1DSIDM(8) Generated Python Manual DSIDM(8)
2
3
4
6 dsidm
7
9 dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE]
10 [-Z] [-j] instance {account,group,initialise,init,organizationalu‐
11 nit,ou,posixgroup,user,client_config,role,service} ...
12
13
15 dsidm account
16 Manage generic accounts, with tasks like modify, locking and un‐
17 locking. To create an account, see "user" subcommand instead.
18
19 dsidm group
20 Manage groups
21
22 dsidm initialise
23 Initialise a backend with domain information and sample entries
24
25 dsidm organizationalunit
26 Manage organizational units
27
28 dsidm posixgroup
29 Manage posix groups
30
31 dsidm user
32 Manage posix users
33
34 dsidm client_config
35 Display and generate client example configs for this LDAP server
36
37 dsidm role
38 Manage roles.
39
40 dsidm service
41 Manage service accounts
42
43
45 usage: dsidm instance account [-h]
46 {list,get-by-dn,modify-by-dn,re‐
47 name-by-dn,delete,lock,unlock,entry-status,subtree-status,reset_pass‐
48 word,change_password,bulk_update}
49 ...
50
51
53 dsidm account list
54 list accounts that could login to the directory
55
56 dsidm account get-by-dn
57 get-by-dn <dn>
58
59 dsidm account modify-by-dn
60 modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
61
62 dsidm account rename-by-dn
63 rename the object
64
65 dsidm account delete
66 deletes the account
67
68 dsidm account lock
69 lock
70
71 dsidm account unlock
72 unlock
73
74 dsidm account entry-status
75 status of a single entry
76
77 dsidm account subtree-status
78 status of a subtree
79
80 dsidm account reset_password
81 Reset the password of an account. This should be performed by a
82 directory admin.
83
84 dsidm account change_password
85 Change the password of an account. This can be performed by any
86 user (with correct rights)
87
88 dsidm account bulk_update
89 Perform a common operation to a set of entries
90
91
93 usage: dsidm instance account list [-h]
94
95
97 usage: dsidm instance account get-by-dn [-h] [dn]
98
99
100 dn The dn to get and display
101
102
104 usage: dsidm instance account modify-by-dn [-h] dn changes [changes
105 ...]
106
107
108 dn The dn to get and display
109
110
111 changes
112 A list of changes to apply in format: <add|delete|replace>:<at‐
113 tribute>:<value>
114
115
117 usage: dsidm instance account rename-by-dn [-h] [--keep-old-rdn] dn
118 new_dn
119
120
121 dn The dn to rename
122
123
124 new_dn A new role dn
125
126
128 --keep-old-rdn
129 Specify whether the old RDN (i.e. 'cn: old_role') should be kept
130 as an attribute of the entry or not
131
132
134 usage: dsidm instance account delete [-h] [dn]
135
136
137 dn The dn of the account to delete
138
139
141 usage: dsidm instance account lock [-h] [dn]
142
143
144 dn The dn to lock
145
146
148 usage: dsidm instance account unlock [-h] [dn]
149
150
151 dn The dn to unlock
152
153
155 usage: dsidm instance account entry-status [-h] [-V] [dn]
156
157
158 dn The single entry dn to check
159
160
162 -V, --details
163 Print more account policy details about the entry
164
165
167 usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
168 [-s {one,sub}] [-i]
169 [-o BECOME_INACTIVE_ON]
170 basedn
171
172
173 basedn Search base for finding entries
174
175
177 -V, --details
178 Print more account policy details about the entries
179
180
181 -f FILTER, --filter FILTER
182 Search filter for finding entries
183
184
185 -s {one,sub}, --scope {one,sub}
186 Search scope (one, sub - default is sub
187
188
189 -i, --inactive-only
190 Only display inactivated entries
191
192
193 -o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON
194 Only display entries that will become inactive before specified
195 date (in a format 2007-04-25T14:30)
196
197
199 usage: dsidm instance account reset_password [-h] [dn] [new_password]
200
201
202 dn The dn to reset the password for
203
204
205 new_password
206 The new password to set
207
208
210 usage: dsidm instance account change_password [-h]
211 [dn] [new_password]
212 [current_password]
213
214
215 dn The dn to change the password for
216
217
218 new_password
219 The new password to set
220
221
222 current_password
223 The accounts current password
224
225
227 usage: dsidm instance account bulk_update [-h] [-f FILTER] [-s
228 {one,sub}] [-x]
229 basedn changes [changes ...]
230
231
232 basedn Search base for finding entries, only the children of this DN
233 are processed
234
235
236 changes
237 A list of changes to apply in format: <add|delete|replace>:<at‐
238 tribute>:<value>
239
240
242 -f FILTER, --filter FILTER
243 Search filter for finding entries, default is '(objectclass=*)'
244
245
246 -s {one,sub}, --scope {one,sub}
247 Search scope (one, sub - default is sub
248
249
250 -x, --stop
251 Stop processing updates when an error occurs. Default is False
252
253
255 usage: dsidm instance group [-h]
256 {list,get,get_dn,create,delete,modify,re‐
257 name,members,add_member,remove_member}
258 ...
259
260
262 dsidm group list
263 list
264
265 dsidm group get
266 get
267
268 dsidm group get_dn
269 get_dn
270
271 dsidm group create
272 create
273
274 dsidm group delete
275 deletes the object
276
277 dsidm group modify
278 modify <add|delete|replace>:<attribute>:<value> ...
279
280 dsidm group rename
281 rename the object
282
283 dsidm group members
284 List member dns of a group
285
286 dsidm group add_member
287 Add a member to a group
288
289 dsidm group remove_member
290 Remove a member from a group
291
292
294 usage: dsidm instance group list [-h]
295
296
298 usage: dsidm instance group get [-h] [selector]
299
300
301 selector
302 The term to search for
303
304
306 usage: dsidm instance group get_dn [-h] [dn]
307
308
309 dn The dn to get
310
311
313 usage: dsidm instance group create [-h] [--cn [CN]]
314
315
317 --cn [CN]
318 Value of cn
319
320
322 usage: dsidm instance group delete [-h] [dn]
323
324
325 dn The dn to delete
326
327
329 usage: dsidm instance group modify [-h] selector changes [changes ...]
330
331
332 selector
333 The cn to modify
334
335
336 changes
337 A list of changes to apply in format: <add|delete|replace>:<at‐
338 tribute>:<value>
339
340
342 usage: dsidm instance group rename [-h] [--keep-old-rdn] selector
343 new_name
344
345
346 selector
347 The cn to rename
348
349
350 new_name
351 A new group name
352
353
355 --keep-old-rdn
356 Specify whether the old RDN (i.e. 'cn: old_group') should be
357 kept as an attribute of the entry or not
358
359
361 usage: dsidm instance group members [-h] [cn]
362
363
364 cn cn of group to list members of
365
366
368 usage: dsidm instance group add_member [-h] [cn] [dn]
369
370
371 cn cn of group to add member to
372
373
374 dn dn of object to add to group as member
375
376
378 usage: dsidm instance group remove_member [-h] [cn] [dn]
379
380
381 cn cn of group to remove member from
382
383
384 dn dn of object to remove from group as member
385
386
388 usage: dsidm instance initialise [-h] [--version VERSION]
389
390
392 --version VERSION
393 The version of entries to create.
394
395
397 usage: dsidm instance organizationalunit [-h]
398 {list,get,get_dn,cre‐
399 ate,delete,modify,rename}
400 ...
401
402
404 dsidm organizationalunit list
405 list
406
407 dsidm organizationalunit get
408 get
409
410 dsidm organizationalunit get_dn
411 get_dn
412
413 dsidm organizationalunit create
414 create
415
416 dsidm organizationalunit delete
417 deletes the object
418
419 dsidm organizationalunit modify
420 modify <add|delete|replace>:<attribute>:<value> ...
421
422 dsidm organizationalunit rename
423 rename the object
424
425
427 usage: dsidm instance organizationalunit list [-h]
428
429
431 usage: dsidm instance organizationalunit get [-h] [selector]
432
433
434 selector
435 The term to search for
436
437
439 usage: dsidm instance organizationalunit get_dn [-h] [dn]
440
441
442 dn The dn to get
443
444
446 usage: dsidm instance organizationalunit create [-h] [--ou [OU]]
447
448
450 --ou [OU]
451 Value of ou
452
453
455 usage: dsidm instance organizationalunit delete [-h] [dn]
456
457
458 dn The dn to delete
459
460
462 usage: dsidm instance organizationalunit modify [-h]
463 selector changes
464 [changes ...]
465
466
467 selector
468 The ou to modify
469
470
471 changes
472 A list of changes to apply in format: <add|delete|replace>:<at‐
473 tribute>:<value>
474
475
477 usage: dsidm instance organizationalunit rename [-h] [--keep-old-rdn]
478 selector new_name
479
480
481 selector
482 The ou to rename
483
484
485 new_name
486 A new organizational unit name
487
488
490 --keep-old-rdn
491 Specify whether the old RDN (i.e. 'ou: old_ou') should be kept
492 as an attribute of the entry or not
493
494
496 usage: dsidm instance posixgroup [-h]
497 {list,get,get_dn,create,delete,mod‐
498 ify,rename}
499 ...
500
501
503 dsidm posixgroup list
504 list
505
506 dsidm posixgroup get
507 get
508
509 dsidm posixgroup get_dn
510 get_dn
511
512 dsidm posixgroup create
513 create
514
515 dsidm posixgroup delete
516 deletes the object
517
518 dsidm posixgroup modify
519 modify <add|delete|replace>:<attribute>:<value> ...
520
521 dsidm posixgroup rename
522 rename the object
523
524
526 usage: dsidm instance posixgroup list [-h]
527
528
530 usage: dsidm instance posixgroup get [-h] [selector]
531
532
533 selector
534 The term to search for
535
536
538 usage: dsidm instance posixgroup get_dn [-h] [dn]
539
540
541 dn The dn to get
542
543
545 usage: dsidm instance posixgroup create [-h] [--cn [CN]]
546 [--gidNumber [GIDNUMBER]]
547
548
550 --cn [CN]
551 Value of cn
552
553
554 --gidNumber [GIDNUMBER]
555 Value of gidNumber
556
557
559 usage: dsidm instance posixgroup delete [-h] [dn]
560
561
562 dn The dn to delete
563
564
566 usage: dsidm instance posixgroup modify [-h] selector changes [changes
567 ...]
568
569
570 selector
571 The cn to modify
572
573
574 changes
575 A list of changes to apply in format: <add|delete|replace>:<at‐
576 tribute>:<value>
577
578
580 usage: dsidm instance posixgroup rename [-h] [--keep-old-rdn]
581 selector new_name
582
583
584 selector
585 The cn to rename
586
587
588 new_name
589 A new posix group name
590
591
593 --keep-old-rdn
594 Specify whether the old RDN (i.e. 'cn: old_group') should be
595 kept as an attribute of the entry or not
596
597
599 usage: dsidm instance user [-h]
600 {list,get,get_dn,create,modify,re‐
601 name,delete} ...
602
603
605 dsidm user list
606 list
607
608 dsidm user get
609 get
610
611 dsidm user get_dn
612 get_dn
613
614 dsidm user create
615 create
616
617 dsidm user modify
618 modify <add|delete|replace>:<attribute>:<value> ...
619
620 dsidm user rename
621 rename the object
622
623 dsidm user delete
624 deletes the object
625
626
628 usage: dsidm instance user list [-h]
629
630
632 usage: dsidm instance user get [-h] [selector]
633
634
635 selector
636 The term to search for
637
638
640 usage: dsidm instance user get_dn [-h] [dn]
641
642
643 dn The dn to get
644
645
647 usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
648 [--displayName [DISPLAYNAME]]
649 [--uidNumber [UIDNUMBER]]
650 [--gidNumber [GIDNUMBER]]
651 [--homeDirectory [HOMEDIRECTORY]]
652
653
655 --uid [UID]
656 Value of uid
657
658
659 --cn [CN]
660 Value of cn
661
662
663 --displayName [DISPLAYNAME]
664 Value of displayName
665
666
667 --uidNumber [UIDNUMBER]
668 Value of uidNumber
669
670
671 --gidNumber [GIDNUMBER]
672 Value of gidNumber
673
674
675 --homeDirectory [HOMEDIRECTORY]
676 Value of homeDirectory
677
678
680 usage: dsidm instance user modify [-h] selector changes [changes ...]
681
682
683 selector
684 The uid to modify
685
686
687 changes
688 A list of changes to apply in format: <add|delete|replace>:<at‐
689 tribute>:<value>
690
691
693 usage: dsidm instance user rename [-h] [--keep-old-rdn] selector
694 new_name
695
696
697 selector
698 The uid to modify
699
700
701 new_name
702 A new user name
703
704
706 --keep-old-rdn
707 Specify whether the old RDN (i.e. 'cn: old_user') should be kept
708 as an attribute of the entry or not
709
710
712 usage: dsidm instance user delete [-h] [dn]
713
714
715 dn The dn to delete
716
717
719 usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display}
720 ...
721
722
724 dsidm client_config sssd.conf
725 Generate a SSSD configuration for this LDAP server
726
727 dsidm client_config ldap.conf
728 Generate an OpenLDAP ldap.conf configuration for this LDAP
729 server
730
731 dsidm client_config display
732 Display generic application parameters for LDAP connection
733
734
736 usage: dsidm instance client_config sssd.conf [-h] [allowed_group]
737
738
739 allowed_group
740 The name of the group allowed access to this system
741
742
744 usage: dsidm instance client_config ldap.conf [-h]
745
746
748 usage: dsidm instance client_config display [-h]
749
750
752 usage: dsidm instance role [-h]
753 {list,get,get-by-dn,create-managed,cre‐
754 ate-filtered,create-nested,modify-by-dn,rename-by-dn,delete,lock,un‐
755 lock,entry-status,subtree-status}
756 ...
757
758
760 dsidm role list
761 list roles that could login to the directory
762
763 dsidm role get
764 get
765
766 dsidm role get-by-dn
767 get-by-dn <dn>
768
769 dsidm role create-managed
770 create
771
772 dsidm role create-filtered
773 create
774
775 dsidm role create-nested
776 create
777
778 dsidm role modify-by-dn
779 modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
780
781 dsidm role rename-by-dn
782 rename the object
783
784 dsidm role delete
785 deletes the role
786
787 dsidm role lock
788 lock
789
790 dsidm role unlock
791 unlock
792
793 dsidm role entry-status
794 status of a single entry
795
796 dsidm role subtree-status
797 status of a subtree
798
799
801 usage: dsidm instance role list [-h]
802
803
805 usage: dsidm instance role get [-h] [selector]
806
807
808 selector
809 The term to search for
810
811
813 usage: dsidm instance role get-by-dn [-h] [dn]
814
815
816 dn The dn to get and display
817
818
820 usage: dsidm instance role create-managed [-h] [--cn [CN]]
821
822
824 --cn [CN]
825 Value of cn
826
827
829 usage: dsidm instance role create-filtered [-h] [--cn [CN]]
830
831
833 --cn [CN]
834 Value of cn
835
836
838 usage: dsidm instance role create-nested [-h] [--cn [CN]]
839 [--nsRoleDN [NSROLEDN]]
840
841
843 --cn [CN]
844 Value of cn
845
846
847 --nsRoleDN [NSROLEDN]
848 Value of nsRoleDN
849
850
852 usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]
853
854
855 dn The dn to modify
856
857
858 changes
859 A list of changes to apply in format: <add|delete|replace>:<at‐
860 tribute>:<value>
861
862
864 usage: dsidm instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn
865
866
867 dn The dn to rename
868
869
870 new_dn A new account dn
871
872
874 --keep-old-rdn
875 Specify whether the old RDN (i.e. 'cn: old_account') should be
876 kept as an attribute of the entry or not
877
878
880 usage: dsidm instance role delete [-h] [dn]
881
882
883 dn The dn of the role to delete
884
885
887 usage: dsidm instance role lock [-h] [dn]
888
889
890 dn The dn to lock
891
892
894 usage: dsidm instance role unlock [-h] [dn]
895
896
897 dn The dn to unlock
898
899
901 usage: dsidm instance role entry-status [-h] [dn]
902
903
904 dn The single entry dn to check
905
906
908 usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s
909 {base,one,sub}]
910 basedn
911
912
913 basedn Search base for finding entries
914
915
917 -f FILTER, --filter FILTER
918 Search filter for finding entries
919
920
921 -s {base,one,sub}, --scope {base,one,sub}
922 Search scope (base, one, sub - default is sub
923
924
926 usage: dsidm instance service [-h]
927 {list,get,get_dn,create,modify,re‐
928 name,delete}
929 ...
930
931
933 dsidm service list
934 list
935
936 dsidm service get
937 get
938
939 dsidm service get_dn
940 get_dn
941
942 dsidm service create
943 create
944
945 dsidm service modify
946 modify <add|delete|replace>:<attribute>:<value> ...
947
948 dsidm service rename
949 rename the object
950
951 dsidm service delete
952 deletes the object
953
954
956 usage: dsidm instance service list [-h]
957
958
960 usage: dsidm instance service get [-h] [selector]
961
962
963 selector
964 The term to search for
965
966
968 usage: dsidm instance service get_dn [-h] [dn]
969
970
971 dn The dn to get
972
973
975 usage: dsidm instance service create [-h] [--cn [CN]]
976 [--description [DESCRIPTION]]
977
978
980 --cn [CN]
981 Value of cn
982
983
984 --description [DESCRIPTION]
985 Value of description
986
987
989 usage: dsidm instance service modify [-h] selector changes [changes
990 ...]
991
992
993 selector
994 The cn to modify
995
996
997 changes
998 A list of changes to apply in format: <add|delete|replace>:<at‐
999 tribute>:<value>
1000
1001
1003 usage: dsidm instance service rename [-h] [--keep-old-rdn] selector
1004 new_name
1005
1006
1007 selector
1008 The cn to modify
1009
1010
1011 new_name
1012 A new service name
1013
1014
1016 --keep-old-rdn
1017 Specify whether the old RDN (i.e. 'cn: old_service') should be
1018 kept as an attribute of the entry or not
1019
1020
1022 usage: dsidm instance service delete [-h] [dn]
1023
1024
1025 dn The dn to delete
1026
1027
1029 -b BASEDN, --basedn BASEDN
1030 Base DN (root naming context) of the instance to manage
1031
1032
1033 -v, --verbose
1034 Display verbose operation tracing during command execution
1035
1036
1037 -D BINDDN, --binddn BINDDN
1038 The account to bind as for executing operations
1039
1040
1041 -w BINDPW, --bindpw BINDPW
1042 Password for the bind DN
1043
1044
1045 -W, --prompt
1046 Prompt for password of the bind DN
1047
1048
1049 -y PWDFILE, --pwdfile PWDFILE
1050 Specifies a file containing the password of the bind DN
1051
1052
1053 -Z, --starttls
1054 Connect with StartTLS
1055
1056
1057 -j, --json
1058 Return result in JSON object
1059
1060
1062 Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org>
1063
1064
1066 The latest version of lib389 may be downloaded from
1067 ⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html⟩
1068
1069
1070
1071lib389 1.4.0.1 2023-01-23 DSIDM(8)