1dsidm(8)                    System Manager's Manual                   dsidm(8)
2
3
4

NAME

6       dsidm
7

SYNOPSIS

9       dsidm  [-h]  [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE]
10       [-Z] [-j] instance  {account,group,initialise,organizationalunit,posix‐
11       group,user,client_config,role} ...
12

OPTIONS

14       instance
15              The   name   of   the   instance   or  its  LDAP  URL,  such  as
16              ldap://server.example.com:389
17
18
19   Sub-commands
20       dsidm account
21              Manage generic accounts, with tasks like modify, locking and un‐
22              locking. To create an account, see "user" subcommand instead.
23
24       dsidm group
25              Manage groups
26
27       dsidm initialise
28              Initialise a backend with domain information and sample entries
29
30       dsidm organizationalunit
31              Manage organizational units
32
33       dsidm posixgroup
34              Manage posix groups
35
36       dsidm user
37              Manage posix users
38
39       dsidm client_config
40              Display and generate client example configs for this LDAP server
41
42       dsidm role
43              Manage  generic  roles,  with tasks like modify, locking and un‐
44              locking.
45

OPTIONS 'dsidm account'

47       usage: dsidm instance account [-h]
48                                     {list,get-by-dn,modify-by-dn,rename-by-
49       dn,delete,lock,unlock,entry-status,subtree-status,reset_pass‐
50       word,change_password}
51                                     ...
52
53
54   Sub-commands
55       dsidm account list
56              list accounts that could login to the directory
57
58       dsidm account get-by-dn
59              get-by-dn <dn>
60
61       dsidm account modify-by-dn
62              modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
63
64       dsidm account rename-by-dn
65              rename the object
66
67       dsidm account delete
68              deletes the account
69
70       dsidm account lock
71              lock
72
73       dsidm account unlock
74              unlock
75
76       dsidm account entry-status
77              status of a single entry
78
79       dsidm account subtree-status
80              status of a subtree
81
82       dsidm account reset_password
83              Reset the password of an account. This should be performed by  a
84              directory admin.
85
86       dsidm account change_password
87              Change  the password of an account. This can be performed by any
88              user (with correct rights)
89

OPTIONS 'dsidm account list'

91       usage: dsidm instance account list [-h]
92
93
94
95

OPTIONS 'dsidm account get-by-dn'

97       usage: dsidm instance account get-by-dn [-h] [dn]
98
99
100       dn     The dn to get and display
101
102
103

OPTIONS 'dsidm account modify-by-dn'

105       usage: dsidm instance account modify-by-dn  [-h]  dn  changes  [changes
106       ...]
107
108
109       dn     The dn to get and display
110
111
112       changes
113              A  list of changes to apply in format: <add|delete|replace>:<at‐
114              tribute>:<value>
115
116
117

OPTIONS 'dsidm account rename-by-dn'

119       usage: dsidm instance account  rename-by-dn  [-h]  [--keep-old-rdn]  dn
120       new_dn
121
122
123       dn     The dn to rename
124
125
126       new_dn A new role dn
127
128
129       --keep-old-rdn
130              Specify whether the old RDN (i.e. 'cn: old_role') should be kept
131              as an attribute of the entry or not
132
133

OPTIONS 'dsidm account delete'

135       usage: dsidm instance account delete [-h] [dn]
136
137
138       dn     The dn of the account to delete
139
140
141

OPTIONS 'dsidm account lock'

143       usage: dsidm instance account lock [-h] [dn]
144
145
146       dn     The dn to lock
147
148
149

OPTIONS 'dsidm account unlock'

151       usage: dsidm instance account unlock [-h] [dn]
152
153
154       dn     The dn to unlock
155
156
157

OPTIONS 'dsidm account entry-status'

159       usage: dsidm instance account entry-status [-h] [-V] [dn]
160
161
162       dn     The single entry dn to check
163
164
165       -V, --details
166              Print more account policy details about the entry
167
168

OPTIONS 'dsidm account subtree-status'

170       usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
171                                                    [-s {one,sub}] [-i]
172                                                    [-o BECOME_INACTIVE_ON]
173                                                    basedn
174
175
176       basedn Search base for finding entries
177
178
179       -V, --details
180              Print more account policy details about the entries
181
182
183       -f FILTER, --filter FILTER
184              Search filter for finding entries
185
186
187       -s {one,sub}, --scope {one,sub}
188              Search scope (one, sub - default is sub
189
190
191       -i, --inactive-only
192              Only display inactivated entries
193
194
195       -o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON
196              Only display entries that will become inactive before  specified
197              date (in a format 2007-04-25T14:30)
198
199

OPTIONS 'dsidm account reset_password'

201       usage: dsidm instance account reset_password [-h] [dn] [new_password]
202
203
204       dn     The dn to reset the password for
205
206
207       new_password
208              The new password to set
209
210
211

OPTIONS 'dsidm account change_password'

213       usage: dsidm instance account change_password [-h]
214                                                     [dn] [new_password]
215                                                     [current_password]
216
217
218       dn     The dn to change the password for
219
220
221       new_password
222              The new password to set
223
224
225       current_password
226              The accounts current password
227
228
229
230

OPTIONS 'dsidm group'

232       usage: dsidm instance group [-h]
233                                   {list,get,get_dn,create,delete,modify,re‐
234       name,members,add_member,remove_member}
235                                   ...
236
237
238   Sub-commands
239       dsidm group list
240              list
241
242       dsidm group get
243              get
244
245       dsidm group get_dn
246              get_dn
247
248       dsidm group create
249              create
250
251       dsidm group delete
252              deletes the object
253
254       dsidm group modify
255              modify <add|delete|replace>:<attribute>:<value> ...
256
257       dsidm group rename
258              rename the object
259
260       dsidm group members
261              List member dns of a group
262
263       dsidm group add_member
264              Add a member to a group
265
266       dsidm group remove_member
267              Remove a member from a group
268

OPTIONS 'dsidm group list'

270       usage: dsidm instance group list [-h]
271
272
273
274

OPTIONS 'dsidm group get'

276       usage: dsidm instance group get [-h] [selector]
277
278
279       selector
280              The term to search for
281
282
283

OPTIONS 'dsidm group get_dn'

285       usage: dsidm instance group get_dn [-h] [dn]
286
287
288       dn     The dn to get
289
290
291

OPTIONS 'dsidm group create'

293       usage: dsidm instance group create [-h] [--cn [CN]]
294
295
296
297       --cn [CN]
298              Value of cn
299
300

OPTIONS 'dsidm group delete'

302       usage: dsidm instance group delete [-h] [dn]
303
304
305       dn     The dn to delete
306
307
308

OPTIONS 'dsidm group modify'

310       usage: dsidm instance group modify [-h] selector changes [changes ...]
311
312
313       selector
314              The cn to modify
315
316
317       changes
318              A list of changes to apply in format:  <add|delete|replace>:<at‐
319              tribute>:<value>
320
321
322

OPTIONS 'dsidm group rename'

324       usage:  dsidm  instance  group  rename  [-h]  [--keep-old-rdn] selector
325       new_name
326
327
328       selector
329              The cn to rename
330
331
332       new_name
333              A new group name
334
335
336       --keep-old-rdn
337              Specify whether the old RDN (i.e.  'cn:  old_group')  should  be
338              kept as an attribute of the entry or not
339
340

OPTIONS 'dsidm group members'

342       usage: dsidm instance group members [-h] [cn]
343
344
345       cn     cn of group to list members of
346
347
348

OPTIONS 'dsidm group add_member'

350       usage: dsidm instance group add_member [-h] [cn] [dn]
351
352
353       cn     cn of group to add member to
354
355
356       dn     dn of object to add to group as member
357
358
359

OPTIONS 'dsidm group remove_member'

361       usage: dsidm instance group remove_member [-h] [cn] [dn]
362
363
364       cn     cn of group to remove member from
365
366
367       dn     dn of object to remove from group as member
368
369
370
371

OPTIONS 'dsidm initialise'

373       usage: dsidm instance initialise [-h] [--version VERSION]
374
375
376
377       --version VERSION
378              The version of entries to create.
379
380

OPTIONS 'dsidm organizationalunit'

382       usage: dsidm instance organizationalunit [-h]
383                                                {list,get,get_dn,cre‐
384       ate,delete,modify,rename}
385                                                ...
386
387
388   Sub-commands
389       dsidm organizationalunit list
390              list
391
392       dsidm organizationalunit get
393              get
394
395       dsidm organizationalunit get_dn
396              get_dn
397
398       dsidm organizationalunit create
399              create
400
401       dsidm organizationalunit delete
402              deletes the object
403
404       dsidm organizationalunit modify
405              modify <add|delete|replace>:<attribute>:<value> ...
406
407       dsidm organizationalunit rename
408              rename the object
409

OPTIONS 'dsidm organizationalunit list'

411       usage: dsidm instance organizationalunit list [-h]
412
413
414
415

OPTIONS 'dsidm organizationalunit get'

417       usage: dsidm instance organizationalunit get [-h] [selector]
418
419
420       selector
421              The term to search for
422
423
424

OPTIONS 'dsidm organizationalunit get_dn'

426       usage: dsidm instance organizationalunit get_dn [-h] [dn]
427
428
429       dn     The dn to get
430
431
432

OPTIONS 'dsidm organizationalunit create'

434       usage: dsidm instance organizationalunit create [-h] [--ou [OU]]
435
436
437
438       --ou [OU]
439              Value of ou
440
441

OPTIONS 'dsidm organizationalunit delete'

443       usage: dsidm instance organizationalunit delete [-h] [dn]
444
445
446       dn     The dn to delete
447
448
449

OPTIONS 'dsidm organizationalunit modify'

451       usage: dsidm instance organizationalunit modify [-h]
452                                                       selector        changes
453       [changes ...]
454
455
456       selector
457              The ou to modify
458
459
460       changes
461              A  list of changes to apply in format: <add|delete|replace>:<at‐
462              tribute>:<value>
463
464
465

OPTIONS 'dsidm organizationalunit rename'

467       usage: dsidm instance organizationalunit rename [-h] [--keep-old-rdn]
468                                                       selector new_name
469
470
471       selector
472              The ou to rename
473
474
475       new_name
476              A new organizational unit name
477
478
479       --keep-old-rdn
480              Specify whether the old RDN (i.e. 'ou: old_ou') should  be  kept
481              as an attribute of the entry or not
482
483
484

OPTIONS 'dsidm posixgroup'

486       usage: dsidm instance posixgroup [-h]
487                                        {list,get,get_dn,create,delete,mod‐
488       ify,rename}
489                                        ...
490
491
492   Sub-commands
493       dsidm posixgroup list
494              list
495
496       dsidm posixgroup get
497              get
498
499       dsidm posixgroup get_dn
500              get_dn
501
502       dsidm posixgroup create
503              create
504
505       dsidm posixgroup delete
506              deletes the object
507
508       dsidm posixgroup modify
509              modify <add|delete|replace>:<attribute>:<value> ...
510
511       dsidm posixgroup rename
512              rename the object
513

OPTIONS 'dsidm posixgroup list'

515       usage: dsidm instance posixgroup list [-h]
516
517
518
519

OPTIONS 'dsidm posixgroup get'

521       usage: dsidm instance posixgroup get [-h] [selector]
522
523
524       selector
525              The term to search for
526
527
528

OPTIONS 'dsidm posixgroup get_dn'

530       usage: dsidm instance posixgroup get_dn [-h] [dn]
531
532
533       dn     The dn to get
534
535
536

OPTIONS 'dsidm posixgroup create'

538       usage: dsidm instance posixgroup create [-h] [--cn [CN]]
539                                               [--gidNumber [GIDNUMBER]]
540
541
542
543       --cn [CN]
544              Value of cn
545
546
547       --gidNumber [GIDNUMBER]
548              Value of gidNumber
549
550

OPTIONS 'dsidm posixgroup delete'

552       usage: dsidm instance posixgroup delete [-h] [dn]
553
554
555       dn     The dn to delete
556
557
558

OPTIONS 'dsidm posixgroup modify'

560       usage: dsidm instance posixgroup modify [-h] selector changes  [changes
561       ...]
562
563
564       selector
565              The cn to modify
566
567
568       changes
569              A  list of changes to apply in format: <add|delete|replace>:<at‐
570              tribute>:<value>
571
572
573

OPTIONS 'dsidm posixgroup rename'

575       usage: dsidm instance posixgroup rename [-h] [--keep-old-rdn]
576                                               selector new_name
577
578
579       selector
580              The cn to rename
581
582
583       new_name
584              A new posix group name
585
586
587       --keep-old-rdn
588              Specify whether the old RDN (i.e.  'cn:  old_group')  should  be
589              kept as an attribute of the entry or not
590
591
592

OPTIONS 'dsidm user'

594       usage: dsidm instance user [-h]
595                                  {list,get,get_dn,create,modify,re‐
596       name,delete} ...
597
598
599   Sub-commands
600       dsidm user list
601              list
602
603       dsidm user get
604              get
605
606       dsidm user get_dn
607              get_dn
608
609       dsidm user create
610              create
611
612       dsidm user modify
613              modify <add|delete|replace>:<attribute>:<value> ...
614
615       dsidm user rename
616              rename the object
617
618       dsidm user delete
619              deletes the object
620

OPTIONS 'dsidm user list'

622       usage: dsidm instance user list [-h]
623
624
625
626

OPTIONS 'dsidm user get'

628       usage: dsidm instance user get [-h] [selector]
629
630
631       selector
632              The term to search for
633
634
635

OPTIONS 'dsidm user get_dn'

637       usage: dsidm instance user get_dn [-h] [dn]
638
639
640       dn     The dn to get
641
642
643

OPTIONS 'dsidm user create'

645       usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
646                                         [--displayName [DISPLAYNAME]]
647                                         [--uidNumber [UIDNUMBER]]
648                                         [--gidNumber [GIDNUMBER]]
649                                         [--homeDirectory [HOMEDIRECTORY]]
650
651
652
653       --uid [UID]
654              Value of uid
655
656
657       --cn [CN]
658              Value of cn
659
660
661       --displayName [DISPLAYNAME]
662              Value of displayName
663
664
665       --uidNumber [UIDNUMBER]
666              Value of uidNumber
667
668
669       --gidNumber [GIDNUMBER]
670              Value of gidNumber
671
672
673       --homeDirectory [HOMEDIRECTORY]
674              Value of homeDirectory
675
676

OPTIONS 'dsidm user modify'

678       usage: dsidm instance user modify [-h] selector changes [changes ...]
679
680
681       selector
682              The uid to modify
683
684
685       changes
686              A list of changes to apply in format:  <add|delete|replace>:<at‐
687              tribute>:<value>
688
689
690

OPTIONS 'dsidm user rename'

692       usage:  dsidm  instance  user  rename  [-h]  [--keep-old-rdn]  selector
693       new_name
694
695
696       selector
697              The uid to modify
698
699
700       new_name
701              A new user name
702
703
704       --keep-old-rdn
705              Specify whether the old RDN (i.e. 'cn: old_user')should be  kept
706              as an attribute of the entry or not
707
708

OPTIONS 'dsidm user delete'

710       usage: dsidm instance user delete [-h] [dn]
711
712
713       dn     The dn to delete
714
715
716
717

OPTIONS 'dsidm client_config'

719       usage:  dsidm instance client_config [-h] {sssd.conf,ldap.conf,display}
720       ...
721
722
723   Sub-commands
724       dsidm client_config sssd.conf
725              Generate a SSSD configuration for this LDAP server
726
727       dsidm client_config ldap.conf
728              Generate an  OpenLDAP  ldap.conf  configuration  for  this  LDAP
729              server
730
731       dsidm client_config display
732              Display generic application parameters for LDAP connection
733

OPTIONS 'dsidm client_config sssd.conf'

735       usage: dsidm instance client_config sssd.conf [-h] [allowed_group]
736
737
738       allowed_group
739              The name of the group allowed access to this system
740
741
742

OPTIONS 'dsidm client_config ldap.conf'

744       usage: dsidm instance client_config ldap.conf [-h]
745
746
747
748

OPTIONS 'dsidm client_config display'

750       usage: dsidm instance client_config display [-h]
751
752
753
754
755

OPTIONS 'dsidm role'

757       usage: dsidm instance role [-h]
758                                  {list,get-by-dn,modify-by-dn,rename-by-
759       dn,delete,lock,unlock,entry-status,subtree-status}
760                                  ...
761
762
763   Sub-commands
764       dsidm role list
765              list roles that could login to the directory
766
767       dsidm role get-by-dn
768              get-by-dn <dn>
769
770       dsidm role modify-by-dn
771              modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
772
773       dsidm role rename-by-dn
774              rename the object
775
776       dsidm role delete
777              deletes the role
778
779       dsidm role lock
780              lock
781
782       dsidm role unlock
783              unlock
784
785       dsidm role entry-status
786              status of a single entry
787
788       dsidm role subtree-status
789              status of a subtree
790

OPTIONS 'dsidm role list'

792       usage: dsidm instance role list [-h]
793
794
795
796

OPTIONS 'dsidm role get-by-dn'

798       usage: dsidm instance role get-by-dn [-h] [dn]
799
800
801       dn     The dn to get and display
802
803
804

OPTIONS 'dsidm role modify-by-dn'

806       usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]
807
808
809       dn     The dn to modify
810
811
812       changes
813              A list of changes to apply in format:  <add|delete|replace>:<at‐
814              tribute>:<value>
815
816
817

OPTIONS 'dsidm role rename-by-dn'

819       usage: dsidm instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn
820
821
822       dn     The dn to rename
823
824
825       new_dn A new account dn
826
827
828       --keep-old-rdn
829              Specify  whether  the old RDN (i.e. 'cn: old_account') should be
830              kept as an attribute of the entry or not
831
832

OPTIONS 'dsidm role delete'

834       usage: dsidm instance role delete [-h] [dn]
835
836
837       dn     The dn of the role to delete
838
839
840

OPTIONS 'dsidm role lock'

842       usage: dsidm instance role lock [-h] [dn]
843
844
845       dn     The dn to lock
846
847
848

OPTIONS 'dsidm role unlock'

850       usage: dsidm instance role unlock [-h] [dn]
851
852
853       dn     The dn to unlock
854
855
856

OPTIONS 'dsidm role entry-status'

858       usage: dsidm instance role entry-status [-h] [dn]
859
860
861       dn     The single entry dn to check
862
863
864

OPTIONS 'dsidm role subtree-status'

866       usage:  dsidm  instance  role  subtree-status  [-h]  [-f  FILTER]   [-s
867       {base,one,sub}]
868                                                 basedn
869
870
871       basedn Search base for finding entries
872
873
874       -f FILTER, --filter FILTER
875              Search filter for finding entries
876
877
878       -s {base,one,sub}, --scope {base,one,sub}
879              Search scope (base, one, sub - default is sub
880
881
882
883       -b BASEDN, --basedn BASEDN
884              Base DN (root naming context) of the instance to manage
885
886
887       -v, --verbose
888              Display verbose operation tracing during command execution
889
890
891       -D BINDDN, --binddn BINDDN
892              The account to bind as for executing operations
893
894
895       -w BINDPW, --bindpw BINDPW
896              Password for the bind DN
897
898
899       -W, --prompt
900              Prompt for password of the bind DN
901
902
903       -y PWDFILE, --pwdfile PWDFILE
904              Specifies a file containing the password of the bind DN
905
906
907       -Z, --starttls
908              Connect with StartTLS
909
910
911       -j, --json
912              Return result in JSON object
913
914

AUTHORS

916       lib389  was  written  by  Red  Hat  Inc.,  and  William  Brown <389-de‐
917       vel@lists.fedoraproject.org>.
918

DISTRIBUTION

920       The   latest   version   of   lib389    may    be    downloaded    from
921http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html
922
923
924
925                                    Manual                            dsidm(8)
Impressum