NetBackup™ Commands Reference Guide
- Introduction
- Appendix A. NetBackup Commands
- acsd
- backupdbtrace
- backuptrace
- bmrc
- bmrconfig
- bmrepadm
- bmrprep
- bmrs
- bmrsrtadm
- bp
- bparchive
- bpbackup
- bpbackupdb
- bpcatarc
- bpcatlist
- bpcatres
- bpcatrm
- bpcd
- bpchangeprimary
- bpcleanrestore
- bpclient
- bpclimagelist
- bpclntcmd
- bpclusterutil
- bpcompatd
- bpconfig
- bpdbjobs
- bpdbm
- bpdgclone
- bpdown
- bpduplicate
- bperror
- bpexpdate
- bpfis
- bpflist
- bpgetconfig
- bpgetdebuglog
- bpimage
- bpimagelist
- bpimmedia
- bpimport
- bpinst
- bpkeyfile
- bpkeyutil
- bplabel
- bplist
- bpmedia
- bpmedialist
- bpminlicense
- bpnbat
- bpnbaz
- bppficorr
- bpplcatdrinfo
- bpplclients
- bppldelete
- bpplinclude
- bpplinfo
- bppllist
- bpplsched
- bpplschedrep
- bpplschedwin
- bppolicynew
- bpps
- bprd
- bprecover
- bprestore
- bpretlevel
- bpschedule
- bpschedulerep
- bpsetconfig
- bpstsinfo
- bpstuadd
- bpstudel
- bpstulist
- bpsturep
- bptestbpcd
- bptestnetconn
- bpup
- bpverify
- cat_convert
- cat_export
- cat_import
- configureCerts
- configureMQ
- configureWebServerCerts
- create_nbdb
- csconfig cldinstance
- csconfig cldprovider
- csconfig meter
- csconfig reinitialize
- csconfig throttle
- duplicatetrace
- importtrace
- jbpSA
- jnbSA
- ltid
- mklogdir
- msdpcldutil
- nbauditreport
- nbcallhomeproxyconfig
- nbcatsync
- NBCC
- NBCCR
- nbcertcmd
- nbcertupdater
- nbcldutil
- nbcmdrun
- nbcomponentupdate
- nbcplogs
- nbcredkeyutil
- nbdb_admin
- nbdb_backup
- nbdb_move
- nbdb_ping
- nbdb_restore
- nbdb_unload
- nbdb2adutl
- nbdbms_start_server
- nbdbms_start_stop
- nbdc
- nbdecommission
- nbdelete
- nbdeployutil
- nbdevconfig
- nbdevquery
- nbdiscover
- nbdna
- nbemm
- nbemmcmd
- nbepicfile
- nbfindfile
- nbfirescan
- nbfp
- nbftadm
- nbftconfig
- nbgetconfig
- nbhba
- nbholdutil
- nbhostidentity
- nbhostmgmt
- nbhypervtool
- nbidpcmd
- nbimageshare
- nbinstallcmd
- nbjm
- nbkmiputil
- nbkmscmd
- nbkmsutil
- nboraadm
- nborair
- nboracmd
- nbpem
- nbpemreq
- nbmariadb
- nbmlb
- nbperfchk
- nbplupgrade
- nbrb
- nbrbutil
- nbreplicate
- nbrepo
- nbrestorevm
- nbseccmd
- nbserviceusercmd
- nbsetconfig
- nbshvault
- nbsmartdiag
- nbsnapimport
- nbsnapreplicate
- nbsqladm
- nbsqlite
- nbstl
- nbstlutil
- nbstop
- nbsu
- nbsvrgrp
- netbackup_deployment_insights
- resilient_clients
- restoretrace
- stopltid
- tldd
- tldcd
- tpautoconf
- tpclean
- tpconfig
- tpext
- tpreq
- tpunmount
- verifytrace
- vltadm
- vltcontainers
- vlteject
- vltinject
- vltoffsitemedia
- vltopmenu
- vltrun
- vmadd
- vmchange
- vmcheckxxx
- vmd
- vmdelete
- vmoprcmd
- vmphyinv
- vmpool
- vmquery
- vmrule
- vmupdate
- vnetd
- vssat
- vwcp_manage
- vxlogcfg
- vxlogmgr
- vxlogview
- W2KOption
Name
nbidpcmd — configure an identity provider (IDP), SAML certificate, and keystore on the NetBackup master server to use with the Single Sign-On (SSO) method.
SYNOPSIS
For IDP configuration and NetBackup CA SAML keystore configuration, use the following command:
-ac -n IDP configuration name -mxp IDP XML metadata file [-t SAML2] [-e true | false] [-u IDP user field] [-g IDP user group field] [-M master_server] [-cCert] [-f]
For IDP configuration and ECA SAML keystore configuration, either of the commands shown can be used:
Use NetBackup ECA configured keystore for SAML keystore configuration:
-ac -n IDP configuration name -mxp IDP XML metadata file [-t SAML2] [-e true | false] [-u IDP user field] [-g IDP user group field] [-M master_server] -cECACert -uECA [-f]
Use ECA certificate chain and private key provided by user for SAML keystore configuration:
-ac -n IDP configuration name -mxp IDP XML metadata file [-t SAML2] [-e true | false] [-u IDP user field] [-g IDP user group field] [-M master_server] -cECACert -certPEM Certificate Chain File -privKeyPath Private Key File [-ksPassPath Keystore Passkey File] [-f]
-cCert [-f]
-cECACert -uECA use existing ECA configuration [-f force_option] [-M master_server]
-cECACert -certPEM Certificate Chain File -privKeyPath Private Key File -ksPassPath Keystore Passkey File [-f force_option] [-M master_server]
-dc -n IDP configuration name [-M master_server]
-dCert
-dECACert
-rCert
-sc -n IDP configuration name [-M master_server]
-scl [-M master_server]
-uc -n IDP configuration name {-mxp IDP XML metadata file| -e true | false} [-M master_server]
-v [-M master_server]
On UNIX systems, the directory path to this command is /usr/openv/netbackup/bin/
On Windows systems, the directory path to this command is install_path\NetBackup\bin\
DESCRIPTION
The nbidpcmd command can add, modify, list, and delete the configuration for identity providers on the NetBackup master server. Additionally, use the command to add, update, renew, and delete NetBackup CA and ECA SAML certificate and keystore.
OPTIONS
- -ac
Adds a configuration for an identity provider. Use the -e option to enable an IDP configuration.
- -cCert
Configures SAML certificates and keystore.
- -cECACert
Configures SAML external CA keystore.
- -certPEM Certificate Chain File
Specifies certificate chain file path. The file must be in PEM format and must be accessible to the master server that performs the configuration.
- -dc
Deletes the configuration of the identity provider with the specified ID.
- -dCert
Remove the SAML certificate and keystore.
- -dECACert
Remove the SAML external CA configured keystore.
- -e true | false
Enables or disables the identity provider configuration. An IDP must be available and enabled otherwise users cannot sign in with the Single Sign-On (SSO) option.
true = Enable
false = Disable
- -f
Specifies whether to overwrite the existing SAML keystore.
- -ksPassPath Keystore Passkey File
Specifies the password file path for the keystore. The file must be accessible to the master server that performs the configuration.
- -M master_server
The master server to which you want to add or modify the identity provider configuration. The default is the NetBackup server master where you run the command.
- -mxp IDP XML metadata file
The metadata file that contains configuration details for the identity provider, in Base64-encoded format.
- -n IDP configuration name
The unique name of the identity provider.
- -privKeyPath Private Key File
Specifies the private key file path for the certificate. The file must be in PEM format and must be accessible to the master server that performs the configuration.
- -rCert
Renews the SAML certificate and key-pair and updates the SAML keystore with the renewed key-pair certificate.
- -sc
Display the details for the configured identity provider with the specified ID. If the ID is not provided the details of all the configured identity providers are listed. Or, use -scl to display a specific identity provider.
- -scl
Display the details for all the configured identity providers. Use -sc -n to display a specific identity provider.
- -t SAML2
Indicates the type of protocol that the identity provider supports. The following types are supported: SAML2.
- -u IDP user field, -g IDP user group field
Retrieves the fields from the SAML assertion that are the primary keys for the user and the user group. You can specify these fields together or individually.
If these fields are not provided, the default values are userPrincipalName and memberOf.
The IDP user field and the IDP user group field are the IDP SAML attribute names mapped to the userPrincipalName and the memberOf attributes of the AD or LDAP.
The values entered for the -u IDP user field and -g IDP user group field are case sensitive and must exactly match the corresponding mapped SAML attributes on the IDP Host.
Ensure that the SAML attribute names are defined in the format of username@domainname and (CN=group name, DC=domainname) respectively.
- -uc
Updates the details for the configured identity provider with the specified ID. In addition to the -n option, you must use the -mxp or the -e option, or both options.
- -uECA
Specifies whether to configure external CA-signed SAML keystore from the existing external CA certificate that is configured in NetBackup.
- -v
Shows the version of the nbidpcmd utility.