Skip to main content

groups command

This command displays and configures Active Directory groups of the primary CMM. This group information is used only when LDAP servers are enabled for authentication with local authorization.

If command syntax is not correctly entered, or if a command fails to run, an error message is returned. See Common errors for a list of error messages that apply to all commands or groups command errors for a list of error messages that are specific to the groups command.

Table 1. groups (Active Directory groups) command.

The command table is a multi-row, four-column table where each row describes a CMM CLI command option: column one lists command function, column two provides a detailed command description, column three shows command-option syntax, and column four lists valid command targets.

FunctionWhat it doesCommandTarget (see paths in Command targets)
Display all Active Directory groupsDisplays all Active Directory groups, up to 16, configured for the Lenovo Flex System chassis.groups
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Display specific Active Directory groupDisplays information for the specified Active Directory group.groups -n group_name

group_name is the unique alphanumeric string, up to 63 characters in length, that identifies the Active Directory group.

Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Add new Active Directory groupAdds a new Active Directory group.
Note
When adding a new group you must specify:
  • a unique group name using the -n command option.
  • a role-based security level for the group using the -a command option.
groups -add -n group_name -a group_authority

where:

  • group_name is a alphanumeric string up to 63 characters in length that can include periods ( . ) and underscores ( _ ). Each of the 16 group names must be unique.
  • group_authority uses the following syntax:
    • operator (Operator)
    • rbs:<em className="ph i">roles</em>:<em className="ph i">scope</em>
      where the roles are one or more of the following authority levels, separated by a vertical bar ( | ):
      • super (Supervisor)
      • cam (Chassis User Account Management)
      • clm (Chassis Log Management)
      • co (Chassis Operator)
      • cc (Chassis Configuration)
      • ca (Chassis Administration)
      • bo (Blade Operator)
      • brp (Blade Remote Present)
      • bc (Blade Configuration)
      • ba (Blade Administration)
      • so (I/O Module Operator)
      • sc (I/O Module Configuration)
      • sa (I/O Module Administration)
(continued on next page)
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Add new Active Directory group

(continued)

 

where the scope is one or more of the following devices, separated by a vertical bar ( | ). Ranges of devices are separated by a dash ( - ).

  • c n (Chassis n, where n is 1 for the Active Directory environment.)
  • b n (Blade n, where n is a valid node bay number in the chassis)
  • s n (I/O module n, where n is a valid I/O-bay number in the chassis)
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis configuration
See Commands and user authority for additional information.
 
Set Active Directory group authority levelSets the authority level for the specified Active Directory group.groups -n group_name -a group_authority

where:

  • group_name is the unique alphanumeric string, up to 63 characters in length, that identifies the Active Directory group.
  • group_authority uses the following syntax:
    • operator (Operator)
    • rbs:<em className="ph i">roles</em>:<em className="ph i">scope</em>
      where the roles are one or more of the following authority levels, separated by a vertical bar ( | ):
      • super (Supervisor)
      • cam (Chassis User Account Management)
      • clm (Chassis Log Management)
      • co (Chassis Operator)
      • cc (Chassis Configuration)
      • ca (Chassis Administration)
      • bo (Blade Operator)
      • brp (Blade Remote Present)
      • bc (Blade Configuration)
      • ba (Blade Administration)
      • so (I/O Module Operator)
      • sc (I/O Module Configuration)
      • sa (I/O Module Administration)
(continued on next page)
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Set Active Directory group authority level

(continued)

 

where the scope is one or more of the following devices, separated by a vertical bar ( | ). Ranges of devices are separated by a dash ( - ).

  • c n (Chassis n, where n is 1 for the Active Directory environment.)
  • b n (Blade n, where n is a valid node bay number in the chassis)
  • s n (I/O module n, where n is a valid I/O-bay number in the chassis)
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis configuration
See Commands and user authority for additional information.
 
Delete Active Directory groupDelete the specified Active Directory group.groups -n group_name-clear

group_name is the unique alphanumeric string, up to 63 characters in length, that identifies the Active Directory group.

This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis configuration
See Commands and user authority for additional information.
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Example: To create an Active Directory group with a group name of admin1 that has supervisor rights to all Lenovo Flex System components, while the Lenovo Flex System chassis is set as the persistent command environment, at the system> prompt, type
groups -add -n admin1 -a rbs:super -T mm[p]
To display information for the group named admin1, while the Lenovo Flex System chassis is set as the persistent command environment, at the system> prompt, type
groups -n admin1 -T mm[p]
To change the security role of the group named admin1 to blade administration with a scope of compute nodes 1 through 14 (all compute nodes), while the Lenovo Flex System chassis is set as the persistent command environment, at the system> prompt, type
groups -n admin1 -a rbs:ba:b1-b14 -T mm[p]
To delete the group named admin1, while the Lenovo Flex System chassis is set as the persistent command environment, at the system> prompt, type
groups -n admin1 -clear -T mm[p]

The following example shows the information that is returned from these commands:

system> groups -add -n admin1 -a rbs:super -T mm[p]
OK
system> groups -n admin1 -T mm[p]

-a Role:supervisor
Blades:1|2|3|4|5|6|7|8|9|10|11|12|13|14
Chassis:1
Modules:1|2|3|4

system> groups -n admin1 -a rbs:ba:b1-b14 -T mm[p]
OK
system> groups -n admin1 -clear -T mm[p]
OK
system>