1dsidm(8) System Manager's Manual dsidm(8)
2
6 dsidm
7
9 dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE]
10 [-Z] [-j] instance {account,group,initialise,organizationalunit,posix‐
11 group,user,client_config,role} ...
12
14 instance
15 The instance name OR the LDAP url to connect to, IE localhost,
16 ldap://mai.example.com:389
17 Sub-commands
20 dsidm account
21 Manage generic accounts, with tasks like modify, locking and
22 unlocking. To create an account, see "user" subcommand instead.
23 dsidm group
25 Manage groups
26 dsidm initialise
28 Initialise a backend with domain information and sample entries
29 dsidm organizationalunit
31 Manage organizational units
32 dsidm posixgroup
34 Manage posix groups
35 dsidm user
37 Manage posix users
38 dsidm client_config
40 Display and generate client example configs for this LDAP server
41 dsidm role
43 Manage generic roles, with tasks like modify, locking and
44 unlocking.
45
47 usage: dsidm instance account [-h]
48 {list,get-by-dn,modify-by-
49 dn,delete,lock,unlock,entry-status,subtree-status,reset_pass‐
50 word,change_password}
51 ...
52 Sub-commands
55 dsidm account list
56 list accounts that could login to the directory
57 dsidm account get-by-dn
59 get-by-dn <dn>
60 dsidm account modify-by-dn
62 modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
63 dsidm account delete
65 deletes the account
66 dsidm account lock
68 lock
69 dsidm account unlock
71 unlock
72 dsidm account entry-status
74 status of a single entry
75 dsidm account subtree-status
77 status of a subtree
78 dsidm account reset_password
80 Reset the password of an account. This should be performed by a
81 directory admin.
82 dsidm account change_password
84 Change the password of an account. This can be performed by any
85 user (with correct rights)
86
88 usage: dsidm instance account list [-h]
89
94 usage: dsidm instance account get-by-dn [-h] [dn]
95 dn The dn to get and display
98
102 usage: dsidm instance account modify-by-dn [-h] dn changes [changes
103 ...]
104 dn The dn to get and display
107 changes
110 A list of changes to apply in format:
111 <add|delete|replace>:<attribute>:<value>
112
116 usage: dsidm instance account delete [-h] [dn]
117 dn The dn of the account to delete
120
124 usage: dsidm instance account lock [-h] [dn]
125 dn The dn to lock
128
132 usage: dsidm instance account unlock [-h] [dn]
133 dn The dn to unlock
136
140 usage: dsidm instance account entry-status [-h] [-V] [dn]
141 dn The single entry dn to check
144 -V, --details
147 Print more account policy details about the entry
148
151 usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
152 [-s {one,sub}] [-i]
153 [-o BECOME_INACTIVE_ON]
154 basedn
155 basedn Search base for finding entries
158 -V, --details
161 Print more account policy details about the entries
162 -f FILTER, --filter FILTER
165 Search filter for finding entries
166 -s {one,sub}, --scope {one,sub}
169 Search scope (one, sub - default is sub
170 -i, --inactive-only
173 Only display inactivated entries
174 -o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON
177 Only display entries that will become inactive before specified
178 date (in a format 2007-04-25T14:30)
179
182 usage: dsidm instance account reset_password [-h] [dn] [new_password]
183 dn The dn to reset the password for
186 new_password
189 The new password to set
190
194 usage: dsidm instance account change_password [-h]
195 [dn] [new_password]
196 [current_password]
197 dn The dn to change the password for
200 new_password
203 The new password to set
204 current_password
207 The accounts current password
208
213 usage: dsidm instance group [-h]
214 {list,get,get_dn,create,delete,modify,mem‐
215 bers,add_member,remove_member}
216 ...
217 Sub-commands
220 dsidm group list
221 list
222 dsidm group get
224 get
225 dsidm group get_dn
227 get_dn
228 dsidm group create
230 create
231 dsidm group delete
233 deletes the object
234 dsidm group modify
236 modify <add|delete|replace>:<attribute>:<value> ...
237 dsidm group members
239 List member dns of a group
240 dsidm group add_member
242 Add a member to a group
243 dsidm group remove_member
245 Remove a member from a group
246
248 usage: dsidm instance group list [-h]
249
254 usage: dsidm instance group get [-h] [selector]
255 selector
258 The term to search for
259
263 usage: dsidm instance group get_dn [-h] [dn]
264 dn The dn to get
267
271 usage: dsidm instance group create [-h] [--cn [CN]]
272 --cn [CN]
276 Value of cn
277
280 usage: dsidm instance group delete [-h] [dn]
281 dn The dn to delete
284
288 usage: dsidm instance group modify [-h] selector changes [changes ...]
289 selector
292 The cn to modify
293 changes
296 A list of changes to apply in format:
297 <add|delete|replace>:<attribute>:<value>
298
302 usage: dsidm instance group members [-h] [cn]
303 cn cn of group to list members of
306
310 usage: dsidm instance group add_member [-h] [cn] [dn]
311 cn cn of group to add member to
314 dn dn of object to add to group as member
317
321 usage: dsidm instance group remove_member [-h] [cn] [dn]
322 cn cn of group to remove member from
325 dn dn of object to remove from group as member
328
333 usage: dsidm instance initialise [-h] [--version VERSION]
334 --version VERSION
338 The version of entries to create.
339
342 usage: dsidm instance organizationalunit [-h]
343 {list,get,get_dn,cre‐
344 ate,delete,modify}
345 ...
346 Sub-commands
349 dsidm organizationalunit list
350 list
351 dsidm organizationalunit get
353 get
354 dsidm organizationalunit get_dn
356 get_dn
357 dsidm organizationalunit create
359 create
360 dsidm organizationalunit delete
362 deletes the object
363 dsidm organizationalunit modify
365 modify <add|delete|replace>:<attribute>:<value> ...
366
368 usage: dsidm instance organizationalunit list [-h]
369
374 usage: dsidm instance organizationalunit get [-h] [selector]
375 selector
378 The term to search for
379
383 usage: dsidm instance organizationalunit get_dn [-h] [dn]
384 dn The dn to get
387
391 usage: dsidm instance organizationalunit create [-h] [--ou [OU]]
392 --ou [OU]
396 Value of ou
397
400 usage: dsidm instance organizationalunit delete [-h] [dn]
401 dn The dn to delete
404
408 usage: dsidm instance organizationalunit modify [-h]
409 selector changes
410 [changes ...]
411 selector
414 The ou to modify
415 changes
418 A list of changes to apply in format:
419 <add|delete|replace>:<attribute>:<value>
420
425 usage: dsidm instance posixgroup [-h]
426 {list,get,get_dn,create,delete,modify}
427 ...
428 Sub-commands
431 dsidm posixgroup list
432 list
433 dsidm posixgroup get
435 get
436 dsidm posixgroup get_dn
438 get_dn
439 dsidm posixgroup create
441 create
442 dsidm posixgroup delete
444 deletes the object
445 dsidm posixgroup modify
447 modify <add|delete|replace>:<attribute>:<value> ...
448
450 usage: dsidm instance posixgroup list [-h]
451
456 usage: dsidm instance posixgroup get [-h] [selector]
457 selector
460 The term to search for
461
465 usage: dsidm instance posixgroup get_dn [-h] [dn]
466 dn The dn to get
469
473 usage: dsidm instance posixgroup create [-h] [--cn [CN]]
474 [--gidNumber [GIDNUMBER]]
475 --cn [CN]
479 Value of cn
480 --gidNumber [GIDNUMBER]
483 Value of gidNumber
484
487 usage: dsidm instance posixgroup delete [-h] [dn]
488 dn The dn to delete
491
495 usage: dsidm instance posixgroup modify [-h] selector changes [changes
496 ...]
497 selector
500 The cn to modify
501 changes
504 A list of changes to apply in format:
505 <add|delete|replace>:<attribute>:<value>
506
511 usage: dsidm instance user [-h]
512 {list,get,get_dn,create,mod‐
513 ify,delete,lock,status,unlock}
514 ...
515 Sub-commands
518 dsidm user list
519 list
520 dsidm user get
522 get
523 dsidm user get_dn
525 get_dn
526 dsidm user create
528 create
529 dsidm user modify
531 modify <add|delete|replace>:<attribute>:<value> ...
532 dsidm user delete
534 deletes the object
535 dsidm user lock
537 lock
538 dsidm user status
540 status
541 dsidm user unlock
543 unlock
544
546 usage: dsidm instance user list [-h]
547
552 usage: dsidm instance user get [-h] [selector]
553 selector
556 The term to search for
557
561 usage: dsidm instance user get_dn [-h] [dn]
562 dn The dn to get
565
569 usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
570 [--displayName [DISPLAYNAME]]
571 [--uidNumber [UIDNUMBER]]
572 [--gidNumber [GIDNUMBER]]
573 [--homeDirectory [HOMEDIRECTORY]]
574 --uid [UID]
578 Value of uid
579 --cn [CN]
582 Value of cn
583 --displayName [DISPLAYNAME]
586 Value of displayName
587 --uidNumber [UIDNUMBER]
590 Value of uidNumber
591 --gidNumber [GIDNUMBER]
594 Value of gidNumber
595 --homeDirectory [HOMEDIRECTORY]
598 Value of homeDirectory
599
602 usage: dsidm instance user modify [-h] selector changes [changes ...]
603 selector
606 The uid to modify
607 changes
610 A list of changes to apply in format:
611 <add|delete|replace>:<attribute>:<value>
612
616 usage: dsidm instance user delete [-h] [dn]
617 dn The dn to delete
620
624 usage: dsidm instance user lock [-h] [uid]
625 uid The uid to lock
628
632 usage: dsidm instance user status [-h] [uid]
633 uid The uid to check
636
640 usage: dsidm instance user unlock [-h] [uid]
641 uid The uid to unlock
644
649 usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display}
650 ...
651 Sub-commands
654 dsidm client_config sssd.conf
655 Generate a SSSD configuration for this LDAP server
656 dsidm client_config ldap.conf
658 Generate an OpenLDAP ldap.conf configuration for this LDAP
659 server
660 dsidm client_config display
662 Display generic application parameters for LDAP connection
663
665 usage: dsidm instance client_config sssd.conf [-h] [allowed_group]
666 allowed_group
669 The name of the group allowed access to this system
670
674 usage: dsidm instance client_config ldap.conf [-h]
675
680 usage: dsidm instance client_config display [-h]
681
687 usage: dsidm instance role [-h]
688 {list,get-by-dn,modify-by-
689 dn,delete,lock,unlock,entry-status,subtree-status}
690 ...
691 Sub-commands
694 dsidm role list
695 list roles that could login to the directory
696 dsidm role get-by-dn
698 get-by-dn <dn>
699 dsidm role modify-by-dn
701 modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
702 dsidm role delete
704 deletes the role
705 dsidm role lock
707 lock
708 dsidm role unlock
710 unlock
711 dsidm role entry-status
713 status of a single entry
714 dsidm role subtree-status
716 status of a subtree
717
719 usage: dsidm instance role list [-h]
720
725 usage: dsidm instance role get-by-dn [-h] [dn]
726 dn The dn to get and display
729
733 usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]
734 dn The dn to get and display
737 changes
740 A list of changes to apply in format:
741 <add|delete|replace>:<attribute>:<value>
742
746 usage: dsidm instance role delete [-h] [dn]
747 dn The dn of the role to delete
750
754 usage: dsidm instance role lock [-h] [dn]
755 dn The dn to lock
758
762 usage: dsidm instance role unlock [-h] [dn]
763 dn The dn to unlock
766
770 usage: dsidm instance role entry-status [-h] [dn]
771 dn The single entry dn to check
774
778 usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s
779 {base,one,sub}]
780 basedn
781 basedn Search base for finding entries
784 -f FILTER, --filter FILTER
787 Search filter for finding entries
788 -s {base,one,sub}, --scope {base,one,sub}
791 Search scope (base, one, sub - default is sub
792 -b BASEDN, --basedn BASEDN
796 Basedn (root naming context) of the instance to manage
797 -v, --verbose
800 Display verbose operation tracing during command execution
801 -D BINDDN, --binddn BINDDN
804 The account to bind as for executing operations
805 -w BINDPW, --bindpw BINDPW
808 Password for binddn
809 -W, --prompt
812 Prompt for password for binddn
813 -y PWDFILE, --pwdfile PWDFILE
816 Specifies a file containing the password for the bind DN
817 -Z, --starttls
820 Connect with StartTLS
821 -j, --json
824 Return result in JSON object
825
828 lib389 was written by Red Hat Inc. <389-devel@lists.fedoraproject.org>.
829
831 The latest version of lib389 may be downloaded from
832 ⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html⟩
833 Manual dsidm(8)