1dsidm(8) System Manager's Manual dsidm(8)
2
6 dsidm
7
9 dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE]
10 [-Z] [-j] instance {account,group,initialise,organizationalunit,posix‐
11 group,user,client_config,role} ...
12
14 instance
15 The instance name OR the LDAP url to connect to, IE localhost,
16 ldap://mai.example.com:389
17 Sub-commands
20 dsidm account
21 Manage generic accounts, with tasks like modify, locking and
22 unlocking. To create an account, see "user" subcommand instead.
23 dsidm group
25 Manage groups
26 dsidm initialise
28 Initialise a backend with domain information and sample entries
29 dsidm organizationalunit
31 Manage organizational units
32 dsidm posixgroup
34 Manage posix groups
35 dsidm user
37 Manage posix users
38 dsidm client_config
40 Display and generate client example configs for this LDAP server
41 dsidm role
43 Manage generic roles, with tasks like modify, locking and
44 unlocking.
45
47 usage: dsidm instance account [-h]
48 {list,get-by-dn,modify-by-
49 dn,delete,lock,unlock,entry-status,subtree-status,reset_pass‐
50 word,change_password}
51 ...
52 Sub-commands
55 dsidm account list
56 list accounts that could login to the directory
57 dsidm account get-by-dn
59 get-by-dn <dn>
60 dsidm account modify-by-dn
62 modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
63 dsidm account delete
65 deletes the account
66 dsidm account lock
68 lock
69 dsidm account unlock
71 unlock
72 dsidm account entry-status
74 status of a single entry
75 dsidm account subtree-status
77 status of a subtree
78 dsidm account reset_password
80 Reset the password of an account. This should be performed by a
81 directory admin.
82 dsidm account change_password
84 Change the password of an account. This can be performed by any
85 user (with correct rights)
86
88 usage: dsidm instance account list [-h]
89
94 usage: dsidm instance account get-by-dn [-h] [dn]
95 dn The dn to get and display
98
102 usage: dsidm instance account modify-by-dn [-h] dn changes [changes
103 ...]
104 dn The dn to get and display
107 changes
110 A list of changes to apply in format:
111 <add|delete|replace>:<attribute>:<value>
112
116 usage: dsidm instance account delete [-h] [dn]
117 dn The dn of the account to delete
120
124 usage: dsidm instance account lock [-h] [dn]
125 dn The dn to lock
128
132 usage: dsidm instance account unlock [-h] [dn]
133 dn The dn to unlock
136
140 usage: dsidm instance account entry-status [-h] [-V] [dn]
141 dn The single entry dn to check
144 -V, --details
147 Print more account policy details about the entry
148
151 usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
152 [-s {one,sub}] [-i]
153 [-o BECOME_INACTIVE_ON]
154 basedn
155 basedn Search base for finding entries
158 -V, --details
161 Print more account policy details about the entries
162 -f FILTER, --filter FILTER
165 Search filter for finding entries
166 -s {one,sub}, --scope {one,sub}
169 Search scope (one, sub - default is sub
170 -i, --inactive-only
173 Only display inactivated entries
174 -o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON
177 Only display entries that will become inactive before specified
178 date (in a
179 format 2007-04-25T14:30)
180
183 usage: dsidm instance account reset_password [-h] [dn] [new_password]
184 dn The dn to reset the password for
187 new_password
190 The new password to set
191
195 usage: dsidm instance account change_password [-h]
196 [dn] [new_password]
197 [current_password]
198 dn The dn to change the password for
201 new_password
204 The new password to set
205 current_password
208 The accounts current password
209
214 usage: dsidm instance group [-h]
215 {list,get,get_dn,create,delete,modify,mem‐
216 bers,add_member,remove_member}
217 ...
218 Sub-commands
221 dsidm group list
222 list
223 dsidm group get
225 get
226 dsidm group get_dn
228 get_dn
229 dsidm group create
231 create
232 dsidm group delete
234 deletes the object
235 dsidm group modify
237 modify <add|delete|replace>:<attribute>:<value> ...
238 dsidm group members
240 List member dns of a group
241 dsidm group add_member
243 Add a member to a group
244 dsidm group remove_member
246 Remove a member from a group
247
249 usage: dsidm instance group list [-h]
250
255 usage: dsidm instance group get [-h] [selector]
256 selector
259 The term to search for
260
264 usage: dsidm instance group get_dn [-h] [dn]
265 dn The dn to get
268
272 usage: dsidm instance group create [-h] [--cn [CN]]
273 --cn [CN]
277 Value of cn
278
281 usage: dsidm instance group delete [-h] [dn]
282 dn The dn to delete
285
289 usage: dsidm instance group modify [-h] selector changes [changes ...]
290 selector
293 The cn to modify
294 changes
297 A list of changes to apply in format:
298 <add|delete|replace>:<attribute>:<value>
299
303 usage: dsidm instance group members [-h] [cn]
304 cn cn of group to list members of
307
311 usage: dsidm instance group add_member [-h] [cn] [dn]
312 cn cn of group to add member to
315 dn dn of object to add to group as member
318
322 usage: dsidm instance group remove_member [-h] [cn] [dn]
323 cn cn of group to remove member from
326 dn dn of object to remove from group as member
329
334 usage: dsidm instance initialise [-h] [--version VERSION]
335 --version VERSION
339 The version of entries to create.
340
343 usage: dsidm instance organizationalunit [-h]
344 {list,get,get_dn,cre‐
345 ate,delete,modify}
346 ...
347 Sub-commands
350 dsidm organizationalunit list
351 list
352 dsidm organizationalunit get
354 get
355 dsidm organizationalunit get_dn
357 get_dn
358 dsidm organizationalunit create
360 create
361 dsidm organizationalunit delete
363 deletes the object
364 dsidm organizationalunit modify
366 modify <add|delete|replace>:<attribute>:<value> ...
367
369 usage: dsidm instance organizationalunit list [-h]
370
375 usage: dsidm instance organizationalunit get [-h] [selector]
376 selector
379 The term to search for
380
384 usage: dsidm instance organizationalunit get_dn [-h] [dn]
385 dn The dn to get
388
392 usage: dsidm instance organizationalunit create [-h] [--ou [OU]]
393 --ou [OU]
397 Value of ou
398
401 usage: dsidm instance organizationalunit delete [-h] [dn]
402 dn The dn to delete
405
409 usage: dsidm instance organizationalunit modify [-h]
410 selector changes
411 [changes ...]
412 selector
415 The ou to modify
416 changes
419 A list of changes to apply in format:
420 <add|delete|replace>:<attribute>:<value>
421
426 usage: dsidm instance posixgroup [-h]
427 {list,get,get_dn,create,delete,modify}
428 ...
429 Sub-commands
432 dsidm posixgroup list
433 list
434 dsidm posixgroup get
436 get
437 dsidm posixgroup get_dn
439 get_dn
440 dsidm posixgroup create
442 create
443 dsidm posixgroup delete
445 deletes the object
446 dsidm posixgroup modify
448 modify <add|delete|replace>:<attribute>:<value> ...
449
451 usage: dsidm instance posixgroup list [-h]
452
457 usage: dsidm instance posixgroup get [-h] [selector]
458 selector
461 The term to search for
462
466 usage: dsidm instance posixgroup get_dn [-h] [dn]
467 dn The dn to get
470
474 usage: dsidm instance posixgroup create [-h] [--cn [CN]]
475 [--gidNumber [GIDNUMBER]]
476 --cn [CN]
480 Value of cn
481 --gidNumber [GIDNUMBER]
484 Value of gidNumber
485
488 usage: dsidm instance posixgroup delete [-h] [dn]
489 dn The dn to delete
492
496 usage: dsidm instance posixgroup modify [-h] selector changes [changes
497 ...]
498 selector
501 The cn to modify
502 changes
505 A list of changes to apply in format:
506 <add|delete|replace>:<attribute>:<value>
507
512 usage: dsidm instance user [-h]
513 {list,get,get_dn,create,mod‐
514 ify,delete,lock,status,unlock}
515 ...
516 Sub-commands
519 dsidm user list
520 list
521 dsidm user get
523 get
524 dsidm user get_dn
526 get_dn
527 dsidm user create
529 create
530 dsidm user modify
532 modify <add|delete|replace>:<attribute>:<value> ...
533 dsidm user delete
535 deletes the object
536 dsidm user lock
538 lock
539 dsidm user status
541 status
542 dsidm user unlock
544 unlock
545
547 usage: dsidm instance user list [-h]
548
553 usage: dsidm instance user get [-h] [selector]
554 selector
557 The term to search for
558
562 usage: dsidm instance user get_dn [-h] [dn]
563 dn The dn to get
566
570 usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
571 [--displayName [DISPLAYNAME]]
572 [--uidNumber [UIDNUMBER]]
573 [--gidNumber [GIDNUMBER]]
574 [--homeDirectory [HOMEDIRECTORY]]
575 --uid [UID]
579 Value of uid
580 --cn [CN]
583 Value of cn
584 --displayName [DISPLAYNAME]
587 Value of displayName
588 --uidNumber [UIDNUMBER]
591 Value of uidNumber
592 --gidNumber [GIDNUMBER]
595 Value of gidNumber
596 --homeDirectory [HOMEDIRECTORY]
599 Value of homeDirectory
600
603 usage: dsidm instance user modify [-h] selector changes [changes ...]
604 selector
607 The uid to modify
608 changes
611 A list of changes to apply in format:
612 <add|delete|replace>:<attribute>:<value>
613
617 usage: dsidm instance user delete [-h] [dn]
618 dn The dn to delete
621
625 usage: dsidm instance user lock [-h] [uid]
626 uid The uid to lock
629
633 usage: dsidm instance user status [-h] [uid]
634 uid The uid to check
637
641 usage: dsidm instance user unlock [-h] [uid]
642 uid The uid to unlock
645
650 usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display}
651 ...
652 Sub-commands
655 dsidm client_config sssd.conf
656 Generate a SSSD configuration for this LDAP server
657 dsidm client_config ldap.conf
659 Generate an OpenLDAP ldap.conf configuration for this LDAP
660 server
661 dsidm client_config display
663 Display generic application parameters for LDAP connection
664
666 usage: dsidm instance client_config sssd.conf [-h] [allowed_group]
667 allowed_group
670 The name of the group allowed access to this system
671
675 usage: dsidm instance client_config ldap.conf [-h]
676
681 usage: dsidm instance client_config display [-h]
682
688 usage: dsidm instance role [-h]
689 {list,get-by-dn,modify-by-
690 dn,delete,lock,unlock,entry-status,subtree-status}
691 ...
692 Sub-commands
695 dsidm role list
696 list roles that could login to the directory
697 dsidm role get-by-dn
699 get-by-dn <dn>
700 dsidm role modify-by-dn
702 modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
703 dsidm role delete
705 deletes the role
706 dsidm role lock
708 lock
709 dsidm role unlock
711 unlock
712 dsidm role entry-status
714 status of a single entry
715 dsidm role subtree-status
717 status of a subtree
718
720 usage: dsidm instance role list [-h]
721
726 usage: dsidm instance role get-by-dn [-h] [dn]
727 dn The dn to get and display
730
734 usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]
735 dn The dn to get and display
738 changes
741 A list of changes to apply in format:
742 <add|delete|replace>:<attribute>:<value>
743
747 usage: dsidm instance role delete [-h] [dn]
748 dn The dn of the role to delete
751
755 usage: dsidm instance role lock [-h] [dn]
756 dn The dn to lock
759
763 usage: dsidm instance role unlock [-h] [dn]
764 dn The dn to unlock
767
771 usage: dsidm instance role entry-status [-h] [dn]
772 dn The single entry dn to check
775
779 usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s
780 {base,one,sub}]
781 basedn
782 basedn Search base for finding entries
785 -f FILTER, --filter FILTER
788 Search filter for finding entries
789 -s {base,one,sub}, --scope {base,one,sub}
792 Search scope (base, one, sub - default is sub
793 -b BASEDN, --basedn BASEDN
797 Basedn (root naming context) of the instance to manage
798 -v, --verbose
801 Display verbose operation tracing during command execution
802 -D BINDDN, --binddn BINDDN
805 The account to bind as for executing operations
806 -w BINDPW, --bindpw BINDPW
809 Password for binddn
810 -W, --prompt
813 Prompt for password for binddn
814 -y PWDFILE, --pwdfile PWDFILE
817 Specifies a file containing the password for the bind DN
818 -Z, --starttls
821 Connect with StartTLS
822 -j, --json
825 Return result in JSON object
826
829 lib389 was written by Red Hat Inc. <389-devel@lists.fedoraproject.org>.
830
832 The latest version of lib389 may be downloaded from
833 ⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html⟩
834 Manual dsidm(8)