Provided by: python3-lib389_2.0.15-1_all bug

NAME

       dsidm

SYNOPSIS

       dsidm  [-h]  [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-Z] [-j] instance
       {account,group,initialise,organizationalunit,posixgroup,user,client_config,role,service}
       ...

OPTIONS

       instance
              The name of the instance or its LDAP URL, such as
              ldap://server.example.com:389

   Sub-commands
       dsidm account
              Manage  generic  accounts, with tasks like modify, locking and unlocking. To create
              an account, see "user" subcommand instead.

       dsidm group
              Manage groups

       dsidm initialise
              Initialise a backend with domain information and sample entries

       dsidm organizationalunit
              Manage organizational units

       dsidm posixgroup
              Manage posix groups

       dsidm user
              Manage posix users

       dsidm client_config
              Display and generate client example configs for this LDAP server

       dsidm role
              Manage roles.

       dsidm service
              Manage service accounts

OPTIONS 'dsidm account'

       usage: dsidm instance account [-h]
                                     {list,get-by-dn,modify-by-dn,rename-by-
       dn,delete,lock,unlock,entry-status,subtree-status,reset_password,change_password}
                                     ...

   Sub-commands
       dsidm account list
              list accounts that could login to the directory

       dsidm account get-by-dn
              get-by-dn <dn>

       dsidm account modify-by-dn
              modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...

       dsidm account rename-by-dn
              rename the object

       dsidm account delete
              deletes the account

       dsidm account lock
              lock

       dsidm account unlock
              unlock

       dsidm account entry-status
              status of a single entry

       dsidm account subtree-status
              status of a subtree

       dsidm account reset_password
              Reset the password of an account. This should be performed by a directory admin.

       dsidm account change_password
              Change  the password of an account. This can be performed by any user (with correct
              rights)

OPTIONS 'dsidm account list'

       usage: dsidm instance account list [-h]

OPTIONS 'dsidm account get-by-dn'

       usage: dsidm instance account get-by-dn [-h] [dn]

       dn     The dn to get and display

OPTIONS 'dsidm account modify-by-dn'

       usage: dsidm instance account modify-by-dn [-h] dn changes [changes ...]

       dn     The dn to get and display

       changes
              A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm account rename-by-dn'

       usage: dsidm instance account rename-by-dn [-h] [--keep-old-rdn] dn new_dn

       dn     The dn to rename

       new_dn A new role dn

       --keep-old-rdn
              Specify whether the old RDN (i.e. 'cn: old_role') should be kept as an
              attribute of the entry or not

OPTIONS 'dsidm account delete'

       usage: dsidm instance account delete [-h] [dn]

       dn     The dn of the account to delete

OPTIONS 'dsidm account lock'

       usage: dsidm instance account lock [-h] [dn]

       dn     The dn to lock

OPTIONS 'dsidm account unlock'

       usage: dsidm instance account unlock [-h] [dn]

       dn     The dn to unlock

OPTIONS 'dsidm account entry-status'

       usage: dsidm instance account entry-status [-h] [-V] [dn]

       dn     The single entry dn to check

       -V, --details
              Print more account policy details about the entry

OPTIONS 'dsidm account subtree-status'

       usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
                                                    [-s {one,sub}] [-i]
                                                    [-o BECOME_INACTIVE_ON]
                                                    basedn

       basedn Search base for finding entries

       -V, --details
              Print more account policy details about the entries

       -f FILTER, --filter FILTER
              Search filter for finding entries

       -s {one,sub}, --scope {one,sub}
              Search scope (one, sub - default is sub

       -i, --inactive-only
              Only display inactivated entries

       -o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON
              Only display entries that will become inactive before specified date (in a
              format 2007-04-25T14:30)

OPTIONS 'dsidm account reset_password'

       usage: dsidm instance account reset_password [-h] [dn] [new_password]

       dn     The dn to reset the password for

       new_password
              The new password to set

OPTIONS 'dsidm account change_password'

       usage: dsidm instance account change_password [-h]
                                                     [dn] [new_password]
                                                     [current_password]

       dn     The dn to change the password for

       new_password
              The new password to set

       current_password
              The accounts current password

OPTIONS 'dsidm group'

       usage: dsidm instance group [-h]
                                   {list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member}
                                   ...

   Sub-commands
       dsidm group list
              list

       dsidm group get
              get

       dsidm group get_dn
              get_dn

       dsidm group create
              create

       dsidm group delete
              deletes the object

       dsidm group modify
              modify <add|delete|replace>:<attribute>:<value> ...

       dsidm group rename
              rename the object

       dsidm group members
              List member dns of a group

       dsidm group add_member
              Add a member to a group

       dsidm group remove_member
              Remove a member from a group

OPTIONS 'dsidm group list'

       usage: dsidm instance group list [-h]

OPTIONS 'dsidm group get'

       usage: dsidm instance group get [-h] [selector]

       selector
              The term to search for

OPTIONS 'dsidm group get_dn'

       usage: dsidm instance group get_dn [-h] [dn]

       dn     The dn to get

OPTIONS 'dsidm group create'

       usage: dsidm instance group create [-h] [--cn [CN]]

       --cn [CN]
              Value of cn

OPTIONS 'dsidm group delete'

       usage: dsidm instance group delete [-h] [dn]

       dn     The dn to delete

OPTIONS 'dsidm group modify'

       usage: dsidm instance group modify [-h] selector changes [changes ...]

       selector
              The cn to modify

       changes
              A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm group rename'

       usage: dsidm instance group rename [-h] [--keep-old-rdn] selector new_name

       selector
              The cn to rename

       new_name
              A new group name

       --keep-old-rdn
              Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an
              attribute of the entry or not

OPTIONS 'dsidm group members'

       usage: dsidm instance group members [-h] [cn]

       cn     cn of group to list members of

OPTIONS 'dsidm group add_member'

       usage: dsidm instance group add_member [-h] [cn] [dn]

       cn     cn of group to add member to

       dn     dn of object to add to group as member

OPTIONS 'dsidm group remove_member'

       usage: dsidm instance group remove_member [-h] [cn] [dn]

       cn     cn of group to remove member from

       dn     dn of object to remove from group as member

OPTIONS 'dsidm initialise'

       usage: dsidm instance initialise [-h] [--version VERSION]

       --version VERSION
              The version of entries to create.

OPTIONS 'dsidm organizationalunit'

       usage: dsidm instance organizationalunit [-h]
                                                {list,get,get_dn,create,delete,modify,rename}
                                                ...

   Sub-commands
       dsidm organizationalunit list
              list

       dsidm organizationalunit get
              get

       dsidm organizationalunit get_dn
              get_dn

       dsidm organizationalunit create
              create

       dsidm organizationalunit delete
              deletes the object

       dsidm organizationalunit modify
              modify <add|delete|replace>:<attribute>:<value> ...

       dsidm organizationalunit rename
              rename the object

OPTIONS 'dsidm organizationalunit list'

       usage: dsidm instance organizationalunit list [-h]

OPTIONS 'dsidm organizationalunit get'

       usage: dsidm instance organizationalunit get [-h] [selector]

       selector
              The term to search for

OPTIONS 'dsidm organizationalunit get_dn'

       usage: dsidm instance organizationalunit get_dn [-h] [dn]

       dn     The dn to get

OPTIONS 'dsidm organizationalunit create'

       usage: dsidm instance organizationalunit create [-h] [--ou [OU]]

       --ou [OU]
              Value of ou

OPTIONS 'dsidm organizationalunit delete'

       usage: dsidm instance organizationalunit delete [-h] [dn]

       dn     The dn to delete

OPTIONS 'dsidm organizationalunit modify'

       usage: dsidm instance organizationalunit modify [-h]
                                                       selector changes [changes ...]

       selector
              The ou to modify

       changes
              A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm organizationalunit rename'

       usage: dsidm instance organizationalunit rename [-h] [--keep-old-rdn]
                                                       selector new_name

       selector
              The ou to rename

       new_name
              A new organizational unit name

       --keep-old-rdn
              Specify whether the old RDN (i.e. 'ou: old_ou') should be kept as an attribute
              of the entry or not

OPTIONS 'dsidm posixgroup'

       usage: dsidm instance posixgroup [-h]
                                        {list,get,get_dn,create,delete,modify,rename}
                                        ...

   Sub-commands
       dsidm posixgroup list
              list

       dsidm posixgroup get
              get

       dsidm posixgroup get_dn
              get_dn

       dsidm posixgroup create
              create

       dsidm posixgroup delete
              deletes the object

       dsidm posixgroup modify
              modify <add|delete|replace>:<attribute>:<value> ...

       dsidm posixgroup rename
              rename the object

OPTIONS 'dsidm posixgroup list'

       usage: dsidm instance posixgroup list [-h]

OPTIONS 'dsidm posixgroup get'

       usage: dsidm instance posixgroup get [-h] [selector]

       selector
              The term to search for

OPTIONS 'dsidm posixgroup get_dn'

       usage: dsidm instance posixgroup get_dn [-h] [dn]

       dn     The dn to get

OPTIONS 'dsidm posixgroup create'

       usage: dsidm instance posixgroup create [-h] [--cn [CN]]
                                               [--gidNumber [GIDNUMBER]]

       --cn [CN]
              Value of cn

       --gidNumber [GIDNUMBER]
              Value of gidNumber

OPTIONS 'dsidm posixgroup delete'

       usage: dsidm instance posixgroup delete [-h] [dn]

       dn     The dn to delete

OPTIONS 'dsidm posixgroup modify'

       usage: dsidm instance posixgroup modify [-h] selector changes [changes ...]

       selector
              The cn to modify

       changes
              A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm posixgroup rename'

       usage: dsidm instance posixgroup rename [-h] [--keep-old-rdn]
                                               selector new_name

       selector
              The cn to rename

       new_name
              A new posix group name

       --keep-old-rdn
              Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an
              attribute of the entry or not

OPTIONS 'dsidm user'

       usage: dsidm instance user [-h]
                                  {list,get,get_dn,create,modify,rename,delete} ...

   Sub-commands
       dsidm user list
              list

       dsidm user get
              get

       dsidm user get_dn
              get_dn

       dsidm user create
              create

       dsidm user modify
              modify <add|delete|replace>:<attribute>:<value> ...

       dsidm user rename
              rename the object

       dsidm user delete
              deletes the object

OPTIONS 'dsidm user list'

       usage: dsidm instance user list [-h]

OPTIONS 'dsidm user get'

       usage: dsidm instance user get [-h] [selector]

       selector
              The term to search for

OPTIONS 'dsidm user get_dn'

       usage: dsidm instance user get_dn [-h] [dn]

       dn     The dn to get

OPTIONS 'dsidm user create'

       usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
                                         [--displayName [DISPLAYNAME]]
                                         [--uidNumber [UIDNUMBER]]
                                         [--gidNumber [GIDNUMBER]]
                                         [--homeDirectory [HOMEDIRECTORY]]

       --uid [UID]
              Value of uid

       --cn [CN]
              Value of cn

       --displayName [DISPLAYNAME]
              Value of displayName

       --uidNumber [UIDNUMBER]
              Value of uidNumber

       --gidNumber [GIDNUMBER]
              Value of gidNumber

       --homeDirectory [HOMEDIRECTORY]
              Value of homeDirectory

OPTIONS 'dsidm user modify'

       usage: dsidm instance user modify [-h] selector changes [changes ...]

       selector
              The uid to modify

       changes
              A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm user rename'

       usage: dsidm instance user rename [-h] [--keep-old-rdn] selector new_name

       selector
              The uid to modify

       new_name
              A new user name

       --keep-old-rdn
              Specify whether the old RDN (i.e. 'cn: old_user') should be kept as an
              attribute of the entry or not

OPTIONS 'dsidm user delete'

       usage: dsidm instance user delete [-h] [dn]

       dn     The dn to delete

OPTIONS 'dsidm client_config'

       usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display} ...

   Sub-commands
       dsidm client_config sssd.conf
              Generate a SSSD configuration for this LDAP server

       dsidm client_config ldap.conf
              Generate an OpenLDAP ldap.conf configuration for this LDAP server

       dsidm client_config display
              Display generic application parameters for LDAP connection

OPTIONS 'dsidm client_config sssd.conf'

       usage: dsidm instance client_config sssd.conf [-h] [allowed_group]

       allowed_group
              The name of the group allowed access to this system

OPTIONS 'dsidm client_config ldap.conf'

       usage: dsidm instance client_config ldap.conf [-h]

OPTIONS 'dsidm client_config display'

       usage: dsidm instance client_config display [-h]

OPTIONS 'dsidm role'

       usage: dsidm instance role [-h]
                                  {list,get,get-by-dn,create-managed,create-filtered,create-
       nested,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status}
                                  ...

   Sub-commands
       dsidm role list
              list roles that could login to the directory

       dsidm role get
              get

       dsidm role get-by-dn
              get-by-dn <dn>

       dsidm role create-managed
              create

       dsidm role create-filtered
              create

       dsidm role create-nested
              create

       dsidm role modify-by-dn
              modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...

       dsidm role rename-by-dn
              rename the object

       dsidm role delete
              deletes the role

       dsidm role lock
              lock

       dsidm role unlock
              unlock

       dsidm role entry-status
              status of a single entry

       dsidm role subtree-status
              status of a subtree

OPTIONS 'dsidm role list'

       usage: dsidm instance role list [-h]

OPTIONS 'dsidm role get'

       usage: dsidm instance role get [-h] [selector]

       selector
              The term to search for

OPTIONS 'dsidm role get-by-dn'

       usage: dsidm instance role get-by-dn [-h] [dn]

       dn     The dn to get and display

OPTIONS 'dsidm role create-managed'

       usage: dsidm instance role create-managed [-h] [--cn [CN]]

       --cn [CN]
              Value of cn

OPTIONS 'dsidm role create-filtered'

       usage: dsidm instance role create-filtered [-h] [--cn [CN]]

       --cn [CN]
              Value of cn

OPTIONS 'dsidm role create-nested'

       usage: dsidm instance role create-nested [-h] [--cn [CN]]
                                                [--nsRoleDN [NSROLEDN]]

       --cn [CN]
              Value of cn

       --nsRoleDN [NSROLEDN]
              Value of nsRoleDN

OPTIONS 'dsidm role modify-by-dn'

       usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]

       dn     The dn to modify

       changes
              A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm role rename-by-dn'

       usage: dsidm instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn

       dn     The dn to rename

       new_dn A new account dn

       --keep-old-rdn
              Specify whether the old RDN (i.e. 'cn: old_account') should be kept as an
              attribute of the entry or not

OPTIONS 'dsidm role delete'

       usage: dsidm instance role delete [-h] [dn]

       dn     The dn of the role to delete

OPTIONS 'dsidm role lock'

       usage: dsidm instance role lock [-h] [dn]

       dn     The dn to lock

OPTIONS 'dsidm role unlock'

       usage: dsidm instance role unlock [-h] [dn]

       dn     The dn to unlock

OPTIONS 'dsidm role entry-status'

       usage: dsidm instance role entry-status [-h] [dn]

       dn     The single entry dn to check

OPTIONS 'dsidm role subtree-status'

       usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s {base,one,sub}]
                                                 basedn

       basedn Search base for finding entries

       -f FILTER, --filter FILTER
              Search filter for finding entries

       -s {base,one,sub}, --scope {base,one,sub}
              Search scope (base, one, sub - default is sub

OPTIONS 'dsidm service'

       usage: dsidm instance service [-h]
                                     {list,get,get_dn,create,modify,rename,delete}
                                     ...

   Sub-commands
       dsidm service list
              list

       dsidm service get
              get

       dsidm service get_dn
              get_dn

       dsidm service create
              create

       dsidm service modify
              modify <add|delete|replace>:<attribute>:<value> ...

       dsidm service rename
              rename the object

       dsidm service delete
              deletes the object

OPTIONS 'dsidm service list'

       usage: dsidm instance service list [-h]

OPTIONS 'dsidm service get'

       usage: dsidm instance service get [-h] [selector]

       selector
              The term to search for

OPTIONS 'dsidm service get_dn'

       usage: dsidm instance service get_dn [-h] [dn]

       dn     The dn to get

OPTIONS 'dsidm service create'

       usage: dsidm instance service create [-h] [--cn [CN]]
                                            [--description [DESCRIPTION]]

       --cn [CN]
              Value of cn

       --description [DESCRIPTION]
              Value of description

OPTIONS 'dsidm service modify'

       usage: dsidm instance service modify [-h] selector changes [changes ...]

       selector
              The cn to modify

       changes
              A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

OPTIONS 'dsidm service rename'

       usage: dsidm instance service rename [-h] [--keep-old-rdn] selector new_name

       selector
              The cn to modify

       new_name
              A new service name

       --keep-old-rdn
              Specify whether the old RDN (i.e. 'cn: old_service') should be kept as an
              attribute of the entry or not

OPTIONS 'dsidm service delete'

       usage: dsidm instance service delete [-h] [dn]

       dn     The dn to delete

       -b BASEDN, --basedn BASEDN
              Base DN (root naming context) of the instance to manage

       -v, --verbose
              Display verbose operation tracing during command execution

       -D BINDDN, --binddn BINDDN
              The account to bind as for executing operations

       -w BINDPW, --bindpw BINDPW
              Password for the bind DN

       -W, --prompt
              Prompt for password of the bind DN

       -y PWDFILE, --pwdfile PWDFILE
              Specifies a file containing the password of the bind DN

       -Z, --starttls
              Connect with StartTLS

       -j, --json
              Return result in JSON object

AUTHORS

       lib389 was written by Red Hat Inc., and William Brown <389-devel@lists.fedoraproject.org>.

DISTRIBUTION

       The     latest      version      of      lib389      may      be      downloaded      from
       ⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html⟩

                                              Manual                                     dsidm(8)