Hitachi

JP1 Version 12 JP1/Automatic Operation Service Template Reference


2.5.35 Change operational user

Function

This service template changes password for OS users and JP1 users, and updates password management information registered in JP1/Base (Windows).

Note that in a CentOS environment, only changing password for OS users is executable.

It is enabled in the following systems:

• Systems in which jobs are executed by an agent server in a job execution environment that uses JP1/AJS3.

• Systems in which automated actions are performed and commands are executed on an agent server in a monitoring environment that uses JP1/IM.

This service template assumes that the following servers are being used.

• JP1 authentication server

Servers running a JP1/Base authentication server. These manage JP1 user information.

• Agent server

Servers on which JP1/Base is installed, and that execute jobs and perform automated actions.

To update administrative users' information to the above systems, the following tasks are performed.

(1) Change the OS user password. (Agent server)

(2) Update the password management information registered in JP1/Base. (Agent server)

(3) Change the JP1 user password. (JP1 authentication server)

Note that when OS user is set, (1) and (2) are performed. When JP1 user is set, (3) is performed. If you set both OS user and JP1 user, (1), (2) and (3) are performed.

If any of the JP1/AO server, the JP1 authentication server and the agent server is Windows, the execution of this services template requires the built-in Administrator. If the built-in Administrator does not exist or is invalid on each server, execute the "Change operational user(SYSTEM)" service template that executes with the system account.

Prerequisites

For the latest support information about [Required product in the System]/[Prerequisite products in the system executing the service template]/[Prerequisite product OS running in the system executing the service template], see the release notes.

[Required product in the System]

JP1/Automatic Operation 12-00 or later

[Prerequisite products in the system executing the service template]

(1) The following version of JP1/Base is running on the JP1 authentication server and the agent server:

Job Management Partner 1/Base 09-00 or later, or

JP1/Base 11-00 or later

[Prerequisite product OS running in the system executing the service template]

(1) Windows Server 2008 R2 Standard/Enterprise/Datacenter

(2) Windows Server 2012 Standard/Datacenter, Windows Server 2012 R2 Standard/Datacenter

(3) Windows Server 2016 Standard/Datacenter

(4) Windows Server 2019 Standard/Datacenter

(5) Red Hat Enterprise Linux Server 6 (32-bit x86), Red Hat Enterprise Linux Server 6 (64-bit x86_64)

(6) Red Hat Enterprise Linux Server 7 (64-bit x86_64)

(7) Red Hat Enterprise Linux Server 8 (64-bit x86_64)

(8) CentOS 6 (64-bit x86_64)

Note: Only changing OS user passwords is executable.

(9) CentOS 7 (64-bit x86_64)

Note: Only changing OS user passwords is executable.

(10) CentOS 8 (64-bit x86_64)

Note: Only changing OS user passwords is executable.

(11) Oracle Linux 8 (64-bit x86_64)

(12) AIX V6

(13) AIX V7

[Usage conditions of prerequisite products in the system executing the service template]

(1) The authentication server of the connection destination is set in JP1/Base on the agent server.

(2) To change the OS user password (or in the case of Windows, to update the password management information), specify the following properties:

common.targetHost

OS.osUserName

OS.osUserPassword

OS.osUserPasswordReEnter

OS.userType (Windows only)

(3) To change the JP1 user password, specify the following properties:

jp1base.certHost

jp1base.jp1UserName

jp1base.jp1UserPassword

jp1base.jp1UserPasswordNew

jp1base.jp1UserPasswordReEnter

(4) If JP1/Base on the agent server is in a cluster configuration, the service can only be executed in the active server environment. If the service was executed at least once on the active server and then a failover occurred, execute the service again by specifying the system environment settings and OS user information parameters, and leaving all the JP1 user information parameters blank.

Cautions

(1) To work with OS users of the domain environment, set property OS.userType to domain.

(2) If you are executing this service in a UNIX environment, do not use multibyte characters in properties.

(3) If specifying multibyte characters and when the agent server OS is Windows, specify the following parameters to be the lengths indicated.

OS user name: 20 bytes

OS user password: 64 bytes

OS user password re-entry: 64 bytes

(4)In order to execute this service, the JP1/AO server (loopback address resolved by localhost) and the server that is the connection destination must be set as agentless connection destinations.

(5)When executing this service for a UNIX environment, make sure that the OS user exists in advance.

Version

03.00.00

Tags

Configure JP1,Base

Property list

The following shows the list of the property groups set in the property:

Property group

Description

Initial display

System environment information

Specify the environment information of the agent server.

Y

OS user information

Specify the information for the OS user whose password is to be changed.

Y

JP1 authentication server information

Specify the JP1 authentication server information for the JP1 user to be added.

Y

JP1 user information

Specify the JP1 user information for the password to be changed.

Y

The following shows the list of the properties to be displayed in the "Service Definition" window:

(Legend)

R: The property must be specified.

O: The property can be omitted. However, the property might be mandatory depending on what is specified for other properties. See the Description of each property.

Property key

Property name

Description

I/O type

Shared

Required

Property group

jp1base.certHost

Host name of the JP1 authentication server

Specifies the host name of the JP1 authentication server. This must be specified if you want to change the OS user's password. In the case of a cluster configuration, specify the physical host or logical host of the active server.

Input

Disabled

O

JP1 authentication server information

jp1base.certHostLHostName

Logical host name of JP1 authentication server

Specify the logical host name of the JP1 authentication server (when the JP1 authentication server is in a cluster configuration).

Input

Disabled

O

JP1 authentication server information

The following shows the list of the properties to be displayed on the "Service Definition" window and the "Submit Service" window:

Property key

Property name

Description

I/O type

Shared

Required

Property group

common.targetHost

Agent server host name

Specifies the host name or IP add. of the agent server. IPv6 are not supported. This must be specified if you want to change the OS user's password. In the case of a cluster configuration, specify the physical host or logical host of the active server.

Input

Disabled

O

System environment information

jp1base.jp1BaseLHostName

Logical host name of JP1/Base

Specify the logical host name of JP1/Base on the agent server (if JP1/Base is used in a cluster configuration).

Input

Disabled

O

System environment information

OS.osUserName

OS user name

Specifies the OS user name from the agent server. This must be specified if you want to change the password of the OS user.

Input

Disabled

O

OS user information

OS.osUserPassword

New password for OS user

Specifies the new password for the OS user.

Input

Disabled

O

OS user information

OS.osUserPasswordReEnter

Re-enter new password for OS user

Specifies again the new password for the OS user.

Input

Disabled

O

OS user information

OS.userType

OS user type

Specify "local" or "domain" as the OS user type. This property only takes effect when the agent server is running Windows.

Input

Disabled

O

OS user information

jp1base.jp1UserName

JP1 user name

Specifies the JP1 user name on the JP1 authentication server. This must be specified if you want to change the password for the JP1 user.

Input

Disabled

O

JP1 user information

jp1base.jp1UserPassword

JP1 user password

Specify the password of the JP1 user.

Input

Disabled

O

JP1 user information

jp1base.jp1UserPasswordNew

New JP1 user password

Specify a new password for a JP1 user.

Input

Disabled

O

JP1 user information

jp1base.jp1UserPasswordReEnter

Re-enter new password for JP1 user

Specifies again the new password for the JP1 user.

Input

Disabled

O

JP1 user information

The following shows the restrictions on inputs to the properties displayed in the "Service Definition" window:

Property key

Characters that can be input

jp1base.certHost

A maximum of 255 characters can be entered. Characters that can be used include alphanumeric characters, as well as . and -.

jp1base.certHostLHostName

A maximum of 255 characters can be entered. Characters that can be used include alphanumeric characters, as well as . and -.

The following shows the restrictions on inputs to the property displayed on the "Service Definition" window and the "Submit Service" window:

Property key

Characters that can be input

common.targetHost

A maximum of 255 characters can be entered. Characters that can be used include alphanumeric characters, as well as . and -.

jp1base.jp1BaseLHostName

A maximum of 255 characters can be entered. Characters that can be used include alphanumeric characters, as well as . and -.

OS.osUserName

A character string of no more than 20 characters can be entered. It cannot include <, >, |, ;, &, `, or a trailing \. In case of executing this service to UNIX, it cannot include multibyte character.

OS.osUserPassword

A character string of no more than 64 characters can be entered. It cannot include <, >, |, ;, `, or a trailing \. In case of executing this service to UNIX, it cannot include multibyte character.

OS.osUserPasswordReEnter

A character string of no more than 64 characters can be entered. It cannot include <, >, |, ;, &, *, ?, ", %, or a trailing \. In case of executing this service to UNIX, it cannot include multibyte character.

OS.userType

Select one of the following values:

local,domain

jp1base.jp1UserName

A maximum of 31 characters can be entered. Characters that can be used include alphanumeric characters, as well as !, #, $, %, ', -, @, _, ~.

jp1base.jp1UserPassword

A character string of between 6 and 32 characters can be entered. Characters that can be used include alphanumeric characters, as well as !, #, $, %, ', -, /, =, ?, @, [, ], ^, _, {, } and ~.

jp1base.jp1UserPasswordNew

A character string of between 6 and 32 characters can be entered. Characters that can be used include alphanumeric characters, as well as !, #, $, %, ', -, /, =, ?, @, [, ], ^, _, {, }, and ~.

jp1base.jp1UserPasswordReEnter

A character string of between 6 and 32 characters can be entered. Characters that can be used include alphanumeric characters, as well as !, #, $, %, ', -, /, =, ?, @, [, ], ^, _, {, }, and ~.

Flow specification details

The following table shows the detailed specification of the flow:

Hierarchy

Display name

Plug-in

Plug-in name

Description

Error recovery method

1

checkOS

Flow Plug-in

Determines the OS type of the JP1 authentication server or agent server.

--

1-1

Output OS type

Ascertains the OS of the JP1 authentication server.

Eliminate the cause of the error, and then re-execute the service.

1-2

Output OS type

Ascertains the agent server OS.

Eliminate the cause of the error, and then re-execute the service.

1-3

Output OS type

Outputs the OS of the JP1/AO server.

Eliminate the cause of the error, and then re-execute the service.

2

osChangePassword

Flow Plug-in

Changes the password for an OS user.

--

2-3

Compatible Plug-in

Ascertains whether an OS user name has been specified.

Eliminate the cause of the error, and then re-execute the service.

2-3-1

Change password for OS user

Changes user passwords on an agent server (or server domain).

Eliminate the cause of the error, and then re-execute the service.

3

jp1baseChangeUserInfo

Flow Plug-in

Updates OS user information registered in JP1/Base.

--

3-1

Compatible Plug-in

Ascertains whether an OS user name has been specified.

Eliminate the cause of the error, and then re-execute the service.

3-2

Flow Plug-in

Updates OS user information registered in JP1/Base.

--

3-2-3

Compatible Plug-in

Determines whether or not the OS is Windows.

Set the value after changing to the new and old password of the JP1 user, and then re-execute the service.

3-2-4

Change password management information in JP1/Base

Changes passwords of mapping users of JP1/Base of a specified server.

Set the value after changing to the new and old password of the JP1 user, and then re-execute the service.

4

jp1baseChangePassword

Flow Plug-in

Changes the password for a JP1 user.

--

4-3

Compatible Plug-in

Ascertains whether a JP1 user name has been specified.

Eliminate the cause of the error, and then re-execute the service.

4-3-1

Change JP1 user password

Changes the JP1 user password on a specified authentication server.

Eliminate the cause of the error, and then re-execute the service.