Provided by: python3-lib389_2.4.5+dfsg1-1_all 
NAME
dsidm
SYNOPSIS
dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-Z] [-j] instance
{account,group,initialise,init,organizationalunit,ou,posixgroup,user,client_config,role,service,uniquegroup}
...
POSITIONAL ARGUMENTS
dsidm account
Manage generic accounts, with tasks like modify, locking and unlocking. To create an account, see
"user" subcommand instead.
dsidm group
Manage groups. The organizationalUnit (by default "ou=groups") needs to exist prior to managing
groups. Groups uses the objectclass "groupOfNames" and the grouping attribute "member"
dsidm initialise
Initialise a backend with domain information and sample entries
dsidm organizationalunit
Manage organizational units
dsidm posixgroup
Manage posix groups The organizationalUnit (by default ou=groups") needs to exist prior to
managing posix groups.
dsidm user
Manage posix users. The organizationalUnit (by default "ou=people") needs to exist prior to
managing users.
dsidm client_config
Display and generate client example configs for this LDAP server
dsidm role
Manage roles.
dsidm service
Manage service accounts
dsidm uniquegroup
Manage groups. The organizationalUnit (by default "ou=groups") needs to exist prior to managing
groups. Unique groups uses the objectclass "groupOfUniqueNames" and the grouping attribute
"uniquemember"
COMMAND 'dsidm account'
usage: dsidm instance account [-h]
{list,get-by-dn,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status,reset_password,change_password,bulk_update}
...
POSITIONAL ARGUMENTS 'dsidm account'
dsidm account list
list accounts that could login to the directory
dsidm account get-by-dn
get-by-dn <dn>
dsidm account modify-by-dn
modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
dsidm account rename-by-dn
rename the object
dsidm account delete
deletes the account
dsidm account lock
lock
dsidm account unlock
unlock
dsidm account entry-status
status of a single entry
dsidm account subtree-status
status of a subtree
dsidm account reset_password
Reset the password of an account. This should be performed by a directory admin.
dsidm account change_password
Change the password of an account. This can be performed by any user (with correct rights)
dsidm account bulk_update
Perform a common operation to a set of entries
COMMAND 'dsidm account list'
usage: dsidm instance account list [-h]
COMMAND 'dsidm account get-by-dn'
usage: dsidm instance account get-by-dn [-h] [dn]
dn The dn to get and display
COMMAND 'dsidm account modify-by-dn'
usage: dsidm instance account modify-by-dn [-h] dn changes [changes ...]
dn The dn to get and display
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm account rename-by-dn'
usage: dsidm instance account rename-by-dn [-h] [--keep-old-rdn] dn new_dn
dn The dn to rename
new_dn A new role dn
OPTIONS 'dsidm account rename-by-dn'
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_role') should be kept as an attribute of the entry or
not
COMMAND 'dsidm account delete'
usage: dsidm instance account delete [-h] [dn]
dn The dn of the account to delete
COMMAND 'dsidm account lock'
usage: dsidm instance account lock [-h] [dn]
dn The dn to lock
COMMAND 'dsidm account unlock'
usage: dsidm instance account unlock [-h] [dn]
dn The dn to unlock
COMMAND 'dsidm account entry-status'
usage: dsidm instance account entry-status [-h] [-V] [dn]
dn The single entry dn to check
OPTIONS 'dsidm account entry-status'
-V, --details
Print more account policy details about the entry
COMMAND 'dsidm account subtree-status'
usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
[-s {one,sub}] [-i]
[-o BECOME_INACTIVE_ON]
basedn
basedn Search base for finding entries
OPTIONS 'dsidm account subtree-status'
-V, --details
Print more account policy details about the entries
-f FILTER, --filter FILTER
Search filter for finding entries
-s {one,sub}, --scope {one,sub}
Search scope (one, sub - default is sub
-i, --inactive-only
Only display inactivated entries
-o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON
Only display entries that will become inactive before specified date (in a format
2007-04-25T14:30)
COMMAND 'dsidm account reset_password'
usage: dsidm instance account reset_password [-h] [dn] [new_password]
dn The dn to reset the password for
new_password
The new password to set
COMMAND 'dsidm account change_password'
usage: dsidm instance account change_password [-h]
[dn] [new_password]
[current_password]
dn The dn to change the password for
new_password
The new password to set
current_password
The accounts current password
COMMAND 'dsidm account bulk_update'
usage: dsidm instance account bulk_update [-h] [-f FILTER] [-s {one,sub}] [-x]
basedn changes [changes ...]
basedn Search base for finding entries, only the children of this DN are processed
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
OPTIONS 'dsidm account bulk_update'
-f FILTER, --filter FILTER
Search filter for finding entries, default is '(objectclass=*)'
-s {one,sub}, --scope {one,sub}
Search scope (one, sub - default is sub
-x, --stop
Stop processing updates when an error occurs. Default is False
COMMAND 'dsidm group'
usage: dsidm instance group [-h]
{list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member}
...
POSITIONAL ARGUMENTS 'dsidm group'
dsidm group list
list
dsidm group get
get
dsidm group get_dn
get_dn
dsidm group create
create
dsidm group delete
deletes the object
dsidm group modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm group rename
rename the object
dsidm group members
List member dns of a group
dsidm group add_member
Add a member to a group
dsidm group remove_member
Remove a member from a group
COMMAND 'dsidm group list'
usage: dsidm instance group list [-h]
COMMAND 'dsidm group get'
usage: dsidm instance group get [-h] [selector]
selector
The term to search for
COMMAND 'dsidm group get_dn'
usage: dsidm instance group get_dn [-h] [dn]
dn The dn to get
COMMAND 'dsidm group create'
usage: dsidm instance group create [-h] [--cn [CN]]
OPTIONS 'dsidm group create'
--cn [CN]
Value of cn
COMMAND 'dsidm group delete'
usage: dsidm instance group delete [-h] [dn]
dn The dn to delete
COMMAND 'dsidm group modify'
usage: dsidm instance group modify [-h] selector changes [changes ...]
selector
The cn to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm group rename'
usage: dsidm instance group rename [-h] [--keep-old-rdn] selector new_name
selector
The cn to rename
new_name
A new group name
OPTIONS 'dsidm group rename'
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or
not
COMMAND 'dsidm group members'
usage: dsidm instance group members [-h] [cn]
cn cn of group to list members of
COMMAND 'dsidm group add_member'
usage: dsidm instance group add_member [-h] [cn] [dn]
cn cn of group to add member to
dn dn of object to add to group as member
COMMAND 'dsidm group remove_member'
usage: dsidm instance group remove_member [-h] [cn] [dn]
cn cn of group to remove member from
dn dn of object to remove from group as member
COMMAND 'dsidm initialise'
usage: dsidm instance initialise [-h] [--version VERSION]
OPTIONS 'dsidm initialise'
--version VERSION
The version of entries to create.
COMMAND 'dsidm organizationalunit'
usage: dsidm instance organizationalunit [-h]
{list,get,get_dn,create,delete,modify,rename}
...
POSITIONAL ARGUMENTS 'dsidm organizationalunit'
dsidm organizationalunit list
list
dsidm organizationalunit get
get
dsidm organizationalunit get_dn
get_dn
dsidm organizationalunit create
create
dsidm organizationalunit delete
deletes the object
dsidm organizationalunit modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm organizationalunit rename
rename the object
COMMAND 'dsidm organizationalunit list'
usage: dsidm instance organizationalunit list [-h]
COMMAND 'dsidm organizationalunit get'
usage: dsidm instance organizationalunit get [-h] [selector]
selector
The term to search for
COMMAND 'dsidm organizationalunit get_dn'
usage: dsidm instance organizationalunit get_dn [-h] [dn]
dn The dn to get
COMMAND 'dsidm organizationalunit create'
usage: dsidm instance organizationalunit create [-h] [--ou [OU]]
OPTIONS 'dsidm organizationalunit create'
--ou [OU]
Value of ou
COMMAND 'dsidm organizationalunit delete'
usage: dsidm instance organizationalunit delete [-h] [dn]
dn The dn to delete
COMMAND 'dsidm organizationalunit modify'
usage: dsidm instance organizationalunit modify [-h]
selector changes [changes ...]
selector
The ou to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm organizationalunit rename'
usage: dsidm instance organizationalunit rename [-h] [--keep-old-rdn]
selector new_name
selector
The ou to rename
new_name
A new organizational unit name
OPTIONS 'dsidm organizationalunit rename'
--keep-old-rdn
Specify whether the old RDN (i.e. 'ou: old_ou') should be kept as an attribute of the entry or not
COMMAND 'dsidm posixgroup'
usage: dsidm instance posixgroup [-h]
{list,get,get_dn,create,delete,modify,rename}
...
POSITIONAL ARGUMENTS 'dsidm posixgroup'
dsidm posixgroup list
list
dsidm posixgroup get
get
dsidm posixgroup get_dn
get_dn
dsidm posixgroup create
create
dsidm posixgroup delete
deletes the object
dsidm posixgroup modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm posixgroup rename
rename the object
COMMAND 'dsidm posixgroup list'
usage: dsidm instance posixgroup list [-h]
COMMAND 'dsidm posixgroup get'
usage: dsidm instance posixgroup get [-h] [selector]
selector
The term to search for
COMMAND 'dsidm posixgroup get_dn'
usage: dsidm instance posixgroup get_dn [-h] [dn]
dn The dn to get
COMMAND 'dsidm posixgroup create'
usage: dsidm instance posixgroup create [-h] [--cn [CN]]
[--gidNumber [GIDNUMBER]]
OPTIONS 'dsidm posixgroup create'
--cn [CN]
Value of cn
--gidNumber [GIDNUMBER]
Value of gidNumber
COMMAND 'dsidm posixgroup delete'
usage: dsidm instance posixgroup delete [-h] [dn]
dn The dn to delete
COMMAND 'dsidm posixgroup modify'
usage: dsidm instance posixgroup modify [-h] selector changes [changes ...]
selector
The cn to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm posixgroup rename'
usage: dsidm instance posixgroup rename [-h] [--keep-old-rdn]
selector new_name
selector
The cn to rename
new_name
A new posix group name
OPTIONS 'dsidm posixgroup rename'
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or
not
COMMAND 'dsidm user'
usage: dsidm instance user [-h]
{list,get,get_dn,create,modify,rename,delete} ...
POSITIONAL ARGUMENTS 'dsidm user'
dsidm user list
list
dsidm user get
get
dsidm user get_dn
get_dn
dsidm user create
create
dsidm user modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm user rename
rename the object
dsidm user delete
deletes the object
COMMAND 'dsidm user list'
usage: dsidm instance user list [-h]
COMMAND 'dsidm user get'
usage: dsidm instance user get [-h] [selector]
selector
The term to search for
COMMAND 'dsidm user get_dn'
usage: dsidm instance user get_dn [-h] [dn]
dn The dn to get
COMMAND 'dsidm user create'
usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
[--displayName [DISPLAYNAME]]
[--uidNumber [UIDNUMBER]]
[--gidNumber [GIDNUMBER]]
[--homeDirectory [HOMEDIRECTORY]]
OPTIONS 'dsidm user create'
--uid [UID]
Value of uid
--cn [CN]
Value of cn
--displayName [DISPLAYNAME]
Value of displayName
--uidNumber [UIDNUMBER]
Value of uidNumber
--gidNumber [GIDNUMBER]
Value of gidNumber
--homeDirectory [HOMEDIRECTORY]
Value of homeDirectory
COMMAND 'dsidm user modify'
usage: dsidm instance user modify [-h] selector changes [changes ...]
selector
The uid to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm user rename'
usage: dsidm instance user rename [-h] [--keep-old-rdn] selector new_name
selector
The uid to modify
new_name
A new user name
OPTIONS 'dsidm user rename'
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_user') should be kept as an attribute of the entry or
not
COMMAND 'dsidm user delete'
usage: dsidm instance user delete [-h] [dn]
dn The dn to delete
COMMAND 'dsidm client_config'
usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display} ...
POSITIONAL ARGUMENTS 'dsidm client_config'
dsidm client_config sssd.conf
Generate a SSSD configuration for this LDAP server
dsidm client_config ldap.conf
Generate an OpenLDAP ldap.conf configuration for this LDAP server
dsidm client_config display
Display generic application parameters for LDAP connection
COMMAND 'dsidm client_config sssd.conf'
usage: dsidm instance client_config sssd.conf [-h] [allowed_group]
allowed_group
The name of the group allowed access to this system
COMMAND 'dsidm client_config ldap.conf'
usage: dsidm instance client_config ldap.conf [-h]
COMMAND 'dsidm client_config display'
usage: dsidm instance client_config display [-h]
COMMAND 'dsidm role'
usage: dsidm instance role [-h]
{list,get,get-by-dn,create-managed,create-filtered,create-nested,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status}
...
POSITIONAL ARGUMENTS 'dsidm role'
dsidm role list
list roles that could login to the directory
dsidm role get
get
dsidm role get-by-dn
get-by-dn <dn>
dsidm role create-managed
create
dsidm role create-filtered
create
dsidm role create-nested
create
dsidm role modify-by-dn
modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
dsidm role rename-by-dn
rename the object
dsidm role delete
deletes the role
dsidm role lock
lock
dsidm role unlock
unlock
dsidm role entry-status
status of a single entry
dsidm role subtree-status
status of a subtree
COMMAND 'dsidm role list'
usage: dsidm instance role list [-h]
COMMAND 'dsidm role get'
usage: dsidm instance role get [-h] [selector]
selector
The term to search for
COMMAND 'dsidm role get-by-dn'
usage: dsidm instance role get-by-dn [-h] [dn]
dn The dn to get and display
COMMAND 'dsidm role create-managed'
usage: dsidm instance role create-managed [-h] [--cn [CN]]
OPTIONS 'dsidm role create-managed'
--cn [CN]
Value of cn
COMMAND 'dsidm role create-filtered'
usage: dsidm instance role create-filtered [-h] [--cn [CN]]
OPTIONS 'dsidm role create-filtered'
--cn [CN]
Value of cn
COMMAND 'dsidm role create-nested'
usage: dsidm instance role create-nested [-h] [--cn [CN]]
[--nsRoleDN [NSROLEDN]]
OPTIONS 'dsidm role create-nested'
--cn [CN]
Value of cn
--nsRoleDN [NSROLEDN]
Value of nsRoleDN
COMMAND 'dsidm role modify-by-dn'
usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]
dn The dn to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm role rename-by-dn'
usage: dsidm instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn
dn The dn to rename
new_dn A new account dn
OPTIONS 'dsidm role rename-by-dn'
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_account') should be kept as an attribute of the entry
or not
COMMAND 'dsidm role delete'
usage: dsidm instance role delete [-h] [dn]
dn The dn of the role to delete
COMMAND 'dsidm role lock'
usage: dsidm instance role lock [-h] [dn]
dn The dn to lock
COMMAND 'dsidm role unlock'
usage: dsidm instance role unlock [-h] [dn]
dn The dn to unlock
COMMAND 'dsidm role entry-status'
usage: dsidm instance role entry-status [-h] [dn]
dn The single entry dn to check
COMMAND 'dsidm role subtree-status'
usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s {base,one,sub}]
basedn
basedn Search base for finding entries
OPTIONS 'dsidm role subtree-status'
-f FILTER, --filter FILTER
Search filter for finding entries
-s {base,one,sub}, --scope {base,one,sub}
Search scope (base, one, sub - default is sub
COMMAND 'dsidm service'
usage: dsidm instance service [-h]
{list,get,get_dn,create,modify,rename,delete}
...
POSITIONAL ARGUMENTS 'dsidm service'
dsidm service list
list
dsidm service get
get
dsidm service get_dn
get_dn
dsidm service create
create
dsidm service modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm service rename
rename the object
dsidm service delete
deletes the object
COMMAND 'dsidm service list'
usage: dsidm instance service list [-h]
COMMAND 'dsidm service get'
usage: dsidm instance service get [-h] [selector]
selector
The term to search for
COMMAND 'dsidm service get_dn'
usage: dsidm instance service get_dn [-h] [dn]
dn The dn to get
COMMAND 'dsidm service create'
usage: dsidm instance service create [-h] [--cn [CN]]
[--description [DESCRIPTION]]
OPTIONS 'dsidm service create'
--cn [CN]
Value of cn
--description [DESCRIPTION]
Value of description
COMMAND 'dsidm service modify'
usage: dsidm instance service modify [-h] selector changes [changes ...]
selector
The cn to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm service rename'
usage: dsidm instance service rename [-h] [--keep-old-rdn] selector new_name
selector
The cn to modify
new_name
A new service name
OPTIONS 'dsidm service rename'
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_service') should be kept as an attribute of the entry
or not
COMMAND 'dsidm service delete'
usage: dsidm instance service delete [-h] [dn]
dn The dn to delete
COMMAND 'dsidm uniquegroup'
usage: dsidm instance uniquegroup [-h]
{list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member}
...
POSITIONAL ARGUMENTS 'dsidm uniquegroup'
dsidm uniquegroup list
list
dsidm uniquegroup get
get
dsidm uniquegroup get_dn
get_dn
dsidm uniquegroup create
create
dsidm uniquegroup delete
deletes the object
dsidm uniquegroup modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm uniquegroup rename
rename the object
dsidm uniquegroup members
List member dns of a group
dsidm uniquegroup add_member
Add a member to a group
dsidm uniquegroup remove_member
Remove a member from a group
COMMAND 'dsidm uniquegroup list'
usage: dsidm instance uniquegroup list [-h]
COMMAND 'dsidm uniquegroup get'
usage: dsidm instance uniquegroup get [-h] [selector]
selector
The term to search for
COMMAND 'dsidm uniquegroup get_dn'
usage: dsidm instance uniquegroup get_dn [-h] [dn]
dn The dn to get
COMMAND 'dsidm uniquegroup create'
usage: dsidm instance uniquegroup create [-h] [--cn [CN]]
OPTIONS 'dsidm uniquegroup create'
--cn [CN]
Value of cn
COMMAND 'dsidm uniquegroup delete'
usage: dsidm instance uniquegroup delete [-h] [dn]
dn The dn to delete
COMMAND 'dsidm uniquegroup modify'
usage: dsidm instance uniquegroup modify [-h] selector changes [changes ...]
selector
The cn to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm uniquegroup rename'
usage: dsidm instance uniquegroup rename [-h] [--keep-old-rdn]
selector new_name
selector
The cn to rename
new_name
A new group name
OPTIONS 'dsidm uniquegroup rename'
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or
not
COMMAND 'dsidm uniquegroup members'
usage: dsidm instance uniquegroup members [-h] [cn]
cn cn of group to list members of
COMMAND 'dsidm uniquegroup add_member'
usage: dsidm instance uniquegroup add_member [-h] [cn] [dn]
cn cn of group to add member to
dn dn of object to add to group as member
COMMAND 'dsidm uniquegroup remove_member'
usage: dsidm instance uniquegroup remove_member [-h] [cn] [dn]
cn cn of group to remove member from
dn dn of object to remove from group as member
OPTIONS
-b BASEDN, --basedn BASEDN
Base DN (root naming context) of the instance to manage
-v, --verbose
Display verbose operation tracing during command execution
-D BINDDN, --binddn BINDDN
The account to bind as for executing operations
-w BINDPW, --bindpw BINDPW
Password for the bind DN
-W, --prompt
Prompt for password of the bind DN
-y PWDFILE, --pwdfile PWDFILE
Specifies a file containing the password of the bind DN
-Z, --starttls
Connect with StartTLS
-j, --json
Return result in JSON object
AUTHOR
Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org>
DISTRIBUTION
The latest version of lib389 may be downloaded from
http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html
lib389 2.4.5 2024-04-15 DSIDM(8)