dsidm - Man Page

Synopsis

dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-Z] [-j] instance {account,group,initialise,init,organizationalunit,ou,posixgroup,user,client_config,role,service} ...

Positional Arguments

dsidm account

Manage generic accounts, with tasks like modify, locking and unlocking. To create an account, see "user" subcommand instead.

dsidm group

Manage groups

dsidm initialise

Initialise a backend with domain information and sample entries

dsidm organizationalunit

Manage organizational units

dsidm posixgroup

Manage posix groups

dsidm user

Manage posix users

dsidm client_config

Display and generate client example configs for this LDAP server

dsidm role

Manage roles.

dsidm service

Manage service accounts

COMMAND 'dsidm account'

usage: dsidm instance account [-h]
                             {list,get-by-dn,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status,reset_password,change_password,bulk_update}
                             ...

POSITIONAL ARGUMENTS 'dsidm account'

dsidm account list

list accounts that could login to the directory

dsidm account get-by-dn

get-by-dn <dn>

dsidm account modify-by-dn

modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...

dsidm account rename-by-dn

rename the object

dsidm account delete

deletes the account

dsidm account lock

lock

dsidm account unlock

unlock

dsidm account entry-status

status of a single entry

dsidm account subtree-status

status of a subtree

dsidm account reset_password

Reset the password of an account. This should be performed by a directory admin.

dsidm account change_password

Change the password of an account. This can be performed by any user (with correct rights)

dsidm account bulk_update

Perform a common operation to a set of entries

COMMAND 'dsidm account list'

usage: dsidm instance account list [-h]

COMMAND 'dsidm account get-by-dn'

usage: dsidm instance account get-by-dn [-h] [dn]

dn

The dn to get and display

COMMAND 'dsidm account modify-by-dn'

usage: dsidm instance account modify-by-dn [-h] dn changes [changes ...]

dn

The dn to get and display

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

COMMAND 'dsidm account rename-by-dn'

usage: dsidm instance account rename-by-dn [-h] [--keep-old-rdn] dn new_dn

dn

The dn to rename

new_dn

A new role dn

OPTIONS 'dsidm account rename-by-dn'

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_role') should be kept as an attribute of the entry or not

COMMAND 'dsidm account delete'

usage: dsidm instance account delete [-h] [dn]

dn

The dn of the account to delete

COMMAND 'dsidm account lock'

usage: dsidm instance account lock [-h] [dn]

dn

The dn to lock

COMMAND 'dsidm account unlock'

usage: dsidm instance account unlock [-h] [dn]

dn

The dn to unlock

COMMAND 'dsidm account entry-status'

usage: dsidm instance account entry-status [-h] [-V] [dn]

dn

The single entry dn to check

OPTIONS 'dsidm account entry-status'

-V,  --details

Print more account policy details about the entry

COMMAND 'dsidm account subtree-status'

usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
                                            [-s {one,sub}] [-i]
                                            [-o BECOME_INACTIVE_ON]
                                            basedn

basedn

Search base for finding entries

OPTIONS 'dsidm account subtree-status'

-V, --details

Print more account policy details about the entries

-f FILTER, --filter FILTER

Search filter for finding entries

-s {one,sub}, --scope {one,sub}

Search scope (one, sub - default is sub

-i, --inactive-only

Only display inactivated entries

-o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON

Only display entries that will become inactive before specified date (in a format 2007-04-25T14:30)

COMMAND 'dsidm account reset_password'

usage: dsidm instance account reset_password [-h] [dn] [new_password]

dn

The dn to reset the password for

new_password

The new password to set

COMMAND 'dsidm account change_password'

usage: dsidm instance account change_password [-h]
                                             [dn] [new_password]
                                             [current_password]

dn

The dn to change the password for

new_password

The new password to set

current_password

The accounts current password

COMMAND 'dsidm account bulk_update'

usage: dsidm instance account bulk_update [-h] [-f FILTER] [-s {one,sub}] [-x]
                                         basedn changes [changes ...]

basedn

Search base for finding entries, only the children of this DN are processed

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm account bulk_update'

-f FILTER, --filter FILTER

Search filter for finding entries, default is '(objectclass=*)'

-s {one,sub}, --scope {one,sub}

Search scope (one, sub - default is sub

-x,  --stop

Stop processing updates when an error occurs. Default is False

COMMAND 'dsidm group'

usage: dsidm instance group [-h]
                           {list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member}
                           ...

POSITIONAL ARGUMENTS 'dsidm group'

dsidm group list

list

dsidm group get

get

dsidm group get_dn

get_dn

dsidm group create

create

dsidm group delete

deletes the object

dsidm group modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm group rename

rename the object

dsidm group members

List member dns of a group

dsidm group add_member

Add a member to a group

dsidm group remove_member

Remove a member from a group

COMMAND 'dsidm group list'

usage: dsidm instance group list [-h]

COMMAND 'dsidm group get'

usage: dsidm instance group get [-h] [selector]

selector

The term to search for

COMMAND 'dsidm group get_dn'

usage: dsidm instance group get_dn [-h] [dn]

dn

The dn to get

COMMAND 'dsidm group create'

usage: dsidm instance group create [-h] [--cn [CN]]

OPTIONS 'dsidm group create'

--cn [CN]

Value of cn

COMMAND 'dsidm group delete'

usage: dsidm instance group delete [-h] [dn]

dn

The dn to delete

COMMAND 'dsidm group modify'

usage: dsidm instance group modify [-h] selector changes [changes ...]

selector

The cn to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

COMMAND 'dsidm group rename'

usage: dsidm instance group rename [-h] [--keep-old-rdn] selector new_name

selector

The cn to rename

new_name

A new group name

OPTIONS 'dsidm group rename'

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not

COMMAND 'dsidm group members'

usage: dsidm instance group members [-h] [cn]

cn

cn of group to list members of

COMMAND 'dsidm group add_member'

usage: dsidm instance group add_member [-h] [cn] [dn]

cn

cn of group to add member to

dn

dn of object to add to group as member

COMMAND 'dsidm group remove_member'

usage: dsidm instance group remove_member [-h] [cn] [dn]

cn

cn of group to remove member from

dn

dn of object to remove from group as member

COMMAND 'dsidm initialise'

usage: dsidm instance initialise [-h] [--version VERSION]

OPTIONS 'dsidm initialise'

--version VERSION

The version of entries to create.

COMMAND 'dsidm organizationalunit'

usage: dsidm instance organizationalunit [-h]
                                        {list,get,get_dn,create,delete,modify,rename}
                                        ...

POSITIONAL ARGUMENTS 'dsidm organizationalunit'

dsidm organizationalunit list

list

dsidm organizationalunit get

get

dsidm organizationalunit get_dn

get_dn

dsidm organizationalunit create

create

dsidm organizationalunit delete

deletes the object

dsidm organizationalunit modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm organizationalunit rename

rename the object

COMMAND 'dsidm organizationalunit list'

usage: dsidm instance organizationalunit list [-h]

COMMAND 'dsidm organizationalunit get'

usage: dsidm instance organizationalunit get [-h] [selector]

selector

The term to search for

COMMAND 'dsidm organizationalunit get_dn'

usage: dsidm instance organizationalunit get_dn [-h] [dn]

dn

The dn to get

COMMAND 'dsidm organizationalunit create'

usage: dsidm instance organizationalunit create [-h] [--ou [OU]]

OPTIONS 'dsidm organizationalunit create'

--ou [OU]

Value of ou

COMMAND 'dsidm organizationalunit delete'

usage: dsidm instance organizationalunit delete [-h] [dn]

dn

The dn to delete

COMMAND 'dsidm organizationalunit modify'

usage: dsidm instance organizationalunit modify [-h]
                                               selector changes [changes ...]

selector

The ou to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

COMMAND 'dsidm organizationalunit rename'

usage: dsidm instance organizationalunit rename [-h] [--keep-old-rdn]
                                               selector new_name

selector

The ou to rename

new_name

A new organizational unit name

OPTIONS 'dsidm organizationalunit rename'

--keep-old-rdn

Specify whether the old RDN (i.e. 'ou: old_ou') should be kept as an attribute of the entry or not

COMMAND 'dsidm posixgroup'

usage: dsidm instance posixgroup [-h]
                                {list,get,get_dn,create,delete,modify,rename}
                                ...

POSITIONAL ARGUMENTS 'dsidm posixgroup'

dsidm posixgroup list

list

dsidm posixgroup get

get

dsidm posixgroup get_dn

get_dn

dsidm posixgroup create

create

dsidm posixgroup delete

deletes the object

dsidm posixgroup modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm posixgroup rename

rename the object

COMMAND 'dsidm posixgroup list'

usage: dsidm instance posixgroup list [-h]

COMMAND 'dsidm posixgroup get'

usage: dsidm instance posixgroup get [-h] [selector]

selector

The term to search for

COMMAND 'dsidm posixgroup get_dn'

usage: dsidm instance posixgroup get_dn [-h] [dn]

dn

The dn to get

COMMAND 'dsidm posixgroup create'

usage: dsidm instance posixgroup create [-h] [--cn [CN]]
                                       [--gidNumber [GIDNUMBER]]

OPTIONS 'dsidm posixgroup create'

--cn [CN]

Value of cn

--gidNumber [GIDNUMBER]

Value of gidNumber

COMMAND 'dsidm posixgroup delete'

usage: dsidm instance posixgroup delete [-h] [dn]

dn

The dn to delete

COMMAND 'dsidm posixgroup modify'

usage: dsidm instance posixgroup modify [-h] selector changes [changes ...]

selector

The cn to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

COMMAND 'dsidm posixgroup rename'

usage: dsidm instance posixgroup rename [-h] [--keep-old-rdn]
                                       selector new_name

selector

The cn to rename

new_name

A new posix group name

OPTIONS 'dsidm posixgroup rename'

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not

COMMAND 'dsidm user'

usage: dsidm instance user [-h]
                          {list,get,get_dn,create,modify,rename,delete} ...

POSITIONAL ARGUMENTS 'dsidm user'

dsidm user list

list

dsidm user get

get

dsidm user get_dn

get_dn

dsidm user create

create

dsidm user modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm user rename

rename the object

dsidm user delete

deletes the object

COMMAND 'dsidm user list'

usage: dsidm instance user list [-h]

COMMAND 'dsidm user get'

usage: dsidm instance user get [-h] [selector]

selector

The term to search for

COMMAND 'dsidm user get_dn'

usage: dsidm instance user get_dn [-h] [dn]

dn

The dn to get

COMMAND 'dsidm user create'

usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
                                 [--displayName [DISPLAYNAME]]
                                 [--uidNumber [UIDNUMBER]]
                                 [--gidNumber [GIDNUMBER]]
                                 [--homeDirectory [HOMEDIRECTORY]]

OPTIONS 'dsidm user create'

--uid [UID]

Value of uid

--cn [CN]

Value of cn

--displayName [DISPLAYNAME]

Value of displayName

--uidNumber [UIDNUMBER]

Value of uidNumber

--gidNumber [GIDNUMBER]

Value of gidNumber

--homeDirectory [HOMEDIRECTORY]

Value of homeDirectory

COMMAND 'dsidm user modify'

usage: dsidm instance user modify [-h] selector changes [changes ...]

selector

The uid to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

COMMAND 'dsidm user rename'

usage: dsidm instance user rename [-h] [--keep-old-rdn] selector new_name

selector

The uid to modify

new_name

A new user name

OPTIONS 'dsidm user rename'

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_user') should be kept as an attribute of the entry or not

COMMAND 'dsidm user delete'

usage: dsidm instance user delete [-h] [dn]

dn

The dn to delete

COMMAND 'dsidm client_config'

usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display} ...

POSITIONAL ARGUMENTS 'dsidm client_config'

dsidm client_config sssd.conf

Generate a SSSD configuration for this LDAP server

dsidm client_config ldap.conf

Generate an OpenLDAP ldap.conf configuration for this LDAP server

dsidm client_config display

Display generic application parameters for LDAP connection

COMMAND 'dsidm client_config sssd.conf'

usage: dsidm instance client_config sssd.conf [-h] [allowed_group]

allowed_group

The name of the group allowed access to this system

COMMAND 'dsidm client_config ldap.conf'

usage: dsidm instance client_config ldap.conf [-h]

COMMAND 'dsidm client_config display'

usage: dsidm instance client_config display [-h]

COMMAND 'dsidm role'

usage: dsidm instance role [-h]
                          {list,get,get-by-dn,create-managed,create-filtered,create-nested,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status}
                          ...

POSITIONAL ARGUMENTS 'dsidm role'

dsidm role list

list roles that could login to the directory

dsidm role get

get

dsidm role get-by-dn

get-by-dn <dn>

dsidm role create-managed

create

dsidm role create-filtered

create

dsidm role create-nested

create

dsidm role modify-by-dn

modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...

dsidm role rename-by-dn

rename the object

dsidm role delete

deletes the role

dsidm role lock

lock

dsidm role unlock

unlock

dsidm role entry-status

status of a single entry

dsidm role subtree-status

status of a subtree

COMMAND 'dsidm role list'

usage: dsidm instance role list [-h]

COMMAND 'dsidm role get'

usage: dsidm instance role get [-h] [selector]

selector

The term to search for

COMMAND 'dsidm role get-by-dn'

usage: dsidm instance role get-by-dn [-h] [dn]

dn

The dn to get and display

COMMAND 'dsidm role create-managed'

usage: dsidm instance role create-managed [-h] [--cn [CN]]

OPTIONS 'dsidm role create-managed'

--cn [CN]

Value of cn

COMMAND 'dsidm role create-filtered'

usage: dsidm instance role create-filtered [-h] [--cn [CN]]

OPTIONS 'dsidm role create-filtered'

--cn [CN]

Value of cn

COMMAND 'dsidm role create-nested'

usage: dsidm instance role create-nested [-h] [--cn [CN]]
                                        [--nsRoleDN [NSROLEDN]]

OPTIONS 'dsidm role create-nested'

--cn [CN]

Value of cn

--nsRoleDN [NSROLEDN]

Value of nsRoleDN

COMMAND 'dsidm role modify-by-dn'

usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]

dn

The dn to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

COMMAND 'dsidm role rename-by-dn'

usage: dsidm instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn

dn

The dn to rename

new_dn

A new account dn

OPTIONS 'dsidm role rename-by-dn'

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_account') should be kept as an attribute of the entry or not

COMMAND 'dsidm role delete'

usage: dsidm instance role delete [-h] [dn]

dn

The dn of the role to delete

COMMAND 'dsidm role lock'

usage: dsidm instance role lock [-h] [dn]

dn

The dn to lock

COMMAND 'dsidm role unlock'

usage: dsidm instance role unlock [-h] [dn]

dn

The dn to unlock

COMMAND 'dsidm role entry-status'

usage: dsidm instance role entry-status [-h] [dn]

dn

The single entry dn to check

COMMAND 'dsidm role subtree-status'

usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s {base,one,sub}]
                                         basedn

basedn

Search base for finding entries

OPTIONS 'dsidm role subtree-status'

-f FILTER, --filter FILTER

Search filter for finding entries

-s {base,one,sub}, --scope {base,one,sub}

Search scope (base, one, sub - default is sub

COMMAND 'dsidm service'

usage: dsidm instance service [-h]
                             {list,get,get_dn,create,modify,rename,delete}
                             ...

POSITIONAL ARGUMENTS 'dsidm service'

dsidm service list

list

dsidm service get

get

dsidm service get_dn

get_dn

dsidm service create

create

dsidm service modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm service rename

rename the object

dsidm service delete

deletes the object

COMMAND 'dsidm service list'

usage: dsidm instance service list [-h]

COMMAND 'dsidm service get'

usage: dsidm instance service get [-h] [selector]

selector

The term to search for

COMMAND 'dsidm service get_dn'

usage: dsidm instance service get_dn [-h] [dn]

dn

The dn to get

COMMAND 'dsidm service create'

usage: dsidm instance service create [-h] [--cn [CN]]
                                    [--description [DESCRIPTION]]

OPTIONS 'dsidm service create'

--cn [CN]

Value of cn

--description [DESCRIPTION]

Value of description

COMMAND 'dsidm service modify'

usage: dsidm instance service modify [-h] selector changes [changes ...]

selector

The cn to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

COMMAND 'dsidm service rename'

usage: dsidm instance service rename [-h] [--keep-old-rdn] selector new_name

selector

The cn to modify

new_name

A new service name

OPTIONS 'dsidm service rename'

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_service') should be kept as an attribute of the entry or not

COMMAND 'dsidm service delete'

usage: dsidm instance service delete [-h] [dn]

dn

The dn to delete

Options

-b BASEDN, --basedn BASEDN

Base DN (root naming context) of the instance to manage

-v,  --verbose

Display verbose operation tracing during command execution

-D BINDDN, --binddn BINDDN

The account to bind as for executing operations

-w BINDPW, --bindpw BINDPW

Password for the bind DN

-W,  --prompt

Prompt for password of the bind DN

-y PWDFILE, --pwdfile PWDFILE

Specifies a file containing the password of the bind DN

-Z,  --starttls

Connect with StartTLS

-j,  --json

Return result in JSON object

Authors

Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org>

Distribution

The latest version of lib389 may be downloaded from http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html

Info

2023-02-28 lib389 1.4.0.1 Generated Python Manual