1dsidm(8) System Manager's Manual dsidm(8)
2
3
4
6 dsidm
7
9 dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE]
10 [-Z] [-j] instance {account,group,initialise,organizationalunit,posix‐
11 group,user,client_config,role} ...
12
14 instance
15 The name of the instance or its LDAP URL, such as
16 ldap://server.example.com:389
17
18
19 Sub-commands
20 dsidm account
21 Manage generic accounts, with tasks like modify, locking and un‐
22 locking. To create an account, see "user" subcommand instead.
23
24 dsidm group
25 Manage groups
26
27 dsidm initialise
28 Initialise a backend with domain information and sample entries
29
30 dsidm organizationalunit
31 Manage organizational units
32
33 dsidm posixgroup
34 Manage posix groups
35
36 dsidm user
37 Manage posix users
38
39 dsidm client_config
40 Display and generate client example configs for this LDAP server
41
42 dsidm role
43 Manage generic roles, with tasks like modify, locking and un‐
44 locking.
45
47 usage: dsidm instance account [-h]
48 {list,get-by-dn,modify-by-dn,rename-by-
49 dn,delete,lock,unlock,entry-status,subtree-status,reset_pass‐
50 word,change_password}
51 ...
52
53
54 Sub-commands
55 dsidm account list
56 list accounts that could login to the directory
57
58 dsidm account get-by-dn
59 get-by-dn <dn>
60
61 dsidm account modify-by-dn
62 modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
63
64 dsidm account rename-by-dn
65 rename the object
66
67 dsidm account delete
68 deletes the account
69
70 dsidm account lock
71 lock
72
73 dsidm account unlock
74 unlock
75
76 dsidm account entry-status
77 status of a single entry
78
79 dsidm account subtree-status
80 status of a subtree
81
82 dsidm account reset_password
83 Reset the password of an account. This should be performed by a
84 directory admin.
85
86 dsidm account change_password
87 Change the password of an account. This can be performed by any
88 user (with correct rights)
89
91 usage: dsidm instance account list [-h]
92
93
94
95
97 usage: dsidm instance account get-by-dn [-h] [dn]
98
99
100 dn The dn to get and display
101
102
103
105 usage: dsidm instance account modify-by-dn [-h] dn changes [changes
106 ...]
107
108
109 dn The dn to get and display
110
111
112 changes
113 A list of changes to apply in format: <add|delete|replace>:<at‐
114 tribute>:<value>
115
116
117
119 usage: dsidm instance account rename-by-dn [-h] [--keep-old-rdn] dn
120 new_dn
121
122
123 dn The dn to rename
124
125
126 new_dn A new role dn
127
128
129 --keep-old-rdn
130 Specify whether the old RDN (i.e. 'cn: old_role') should be kept
131 as an attribute of the entry or not
132
133
135 usage: dsidm instance account delete [-h] [dn]
136
137
138 dn The dn of the account to delete
139
140
141
143 usage: dsidm instance account lock [-h] [dn]
144
145
146 dn The dn to lock
147
148
149
151 usage: dsidm instance account unlock [-h] [dn]
152
153
154 dn The dn to unlock
155
156
157
159 usage: dsidm instance account entry-status [-h] [-V] [dn]
160
161
162 dn The single entry dn to check
163
164
165 -V, --details
166 Print more account policy details about the entry
167
168
170 usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
171 [-s {one,sub}] [-i]
172 [-o BECOME_INACTIVE_ON]
173 basedn
174
175
176 basedn Search base for finding entries
177
178
179 -V, --details
180 Print more account policy details about the entries
181
182
183 -f FILTER, --filter FILTER
184 Search filter for finding entries
185
186
187 -s {one,sub}, --scope {one,sub}
188 Search scope (one, sub - default is sub
189
190
191 -i, --inactive-only
192 Only display inactivated entries
193
194
195 -o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON
196 Only display entries that will become inactive before specified
197 date (in a format 2007-04-25T14:30)
198
199
201 usage: dsidm instance account reset_password [-h] [dn] [new_password]
202
203
204 dn The dn to reset the password for
205
206
207 new_password
208 The new password to set
209
210
211
213 usage: dsidm instance account change_password [-h]
214 [dn] [new_password]
215 [current_password]
216
217
218 dn The dn to change the password for
219
220
221 new_password
222 The new password to set
223
224
225 current_password
226 The accounts current password
227
228
229
230
232 usage: dsidm instance group [-h]
233 {list,get,get_dn,create,delete,modify,re‐
234 name,members,add_member,remove_member}
235 ...
236
237
238 Sub-commands
239 dsidm group list
240 list
241
242 dsidm group get
243 get
244
245 dsidm group get_dn
246 get_dn
247
248 dsidm group create
249 create
250
251 dsidm group delete
252 deletes the object
253
254 dsidm group modify
255 modify <add|delete|replace>:<attribute>:<value> ...
256
257 dsidm group rename
258 rename the object
259
260 dsidm group members
261 List member dns of a group
262
263 dsidm group add_member
264 Add a member to a group
265
266 dsidm group remove_member
267 Remove a member from a group
268
270 usage: dsidm instance group list [-h]
271
272
273
274
276 usage: dsidm instance group get [-h] [selector]
277
278
279 selector
280 The term to search for
281
282
283
285 usage: dsidm instance group get_dn [-h] [dn]
286
287
288 dn The dn to get
289
290
291
293 usage: dsidm instance group create [-h] [--cn [CN]]
294
295
296
297 --cn [CN]
298 Value of cn
299
300
302 usage: dsidm instance group delete [-h] [dn]
303
304
305 dn The dn to delete
306
307
308
310 usage: dsidm instance group modify [-h] selector changes [changes ...]
311
312
313 selector
314 The cn to modify
315
316
317 changes
318 A list of changes to apply in format: <add|delete|replace>:<at‐
319 tribute>:<value>
320
321
322
324 usage: dsidm instance group rename [-h] [--keep-old-rdn] selector
325 new_name
326
327
328 selector
329 The cn to rename
330
331
332 new_name
333 A new group name
334
335
336 --keep-old-rdn
337 Specify whether the old RDN (i.e. 'cn: old_group') should be
338 kept as an attribute of the entry or not
339
340
342 usage: dsidm instance group members [-h] [cn]
343
344
345 cn cn of group to list members of
346
347
348
350 usage: dsidm instance group add_member [-h] [cn] [dn]
351
352
353 cn cn of group to add member to
354
355
356 dn dn of object to add to group as member
357
358
359
361 usage: dsidm instance group remove_member [-h] [cn] [dn]
362
363
364 cn cn of group to remove member from
365
366
367 dn dn of object to remove from group as member
368
369
370
371
373 usage: dsidm instance initialise [-h] [--version VERSION]
374
375
376
377 --version VERSION
378 The version of entries to create.
379
380
382 usage: dsidm instance organizationalunit [-h]
383 {list,get,get_dn,cre‐
384 ate,delete,modify,rename}
385 ...
386
387
388 Sub-commands
389 dsidm organizationalunit list
390 list
391
392 dsidm organizationalunit get
393 get
394
395 dsidm organizationalunit get_dn
396 get_dn
397
398 dsidm organizationalunit create
399 create
400
401 dsidm organizationalunit delete
402 deletes the object
403
404 dsidm organizationalunit modify
405 modify <add|delete|replace>:<attribute>:<value> ...
406
407 dsidm organizationalunit rename
408 rename the object
409
411 usage: dsidm instance organizationalunit list [-h]
412
413
414
415
417 usage: dsidm instance organizationalunit get [-h] [selector]
418
419
420 selector
421 The term to search for
422
423
424
426 usage: dsidm instance organizationalunit get_dn [-h] [dn]
427
428
429 dn The dn to get
430
431
432
434 usage: dsidm instance organizationalunit create [-h] [--ou [OU]]
435
436
437
438 --ou [OU]
439 Value of ou
440
441
443 usage: dsidm instance organizationalunit delete [-h] [dn]
444
445
446 dn The dn to delete
447
448
449
451 usage: dsidm instance organizationalunit modify [-h]
452 selector changes
453 [changes ...]
454
455
456 selector
457 The ou to modify
458
459
460 changes
461 A list of changes to apply in format: <add|delete|replace>:<at‐
462 tribute>:<value>
463
464
465
467 usage: dsidm instance organizationalunit rename [-h] [--keep-old-rdn]
468 selector new_name
469
470
471 selector
472 The ou to rename
473
474
475 new_name
476 A new organizational unit name
477
478
479 --keep-old-rdn
480 Specify whether the old RDN (i.e. 'ou: old_ou') should be kept
481 as an attribute of the entry or not
482
483
484
486 usage: dsidm instance posixgroup [-h]
487 {list,get,get_dn,create,delete,mod‐
488 ify,rename}
489 ...
490
491
492 Sub-commands
493 dsidm posixgroup list
494 list
495
496 dsidm posixgroup get
497 get
498
499 dsidm posixgroup get_dn
500 get_dn
501
502 dsidm posixgroup create
503 create
504
505 dsidm posixgroup delete
506 deletes the object
507
508 dsidm posixgroup modify
509 modify <add|delete|replace>:<attribute>:<value> ...
510
511 dsidm posixgroup rename
512 rename the object
513
515 usage: dsidm instance posixgroup list [-h]
516
517
518
519
521 usage: dsidm instance posixgroup get [-h] [selector]
522
523
524 selector
525 The term to search for
526
527
528
530 usage: dsidm instance posixgroup get_dn [-h] [dn]
531
532
533 dn The dn to get
534
535
536
538 usage: dsidm instance posixgroup create [-h] [--cn [CN]]
539 [--gidNumber [GIDNUMBER]]
540
541
542
543 --cn [CN]
544 Value of cn
545
546
547 --gidNumber [GIDNUMBER]
548 Value of gidNumber
549
550
552 usage: dsidm instance posixgroup delete [-h] [dn]
553
554
555 dn The dn to delete
556
557
558
560 usage: dsidm instance posixgroup modify [-h] selector changes [changes
561 ...]
562
563
564 selector
565 The cn to modify
566
567
568 changes
569 A list of changes to apply in format: <add|delete|replace>:<at‐
570 tribute>:<value>
571
572
573
575 usage: dsidm instance posixgroup rename [-h] [--keep-old-rdn]
576 selector new_name
577
578
579 selector
580 The cn to rename
581
582
583 new_name
584 A new posix group name
585
586
587 --keep-old-rdn
588 Specify whether the old RDN (i.e. 'cn: old_group') should be
589 kept as an attribute of the entry or not
590
591
592
594 usage: dsidm instance user [-h]
595 {list,get,get_dn,create,modify,re‐
596 name,delete} ...
597
598
599 Sub-commands
600 dsidm user list
601 list
602
603 dsidm user get
604 get
605
606 dsidm user get_dn
607 get_dn
608
609 dsidm user create
610 create
611
612 dsidm user modify
613 modify <add|delete|replace>:<attribute>:<value> ...
614
615 dsidm user rename
616 rename the object
617
618 dsidm user delete
619 deletes the object
620
622 usage: dsidm instance user list [-h]
623
624
625
626
628 usage: dsidm instance user get [-h] [selector]
629
630
631 selector
632 The term to search for
633
634
635
637 usage: dsidm instance user get_dn [-h] [dn]
638
639
640 dn The dn to get
641
642
643
645 usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
646 [--displayName [DISPLAYNAME]]
647 [--uidNumber [UIDNUMBER]]
648 [--gidNumber [GIDNUMBER]]
649 [--homeDirectory [HOMEDIRECTORY]]
650
651
652
653 --uid [UID]
654 Value of uid
655
656
657 --cn [CN]
658 Value of cn
659
660
661 --displayName [DISPLAYNAME]
662 Value of displayName
663
664
665 --uidNumber [UIDNUMBER]
666 Value of uidNumber
667
668
669 --gidNumber [GIDNUMBER]
670 Value of gidNumber
671
672
673 --homeDirectory [HOMEDIRECTORY]
674 Value of homeDirectory
675
676
678 usage: dsidm instance user modify [-h] selector changes [changes ...]
679
680
681 selector
682 The uid to modify
683
684
685 changes
686 A list of changes to apply in format: <add|delete|replace>:<at‐
687 tribute>:<value>
688
689
690
692 usage: dsidm instance user rename [-h] [--keep-old-rdn] selector
693 new_name
694
695
696 selector
697 The uid to modify
698
699
700 new_name
701 A new user name
702
703
704 --keep-old-rdn
705 Specify whether the old RDN (i.e. 'cn: old_user')should be kept
706 as an attribute of the entry or not
707
708
710 usage: dsidm instance user delete [-h] [dn]
711
712
713 dn The dn to delete
714
715
716
717
719 usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display}
720 ...
721
722
723 Sub-commands
724 dsidm client_config sssd.conf
725 Generate a SSSD configuration for this LDAP server
726
727 dsidm client_config ldap.conf
728 Generate an OpenLDAP ldap.conf configuration for this LDAP
729 server
730
731 dsidm client_config display
732 Display generic application parameters for LDAP connection
733
735 usage: dsidm instance client_config sssd.conf [-h] [allowed_group]
736
737
738 allowed_group
739 The name of the group allowed access to this system
740
741
742
744 usage: dsidm instance client_config ldap.conf [-h]
745
746
747
748
750 usage: dsidm instance client_config display [-h]
751
752
753
754
755
757 usage: dsidm instance role [-h]
758 {list,get-by-dn,modify-by-dn,rename-by-
759 dn,delete,lock,unlock,entry-status,subtree-status}
760 ...
761
762
763 Sub-commands
764 dsidm role list
765 list roles that could login to the directory
766
767 dsidm role get-by-dn
768 get-by-dn <dn>
769
770 dsidm role modify-by-dn
771 modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
772
773 dsidm role rename-by-dn
774 rename the object
775
776 dsidm role delete
777 deletes the role
778
779 dsidm role lock
780 lock
781
782 dsidm role unlock
783 unlock
784
785 dsidm role entry-status
786 status of a single entry
787
788 dsidm role subtree-status
789 status of a subtree
790
792 usage: dsidm instance role list [-h]
793
794
795
796
798 usage: dsidm instance role get-by-dn [-h] [dn]
799
800
801 dn The dn to get and display
802
803
804
806 usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]
807
808
809 dn The dn to modify
810
811
812 changes
813 A list of changes to apply in format: <add|delete|replace>:<at‐
814 tribute>:<value>
815
816
817
819 usage: dsidm instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn
820
821
822 dn The dn to rename
823
824
825 new_dn A new account dn
826
827
828 --keep-old-rdn
829 Specify whether the old RDN (i.e. 'cn: old_account') should be
830 kept as an attribute of the entry or not
831
832
834 usage: dsidm instance role delete [-h] [dn]
835
836
837 dn The dn of the role to delete
838
839
840
842 usage: dsidm instance role lock [-h] [dn]
843
844
845 dn The dn to lock
846
847
848
850 usage: dsidm instance role unlock [-h] [dn]
851
852
853 dn The dn to unlock
854
855
856
858 usage: dsidm instance role entry-status [-h] [dn]
859
860
861 dn The single entry dn to check
862
863
864
866 usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s
867 {base,one,sub}]
868 basedn
869
870
871 basedn Search base for finding entries
872
873
874 -f FILTER, --filter FILTER
875 Search filter for finding entries
876
877
878 -s {base,one,sub}, --scope {base,one,sub}
879 Search scope (base, one, sub - default is sub
880
881
882
883 -b BASEDN, --basedn BASEDN
884 Base DN (root naming context) of the instance to manage
885
886
887 -v, --verbose
888 Display verbose operation tracing during command execution
889
890
891 -D BINDDN, --binddn BINDDN
892 The account to bind as for executing operations
893
894
895 -w BINDPW, --bindpw BINDPW
896 Password for the bind DN
897
898
899 -W, --prompt
900 Prompt for password of the bind DN
901
902
903 -y PWDFILE, --pwdfile PWDFILE
904 Specifies a file containing the password of the bind DN
905
906
907 -Z, --starttls
908 Connect with StartTLS
909
910
911 -j, --json
912 Return result in JSON object
913
914
916 lib389 was written by Red Hat Inc., and William Brown <389-de‐
917 vel@lists.fedoraproject.org>.
918
920 The latest version of lib389 may be downloaded from
921 ⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html⟩
922
923
924
925 Manual dsidm(8)