dsidm - Man Page

dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-Z] [-j] instance {account,group,initialise,init,organizationalunit,ou,posixgroup,user,client_config,role,service,uniquegroup} ...

dsidm account

Manage generic accounts, with tasks like modify, locking and unlocking. To create an account, see "user" subcommand instead.

dsidm group

Manage groups.  The organizationalUnit (by default "ou=groups") needs to exist prior to managing groups.  Groups uses the objectclass "groupOfNames" and the grouping attribute "member"

dsidm initialise

Initialise a backend with domain information and sample entries

dsidm organizationalunit

Manage organizational units

dsidm posixgroup

Manage posix groups  The organizationalUnit (by default ou=groups") needs to exist prior to managing posix groups.

dsidm user

Manage posix users.  The organizationalUnit (by default "ou=people") needs to exist prior to managing users.

dsidm client_config

Display and generate client example configs for this LDAP server

dsidm role

Manage roles.

dsidm service

Manage service accounts

dsidm uniquegroup

Manage groups.  The organizationalUnit (by default "ou=groups") needs to exist prior to managing groups.  Unique groups uses the objectclass "groupOfUniqueNames" and the grouping attribute "uniquemember"

usage: dsidm instance account [-h]
                             {list,get-by-dn,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status,reset_password,change_password,bulk_update}
                             ...

dsidm account list

list accounts that could login to the directory

dsidm account get-by-dn

get-by-dn <dn>

dsidm account modify-by-dn

modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...

dsidm account rename-by-dn

rename the object

dsidm account delete

deletes the account

dsidm account lock

lock

dsidm account unlock

unlock

dsidm account entry-status

status of a single entry

dsidm account subtree-status

status of a subtree

dsidm account reset_password

Reset the password of an account. This should be performed by a directory admin.

dsidm account change_password

Change the password of an account. This can be performed by any user (with correct rights)

dsidm account bulk_update

Perform a common operation to a set of entries

usage: dsidm instance account list [-h]

usage: dsidm instance account get-by-dn [-h] [dn]

dn

The dn to get and display

usage: dsidm instance account modify-by-dn [-h] dn changes [changes ...]

dn

The dn to get and display

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

usage: dsidm instance account rename-by-dn [-h] [--keep-old-rdn] dn new_dn

dn

The dn to rename

new_dn

A new role dn

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_role') should be kept as an attribute of the entry or not

usage: dsidm instance account delete [-h] [dn]

dn

The dn of the account to delete

usage: dsidm instance account lock [-h] [dn]

dn

The dn to lock

usage: dsidm instance account unlock [-h] [dn]

dn

The dn to unlock

usage: dsidm instance account entry-status [-h] [-V] [dn]

dn

The single entry dn to check

-V,  --details

Print more account policy details about the entry

usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
                                            [-s {one,sub}] [-i]
                                            [-o BECOME_INACTIVE_ON]
                                            basedn

basedn

Search base for finding entries

-V, --details

Print more account policy details about the entries

-f FILTER, --filter FILTER

Search filter for finding entries

-s {one,sub}, --scope {one,sub}

Search scope (one, sub - default is sub

-i, --inactive-only

Only display inactivated entries

-o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON

Only display entries that will become inactive before specified date (in a format 2007-04-25T14:30)

usage: dsidm instance account reset_password [-h] [dn] [new_password]

dn

The dn to reset the password for

new_password

The new password to set

usage: dsidm instance account change_password [-h]
                                             [dn] [new_password]
                                             [current_password]

dn

The dn to change the password for

new_password

The new password to set

current_password

The accounts current password

usage: dsidm instance account bulk_update [-h] [-f FILTER] [-s {one,sub}] [-x]
                                         basedn changes [changes ...]

basedn

Search base for finding entries, only the children of this DN are processed

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

-f FILTER, --filter FILTER

Search filter for finding entries, default is '(objectclass=*)'

-s {one,sub}, --scope {one,sub}

Search scope (one, sub - default is sub

-x,  --stop

Stop processing updates when an error occurs. Default is False

usage: dsidm instance group [-h]
                           {list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member}
                           ...

dsidm group list

list

dsidm group get

get

dsidm group get_dn

get_dn

dsidm group create

create

dsidm group delete

deletes the object

dsidm group modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm group rename

rename the object

dsidm group members

List member dns of a group

dsidm group add_member

Add a member to a group

dsidm group remove_member

Remove a member from a group

usage: dsidm instance group list [-h]

usage: dsidm instance group get [-h] [selector]

selector

The term to search for

usage: dsidm instance group get_dn [-h] [dn]

dn

The dn to get

usage: dsidm instance group create [-h] [--cn [CN]]

--cn [CN]

Value of cn

usage: dsidm instance group delete [-h] [dn]

dn

The dn to delete

usage: dsidm instance group modify [-h] selector changes [changes ...]

selector

The cn to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

usage: dsidm instance group rename [-h] [--keep-old-rdn] selector new_name

selector

The cn to rename

new_name

A new group name

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not

usage: dsidm instance group members [-h] [cn]

cn

cn of group to list members of

usage: dsidm instance group add_member [-h] [cn] [dn]

cn

cn of group to add member to

dn

dn of object to add to group as member

usage: dsidm instance group remove_member [-h] [cn] [dn]

cn

cn of group to remove member from

dn

dn of object to remove from group as member

usage: dsidm instance initialise [-h] [--version VERSION]

--version VERSION

The version of entries to create.

usage: dsidm instance organizationalunit [-h]
                                        {list,get,get_dn,create,delete,modify,rename}
                                        ...

dsidm organizationalunit list

list

dsidm organizationalunit get

get

dsidm organizationalunit get_dn

get_dn

dsidm organizationalunit create

create

dsidm organizationalunit delete

deletes the object

dsidm organizationalunit modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm organizationalunit rename

rename the object

usage: dsidm instance organizationalunit list [-h]

usage: dsidm instance organizationalunit get [-h] [selector]

selector

The term to search for

usage: dsidm instance organizationalunit get_dn [-h] [dn]

dn

The dn to get

usage: dsidm instance organizationalunit create [-h] [--ou [OU]]

--ou [OU]

Value of ou

usage: dsidm instance organizationalunit delete [-h] [dn]

dn

The dn to delete

usage: dsidm instance organizationalunit modify [-h]
                                               selector changes [changes ...]

selector

The ou to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

usage: dsidm instance organizationalunit rename [-h] [--keep-old-rdn]
                                               selector new_name

selector

The ou to rename

new_name

A new organizational unit name

--keep-old-rdn

Specify whether the old RDN (i.e. 'ou: old_ou') should be kept as an attribute of the entry or not

usage: dsidm instance posixgroup [-h]
                                {list,get,get_dn,create,delete,modify,rename}
                                ...

dsidm posixgroup list

list

dsidm posixgroup get

get

dsidm posixgroup get_dn

get_dn

dsidm posixgroup create

create

dsidm posixgroup delete

deletes the object

dsidm posixgroup modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm posixgroup rename

rename the object

usage: dsidm instance posixgroup list [-h]

usage: dsidm instance posixgroup get [-h] [selector]

selector

The term to search for

usage: dsidm instance posixgroup get_dn [-h] [dn]

dn

The dn to get

usage: dsidm instance posixgroup create [-h] [--cn [CN]]
                                       [--gidNumber [GIDNUMBER]]

--cn [CN]

Value of cn

--gidNumber [GIDNUMBER]

Value of gidNumber

usage: dsidm instance posixgroup delete [-h] [dn]

dn

The dn to delete

usage: dsidm instance posixgroup modify [-h] selector changes [changes ...]

selector

The cn to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

usage: dsidm instance posixgroup rename [-h] [--keep-old-rdn]
                                       selector new_name

selector

The cn to rename

new_name

A new posix group name

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not

usage: dsidm instance user [-h]
                          {list,get,get_dn,create,modify,rename,delete} ...

dsidm user list

list

dsidm user get

get

dsidm user get_dn

get_dn

dsidm user create

create

dsidm user modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm user rename

rename the object

dsidm user delete

deletes the object

usage: dsidm instance user list [-h]

usage: dsidm instance user get [-h] [selector]

selector

The term to search for

usage: dsidm instance user get_dn [-h] [dn]

dn

The dn to get

usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
                                 [--displayName [DISPLAYNAME]]
                                 [--uidNumber [UIDNUMBER]]
                                 [--gidNumber [GIDNUMBER]]
                                 [--homeDirectory [HOMEDIRECTORY]]

--uid [UID]

Value of uid

--cn [CN]

Value of cn

--displayName [DISPLAYNAME]

Value of displayName

--uidNumber [UIDNUMBER]

Value of uidNumber

--gidNumber [GIDNUMBER]

Value of gidNumber

--homeDirectory [HOMEDIRECTORY]

Value of homeDirectory

usage: dsidm instance user modify [-h] selector changes [changes ...]

selector

The uid to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

usage: dsidm instance user rename [-h] [--keep-old-rdn] selector new_name

selector

The uid to modify

new_name

A new user name

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_user') should be kept as an attribute of the entry or not

usage: dsidm instance user delete [-h] [dn]

dn

The dn to delete

usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display} ...

dsidm client_config sssd.conf

Generate a SSSD configuration for this LDAP server

dsidm client_config ldap.conf

Generate an OpenLDAP ldap.conf configuration for this LDAP server

dsidm client_config display

Display generic application parameters for LDAP connection

usage: dsidm instance client_config sssd.conf [-h] [allowed_group]

allowed_group

The name of the group allowed access to this system

usage: dsidm instance client_config ldap.conf [-h]

usage: dsidm instance client_config display [-h]

usage: dsidm instance role [-h]
                          {list,get,get-by-dn,create-managed,create-filtered,create-nested,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status}
                          ...

dsidm role list

list roles that could login to the directory

dsidm role get

get

dsidm role get-by-dn

get-by-dn <dn>

dsidm role create-managed

create

dsidm role create-filtered

create

dsidm role create-nested

create

dsidm role modify-by-dn

modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...

dsidm role rename-by-dn

rename the object

dsidm role delete

deletes the role

dsidm role lock

lock

dsidm role unlock

unlock

dsidm role entry-status

status of a single entry

dsidm role subtree-status

status of a subtree

usage: dsidm instance role list [-h]

usage: dsidm instance role get [-h] [selector]

selector

The term to search for

usage: dsidm instance role get-by-dn [-h] [dn]

dn

The dn to get and display

usage: dsidm instance role create-managed [-h] [--cn [CN]]

--cn [CN]

Value of cn

usage: dsidm instance role create-filtered [-h] [--cn [CN]]

--cn [CN]

Value of cn

usage: dsidm instance role create-nested [-h] [--cn [CN]]
                                        [--nsRoleDN [NSROLEDN]]

--cn [CN]

Value of cn

--nsRoleDN [NSROLEDN]

Value of nsRoleDN

usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]

dn

The dn to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

usage: dsidm instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn

dn

The dn to rename

new_dn

A new account dn

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_account') should be kept as an attribute of the entry or not

usage: dsidm instance role delete [-h] [dn]

dn

The dn of the role to delete

usage: dsidm instance role lock [-h] [dn]

dn

The dn to lock

usage: dsidm instance role unlock [-h] [dn]

dn

The dn to unlock

usage: dsidm instance role entry-status [-h] [dn]

dn

The single entry dn to check

usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s {base,one,sub}]
                                         basedn

basedn

Search base for finding entries

-f FILTER, --filter FILTER

Search filter for finding entries

-s {base,one,sub}, --scope {base,one,sub}

Search scope (base, one, sub - default is sub

usage: dsidm instance service [-h]
                             {list,get,get_dn,create,modify,rename,delete}
                             ...

dsidm service list

list

dsidm service get

get

dsidm service get_dn

get_dn

dsidm service create

create

dsidm service modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm service rename

rename the object

dsidm service delete

deletes the object

usage: dsidm instance service list [-h]

usage: dsidm instance service get [-h] [selector]

selector

The term to search for

usage: dsidm instance service get_dn [-h] [dn]

dn

The dn to get

usage: dsidm instance service create [-h] [--cn [CN]]
                                    [--description [DESCRIPTION]]

--cn [CN]

Value of cn

--description [DESCRIPTION]

Value of description

usage: dsidm instance service modify [-h] selector changes [changes ...]

selector

The cn to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

usage: dsidm instance service rename [-h] [--keep-old-rdn] selector new_name

selector

The cn to modify

new_name

A new service name

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_service') should be kept as an attribute of the entry or not

usage: dsidm instance service delete [-h] [dn]

dn

The dn to delete

usage: dsidm instance uniquegroup [-h]
                                 {list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member}
                                 ...

dsidm uniquegroup list

list

dsidm uniquegroup get

get

dsidm uniquegroup get_dn

get_dn

dsidm uniquegroup create

create

dsidm uniquegroup delete

deletes the object

dsidm uniquegroup modify

modify <add|delete|replace>:<attribute>:<value> ...

dsidm uniquegroup rename

rename the object

dsidm uniquegroup members

List member dns of a group

dsidm uniquegroup add_member

Add a member to a group

dsidm uniquegroup remove_member

Remove a member from a group

usage: dsidm instance uniquegroup list [-h]

usage: dsidm instance uniquegroup get [-h] [selector]

selector

The term to search for

usage: dsidm instance uniquegroup get_dn [-h] [dn]

dn

The dn to get

usage: dsidm instance uniquegroup create [-h] [--cn [CN]]

--cn [CN]

Value of cn

usage: dsidm instance uniquegroup delete [-h] [dn]

dn

The dn to delete

usage: dsidm instance uniquegroup modify [-h] selector changes [changes ...]

selector

The cn to modify

changes

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

usage: dsidm instance uniquegroup rename [-h] [--keep-old-rdn]
                                        selector new_name

selector

The cn to rename

new_name

A new group name

--keep-old-rdn

Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not

usage: dsidm instance uniquegroup members [-h] [cn]

cn

cn of group to list members of

usage: dsidm instance uniquegroup add_member [-h] [cn] [dn]

cn

cn of group to add member to

dn

dn of object to add to group as member

usage: dsidm instance uniquegroup remove_member [-h] [cn] [dn]

cn

cn of group to remove member from

dn

dn of object to remove from group as member

-b BASEDN, --basedn BASEDN

Base DN (root naming context) of the instance to manage

-v,  --verbose

Display verbose operation tracing during command execution

-D BINDDN, --binddn BINDDN

The account to bind as for executing operations

-w BINDPW, --bindpw BINDPW

Password for the bind DN

-W,  --prompt

Prompt for password of the bind DN

-y PWDFILE, --pwdfile PWDFILE

Specifies a file containing the password of the bind DN

-Z,  --starttls

Connect with StartTLS

-j,  --json

Return result in JSON object

Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org>

The latest version of lib389 may be downloaded from http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html