1DSIDM(8) Generated Python Manual DSIDM(8)
2
6 dsidm
7
9 dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE]
10 [-Z] [-j] instance {account,group,initialise,init,organizationalu‐
11 nit,ou,posixgroup,user,client_config,role,service,uniquegroup} ...
12
15 dsidm account
16 Manage generic accounts, with tasks like modify, locking and un‐
17 locking. To create an account, see "user" subcommand instead.
18 dsidm group
20 Manage groups. The organizationalUnit (by default "ou=groups")
21 needs to exist prior to managing groups. Groups uses the ob‐
22 jectclass "groupOfNames" and the grouping attribute "member"
23 dsidm initialise
25 Initialise a backend with domain information and sample entries
26 dsidm organizationalunit
28 Manage organizational units
29 dsidm posixgroup
31 Manage posix groups The organizationalUnit (by default
32 ou=groups") needs to exist prior to managing posix groups.
33 dsidm user
35 Manage posix users. The organizationalUnit (by default "ou=peo‐
36 ple") needs to exist prior to managing users.
37 dsidm client_config
39 Display and generate client example configs for this LDAP server
40 dsidm role
42 Manage roles.
43 dsidm service
45 Manage service accounts
46 dsidm uniquegroup
48 Manage groups. The organizationalUnit (by default "ou=groups")
49 needs to exist prior to managing groups. Unique groups uses the
50 objectclass "groupOfUniqueNames" and the grouping attribute
51 "uniquemember"
52
55 usage: dsidm instance account [-h]
56 {list,get-by-dn,modify-by-dn,re‐
57 name-by-dn,delete,lock,unlock,entry-status,subtree-status,reset_pass‐
58 word,change_password,bulk_update}
59 ...
60
63 dsidm account list
64 list accounts that could login to the directory
65 dsidm account get-by-dn
67 get-by-dn <dn>
68 dsidm account modify-by-dn
70 modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
71 dsidm account rename-by-dn
73 rename the object
74 dsidm account delete
76 deletes the account
77 dsidm account lock
79 lock
80 dsidm account unlock
82 unlock
83 dsidm account entry-status
85 status of a single entry
86 dsidm account subtree-status
88 status of a subtree
89 dsidm account reset_password
91 Reset the password of an account. This should be performed by a
92 directory admin.
93 dsidm account change_password
95 Change the password of an account. This can be performed by any
96 user (with correct rights)
97 dsidm account bulk_update
99 Perform a common operation to a set of entries
100
103 usage: dsidm instance account list [-h]
104
107 usage: dsidm instance account get-by-dn [-h] [dn]
108 dn The dn to get and display
111
114 usage: dsidm instance account modify-by-dn [-h] dn changes [changes
115 ...]
116 dn The dn to get and display
119 changes
122 A list of changes to apply in format: <add|delete|replace>:<at‐
123 tribute>:<value>
124
127 usage: dsidm instance account rename-by-dn [-h] [--keep-old-rdn] dn
128 new_dn
129 dn The dn to rename
132 new_dn A new role dn
135
138 --keep-old-rdn
139 Specify whether the old RDN (i.e. 'cn: old_role') should be kept
140 as an attribute of the entry or not
141
144 usage: dsidm instance account delete [-h] [dn]
145 dn The dn of the account to delete
148
151 usage: dsidm instance account lock [-h] [dn]
152 dn The dn to lock
155
158 usage: dsidm instance account unlock [-h] [dn]
159 dn The dn to unlock
162
165 usage: dsidm instance account entry-status [-h] [-V] [dn]
166 dn The single entry dn to check
169
172 -V, --details
173 Print more account policy details about the entry
174
177 usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
178 [-s {one,sub}] [-i]
179 [-o BECOME_INACTIVE_ON]
180 basedn
181 basedn Search base for finding entries
184
187 -V, --details
188 Print more account policy details about the entries
189 -f FILTER, --filter FILTER
192 Search filter for finding entries
193 -s {one,sub}, --scope {one,sub}
196 Search scope (one, sub - default is sub
197 -i, --inactive-only
200 Only display inactivated entries
201 -o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON
204 Only display entries that will become inactive before specified
205 date (in a format 2007-04-25T14:30)
206
209 usage: dsidm instance account reset_password [-h] [dn] [new_password]
210 dn The dn to reset the password for
213 new_password
216 The new password to set
217
220 usage: dsidm instance account change_password [-h]
221 [dn] [new_password]
222 [current_password]
223 dn The dn to change the password for
226 new_password
229 The new password to set
230 current_password
233 The accounts current password
234
237 usage: dsidm instance account bulk_update [-h] [-f FILTER] [-s
238 {one,sub}] [-x]
239 basedn changes [changes ...]
240 basedn Search base for finding entries, only the children of this DN
243 are processed
244 changes
247 A list of changes to apply in format: <add|delete|replace>:<at‐
248 tribute>:<value>
249
252 -f FILTER, --filter FILTER
253 Search filter for finding entries, default is '(objectclass=*)'
254 -s {one,sub}, --scope {one,sub}
257 Search scope (one, sub - default is sub
258 -x, --stop
261 Stop processing updates when an error occurs. Default is False
262
265 usage: dsidm instance group [-h]
266 {list,get,get_dn,create,delete,modify,re‐
267 name,members,add_member,remove_member}
268 ...
269
272 dsidm group list
273 list
274 dsidm group get
276 get
277 dsidm group get_dn
279 get_dn
280 dsidm group create
282 create
283 dsidm group delete
285 deletes the object
286 dsidm group modify
288 modify <add|delete|replace>:<attribute>:<value> ...
289 dsidm group rename
291 rename the object
292 dsidm group members
294 List member dns of a group
295 dsidm group add_member
297 Add a member to a group
298 dsidm group remove_member
300 Remove a member from a group
301
304 usage: dsidm instance group list [-h]
305
308 usage: dsidm instance group get [-h] [selector]
309 selector
312 The term to search for
313
316 usage: dsidm instance group get_dn [-h] [dn]
317 dn The dn to get
320
323 usage: dsidm instance group create [-h] [--cn [CN]]
324
327 --cn [CN]
328 Value of cn
329
332 usage: dsidm instance group delete [-h] [dn]
333 dn The dn to delete
336
339 usage: dsidm instance group modify [-h] selector changes [changes ...]
340 selector
343 The cn to modify
344 changes
347 A list of changes to apply in format: <add|delete|replace>:<at‐
348 tribute>:<value>
349
352 usage: dsidm instance group rename [-h] [--keep-old-rdn] selector
353 new_name
354 selector
357 The cn to rename
358 new_name
361 A new group name
362
365 --keep-old-rdn
366 Specify whether the old RDN (i.e. 'cn: old_group') should be
367 kept as an attribute of the entry or not
368
371 usage: dsidm instance group members [-h] [cn]
372 cn cn of group to list members of
375
378 usage: dsidm instance group add_member [-h] [cn] [dn]
379 cn cn of group to add member to
382 dn dn of object to add to group as member
385
388 usage: dsidm instance group remove_member [-h] [cn] [dn]
389 cn cn of group to remove member from
392 dn dn of object to remove from group as member
395
398 usage: dsidm instance initialise [-h] [--version VERSION]
399
402 --version VERSION
403 The version of entries to create.
404
407 usage: dsidm instance organizationalunit [-h]
408 {list,get,get_dn,cre‐
409 ate,delete,modify,rename}
410 ...
411
414 dsidm organizationalunit list
415 list
416 dsidm organizationalunit get
418 get
419 dsidm organizationalunit get_dn
421 get_dn
422 dsidm organizationalunit create
424 create
425 dsidm organizationalunit delete
427 deletes the object
428 dsidm organizationalunit modify
430 modify <add|delete|replace>:<attribute>:<value> ...
431 dsidm organizationalunit rename
433 rename the object
434
437 usage: dsidm instance organizationalunit list [-h]
438
441 usage: dsidm instance organizationalunit get [-h] [selector]
442 selector
445 The term to search for
446
449 usage: dsidm instance organizationalunit get_dn [-h] [dn]
450 dn The dn to get
453
456 usage: dsidm instance organizationalunit create [-h] [--ou [OU]]
457
460 --ou [OU]
461 Value of ou
462
465 usage: dsidm instance organizationalunit delete [-h] [dn]
466 dn The dn to delete
469
472 usage: dsidm instance organizationalunit modify [-h]
473 selector changes
474 [changes ...]
475 selector
478 The ou to modify
479 changes
482 A list of changes to apply in format: <add|delete|replace>:<at‐
483 tribute>:<value>
484
487 usage: dsidm instance organizationalunit rename [-h] [--keep-old-rdn]
488 selector new_name
489 selector
492 The ou to rename
493 new_name
496 A new organizational unit name
497
500 --keep-old-rdn
501 Specify whether the old RDN (i.e. 'ou: old_ou') should be kept
502 as an attribute of the entry or not
503
506 usage: dsidm instance posixgroup [-h]
507 {list,get,get_dn,create,delete,mod‐
508 ify,rename}
509 ...
510
513 dsidm posixgroup list
514 list
515 dsidm posixgroup get
517 get
518 dsidm posixgroup get_dn
520 get_dn
521 dsidm posixgroup create
523 create
524 dsidm posixgroup delete
526 deletes the object
527 dsidm posixgroup modify
529 modify <add|delete|replace>:<attribute>:<value> ...
530 dsidm posixgroup rename
532 rename the object
533
536 usage: dsidm instance posixgroup list [-h]
537
540 usage: dsidm instance posixgroup get [-h] [selector]
541 selector
544 The term to search for
545
548 usage: dsidm instance posixgroup get_dn [-h] [dn]
549 dn The dn to get
552
555 usage: dsidm instance posixgroup create [-h] [--cn [CN]]
556 [--gidNumber [GIDNUMBER]]
557
560 --cn [CN]
561 Value of cn
562 --gidNumber [GIDNUMBER]
565 Value of gidNumber
566
569 usage: dsidm instance posixgroup delete [-h] [dn]
570 dn The dn to delete
573
576 usage: dsidm instance posixgroup modify [-h] selector changes [changes
577 ...]
578 selector
581 The cn to modify
582 changes
585 A list of changes to apply in format: <add|delete|replace>:<at‐
586 tribute>:<value>
587
590 usage: dsidm instance posixgroup rename [-h] [--keep-old-rdn]
591 selector new_name
592 selector
595 The cn to rename
596 new_name
599 A new posix group name
600
603 --keep-old-rdn
604 Specify whether the old RDN (i.e. 'cn: old_group') should be
605 kept as an attribute of the entry or not
606
609 usage: dsidm instance user [-h]
610 {list,get,get_dn,create,modify,re‐
611 name,delete} ...
612
615 dsidm user list
616 list
617 dsidm user get
619 get
620 dsidm user get_dn
622 get_dn
623 dsidm user create
625 create
626 dsidm user modify
628 modify <add|delete|replace>:<attribute>:<value> ...
629 dsidm user rename
631 rename the object
632 dsidm user delete
634 deletes the object
635
638 usage: dsidm instance user list [-h]
639
642 usage: dsidm instance user get [-h] [selector]
643 selector
646 The term to search for
647
650 usage: dsidm instance user get_dn [-h] [dn]
651 dn The dn to get
654
657 usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
658 [--displayName [DISPLAYNAME]]
659 [--uidNumber [UIDNUMBER]]
660 [--gidNumber [GIDNUMBER]]
661 [--homeDirectory [HOMEDIRECTORY]]
662
665 --uid [UID]
666 Value of uid
667 --cn [CN]
670 Value of cn
671 --displayName [DISPLAYNAME]
674 Value of displayName
675 --uidNumber [UIDNUMBER]
678 Value of uidNumber
679 --gidNumber [GIDNUMBER]
682 Value of gidNumber
683 --homeDirectory [HOMEDIRECTORY]
686 Value of homeDirectory
687
690 usage: dsidm instance user modify [-h] selector changes [changes ...]
691 selector
694 The uid to modify
695 changes
698 A list of changes to apply in format: <add|delete|replace>:<at‐
699 tribute>:<value>
700
703 usage: dsidm instance user rename [-h] [--keep-old-rdn] selector
704 new_name
705 selector
708 The uid to modify
709 new_name
712 A new user name
713
716 --keep-old-rdn
717 Specify whether the old RDN (i.e. 'cn: old_user') should be kept
718 as an attribute of the entry or not
719
722 usage: dsidm instance user delete [-h] [dn]
723 dn The dn to delete
726
729 usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display}
730 ...
731
734 dsidm client_config sssd.conf
735 Generate a SSSD configuration for this LDAP server
736 dsidm client_config ldap.conf
738 Generate an OpenLDAP ldap.conf configuration for this LDAP
739 server
740 dsidm client_config display
742 Display generic application parameters for LDAP connection
743
746 usage: dsidm instance client_config sssd.conf [-h] [allowed_group]
747 allowed_group
750 The name of the group allowed access to this system
751
754 usage: dsidm instance client_config ldap.conf [-h]
755
758 usage: dsidm instance client_config display [-h]
759
762 usage: dsidm instance role [-h]
763 {list,get,get-by-dn,create-managed,cre‐
764 ate-filtered,create-nested,modify-by-dn,rename-by-dn,delete,lock,un‐
765 lock,entry-status,subtree-status}
766 ...
767
770 dsidm role list
771 list roles that could login to the directory
772 dsidm role get
774 get
775 dsidm role get-by-dn
777 get-by-dn <dn>
778 dsidm role create-managed
780 create
781 dsidm role create-filtered
783 create
784 dsidm role create-nested
786 create
787 dsidm role modify-by-dn
789 modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
790 dsidm role rename-by-dn
792 rename the object
793 dsidm role delete
795 deletes the role
796 dsidm role lock
798 lock
799 dsidm role unlock
801 unlock
802 dsidm role entry-status
804 status of a single entry
805 dsidm role subtree-status
807 status of a subtree
808
811 usage: dsidm instance role list [-h]
812
815 usage: dsidm instance role get [-h] [selector]
816 selector
819 The term to search for
820
823 usage: dsidm instance role get-by-dn [-h] [dn]
824 dn The dn to get and display
827
830 usage: dsidm instance role create-managed [-h] [--cn [CN]]
831
834 --cn [CN]
835 Value of cn
836
839 usage: dsidm instance role create-filtered [-h] [--cn [CN]]
840
843 --cn [CN]
844 Value of cn
845
848 usage: dsidm instance role create-nested [-h] [--cn [CN]]
849 [--nsRoleDN [NSROLEDN]]
850
853 --cn [CN]
854 Value of cn
855 --nsRoleDN [NSROLEDN]
858 Value of nsRoleDN
859
862 usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]
863 dn The dn to modify
866 changes
869 A list of changes to apply in format: <add|delete|replace>:<at‐
870 tribute>:<value>
871
874 usage: dsidm instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn
875 dn The dn to rename
878 new_dn A new account dn
881
884 --keep-old-rdn
885 Specify whether the old RDN (i.e. 'cn: old_account') should be
886 kept as an attribute of the entry or not
887
890 usage: dsidm instance role delete [-h] [dn]
891 dn The dn of the role to delete
894
897 usage: dsidm instance role lock [-h] [dn]
898 dn The dn to lock
901
904 usage: dsidm instance role unlock [-h] [dn]
905 dn The dn to unlock
908
911 usage: dsidm instance role entry-status [-h] [dn]
912 dn The single entry dn to check
915
918 usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s
919 {base,one,sub}]
920 basedn
921 basedn Search base for finding entries
924
927 -f FILTER, --filter FILTER
928 Search filter for finding entries
929 -s {base,one,sub}, --scope {base,one,sub}
932 Search scope (base, one, sub - default is sub
933
936 usage: dsidm instance service [-h]
937 {list,get,get_dn,create,modify,re‐
938 name,delete}
939 ...
940
943 dsidm service list
944 list
945 dsidm service get
947 get
948 dsidm service get_dn
950 get_dn
951 dsidm service create
953 create
954 dsidm service modify
956 modify <add|delete|replace>:<attribute>:<value> ...
957 dsidm service rename
959 rename the object
960 dsidm service delete
962 deletes the object
963
966 usage: dsidm instance service list [-h]
967
970 usage: dsidm instance service get [-h] [selector]
971 selector
974 The term to search for
975
978 usage: dsidm instance service get_dn [-h] [dn]
979 dn The dn to get
982
985 usage: dsidm instance service create [-h] [--cn [CN]]
986 [--description [DESCRIPTION]]
987
990 --cn [CN]
991 Value of cn
992 --description [DESCRIPTION]
995 Value of description
996
999 usage: dsidm instance service modify [-h] selector changes [changes
1000 ...]
1001 selector
1004 The cn to modify
1005 changes
1008 A list of changes to apply in format: <add|delete|replace>:<at‐
1009 tribute>:<value>
1010
1013 usage: dsidm instance service rename [-h] [--keep-old-rdn] selector
1014 new_name
1015 selector
1018 The cn to modify
1019 new_name
1022 A new service name
1023
1026 --keep-old-rdn
1027 Specify whether the old RDN (i.e. 'cn: old_service') should be
1028 kept as an attribute of the entry or not
1029
1032 usage: dsidm instance service delete [-h] [dn]
1033 dn The dn to delete
1036
1039 usage: dsidm instance uniquegroup [-h]
1040 {list,get,get_dn,create,delete,mod‐
1041 ify,rename,members,add_member,remove_member}
1042 ...
1043
1046 dsidm uniquegroup list
1047 list
1048 dsidm uniquegroup get
1050 get
1051 dsidm uniquegroup get_dn
1053 get_dn
1054 dsidm uniquegroup create
1056 create
1057 dsidm uniquegroup delete
1059 deletes the object
1060 dsidm uniquegroup modify
1062 modify <add|delete|replace>:<attribute>:<value> ...
1063 dsidm uniquegroup rename
1065 rename the object
1066 dsidm uniquegroup members
1068 List member dns of a group
1069 dsidm uniquegroup add_member
1071 Add a member to a group
1072 dsidm uniquegroup remove_member
1074 Remove a member from a group
1075
1078 usage: dsidm instance uniquegroup list [-h]
1079
1082 usage: dsidm instance uniquegroup get [-h] [selector]
1083 selector
1086 The term to search for
1087
1090 usage: dsidm instance uniquegroup get_dn [-h] [dn]
1091 dn The dn to get
1094
1097 usage: dsidm instance uniquegroup create [-h] [--cn [CN]]
1098
1101 --cn [CN]
1102 Value of cn
1103
1106 usage: dsidm instance uniquegroup delete [-h] [dn]
1107 dn The dn to delete
1110
1113 usage: dsidm instance uniquegroup modify [-h] selector changes [changes
1114 ...]
1115 selector
1118 The cn to modify
1119 changes
1122 A list of changes to apply in format: <add|delete|replace>:<at‐
1123 tribute>:<value>
1124
1127 usage: dsidm instance uniquegroup rename [-h] [--keep-old-rdn]
1128 selector new_name
1129 selector
1132 The cn to rename
1133 new_name
1136 A new group name
1137
1140 --keep-old-rdn
1141 Specify whether the old RDN (i.e. 'cn: old_group') should be
1142 kept as an attribute of the entry or not
1143
1146 usage: dsidm instance uniquegroup members [-h] [cn]
1147 cn cn of group to list members of
1150
1153 usage: dsidm instance uniquegroup add_member [-h] [cn] [dn]
1154 cn cn of group to add member to
1157 dn dn of object to add to group as member
1160
1163 usage: dsidm instance uniquegroup remove_member [-h] [cn] [dn]
1164 cn cn of group to remove member from
1167 dn dn of object to remove from group as member
1170
1173 -b BASEDN, --basedn BASEDN
1174 Base DN (root naming context) of the instance to manage
1175 -v, --verbose
1178 Display verbose operation tracing during command execution
1179 -D BINDDN, --binddn BINDDN
1182 The account to bind as for executing operations
1183 -w BINDPW, --bindpw BINDPW
1186 Password for the bind DN
1187 -W, --prompt
1190 Prompt for password of the bind DN
1191 -y PWDFILE, --pwdfile PWDFILE
1194 Specifies a file containing the password of the bind DN
1195 -Z, --starttls
1198 Connect with StartTLS
1199 -j, --json
1202 Return result in JSON object
1203
1206 Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org>
1207
1210 The latest version of lib389 may be downloaded from
1211 ⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html⟩
1212lib389 1.4.0.1 2023-10-07 DSIDM(8)