The Command Language

2 The Command Language

This chapter provides details of the commands available within Oracle Communication IP Service Activator OSS Integration Manager.

Command Grammar

All commands take the following basic form:

command [object-path] [attributes]

All commands operate on objects within the EOM, identified by a unique name or a unique ID number. For full details of the objects that can be accessed, see "The External Object Model".

See "Command Grammar" for a formal definition of the language grammar.

Object Path

The object_path identifies the object that the command is to operate on. Not all commands require an object path. If the command requires an object path and it is omitted then the current object is assumed as the path.

Note that the link and unlink commands operate on two objects, a parent and a child, so the paths of both objects must be specified.

The object_path can take one of three forms:

An absolute object path, starting with the root object. The ‘/' character given at the start of the path indicates the root object. For example:
```
/System:"System"/EventSubscription:"DeviceFaults"
```
A relative object path from the current object. For example:
```
network:"Acme"/device:"Cisco7505"
```
An object's unique ID number, enclosed in square brackets. For example:
```
[675]
```

Table 2-1 shows and defines the symbols that may be used in the path definition.

Table 2-1 Path Definition Symbols

Symbol	Description
.	Current path
..	Path to parent object
/	Object separator
Object name	Set the path to the location of the specified object
Object ID	Set the path to the location of the object with the specified ID

Note:

During object creation, unique object name verification is performed within its parent object. If duplicate names are discovered, an error message similar to the following will appear:

CommandExecutionError.ERR_ObjectModelViolation: Object [1802], a Interface, has multiple children of type SubInterface with the same name: Serial1/0.100, [4129].

You can create multiple objects with the same name in an object model as long as they belong to different parent objects. Uniquely named folders, under a parent object, can each store objects with the same name. The stored objects can have the same name since they belong to different parent objects

Attributes

Not all commands require attributes. When set, they take the form:

attribute="value"

Quotation marks are not strictly required unless there are spaces within the value. If necessary, multiple attributes can be specified on a single line.

Data Types

Attributes entered in command lines can be one of the data types displayed in Table 2-2.

Table 2-2 Data Types

Type	Description
String	A string containing any alphanumeric characters. Maximum string length is generally 127 characters; where the maximum length of a string is shorter or longer, its length is specified in this document.
Object ID	The unique ID of each object, in the form [nnn] where nnn is an unsigned integer (When attributes are returned, object IDs appear as they are in integer form)
DateTime	YYYY/MM/DD HH:MM:SS The date defaults to today
IpAddress	nnn.nnn.nnn.nnn where nnn <= 255
Boolean [string]	True or False
Enum	String representing one member from a set of possible enumerated values. Enum stands for enumerated type. Each attribute of type Enum is described with an enumeration of valid arguments. This attribute can be entered either by its numeric value or by the corresponding string.
U32	Unsigned 32-bit integer
Bitmap	Some attributes have binary values that are additive. When several choices in a range can be set to true, then the attribute value is a binary sum that uniquely represents those several choices.

Case Sensitivity

Commands and parameters are not case-sensitive, with the exception of user passwords which must be entered exactly as originally set.

Overview of the Commands

OIM commands are grouped into the following modules:

Access Control Module commands: allow the user to securely authenticate to IP Service Activator
Transaction Module commands: aggregate and execute changes to the database and network into transactions
Declarative Module commands: modify, link, create, delete or otherwise change objects within the topology or policy tree
Management Module commands: discover and manage the network
Navigation Module commands: navigate or search the object model
Utility Module commands: facilitate the use of OIM. Commands in the Utility Module are executed immediately

Transactions

Unless specified in their individual descriptions, commands that belong to the Declarative and Management modules are held in a default transaction queue. The commands in the transactions can be executed with a commit command, or the queue can be removed by an abort command. Commands held in the current transaction queue can be listed using the listTrans command.

Navigation commands may be interspersed with Declarative and Management commands. Navigation commands are executed immediately.

For more details about transaction processing within IP Service Activator, see IP Service Activator Concepts.

Error Reporting

Details of errors are given in "Error Handling".

The Access Control Module

The Access Control Module commands allow the user to securely log into and authenticate to the system by providing a user name and a password. The user can exit by logging off at any time.

Users must already have been set up within IP Service Activator.

Table 2-3 summarizes the Access Control Module commands.

Table 2-3 Access Control Module Commands

Command	Summary
login	Logs the user into IP Service Activator
logout	Logs the user out of IP Service Activator
getAccess	Get the user's access rights for all object types or a specific object type

The Login Command

The login command logs the user into the system, using a log-in name and password previously set up in IP Service Activator. You can use the login command in scripts to execute commands on the OIM client without logging into it. The log in information is provided in these scripts.

Table 2-4 lists the attributes for the login command.

Table 2-4 login Command Attributes

Attribute	Type	Description
name	String	User name previously set up in IP Service Activator.
password	String	Password previously set up in IP Service Activator.

Syntax

The syntax for the login command is:

login name=username password=password

where username and password are the log-in name and password previously set up in IP Service Activator.

For example:

login name="user1" password="mypass26"

Path

[no default]

Errors

The LoginException error may be returned for the following reasons:

The user has entered an invalid combination of username and password.
The user has repeatedly failed to log into the system.
Concurrent logins are not permitted.
The password has expired.

The ChangePassword Command

The changePassword command enables the user to set or modify their own password.

Syntax

The syntax for the changePassword command is:

changepassword

The user is prompted to enter a password and to confirm it. Any characters entered are displayed on screen in encrypted mode.

For example:

changepassword
password: *******
confirmation password: *******

Path

[no default]

Return

[no default]

Errors

[no default]

The Logout Command

The logout command logs the user off the system.

Syntax

The syntax for the logout command is:

logout

Path

[no default]

Return

[no default]

Errors

[no default]

The getAccess Command

The getAccess command returns the current user's access permissions for a single object, an object type or all object types.

Table 2-5 lists the attributes for the getAccess command.

Table 2-5 getAccess Command Attributes

Attribute	Type	Description
type	String	Object type name, or “all" to retrieve the information for all object types.

Syntax

The syntax for the getAccess command is:

getAccess [object-path] [type=objecttype]

where object-path is the path to object for which access rights are required and objecttype is an object type name. Use all instead of an object type name to retreive information for all object types.

For example:

To return access rights for the current object:
```
getAccess
```
To return access rights for the object with ID no 250:
```
getAccess [250]
```
To return access rights for all Device objects:
```
getAccess type=Device
```
To return access rights for all objects:
```
getAccess type=all
```

Path

The object for which access rights are required. This is ignored if a type attribute is specified.

Return

The getAccess command returns a True or False value for each of the following access rights:

read
create (includes delete)
link (includes unlink)
modify
execute

Errors

[no default]

The Transaction Module

The Transaction Module commands allow the user to save commands in the form of transactions and control how and when the transactions are executed.

Commands in the Declarative and Management modules are grouped into transactions. Other commands are executed immediately.

The Transaction Module provides the commands summarized in Table 2-6.

Table 2-6 Transaction Module Commands

Command	Summary
abort	Stops the current transaction.
commit	Saves the changes made in the current transaction to the database.
events	Returns the changes that have occurred through transactions since the last time the events command was called.
exporttransaction	Returns the changes that have occurred through transactions since the last time the events command was called.
listTrans	Lists commands in the current transaction.
merge	Applies changes saved in a Transaction object to the current object model.
rollback	Discards changes stored in a Transaction object in the object mode.
schedule	Schedules a Transaction object to be applied at a given date and time.

For more details about transaction processing see IP Service Activator Concepts Guide.

The Abort Command

The abort command stops the current transaction and discards the queued commands.

Syntax

The syntax for the abort command is:

abort

Path

[no default]

Return

[no default]

Errors

[no default]

The Commit Command

The commit command saves the changes within the current transaction in the object model, and sends them to the server.

A transaction can be:

Committed immediately. The common object model is updated with the transaction's changes and any configuration changes are propagated to the network.
Queued. The transaction is saved to the common object model's transaction store with a status of Pending. The object model changes associated with that transaction are not executed and no configuration changes are propagated to the network.
Scheduled. The transaction is saved and will be committed at a specified future date or time.

In all cases, the commit command creates a TransactionEntry object.

Atomic transactions change the model for successful execution of the transaction. Normally, all commands in a transaction must be executed successfully for the transaction as a whole to be completed i.e. if any one command in a transaction fails, the entire transaction fails.

Use atomic transactions to break a transaction into smaller sub-transactions which can succeed or fail independently without causing the entire transaction to fail.

These sub-transactions are grouped using the commit type atomic. Then entire transaction, which includes the atomic sub-transactions, is then committed using the commit type atomicTransaction.

Notice the error in the first command of the following example:

create Customre:"Bob"
create Customer:"Bob"/Site:"NOC"
commit mode=atomic
create Customer:"John Doe"
create Customer:"John Doe"/Site:"NOC"
commit mode=atomic
commit mode=atomicTransaction

The first command fails, causing the first atomic transaction, which attempts to create customer Bob, to fail. However, the second atomic transaction to create customer John Doe and its NOC succeeds. The post transaction activities which apply to the second atomic transaction are still completed.

If a command in a transaction fails, and it isn't in an atomic transaction, the whole transaction fails, regardless of whether or not it contained atomic transactions.

Table 2-7 describes the attributes used by the commit command.

Table 2-7 Attributes Used by the Commit Command

Attribute	Type	Description
mode	Enum	The type of commit to perform. Values are: immediate queue schedule atomic atomicTransaction The default value is immediate.
name	String	The name of the TransactionEntry object that is created. Optional for an immediate commit, mandatory for a queued or scheduled commit.
schedule	DateTime	The date and time that the transaction is to be applied. Mandatory if mode is schedule.
waitforcompletion	Boolean	When set to True, the commit command returns only if the transaction's changes have been written to the database. The default is False.

Syntax

The syntax for the commit command is:

commit [mode=commit-mode] [name=transaction-name] [schedule=datetime]

For example:

To commit the current transaction:
```
commit
```

To schedule the current transaction to be executed at a specific time:

commit mode=schedule name="Scheduled Transaction" schedule="2002/11/15 20:00:00"

To queue a current transaction:
```
commit mode=queue name="createVPN"
```

Path

[no default]

Return

[no default]

Errors

The CommandExecutionError may be returned for the following reasons:

Commit Failure: an element of the commit transaction was not successful
No name attribute was specified to a queued or scheduled transaction
No schedule time was specified for a scheduled transaction

The Events Command

The events command returns the changes that have occurred (through transactions) since the last time the events command was called.

The OIM starts to record events when the events command is first entered. When the events command is next called all the recorded events are returned.

The command can be used in two ways:

If no path is specified, the command lists the changes that have occurred since the last time the command was called.
If a path is specified, the command lists the transactions within the identified transaction object.

Table 2-8 lists the attributes for the events command.

Table 2-8 events Command Attributes

Attribute	Type	Description
block	Boolean	When set to True, if no changes have occurred since the last time the events command was called, the command pauses its execution until an event occurs. This eliminates the process of having to repeatedly enter the events command until an event occurs. This automatically returns details of the transaction that has occurred.

Syntax

The syntax for the events command is:

events [object-path] [block=true]

For example:

To return information about a committed transaction:
```
events [2037]
```
To run the events command in blocking mode, in order to pause the execution of the command until an event occurs:
```
events block=true
```

Path

The path to the TransactionEntry object. A path does not have to be specified.

Return

The events command returns the commands within the committed transaction.

Errors

The CommandExecutionError may be returned if the object specified in the path is not a TransactionEntry object.
The OimSystemException command may be returned if the OIM session is invalid, or if OIM is shutting down.

The Exporttransaction Command

The exporttransaction command outputs the list of operations part of the transaction. The output is formatted as follows for three formats of output: normal, concrete and fault operations:

OID: <main_object_ID>      OClass: <main_object_class_type>    OName: <main_object_name> Operation: <type_of_operation>       PClass: <parent_object_class>        PName: <parent_object_name> PId: <parent_object_id>    Parameters: <Attribute1=Value1>, <Attribute2=Value2>…
CID: <concrete_ID>      CClass: <Concrete_object_class_type>     Operation:  <type_of_operation>     PClass:      PName:  PId:    Parameters:  <Attibute1=Value1>…
Fault Operations:
FID: <object_ID>      Operation: <type_of_operation>       PClass:         PName:  PId:    Parameters: <Attribute1=Value1>, <Attribute2=Value2>…

Note:

PClass, PName, and PId are only used for “link" type of operations to describe the parent object to which the main object is to be linked as a result of the link operation.

Syntax

The syntax for the exporttransaction command is:

exporttransaction [TransactionEntry-object-id]

where TransactionEntry-object-id is the object ID for which the list of operations is to be displayed.

Path

[no default]

Return

The exporttransaction command returns a list of operations for the transaction.

Errors

Transaction entry ID not specified:

CommandExecutionError.ERR_ExportTransIdRequired: The command needs a transaction entry id.
Transaction entry not found:

CommandExecutionError.ERR_CannotResolveToObject: Cannot Resolve to object: [<object_id>]

Concretes Affected by the Exporttransaction Command

Concretes can be affected when a Policy Rule or Configuration Policy is changed as part of the Modify Operation of a transaction.

Possible values for OPERATION are:

Create
Link
Unlink
Modify
Delete

For Object instances, concretes can be Linked, Unlinked, Affected, and Deleted in a transaction.

CID is the Concrete ID of the concretes that will be created when Policy Rules (Access Rule, Classification Rule, Configuration Policy etc.) or Configuration Policies (Banners, Static Routes etc.) are applied to Policy Targets (Device, Interface, VPN etc).

While displaying transaction details, renumbering of Concrete IDs may occur if a Policy Rule is applied to a Policy target in one transaction that results in creation of new concretes that are different from previously created (and currently non-existent) concretes when the same Policy Rule has been applied to the same Policy Target in another transaction.

Enhancement of Exporttransaction Command and the Cat Command

In the GUI, for a transaction entry object, viewing and exporting of concrete data is performed in two ways, namely raw data and modified data. In OIM, for cat and exporttransaction commands, a new argument, showrawdata, has been introduced. Depending on the value of showrawdata the concrete data is displayed. If showrawdata=true, the raw data is displayed and if showrawdata=false, the modified data is displayed. The display is consistent across GUI and OIM. This implies that the GUI and OIM by default display the modified data, whereby the showrawdata is always false.

Since cat is a very generic command, showrawdata is only applicable for transactionentry objects. If users try to use the showrawdata with other objects they will encounter an error. In the GUI, a new check box is added. If the user selects the check box, the original concrete IDs are displayed. In the GUI, the check box option is named Show original Concrete IDs.

Exporttransaction Command Examples

The following example shows renumbered CIDs in the output of the exporttransaction command. The example shows that the Create and Link concretes are renumbered. You will notice that CID 1741 is renumbered to 1748 when AccessRule AR1 is applied to the Interface with OID 1685.

/>exporttransaction [1742]
Operations:
OID: 1739       OClass: AccessRule      OName: AR1      Operation: Create       PClass:         PName:  PId:    Parameters: AclName=, AclNumber=0, Conflict=0, Disabled=0, Fragments=0, Inbound=1, Log=0, ManagementOverride=0, Name=AR1, NamedAcl=1, Order=4026531840, Outbound=0, Permit=1

OID: 1739       OClass: AccessRule      OName: AR1      Operation: Link PClass: Network PName: test     PId: 578        Parameters: OID: 1740       OClass: ClassificationLeaf      OName:  Operation: Create       PClass:         PName:  PId:    Parameters: AclIdType=2, AclName=, AclNumber=0, AddressType=0, Aggregate=1, DestinationIpAddr=0.0.0.0, DestinationIpv6Addr=, DestinationMacAddr=, DestinationMacMask=, DestinationMask=0.0.0.0, Fragments=0, Log=0, Match=1, MatchType=1, Name=, Remarks=, SourceIpAddr=0.0.0.0, SourceIpv6Addr=, SourceMacAddr=, SourceMacMask=, SourceMask=0.0.0.0

OID: 1740       OClass: ClassificationLeaf      OName:  Operation: Link PClass: AccessRule      PName: AR1      PId: 1739       Parameters: OID: 5  OClass: DeviceRole      OName: 2        Operation: Link PClass: AccessRule      PName: AR1      PId: 1739       Parameters: 
OID: 11 OClass: InterfaceRole   OName: 3        Operation: Link PClass: AccessRule      PName: AR1      PId: 1739       Parameters: Concrete Operations:

CID: 1741       CClass: ConcreteAccessRule      Operation: Create     PClass:         PName:  PId:    Parameters: AuditMismatchIgnored=0, AuditState=0, Conflict=0, Direction=0, Enabled=1, NotificationCount=0, State=0 
CID: 1741       CClass: ConcreteAccessRule      Operation: Link PClass: AccessRule      PName: AR1      PId: 1739       Parameters:

CID: 1741       CClass: ConcreteAccessRule      Operation: Link PClass: Interface       PName: 1685     PId: 1685       Parameters:

/>exporttransaction [1742] 
Operations: 
OID: 1739       OClass: AccessRule      OName: AR1      Operation: Create       PClass:         PName:  PId:    Parameters: AclName=, AclNumber=0, Conflict=0, Disabled=0, Fragments=0, Inbound=1, Log=0, ManagementOverride=0, Name=AR1, NamedAcl=1, Order=4026531840, Outbound=0, Permit=1

OID: 1739       OClass: AccessRule      OName: AR1      Operation: Link PClass: Network PName: test     PId: 578        Parameters: OID: 1740       OClass: ClassificationLeaf      OName:  Operation: Create       PClass:         PName:  PId:    Parameters: AclIdType=2, AclName=, AclNumber=0, AddressType=0, Aggregate=1, DestinationIpAddr=0.0.0.0, DestinationIpv6Addr=, DestinationMacAddr=, DestinationMacMask=, DestinationMask=0.0.0.0, Fragments=0, Log=0, Match=1, MatchType=1, Name=, Remarks=, SourceIpAddr=0.0.0.0, SourceIpv6Addr=, SourceMacAddr=, SourceMacMask=, SourceMask=0.0.0.0 OID: 1740       OClass: ClassificationLeaf      OName:  Operation: Link PClass: AccessRule      PName: AR1      PId: 1739       Parameters:

OID: 5  OClass: DeviceRole      OName: 2        Operation: Link PClass: AccessRule      PName: AR1      PId: 1739       Parameters: OID: 11 OClass: InterfaceRole   OName: 3        Operation: Link PClass: AccessRule      PName: AR1      PId: 1739       Parameters: 

Concrete Operations:
CID: 1748       CClass: ConcreteAccessRule      Operation: Create     PClass:         PName:  PId:    Parameters: AuditMismatchIgnored=0, AuditState=0, Conflict=0, Direction=0, Enabled=1, NotificationCount=0, State=0

CID: 1748       CClass: ConcreteAccessRule      Operation: Link PClass: AccessRule      PName: AR1      PId: 1739       Parameters:

CID: 1748       CClass: ConcreteAccessRule      Operation: Link PClass: Interface       PName: 1685     PId: 1685       Parameters:

Note:

Renumbering will be done for all types of Concretes irrespective of type of operation related to concretes(Create, Link, Unlink, Delete, Affected).

The following example shows the renumbered affected concretes.

/>exporttransaction [1751] 
Operations:
OID: 589        OClass: DefaultTraffic  OName: Default Traffic Type   Operation: Unlink       PClass: ClassificationLeaf      PName:  PId: 1740   Parameters:

Concrete Operations:
CID: 1741       Operation: Affected     PClass:         PName:  PId: 
CID: 1742       Operation: Affected     PClass:         PName:  PId: 

 />exporttransaction [1751]
Operations: 
OID: 589        OClass: DefaultTraffic  OName: Default Traffic Type   Operation: Unlink       PClass: ClassificationLeaf      PName:  PId: 1740   Parameters: 

Concrete Operations: 
CID: 1748       Operation: Affected     PClass:         PName:  PId: 
CID: 1749       Operation: Affected     PClass:         PName:  PId:

In the example above affected concretes CIDs 1741 and 1742 are numbered to 1748 and 1749.

In the following example, the transaction that is the object of “exporttransaction" was disabling a concrete that resulted in faults being generated.

Operation:

exporttransaction [17414]
Concrete Operations:
CID: 17269      CClass: ConcreteGenericRule     Operation: Modify       PClass:      PName:  PId:    Parameters: Enabled=0

Fault Operations:
FID: 17413      Operation: Create       PClass:         PName:  PId:    Parameters: DefaultText=This user-created interface has had its creation policy concrete disabled - the interface may not exist on the device, MajorCode=100, MinorCode=2346, Parameters=, Severity=2, TimeStamp=Thu Jan 31 13:55:45 2008
FID: 17413      Operation: Link PClass: System  PName: 2        PId: 2  Parameters:
FID: 17413      Operation: Link PClass: SubInterface    PName: 17267    PId: 17267   Parameters:

The ListTrans Command

The listTrans command lists all the commands entered in the current transaction.

Note that if you run listTrans command just after committing a set of commands, listTrans returns nothing.

Syntax

The syntax for the listTrans command is:

listTrans

Path

[no default]

Return

The listTrans command returns the list of commands in the format:

command object-id [object-id] parameters

For example:

create /policy:"policy"/domain:"d"/customer:"YDEurope"

Errors

[no default]

The Merge Command

The merge command merges the content of an existing TransactionEntry object to the current local object model. For queued (Pending) transactions, this is required before the transaction can be committed.

During the merge, IP Service Activator tests the validity of the transaction against the local object model. If there is a conflict, IP Service Activator abandons the merge and reports an error. This occurs, for example, if you attempt to merge a transaction that creates an object that already exists.

Merge is a queued command, that is, it is not executed immediately like the other Transaction Module commands.

Syntax

The syntax for the merge command is:

merge [object-path]

For example, to merge the transaction MyQueuedChanges with the local object model:

merge /System:"System"/TransactionEntry:"MyQueuedChanges"

Path

The path of the TransactionEntry object to be merged. If no path is given, the current object is assumed.

Return

[no default]

Errors

The CommandExecutionError may be returned for the following reasons:

The object specified in the path is not a TransactionEntry object
The transaction in the TransactionEntry object could not be merged with the local object model.

The Rollback Command

The rollback command rolls back the changes specified in a TransactionEntry object from the current object model.

When you roll back a transaction, its changes are removed from the object model and, where configuration has been installed on network devices, the configuration is removed.

The ability to roll back a committed transaction depends on whether transactions that were subsequently committed are dependent on that transaction's changes. For example, a transaction that created a VPN to which sites and interfaces have subsequently been linked cannot be rolled back. It is not necessary to have merged the content of the TransactionEntry object first.

Rollback is a queued command, that is, it is not executed immediately like the other Transaction Module commands.

Syntax

The syntax for the rollback command is:

rollback [object-path]

For example:

rollback /System:"System"/TransactionEntry:"MyQueuedChanges"

Path

The path of the TransactionEntry object to be rolled back. If no path is given, the current object is assumed.

Return

[no default]

Errors

The CommandExecutionError may be returned for the following reasons:

The object specified in the path is not a TransactionEntry object
The transaction stored in the TransactionEntry object could not be rolled back in the local object model.

The Schedule command

The schedule command changes a queued (Pending) TransactionEntry object into a scheduled one, or changes the scheduled time for a scheduled TransactionEntry object.

Schedule is a queued command; that is, it is not executed immediately like the other Transaction Module commands.

Table 2-9 lists the attributes for the schedule command.

Table 2-9 schedule Command Attributes

Attribute	Type	Description
schedule	DateTime	The date and time when the transaction is to be applied (YYYY/MM/DD HH:MM:00)This parameter must be given in GMT. If the time stated is in the future in local time, but in the past in GMT, the command is executed immediately.Must be in quotes.

Syntax

The syntax for the schedule command is:

schedule [object-path] schedule=schedule-date

For example:

schedule TransactionEntry:"MyQueuedChanges" schedule="2001/6/15 20:00:00"

Path

The path to the TransactionEntry object to be scheduled. If no path is given, the current object is assumed.

Return

[no default]

Errors

The CommandExecutionError may be returned for the following reasons:

The object specified in the path is not a TransactionEntry object
The TransactionEntry object's state is not Pending or Scheduled.

The Declarative Module

The Declarative Module provides commands that operate on and potentially change objects within the policy and topology trees.

Table 2-10 summarizes the commands that are available.

Table 2-10 Declarative Module Commands

Command	Summary
PreserveMissingInterfaces	Restores to found state, the interfaces which are not found.
ApplyRoleAssignmentRules	Applies roles to interfaces and devices in the Network object specified.
copy	Copies the specified object.
create	Creates and names an object.
delete	Deletes the specified object.
link	Links a child object to a parent object.
unlink	Unlinks a child object from a parent object.
modify	Modifies the attributes associated with a specified object.
subscribe/unsubscribe	Sets the system to ignore certain types of objects during the lifetime of a session.
use	Creates an instance of a global template to be used by the specified object.
unuse	Removes the instance of a global template applied on the specified object.

The PreserveMissingInterfaces Command

The PreserveMissingInterfaces command restores the interfaces which are 'not found' to a ‘found' state. Neither the GUI nor the OSS Integration Manager Interface allow you to manage a device with ‘not found' interfaces. These have to either be discovered to be found or must be deleted individually. For more information on preserving missing interfaces, see the IP Service Activator online Help.

Syntax

The syntax for the PreserveMissingInterfaces command is:

preservemissinginterfaces object_id

where object_id is the identifier for the device, interface, or sub-interface.

For example:

Policy:"Policy"/Domain:"Oracle_Corporation"/Network:"Oracle_Corporation">ls
[3773] ParameterSetInstance:""
[3701] Device:"rot7507-4"
/Policy:"Policy"/Domain:"Oracle_Corporation"/Network:"Oracle_Corporation">preservemissinginterfaces [3701]

Path

The path should be mentioned with device object_id separated by a space.

Return

[no default]

Errors

CommandExecutionError.ERR_CommitFailure: Commit failed on command 1 preservemissinginterfaces

CommandExecutionError.ERR_IncorrectObjectForCommand: The command PreserveMissingInterfaces may not be applied to a Network

The ApplyRoleAssignmentRules Command

The ApplyRoleAssignmentRules command applies role assignment rules to devices and interfaces in the current network.

Syntax

The syntax for the ApplyRoleAssignmentRules command is:

ApplyRoleAssignmentRules

For example:

cd /Policy:"Policy"/Domain:"MyDomain"/Network:"MyDomain"
ApplyRoleAssignmentRules
commit

Path

None, as the command is applied to the current path.

Return

[no default]

Errors

If applied at objects other than a Network object, you will receive the following error or a similar error:

CommandExecutionError.ERR_IncorrectObjectForCommand: The command ApplyRoleAssignmentRules may not be applied to a Domain.

The Copy Command

The copy command creates a copy of the object and of its direct children, and links the newly-created object to a specified parent.

Note:

This command can only be used with policy rules, that is, RuleClassification, RuleAccess and RulePolicing objects.

Syntax

The syntax for the copy command is:

copy source-object-path dest-object-path

where source-object-path is the path to the source object and dest-object-path is the path to the desired destination.

For example, to copy a rule from one point in the topology to another:

copy domain:"europe"/Customer/RuleClassification:"CustomerRule" domain:"europe"/Network:"England"/RuleClassification:"NetRule"

Path

Paths for both source and destination objects must be provided. They must be separated by a space.

Return

[no default]

Errors

[no default]

The Create Command

The create command creates and names a new object. If attributes can be defined they override the default attribute settings.

The object is linked to the parent object indicated in the path statement.

Syntax

The syntax for the create command is:

create object-path [attributes]

where attributes is an optional list of attribute=value pairs which override the default attributes or supply required attributes.

For example, to create a new customer called Acme Telecom in the Europe domain:

create Domain:"europe"/Customer:"Acme Telecom" Remarks="Important Customer"

Note:

You can set the attributes of the object using either the create command or the modify command. For example:

create Customer:foo Remarks="A Customer" Reference="A Reference"

or:

create Customer:foo
Modify Customer:foo Remarks="A Customer" Reference="A Reference"

However, attributes with an access type of CreateOnly can only be set at the time the object is created. For example, if creating a virtual device:

create Device:"NLV2000" IsVirtual=False DeviceType:"Cisco2000"

IsVirtual is mandatory, DeviceType is optional. The IsVirtual attribute does not appear in the object and cannot be set later.

Path

The path to the new object, ending with the type and name of the object to be created.

Return

[no default]

Errors

The CommandExecutionError may be returned for the following reasons:

The user does not have permission to perform this command
The object cannot be created at this position

The Delete Command

The delete command removes a specified object. All children of the object are unlinked, and any orphaned children are deleted.

Syntax

The syntax for the delete command is:

delete object-path

For example:

To delete a customer called Acme Telecom in the Europe domain:
```
delete Domain:"europe"/Customer:"Acme Telecom"
```
To delete the object with an ID of 400:
```
delete [400]
```

Path

The path of the object to be deleted or its ID.

Return

[no default]

Errors

The CommandExecutionError may be returned for the following reasons:

The user does not have permission to perform this command.

The Link Command

The link command links two objects in a parent/child relationship. The parent and child objects to be linked are specified in the path.

Syntax

The syntax for the link command is:

link parent-object-path child-object-path

where parent-object-path is the path or object ID for the object becoming the parent and child-object-path is the path or object ID for the object becoming the child.

For example:

To link a child object with ID 475 to a parent object with ID 600:
```
link [600] [475]
```
To link the site “Paris" to the customer “Acme Telecom":
```
link customer:"Acme Telecom" site:"Paris"
```

Path

Paths for both parent and child objects must be provided. They must be separated by a space.

Return

[no default]

Errors

The CommandExecutionError may be returned for the following reasons:

The object types indicated cannot be linked
The user does not have permission to perform this command
The child object is already a child of the parent

The Unlink Command

The unlink command unlinks a specified child object from its parent object.

Syntax

The syntax for the unlink command is:

unlink parent-object-path child-object-path

where parent-object-path is the path or object ID for the parent object being unlinked and child-object-path is the path or object ID for the child object being unlinked.

For example, to unlink a child object with ID 400 from a parent object with ID 300:

unlink [300] [400]

Path

Paths for both parent and child objects must be provided. They must be separated by a space.

Return

[no default]

Errors

The CommandExecutionError may be returned for the following reasons:

The object types indicated cannot be unlinked
The two objects indicated are not linked

The Modify Command

The modify command modifies the attributes of the specified object.

Syntax

The syntax for the modify command is:

modify object-path parameters

where parameters is a list of attribute=value pairs which overrides the default attributes.

Attributes may be listed in any order.

For example, to change the comment and name attributes of an object with ID 200.

modify [200] comment="this is a comment" name=NewName

Note:

There is no overflow checking for attributes that are of type U32. If an entered value is negative or too large, then the attribute is changed to the overflowed value.

Path

Path of the object to be modified or its object ID.

Return

[no default]

Errors

An error in one attribute results in all attributes being rejected.

The CommandExecutionError may be returned for the following reasons:

The object or attributes are read only
The named attribute does not exist on the object

The Subscribe/Unsubscribe Commands

The subscribe/unsubscribe commands can be used to ignore certain types of objects during the lifetime of a session. For example:

They can be used when browsing through the EOM using the CLI, to reduce the amount of information displayed on screen. For example, policy elements or topology elements can be hidden.
They can be used if you want to run xmlExport for specific objects only.
They can be used when waiting for a transaction to happen (events block=true), but you want to report on certain objects only, such as ConcreteObjects.
They can be used to preserve backward compatibility. Certain types can be shown or hidden that were not available in previous versions of OIM.

Note:

Subscribe/unsubscribe are queued commands and must always be committed.

Table 2-11 lists the attributes for the subscribe/unsubscribe command.

Table 2-11 Subscribe/Unsubscribe Command Attributes

Attribute	Type	Description
type	Enum	Set to all to specify all objects. Specify an object type to subscribe or unsubscribe from a specific object type.

Syntax

The syntax for the subscribe/unsubscribe commands is:

subscribe type={object-type|all}
unsubscribe type={object-type|all}
commit

Path

[no default]

Return

[no default]

Errors

A common query is to wait for policy elements to be applied in the policy server. For example, if you commit a transaction that creates an access rule, you may want to be notified only when the concrete rule objects are created:

create RuleAccess:myRule
unsubscribe type=all 
subscribe type=ConcreteObject
subscribe type=System 
commit
events block=true

This makes sure that only events concerning concrete objects are reported. For more information on events command, see "The Events Command".

The Use Command

The use command indicates the use of a policy element (such as a PHB group) by a policy target (such as a device). This is achieved by creating an intermediary Instance object.

For example, a target can be configured to use a PHB group by creating a PHBGroupInstance object, which is the child of both the target object and the PHBGroup object.

At present, this command is used only for associating PHB groups and ParameterSetInstance objects with target objects.

Attributes are applied to the Instance object. See "The GetParameters Command".

Syntax

The syntax for the use command is:

use target-object-path policy-element-path [attributes]

For example, to specify that the PHB Group “WRR" is applied to the XYZ network:

use network:"XYZNetwork" PHBGroup:"WRR"

This creates a PHBGroupInstance object, child of both the XYZNetwork network and the WRR PHB group.

Path

The target-object-path is the path of the policy target object that is to use the policy element and policy-element-path is the path of the policy element object to be used.

Both paths must be specified separated by a space.

Return

[no default]

Errors

The CommandExecutionError may be returned for the following reasons:

One of the object types indicated cannot be a target, or cannot be applied

The Unuse Command

The unuse command removes the link between a policy element by a policy target by destroying the Instance object created by the use command.

Syntax

The syntax for the use command is:

unuse target-object-path policy-element-path

For example, to specify that the PHB Group “WRR" is no longer applied to the XYZ network:

unuse network:"XYZNetwork" PHBGroup:"WRR"

Path

The target-object-path is the path of the policy target object that is using the policy element and policy-element-path is the path of the policy element object used.

Return

[no default]

Errors

The CommandExecutionError may be returned for the following reasons:

The object type indicated cannot be unused

The Management Module

The Management Module provides commands for discovering and managing devices and subscribing to events.

Table 2-12 summarizes the commands that are available.

Table 2-12 Management Module Commands

Command	Summary
discover	Starts a device discovery operation.
manage	Changes the state of an object to Managed.
unmanage	Changes the state of an object to Unmanaged.
resetCapability	Resets the discovered capabilities for Device and Interface objects.

The Discover Command

The discover command begins a discovery operation. The discover command can be used to discover specific devices in the physical network and create new device objects to represent them, or to get the attributes of an existing device object from the physical device.

The discover command can be used in one of two ways:

An IP address and subnet mask or a DNS name can be given and the corresponding device(s) are found and linked to the network object specified in the path.
The path of an existing object can be given, and the object is rediscovered and its attributes updated if necessary.

The discover command is executed immediately rather than being queued to a transaction.

The discover command can be applied only to Devices and Networks (as modelled by IP Service Activator).

No attributes are required for parameters for a rediscovery. For a new discovery, where the path is an existing network, attributes are required.

Table 2-13 lists and describes the possible attributes for the discover command.

For more on the discover command, see "Discovering Devices", and for more information on the discovery process, see IP Service Activator User's Guide.

Table 2-13 Discover Command Attributes

Attribute	Type	Description
Type	Enum	The type of discovery to perform. Can take the following values: 0 = Refresh: performs a rediscover of all discoverable objects in the domain. 1 = Discover: performs a “normal" SNMP discovery (this is the default). 3 = LocalSegment: performs an SNMP discovery of the routers on the local segment. Note: An SNMP agent must be running on the server machine. 4 = GetCapabilities: fetches the capabilities of the discoverable objects. Note: Does not rediscover capabilities where they have already been fetched. Note: GetCapabilities will only return results when applied against Network objects, not individual Devices. 5 = Stop: stops any current discovery process.
DnsName	String	DNS name of the object to be discovered. Either this or IpAddress must be supplied when Type=Discover.
IpAddress	IpAddress	IP address of the object or subnet to be discovered. Either this or DnsName must be supplied when Type=Discover.
Mask	U32	The subnet mask of the object to be discovered. Defaults to 32.
SnmpProfileName	String	The SNMP Profile to use for discovery. Note: An error message is returned if you specify any of these parameters: ReadCommunity, Retries, Timeout, MaxRepetitions or SnmpVn, in the same command statement as SnmpProfileName.
ReadCommunity	String	The SNMP Read community of the object(s) to be discovered. Default value is public.
Retries	U32	The number of retries performed for each object. Default value is 2.
Timeout	U32	The time (in seconds) before a discovery attempt times out. Default value is 3.
SnmpVersion	Enum	SNMP version: V1V2c = both SNMP versions (default) V1 = Version 1 V2 = Version 2c
AccessStyle	String	The means of accessing and authenticating with the object - required when fetching the capabilities of each object. Valid values are: None: capabilities are not fetched NamedUser Anonymous TACACS SNMPv1 SNMPv2c SSH RSA_SSH passwordOnly If no AccessStyle parameter is set, then the discover is performed with the settings that were set previously.
InheritsSecurity	Boolean	If True, security settings are inherited from the network object. If False, security settings must be set for the command.
WriteCommunity	String	The SNMP Write community to use when fetching capabilities. Required if AccessStyle set to NamedUser, SNMPv1, or SNMPv2c.
UserName	String	The user name for login when fetching capabilities. Required if AccessStyle set to NamedUser or SSH.
LoginPassword	String	The Login password to use when fetching capabilities. Required if AccessStyle set to NamedUser, Anonymous, SSH or passwordOnly.
EnablePassword	String	The Enable password to use when fetching capabilities. Required if AccessStyle set to NamedUser, Anonymous, or SSH.
Filename	String	Path of topology import file. Not used; file import is not currently supported.
RsaPrivateKey	String	Name of private key file. Required only when AccessStyle is RSA_SSH.
MaxRepetitions	U32	Specifies the maximum number of rows that will fetch from a network resource in a single request when SNMP V2c is used for discovery. Permitted range for this filed is 1 to 100. Decrease the value of Max-Repetitions if the routers do not respond to the default value of 100.

Syntax

The syntax for the discover command is:

discover object-path [parameters]

For example:

To discover a device as a child object of the root network, assuming the root network ID has an object ID of 250:
```
discover [250] ipaddress=10.0.0.30
```

To discover all devices on a subnet:

discover [250] ipaddress=10.20.30.0 mask=24

To discover a device and get the capabilities, using anonymous login:

discover [250] ipaddress=10.0.0.30 accessstyle=anonymous loginpassword=apasswd enable password=anotherpassword

To discover a device, inheriting security settings from the network object:

discover policy:"Policy"/domain:"DDTest"/network:"DDTest" ipaddress=192.168.27.1 accessstyle="TACACS" inheritssecurity=True

To rediscover an existing device with the object ID of 500:
```
discover [500]
```

To discover a device using an SNMP Profile:

discover ipaddress=192.168.27.1 SnmpProfileName=SNMP_profile3

Path

The object-path can be one of two things. For a new discovery, object-path is the path or ID of the object that the already-discovered objects are to be linked to (must be a network object). For a rediscovery, object-path is the path or ID of the object to be rediscovered.

Return

[no default]

Errors

The CommandExecutionError may be returned for the following reasons:

Incorrect combination of attributes.
Path specified is not a discoverable object or an object a to which a discoverable object can be linked.

The Manage Command

The manage command changes the state of the specified object to Managed. This command can only be applied to a Device object.

Syntax

The syntax for the manage command is:

manage [object-path]

For example, to manage the device with an object ID of 3675:

manage [3675]

Path

The object-path is the path or object ID of the object to be managed.

Return

[no default]

Errors

The CommandExecutionError may be returned for the following reasons:

The specified object is already managed.
The object cannot be managed.

The Unmanage Command

The unmanage command changes the state of the specified object to Unmanaged. This command can only be applied to a Device object.

Syntax

The syntax for the unmanage command is:

unmanage [object-path]

For example, to unmanage the current object:

unmanage

Path

The object-path is the path or ID of the object to be unmanaged.

Return

[no default]

Errors

The CommandExecutionError may be returned for the following reasons:

The specified object is already unmanaged.
The object cannot be managed.

The ResetCapability command

The resetCapability command resets the capabilities discovered for a specific target. This command can only be applied to a Device or Interface object. Ensure that the device is in the unmanaged state before applying the resetCapability command.

After the command is applied, the capability of the target device and its child interfaces or the target Interface are linked to a default (NULL) capability.

Syntax

The syntax for the resetCapability command is:

resetCapability [object-path]

Path

The object-path is the path or ID of the Device or Interface object to be unmanaged.

Return

[no default]

Errors

The CommandExecutionError may be returned for the following reasons:

The specified object is invalid for this command.

The Navigation Module

The Navigation Module provides commands that operate on objects derived from both the policy and topology trees. Navigation commands do not alter any objects. The commands are executed directly rather than being queued in a transaction.

Table 2-14 summarizes the commands that are available.

Table 2-14 Navigation Module Commands

Command	Summary
find	Locates objects in the EOM.
findParameters	Finds objects of a particular type that have parameters with certain values.
getAttributes	Lists the attributes of an object.
getChildren	Lists the children of an object.
getID	Returns the ID of an object.
getName	Returns the name of an object.
getParameters	Returns a list of parameters that are applied to the target object.
getParents	Lists the parents of an object.
getPath	Returns the path to the current position in the EOM.
setPath	Sets the current path within the EOM.
getTargets	Returns the targets to which a ParameterSetInstance applies.
xmlExport	Retrieves a sub-tree of the EOM and outputs in XML format.

The Find Command

The find command locates an object in the object model and returns its path. The match is made against the object name and/or object attributes.

The search string may contain wildcard tokens, where an asterisk represents any number of characters and a question mark represents a single character.

The search starts at the point specified by the object path and can search up or down the topology tree.

You can use the Depth and Limit attributes to refine the scope of a search.

For more examples of using the find command, see "Finding Objects".

Table 2-15 lists the possible attributes.

Table 2-15 Find Command Attributes

Attribute	Type	Description
FindDirection	Enum	Indicates the direction of the search. Possible values are: Parent: to search upwards through the hierarchy. Child: to search downwards through the hierarchy (this is the default).
Various	Various	Attribute=value pairs on which to search. Wildcards are permitted in string arguments. This attribute is optional if an object is specified.
Depth	Integer	Limits the number of levels in the object tree hierarchy that are included in a search. For example, if you set Depth to 1, the search includes only immediate children. If Depth is not specified, a parallel search is executed across and down all siblings.
Limit	Integer	Limits the number of returned objects in order to improve the performance of the Find command. For example, setting the Limit attribute to 1 finds and returns only the first object.

Syntax

The syntax for the find command is:

find [object-path] search-string [attributes]

Values for attributes may be specified to narrow the search. Only objects matching the search string and any specified attributes are returned.

For example:

To search for interfaces with the name Serial0:
```
find . interface:"Serial0"
```
To search up the tree from the current location for any customer objects:
```
find . Customer:"*" finddirection=parent
```
To search the domain called Acme to find VPN objects starting with the string “Mari" and with an IP address starting with 212:
```
find domain:"Acme" "vpn:Mari*" direction=child ipAddress="212*" vpnType=Mesh
```
returns:
```
[276]   vpn:"Marigold"
[923]   vpn:"Mario" 
```

Path

The object-path is the path or ID of an object. If no path is given, the current object is assumed.

Return

The find command returns a list of all objects that meet the search criteria.

Errors

The CommandExecutionError may be returned for the following reasons:

The MatchConditions are malformed.
The find command could not return anything. For example, an Object Type used in the command does not exist.

The FindParameters command

The findParameters command locates an object in the object model that has parameters set to particular values and returns its path. The match is made against the object name and/or object parameters.

Parameters are applied to an object when a ParameterSetInstance object is linked to it or to a parent object from which it inherits.

The search string may contain wildcard tokens, where an asterisk represents any number of characters and a question mark represents a single character.

The search starts at the point specified by the object path and can search up or down the topology tree.

When the findParameters command is run without parameters, it has the same effect as the find command.

Table 2-16 lists the parameters that can be specified along with their corresponding attributes.

Table 2-16 FindParameters Command Parameters and Attributes

Attribute	Type	Description
Direction	Enum	Indicates the direction of the search. Possible values are: Parent: to search upwards through the hierarchy. Child: to search downwards through the hierarchy (this is the default).
Various	Various	Attribute=Value pairs on which to search. Wildcards are permitted in string arguments.

Attribute

Type

Description

Direction

Enum

Indicates the direction of the search. Possible values are:

Parent: to search upwards through the hierarchy.

Child: to search downwards through the hierarchy (this is the default).

Various

Attribute=Value pairs on which to search. Wildcards are permitted in string arguments.

Syntax

The syntax for the findParameters command is:

findParameters [object-path] search-string [parameters]

Values for parameters can be specified to narrow the search. Only objects matching the search string and any specified parameters are returned.

For example, to find all interfaces with the parameter OCH_MeasureCBQos=True:

findParameters / Interface:"*" OCH_MeasureCBQos=True

Path

The object-path is the path or ID of an object. If no path is given, the current object is assumed.

Return

The findParameters command returns a list of all the objects that meet the search criteria.

Errors

[no default]

FindParameters Command Errors

The CommandExecutionError may be returned for the following reasons:

The MatchConditions are malformed
The findParameters command could not return anything. For example, an object type used in the command does not exist

The GetAttributes command

The getAttributes command lists the attributes for a specified object.

Syntax

The syntax for the getAttributes command is:

getAttributes [object-path]

For example, the command to return the attributes for a selected EventSubscription object:

getAttributes /System:"System"/EventSubscription:"mySubscription"

returns:

    rcw String     Name                = "mySubscription"
    rcw String     Description         = ""
    rcw Boolean    Enable              = True
    rcw Boolean    SendPendingEvents   = False
    rcw Enum       DeliveryType        = SnmpTrap
    rcw String     DeliveryDetails     = ""
    rcw U32        Id                  = 2

Path

The object-path is the path or ID of an object for which the list of attributes is required. If no path is given, the current object is assumed.

Return

The getAttributes command returns a list of attributes for the specified object, including their data type and access rights (r=read, c=create, w=write).

Errors

The CommandExecutionError may be returned for the following reasons:

The object specified is not found
You do not have permission to view the object

The GetChildren command

The getChildren command lists all child objects that are linked to the specified object.

Syntax

The syntax for the getChildren command is:

getchildren [object-path]

For example, to return the children of the current object:

getChildren

returns:

[697]   domain:"zeus" 
[745]   domain:"diana" 
[211]   domain:"Aphrodite"

Path

The object-path is the path or ID of an object for which the list of children is required. If no path is given, the current object is assumed.

Return

The getChildren command returns a list of children of the specified object, returned as a sequence of objects.

Errors

The CommandExecutionError may be returned for the following reasons:

The object specified is not found

The GetID command

The getID command returns the ID of an object.

Syntax

The syntax for the getID command is:

getid [object-path]

For example, to return the ID number of the VPN called Executive:

getID /domain:"europe"/customer:"myCustomer"/vpn:"executive"

returns:

[8359]

Path

The object-object path is the path to the object for which the ID is needed. If no path is given, the current object is assumed.

Return

The getID command returns the requested object ID number.

Errors

The CommandExecutionError may be returned for the following reasons:

The object specified is not found

The GetName Command

The getName command returns the object name for the specified object.

Syntax

The syntax for the getName command is:

getName [object-path]

For example:

To return the name of the parent object:
```
getName .. 
```
To return the name of the object with an ID of 8359:
```
getName [8359]
```
The name is returned in the following format:
```
vpn:"executive"
```

Path

The object-path is the path or ID of the object for which the name is required. If no path is given, the current object is assumed.

Return

The name of the current object.

Errors

The CommandExecutionError may be returned for the following reasons:

The object specified is not found
You do not have permission to view the object

The GetParameters Command

The getParameters command retrieves a list of parameters that are applied to the target object.

Parameters are applied when "ParameterSetInstance" objects are linked to the object, or to an object higher in the hierarchy. The Levels attribute of the ParameterSetInstance object determines which type of object the parameters are applied to.

Before using the getParameters command, a parameter set must be applied using the use command. Specific values of parameters may be set using the use command, or by modifying the ParameterSetInstance object created. See "The Use Command" for further information.

Syntax

The syntax for the getParameters command is:

getParameters [object-path]

For example, to apply the parameter set object (ID=15) to a network object (ID=350):

use [350] [15] name="Instance" OCH_NetflowEnabled=True Levels=4

This creates a ParameterSetInstance object with the name "Instance" which is a child of both the Network object specified and the ParameterSet. Only the OCH_NetflowEnabled and Levels attributes are set; other attributes are set to the default value. Levels=4 means that the parameters are applied at the interface level within the specified network.

The ParameterSetInstance object created must then be linked to a DeviceRole and an InterfaceRole. For example, assuming the newly created ParameterSetInstance object has an ID of 555:

link [555] [23]
link [555] [28]

Using getParameters on one of the interfaces with the correct roles shows the applied parameters:

getParameters [2456]

Could return the following:

r-- Boolean     OCH_MeasureCBQoS     = False
r-- Boolean     OCH_MeasureCarQoSMIB = False
r-- Boolean     OCH_MeasureMIB2Stats = False
r-- Boolean     OCH_MeasureNetflowEnabled = False
r-- U32     OCH_NetflowVersion = 1
r-- U32     OCH_NetflowAggregation = 0
r-- U32     OCH_NetflowCacheSize = 0
r-- U32     OCH_NetflowTimeoutActive = 0
r-- U32     OCH_NetflowTimeoutInactive = 0

Path

The object-path is the path or ID of the object for which the list or parameters is required.

Return

Returns the parameters that are applied to the specified target object.

Errors

The CommandExecutionError may be returned for the following reasons:

The object specified is not found
You do not have permission to view the object

The GetParents command

The getParents command lists all the parents of the specified object.

Syntax

The syntax for the getParents command is:

getparents [object-path]

For example, to list the parents of the object with an ID of 8349:

getParents [8349]

The details are returned in the following format:

[653]   domain:"europe"

Path

The object-path is the path or ID of the object for which the list of parents is required. If no path is given, the current object is assumed.

Return

The getParents command returns the list of all parents of the specified objects as a sequence of objects.

Errors

The CommandExecutionError may be returned for the following reasons:

The object specified is not found
You do not have permission to view the object

The GetPath command

The getPath command returns the path to a given object ID or the current position in the object hierarchy.

Table 2-17 lists the possible attribute.

Table 2-17 getPath Command Attributes

Attribute	Type	Description
Unique	Boolean	Returns a unique path with the full ID in the path instead of the object name.

Syntax

The syntax for the getPath command is:

getPath [object-path]

For example, to return the path of the current object:

getPath

The details are returned in the following format:

/domain:"europe"/customer:"myCustomer"/vpn:"executive"

Path

The object-path is the ID of the object for which the path is required. If no value is given, the current object is assumed.

Return

The getPath command returns the current path, or the path to the given object. If an object ID was given that is in the current path or is a child of the current object, then the path returned is constructed from the current path.

If any other ID is given and there is more than one possible path to the object then a path is selected arbitrarily from the set of possible paths.

Errors

The CommandExecutionError may be returned for the following reasons:

The object specified is not found
You do not have permission to view the object

The SetPath Command

The setPath command sets the current path within the object hierarchy.

Syntax

The syntax for the setPath command is:

setPath [object-path]

For example, to set the path to the "Executive" VPN:

setPath customer:"myCustomer"/vpn:"executive"

returns:

/domain:"europe"/customer:"myCustomer"/vpn:"executive"

Path

The object-path is the path or ID of the object for which the path is to be set. Table Table 2-18 shows the symbols that may be used in the path.

Table 2-18 Symbols Used in the SetPath Command

Symbol	Description
.	Current path
..	Path to parent object
/	Object separator
Object name	Set the path to the location of the specified object
Object ID	Set the path to the location of the object with the specified ID

Return

Returns the current path.

Errors

The CommandExecutionError may be returned for the following reasons:

The object specified is not found
You do not have permission to view the object

The GetTargets command

The getTargets command retrieves the targets that a ParameterSetInstance object applies to. A ParameterSetInstance is applied to a parent object, but the parameters may be applied to other objects.

For example, if you link a ParameterSetInstance to a Network object, it would not be applied to the Network object, but to devices or interfaces that inherit from the Network object. (The usual rules of inheritance apply.) The getTargets command returns a list of those objects the ParameterSetInstance applies to.

For more information, see "Applying Parameter Sets".

Syntax

The syntax for the getTargets command is:

getTargets [object-path]

For example, to return a list of the interfaces where the ParameterSetInstance object has been applied:

getTargets [2380]

returns:

[302] Interface: "Ethernet1"
[318] Interface: "Ethernet2"

Path

The object-path is the path or ID of the ParameterSetInstance object for which the targets are required.

Return

[no default]

Errors

The CommandExecutionError may be returned for the following reasons:

The object specified is not found
You do not have permission to view the object

The XmlExport command

The xmlExport command outputs the external object model from the target object in XML format. The output is formatted as follows:

<ObjectType attribute1="value1" attribute2="value2"...>
<ObjectType attribute1="value1" attribute2="value2"...>
<ObjectType attribute1="value1" attribute2="value2"...>
</ObjectType>

If the object has children, they are shown further indented and the </ObjectType> closes the definition.

If the object has no children, the tag takes the form <ObjectType attributes.../>

Syntax

The syntax for the xmlExport command is:

xmlExport [object-path] [xmlEscape=boolean-value] [compress=boolean-value]

For example, assuming the object with an ID of 400 is a domain:

xmlExport [400] xmlEscape=true

might return:

<Domain Id="400" name"Europe">
<Customer Id="500" Name="Cust1" Remarks="A customer">
<Site Id="600" Name="Site1"/>
</Customer>
</Customer Id="700" Name="Cust2"/>
</Domain>

In this example, the domain (ID=400) has two children which are both customers. One customer (ID=500) has a child (a site), but the other customer (ID=700) does not.

Path

The object-path is the path or ID of an object. If no path is given, the current object is assumed.

Return

The xmlExport command returns details of all objects below the target object in the hierarchy in XML format.

Errors

The CommandExecutionError may be returned for the following reasons:

The object specified is not found
You do not have permission to view the object

XML Standard Encoding

The xmlEscape parameter governs whether XML standard encoding escape characters will or will not be used. In releases of IP Service Activator prior to 4.0, the same non-standard encoding scheme was used when writing attribute values on the CORBA channel. The output of the xmlExport command was not compatible with the XML standard, and could not be processed correctly by off-the-shelf libraries.

Starting with release 4.0 of IP Service Activator, the OIM now follows the XML standard way of encoding certain characters when using the ISO-8859-1 charset, as described in section 2.4 of the XML standard document.

Table 2-19 lists the escape characters used starting with release 4.0.

Table 2-19 XML Standard Escape Characters

Sequence	Character Represented
&	&
"	"
<	<
>	>

To override this new behavior and preserve the pre-4.0 release encoding, use the value false for the xmlEscape parameter.

xmlExport Compression

The compress parameter allows you to compress the data stream created and sent to the client by the xmlExport command. Using the value true for the compress parameter compresses the stream to BASE64 using the standard ZLIB format, with no header. Compression typically reduces the amount of memory used and the size of the data to 10% of its original size resulting in a decrease of execution time for the operation.

The Utility Module

The Utility Module provides commands that assist in the operation of OIM.

Table 2-20 summarizes the commands that are available:

Table 2-20 Utility Module Commands

Command	Summary
alias	Creates aliases for commands.
file	Sends the output to a file instead of giving a screen display.

The Alias command

The alias command defines an alias for a particular command. This allows you to use an alternative or a short form of a command if you prefer.

Aliases apply only to the current session; they are removed when the session terminates.

Syntax

The syntax for the alias command is:

alias [alias=command]

where alias is the alias to be used and command is the existing command for which the alias is to be used. If no parameters are entered, the alias command returns all current aliases.

For example:

To set up the alias “cd" to be used as an alternative to the setPath command:
```
alias cd=setpath
```
To list all current aliases:
```
alias
```

Path

[no default]

Return

[no default]

Errors

[no default]

The File Command

The file command sends the output to a file instead of giving a screen display.

Syntax

The syntax for the file command is:

/>find / SystemUser:"*"
     [42] SystemUser:"transactionMonitor"
     [3660] SystemUser:"mcurtis"
     [40] SystemUser:"admin"
     [2710] SystemUser:"testuser1"
     [4092] SystemUser:"steve"
     [2712] SystemUser:"testuser2"
 
/>file /tmp/SystemUser.txt find / SystemUser:"*"
 
/>exit
 -bash-3.00$ cat /tmp/SystemUser.txt
     [42] SystemUser:"transactionMonitor"
     [3660] SystemUser:"mcurtis"
     [40] SystemUser:"admin"
     [2710] SystemUser:"testuser1"
     [4092] SystemUser:"steve"
     [2712] SystemUser:"testuser2"
 -bash-3.00$

Path

[no default]

Return

[no default]

Errors

[no default]