Scroll to navigation

dsidm(8) System Manager's Manual dsidm(8)

NAME

dsidm

SYNOPSIS

dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-Z] [-j] instance {account,group,initialise,organizationalunit,posixgroup,user,client_config,role,service,uniquegroup} ...

OPTIONS

The name of the instance or its LDAP URL, such as ldap://server.example.com:389

Sub-commands

Manage generic accounts, with tasks like modify, locking and unlocking. To create an account, see "user" subcommand instead.
Manage groups. The organizationalUnit (by default "ou=groups") needs to exist prior to managing groups. Groups uses the objectclass "groupOfNames" and the grouping attribute "member"
Initialise a backend with domain information and sample entries
Manage organizational units
Manage posix groups The organizationalUnit (by default ou=groups") needs to exist prior to managing posix groups.
Manage posix users. The organizationalUnit (by default "ou=people") needs to exist prior to managing users.
Display and generate client example configs for this LDAP server
Manage roles.
Manage service accounts
Manage groups. The organizationalUnit (by default "ou=groups") needs to exist prior to managing groups. Unique groups uses the objectclass "groupOfUniqueNames" and the grouping attribute "uniquemember"

OPTIONS 'dsidm account'

usage: dsidm instance account [-h]
{list,get-by-dn,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status,reset_password,change_password,bulk_update}
...

Sub-commands

list accounts that could login to the directory
get-by-dn <dn>
modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
rename the object
deletes the account
lock
unlock
status of a single entry
status of a subtree
Reset the password of an account. This should be performed by a directory admin.
Change the password of an account. This can be performed by any user (with correct rights)
Perform a common operation to a set of entries

OPTIONS 'dsidm account list'

usage: dsidm instance account list [-h]

OPTIONS 'dsidm account get-by-dn'

usage: dsidm instance account get-by-dn [-h] [dn]

The dn to get and display

OPTIONS 'dsidm account modify-by-dn'

usage: dsidm instance account modify-by-dn [-h] dn changes [changes ...]

The dn to get and display

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm account rename-by-dn'

usage: dsidm instance account rename-by-dn [-h] [--keep-old-rdn] dn new_dn

The dn to rename

A new role dn

Specify whether the old RDN (i.e. 'cn: old_role') should be kept as an attribute of the entry or not

OPTIONS 'dsidm account delete'

usage: dsidm instance account delete [-h] [dn]

The dn of the account to delete

OPTIONS 'dsidm account lock'

usage: dsidm instance account lock [-h] [dn]

The dn to lock

OPTIONS 'dsidm account unlock'

usage: dsidm instance account unlock [-h] [dn]

The dn to unlock

OPTIONS 'dsidm account entry-status'

usage: dsidm instance account entry-status [-h] [-V] [dn]

The single entry dn to check

Print more account policy details about the entry

OPTIONS 'dsidm account subtree-status'

usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
[-s {one,sub}] [-i]
[-o BECOME_INACTIVE_ON]
basedn

Search base for finding entries

Print more account policy details about the entries

Search filter for finding entries

Search scope (one, sub - default is sub

Only display inactivated entries

Only display entries that will become inactive before specified date (in a format 2007-04-25T14:30)

OPTIONS 'dsidm account reset_password'

usage: dsidm instance account reset_password [-h] [dn] [new_password]

The dn to reset the password for

The new password to set

OPTIONS 'dsidm account change_password'

usage: dsidm instance account change_password [-h]
[dn] [new_password]
[current_password]

The dn to change the password for

The new password to set

The accounts current password

OPTIONS 'dsidm account bulk_update'

usage: dsidm instance account bulk_update [-h] [-f FILTER] [-s {one,sub}] [-x]
basedn changes [changes ...]

Search base for finding entries, only the children of this DN are processed

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

Search filter for finding entries, default is '(objectclass=*)'

Search scope (one, sub - default is sub

Stop processing updates when an error occurs. Default is False

OPTIONS 'dsidm group'

usage: dsidm instance group [-h]
{list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member}
...

Sub-commands

list
get
get_dn
create
deletes the object
modify <add|delete|replace>:<attribute>:<value> ...
rename the object
List member dns of a group
Add a member to a group
Remove a member from a group

OPTIONS 'dsidm group list'

usage: dsidm instance group list [-h]

OPTIONS 'dsidm group get'

usage: dsidm instance group get [-h] [selector]

The term to search for

OPTIONS 'dsidm group get_dn'

usage: dsidm instance group get_dn [-h] [dn]

The dn to get

OPTIONS 'dsidm group create'

usage: dsidm instance group create [-h] [--cn [CN]]

Value of cn

OPTIONS 'dsidm group delete'

usage: dsidm instance group delete [-h] [dn]

The dn to delete

OPTIONS 'dsidm group modify'

usage: dsidm instance group modify [-h] selector changes [changes ...]

The cn to modify

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm group rename'

usage: dsidm instance group rename [-h] [--keep-old-rdn] selector new_name

The cn to rename

A new group name

Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not

OPTIONS 'dsidm group members'

usage: dsidm instance group members [-h] [cn]

cn of group to list members of

OPTIONS 'dsidm group add_member'

usage: dsidm instance group add_member [-h] [cn] [dn]

cn of group to add member to

dn of object to add to group as member

OPTIONS 'dsidm group remove_member'

usage: dsidm instance group remove_member [-h] [cn] [dn]

cn of group to remove member from

dn of object to remove from group as member

OPTIONS 'dsidm initialise'

usage: dsidm instance initialise [-h] [--version VERSION]

The version of entries to create.

OPTIONS 'dsidm organizationalunit'

usage: dsidm instance organizationalunit [-h]
{list,get,get_dn,create,delete,modify,rename}
...

Sub-commands

list
get
get_dn
create
deletes the object
modify <add|delete|replace>:<attribute>:<value> ...
rename the object

OPTIONS 'dsidm organizationalunit list'

usage: dsidm instance organizationalunit list [-h]

OPTIONS 'dsidm organizationalunit get'

usage: dsidm instance organizationalunit get [-h] [selector]

The term to search for

OPTIONS 'dsidm organizationalunit get_dn'

usage: dsidm instance organizationalunit get_dn [-h] [dn]

The dn to get

OPTIONS 'dsidm organizationalunit create'

usage: dsidm instance organizationalunit create [-h] [--ou [OU]]

Value of ou

OPTIONS 'dsidm organizationalunit delete'

usage: dsidm instance organizationalunit delete [-h] [dn]

The dn to delete

OPTIONS 'dsidm organizationalunit modify'

usage: dsidm instance organizationalunit modify [-h]
selector changes [changes ...]

The ou to modify

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm organizationalunit rename'

usage: dsidm instance organizationalunit rename [-h] [--keep-old-rdn]
selector new_name

The ou to rename

A new organizational unit name

Specify whether the old RDN (i.e. 'ou: old_ou') should be kept as an attribute of the entry or not

OPTIONS 'dsidm posixgroup'

usage: dsidm instance posixgroup [-h]
{list,get,get_dn,create,delete,modify,rename}
...

Sub-commands

list
get
get_dn
create
deletes the object
modify <add|delete|replace>:<attribute>:<value> ...
rename the object

OPTIONS 'dsidm posixgroup list'

usage: dsidm instance posixgroup list [-h]

OPTIONS 'dsidm posixgroup get'

usage: dsidm instance posixgroup get [-h] [selector]

The term to search for

OPTIONS 'dsidm posixgroup get_dn'

usage: dsidm instance posixgroup get_dn [-h] [dn]

The dn to get

OPTIONS 'dsidm posixgroup create'

usage: dsidm instance posixgroup create [-h] [--cn [CN]]
[--gidNumber [GIDNUMBER]]

Value of cn

Value of gidNumber

OPTIONS 'dsidm posixgroup delete'

usage: dsidm instance posixgroup delete [-h] [dn]

The dn to delete

OPTIONS 'dsidm posixgroup modify'

usage: dsidm instance posixgroup modify [-h] selector changes [changes ...]

The cn to modify

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm posixgroup rename'

usage: dsidm instance posixgroup rename [-h] [--keep-old-rdn]
selector new_name

The cn to rename

A new posix group name

Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not

OPTIONS 'dsidm user'

usage: dsidm instance user [-h]
{list,get,get_dn,create,modify,rename,delete} ...

Sub-commands

list
get
get_dn
create
modify <add|delete|replace>:<attribute>:<value> ...
rename the object
deletes the object

OPTIONS 'dsidm user list'

usage: dsidm instance user list [-h]

OPTIONS 'dsidm user get'

usage: dsidm instance user get [-h] [selector]

The term to search for

OPTIONS 'dsidm user get_dn'

usage: dsidm instance user get_dn [-h] [dn]

The dn to get

OPTIONS 'dsidm user create'

usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
[--displayName [DISPLAYNAME]]
[--uidNumber [UIDNUMBER]]
[--gidNumber [GIDNUMBER]]
[--homeDirectory [HOMEDIRECTORY]]

Value of uid

Value of cn

Value of displayName

Value of uidNumber

Value of gidNumber

Value of homeDirectory

OPTIONS 'dsidm user modify'

usage: dsidm instance user modify [-h] selector changes [changes ...]

The uid to modify

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm user rename'

usage: dsidm instance user rename [-h] [--keep-old-rdn] selector new_name

The uid to modify

A new user name

Specify whether the old RDN (i.e. 'cn: old_user') should be kept as an attribute of the entry or not

OPTIONS 'dsidm user delete'

usage: dsidm instance user delete [-h] [dn]

The dn to delete

OPTIONS 'dsidm client_config'

usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display} ...

Sub-commands

Generate a SSSD configuration for this LDAP server
Generate an OpenLDAP ldap.conf configuration for this LDAP server
Display generic application parameters for LDAP connection

OPTIONS 'dsidm client_config sssd.conf'

usage: dsidm instance client_config sssd.conf [-h] [allowed_group]

The name of the group allowed access to this system

OPTIONS 'dsidm client_config ldap.conf'

usage: dsidm instance client_config ldap.conf [-h]

OPTIONS 'dsidm client_config display'

usage: dsidm instance client_config display [-h]

OPTIONS 'dsidm role'

usage: dsidm instance role [-h]
{list,get,get-by-dn,create-managed,create-filtered,create-nested,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status}
...

Sub-commands

list roles that could login to the directory
get
get-by-dn <dn>
create
create
create
modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
rename the object
deletes the role
lock
unlock
status of a single entry
status of a subtree

OPTIONS 'dsidm role list'

usage: dsidm instance role list [-h]

OPTIONS 'dsidm role get'

usage: dsidm instance role get [-h] [selector]

The term to search for

OPTIONS 'dsidm role get-by-dn'

usage: dsidm instance role get-by-dn [-h] [dn]

The dn to get and display

OPTIONS 'dsidm role create-managed'

usage: dsidm instance role create-managed [-h] [--cn [CN]]

Value of cn

OPTIONS 'dsidm role create-filtered'

usage: dsidm instance role create-filtered [-h] [--cn [CN]]

Value of cn

OPTIONS 'dsidm role create-nested'

usage: dsidm instance role create-nested [-h] [--cn [CN]]
[--nsRoleDN [NSROLEDN]]

Value of cn

Value of nsRoleDN

OPTIONS 'dsidm role modify-by-dn'

usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]

The dn to modify

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm role rename-by-dn'

usage: dsidm instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn

The dn to rename

A new account dn

Specify whether the old RDN (i.e. 'cn: old_account') should be kept as an attribute of the entry or not

OPTIONS 'dsidm role delete'

usage: dsidm instance role delete [-h] [dn]

The dn of the role to delete

OPTIONS 'dsidm role lock'

usage: dsidm instance role lock [-h] [dn]

The dn to lock

OPTIONS 'dsidm role unlock'

usage: dsidm instance role unlock [-h] [dn]

The dn to unlock

OPTIONS 'dsidm role entry-status'

usage: dsidm instance role entry-status [-h] [dn]

The single entry dn to check

OPTIONS 'dsidm role subtree-status'

usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s {base,one,sub}]
basedn

Search base for finding entries

Search filter for finding entries

Search scope (base, one, sub - default is sub

OPTIONS 'dsidm service'

usage: dsidm instance service [-h]
{list,get,get_dn,create,modify,rename,delete}
...

Sub-commands

list
get
get_dn
create
modify <add|delete|replace>:<attribute>:<value> ...
rename the object
deletes the object

OPTIONS 'dsidm service list'

usage: dsidm instance service list [-h]

OPTIONS 'dsidm service get'

usage: dsidm instance service get [-h] [selector]

The term to search for

OPTIONS 'dsidm service get_dn'

usage: dsidm instance service get_dn [-h] [dn]

The dn to get

OPTIONS 'dsidm service create'

usage: dsidm instance service create [-h] [--cn [CN]]
[--description [DESCRIPTION]]

Value of cn

Value of description

OPTIONS 'dsidm service modify'

usage: dsidm instance service modify [-h] selector changes [changes ...]

The cn to modify

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm service rename'

usage: dsidm instance service rename [-h] [--keep-old-rdn] selector new_name

The cn to modify

A new service name

Specify whether the old RDN (i.e. 'cn: old_service') should be kept as an attribute of the entry or not

OPTIONS 'dsidm service delete'

usage: dsidm instance service delete [-h] [dn]

The dn to delete

OPTIONS 'dsidm uniquegroup'

usage: dsidm instance uniquegroup [-h]
{list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member}
...

Sub-commands

list
get
get_dn
create
deletes the object
modify <add|delete|replace>:<attribute>:<value> ...
rename the object
List member dns of a group
Add a member to a group
Remove a member from a group

OPTIONS 'dsidm uniquegroup list'

usage: dsidm instance uniquegroup list [-h]

OPTIONS 'dsidm uniquegroup get'

usage: dsidm instance uniquegroup get [-h] [selector]

The term to search for

OPTIONS 'dsidm uniquegroup get_dn'

usage: dsidm instance uniquegroup get_dn [-h] [dn]

The dn to get

OPTIONS 'dsidm uniquegroup create'

usage: dsidm instance uniquegroup create [-h] [--cn [CN]]

Value of cn

OPTIONS 'dsidm uniquegroup delete'

usage: dsidm instance uniquegroup delete [-h] [dn]

The dn to delete

OPTIONS 'dsidm uniquegroup modify'

usage: dsidm instance uniquegroup modify [-h] selector changes [changes ...]

The cn to modify

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm uniquegroup rename'

usage: dsidm instance uniquegroup rename [-h] [--keep-old-rdn]
selector new_name

The cn to rename

A new group name

Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not

OPTIONS 'dsidm uniquegroup members'

usage: dsidm instance uniquegroup members [-h] [cn]

cn of group to list members of

OPTIONS 'dsidm uniquegroup add_member'

usage: dsidm instance uniquegroup add_member [-h] [cn] [dn]

cn of group to add member to

dn of object to add to group as member

OPTIONS 'dsidm uniquegroup remove_member'

usage: dsidm instance uniquegroup remove_member [-h] [cn] [dn]

cn of group to remove member from

dn of object to remove from group as member

Base DN (root naming context) of the instance to manage

Display verbose operation tracing during command execution

The account to bind as for executing operations

Password for the bind DN

Prompt for password of the bind DN

Specifies a file containing the password of the bind DN

Connect with StartTLS

Return result in JSON object

AUTHORS

lib389 was written by Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org>.

DISTRIBUTION

The latest version of lib389 may be downloaded from http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html

Manual