ucl user create

To add a user, the partition's SOSecurity officer - UKC partition administrator role. may use the following options:

• Add User Authenticated by CORE
ucl user create -n --name <user name> // see Username Characters -d --user_password <user password> // must comply with the partition's password rules. -r --role <name of role> // select "user", "so" or a custom-role name.

Example:

ucl user create -n tester1 -d Tester1! --role CodeSigner -p CodeSign1

• Add User Authenticated by LDAPLightweight Directory Access Protocol
ucl user create --ldap // flag. Indicates LDAP-based authentication -n --name <username> // as specified in the LDAP directory -r --role <name of role> // select "user", "so" or a custom role-name.

--name as specified in the LDAPLightweight Directory Access Protocol directory. Use single quotes to enclose space-separated strings:

ucl user create --ldap --name 'Alice B. Doe' --role Verifier -p CodeSign1

Note
LDAPLightweight Directory Access Protocol-managed username is accepted as is.
This feature allows adding new LDAPLightweight Directory Access Protocol users to a system that is currently disconnected from the LDAPLightweight Directory Access Protocol provider or even before the LDAPLightweight Directory Access Protocol provider has been defined in the system settings.

ucl user list

To list the partition's user names, its SOSecurity officer - UKC partition administrator role. uses the following command.

ucl user list

ucl user show

To review a user's role, failed password count, and status:

Example:

In the case of CORE or LDAPLightweight Directory Access Protocol based authentication ("auth type") of the user, the output presents its attributes related to the user's password and its validation status:

• retries - current count of consecutive login rejections.
• is user locked - true, if the user has been locked.
  
• The number of login errors exceeds the partition's threshold x-DY_USER_LOGIN_RETRIES. See Partition Settings Summary.
  To unlock a user, reset its password.
• role - name of the role that is assigned to the user. This field is not shown if user has no specific role. In such a case, the user's privileges are granted through its membership in user groups.

A user without a role and without membership in user group(s) is practically disabled.

• groups - list of User groups that the user is a member of.
• aliases - list of SSOSingle Sign-On users that are represented by this user. For example:
"aliases" : { "cognito" : [ "JohnDoe@unboundsecurity.com" ], "cognito-test" : [ "tester1@unboundsecurity.com", "tester3@unboundsecurity.com", "# tester2@unboundsecurity.com" ] }

ucl user delete

Users with the following usernames can't be deleted: USER and SOSecurity officer - UKC partition administrator role..

ucl user change-pwd

To change its password, user executes the following command.

ucl user reset-pwd

To reset a partition user's password, the partition 's SOSecurity officer - UKC partition administrator role. uses the following command:

For example, the default "so" resets the password of "tester1". Interactive approach:

Note
To unlock a user, reset the user's password. The new password may be equal to the old one.

ucl user recover-pwd

In the extreme case when none of a partition's SOSecurity officer - UKC partition administrator role. can log in, the specific user's password (particularly, the partition's SOSecurity officer - UKC partition administrator role. password) may be recovered by the Root SOSecurity officer - UKC partition administrator role..

Example:

ucl user recover-pwd -p codesign -n so2 -d Password2!

Tip
To recover the password of Root SOSecurity officer - UKC partition administrator role., use ekm_recover_root_so_pwd.