dsidm - Man Page

Synopsis

dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-Z] [-j] instance {account,group,initialise,organizationalunit,posixgroup,user,client_config,role,service} ...

Positional Arguments

dsidm account

Manage generic accounts, with tasks like modify, locking and unlocking. To create an account, see "user" subcommand instead.

dsidm group

Manage groups

dsidm initialise

Initialise a backend with domain information and sample entries

dsidm organizationalunit

Manage organizational units

dsidm posixgroup

Manage posix groups

dsidm user

Manage posix users

dsidm client_config

Display and generate client example configs for this LDAP server

dsidm role

Manage generic roles, with tasks like modify, locking and unlocking.

dsidm service

Manage service accounts

COMMAND 'dsidm account'

usage: dsidm instance account [-h]
                             {list,get-by-dn,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status,reset_password,change_password}
                             ...

POSITIONAL ARGUMENTS 'dsidm account'

dsidm account list

list accounts that could login to the directory

dsidm account get-by-dn

get-by-dn <dn>

dsidm account modify-by-dn

modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...

dsidm account rename-by-dn

rename the object

dsidm account delete

deletes the account

dsidm account lock

lock

dsidm account unlock

unlock

dsidm account entry-status

status of a single entry

dsidm account subtree-status

status of a subtree

dsidm account reset_password

Reset the password of an account. This should be performed by a directory admin.

dsidm account change_password

Change the password of an account. This can be performed by any user (with correct rights)

COMMAND 'dsidm account list'

usage: dsidm instance account list [-h]

COMMAND 'dsidm account get-by-dn'

usage: dsidm instance account get-by-dn [-h] [dn]

dn

The dn to get and display

COMMAND 'dsidm account modify-by-dn'

usage: dsidm instance account modify-by-dn [-h] dn changes [changes ...]

dn

The dn to get and display

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

COMMAND 'dsidm account rename-by-dn'

usage: dsidm instance account rename-by-dn [-h] [--keep-old-rdn] dn new_dn

dn

The dn to rename

new_dn

A new role dn

OPTIONS 'dsidm account rename-by-dn'

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_role') should be kept as an attribute of the entry or not

COMMAND 'dsidm account delete'

usage: dsidm instance account delete [-h] [dn]

dn

The dn of the account to delete

COMMAND 'dsidm account lock'

usage: dsidm instance account lock [-h] [dn]

dn

The dn to lock

COMMAND 'dsidm account unlock'

usage: dsidm instance account unlock [-h] [dn]

dn

The dn to unlock

COMMAND 'dsidm account entry-status'

usage: dsidm instance account entry-status [-h] [-V] [dn]

dn

The single entry dn to check

OPTIONS 'dsidm account entry-status'

-V,  --details

Print more account policy details about the entry

COMMAND 'dsidm account subtree-status'

usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
                                            [-s {one,sub}] [-i]
                                            [-o BECOME_INACTIVE_ON]
                                            basedn

basedn

Search base for finding entries

OPTIONS 'dsidm account subtree-status'

-V, --details

Print more account policy details about the entries

-f FILTER, --filter FILTER

Search filter for finding entries

-s {one,sub}, --scope {one,sub}

Search scope (one, sub - default is sub

-i, --inactive-only

Only display inactivated entries

-o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON

Only display entries that will become inactive before specified date (in a format 2007-04-25T14:30)

COMMAND 'dsidm account reset_password'

usage: dsidm instance account reset_password [-h] [dn] [new_password]

dn

The dn to reset the password for

new_password

The new password to set

COMMAND 'dsidm account change_password'

usage: dsidm instance account change_password [-h]
                                             [dn] [new_password]
                                             [current_password]

dn

The dn to change the password for

new_password

The new password to set

current_password

The accounts current password

COMMAND 'dsidm group'

usage: dsidm instance group [-h]
                           {list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member}
                           ...

POSITIONAL ARGUMENTS 'dsidm group'

dsidm group list

list

dsidm group get

get

dsidm group get_dn

get_dn

dsidm group create

create

dsidm group delete

deletes the object

dsidm group modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm group rename

rename the object

dsidm group members

List member dns of a group

dsidm group add_member

Add a member to a group

dsidm group remove_member

Remove a member from a group

COMMAND 'dsidm group list'

usage: dsidm instance group list [-h]

COMMAND 'dsidm group get'

usage: dsidm instance group get [-h] [selector]

selector

The term to search for

COMMAND 'dsidm group get_dn'

usage: dsidm instance group get_dn [-h] [dn]

dn

The dn to get

COMMAND 'dsidm group create'

usage: dsidm instance group create [-h] [--cn [CN]]

OPTIONS 'dsidm group create'

--cn [CN]

Value of cn

COMMAND 'dsidm group delete'

usage: dsidm instance group delete [-h] [dn]

dn

The dn to delete

COMMAND 'dsidm group modify'

usage: dsidm instance group modify [-h] selector changes [changes ...]

selector

The cn to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

COMMAND 'dsidm group rename'

usage: dsidm instance group rename [-h] [--keep-old-rdn] selector new_name

selector

The cn to rename

new_name

A new group name

OPTIONS 'dsidm group rename'

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not

COMMAND 'dsidm group members'

usage: dsidm instance group members [-h] [cn]

cn

cn of group to list members of

COMMAND 'dsidm group add_member'

usage: dsidm instance group add_member [-h] [cn] [dn]

cn

cn of group to add member to

dn

dn of object to add to group as member

COMMAND 'dsidm group remove_member'

usage: dsidm instance group remove_member [-h] [cn] [dn]

cn

cn of group to remove member from

dn

dn of object to remove from group as member

COMMAND 'dsidm initialise'

usage: dsidm instance initialise [-h] [--version VERSION]

OPTIONS 'dsidm initialise'

--version VERSION

The version of entries to create.

COMMAND 'dsidm organizationalunit'

usage: dsidm instance organizationalunit [-h]
                                        {list,get,get_dn,create,delete,modify,rename}
                                        ...

POSITIONAL ARGUMENTS 'dsidm organizationalunit'

dsidm organizationalunit list

list

dsidm organizationalunit get

get

dsidm organizationalunit get_dn

get_dn

dsidm organizationalunit create

create

dsidm organizationalunit delete

deletes the object

dsidm organizationalunit modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm organizationalunit rename

rename the object

COMMAND 'dsidm organizationalunit list'

usage: dsidm instance organizationalunit list [-h]

COMMAND 'dsidm organizationalunit get'

usage: dsidm instance organizationalunit get [-h] [selector]

selector

The term to search for

COMMAND 'dsidm organizationalunit get_dn'

usage: dsidm instance organizationalunit get_dn [-h] [dn]

dn

The dn to get

COMMAND 'dsidm organizationalunit create'

usage: dsidm instance organizationalunit create [-h] [--ou [OU]]

OPTIONS 'dsidm organizationalunit create'

--ou [OU]

Value of ou

COMMAND 'dsidm organizationalunit delete'

usage: dsidm instance organizationalunit delete [-h] [dn]

dn

The dn to delete

COMMAND 'dsidm organizationalunit modify'

usage: dsidm instance organizationalunit modify [-h]
                                               selector changes [changes ...]

selector

The ou to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

COMMAND 'dsidm organizationalunit rename'

usage: dsidm instance organizationalunit rename [-h] [--keep-old-rdn]
                                               selector new_name

selector

The ou to rename

new_name

A new organizational unit name

OPTIONS 'dsidm organizationalunit rename'

--keep-old-rdn

Specify whether the old RDN (i.e. 'ou: old_ou') should be kept as an attribute of the entry or not

COMMAND 'dsidm posixgroup'

usage: dsidm instance posixgroup [-h]
                                {list,get,get_dn,create,delete,modify,rename}
                                ...

POSITIONAL ARGUMENTS 'dsidm posixgroup'

dsidm posixgroup list

list

dsidm posixgroup get

get

dsidm posixgroup get_dn

get_dn

dsidm posixgroup create

create

dsidm posixgroup delete

deletes the object

dsidm posixgroup modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm posixgroup rename

rename the object

COMMAND 'dsidm posixgroup list'

usage: dsidm instance posixgroup list [-h]

COMMAND 'dsidm posixgroup get'

usage: dsidm instance posixgroup get [-h] [selector]

selector

The term to search for

COMMAND 'dsidm posixgroup get_dn'

usage: dsidm instance posixgroup get_dn [-h] [dn]

dn

The dn to get

COMMAND 'dsidm posixgroup create'

usage: dsidm instance posixgroup create [-h] [--cn [CN]]
                                       [--gidNumber [GIDNUMBER]]

OPTIONS 'dsidm posixgroup create'

--cn [CN]

Value of cn

--gidNumber [GIDNUMBER]

Value of gidNumber

COMMAND 'dsidm posixgroup delete'

usage: dsidm instance posixgroup delete [-h] [dn]

dn

The dn to delete

COMMAND 'dsidm posixgroup modify'

usage: dsidm instance posixgroup modify [-h] selector changes [changes ...]

selector

The cn to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

COMMAND 'dsidm posixgroup rename'

usage: dsidm instance posixgroup rename [-h] [--keep-old-rdn]
                                       selector new_name

selector

The cn to rename

new_name

A new posix group name

OPTIONS 'dsidm posixgroup rename'

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not

COMMAND 'dsidm user'

usage: dsidm instance user [-h]
                          {list,get,get_dn,create,modify,rename,delete} ...

POSITIONAL ARGUMENTS 'dsidm user'

dsidm user list

list

dsidm user get

get

dsidm user get_dn

get_dn

dsidm user create

create

dsidm user modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm user rename

rename the object

dsidm user delete

deletes the object

COMMAND 'dsidm user list'

usage: dsidm instance user list [-h]

COMMAND 'dsidm user get'

usage: dsidm instance user get [-h] [selector]

selector

The term to search for

COMMAND 'dsidm user get_dn'

usage: dsidm instance user get_dn [-h] [dn]

dn

The dn to get

COMMAND 'dsidm user create'

usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
                                 [--displayName [DISPLAYNAME]]
                                 [--uidNumber [UIDNUMBER]]
                                 [--gidNumber [GIDNUMBER]]
                                 [--homeDirectory [HOMEDIRECTORY]]

OPTIONS 'dsidm user create'

--uid [UID]

Value of uid

--cn [CN]

Value of cn

--displayName [DISPLAYNAME]

Value of displayName

--uidNumber [UIDNUMBER]

Value of uidNumber

--gidNumber [GIDNUMBER]

Value of gidNumber

--homeDirectory [HOMEDIRECTORY]

Value of homeDirectory

COMMAND 'dsidm user modify'

usage: dsidm instance user modify [-h] selector changes [changes ...]

selector

The uid to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

COMMAND 'dsidm user rename'

usage: dsidm instance user rename [-h] [--keep-old-rdn] selector new_name

selector

The uid to modify

new_name

A new user name

OPTIONS 'dsidm user rename'

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_user') should be kept as an attribute of the entry or not

COMMAND 'dsidm user delete'

usage: dsidm instance user delete [-h] [dn]

dn

The dn to delete

COMMAND 'dsidm client_config'

usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display} ...

POSITIONAL ARGUMENTS 'dsidm client_config'

dsidm client_config sssd.conf

Generate a SSSD configuration for this LDAP server

dsidm client_config ldap.conf

Generate an OpenLDAP ldap.conf configuration for this LDAP server

dsidm client_config display

Display generic application parameters for LDAP connection

COMMAND 'dsidm client_config sssd.conf'

usage: dsidm instance client_config sssd.conf [-h] [allowed_group]

allowed_group

The name of the group allowed access to this system

COMMAND 'dsidm client_config ldap.conf'

usage: dsidm instance client_config ldap.conf [-h]

COMMAND 'dsidm client_config display'

usage: dsidm instance client_config display [-h]

COMMAND 'dsidm role'

usage: dsidm instance role [-h]
                          {list,get-by-dn,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status}
                          ...

POSITIONAL ARGUMENTS 'dsidm role'

dsidm role list

list roles that could login to the directory

dsidm role get-by-dn

get-by-dn <dn>

dsidm role modify-by-dn

modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...

dsidm role rename-by-dn

rename the object

dsidm role delete

deletes the role

dsidm role lock

lock

dsidm role unlock

unlock

dsidm role entry-status

status of a single entry

dsidm role subtree-status

status of a subtree

COMMAND 'dsidm role list'

usage: dsidm instance role list [-h]

COMMAND 'dsidm role get-by-dn'

usage: dsidm instance role get-by-dn [-h] [dn]

dn

The dn to get and display

COMMAND 'dsidm role modify-by-dn'

usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]

dn

The dn to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

COMMAND 'dsidm role rename-by-dn'

usage: dsidm instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn

dn

The dn to rename

new_dn

A new account dn

OPTIONS 'dsidm role rename-by-dn'

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_account') should be kept as an attribute of the entry or not

COMMAND 'dsidm role delete'

usage: dsidm instance role delete [-h] [dn]

dn

The dn of the role to delete

COMMAND 'dsidm role lock'

usage: dsidm instance role lock [-h] [dn]

dn

The dn to lock

COMMAND 'dsidm role unlock'

usage: dsidm instance role unlock [-h] [dn]

dn

The dn to unlock

COMMAND 'dsidm role entry-status'

usage: dsidm instance role entry-status [-h] [dn]

dn

The single entry dn to check

COMMAND 'dsidm role subtree-status'

usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s {base,one,sub}]
                                         basedn

basedn

Search base for finding entries

OPTIONS 'dsidm role subtree-status'

-f FILTER, --filter FILTER

Search filter for finding entries

-s {base,one,sub}, --scope {base,one,sub}

Search scope (base, one, sub - default is sub

COMMAND 'dsidm service'

usage: dsidm instance service [-h]
                             {list,get,get_dn,create,modify,rename,delete}
                             ...

POSITIONAL ARGUMENTS 'dsidm service'

dsidm service list

list

dsidm service get

get

dsidm service get_dn

get_dn

dsidm service create

create

dsidm service modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm service rename

rename the object

dsidm service delete

deletes the object

COMMAND 'dsidm service list'

usage: dsidm instance service list [-h]

COMMAND 'dsidm service get'

usage: dsidm instance service get [-h] [selector]

selector

The term to search for

COMMAND 'dsidm service get_dn'

usage: dsidm instance service get_dn [-h] [dn]

dn

The dn to get

COMMAND 'dsidm service create'

usage: dsidm instance service create [-h] [--cn [CN]]
                                    [--description [DESCRIPTION]]

OPTIONS 'dsidm service create'

--cn [CN]

Value of cn

--description [DESCRIPTION]

Value of description

COMMAND 'dsidm service modify'

usage: dsidm instance service modify [-h] selector changes [changes ...]

selector

The cn to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

COMMAND 'dsidm service rename'

usage: dsidm instance service rename [-h] [--keep-old-rdn] selector new_name

selector

The cn to modify

new_name

A new service name

OPTIONS 'dsidm service rename'

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_service') should be kept as an attribute of the entry or not

COMMAND 'dsidm service delete'

usage: dsidm instance service delete [-h] [dn]

dn

The dn to delete

Options

-b BASEDN, --basedn BASEDN

Base DN (root naming context) of the instance to manage

-v,  --verbose

Display verbose operation tracing during command execution

-D BINDDN, --binddn BINDDN

The account to bind as for executing operations

-w BINDPW, --bindpw BINDPW

Password for the bind DN

-W,  --prompt

Prompt for password of the bind DN

-y PWDFILE, --pwdfile PWDFILE

Specifies a file containing the password of the bind DN

-Z,  --starttls

Connect with StartTLS

-j,  --json

Return result in JSON object

Authors

lib389 was written by Red Hat Inc., and William Brown <389-devel@lists.fedoraproject.org>.

Distribution

The latest version of lib389 may be downloaded from http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html

Info

Manual