dsidm - Man Page
Synopsis
dsidm [-h] [-v] [-j] [-b BASEDN] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-Z] instance {account,group,initialise,init,organizationalunit,ou,posixgroup,user,client_config,role,service,uniquegroup} ...
Positional Arguments
- dsidm account
Manage generic accounts, with tasks like modify, locking and unlocking. To create an account, see "user" subcommand instead.
- dsidm group
Manage groups. The organizationalUnit (by default "ou=groups") needs to exist prior to managing groups. Groups uses the objectclass "groupOfNames" and the grouping attribute "member"
- dsidm initialise
Initialise a backend with domain information and sample entries
- dsidm organizationalunit
Manage organizational units
- dsidm posixgroup
Manage posix groups The organizationalUnit (by default ou=groups") needs to exist prior to managing posix groups.
- dsidm user
Manage posix users. The organizationalUnit (by default "ou=people") needs to exist prior to managing users.
- dsidm client_config
Display and generate client example configs for this LDAP server
- dsidm role
Manage roles.
- dsidm service
Manage service accounts. The organizationalUnit (by default "ou=Services") needs to exist prior to managing service accounts.
- dsidm uniquegroup
Manage groups. The organizationalUnit (by default "ou=groups") needs to exist prior to managing groups. Unique groups uses the objectclass "groupOfUniqueNames" and the grouping attribute "uniquemember"
COMMAND 'dsidm account'
usage: dsidm instance account [-h]
{list,get-by-dn,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status,reset_password,change_password,bulk_update} ...
POSITIONAL ARGUMENTS 'dsidm account'
- dsidm account list
list accounts that could login to the directory
- dsidm account get-by-dn
get-by-dn <dn>
- dsidm account modify-by-dn
modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
- dsidm account rename-by-dn
rename the object
- dsidm account delete
deletes the account
- dsidm account lock
lock
- dsidm account unlock
unlock
- dsidm account entry-status
status of a single entry
- dsidm account subtree-status
status of a subtree
- dsidm account reset_password
Reset the password of an account. This should be performed by a directory admin.
- dsidm account change_password
Change the password of an account. This can be performed by any user (with correct rights)
- dsidm account bulk_update
Perform a common operation to a set of entries
COMMAND 'dsidm account list'
COMMAND 'dsidm account get-by-dn'
usage: dsidm [-v] [-j] instance account get-by-dn [-h] [dn]
- dn
The dn to get and display
COMMAND 'dsidm account modify-by-dn'
usage: dsidm [-v] [-j] instance account modify-by-dn [-h] dn changes [changes ...]
- dn
The dn to get and display
- changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm account rename-by-dn'
usage: dsidm [-v] [-j] instance account rename-by-dn [-h] [--keep-old-rdn] dn new_dn
- dn
The dn to rename
- new_dn
A new role dn
OPTIONS 'dsidm account rename-by-dn'
- --keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_role') should be kept as an attribute of the entry or not
COMMAND 'dsidm account delete'
usage: dsidm [-v] [-j] instance account delete [-h] [dn]
- dn
The dn of the account to delete
COMMAND 'dsidm account lock'
usage: dsidm [-v] [-j] instance account lock [-h] [dn]
- dn
The dn to lock
COMMAND 'dsidm account unlock'
usage: dsidm [-v] [-j] instance account unlock [-h] [dn]
- dn
The dn to unlock
COMMAND 'dsidm account entry-status'
usage: dsidm [-v] [-j] instance account entry-status [-h] [-V] [dn]
- dn
The single entry dn to check
OPTIONS 'dsidm account entry-status'
- -V, --details
Print more account policy details about the entry
COMMAND 'dsidm account subtree-status'
usage: dsidm [-v] [-j] instance account subtree-status [-h] [-V] [-f FILTER]
[-s {one,sub}] [-i]
[-o BECOME_INACTIVE_ON]
basedn
- basedn
Search base for finding entries
OPTIONS 'dsidm account subtree-status'
- -V, --details
Print more account policy details about the entries
- -f FILTER, --filter FILTER
Search filter for finding entries
- -s {one,sub}, --scope {one,sub}
Search scope (one, sub - default is sub
- -i, --inactive-only
Only display inactivated entries
- -o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON
Only display entries that will become inactive before specified date (in a format 2007-04-25T14:30)
COMMAND 'dsidm account reset_password'
usage: dsidm [-v] [-j] instance account reset_password [-h] [dn] [new_password]
- dn
The dn to reset the password for
- new_password
The new password to set
COMMAND 'dsidm account change_password'
usage: dsidm [-v] [-j] instance account change_password [-h]
[dn] [new_password]
[current_password]
- dn
The dn to change the password for
- new_password
The new password to set
- current_password
The accounts current password
COMMAND 'dsidm account bulk_update'
usage: dsidm [-v] [-j] instance account bulk_update [-h] [-f FILTER] [-s {one,sub}] [-x]
basedn changes [changes ...]
- basedn
Search base for finding entries, only the children of this DN are processed
- changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
OPTIONS 'dsidm account bulk_update'
- -f FILTER, --filter FILTER
Search filter for finding entries, default is '(objectclass=*)'
- -s {one,sub}, --scope {one,sub}
Search scope (one, sub - default is sub
- -x, --stop
Stop processing updates when an error occurs. Default is False
COMMAND 'dsidm group'
usage: dsidm instance group [-h]
{list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member} ...
POSITIONAL ARGUMENTS 'dsidm group'
- dsidm group list
list
- dsidm group get
get
- dsidm group get_dn
get_dn
- dsidm group create
create
- dsidm group delete
deletes the object
- dsidm group modify
modify <add|delete|replace>:<attribute>:<value> ...
- dsidm group rename
rename the object
- dsidm group members
List member dns of a group
- dsidm group add_member
Add a member to a group
- dsidm group remove_member
Remove a member from a group
COMMAND 'dsidm group list'
COMMAND 'dsidm group get'
usage: dsidm [-v] [-j] instance group get [-h] [selector]
- selector
The term to search for
COMMAND 'dsidm group get_dn'
usage: dsidm [-v] [-j] instance group get_dn [-h] [dn]
- dn
The dn to get
COMMAND 'dsidm group create'
usage: dsidm [-v] [-j] instance group create [-h] [--cn [CN]]
OPTIONS 'dsidm group create'
- --cn [CN]
Value of cn
COMMAND 'dsidm group delete'
usage: dsidm [-v] [-j] instance group delete [-h] [dn]
- dn
The dn to delete
COMMAND 'dsidm group modify'
usage: dsidm [-v] [-j] instance group modify [-h] selector changes [changes ...]
- selector
The cn to modify
- changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm group rename'
usage: dsidm [-v] [-j] instance group rename [-h] [--keep-old-rdn] selector new_name
- selector
The cn to rename
- new_name
A new group name
OPTIONS 'dsidm group rename'
- --keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not
COMMAND 'dsidm group members'
usage: dsidm [-v] [-j] instance group members [-h] [cn]
- cn
cn of group to list members of
COMMAND 'dsidm group add_member'
usage: dsidm [-v] [-j] instance group add_member [-h] [cn] [dn]
- cn
cn of group to add member to
- dn
dn of object to add to group as member
COMMAND 'dsidm group remove_member'
usage: dsidm [-v] [-j] instance group remove_member [-h] [cn] [dn]
- cn
cn of group to remove member from
- dn
dn of object to remove from group as member
COMMAND 'dsidm initialise'
usage: dsidm [-v] [-j] instance initialise [-h] [--version VERSION]
OPTIONS 'dsidm initialise'
- --version VERSION
The version of entries to create.
COMMAND 'dsidm organizationalunit'
usage: dsidm [-v] [-j] instance organizationalunit [-h]
{list,get,get_dn,create,delete,modify,rename} ...
POSITIONAL ARGUMENTS 'dsidm organizationalunit'
- dsidm organizationalunit list
list
- dsidm organizationalunit get
get
- dsidm organizationalunit get_dn
get_dn
- dsidm organizationalunit create
create
- dsidm organizationalunit delete
deletes the object
- dsidm organizationalunit modify
modify <add|delete|replace>:<attribute>:<value> ...
- dsidm organizationalunit rename
rename the object
COMMAND 'dsidm organizationalunit list'
usage: dsidm [-v] [-j] instance organizationalunit list [-h]
COMMAND 'dsidm organizationalunit get'
usage: dsidm [-v] [-j] instance organizationalunit get [-h] [selector]
- selector
The term to search for
COMMAND 'dsidm organizationalunit get_dn'
usage: dsidm [-v] [-j] instance organizationalunit get_dn [-h] [dn]
- dn
The dn to get
COMMAND 'dsidm organizationalunit create'
usage: dsidm [-v] [-j] instance organizationalunit create [-h] [--ou [OU]]
OPTIONS 'dsidm organizationalunit create'
- --ou [OU]
Value of ou
COMMAND 'dsidm organizationalunit delete'
usage: dsidm [-v] [-j] instance organizationalunit delete [-h] [dn]
- dn
The dn to delete
COMMAND 'dsidm organizationalunit modify'
usage: dsidm [-v] [-j] instance organizationalunit modify [-h]
selector
changes [changes ...]
- selector
The ou to modify
- changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm organizationalunit rename'
usage: dsidm [-v] [-j] instance organizationalunit rename [-h]
[--keep-old-rdn]
selector new_name
- selector
The ou to rename
- new_name
A new organizational unit name
OPTIONS 'dsidm organizationalunit rename'
- --keep-old-rdn
Specify whether the old RDN (i.e. 'ou: old_ou') should be kept as an attribute of the entry or not
COMMAND 'dsidm posixgroup'
usage: dsidm instance posixgroup [-h]
{list,get,get_dn,create,delete,modify,rename} ...
POSITIONAL ARGUMENTS 'dsidm posixgroup'
- dsidm posixgroup list
list
- dsidm posixgroup get
get
- dsidm posixgroup get_dn
get_dn
- dsidm posixgroup create
create
- dsidm posixgroup delete
deletes the object
- dsidm posixgroup modify
modify <add|delete|replace>:<attribute>:<value> ...
- dsidm posixgroup rename
rename the object
COMMAND 'dsidm posixgroup list'
COMMAND 'dsidm posixgroup get'
usage: dsidm [-v] [-j] instance posixgroup get [-h] [selector]
- selector
The term to search for
COMMAND 'dsidm posixgroup get_dn'
usage: dsidm [-v] [-j] instance posixgroup get_dn [-h] [dn]
- dn
The dn to get
COMMAND 'dsidm posixgroup create'
usage: dsidm [-v] [-j] instance posixgroup create [-h] [--cn [CN]]
[--gidNumber [GIDNUMBER]]
OPTIONS 'dsidm posixgroup create'
- --cn [CN]
Value of cn
- --gidNumber [GIDNUMBER]
Value of gidNumber
COMMAND 'dsidm posixgroup delete'
usage: dsidm [-v] [-j] instance posixgroup delete [-h] [dn]
- dn
The dn to delete
COMMAND 'dsidm posixgroup modify'
usage: dsidm [-v] [-j] instance posixgroup modify [-h] selector changes [changes ...]
- selector
The cn to modify
- changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm posixgroup rename'
usage: dsidm [-v] [-j] instance posixgroup rename [-h] [--keep-old-rdn]
selector new_name
- selector
The cn to rename
- new_name
A new posix group name
OPTIONS 'dsidm posixgroup rename'
- --keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not
COMMAND 'dsidm user'
usage: dsidm instance user [-h]
{list,get,get_dn,create,modify,rename,delete} ...
POSITIONAL ARGUMENTS 'dsidm user'
- dsidm user list
list
- dsidm user get
get
- dsidm user get_dn
get_dn
- dsidm user create
create
- dsidm user modify
modify <add|delete|replace>:<attribute>:<value> ...
- dsidm user rename
rename the object
- dsidm user delete
deletes the object
COMMAND 'dsidm user list'
COMMAND 'dsidm user get'
usage: dsidm [-v] [-j] instance user get [-h] [selector]
- selector
The term to search for
COMMAND 'dsidm user get_dn'
usage: dsidm [-v] [-j] instance user get_dn [-h] [dn]
- dn
The dn to get
COMMAND 'dsidm user create'
usage: dsidm [-v] [-j] instance user create [-h] [--uid [UID]] [--cn [CN]]
[--displayName [DISPLAYNAME]]
[--uidNumber [UIDNUMBER]]
[--gidNumber [GIDNUMBER]]
[--homeDirectory [HOMEDIRECTORY]]
OPTIONS 'dsidm user create'
- --uid [UID]
Value of uid
- --cn [CN]
Value of cn
- --displayName [DISPLAYNAME]
Value of displayName
- --uidNumber [UIDNUMBER]
Value of uidNumber
- --gidNumber [GIDNUMBER]
Value of gidNumber
- --homeDirectory [HOMEDIRECTORY]
Value of homeDirectory
COMMAND 'dsidm user modify'
usage: dsidm [-v] [-j] instance user modify [-h] selector changes [changes ...]
- selector
The uid to modify
- changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm user rename'
usage: dsidm [-v] [-j] instance user rename [-h] [--keep-old-rdn] selector new_name
- selector
The uid to modify
- new_name
A new user name
OPTIONS 'dsidm user rename'
- --keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_user') should be kept as an attribute of the entry or not
COMMAND 'dsidm user delete'
usage: dsidm [-v] [-j] instance user delete [-h] [dn]
- dn
The dn to delete
COMMAND 'dsidm client_config'
usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display} ...
POSITIONAL ARGUMENTS 'dsidm client_config'
- dsidm client_config sssd.conf
Generate a SSSD configuration for this LDAP server
- dsidm client_config ldap.conf
Generate an OpenLDAP ldap.conf configuration for this LDAP server
- dsidm client_config display
Display generic application parameters for LDAP connection
COMMAND 'dsidm client_config sssd.conf'
usage: dsidm instance client_config sssd.conf [-h] [allowed_group]
- allowed_group
The name of the group allowed access to this system
COMMAND 'dsidm client_config ldap.conf'
usage: dsidm instance client_config ldap.conf [-h]
COMMAND 'dsidm client_config display'
usage: dsidm instance client_config display [-h]
COMMAND 'dsidm role'
usage: dsidm [-v] [-j] instance role [-h]
{list,get,get-by-dn,create-managed,create-filtered,create-nested,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status} ...
POSITIONAL ARGUMENTS 'dsidm role'
- dsidm role list
list roles that could login to the directory
- dsidm role get
get
- dsidm role get-by-dn
get-by-dn <dn>
- dsidm role create-managed
create
- dsidm role create-filtered
create
- dsidm role create-nested
create
- dsidm role modify-by-dn
modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
- dsidm role rename-by-dn
rename the object
- dsidm role delete
deletes the role
- dsidm role lock
lock
- dsidm role unlock
unlock
- dsidm role entry-status
status of a single entry
- dsidm role subtree-status
status of a subtree
COMMAND 'dsidm role list'
COMMAND 'dsidm role get'
usage: dsidm [-v] [-j] instance role get [-h] [selector]
- selector
The term to search for
COMMAND 'dsidm role get-by-dn'
usage: dsidm [-v] [-j] instance role get-by-dn [-h] [dn]
- dn
The dn to get and display
COMMAND 'dsidm role create-managed'
usage: dsidm [-v] [-j] instance role create-managed [-h] [--cn [CN]]
OPTIONS 'dsidm role create-managed'
- --cn [CN]
Value of cn
COMMAND 'dsidm role create-filtered'
usage: dsidm [-v] [-j] instance role create-filtered [-h] [--cn [CN]]
OPTIONS 'dsidm role create-filtered'
- --cn [CN]
Value of cn
COMMAND 'dsidm role create-nested'
usage: dsidm [-v] [-j] instance role create-nested [-h] [--cn [CN]]
[--nsRoleDN [NSROLEDN]]
OPTIONS 'dsidm role create-nested'
- --cn [CN]
Value of cn
- --nsRoleDN [NSROLEDN]
Value of nsRoleDN
COMMAND 'dsidm role modify-by-dn'
usage: dsidm [-v] [-j] instance role modify-by-dn [-h]
dn changes [changes ...]
- dn
The dn to modify
- changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm role rename-by-dn'
usage: dsidm [-v] [-j] instance role rename-by-dn [-h] [--keep-old-rdn]
dn new_dn
- dn
The dn to rename
- new_dn
A new account dn
OPTIONS 'dsidm role rename-by-dn'
- --keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_account') should be kept as an attribute of the entry or not
COMMAND 'dsidm role delete'
usage: dsidm [-v] [-j] instance role delete [-h] [dn]
- dn
The dn of the role to delete
COMMAND 'dsidm role lock'
usage: dsidm [-v] [-j] instance role lock [-h] [dn]
- dn
The dn to lock
COMMAND 'dsidm role unlock'
usage: dsidm [-v] [-j] instance role unlock [-h] [dn]
- dn
The dn to unlock
COMMAND 'dsidm role entry-status'
usage: dsidm [-v] [-j] instance role entry-status [-h] [dn]
- dn
The single entry dn to check
COMMAND 'dsidm role subtree-status'
usage: dsidm [-v] [-j] instance role subtree-status [-h] [-f FILTER]
[-s {base,one,sub}]
basedn
- basedn
Search base for finding entries
OPTIONS 'dsidm role subtree-status'
- -f FILTER, --filter FILTER
Search filter for finding entries
- -s {base,one,sub}, --scope {base,one,sub}
Search scope (base, one, sub - default is sub
COMMAND 'dsidm service'
usage: dsidm [-v] [-j] instance service [-h]
{list,get,get_dn,create,modify,rename,delete} ...
POSITIONAL ARGUMENTS 'dsidm service'
- dsidm service list
list
- dsidm service get
get
- dsidm service get_dn
get_dn
- dsidm service create
create
- dsidm service modify
modify <add|delete|replace>:<attribute>:<value> ...
- dsidm service rename
rename the object
- dsidm service delete
deletes the object
COMMAND 'dsidm service list'
COMMAND 'dsidm service get'
usage: dsidm [-v] [-j] instance service get [-h] [selector]
- selector
The term to search for
COMMAND 'dsidm service get_dn'
usage: dsidm [-v] [-j] instance service get_dn [-h] [dn]
- dn
The dn to get
COMMAND 'dsidm service create'
usage: dsidm [-v] [-j] instance service create [-h] [--cn [CN]]
[--description [DESCRIPTION]]
OPTIONS 'dsidm service create'
- --cn [CN]
Value of cn
- --description [DESCRIPTION]
Value of description
COMMAND 'dsidm service modify'
usage: dsidm [-v] [-j] instance service modify [-h]
selector changes [changes ...]
- selector
The cn to modify
- changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm service rename'
usage: dsidm [-v] [-j] instance service rename [-h] [--keep-old-rdn]
selector new_name
- selector
The cn to modify
- new_name
A new service name
OPTIONS 'dsidm service rename'
- --keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_service') should be kept as an attribute of the entry or not
COMMAND 'dsidm service delete'
usage: dsidm [-v] [-j] instance service delete [-h] [dn]
- dn
The dn to delete
COMMAND 'dsidm uniquegroup'
usage: dsidm instance uniquegroup [-h]
{list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member} ...
POSITIONAL ARGUMENTS 'dsidm uniquegroup'
- dsidm uniquegroup list
list
- dsidm uniquegroup get
get
- dsidm uniquegroup get_dn
get_dn
- dsidm uniquegroup create
create
- dsidm uniquegroup delete
deletes the object
- dsidm uniquegroup modify
modify <add|delete|replace>:<attribute>:<value> ...
- dsidm uniquegroup rename
rename the object
- dsidm uniquegroup members
List member dns of a group
- dsidm uniquegroup add_member
Add a member to a group
- dsidm uniquegroup remove_member
Remove a member from a group
COMMAND 'dsidm uniquegroup list'
COMMAND 'dsidm uniquegroup get'
usage: dsidm [-v] [-j] instance uniquegroup get [-h] [selector]
- selector
The term to search for
COMMAND 'dsidm uniquegroup get_dn'
usage: dsidm [-v] [-j] instance uniquegroup get_dn [-h] [dn]
- dn
The dn to get
COMMAND 'dsidm uniquegroup create'
usage: dsidm [-v] [-j] instance uniquegroup create [-h] [--cn [CN]]
OPTIONS 'dsidm uniquegroup create'
- --cn [CN]
Value of cn
COMMAND 'dsidm uniquegroup delete'
usage: dsidm [-v] [-j] instance uniquegroup delete [-h] [dn]
- dn
The dn to delete
COMMAND 'dsidm uniquegroup modify'
usage: dsidm [-v] [-j] instance uniquegroup modify [-h] selector changes [changes ...]
- selector
The cn to modify
- changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm uniquegroup rename'
usage: dsidm [-v] [-j] instance uniquegroup rename [-h] [--keep-old-rdn]
selector new_name
- selector
The cn to rename
- new_name
A new group name
OPTIONS 'dsidm uniquegroup rename'
- --keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not
COMMAND 'dsidm uniquegroup members'
usage: dsidm [-v] [-j] instance uniquegroup members [-h] [cn]
- cn
cn of group to list members of
COMMAND 'dsidm uniquegroup add_member'
usage: dsidm [-v] [-j] instance uniquegroup add_member [-h] [cn] [dn]
- cn
cn of group to add member to
- dn
dn of object to add to group as member
COMMAND 'dsidm uniquegroup remove_member'
usage: dsidm [-v] [-j] instance uniquegroup remove_member [-h] [cn] [dn]
- cn
cn of group to remove member from
- dn
dn of object to remove from group as member
Options
- -v, --verbose
Display verbose operation tracing during command execution
- -j, --json
Return result in JSON object
- -b BASEDN, --basedn BASEDN
Base DN (root naming context) of the instance to manage
- -D BINDDN, --binddn BINDDN
The account to bind as for executing operations
- -w BINDPW, --bindpw BINDPW
Password for the bind DN
- -W, --prompt
Prompt for password of the bind DN
- -y PWDFILE, --pwdfile PWDFILE
Specifies a file containing the password of the bind DN
- -Z, --starttls
Connect with StartTLS
Author
Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org>
Distribution
The latest version of lib389 may be downloaded from http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html