Introduction
In this guide, we will demonstrate several useful scripts for WebADM and provide instructions on how to use them effectively.
WebADM Utilities location
Some scripts are available at:
[root@webadm1]# cd /opt/webadm/bin/
[root@webadm1 bin]# ll
total 152
-rwxr-xr-x 1 root root 1809 11 oct. 15:35 backup
-rwxr-xr-x 1 root root 6807 11 oct. 15:35 dbprune
-rwxr-xr-x 1 root root 11215 11 oct. 15:35 encrypt
-rwxr-xr-x 1 root root 10837 11 oct. 15:35 extend
-rwxr-xr-x 1 root root 4442 11 oct. 15:35 pwcrypt
-rwxr-xr-x 1 root root 837 11 oct. 15:35 restore
-rwxr-xr-x 1 root root 17177 11 oct. 15:35 setup
-rwxr-xr-x 1 root root 12626 11 oct. 15:35 verify
-rwxr-xr-x 1 root root 12186 11 oct. 15:35 webadm
-rwxr-xr-x 1 root root 56456 11 oct. 15:35 yubihsm
Additional scripts are available at:
[root@webadm1]# cd /opt/webadm/doc/scripts
[root@webadm1]# ll
total 20
-rwxr-xr-x 1 root root 787 11 oct. 19:46 backup_all
-rwxr-xr-x 1 root root 4633 11 oct. 19:46 create_cert
-rwxr-xr-x 1 root root 379 11 oct. 19:46 create_mysqldb
-rwxr-xr-x 1 root root 1655 11 oct. 19:46 repair_perms
backup
This script creates a backup of the WebADM configuration files.
[root@webadm1 bin]# ./backup
Usage: ./backup [-f] <BACKUP_FILE>
[root@webadm1 bin]# ./backup -f mybackup
Adding conf/webadm.conf... Ok
Adding conf/rsignd.conf... Ok
Adding conf/objects.xml... Ok
Adding conf/servers.xml... Ok
Adding pki... Ok
Adding logs... Ok
Adding temp... Ok
Adding conf/license.key... Ok
Adding conf/webadm.env... Ok
Adding conf/custom.crt... Ok
Adding conf/custom.key... Ok
Adding websrvs/smshub/smsc/custom1.php... Ok
Adding websrvs/smshub/smsc/custom2.php... Ok
Adding websrvs/smshub/smsc/custom3.php... Ok
Adding websrvs/smshub/smsc/custom4.php... Ok
Compressing backup file... Ok
WebADM backup created in mybackup.gz
Once the backup file is created, you can use the restore script to recover your WebADM configuration.
restore
Once you have created the backup archive, you can use the restore script to recover your WebADM configuration.
[root@webadm1 bin]# ./restore
Usage: ./restore <BACKUP_FILE>
[root@webadm1 tmp]# /opt/webadm/bin/restore mybackup.gz
Are you sure you want to restore WebADM (y/n)? y
Unpacking backup files... Ok
Checking system architecture...Ok
Setting file permissions... Ok
Adding system user to dialout group... Ok
Adding systemd service... Ok
Adding logrotate scripts... Ok
WebADM has successfully been setup.
WebADM backup restored from mybackup.gz
dbprune
This script allows you to delete database log entries older than the specified time provided as a parameter.
[root@webadm1 bin]# ./dbprune
Usage: dbprune [-y] [-t <prune time>] TABLE1 [TABLE2] ... [TABLEX]
Table 1..X is a list of WebADM SQL tables within Admin, Manag, Webapp, Websrv, Alert and Record.
Options:
-y : Do not prompt for validation (to be used with cron jobs).
-t <prune time> : Max age of SQL data retention in the form n[dmy] (ex. 1m for one month).
If no prune time is defined, the default pruning time is 3 month.
In this example, I remove database log entries older than one day:
[root@webadm1 bin]# ./dbprune -t 1d -y Websrv
Pruning log event older than 1 day in WebSrv SQL table... Ok
encrypt
This script enables you to encrypt, decrypt, and re-encrypt user metadata (WebADM metadata stored in user accounts within LDAP or SQL, depending on the configured datastore).
[root@webadm1 bin]# ./encrypt
Usage: encrypt [-e | -d |-r] [-y] [-t] [-f <search filter>] DOMAIN1 [DOMAIN2] ... [DOMAINX]
Domain 1..X is a list of WebADM Domains where LDAP users will be updated.
Options:
-e : Encrypt user data
-d : Decrypt user data (not available with HSM encryption)
-r : Recrypt user data
-y : Do not prompt for validation (to be used with cron jobs).
-t : Only list users to be updated but do not update (testing mode).
-f <search filter> : Use a custom LDAP search filter.
-c <search base> : Use a custom LDAP search base (can be used without domain list).
If no search filter is specified then any user object found in the domain(s) and which
includes the webadmAccount LDAP extension will be updated.
[root@webadm1 bin]# ./encrypt -d -f \(objectclass=webadmaccount\) rcdevsdocs
This script will help you manage the WebADM user data encryption for the
LDAP users in the provided WebADM Domain(s). Using the script you can:
1) Review user data encryption.
2) Decrypt user data (-d option - not available with HSM encryption).
3) Encrypt user data (-e option).
4) Recrypt user data (-r option).
WebADM always uses the first configured encrypt_key to encrypt user data.
If you want to change the default encrypt_key then set the new key first.
Are you sure you want to update user data (y/n)? y
Entering Domain rcdevsdocs (dc=rcdevsdocs,dc=com).
Decrypting user data for CN=Administrator,CN=Users,DC=rcdevsdocs,DC=com... Ok
Decrypting user data for CN=John Doe,CN=Users,DC=rcdevsdocs,DC=com... Ok
Decrypting user data for CN=webmaster,CN=Users,DC=rcdevsdocs,DC=com... Ok
Decrypting user data for CN=Jane Doe,CN=Office FR,DC=rcdevsdocs,DC=com... Ok
User data has been decrypted. We will now proceed to re-encrypt it:
[root@webadm1 bin]# ./encrypt -r -f \(objectclass=webadmaccount\) rcdevsdocs
Invalid domain 'Okta' (invalid LdapDN setting)
This script will help you manage the WebADM user data encryption for the
LDAP users in the provided WebADM Domain(s). Using the script you can:
1) Review user data encryption.
2) Decrypt user data (-d option - not available with HSM encryption).
3) Encrypt user data (-e option).
4) Recrypt user data (-r option).
WebADM always uses the first configured encrypt_key to encrypt user data.
If you want to change the default encrypt_key then set the new key first.
Are you sure you want to update user data (y/n)? y
Entering Domain rcdevsdocs (dc=rcdevsdocs,dc=com).
Re-encrypting user data for CN=Administrator,CN=Users,DC=rcdevsdocs,DC=com... Ok
Re-encrypting user data for CN=John Doe,CN=Users,DC=rcdevsdocs,DC=com... Ok
No user data found for CN=webmaster,CN=Users,DC=rcdevsdocs,DC=com... Ok
Re-encrypting user data for CN=Jane Doe,CN=Office FR,DC=rcdevsdocs,DC=com... Ok
Updated 3 LDAP users in 0 seconds (0 errors).
The data has now been re-encrypted.
extend
User activation and extension can be performed using this script. Its usage is similar to the encryption script.
[root@webadm1 bin]# ./extend
Usage: extend [-y] [-t] [-f <search filter>] DOMAIN1 [DOMAIN2] ... [DOMAINX]
Domain 1..X is a list of WebADM Domains where LDAP users will be extended.
Options:
-y : Do not prompt for validation (to be used with cron jobs).
-t : Only list users to be extended but do not extend (testing mode).
-u : Un-extend users (remove the webadmAccount objectclass and attributes).
-f <search filter> : Use a custom LDAP search filter.
-c <search base> : Use a custom LDAP search base (can be used without domain list).
-g <group DN> : Extend only users which are members of the group.
If no search filter is defined, all user objects without the webadmAccount
extension will be extended.
This time, I am using the -t option to list the accounts that will be extended if the request is executed.
[root@webadm1 bin]# ./extend -t -f \(objectclass=user\) rcdevsdocs
This script will activate all your LDAP users in the provided Domain(s)
by automatically adding the webadmAccount LDAP objectclass.
Once extended, a user is activated for use with WebADM applications
and it is accounted in the WebADM lincensing and user limit checks.
Are you sure you want to extend users (y/n)? y
Entering Domain rcdevsdocs (dc=rcdevsdocs,dc=com).
User CN=Administrator,CN=Users,DC=rcdevsdocs,DC=com will be extended.
User CN=John Doe,CN=Users,DC=rcdevsdocs,DC=com will be extended.
User CN=webmaster,CN=Users,DC=rcdevsdocs,DC=com will be extended.
User CN=Jane Doe,CN=Office FR,DC=rcdevsdocs,DC=com will be extended.
User CN=ldap_bind,CN=Users,DC=rcdevsdocs,DC=com will be extended.
Found 5 LDAP users to be extended in 0 seconds.
To remove the WebADM account extension in the same way, add the -u option:
[root@webadm1 bin]# ./extend -t -u -f \(objectclass=webadmAccount\) rcdevsdocs
This script will activate all your LDAP users in the provided Domain(s)
by automatically adding the webadmAccount LDAP objectclass.
Once extended, a user is activated for use with WebADM applications
and it is accounted in the WebADM lincensing and user limit checks.
Are you sure you want to extend users (y/n)? y
Entering Domain rcdevsdocs (dc=rcdevsdocs,dc=com).
User CN=Administrator,CN=Users,DC=rcdevsdocs,DC=com will be extended.
User CN=John Doe,CN=Users,DC=rcdevsdocs,DC=com will be extended.
User CN=webmaster,CN=Users,DC=rcdevsdocs,DC=com will be extended.
User CN=Jane Doe,CN=Office FR,DC=rcdevsdocs,DC=com will be extended.
Found 4 LDAP users to be extended in 0 seconds.
Remove the -t to perform the operation.
pwcrypt
This tool can be used to encrypt password values (also the encryption_key) located in webadm.conf, servers.xml, and rsignd.conf.
This feature requires an Enterprise License, and the encryption mechanism is tied to secret data in your encoded license file.
[root@webadm1 scripts]#./pwcrypt
Usage: pwcrypt [-p] SECRET
Options:
-p : Secret is prompted (secret argument is omitted)
Argument is the secret value to be encrypted for use in your config files.
The maximum password or secret length is 250 characters.
[root@webadm1 bin]# ./pwcrypt -p
This script allows to encrypt some sensitive WebADM configuration settings
like user passwords and encryption keys. You can also replace the cleartext
passwords and keys with encrypted values in webadm.conf and servers.xml.
Secret: ********
Encrypted: {wcrypt}9k7vvgQQk/XoyNyPISPBSw==
For example:
-bash-4.2#/opt/webadm/bin/pwcrypt -p
This script allows to encrypt some sensitive WebADM configuration settings
like user passwords and encryption keys. You can also replace the cleartext
passwords and keys with encrypted values in webadm.conf and servers.xml.
Secret: ****************
Encrypted: {wcrypt}Ucw4WJir9VGFzeKoTdYkOWAkO/kXIHSlkl655RyGHJc=
-bash-4.2# vi /opt/webadm/conf/rsignd.conf
#
# WebADM PKI Server Configuration
#
...
#
# Client sections
#
# Declare here the Rsign clients with IP addresses or hostnames.
# In cluster mode, the client WebADM server(s) must be defined here!
client {
hostname localhost
secret {wcrypt}Ucw4WJir9VGFzeKoTdYkOWAkO/kXIHSlkl655RyGHJc=
}
-bash-4.2# vi /opt/webadm/conf/servers.xml
<?xml version="1.0" encoding="UTF-8" ?>
<Servers>
<!--
******************************************
*** WebADM Remote Server Connections ***
******************************************
...
<!--
A PKI server (or CA) is required for signing user certificates.
The RSign PKI server is included in WebADM. So you can keep the
default settings here.
-->
<PkiServer name="PKI Server 1"
host="192.168.4.160"
port="5000"
secret="{wcrypt}Ucw4WJir9VGFzeKoTdYkOWAkO/kXIHSlkl655RyGHJc="
ca_file="" />
-bash-4.2# /opt/webadm/bin/webadm restart
setup
This script is used for the initial setup of WebADM and can be reused at any time if needed.
[root@webadm1 bin]# ./setup
Simply follow the setup script. Ensure that WebADM services are stopped before running the setup script.
verify
This script performs checks, such as verifying if user metadata is encrypted and if passwords or certificates are expired.
[root@webadm1 bin]# ./verify
Usage: verify [-y] [-f <search filter>] DOMAIN1 [DOMAIN2] ... [DOMAINX]
Domain 1..X is a list of WebADM Domains where LDAP objects will be verified.
Options:
-y : Do not prompt for validation (to be used with cron jobs).
-f <search filter> : Use a custom LDAP search filter.
-c <search base> : Use a custom LDAP search base (can be used without domain list).
If no search filter is defined, all user and group objects will be verified.
Here, we perform verification for the domain rcdevsdocs:
[root@webadm1 bin]# ./verify rcdevsdocs
This script will verify the consistency of your LDAP users and groups in the
provided Domain(s). WebADM LDAP attributes and certificates will be analysed.
Are you sure you want to verify objects (y/n)? y
Entering Domain rcdevsdocs (dc=rcdevsdocs,dc=com).
Checking group CN=Administrators,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: Yes (3 members)
Checking group CN=Users,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: Yes (3 members)
Checking group CN=Guests,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: Yes (2 members)
Checking group CN=Print Operators,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Backup Operators,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Replicator,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Remote Desktop Users,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Network Configuration Operators,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Performance Monitor Users,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Performance Log Users,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Distributed COM Users,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=IIS_IUSRS,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Cryptographic Operators,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Event Log Readers,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Certificate Service DCOM Access,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: Yes (1 members)
Checking group CN=RDS Remote Access Servers,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=RDS Endpoint Servers,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=RDS Management Servers,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Hyper-V Administrators,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Access Control Assistance Operators,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Remote Management Users,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Storage Replica Administrators,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Domain Computers,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Domain Controllers,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Schema Admins,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: Yes (1 members)
Checking WebADM group CN=Enterprise Admins,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: Yes (1 members)
Checking group CN=Cert Publishers,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: Yes (1 members)
Checking WebADM group CN=Domain Admins,CN=Users,DC=rcdevsdocs,DC=com...
> WebADM Settings are valid: Yes
> Contains members: Yes (1 members)
Checking WebADM group CN=Domain Users,CN=Users,DC=rcdevsdocs,DC=com...
> WebADM Settings are valid: Yes
> Contains members: No
Checking group CN=Domain Guests,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Group Policy Creator Owners,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: Yes (1 members)
Checking group CN=RAS and IAS Servers,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Server Operators,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Account Operators,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: Yes (2 members)
Checking group CN=Incoming Forest Trust Builders,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Windows Authorization Access Group,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: Yes (1 members)
Checking group CN=Terminal Server License Servers,CN=Builtin,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Allowed RODC Password Replication Group,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Denied RODC Password Replication Group,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: Yes (8 members)
Checking group CN=Read-only Domain Controllers,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Enterprise Read-only Domain Controllers,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Cloneable Domain Controllers,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Protected Users,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Key Admins,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Enterprise Key Admins,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=DnsAdmins,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=DnsUpdateProxy,CN=Users,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Office_Badged_Users,CN=Groups,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking group CN=Badged_Users,CN=Groups,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking WebADM group CN=Support_admins,CN=Groups,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking WebADM group CN=IT,CN=Groups,DC=rcdevsdocs,DC=com...
> WebADM Settings are valid: Yes
> Contains members: Yes (2 members)
Checking WebADM group CN=Content Author,CN=Groups,OU=Salesforce,O=External Providers,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking WebADM group CN=Content Admin,CN=Groups,OU=Salesforce,O=External Providers,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking WebADM group CN=Content Manager,CN=Groups,OU=Salesforce,O=External Providers,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking WebADM group CN=Content Viewer,CN=Groups,OU=Salesforce,O=External Providers,DC=rcdevsdocs,DC=com...
> Contains members: No
Checking WebADM group CN=testgroup,CN=Groups,OU=Salesforce,O=External Providers,DC=rcdevsdocs,DC=com...
> Contains members: Yes (2 members)
Checking group CN=Group 2,OU=Groups,OU=PingOne,O=External Providers,DC=rcdevsdocs,DC=com...
> Contains members: Yes (1 members)
Checking group CN=Group 3,OU=Groups,OU=PingOne,O=External Providers,DC=rcdevsdocs,DC=com...
> Contains members: Yes (1 members)
Checking group CN=Group 1,OU=Groups,OU=PingOne,O=External Providers,DC=rcdevsdocs,DC=com...
> Contains members: Yes (1 members)
Checking WebADM group CN=Group1,OU=Groups,OU=OneLogin,O=External Providers,DC=rcdevsdocs,DC=com...
> Contains members: Yes (1 members)
Checking WebADM group CN=Group2,OU=Groups,OU=OneLogin,O=External Providers,DC=rcdevsdocs,DC=com...
> Contains members: Yes (1 members)
Checking WebADM account CN=Administrator,CN=Users,DC=rcdevsdocs,DC=com...
> WebADM Settings are valid: Yes
> WebADM Data are valid: Yes (encrypted)
> Login certificates (4):
- /UID=Administrator/DC=rcdevsdocs/CN=CN=Administrator,CN=Users,DC=rcdevsdocs,DC=com/O=RCDevs Documentation/organizationIdentifier=VATLU-00000000: Valid (expires in 318 days)
- /UID=Administrator/DC=rcdevsdocs/CN=CN=Administrator,CN=Users,DC=rcdevsdocs,DC=com/O=RCDevs Documentation/organizationIdentifier=VATLU-00000000: Valid (expires in 220 days)
- /UID=Administrator/DC=rcdevsdocs/CN=CN=Administrator,CN=Users,DC=rcdevsdocs,DC=com/O=RCDevs Support/organizationIdentifier=VATLU-00000000: Valid (expires in 211 days)
- /UID=Administrator/DC=Default/CN=CN=Administrator,CN=Users,DC=rcdevsdocs,DC=com/O=RCDevs Support/organizationIdentifier=VATLU-00000000: Valid (expires in 195 days)
> Password expiration: Never expires
Checking user CN=Guest,CN=Users,DC=rcdevsdocs,DC=com...
> Password expiration: Never expires
Checking user CN=ADDC1,OU=Domain Controllers,DC=rcdevsdocs,DC=com...
> Password expiration: Never expires
Checking user CN=krbtgt,CN=Users,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking WebADM account CN=John Doe,CN=Users,DC=rcdevsdocs,DC=com...
> WebADM Data are valid: Yes (encrypted)
> Login certificates (2):
- /CN=rcdevsdocs\john.doe: Valid (expires in 360 days)
- /CN=rcdevsdocs\john.doe/UID=john.doe/DC=rcdevsdocs/O=RCDevs Documentation/organizationIdentifier=VATLU-00000000/SN=Doe/L=Luxembourg/GN=John/telephoneNumber=\+33612345678: Valid (expires in 220 days)
> Password expiration: Expires in 29 days!
Checking WebADM account CN=webmaster,CN=Users,DC=rcdevsdocs,DC=com...
> WebADM Settings are valid: Yes
> Password expiration: Already expired
Checking WebADM account CN=Jane Doe,CN=Office FR,DC=rcdevsdocs,DC=com...
> WebADM Settings are valid: Yes
> WebADM Data are valid: Yes (encrypted)
> Login certificates (1):
- /CN=rcdevsdocs\jane.doe/UID=jane.doe/DC=rcdevsdocs/O=RCDevs Support/organizationIdentifier=VATLU-00000000: Valid (expires in 211 days)
> Password expiration: Already expired
Checking user CN=ldap_bind,CN=Users,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking WebADM account CN=ADmin,OU=EntraID,O=External Providers,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking WebADM account CN=Sorin Radulescu,OU=EntraID,O=External Providers,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking WebADM account CN=Charly Rohart,OU=Admins,OU=EntraID,O=External Providers,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking WebADM account CN=Yoann Trauta,OU=EntraID,O=External Providers,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking WebADM account CN=Test Admin,CN=Users,OU=Salesforce,O=External Providers,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking WebADM account CN=Integration User,CN=Users,OU=Salesforce,O=External Providers,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking WebADM account CN=Automated Process,CN=Users,OU=Salesforce,O=External Providers,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking WebADM account CN=Platform Integration User,CN=Users,OU=Salesforce,O=External Providers,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking WebADM account CN=Data.com Clean,CN=Users,OU=Salesforce,O=External Providers,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking WebADM account CN=Chatter Expert,CN=Users,OU=Salesforce,O=External Providers,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking WebADM account CN=Security User,CN=Users,OU=Salesforce,O=External Providers,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking WebADM account CN=testsales2,CN=Users,OU=Salesforce,O=External Providers,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking user CN=One 1 Ping,OU=Users,OU=PingOne,O=External Providers,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking user CN=One 2 Ping,OU=Users,OU=PingOne,O=External Providers,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking WebADM account CN=Testuser Un,OU=Users,OU=OneLogin,O=External Providers,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking WebADM account CN=Testuser Deux,OU=Users,OU=OneLogin,O=External Providers,DC=rcdevsdocs,DC=com...
> Password expiration: Already expired
Checking user CN=WebADM1 Service,CN=Users,DC=rcdevsdocs,DC=com...
> Password expiration: Never expires
Verified 87 LDAP objects in 1 seconds (43 errors).
webadm
This binary is used to start, stop, and restart WebADM services. It can also check the status, version, and updates.
[root@webadm1 bin]# ./webadm
Usage: ./webadm {start|stop|restart|status|version|update}
start|stop|restart: start, stop and restart WebADM
status: check the running status of WebADM
version: display WebADM version information
update: check if there is an update available online
[root@webadm1 scripts]#webadm bin]# ./webadm status
WebADM HTTP server is running with PID 84199.
WebADM Watchd server is running with PID 84194.
WebADM Session server is running with PID 84185.
WebADM PKI server is running with PID 84192.
[root@webadm1 bin]# ./webadm version
RCDevs WebADM version 1.6.8 (64bit) built October 8 2018
yubihsm
This script can be used only if you have an HSM plugged in and configured with WebADM. It displays the HSM status, the number of HSMs connected to WebADM servers, and their serial numbers.
[root@webadm1 scripts]# /opt/webadm/bin/yubihsm
YubiHSM Unlocker tool version 1.4.3 (382c1ecf4eb60dae767412e424d001cd87ea947e)
Copyright (c) 2010-2025 RCDevs SA, All rights reserved.
Found 1 HSM device:
1) YubiHSM N° 8D9626675057: UNLOCKED
backup_all
The backup_all script is similar to the previous backup script but also includes other RCDevs products installed under the /opt/ folder.
[root@webadm1 scripts]# ./backup_all backup
Starting full backup
Are you sure you want to backup OpenOTP LDAP Bridge (y/n)? y
Adding conf/ldproxy.conf... Ok
Adding conf/ldproxy.crt... Ok
Adding conf/ldproxy.key... Ok
Adding temp... Ok
Adding logs... Ok
Adding conf/ldproxy.csr... Missing
Adding conf/ldproxy.env... Missing
Compressing backup file... Ok
OpenOTP LDAP Bridge backup created in /tmp/ldproxy.bkp.gz
Are you sure you want to backup OpenOTP RADIUS Bridge (y/n)? y
Adding conf/clients.conf... Ok
Adding conf/radiusd.conf... Ok
Adding conf/radiusd.crt... Ok
Adding conf/radiusd.key... Ok
Adding logs... Ok
Adding temp... Ok
Adding conf/radiusd.csr... Missing
Adding conf/radiusd.env... Missing
Compressing backup file... Ok
OpenOTP RADIUS Bridge backup created in /tmp/radiusd.bkp.gz
Are you sure you want to backup WebADM (y/n)? y
Adding conf/webadm.conf... Ok
Adding conf/rsignd.conf... Ok
Adding conf/objects.xml... Ok
Adding conf/servers.xml... Ok
Adding pki... Ok
Adding logs... Ok
Adding temp... Ok
Adding conf/license.key... Ok
Adding conf/webadm.env... Ok
Adding conf/custom.crt... Missing
Adding conf/custom.key... Missing
Adding websrvs/smshub/smsc/custom1.php... Ok
Adding websrvs/smshub/smsc/custom2.php... Ok
Adding websrvs/smshub/smsc/custom3.php... Ok
Adding websrvs/smshub/smsc/custom4.php... Ok
Compressing backup file... Ok
WebADM backup created in /tmp/webadm.bkp.gz
Compressing backup file... Ok
Backup created in backup.gz
create_cert
This script generates a new Certificate Signing Request (CSR) and submits it to the Rsignd service for signing. Once signed, the certificate is updated on the file system, and the WebADM service needs to be restarted.
[root@webadm1 scripts]# ./create_cert
Enter the server fully qualified host name (FQDN): webadm1.rcdevsdocs.com
Generating HTTP server private key... Ok
Creating HTTP server certificate request... Ok
Signing HTTP server certificate with WebADM CA... Ok
WebADM HTTP certificate successfully updated.
Do you want to restart WebADM (y/n)? y
Stopping WebADM HTTP server... Ok
Stopping WebADM Watchd server.......... Ok
Stopping WebADM Session server... Ok
Checking libudev dependency... Ok
Checking system architecture... Ok
Checking server configurations... Ok
Found Subscription license (RCDEVSDOCS)
Licensed by RCDevs Security SA to RCDevs Documentation
Licensed product(s): OpenOTP,SpanKey
Starting WebADM PKI service... Ok
Starting WebADM Session service... Ok
Starting WebADM Watchd service... Ok
Starting WebADM HTTP service... Ok
Checking server connections...
Connected LDAP server: ad1.rcdevsdocs.com (192.168.4.163)
Connected SQL server: SQL Server 1 (192.168.4.160)
Connected PKI server: PKI Server 1 (192.168.4.160)
Connected Mail server: SMTP Server (146.59.204.189)
Connected Session server: Session Server 2 (192.168.4.161)
Checking LDAP proxy user access... Ok
Checking SQL database access... Ok
Checking PKI service access... Ok
Checking Mail service access... Ok
Checking Cloud service access... Ok
create_mysqldb
This script creates the database, user, and password, and sets the appropriate rights for the user created on the database for WebADM. Note that MySQL packages should be installed before running this script. You can edit the script to change the database name, username, and password. By default, these three values are set to "webadm."
[root@webadm1 scripts]# cat create_mysqldb
#!/bin/bash
# This SQL script initializes the WebADM database on a MySQL Server
DATABASE="webadm"
USERNAME="webadm"
PASSWORD="webadm"
Q1="create database if not exists $DATABASE;"
Q2="grant usage on $DATABASE.* to $USERNAME@localhost identified by '$PASSWORD';"
Q3="grant all privileges on $DATABASE.* to $USERNAME@localhost;"
SQL="${Q1}${Q2}${Q3}"
mysql -u root -p -e "$SQL"
To execute this script:
[root@webadm1 scripts]# ./create_mysqldb
repair_perms
This script can be run to repair permissions on WebADM configuration files.
[root@webadm1 scripts]# ./repair_perms
Resetting WebADM file permissions... Ok