1DSIDM(8) Generated Python Manual DSIDM(8)
2
6 dsidm
7
9 dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE]
10 [-Z] [-j] instance {account,group,initialise,init,organizationalu‐
11 nit,ou,posixgroup,user,client_config,role,service} ...
12
15 dsidm account
16 Manage generic accounts, with tasks like modify, locking and un‐
17 locking. To create an account, see "user" subcommand instead.
18 dsidm group
20 Manage groups
21 dsidm initialise
23 Initialise a backend with domain information and sample entries
24 dsidm organizationalunit
26 Manage organizational units
27 dsidm posixgroup
29 Manage posix groups
30 dsidm user
32 Manage posix users
33 dsidm client_config
35 Display and generate client example configs for this LDAP server
36 dsidm role
38 Manage roles.
39 dsidm service
41 Manage service accounts
42
45 usage: dsidm instance account [-h]
46 {list,get-by-dn,modify-by-dn,re‐
47 name-by-dn,delete,lock,unlock,entry-status,subtree-status,reset_pass‐
48 word,change_password,bulk_update}
49 ...
50
53 dsidm account list
54 list accounts that could login to the directory
55 dsidm account get-by-dn
57 get-by-dn <dn>
58 dsidm account modify-by-dn
60 modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
61 dsidm account rename-by-dn
63 rename the object
64 dsidm account delete
66 deletes the account
67 dsidm account lock
69 lock
70 dsidm account unlock
72 unlock
73 dsidm account entry-status
75 status of a single entry
76 dsidm account subtree-status
78 status of a subtree
79 dsidm account reset_password
81 Reset the password of an account. This should be performed by a
82 directory admin.
83 dsidm account change_password
85 Change the password of an account. This can be performed by any
86 user (with correct rights)
87 dsidm account bulk_update
89 Perform a common operation to a set of entries
90
93 usage: dsidm instance account list [-h]
94
97 usage: dsidm instance account get-by-dn [-h] [dn]
98 dn The dn to get and display
101
104 usage: dsidm instance account modify-by-dn [-h] dn changes [changes
105 ...]
106 dn The dn to get and display
109 changes
112 A list of changes to apply in format: <add|delete|replace>:<at‐
113 tribute>:<value>
114
117 usage: dsidm instance account rename-by-dn [-h] [--keep-old-rdn] dn
118 new_dn
119 dn The dn to rename
122 new_dn A new role dn
125
128 --keep-old-rdn
129 Specify whether the old RDN (i.e. 'cn: old_role') should be kept
130 as an attribute of the entry or not
131
134 usage: dsidm instance account delete [-h] [dn]
135 dn The dn of the account to delete
138
141 usage: dsidm instance account lock [-h] [dn]
142 dn The dn to lock
145
148 usage: dsidm instance account unlock [-h] [dn]
149 dn The dn to unlock
152
155 usage: dsidm instance account entry-status [-h] [-V] [dn]
156 dn The single entry dn to check
159
162 -V, --details
163 Print more account policy details about the entry
164
167 usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
168 [-s {one,sub}] [-i]
169 [-o BECOME_INACTIVE_ON]
170 basedn
171 basedn Search base for finding entries
174
177 -V, --details
178 Print more account policy details about the entries
179 -f FILTER, --filter FILTER
182 Search filter for finding entries
183 -s {one,sub}, --scope {one,sub}
186 Search scope (one, sub - default is sub
187 -i, --inactive-only
190 Only display inactivated entries
191 -o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON
194 Only display entries that will become inactive before specified
195 date (in a format 2007-04-25T14:30)
196
199 usage: dsidm instance account reset_password [-h] [dn] [new_password]
200 dn The dn to reset the password for
203 new_password
206 The new password to set
207
210 usage: dsidm instance account change_password [-h]
211 [dn] [new_password]
212 [current_password]
213 dn The dn to change the password for
216 new_password
219 The new password to set
220 current_password
223 The accounts current password
224
227 usage: dsidm instance account bulk_update [-h] [-f FILTER] [-s
228 {one,sub}] [-x]
229 basedn changes [changes ...]
230 basedn Search base for finding entries, only the children of this DN
233 are processed
234 changes
237 A list of changes to apply in format: <add|delete|replace>:<at‐
238 tribute>:<value>
239
242 -f FILTER, --filter FILTER
243 Search filter for finding entries, default is '(objectclass=*)'
244 -s {one,sub}, --scope {one,sub}
247 Search scope (one, sub - default is sub
248 -x, --stop
251 Stop processing updates when an error occurs. Default is False
252
255 usage: dsidm instance group [-h]
256 {list,get,get_dn,create,delete,modify,re‐
257 name,members,add_member,remove_member}
258 ...
259
262 dsidm group list
263 list
264 dsidm group get
266 get
267 dsidm group get_dn
269 get_dn
270 dsidm group create
272 create
273 dsidm group delete
275 deletes the object
276 dsidm group modify
278 modify <add|delete|replace>:<attribute>:<value> ...
279 dsidm group rename
281 rename the object
282 dsidm group members
284 List member dns of a group
285 dsidm group add_member
287 Add a member to a group
288 dsidm group remove_member
290 Remove a member from a group
291
294 usage: dsidm instance group list [-h]
295
298 usage: dsidm instance group get [-h] [selector]
299 selector
302 The term to search for
303
306 usage: dsidm instance group get_dn [-h] [dn]
307 dn The dn to get
310
313 usage: dsidm instance group create [-h] [--cn [CN]]
314
317 --cn [CN]
318 Value of cn
319
322 usage: dsidm instance group delete [-h] [dn]
323 dn The dn to delete
326
329 usage: dsidm instance group modify [-h] selector changes [changes ...]
330 selector
333 The cn to modify
334 changes
337 A list of changes to apply in format: <add|delete|replace>:<at‐
338 tribute>:<value>
339
342 usage: dsidm instance group rename [-h] [--keep-old-rdn] selector
343 new_name
344 selector
347 The cn to rename
348 new_name
351 A new group name
352
355 --keep-old-rdn
356 Specify whether the old RDN (i.e. 'cn: old_group') should be
357 kept as an attribute of the entry or not
358
361 usage: dsidm instance group members [-h] [cn]
362 cn cn of group to list members of
365
368 usage: dsidm instance group add_member [-h] [cn] [dn]
369 cn cn of group to add member to
372 dn dn of object to add to group as member
375
378 usage: dsidm instance group remove_member [-h] [cn] [dn]
379 cn cn of group to remove member from
382 dn dn of object to remove from group as member
385
388 usage: dsidm instance initialise [-h] [--version VERSION]
389
392 --version VERSION
393 The version of entries to create.
394
397 usage: dsidm instance organizationalunit [-h]
398 {list,get,get_dn,cre‐
399 ate,delete,modify,rename}
400 ...
401
404 dsidm organizationalunit list
405 list
406 dsidm organizationalunit get
408 get
409 dsidm organizationalunit get_dn
411 get_dn
412 dsidm organizationalunit create
414 create
415 dsidm organizationalunit delete
417 deletes the object
418 dsidm organizationalunit modify
420 modify <add|delete|replace>:<attribute>:<value> ...
421 dsidm organizationalunit rename
423 rename the object
424
427 usage: dsidm instance organizationalunit list [-h]
428
431 usage: dsidm instance organizationalunit get [-h] [selector]
432 selector
435 The term to search for
436
439 usage: dsidm instance organizationalunit get_dn [-h] [dn]
440 dn The dn to get
443
446 usage: dsidm instance organizationalunit create [-h] [--ou [OU]]
447
450 --ou [OU]
451 Value of ou
452
455 usage: dsidm instance organizationalunit delete [-h] [dn]
456 dn The dn to delete
459
462 usage: dsidm instance organizationalunit modify [-h]
463 selector changes
464 [changes ...]
465 selector
468 The ou to modify
469 changes
472 A list of changes to apply in format: <add|delete|replace>:<at‐
473 tribute>:<value>
474
477 usage: dsidm instance organizationalunit rename [-h] [--keep-old-rdn]
478 selector new_name
479 selector
482 The ou to rename
483 new_name
486 A new organizational unit name
487
490 --keep-old-rdn
491 Specify whether the old RDN (i.e. 'ou: old_ou') should be kept
492 as an attribute of the entry or not
493
496 usage: dsidm instance posixgroup [-h]
497 {list,get,get_dn,create,delete,mod‐
498 ify,rename}
499 ...
500
503 dsidm posixgroup list
504 list
505 dsidm posixgroup get
507 get
508 dsidm posixgroup get_dn
510 get_dn
511 dsidm posixgroup create
513 create
514 dsidm posixgroup delete
516 deletes the object
517 dsidm posixgroup modify
519 modify <add|delete|replace>:<attribute>:<value> ...
520 dsidm posixgroup rename
522 rename the object
523
526 usage: dsidm instance posixgroup list [-h]
527
530 usage: dsidm instance posixgroup get [-h] [selector]
531 selector
534 The term to search for
535
538 usage: dsidm instance posixgroup get_dn [-h] [dn]
539 dn The dn to get
542
545 usage: dsidm instance posixgroup create [-h] [--cn [CN]]
546 [--gidNumber [GIDNUMBER]]
547
550 --cn [CN]
551 Value of cn
552 --gidNumber [GIDNUMBER]
555 Value of gidNumber
556
559 usage: dsidm instance posixgroup delete [-h] [dn]
560 dn The dn to delete
563
566 usage: dsidm instance posixgroup modify [-h] selector changes [changes
567 ...]
568 selector
571 The cn to modify
572 changes
575 A list of changes to apply in format: <add|delete|replace>:<at‐
576 tribute>:<value>
577
580 usage: dsidm instance posixgroup rename [-h] [--keep-old-rdn]
581 selector new_name
582 selector
585 The cn to rename
586 new_name
589 A new posix group name
590
593 --keep-old-rdn
594 Specify whether the old RDN (i.e. 'cn: old_group') should be
595 kept as an attribute of the entry or not
596
599 usage: dsidm instance user [-h]
600 {list,get,get_dn,create,modify,re‐
601 name,delete} ...
602
605 dsidm user list
606 list
607 dsidm user get
609 get
610 dsidm user get_dn
612 get_dn
613 dsidm user create
615 create
616 dsidm user modify
618 modify <add|delete|replace>:<attribute>:<value> ...
619 dsidm user rename
621 rename the object
622 dsidm user delete
624 deletes the object
625
628 usage: dsidm instance user list [-h]
629
632 usage: dsidm instance user get [-h] [selector]
633 selector
636 The term to search for
637
640 usage: dsidm instance user get_dn [-h] [dn]
641 dn The dn to get
644
647 usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
648 [--displayName [DISPLAYNAME]]
649 [--uidNumber [UIDNUMBER]]
650 [--gidNumber [GIDNUMBER]]
651 [--homeDirectory [HOMEDIRECTORY]]
652
655 --uid [UID]
656 Value of uid
657 --cn [CN]
660 Value of cn
661 --displayName [DISPLAYNAME]
664 Value of displayName
665 --uidNumber [UIDNUMBER]
668 Value of uidNumber
669 --gidNumber [GIDNUMBER]
672 Value of gidNumber
673 --homeDirectory [HOMEDIRECTORY]
676 Value of homeDirectory
677
680 usage: dsidm instance user modify [-h] selector changes [changes ...]
681 selector
684 The uid to modify
685 changes
688 A list of changes to apply in format: <add|delete|replace>:<at‐
689 tribute>:<value>
690
693 usage: dsidm instance user rename [-h] [--keep-old-rdn] selector
694 new_name
695 selector
698 The uid to modify
699 new_name
702 A new user name
703
706 --keep-old-rdn
707 Specify whether the old RDN (i.e. 'cn: old_user') should be kept
708 as an attribute of the entry or not
709
712 usage: dsidm instance user delete [-h] [dn]
713 dn The dn to delete
716
719 usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display}
720 ...
721
724 dsidm client_config sssd.conf
725 Generate a SSSD configuration for this LDAP server
726 dsidm client_config ldap.conf
728 Generate an OpenLDAP ldap.conf configuration for this LDAP
729 server
730 dsidm client_config display
732 Display generic application parameters for LDAP connection
733
736 usage: dsidm instance client_config sssd.conf [-h] [allowed_group]
737 allowed_group
740 The name of the group allowed access to this system
741
744 usage: dsidm instance client_config ldap.conf [-h]
745
748 usage: dsidm instance client_config display [-h]
749
752 usage: dsidm instance role [-h]
753 {list,get,get-by-dn,create-managed,cre‐
754 ate-filtered,create-nested,modify-by-dn,rename-by-dn,delete,lock,un‐
755 lock,entry-status,subtree-status}
756 ...
757
760 dsidm role list
761 list roles that could login to the directory
762 dsidm role get
764 get
765 dsidm role get-by-dn
767 get-by-dn <dn>
768 dsidm role create-managed
770 create
771 dsidm role create-filtered
773 create
774 dsidm role create-nested
776 create
777 dsidm role modify-by-dn
779 modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
780 dsidm role rename-by-dn
782 rename the object
783 dsidm role delete
785 deletes the role
786 dsidm role lock
788 lock
789 dsidm role unlock
791 unlock
792 dsidm role entry-status
794 status of a single entry
795 dsidm role subtree-status
797 status of a subtree
798
801 usage: dsidm instance role list [-h]
802
805 usage: dsidm instance role get [-h] [selector]
806 selector
809 The term to search for
810
813 usage: dsidm instance role get-by-dn [-h] [dn]
814 dn The dn to get and display
817
820 usage: dsidm instance role create-managed [-h] [--cn [CN]]
821
824 --cn [CN]
825 Value of cn
826
829 usage: dsidm instance role create-filtered [-h] [--cn [CN]]
830
833 --cn [CN]
834 Value of cn
835
838 usage: dsidm instance role create-nested [-h] [--cn [CN]]
839 [--nsRoleDN [NSROLEDN]]
840
843 --cn [CN]
844 Value of cn
845 --nsRoleDN [NSROLEDN]
848 Value of nsRoleDN
849
852 usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]
853 dn The dn to modify
856 changes
859 A list of changes to apply in format: <add|delete|replace>:<at‐
860 tribute>:<value>
861
864 usage: dsidm instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn
865 dn The dn to rename
868 new_dn A new account dn
871
874 --keep-old-rdn
875 Specify whether the old RDN (i.e. 'cn: old_account') should be
876 kept as an attribute of the entry or not
877
880 usage: dsidm instance role delete [-h] [dn]
881 dn The dn of the role to delete
884
887 usage: dsidm instance role lock [-h] [dn]
888 dn The dn to lock
891
894 usage: dsidm instance role unlock [-h] [dn]
895 dn The dn to unlock
898
901 usage: dsidm instance role entry-status [-h] [dn]
902 dn The single entry dn to check
905
908 usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s
909 {base,one,sub}]
910 basedn
911 basedn Search base for finding entries
914
917 -f FILTER, --filter FILTER
918 Search filter for finding entries
919 -s {base,one,sub}, --scope {base,one,sub}
922 Search scope (base, one, sub - default is sub
923
926 usage: dsidm instance service [-h]
927 {list,get,get_dn,create,modify,re‐
928 name,delete}
929 ...
930
933 dsidm service list
934 list
935 dsidm service get
937 get
938 dsidm service get_dn
940 get_dn
941 dsidm service create
943 create
944 dsidm service modify
946 modify <add|delete|replace>:<attribute>:<value> ...
947 dsidm service rename
949 rename the object
950 dsidm service delete
952 deletes the object
953
956 usage: dsidm instance service list [-h]
957
960 usage: dsidm instance service get [-h] [selector]
961 selector
964 The term to search for
965
968 usage: dsidm instance service get_dn [-h] [dn]
969 dn The dn to get
972
975 usage: dsidm instance service create [-h] [--cn [CN]]
976 [--description [DESCRIPTION]]
977
980 --cn [CN]
981 Value of cn
982 --description [DESCRIPTION]
985 Value of description
986
989 usage: dsidm instance service modify [-h] selector changes [changes
990 ...]
991 selector
994 The cn to modify
995 changes
998 A list of changes to apply in format: <add|delete|replace>:<at‐
999 tribute>:<value>
1000
1003 usage: dsidm instance service rename [-h] [--keep-old-rdn] selector
1004 new_name
1005 selector
1008 The cn to modify
1009 new_name
1012 A new service name
1013
1016 --keep-old-rdn
1017 Specify whether the old RDN (i.e. 'cn: old_service') should be
1018 kept as an attribute of the entry or not
1019
1022 usage: dsidm instance service delete [-h] [dn]
1023 dn The dn to delete
1026
1029 -b BASEDN, --basedn BASEDN
1030 Base DN (root naming context) of the instance to manage
1031 -v, --verbose
1034 Display verbose operation tracing during command execution
1035 -D BINDDN, --binddn BINDDN
1038 The account to bind as for executing operations
1039 -w BINDPW, --bindpw BINDPW
1042 Password for the bind DN
1043 -W, --prompt
1046 Prompt for password of the bind DN
1047 -y PWDFILE, --pwdfile PWDFILE
1050 Specifies a file containing the password of the bind DN
1051 -Z, --starttls
1054 Connect with StartTLS
1055 -j, --json
1058 Return result in JSON object
1059
1062 Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org>
1063
1066 The latest version of lib389 may be downloaded from
1067 ⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html⟩
1068lib389 1.4.0.1 2023-01-23 DSIDM(8)