We can create an account template using the following command (Unix v2 template):
etautil -d im -u etaadmin -p <password> -DYN add "'eTDYNPolicyContainerName=DYN Policies,eTNamespaceName=UNIX v2'" eTDYNPolicy eTDYNPolicyName="test_account_template" eTDYNAccountName="%AC%" eTPassword="%P%" eTSuspended="0" eTDYN-str-multi-02="/bin/bash"
We can create a provisioning role using the following command:
etautil -d im -u etaadmin -p <password> add "'eTRoleContainerName=Roles,eTNamespaceName=CommonObjects,dc=im'" eTRole eTRoleName="test_role" eTDescription="test_role"
But how can we associate a provisioning role with an account template using etautil?
Corresponding object classes do not have attributes for their relationship.
All Identity Manager
Provisioning roles are associated with account templates using separate objects called inclusions. Object class is eTInclusionObject.
Inclusion objects contain information about both Superior (in this case Provisioning role) and subordinate (account template) objects.
Inclusion between a provisioning role and an account template can be created using the following command:
etautil -d im -u etaadmin -p <password> -DYN add "eTSubordinateClass=eTDYNPolicy,eTSuperiorClass=eTRole,eTInclusionContainerName=Inclusions,eTNamespaceName=CommonObjects,dc=im" eTInclusionObject eTInclusionID=XXXXXXXXXX eTSuperiorClass=eTRole eTSuperiorClassEntry="eTRoleName=test_role,eTRoleContainerName=Roles,eTNamespaceName=CommonObjects,dc=im" eTSubordinateClass=eTDYNPolicy eTSubordinateClassEntry="eTDYNPolicyName=test_account_template,eTDYNPolicyContainerName=DYN Policies,eTNamespaceName=UNIX v2,dc=im"
Replace "XXXXXXXXXX" in the above command with a random string. When IM Provisioning server gets a request to create an inclusion, it generates a unique value for eTInclusionID, and discards that random string from the request.