1DSIDM(8) System Manager's Manual DSIDM(8)
2
6 dsidm
7
9 dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE]
10 [-Z] [-j] instance {account,group,initialise,init,organizationalu‐
11 nit,ou,posixgroup,user,client_config,role,service} ...
12
14 dsidm account
15 Manage generic accounts, with tasks like modify, locking and un‐
16 locking. To create an account, see "user" subcommand instead.
17 dsidm group
19 Manage groups
20 dsidm initialise
22 Initialise a backend with domain information and sample entries
23 dsidm organizationalunit
25 Manage organizational units
26 dsidm posixgroup
28 Manage posix groups
29 dsidm user
31 Manage posix users
32 dsidm client_config
34 Display and generate client example configs for this LDAP server
35 dsidm role
37 Manage roles.
38 dsidm service
40 Manage service accounts
41
43 usage: dsidm instance account [-h]
44 {list,get-by-dn,modify-by-dn,rename-by-
45 dn,delete,lock,unlock,entry-status,subtree-status,reset_pass‐
46 word,change_password}
47 ...
48
51 dsidm account list
52 list accounts that could login to the directory
53 dsidm account get-by-dn
55 get-by-dn <dn>
56 dsidm account modify-by-dn
58 modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
59 dsidm account rename-by-dn
61 rename the object
62 dsidm account delete
64 deletes the account
65 dsidm account lock
67 lock
68 dsidm account unlock
70 unlock
71 dsidm account entry-status
73 status of a single entry
74 dsidm account subtree-status
76 status of a subtree
77 dsidm account reset_password
79 Reset the password of an account. This should be performed by a
80 directory admin.
81 dsidm account change_password
83 Change the password of an account. This can be performed by any
84 user (with correct rights)
85
87 usage: dsidm instance account list [-h]
88
91 usage: dsidm instance account get-by-dn [-h] [dn]
92 dn The dn to get and display
95
98 usage: dsidm instance account modify-by-dn [-h] dn changes [changes
99 ...]
100 dn The dn to get and display
103 changes
106 A list of changes to apply in format: <add|delete|replace>:<at‐
107 tribute>:<value>
108
111 usage: dsidm instance account rename-by-dn [-h] [--keep-old-rdn] dn
112 new_dn
113 dn The dn to rename
116 new_dn A new role dn
119
122 --keep-old-rdn
123 Specify whether the old RDN (i.e. 'cn: old_role') should be kept
124 as an attribute of the entry or not
125
128 usage: dsidm instance account delete [-h] [dn]
129 dn The dn of the account to delete
132
135 usage: dsidm instance account lock [-h] [dn]
136 dn The dn to lock
139
142 usage: dsidm instance account unlock [-h] [dn]
143 dn The dn to unlock
146
149 usage: dsidm instance account entry-status [-h] [-V] [dn]
150 dn The single entry dn to check
153
156 -V, --details
157 Print more account policy details about the entry
158
161 usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
162 [-s {one,sub}] [-i]
163 [-o BECOME_INACTIVE_ON]
164 basedn
165 basedn Search base for finding entries
168
171 -V, --details
172 Print more account policy details about the entries
173 -f FILTER, --filter FILTER
176 Search filter for finding entries
177 -s {one,sub}, --scope {one,sub}
180 Search scope (one, sub - default is sub
181 -i, --inactive-only
184 Only display inactivated entries
185 -o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON
188 Only display entries that will become inactive before specified
189 date (in a format 2007-04-25T14:30)
190
193 usage: dsidm instance account reset_password [-h] [dn] [new_password]
194 dn The dn to reset the password for
197 new_password
200 The new password to set
201
204 usage: dsidm instance account change_password [-h]
205 [dn] [new_password]
206 [current_password]
207 dn The dn to change the password for
210 new_password
213 The new password to set
214 current_password
217 The accounts current password
218
221 usage: dsidm instance group [-h]
222 {list,get,get_dn,create,delete,modify,re‐
223 name,members,add_member,remove_member}
224 ...
225
228 dsidm group list
229 list
230 dsidm group get
232 get
233 dsidm group get_dn
235 get_dn
236 dsidm group create
238 create
239 dsidm group delete
241 deletes the object
242 dsidm group modify
244 modify <add|delete|replace>:<attribute>:<value> ...
245 dsidm group rename
247 rename the object
248 dsidm group members
250 List member dns of a group
251 dsidm group add_member
253 Add a member to a group
254 dsidm group remove_member
256 Remove a member from a group
257
259 usage: dsidm instance group list [-h]
260
263 usage: dsidm instance group get [-h] [selector]
264 selector
267 The term to search for
268
271 usage: dsidm instance group get_dn [-h] [dn]
272 dn The dn to get
275
278 usage: dsidm instance group create [-h] [--cn [CN]]
279
282 --cn [CN]
283 Value of cn
284
287 usage: dsidm instance group delete [-h] [dn]
288 dn The dn to delete
291
294 usage: dsidm instance group modify [-h] selector changes [changes ...]
295 selector
298 The cn to modify
299 changes
302 A list of changes to apply in format: <add|delete|replace>:<at‐
303 tribute>:<value>
304
307 usage: dsidm instance group rename [-h] [--keep-old-rdn] selector
308 new_name
309 selector
312 The cn to rename
313 new_name
316 A new group name
317
320 --keep-old-rdn
321 Specify whether the old RDN (i.e. 'cn: old_group') should be
322 kept as an attribute of the entry or not
323
326 usage: dsidm instance group members [-h] [cn]
327 cn cn of group to list members of
330
333 usage: dsidm instance group add_member [-h] [cn] [dn]
334 cn cn of group to add member to
337 dn dn of object to add to group as member
340
343 usage: dsidm instance group remove_member [-h] [cn] [dn]
344 cn cn of group to remove member from
347 dn dn of object to remove from group as member
350
353 usage: dsidm instance initialise [-h] [--version VERSION]
354
357 --version VERSION
358 The version of entries to create.
359
362 usage: dsidm instance organizationalunit [-h]
363 {list,get,get_dn,cre‐
364 ate,delete,modify,rename}
365 ...
366
369 dsidm organizationalunit list
370 list
371 dsidm organizationalunit get
373 get
374 dsidm organizationalunit get_dn
376 get_dn
377 dsidm organizationalunit create
379 create
380 dsidm organizationalunit delete
382 deletes the object
383 dsidm organizationalunit modify
385 modify <add|delete|replace>:<attribute>:<value> ...
386 dsidm organizationalunit rename
388 rename the object
389
391 usage: dsidm instance organizationalunit list [-h]
392
395 usage: dsidm instance organizationalunit get [-h] [selector]
396 selector
399 The term to search for
400
403 usage: dsidm instance organizationalunit get_dn [-h] [dn]
404 dn The dn to get
407
410 usage: dsidm instance organizationalunit create [-h] [--ou [OU]]
411
414 --ou [OU]
415 Value of ou
416
419 usage: dsidm instance organizationalunit delete [-h] [dn]
420 dn The dn to delete
423
426 usage: dsidm instance organizationalunit modify [-h]
427 selector changes
428 [changes ...]
429 selector
432 The ou to modify
433 changes
436 A list of changes to apply in format: <add|delete|replace>:<at‐
437 tribute>:<value>
438
441 usage: dsidm instance organizationalunit rename [-h] [--keep-old-rdn]
442 selector new_name
443 selector
446 The ou to rename
447 new_name
450 A new organizational unit name
451
454 --keep-old-rdn
455 Specify whether the old RDN (i.e. 'ou: old_ou') should be kept
456 as an attribute of the entry or not
457
460 usage: dsidm instance posixgroup [-h]
461 {list,get,get_dn,create,delete,mod‐
462 ify,rename}
463 ...
464
467 dsidm posixgroup list
468 list
469 dsidm posixgroup get
471 get
472 dsidm posixgroup get_dn
474 get_dn
475 dsidm posixgroup create
477 create
478 dsidm posixgroup delete
480 deletes the object
481 dsidm posixgroup modify
483 modify <add|delete|replace>:<attribute>:<value> ...
484 dsidm posixgroup rename
486 rename the object
487
489 usage: dsidm instance posixgroup list [-h]
490
493 usage: dsidm instance posixgroup get [-h] [selector]
494 selector
497 The term to search for
498
501 usage: dsidm instance posixgroup get_dn [-h] [dn]
502 dn The dn to get
505
508 usage: dsidm instance posixgroup create [-h] [--cn [CN]]
509 [--gidNumber [GIDNUMBER]]
510
513 --cn [CN]
514 Value of cn
515 --gidNumber [GIDNUMBER]
518 Value of gidNumber
519
522 usage: dsidm instance posixgroup delete [-h] [dn]
523 dn The dn to delete
526
529 usage: dsidm instance posixgroup modify [-h] selector changes [changes
530 ...]
531 selector
534 The cn to modify
535 changes
538 A list of changes to apply in format: <add|delete|replace>:<at‐
539 tribute>:<value>
540
543 usage: dsidm instance posixgroup rename [-h] [--keep-old-rdn]
544 selector new_name
545 selector
548 The cn to rename
549 new_name
552 A new posix group name
553
556 --keep-old-rdn
557 Specify whether the old RDN (i.e. 'cn: old_group') should be
558 kept as an attribute of the entry or not
559
562 usage: dsidm instance user [-h]
563 {list,get,get_dn,create,modify,re‐
564 name,delete} ...
565
568 dsidm user list
569 list
570 dsidm user get
572 get
573 dsidm user get_dn
575 get_dn
576 dsidm user create
578 create
579 dsidm user modify
581 modify <add|delete|replace>:<attribute>:<value> ...
582 dsidm user rename
584 rename the object
585 dsidm user delete
587 deletes the object
588
590 usage: dsidm instance user list [-h]
591
594 usage: dsidm instance user get [-h] [selector]
595 selector
598 The term to search for
599
602 usage: dsidm instance user get_dn [-h] [dn]
603 dn The dn to get
606
609 usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
610 [--displayName [DISPLAYNAME]]
611 [--uidNumber [UIDNUMBER]]
612 [--gidNumber [GIDNUMBER]]
613 [--homeDirectory [HOMEDIRECTORY]]
614
617 --uid [UID]
618 Value of uid
619 --cn [CN]
622 Value of cn
623 --displayName [DISPLAYNAME]
626 Value of displayName
627 --uidNumber [UIDNUMBER]
630 Value of uidNumber
631 --gidNumber [GIDNUMBER]
634 Value of gidNumber
635 --homeDirectory [HOMEDIRECTORY]
638 Value of homeDirectory
639
642 usage: dsidm instance user modify [-h] selector changes [changes ...]
643 selector
646 The uid to modify
647 changes
650 A list of changes to apply in format: <add|delete|replace>:<at‐
651 tribute>:<value>
652
655 usage: dsidm instance user rename [-h] [--keep-old-rdn] selector
656 new_name
657 selector
660 The uid to modify
661 new_name
664 A new user name
665
668 --keep-old-rdn
669 Specify whether the old RDN (i.e. 'cn: old_user') should be kept
670 as an attribute of the entry or not
671
674 usage: dsidm instance user delete [-h] [dn]
675 dn The dn to delete
678
681 usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display}
682 ...
683
686 dsidm client_config sssd.conf
687 Generate a SSSD configuration for this LDAP server
688 dsidm client_config ldap.conf
690 Generate an OpenLDAP ldap.conf configuration for this LDAP
691 server
692 dsidm client_config display
694 Display generic application parameters for LDAP connection
695
697 usage: dsidm instance client_config sssd.conf [-h] [allowed_group]
698 allowed_group
701 The name of the group allowed access to this system
702
705 usage: dsidm instance client_config ldap.conf [-h]
706
709 usage: dsidm instance client_config display [-h]
710
713 usage: dsidm instance role [-h]
714 {list,get,get-by-dn,create-managed,create-
715 filtered,create-nested,modify-by-dn,rename-by-dn,delete,lock,unlock,en‐
716 try-status,subtree-status}
717 ...
718
721 dsidm role list
722 list roles that could login to the directory
723 dsidm role get
725 get
726 dsidm role get-by-dn
728 get-by-dn <dn>
729 dsidm role create-managed
731 create
732 dsidm role create-filtered
734 create
735 dsidm role create-nested
737 create
738 dsidm role modify-by-dn
740 modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
741 dsidm role rename-by-dn
743 rename the object
744 dsidm role delete
746 deletes the role
747 dsidm role lock
749 lock
750 dsidm role unlock
752 unlock
753 dsidm role entry-status
755 status of a single entry
756 dsidm role subtree-status
758 status of a subtree
759
761 usage: dsidm instance role list [-h]
762
765 usage: dsidm instance role get [-h] [selector]
766 selector
769 The term to search for
770
773 usage: dsidm instance role get-by-dn [-h] [dn]
774 dn The dn to get and display
777
780 usage: dsidm instance role create-managed [-h] [--cn [CN]]
781
784 --cn [CN]
785 Value of cn
786
789 usage: dsidm instance role create-filtered [-h] [--cn [CN]]
790
793 --cn [CN]
794 Value of cn
795
798 usage: dsidm instance role create-nested [-h] [--cn [CN]]
799 [--nsRoleDN [NSROLEDN]]
800
803 --cn [CN]
804 Value of cn
805 --nsRoleDN [NSROLEDN]
808 Value of nsRoleDN
809
812 usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]
813 dn The dn to modify
816 changes
819 A list of changes to apply in format: <add|delete|replace>:<at‐
820 tribute>:<value>
821
824 usage: dsidm instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn
825 dn The dn to rename
828 new_dn A new account dn
831
834 --keep-old-rdn
835 Specify whether the old RDN (i.e. 'cn: old_account') should be
836 kept as an attribute of the entry or not
837
840 usage: dsidm instance role delete [-h] [dn]
841 dn The dn of the role to delete
844
847 usage: dsidm instance role lock [-h] [dn]
848 dn The dn to lock
851
854 usage: dsidm instance role unlock [-h] [dn]
855 dn The dn to unlock
858
861 usage: dsidm instance role entry-status [-h] [dn]
862 dn The single entry dn to check
865
868 usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s
869 {base,one,sub}]
870 basedn
871 basedn Search base for finding entries
874
877 -f FILTER, --filter FILTER
878 Search filter for finding entries
879 -s {base,one,sub}, --scope {base,one,sub}
882 Search scope (base, one, sub - default is sub
883
886 usage: dsidm instance service [-h]
887 {list,get,get_dn,create,modify,re‐
888 name,delete}
889 ...
890
893 dsidm service list
894 list
895 dsidm service get
897 get
898 dsidm service get_dn
900 get_dn
901 dsidm service create
903 create
904 dsidm service modify
906 modify <add|delete|replace>:<attribute>:<value> ...
907 dsidm service rename
909 rename the object
910 dsidm service delete
912 deletes the object
913
915 usage: dsidm instance service list [-h]
916
919 usage: dsidm instance service get [-h] [selector]
920 selector
923 The term to search for
924
927 usage: dsidm instance service get_dn [-h] [dn]
928 dn The dn to get
931
934 usage: dsidm instance service create [-h] [--cn [CN]]
935 [--description [DESCRIPTION]]
936
939 --cn [CN]
940 Value of cn
941 --description [DESCRIPTION]
944 Value of description
945
948 usage: dsidm instance service modify [-h] selector changes [changes
949 ...]
950 selector
953 The cn to modify
954 changes
957 A list of changes to apply in format: <add|delete|replace>:<at‐
958 tribute>:<value>
959
962 usage: dsidm instance service rename [-h] [--keep-old-rdn] selector
963 new_name
964 selector
967 The cn to modify
968 new_name
971 A new service name
972
975 --keep-old-rdn
976 Specify whether the old RDN (i.e. 'cn: old_service') should be
977 kept as an attribute of the entry or not
978
981 usage: dsidm instance service delete [-h] [dn]
982 dn The dn to delete
985
988 -b BASEDN, --basedn BASEDN
989 Base DN (root naming context) of the instance to manage
990 -v, --verbose
993 Display verbose operation tracing during command execution
994 -D BINDDN, --binddn BINDDN
997 The account to bind as for executing operations
998 -w BINDPW, --bindpw BINDPW
1001 Password for the bind DN
1002 -W, --prompt
1005 Prompt for password of the bind DN
1006 -y PWDFILE, --pwdfile PWDFILE
1009 Specifies a file containing the password of the bind DN
1010 -Z, --starttls
1013 Connect with StartTLS
1014 -j, --json
1017 Return result in JSON object
1018
1021 Red Hat Inc., and William Brown <389-devel@lists.fedoraproject.org>
1022
1025 The latest version of lib389 may be downloaded from
1026 ⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html⟩
1027 Manual DSIDM(8)