Provided by: python3-lib389_2.0.15-1_all 
NAME
dsidm
SYNOPSIS
dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-Z] [-j] instance
{account,group,initialise,organizationalunit,posixgroup,user,client_config,role,service}
...
OPTIONS
instance
The name of the instance or its LDAP URL, such as
ldap://server.example.com:389
Sub-commands
dsidm account
Manage generic accounts, with tasks like modify, locking and unlocking. To create
an account, see "user" subcommand instead.
dsidm group
Manage groups
dsidm initialise
Initialise a backend with domain information and sample entries
dsidm organizationalunit
Manage organizational units
dsidm posixgroup
Manage posix groups
dsidm user
Manage posix users
dsidm client_config
Display and generate client example configs for this LDAP server
dsidm role
Manage roles.
dsidm service
Manage service accounts
OPTIONS 'dsidm account'
usage: dsidm instance account [-h]
{list,get-by-dn,modify-by-dn,rename-by-
dn,delete,lock,unlock,entry-status,subtree-status,reset_password,change_password}
...
Sub-commands
dsidm account list
list accounts that could login to the directory
dsidm account get-by-dn
get-by-dn <dn>
dsidm account modify-by-dn
modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
dsidm account rename-by-dn
rename the object
dsidm account delete
deletes the account
dsidm account lock
lock
dsidm account unlock
unlock
dsidm account entry-status
status of a single entry
dsidm account subtree-status
status of a subtree
dsidm account reset_password
Reset the password of an account. This should be performed by a directory admin.
dsidm account change_password
Change the password of an account. This can be performed by any user (with correct
rights)
OPTIONS 'dsidm account list'
usage: dsidm instance account list [-h]
OPTIONS 'dsidm account get-by-dn'
usage: dsidm instance account get-by-dn [-h] [dn]
dn The dn to get and display
OPTIONS 'dsidm account modify-by-dn'
usage: dsidm instance account modify-by-dn [-h] dn changes [changes ...]
dn The dn to get and display
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
OPTIONS 'dsidm account rename-by-dn'
usage: dsidm instance account rename-by-dn [-h] [--keep-old-rdn] dn new_dn
dn The dn to rename
new_dn A new role dn
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_role') should be kept as an
attribute of the entry or not
OPTIONS 'dsidm account delete'
usage: dsidm instance account delete [-h] [dn]
dn The dn of the account to delete
OPTIONS 'dsidm account lock'
usage: dsidm instance account lock [-h] [dn]
dn The dn to lock
OPTIONS 'dsidm account unlock'
usage: dsidm instance account unlock [-h] [dn]
dn The dn to unlock
OPTIONS 'dsidm account entry-status'
usage: dsidm instance account entry-status [-h] [-V] [dn]
dn The single entry dn to check
-V, --details
Print more account policy details about the entry
OPTIONS 'dsidm account subtree-status'
usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
[-s {one,sub}] [-i]
[-o BECOME_INACTIVE_ON]
basedn
basedn Search base for finding entries
-V, --details
Print more account policy details about the entries
-f FILTER, --filter FILTER
Search filter for finding entries
-s {one,sub}, --scope {one,sub}
Search scope (one, sub - default is sub
-i, --inactive-only
Only display inactivated entries
-o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON
Only display entries that will become inactive before specified date (in a
format 2007-04-25T14:30)
OPTIONS 'dsidm account reset_password'
usage: dsidm instance account reset_password [-h] [dn] [new_password]
dn The dn to reset the password for
new_password
The new password to set
OPTIONS 'dsidm account change_password'
usage: dsidm instance account change_password [-h]
[dn] [new_password]
[current_password]
dn The dn to change the password for
new_password
The new password to set
current_password
The accounts current password
OPTIONS 'dsidm group'
usage: dsidm instance group [-h]
{list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member}
...
Sub-commands
dsidm group list
list
dsidm group get
get
dsidm group get_dn
get_dn
dsidm group create
create
dsidm group delete
deletes the object
dsidm group modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm group rename
rename the object
dsidm group members
List member dns of a group
dsidm group add_member
Add a member to a group
dsidm group remove_member
Remove a member from a group
OPTIONS 'dsidm group list'
usage: dsidm instance group list [-h]
OPTIONS 'dsidm group get'
usage: dsidm instance group get [-h] [selector]
selector
The term to search for
OPTIONS 'dsidm group get_dn'
usage: dsidm instance group get_dn [-h] [dn]
dn The dn to get
OPTIONS 'dsidm group create'
usage: dsidm instance group create [-h] [--cn [CN]]
--cn [CN]
Value of cn
OPTIONS 'dsidm group delete'
usage: dsidm instance group delete [-h] [dn]
dn The dn to delete
OPTIONS 'dsidm group modify'
usage: dsidm instance group modify [-h] selector changes [changes ...]
selector
The cn to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
OPTIONS 'dsidm group rename'
usage: dsidm instance group rename [-h] [--keep-old-rdn] selector new_name
selector
The cn to rename
new_name
A new group name
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an
attribute of the entry or not
OPTIONS 'dsidm group members'
usage: dsidm instance group members [-h] [cn]
cn cn of group to list members of
OPTIONS 'dsidm group add_member'
usage: dsidm instance group add_member [-h] [cn] [dn]
cn cn of group to add member to
dn dn of object to add to group as member
OPTIONS 'dsidm group remove_member'
usage: dsidm instance group remove_member [-h] [cn] [dn]
cn cn of group to remove member from
dn dn of object to remove from group as member
OPTIONS 'dsidm initialise'
usage: dsidm instance initialise [-h] [--version VERSION]
--version VERSION
The version of entries to create.
OPTIONS 'dsidm organizationalunit'
usage: dsidm instance organizationalunit [-h]
{list,get,get_dn,create,delete,modify,rename}
...
Sub-commands
dsidm organizationalunit list
list
dsidm organizationalunit get
get
dsidm organizationalunit get_dn
get_dn
dsidm organizationalunit create
create
dsidm organizationalunit delete
deletes the object
dsidm organizationalunit modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm organizationalunit rename
rename the object
OPTIONS 'dsidm organizationalunit list'
usage: dsidm instance organizationalunit list [-h]
OPTIONS 'dsidm organizationalunit get'
usage: dsidm instance organizationalunit get [-h] [selector]
selector
The term to search for
OPTIONS 'dsidm organizationalunit get_dn'
usage: dsidm instance organizationalunit get_dn [-h] [dn]
dn The dn to get
OPTIONS 'dsidm organizationalunit create'
usage: dsidm instance organizationalunit create [-h] [--ou [OU]]
--ou [OU]
Value of ou
OPTIONS 'dsidm organizationalunit delete'
usage: dsidm instance organizationalunit delete [-h] [dn]
dn The dn to delete
OPTIONS 'dsidm organizationalunit modify'
usage: dsidm instance organizationalunit modify [-h]
selector changes [changes ...]
selector
The ou to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
OPTIONS 'dsidm organizationalunit rename'
usage: dsidm instance organizationalunit rename [-h] [--keep-old-rdn]
selector new_name
selector
The ou to rename
new_name
A new organizational unit name
--keep-old-rdn
Specify whether the old RDN (i.e. 'ou: old_ou') should be kept as an attribute
of the entry or not
OPTIONS 'dsidm posixgroup'
usage: dsidm instance posixgroup [-h]
{list,get,get_dn,create,delete,modify,rename}
...
Sub-commands
dsidm posixgroup list
list
dsidm posixgroup get
get
dsidm posixgroup get_dn
get_dn
dsidm posixgroup create
create
dsidm posixgroup delete
deletes the object
dsidm posixgroup modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm posixgroup rename
rename the object
OPTIONS 'dsidm posixgroup list'
usage: dsidm instance posixgroup list [-h]
OPTIONS 'dsidm posixgroup get'
usage: dsidm instance posixgroup get [-h] [selector]
selector
The term to search for
OPTIONS 'dsidm posixgroup get_dn'
usage: dsidm instance posixgroup get_dn [-h] [dn]
dn The dn to get
OPTIONS 'dsidm posixgroup create'
usage: dsidm instance posixgroup create [-h] [--cn [CN]]
[--gidNumber [GIDNUMBER]]
--cn [CN]
Value of cn
--gidNumber [GIDNUMBER]
Value of gidNumber
OPTIONS 'dsidm posixgroup delete'
usage: dsidm instance posixgroup delete [-h] [dn]
dn The dn to delete
OPTIONS 'dsidm posixgroup modify'
usage: dsidm instance posixgroup modify [-h] selector changes [changes ...]
selector
The cn to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
OPTIONS 'dsidm posixgroup rename'
usage: dsidm instance posixgroup rename [-h] [--keep-old-rdn]
selector new_name
selector
The cn to rename
new_name
A new posix group name
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an
attribute of the entry or not
OPTIONS 'dsidm user'
usage: dsidm instance user [-h]
{list,get,get_dn,create,modify,rename,delete} ...
Sub-commands
dsidm user list
list
dsidm user get
get
dsidm user get_dn
get_dn
dsidm user create
create
dsidm user modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm user rename
rename the object
dsidm user delete
deletes the object
OPTIONS 'dsidm user list'
usage: dsidm instance user list [-h]
OPTIONS 'dsidm user get'
usage: dsidm instance user get [-h] [selector]
selector
The term to search for
OPTIONS 'dsidm user get_dn'
usage: dsidm instance user get_dn [-h] [dn]
dn The dn to get
OPTIONS 'dsidm user create'
usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
[--displayName [DISPLAYNAME]]
[--uidNumber [UIDNUMBER]]
[--gidNumber [GIDNUMBER]]
[--homeDirectory [HOMEDIRECTORY]]
--uid [UID]
Value of uid
--cn [CN]
Value of cn
--displayName [DISPLAYNAME]
Value of displayName
--uidNumber [UIDNUMBER]
Value of uidNumber
--gidNumber [GIDNUMBER]
Value of gidNumber
--homeDirectory [HOMEDIRECTORY]
Value of homeDirectory
OPTIONS 'dsidm user modify'
usage: dsidm instance user modify [-h] selector changes [changes ...]
selector
The uid to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
OPTIONS 'dsidm user rename'
usage: dsidm instance user rename [-h] [--keep-old-rdn] selector new_name
selector
The uid to modify
new_name
A new user name
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_user') should be kept as an
attribute of the entry or not
OPTIONS 'dsidm user delete'
usage: dsidm instance user delete [-h] [dn]
dn The dn to delete
OPTIONS 'dsidm client_config'
usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display} ...
Sub-commands
dsidm client_config sssd.conf
Generate a SSSD configuration for this LDAP server
dsidm client_config ldap.conf
Generate an OpenLDAP ldap.conf configuration for this LDAP server
dsidm client_config display
Display generic application parameters for LDAP connection
OPTIONS 'dsidm client_config sssd.conf'
usage: dsidm instance client_config sssd.conf [-h] [allowed_group]
allowed_group
The name of the group allowed access to this system
OPTIONS 'dsidm client_config ldap.conf'
usage: dsidm instance client_config ldap.conf [-h]
OPTIONS 'dsidm client_config display'
usage: dsidm instance client_config display [-h]
OPTIONS 'dsidm role'
usage: dsidm instance role [-h]
{list,get,get-by-dn,create-managed,create-filtered,create-
nested,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status}
...
Sub-commands
dsidm role list
list roles that could login to the directory
dsidm role get
get
dsidm role get-by-dn
get-by-dn <dn>
dsidm role create-managed
create
dsidm role create-filtered
create
dsidm role create-nested
create
dsidm role modify-by-dn
modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
dsidm role rename-by-dn
rename the object
dsidm role delete
deletes the role
dsidm role lock
lock
dsidm role unlock
unlock
dsidm role entry-status
status of a single entry
dsidm role subtree-status
status of a subtree
OPTIONS 'dsidm role list'
usage: dsidm instance role list [-h]
OPTIONS 'dsidm role get'
usage: dsidm instance role get [-h] [selector]
selector
The term to search for
OPTIONS 'dsidm role get-by-dn'
usage: dsidm instance role get-by-dn [-h] [dn]
dn The dn to get and display
OPTIONS 'dsidm role create-managed'
usage: dsidm instance role create-managed [-h] [--cn [CN]]
--cn [CN]
Value of cn
OPTIONS 'dsidm role create-filtered'
usage: dsidm instance role create-filtered [-h] [--cn [CN]]
--cn [CN]
Value of cn
OPTIONS 'dsidm role create-nested'
usage: dsidm instance role create-nested [-h] [--cn [CN]]
[--nsRoleDN [NSROLEDN]]
--cn [CN]
Value of cn
--nsRoleDN [NSROLEDN]
Value of nsRoleDN
OPTIONS 'dsidm role modify-by-dn'
usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]
dn The dn to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
OPTIONS 'dsidm role rename-by-dn'
usage: dsidm instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn
dn The dn to rename
new_dn A new account dn
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_account') should be kept as an
attribute of the entry or not
OPTIONS 'dsidm role delete'
usage: dsidm instance role delete [-h] [dn]
dn The dn of the role to delete
OPTIONS 'dsidm role lock'
usage: dsidm instance role lock [-h] [dn]
dn The dn to lock
OPTIONS 'dsidm role unlock'
usage: dsidm instance role unlock [-h] [dn]
dn The dn to unlock
OPTIONS 'dsidm role entry-status'
usage: dsidm instance role entry-status [-h] [dn]
dn The single entry dn to check
OPTIONS 'dsidm role subtree-status'
usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s {base,one,sub}]
basedn
basedn Search base for finding entries
-f FILTER, --filter FILTER
Search filter for finding entries
-s {base,one,sub}, --scope {base,one,sub}
Search scope (base, one, sub - default is sub
OPTIONS 'dsidm service'
usage: dsidm instance service [-h]
{list,get,get_dn,create,modify,rename,delete}
...
Sub-commands
dsidm service list
list
dsidm service get
get
dsidm service get_dn
get_dn
dsidm service create
create
dsidm service modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm service rename
rename the object
dsidm service delete
deletes the object
OPTIONS 'dsidm service list'
usage: dsidm instance service list [-h]
OPTIONS 'dsidm service get'
usage: dsidm instance service get [-h] [selector]
selector
The term to search for
OPTIONS 'dsidm service get_dn'
usage: dsidm instance service get_dn [-h] [dn]
dn The dn to get
OPTIONS 'dsidm service create'
usage: dsidm instance service create [-h] [--cn [CN]]
[--description [DESCRIPTION]]
--cn [CN]
Value of cn
--description [DESCRIPTION]
Value of description
OPTIONS 'dsidm service modify'
usage: dsidm instance service modify [-h] selector changes [changes ...]
selector
The cn to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
OPTIONS 'dsidm service rename'
usage: dsidm instance service rename [-h] [--keep-old-rdn] selector new_name
selector
The cn to modify
new_name
A new service name
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_service') should be kept as an
attribute of the entry or not
OPTIONS 'dsidm service delete'
usage: dsidm instance service delete [-h] [dn]
dn The dn to delete
-b BASEDN, --basedn BASEDN
Base DN (root naming context) of the instance to manage
-v, --verbose
Display verbose operation tracing during command execution
-D BINDDN, --binddn BINDDN
The account to bind as for executing operations
-w BINDPW, --bindpw BINDPW
Password for the bind DN
-W, --prompt
Prompt for password of the bind DN
-y PWDFILE, --pwdfile PWDFILE
Specifies a file containing the password of the bind DN
-Z, --starttls
Connect with StartTLS
-j, --json
Return result in JSON object
AUTHORS
lib389 was written by Red Hat Inc., and William Brown <389-devel@lists.fedoraproject.org>.
DISTRIBUTION
The latest version of lib389 may be downloaded from
⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html⟩
Manual dsidm(8)