dsidm man page

dsidm

Synopsis

dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-Z] [-j] instance {account,group,initialise,organizationalunit,posixgroup,user,client_config,role} ...

Options

instance

The instance name OR the LDAP url to connect to, IE localhost, ldap://mai.example.com:389

Sub-commands

dsidm account

Manage generic accounts, with tasks like modify, locking and unlocking. To create an account, see "user" subcommand instead.

dsidm group

Manage groups

dsidm initialise

Initialise a backend with domain information and sample entries

dsidm organizationalunit

Manage organizational units

dsidm posixgroup

Manage posix groups

dsidm user

Manage posix users

dsidm client_config

Display and generate client example configs for this LDAP server

dsidm role

Manage generic roles, with tasks like modify, locking and unlocking.

OPTIONS 'dsidm account'

usage: dsidm instance account [-h]
                             {list,get-by-dn,modify-by-dn,delete,lock,unlock,entry-status,subtree-status,reset_password,change_password}
                             ...

Sub-commands

dsidm account list

list accounts that could login to the directory

dsidm account get-by-dn

get-by-dn <dn>

dsidm account modify-by-dn

modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...

dsidm account delete

deletes the account

dsidm account lock

lock

dsidm account unlock

unlock

dsidm account entry-status

status of a single entry

dsidm account subtree-status

status of a subtree

dsidm account reset_password

Reset the password of an account. This should be performed by a directory admin.

dsidm account change_password

Change the password of an account. This can be performed by any user (with correct rights)

OPTIONS 'dsidm account list'

usage: dsidm instance account list [-h]

OPTIONS 'dsidm account get-by-dn'

usage: dsidm instance account get-by-dn [-h] [dn]

dn

The dn to get and display

OPTIONS 'dsidm account modify-by-dn'

usage: dsidm instance account modify-by-dn [-h] dn changes [changes ...]

dn

The dn to get and display

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm account delete'

usage: dsidm instance account delete [-h] [dn]

dn

The dn of the account to delete

OPTIONS 'dsidm account lock'

usage: dsidm instance account lock [-h] [dn]

dn

The dn to lock

OPTIONS 'dsidm account unlock'

usage: dsidm instance account unlock [-h] [dn]

dn

The dn to unlock

OPTIONS 'dsidm account entry-status'

usage: dsidm instance account entry-status [-h] [-V] [dn]

dn

The single entry dn to check

-V, --details

Print more account policy details about the entry

OPTIONS 'dsidm account subtree-status'

usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
                                            [-s {one,sub}] [-i]
                                            [-o BECOME_INACTIVE_ON]
                                            basedn

basedn

Search base for finding entries

-V, --details

Print more account policy details about the entries

-f FILTER, --filter FILTER

Search filter for finding entries

-s {one,sub}, --scope {one,sub}

Search scope (one, sub - default is sub

-i, --inactive-only

Only display inactivated entries

-o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON

Only display entries that will become inactive before specified date (in a format 2007-04-25T14:30)

OPTIONS 'dsidm account reset_password'

usage: dsidm instance account reset_password [-h] [dn] [new_password]

dn

The dn to reset the password for

new_password

The new password to set

OPTIONS 'dsidm account change_password'

usage: dsidm instance account change_password [-h]
                                             [dn] [new_password]
                                             [current_password]

dn

The dn to change the password for

new_password

The new password to set

current_password

The accounts current password

OPTIONS 'dsidm group'

usage: dsidm instance group [-h]
                           {list,get,get_dn,create,delete,modify,members,add_member,remove_member}
                           ...

Sub-commands

dsidm group list

list

dsidm group get

get

dsidm group get_dn

get_dn

dsidm group create

create

dsidm group delete

deletes the object

dsidm group modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm group members

List member dns of a group

dsidm group add_member

Add a member to a group

dsidm group remove_member

Remove a member from a group

OPTIONS 'dsidm group list'

usage: dsidm instance group list [-h]

OPTIONS 'dsidm group get'

usage: dsidm instance group get [-h] [selector]

selector

The term to search for

OPTIONS 'dsidm group get_dn'

usage: dsidm instance group get_dn [-h] [dn]

dn

The dn to get

OPTIONS 'dsidm group create'

usage: dsidm instance group create [-h] [--cn [CN]]

--cn [CN]

Value of cn

OPTIONS 'dsidm group delete'

usage: dsidm instance group delete [-h] [dn]

dn

The dn to delete

OPTIONS 'dsidm group modify'

usage: dsidm instance group modify [-h] selector changes [changes ...]

selector

The cn to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm group members'

usage: dsidm instance group members [-h] [cn]

cn

cn of group to list members of

OPTIONS 'dsidm group add_member'

usage: dsidm instance group add_member [-h] [cn] [dn]

cn

cn of group to add member to

dn

dn of object to add to group as member

OPTIONS 'dsidm group remove_member'

usage: dsidm instance group remove_member [-h] [cn] [dn]

cn

cn of group to remove member from

dn

dn of object to remove from group as member

OPTIONS 'dsidm initialise'

usage: dsidm instance initialise [-h] [--version VERSION]

--version VERSION

The version of entries to create.

OPTIONS 'dsidm organizationalunit'

usage: dsidm instance organizationalunit [-h]
                                        {list,get,get_dn,create,delete,modify}
                                        ...

Sub-commands

dsidm organizationalunit list

list

dsidm organizationalunit get

get

dsidm organizationalunit get_dn

get_dn

dsidm organizationalunit create

create

dsidm organizationalunit delete

deletes the object

dsidm organizationalunit modify

modify <add|delete|replace>:<attribute>:<value> ...

OPTIONS 'dsidm organizationalunit list'

usage: dsidm instance organizationalunit list [-h]

OPTIONS 'dsidm organizationalunit get'

usage: dsidm instance organizationalunit get [-h] [selector]

selector

The term to search for

OPTIONS 'dsidm organizationalunit get_dn'

usage: dsidm instance organizationalunit get_dn [-h] [dn]

dn

The dn to get

OPTIONS 'dsidm organizationalunit create'

usage: dsidm instance organizationalunit create [-h] [--ou [OU]]

--ou [OU]

Value of ou

OPTIONS 'dsidm organizationalunit delete'

usage: dsidm instance organizationalunit delete [-h] [dn]

dn

The dn to delete

OPTIONS 'dsidm organizationalunit modify'

usage: dsidm instance organizationalunit modify [-h]
                                               selector changes [changes ...]

selector

The ou to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm posixgroup'

usage: dsidm instance posixgroup [-h]
                                {list,get,get_dn,create,delete,modify} ...

Sub-commands

dsidm posixgroup list

list

dsidm posixgroup get

get

dsidm posixgroup get_dn

get_dn

dsidm posixgroup create

create

dsidm posixgroup delete

deletes the object

dsidm posixgroup modify

modify <add|delete|replace>:<attribute>:<value> ...

OPTIONS 'dsidm posixgroup list'

usage: dsidm instance posixgroup list [-h]

OPTIONS 'dsidm posixgroup get'

usage: dsidm instance posixgroup get [-h] [selector]

selector

The term to search for

OPTIONS 'dsidm posixgroup get_dn'

usage: dsidm instance posixgroup get_dn [-h] [dn]

dn

The dn to get

OPTIONS 'dsidm posixgroup create'

usage: dsidm instance posixgroup create [-h] [--cn [CN]]
                                       [--gidNumber [GIDNUMBER]]

--cn [CN]

Value of cn

--gidNumber [GIDNUMBER]

Value of gidNumber

OPTIONS 'dsidm posixgroup delete'

usage: dsidm instance posixgroup delete [-h] [dn]

dn

The dn to delete

OPTIONS 'dsidm posixgroup modify'

usage: dsidm instance posixgroup modify [-h] selector changes [changes ...]

selector

The cn to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm user'

usage: dsidm instance user [-h]
                          {list,get,get_dn,create,modify,delete,lock,status,unlock}
                          ...

Sub-commands

dsidm user list

list

dsidm user get

get

dsidm user get_dn

get_dn

dsidm user create

create

dsidm user modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm user delete

deletes the object

dsidm user lock

lock

dsidm user status

status

dsidm user unlock

unlock

OPTIONS 'dsidm user list'

usage: dsidm instance user list [-h]

OPTIONS 'dsidm user get'

usage: dsidm instance user get [-h] [selector]

selector

The term to search for

OPTIONS 'dsidm user get_dn'

usage: dsidm instance user get_dn [-h] [dn]

dn

The dn to get

OPTIONS 'dsidm user create'

usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
                                 [--displayName [DISPLAYNAME]]
                                 [--uidNumber [UIDNUMBER]]
                                 [--gidNumber [GIDNUMBER]]
                                 [--homeDirectory [HOMEDIRECTORY]]

--uid [UID]

Value of uid

--cn [CN]

Value of cn

--displayName [DISPLAYNAME]

Value of displayName

--uidNumber [UIDNUMBER]

Value of uidNumber

--gidNumber [GIDNUMBER]

Value of gidNumber

--homeDirectory [HOMEDIRECTORY]

Value of homeDirectory

OPTIONS 'dsidm user modify'

usage: dsidm instance user modify [-h] selector changes [changes ...]

selector

The uid to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm user delete'

usage: dsidm instance user delete [-h] [dn]

dn

The dn to delete

OPTIONS 'dsidm user lock'

usage: dsidm instance user lock [-h] [uid]

uid

The uid to lock

OPTIONS 'dsidm user status'

usage: dsidm instance user status [-h] [uid]

uid

The uid to check

OPTIONS 'dsidm user unlock'

usage: dsidm instance user unlock [-h] [uid]

uid

The uid to unlock

OPTIONS 'dsidm client_config'

usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display} ...

Sub-commands

dsidm client_config sssd.conf

Generate a SSSD configuration for this LDAP server

dsidm client_config ldap.conf

Generate an OpenLDAP ldap.conf configuration for this LDAP server

dsidm client_config display

Display generic application parameters for LDAP connection

OPTIONS 'dsidm client_config sssd.conf'

usage: dsidm instance client_config sssd.conf [-h] [allowed_group]

allowed_group

The name of the group allowed access to this system

OPTIONS 'dsidm client_config ldap.conf'

usage: dsidm instance client_config ldap.conf [-h]

OPTIONS 'dsidm client_config display'

usage: dsidm instance client_config display [-h]

OPTIONS 'dsidm role'

usage: dsidm instance role [-h]
                          {list,get-by-dn,modify-by-dn,delete,lock,unlock,entry-status,subtree-status}
                          ...

Sub-commands

dsidm role list

list roles that could login to the directory

dsidm role get-by-dn

get-by-dn <dn>

dsidm role modify-by-dn

modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...

dsidm role delete

deletes the role

dsidm role lock

lock

dsidm role unlock

unlock

dsidm role entry-status

status of a single entry

dsidm role subtree-status

status of a subtree

OPTIONS 'dsidm role list'

usage: dsidm instance role list [-h]

OPTIONS 'dsidm role get-by-dn'

usage: dsidm instance role get-by-dn [-h] [dn]

dn

The dn to get and display

OPTIONS 'dsidm role modify-by-dn'

usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]

dn

The dn to get and display

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm role delete'

usage: dsidm instance role delete [-h] [dn]

dn

The dn of the role to delete

OPTIONS 'dsidm role lock'

usage: dsidm instance role lock [-h] [dn]

dn

The dn to lock

OPTIONS 'dsidm role unlock'

usage: dsidm instance role unlock [-h] [dn]

dn

The dn to unlock

OPTIONS 'dsidm role entry-status'

usage: dsidm instance role entry-status [-h] [dn]

dn

The single entry dn to check

OPTIONS 'dsidm role subtree-status'

usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s {base,one,sub}]
                                         basedn

basedn

Search base for finding entries

-f FILTER, --filter FILTER

Search filter for finding entries

-s {base,one,sub}, --scope {base,one,sub}

Search scope (base, one, sub - default is sub

-b BASEDN, --basedn BASEDN

Basedn (root naming context) of the instance to manage

-v, --verbose

Display verbose operation tracing during command execution

-D BINDDN, --binddn BINDDN

The account to bind as for executing operations

-w BINDPW, --bindpw BINDPW

Password for binddn

-W, --prompt

Prompt for password for binddn

-y PWDFILE, --pwdfile PWDFILE

Specifies a file containing the password for the bind DN

-Z, --starttls

Connect with StartTLS

-j, --json

Return result in JSON object

Authors

lib389 was written by Red Hat Inc. <389-devel@lists.fedoraproject.org>.

Distribution

The latest version of lib389 may be downloaded from http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html

Info

Manual