies the amount of time in minutes. |
Command | Description |
---|---|
dicfg set Boolean | See dicfg set boolean. |
-name create_utf8_filenames_in_diveline_namespace
|
Controls encoding of new files created in the DiveLine Namespace on Linux. Use this command to ensure creation of UTF8-encoded filenames when using non-Unicode DiveLines. |
-value <TRUE | FALSE>
|
When set to TRUE, new filenames are UTF8-encoded rather than ANSI-encoded when using a non-Unicode DiveLine. When set to FALSE, new filenames are UTF8-encoded only if the DiveLine is Unicode. |
Command | Description |
---|---|
dicfg set default_acl | Sets the Default File ACL that applies to all objects within a directory. |
-object <name>
|
Specifies the name of the DiveLine directory for which to set the Default File ACL. For example, \Home or \Users. |
-locked <TRUE | FALSE>
|
Temporarily blocks access to a model from non-administrative users, without having to change the ACL access. This option can be used to lock a model that did not build properly, while it is being rebuilt. |
-password <value>
|
Specifies the password for a model, if the specified model is password protected. This is a legacy feature. |
-user <name>
|
Specifies the name of the user for whom to set the default File ACL settings for the specified default ACL object. |
-group <name>
|
Specifies the name of the group for which to set the default File ACL settings for the specified default ACL object. |
-access <rwldmaut>
|
Sets the level of access being granted in the specified default File ACL object. Valid access levels are r=read, w=write, l=list, d=download, m=modify, a=append, u=update, and t=tunnel. |
-limits "<name>(<value>)"
OR -limits "<name>(\"<value>\",\"<value>\",...)",
"<name>(\"<value>\",
\"<value>\",...)"
|
Sets any number of Limit values for the specified Default File ACL object. |
-deletes "<name>,<name>,..."
|
Sets any number of delete An ACL setting within DiveLine 6.x. Delete hides selected dimensions, summaries, or info fields from the specified user or group. values for the specified default File ACL object. |
-allow_missing_limit <TRUE | FALSE>
|
Allows access if a limit An ACL setting within DiveLine 6.x. Limit restricts which values in a particular dimension or info field can be seen by the specified user or group. column is not found in the model. |
-allows_missing_delete <TRUE | FALSE>
|
Allows access if a delete column is not found in model. |
-append
|
Adds to an existing default ACL, without overwriting it. |
Command | Description |
---|---|
dicfg set default_search_path | Sets the default search paths specified. This command overwrites all paths previously entered. |
-sp <path>,<path>,...
|
Specifies the default search paths to set. |
Command | Description |
---|---|
dicfg set boolean | See dicfg set boolean. |
-name disable_after_failed_logins
|
Controls whether user accounts are disabled after failed logon attempts. |
-value <TRUE, FALSE>
|
When set to TRUE, use the num_failed_logins command to set the number of failed logon attempts allowed before the account is locked. |
Command | Description |
---|---|
dicfg set disallow_username_in_password <TRUE, FALSE> | Indicates whether or not a username can be included in a password. TRUE indicates that a username cannot be included. Applies to authenticate type OWN. |
Command | Description |
---|---|
dicfg set integer | See dicfg set integer. |
-name forgive_failed_logins_after
|
Sets the period of time after which the number of failed logon attempts is reset to 0. After integer minutes of no logon attempts, or after any successful logon, all past logon failures are forgiven. |
-value <integer>
|
Specifies the period of time in minutes. The default is 240 minutes. |
Command | Description |
---|---|
dicfg set group | Defines or resets a group. |
-group <name>
|
Specifies a name for the group. |
-owner <name>
|
Sets the owner of the specified group, if sub-administration is being used. The owner can be set to a single user by entering the desired username, or to a group by entering group:<groupname> as the owner value. |
-description <string>
|
Sets the description of the specified group. |
Command | Description |
---|---|
dicfg set string | See dicfg set string. |
-name home_project
|
Enables the Home Project feature. |
-value <name>
|
Specifies the name of the home project. |
Command | Description |
---|---|
dicfg set Boolean | See dicfg set boolean. |
-name ldaps_debug_skip_cert_verification
|
Controls certification verification for LDAPS connections on Windows. Use this command to temporarily disable certification verification when trouble shooting LDAPS connections. |
-value <TRUE | FALSE>
|
When set to TRUE, skips certificate verification and accepts all certificates. Use TRUE only for troubleshooting. When set to FALSE, verifies certificates. Always set to FALSE after troubleshooting. |
Command | Description |
---|---|
dicfg set string |
See dicfg set string. |
-name ldap_tls
|
Controls the encryption when using LDAP on Linux. |
-value <string>
|
Valid strings:
|
Command | Description |
---|---|
dicfg set Boolean | See dicfg set boolean. |
-name log_config_changes
|
Specifies whether to log changes to the DiveLine server configuration. |
-value <TRUE | FALSE>
|
Set to TRUE to log details that can help with monitoring security. Log files are located in \dl-dataroot\logs\configuration-changes. The default is TRUE. |
Command | Description |
---|---|
dicfg set max_users <value> | Sets the maximum number of concurrent users allowed on the DiveLine server. |
Command | Description |
---|---|
dicfg set string | See Set String. |
-name message_of_the_day
|
Sets the DiveLine message to display to users at logon. |
-value <string>
|
Defines the text of the message for the end-users for all clients. How the client displays the message might vary. This command can be used to help with information security. |
Command | Description |
---|---|
dicfg set minimum_length <integer> | Specifies the minimum number of characters allowed in a password. Applies to authentication type OWN. |
Command | Description |
---|---|
dicfg set boolean | See dicfg set boolean. |
-name new_user_homedir_world_readable
|
Sets the default value for the Home Project feature's access control setting. |
-value <TRUE | FALSE>
|
When set to TRUE, the home directory owner has read/write access, and other users have read-only access. When set to FALSE, other users have no access. |
Command | Description |
---|---|
dicfg set integer |
See dicfg set integer. |
-name num_failed_logins
|
Sets the number of failed logon attempts allowed before the account is locked. Use this command with the disable_after_failed_logins command to control whether user accounts are disabled after the specified number of failed logon attempts. |
-value <integer>
|
Specifies the number of failed logon attempts. |
Command | Description |
---|---|
dicfg set oidc | Adds a new OIDC identity provider. |
-name <name> | Sets the name of the OIDC identity provider. Required. |
-issuer <url> | Sets the name of the OIDC issuer. |
-client_id <id> | Sets the client ID token supplied by the identity provider. |
-drop_domain <TRUE | FALSE> | When set to TRUE, any username formatted as [email protected] has the domain.com portion removed before looking for a matching user in the DiveLine user list. |
-domains <domain>, <domain>, ... | Sets a comma-separated list of which domains are used with the given Issuer and Client ID combination. |
-username_claim <attribute> | Sets names that might contain a DiveLine username as a value. This field accepts a comma-separated list for multiple potential names. This field accepts array notation. For example, given an array of usernames named users, providing users[0] returns the first element in the users array. |
-scopes <scope-list> | Sets a comma-seaprated list of values that, when sent to an Identity Provider, determines what, if any, additional information needs to be sent back to assist in authorization. |
-client_secret <secret> | Sets a unique string of information only shared by the Identity Provider and DiveLine. Specific to OIDC implementations that use Google as an Identity Provider. |
-discovery_endpoint <string> | Sets the Identity Provider's discovery URI. |
-authorization_endpoint <string> | Sets the Identity Provider's authorization URI. |
-token_endpoint <string> | Sets the Identity Provider's token URI. |
-metadata_uri <string> | Sets the Identity Provider's metadata URI. |
-jwks_url <url> | Sets the Identity Provider's JWKS URL. |
-webapp_response_ mode <string> | Sets the mode used when returning the OIDC response and parameters. The only available value is currently query. |
Command | Description |
---|---|
dicfg set string | See dicfg set string. |
-name password_reset_email_body_web
|
Specifies a custom email body for password-reset for DivePort clients. Applies to authenticate type OWN. |
-value <string>
|
Specifies the email body. |
Command | Description |
---|---|
dicfg set string | See dicfg set string. |
-name password_reset_email_from_address
|
Sets the required From: address on the password reset email. Applies to authenticate type OWN.
|
-value <string>
|
Specifies the email From: address. |
Command | Description |
---|---|
dicfg set string | See dicfg set string. |
-name password_reset_email_subject
|
Sets an optional subject for the custom password reset email. Applies to authenticate type OWN. |
-value <string>
|
Specifies the email subject. |
Command | Description |
---|---|
dicfg set integer | See dicfg set integer. |
-name password_reset_email_validity
|
Sets the time that the password reset link is valid for. Applies to authenticate type OWN. |
-value <integer>
|
Specifies the time in minutes. The default is 60 minutes. |
Command | Description |
---|---|
dicfg set Boolean | See dicfg set boolean. |
-name password_reset_enabled
|
Enables the password reset option. Applies to authenticate type OWN. |
-value <TRUE | FALSE>
|
Specifies whether to enable password reset. When set to TRUE, set the required email From: address with the password_reset_email_from_address command. When set to FALSE, the password reset feature is not available. |
Command | Description |
---|---|
dicfg set passwords_expire <TRUE | FALSE> | Controls whether all user account passwords are set to expire. Applies to authenticate type OWN. |
Command | Description |
---|---|
dicfg set require_digit <TRUE | FALSE> | Specifies whether or not passwords require a digit. TRUE indicates that a digit is required. Applies to authentication OWN. |
Command | Description |
---|---|
dicfg set require_punctuation <TRUE | FALSE> | Specifies whether or not passwords require punctuation. TRUE indicates that a punctuation mark is required. Applies to authentication OWN. |
Command | Description |
---|---|
dicfg set require_upper_and_lower_cases <TRUE | FALSE> | Specifies whether or not passwords require both upper and lower case characters. TRUE indicates that both upper and lower case characters are required. Applies to authentication OWN. |
Command | Description |
---|---|
dicfg set restrict_previous_passwords <integer> | Specifies the number of previous passwords a user can reuse. Applies to authentication OWN. |
Command | Description |
---|---|
dicfg set security_level |
Sets the security level for the DiveLine server. |
<0,1,2>
|
Specifies the security level to set. Valid values are 0, 1, or 2. |
Command | Description |
---|---|
dicfg set Boolean | See dicfg set boolean. |
-name show_last_login_info
|
Specifies whether or not to display information about the last logon by the user. |
-value <TRUE | FALSE>
|
TRUE indicates that after login, the client displays the last time the user was connected to the DiveLine and the client used. Default is FALSE. Use to help with information security. |
Command | Description |
---|---|
dicfg set string | Sets a string value. |
-name <name>
|
Specifies the name of the string. |
-value <string>
|
Sets the string value for the item name entered. For example: Sets the address for the broadcast_from_address item in the atlcfg.cfg file to [email protected]: dicfg set string -name broadcast_from_address -value [email protected] Sets the identification for automated error reporting: dicfg set string -name automated_reporting_id -value "GreenPants, Inc (contact [email protected])" Sets the DiveLine greetings that is displayed to users before logon. Defines the text of the message for the end-users for all clients. This command can be used to help with information security. dicfg set string -name welcome_message -value "Welcome to my DiveLine" |
Command | Description |
---|---|
dicfg set top_level | Sets the top-level directory for the DiveLine server, which is usually the DiveLine dataroot. |
<path>
|
Specifies the path to the top-level directory. |
Command | Description |
---|---|
dicfg set user | Creates a new user or modifies settings of an existing user. |
-user <name>
|
Identifies the user. |
-password <string>
|
Sets the password of the specified user. Applies to authentication type OWN only. |
-encrypt_password <string>
|
Sets the encrypted password of the specified user. Applies to authentication type OWN only. |
-delete_password | Deletes the password of the specified user. |
-homedir <path>
|
Sets the home directory of the specified user. |
-hide_username <TRUE | FALSE>
|
Controls whether to display or hide the user’s logon information in the ProDiver status bar. If set to TRUE, the information is hidden. |
-divebook <path>
|
Sets a default DiveBook for the specified user. The path entered must be a DiveLine path, not a system path. |
-sp <path>,<path>,...
|
Sets DiveLine search paths for the specified user. |
-sp_add <path>,<path>,...
|
Adds new DiveLine search paths for the specified existing user. |
-sp_remove <path>,<path>,...
|
Removes DiveLine search paths for the specified existing user. |
-groups <name>,<name>,...
|
Assigns the specified user to the groups that are named. Entering any new groups overwrites the existing groups, so be sure to include all groups when using dicfg set group. See groups_add. |
-groups_add <name>,<name>,...
|
Adds the specified groups to the user’s group attribute. |
-groups_remove <name>,<name>,...
|
Removes the specified groups from the user’s group attribute. |
-owner <name>
|
Assigns the user to the specified sub-administrative owner. The owner can be set to a single user by entering the desired username, or to a group by entering group:<groupname> as the owner value. |
-admin_flag <TRUE | FALSE>
|
Controls whether the user is a DiveLine administrator. If set to TRUE, the user is an administrator. |
-administrator <TRUE | FALSE>
|
Controls whether the user is a DiveLine administrator. If set to TRUE, the user is an administrator. |
-subadmin_flag <TRUE | FALSE>
|
Controls whether the user is a DiveLine sub-administrator. If set to TRUE, the user is a sub-administrator. |
-apptpl <path>
|
Sets a default application template for the specified user. |
-description <string>
|
Sets the description of the specified user. |
-fullname <string>
|
Sets the full name for the specified user. |
-shortname <string>
|
Sets the short name for the specified user. |
-email <string>
|
Sets the email address for the specified user. |
-can_change_password <TRUE | FALSE>
|
Specifies whether or not the named user is allowed to change their password. |
-requires_password_change <TRUE | FALSE>
|
Specifies whether or not the named user is required to change their password at the next logon. |
-disabled <TRUE | FALSE>
|
Disables or enables the specified user account. When set to TRUE, the user account is disabled. |
-disable_netdiver <TRUE | FALSE>
|
Disables or enables NetDiver access for the specified user account. |
-locked_out
|
Locks the specified user account. |
-licensing <string>
|
Sets the licensing level for the specified user. Available categories for Diver Platform are any of the user categories, specified in camel case, that are listed in your license, such as: Developer, ProDiver, DivePort, and DiveTab. If a user belongs to more than one category, use a comma-delimited list without spaces to set all the values. Available categories for Diver Solution are Casual, General, Advanced, and Developer. If none specified, defaults to Advanced. |
-auth_override <OWN | LDAP>
|
Resets authentication for this user. |
Command | Description |
---|---|
dicfg set string |
See Set String. |
-name welcome_message
|
Sets the DiveLine greeting that displays to users before logon. |
-value <string>
|
Defines the text of the message for the all end-user clients. This command can be used to help with information security. |
Sample set commands:
dicfg set default_acl -object hr -user bob -access r
dicfg set user -user bob -homedir /home/$USER
dicfg -dataroot c:\di\solution\dl-dataroot set acl -object /local_data/demo_drs.mdl -user test -append -limits "Product
Family(\"Butter\",\"Cheese\",\"Cream\",\"Egg\",\"Milk\",\"Yogurt")"
NOTE: You must use escaped quotes around the dimension values, as well as quotes around the whole limit string, when multiple values separated by commas are included in the same dimension value block, as in the example. However, if only one value is included, it can be entered as: -limits "<name>(<value>)".
dicfg set default_acl -object hr -user bob -limits "Hospital(Paoli,Powers)"
dicfg set default_acl -object /demo_drs.mdl -user "test" -limits "Product Family(Butter)"
dicfg set user -user Larry -licensing ProDiver,DivePort
dicfg set user -user Doug -licensing Developer
dicfg set user -user bob -homedir /home/$USER -licensing Developer -admin_flag TRUE
dicfg set user -user bob -encrypt_password "$.....="
dicfg set string -name "welcome_message" -value "New text"
dicfg set string -name "message_of_the_day" -value "New text"
If the subadmin_flag option is set to TRUE, non-administrative users can perform the following administrative tasks:
- Change user attributes of users that they own.
- Add or delete users from groups that they own.
- Use proxy logon in DivePort and ProDiver.
- Update permissions on existing ACLs for a user or group that they own.