groups command

This command displays and configures Active Directory groups of the primary CMM. This group information is used only when LDAP servers are enabled for authentication with local authorization.

If command syntax is not correctly entered, or if a command fails to run, an error message is returned. See Common errors for a list of error messages that apply to all commands or groups command errors for a list of error messages that are specific to the groups command.

Table 1. groups (Active Directory groups) command.

The command table is a multi-row, four-column table where each row describes a CMM CLI command option: column one lists command function, column two provides a detailed command description, column three shows command-option syntax, and column four lists valid command targets.

Function What it does Command Target (see paths in Command targets)
Display all Active Directory groups Displays all Active Directory groups, up to 16, configured for the Flex System Enterprise Chassis. groups
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Display specific Active Directory group Displays information for the specified Active Directory group. groups -n group_name

group_name is the unique alphanumeric string, up to 63 characters in length, that identifies the Active Directory group.

Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Add new Active Directory group Adds a new Active Directory group.
Note: When adding a new group you must specify:
  • a unique group name using the -n command option.
  • a role-based security level for the group using the -a command option.
groups -add -n group_name -a group_authority

where:

  • group_name is a alphanumeric string up to 63 characters in length that can include periods ( . ) and underscores ( _ ). Each of the 16 group names must be unique.
  • group_authority uses the following syntax:
    • operator (Operator)
    • rbs:roles:scope
      where the roles are one or more of the following authority levels, separated by a vertical bar ( | ):
      • super (Supervisor)
      • cam (Chassis User Account Management)
      • clm (Chassis Log Management)
      • co (Chassis Operator)
      • cc (Chassis Configuration)
      • ca (Chassis Administration)
      • bo (Blade Operator)
      • brp (Blade Remote Present)
      • bc (Blade Configuration)
      • ba (Blade Administration)
      • so (I/O Module Operator)
      • sc (I/O Module Configuration)
      • sa (I/O Module Administration)
(continued on next page)
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Add new Active Directory group

(continued)

 

where the scope is one or more of the following devices, separated by a vertical bar ( | ). Ranges of devices are separated by a dash ( - ).

  • c n (Chassis n, where n is 1 for the Active Directory environment.)
  • b n (Blade n, where n is a valid node bay number in the chassis)
  • s n (I/O module n, where n is a valid I/O-bay number in the chassis)
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis configuration
See Commands and user authority for additional information.
 
Set Active Directory group authority level Sets the authority level for the specified Active Directory group. groups -n group_name -a group_authority

where:

  • group_name is the unique alphanumeric string, up to 63 characters in length, that identifies the Active Directory group.
  • group_authority uses the following syntax:
    • operator (Operator)
    • rbs:roles:scope
      where the roles are one or more of the following authority levels, separated by a vertical bar ( | ):
      • super (Supervisor)
      • cam (Chassis User Account Management)
      • clm (Chassis Log Management)
      • co (Chassis Operator)
      • cc (Chassis Configuration)
      • ca (Chassis Administration)
      • bo (Blade Operator)
      • brp (Blade Remote Present)
      • bc (Blade Configuration)
      • ba (Blade Administration)
      • so (I/O Module Operator)
      • sc (I/O Module Configuration)
      • sa (I/O Module Administration)
(continued on next page)
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Set Active Directory group authority level

(continued)

 

where the scope is one or more of the following devices, separated by a vertical bar ( | ). Ranges of devices are separated by a dash ( - ).

  • c n (Chassis n, where n is 1 for the Active Directory environment.)
  • b n (Blade n, where n is a valid node bay number in the chassis)
  • s n (I/O module n, where n is a valid I/O-bay number in the chassis)
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis configuration
See Commands and user authority for additional information.
 
Delete Active Directory group Delete the specified Active Directory group. groups -n group_name-clear

group_name is the unique alphanumeric string, up to 63 characters in length, that identifies the Active Directory group.

This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis configuration
See Commands and user authority for additional information.
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Example: To create an Active Directory group with a group name of admin1 that has supervisor rights to all Flex System components, while the Flex System Enterprise Chassis is set as the persistent command environment, at the system> prompt, type
groups -add -n admin1 -a rbs:super -T mm[p]
To display information for the group named admin1, while the Flex System Enterprise Chassis is set as the persistent command environment, at the system> prompt, type
groups -n admin1 -T mm[p]
To change the security role of the group named admin1 to blade administration with a scope of compute nodes 1 through 14 (all compute nodes), while the Flex System Enterprise Chassis is set as the persistent command environment, at the system> prompt, type
groups -n admin1 -a rbs:ba:b1-b14 -T mm[p]
To delete the group named admin1, while the Flex System Enterprise Chassis is set as the persistent command environment, at the system> prompt, type
groups -n admin1 -clear -T mm[p]

The following example shows the information that is returned from these commands:

system> groups -add -n admin1 -a rbs:super -T mm[p]
OK
system> groups -n admin1  -T mm[p]

-a Role:supervisor
   Blades:1|2|3|4|5|6|7|8|9|10|11|12|13|14
   Chassis:1
   Modules:1|2|3|4

system> groups -n admin1 -a rbs:ba:b1-b14 -T mm[p]
OK
system> groups -n admin1 -clear -T mm[p]
OK
system>