Provided by: python3-lib389_3.1.1+dfsg1-1ubuntu1_all
NAME
dsidm
SYNOPSIS
dsidm [-h] [-v] [-j] [-b BASEDN] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-Z] instance {account,group,initialise,init,organizationalunit,ou,posixgroup,user,client_config,role,service,uniquegroup} ...
POSITIONAL ARGUMENTS
dsidm account Manage generic accounts, with tasks like modify, locking and unlocking. To create an account, see "user" subcommand instead. dsidm group Manage groups. The organizationalUnit (by default "ou=groups") needs to exist prior to managing groups. Groups uses the objectclass "groupOfNames" and the grouping attribute "member" dsidm initialise Initialise a backend with domain information and sample entries dsidm organizationalunit Manage organizational units dsidm posixgroup Manage posix groups The organizationalUnit (by default ou=groups") needs to exist prior to managing posix groups. dsidm user Manage posix users. The organizationalUnit (by default "ou=people") needs to exist prior to managing users. dsidm client_config Display and generate client example configs for this LDAP server dsidm role Manage roles. dsidm service Manage service accounts. The organizationalUnit (by default "ou=Services") needs to exist prior to managing service accounts. dsidm uniquegroup Manage groups. The organizationalUnit (by default "ou=groups") needs to exist prior to managing groups. Unique groups uses the objectclass "groupOfUniqueNames" and the grouping attribute "uniquemember" COMMAND 'dsidm account' usage: dsidm instance account [-h] {list,get-by-dn,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status,reset_password,change_password,bulk_update} ... POSITIONAL ARGUMENTS 'dsidm account' dsidm account list list accounts that could login to the directory dsidm account get-by-dn get-by-dn <dn> dsidm account modify-by-dn modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ... dsidm account rename-by-dn rename the object dsidm account delete deletes the account dsidm account lock lock dsidm account unlock unlock dsidm account entry-status status of a single entry dsidm account subtree-status status of a subtree dsidm account reset_password Reset the password of an account. This should be performed by a directory admin. dsidm account change_password Change the password of an account. This can be performed by any user (with correct rights) dsidm account bulk_update Perform a common operation to a set of entries COMMAND 'dsidm account list' usage: dsidm [-v] [-j] instance account list [-h] COMMAND 'dsidm account get-by-dn' usage: dsidm [-v] [-j] instance account get-by-dn [-h] [dn] dn The dn to get and display COMMAND 'dsidm account modify-by-dn' usage: dsidm [-v] [-j] instance account modify-by-dn [-h] dn changes [changes ...] dn The dn to get and display changes A list of changes to apply in format: <add|delete|replace>:<attribute>:<value> COMMAND 'dsidm account rename-by-dn' usage: dsidm [-v] [-j] instance account rename-by-dn [-h] [--keep-old-rdn] dn new_dn dn The dn to rename new_dn A new role dn OPTIONS 'dsidm account rename-by-dn' --keep-old-rdn Specify whether the old RDN (i.e. 'cn: old_role') should be kept as an attribute of the entry or not COMMAND 'dsidm account delete' usage: dsidm [-v] [-j] instance account delete [-h] [dn] dn The dn of the account to delete COMMAND 'dsidm account lock' usage: dsidm [-v] [-j] instance account lock [-h] [dn] dn The dn to lock COMMAND 'dsidm account unlock' usage: dsidm [-v] [-j] instance account unlock [-h] [dn] dn The dn to unlock COMMAND 'dsidm account entry-status' usage: dsidm [-v] [-j] instance account entry-status [-h] [-V] [dn] dn The single entry dn to check OPTIONS 'dsidm account entry-status' -V, --details Print more account policy details about the entry COMMAND 'dsidm account subtree-status' usage: dsidm [-v] [-j] instance account subtree-status [-h] [-V] [-f FILTER] [-s {one,sub}] [-i] [-o BECOME_INACTIVE_ON] basedn basedn Search base for finding entries OPTIONS 'dsidm account subtree-status' -V, --details Print more account policy details about the entries -f FILTER, --filter FILTER Search filter for finding entries -s {one,sub}, --scope {one,sub} Search scope (one, sub - default is sub -i, --inactive-only Only display inactivated entries -o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON Only display entries that will become inactive before specified date (in a format 2007-04-25T14:30) COMMAND 'dsidm account reset_password' usage: dsidm [-v] [-j] instance account reset_password [-h] [dn] [new_password] dn The dn to reset the password for new_password The new password to set COMMAND 'dsidm account change_password' usage: dsidm [-v] [-j] instance account change_password [-h] [dn] [new_password] [current_password] dn The dn to change the password for new_password The new password to set current_password The accounts current password COMMAND 'dsidm account bulk_update' usage: dsidm [-v] [-j] instance account bulk_update [-h] [-f FILTER] [-s {one,sub}] [-x] basedn changes [changes ...] basedn Search base for finding entries, only the children of this DN are processed changes A list of changes to apply in format: <add|delete|replace>:<attribute>:<value> OPTIONS 'dsidm account bulk_update' -f FILTER, --filter FILTER Search filter for finding entries, default is '(objectclass=*)' -s {one,sub}, --scope {one,sub} Search scope (one, sub - default is sub -x, --stop Stop processing updates when an error occurs. Default is False COMMAND 'dsidm group' usage: dsidm instance group [-h] {list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member} ... POSITIONAL ARGUMENTS 'dsidm group' dsidm group list list dsidm group get get dsidm group get_dn get_dn dsidm group create create dsidm group delete deletes the object dsidm group modify modify <add|delete|replace>:<attribute>:<value> ... dsidm group rename rename the object dsidm group members List member dns of a group dsidm group add_member Add a member to a group dsidm group remove_member Remove a member from a group COMMAND 'dsidm group list' usage: dsidm [-v] [-j] instance group list [-h] COMMAND 'dsidm group get' usage: dsidm [-v] [-j] instance group get [-h] [selector] selector The term to search for COMMAND 'dsidm group get_dn' usage: dsidm [-v] [-j] instance group get_dn [-h] [dn] dn The dn to get COMMAND 'dsidm group create' usage: dsidm [-v] [-j] instance group create [-h] [--cn [CN]] OPTIONS 'dsidm group create' --cn [CN] Value of cn COMMAND 'dsidm group delete' usage: dsidm [-v] [-j] instance group delete [-h] [dn] dn The dn to delete COMMAND 'dsidm group modify' usage: dsidm [-v] [-j] instance group modify [-h] selector changes [changes ...] selector The cn to modify changes A list of changes to apply in format: <add|delete|replace>:<attribute>:<value> COMMAND 'dsidm group rename' usage: dsidm [-v] [-j] instance group rename [-h] [--keep-old-rdn] selector new_name selector The cn to rename new_name A new group name OPTIONS 'dsidm group rename' --keep-old-rdn Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not COMMAND 'dsidm group members' usage: dsidm [-v] [-j] instance group members [-h] [cn] cn cn of group to list members of COMMAND 'dsidm group add_member' usage: dsidm [-v] [-j] instance group add_member [-h] [cn] [dn] cn cn of group to add member to dn dn of object to add to group as member COMMAND 'dsidm group remove_member' usage: dsidm [-v] [-j] instance group remove_member [-h] [cn] [dn] cn cn of group to remove member from dn dn of object to remove from group as member COMMAND 'dsidm initialise' usage: dsidm [-v] [-j] instance initialise [-h] [--version VERSION] OPTIONS 'dsidm initialise' --version VERSION The version of entries to create. COMMAND 'dsidm organizationalunit' usage: dsidm [-v] [-j] instance organizationalunit [-h] {list,get,get_dn,create,delete,modify,rename} ... POSITIONAL ARGUMENTS 'dsidm organizationalunit' dsidm organizationalunit list list dsidm organizationalunit get get dsidm organizationalunit get_dn get_dn dsidm organizationalunit create create dsidm organizationalunit delete deletes the object dsidm organizationalunit modify modify <add|delete|replace>:<attribute>:<value> ... dsidm organizationalunit rename rename the object COMMAND 'dsidm organizationalunit list' usage: dsidm [-v] [-j] instance organizationalunit list [-h] COMMAND 'dsidm organizationalunit get' usage: dsidm [-v] [-j] instance organizationalunit get [-h] [selector] selector The term to search for COMMAND 'dsidm organizationalunit get_dn' usage: dsidm [-v] [-j] instance organizationalunit get_dn [-h] [dn] dn The dn to get COMMAND 'dsidm organizationalunit create' usage: dsidm [-v] [-j] instance organizationalunit create [-h] [--ou [OU]] OPTIONS 'dsidm organizationalunit create' --ou [OU] Value of ou COMMAND 'dsidm organizationalunit delete' usage: dsidm [-v] [-j] instance organizationalunit delete [-h] [dn] dn The dn to delete COMMAND 'dsidm organizationalunit modify' usage: dsidm [-v] [-j] instance organizationalunit modify [-h] selector changes [changes ...] selector The ou to modify changes A list of changes to apply in format: <add|delete|replace>:<attribute>:<value> COMMAND 'dsidm organizationalunit rename' usage: dsidm [-v] [-j] instance organizationalunit rename [-h] [--keep-old-rdn] selector new_name selector The ou to rename new_name A new organizational unit name OPTIONS 'dsidm organizationalunit rename' --keep-old-rdn Specify whether the old RDN (i.e. 'ou: old_ou') should be kept as an attribute of the entry or not COMMAND 'dsidm posixgroup' usage: dsidm instance posixgroup [-h] {list,get,get_dn,create,delete,modify,rename} ... POSITIONAL ARGUMENTS 'dsidm posixgroup' dsidm posixgroup list list dsidm posixgroup get get dsidm posixgroup get_dn get_dn dsidm posixgroup create create dsidm posixgroup delete deletes the object dsidm posixgroup modify modify <add|delete|replace>:<attribute>:<value> ... dsidm posixgroup rename rename the object COMMAND 'dsidm posixgroup list' usage: dsidm [-v] [-j] instance posixgroup list [-h] COMMAND 'dsidm posixgroup get' usage: dsidm [-v] [-j] instance posixgroup get [-h] [selector] selector The term to search for COMMAND 'dsidm posixgroup get_dn' usage: dsidm [-v] [-j] instance posixgroup get_dn [-h] [dn] dn The dn to get COMMAND 'dsidm posixgroup create' usage: dsidm [-v] [-j] instance posixgroup create [-h] [--cn [CN]] [--gidNumber [GIDNUMBER]] OPTIONS 'dsidm posixgroup create' --cn [CN] Value of cn --gidNumber [GIDNUMBER] Value of gidNumber COMMAND 'dsidm posixgroup delete' usage: dsidm [-v] [-j] instance posixgroup delete [-h] [dn] dn The dn to delete COMMAND 'dsidm posixgroup modify' usage: dsidm [-v] [-j] instance posixgroup modify [-h] selector changes [changes ...] selector The cn to modify changes A list of changes to apply in format: <add|delete|replace>:<attribute>:<value> COMMAND 'dsidm posixgroup rename' usage: dsidm [-v] [-j] instance posixgroup rename [-h] [--keep-old-rdn] selector new_name selector The cn to rename new_name A new posix group name OPTIONS 'dsidm posixgroup rename' --keep-old-rdn Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not COMMAND 'dsidm user' usage: dsidm instance user [-h] {list,get,get_dn,create,modify,rename,delete} ... POSITIONAL ARGUMENTS 'dsidm user' dsidm user list list dsidm user get get dsidm user get_dn get_dn dsidm user create create dsidm user modify modify <add|delete|replace>:<attribute>:<value> ... dsidm user rename rename the object dsidm user delete deletes the object COMMAND 'dsidm user list' usage: dsidm [-v] [-j] instance user list [-h] COMMAND 'dsidm user get' usage: dsidm [-v] [-j] instance user get [-h] [selector] selector The term to search for COMMAND 'dsidm user get_dn' usage: dsidm [-v] [-j] instance user get_dn [-h] [dn] dn The dn to get COMMAND 'dsidm user create' usage: dsidm [-v] [-j] instance user create [-h] [--uid [UID]] [--cn [CN]] [--displayName [DISPLAYNAME]] [--uidNumber [UIDNUMBER]] [--gidNumber [GIDNUMBER]] [--homeDirectory [HOMEDIRECTORY]] OPTIONS 'dsidm user create' --uid [UID] Value of uid --cn [CN] Value of cn --displayName [DISPLAYNAME] Value of displayName --uidNumber [UIDNUMBER] Value of uidNumber --gidNumber [GIDNUMBER] Value of gidNumber --homeDirectory [HOMEDIRECTORY] Value of homeDirectory COMMAND 'dsidm user modify' usage: dsidm [-v] [-j] instance user modify [-h] selector changes [changes ...] selector The uid to modify changes A list of changes to apply in format: <add|delete|replace>:<attribute>:<value> COMMAND 'dsidm user rename' usage: dsidm [-v] [-j] instance user rename [-h] [--keep-old-rdn] selector new_name selector The uid to modify new_name A new user name OPTIONS 'dsidm user rename' --keep-old-rdn Specify whether the old RDN (i.e. 'cn: old_user') should be kept as an attribute of the entry or not COMMAND 'dsidm user delete' usage: dsidm [-v] [-j] instance user delete [-h] [dn] dn The dn to delete COMMAND 'dsidm client_config' usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display} ... POSITIONAL ARGUMENTS 'dsidm client_config' dsidm client_config sssd.conf Generate a SSSD configuration for this LDAP server dsidm client_config ldap.conf Generate an OpenLDAP ldap.conf configuration for this LDAP server dsidm client_config display Display generic application parameters for LDAP connection COMMAND 'dsidm client_config sssd.conf' usage: dsidm instance client_config sssd.conf [-h] [allowed_group] allowed_group The name of the group allowed access to this system COMMAND 'dsidm client_config ldap.conf' usage: dsidm instance client_config ldap.conf [-h] COMMAND 'dsidm client_config display' usage: dsidm instance client_config display [-h] COMMAND 'dsidm role' usage: dsidm [-v] [-j] instance role [-h] {list,get,get-by-dn,create-managed,create-filtered,create-nested,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status} ... POSITIONAL ARGUMENTS 'dsidm role' dsidm role list list roles that could login to the directory dsidm role get get dsidm role get-by-dn get-by-dn <dn> dsidm role create-managed create dsidm role create-filtered create dsidm role create-nested create dsidm role modify-by-dn modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ... dsidm role rename-by-dn rename the object dsidm role delete deletes the role dsidm role lock lock dsidm role unlock unlock dsidm role entry-status status of a single entry dsidm role subtree-status status of a subtree COMMAND 'dsidm role list' usage: dsidm [-v] [-j] instance role list [-h] COMMAND 'dsidm role get' usage: dsidm [-v] [-j] instance role get [-h] [selector] selector The term to search for COMMAND 'dsidm role get-by-dn' usage: dsidm [-v] [-j] instance role get-by-dn [-h] [dn] dn The dn to get and display COMMAND 'dsidm role create-managed' usage: dsidm [-v] [-j] instance role create-managed [-h] [--cn [CN]] OPTIONS 'dsidm role create-managed' --cn [CN] Value of cn COMMAND 'dsidm role create-filtered' usage: dsidm [-v] [-j] instance role create-filtered [-h] [--cn [CN]] OPTIONS 'dsidm role create-filtered' --cn [CN] Value of cn COMMAND 'dsidm role create-nested' usage: dsidm [-v] [-j] instance role create-nested [-h] [--cn [CN]] [--nsRoleDN [NSROLEDN]] OPTIONS 'dsidm role create-nested' --cn [CN] Value of cn --nsRoleDN [NSROLEDN] Value of nsRoleDN COMMAND 'dsidm role modify-by-dn' usage: dsidm [-v] [-j] instance role modify-by-dn [-h] dn changes [changes ...] dn The dn to modify changes A list of changes to apply in format: <add|delete|replace>:<attribute>:<value> COMMAND 'dsidm role rename-by-dn' usage: dsidm [-v] [-j] instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn dn The dn to rename new_dn A new account dn OPTIONS 'dsidm role rename-by-dn' --keep-old-rdn Specify whether the old RDN (i.e. 'cn: old_account') should be kept as an attribute of the entry or not COMMAND 'dsidm role delete' usage: dsidm [-v] [-j] instance role delete [-h] [dn] dn The dn of the role to delete COMMAND 'dsidm role lock' usage: dsidm [-v] [-j] instance role lock [-h] [dn] dn The dn to lock COMMAND 'dsidm role unlock' usage: dsidm [-v] [-j] instance role unlock [-h] [dn] dn The dn to unlock COMMAND 'dsidm role entry-status' usage: dsidm [-v] [-j] instance role entry-status [-h] [dn] dn The single entry dn to check COMMAND 'dsidm role subtree-status' usage: dsidm [-v] [-j] instance role subtree-status [-h] [-f FILTER] [-s {base,one,sub}] basedn basedn Search base for finding entries OPTIONS 'dsidm role subtree-status' -f FILTER, --filter FILTER Search filter for finding entries -s {base,one,sub}, --scope {base,one,sub} Search scope (base, one, sub - default is sub COMMAND 'dsidm service' usage: dsidm [-v] [-j] instance service [-h] {list,get,get_dn,create,modify,rename,delete} ... POSITIONAL ARGUMENTS 'dsidm service' dsidm service list list dsidm service get get dsidm service get_dn get_dn dsidm service create create dsidm service modify modify <add|delete|replace>:<attribute>:<value> ... dsidm service rename rename the object dsidm service delete deletes the object COMMAND 'dsidm service list' usage: dsidm [-v] [-j] instance service list [-h] COMMAND 'dsidm service get' usage: dsidm [-v] [-j] instance service get [-h] [selector] selector The term to search for COMMAND 'dsidm service get_dn' usage: dsidm [-v] [-j] instance service get_dn [-h] [dn] dn The dn to get COMMAND 'dsidm service create' usage: dsidm [-v] [-j] instance service create [-h] [--cn [CN]] [--description [DESCRIPTION]] OPTIONS 'dsidm service create' --cn [CN] Value of cn --description [DESCRIPTION] Value of description COMMAND 'dsidm service modify' usage: dsidm [-v] [-j] instance service modify [-h] selector changes [changes ...] selector The cn to modify changes A list of changes to apply in format: <add|delete|replace>:<attribute>:<value> COMMAND 'dsidm service rename' usage: dsidm [-v] [-j] instance service rename [-h] [--keep-old-rdn] selector new_name selector The cn to modify new_name A new service name OPTIONS 'dsidm service rename' --keep-old-rdn Specify whether the old RDN (i.e. 'cn: old_service') should be kept as an attribute of the entry or not COMMAND 'dsidm service delete' usage: dsidm [-v] [-j] instance service delete [-h] [dn] dn The dn to delete COMMAND 'dsidm uniquegroup' usage: dsidm instance uniquegroup [-h] {list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member} ... POSITIONAL ARGUMENTS 'dsidm uniquegroup' dsidm uniquegroup list list dsidm uniquegroup get get dsidm uniquegroup get_dn get_dn dsidm uniquegroup create create dsidm uniquegroup delete deletes the object dsidm uniquegroup modify modify <add|delete|replace>:<attribute>:<value> ... dsidm uniquegroup rename rename the object dsidm uniquegroup members List member dns of a group dsidm uniquegroup add_member Add a member to a group dsidm uniquegroup remove_member Remove a member from a group COMMAND 'dsidm uniquegroup list' usage: dsidm [-v] [-j] instance uniquegroup list [-h] COMMAND 'dsidm uniquegroup get' usage: dsidm [-v] [-j] instance uniquegroup get [-h] [selector] selector The term to search for COMMAND 'dsidm uniquegroup get_dn' usage: dsidm [-v] [-j] instance uniquegroup get_dn [-h] [dn] dn The dn to get COMMAND 'dsidm uniquegroup create' usage: dsidm [-v] [-j] instance uniquegroup create [-h] [--cn [CN]] OPTIONS 'dsidm uniquegroup create' --cn [CN] Value of cn COMMAND 'dsidm uniquegroup delete' usage: dsidm [-v] [-j] instance uniquegroup delete [-h] [dn] dn The dn to delete COMMAND 'dsidm uniquegroup modify' usage: dsidm [-v] [-j] instance uniquegroup modify [-h] selector changes [changes ...] selector The cn to modify changes A list of changes to apply in format: <add|delete|replace>:<attribute>:<value> COMMAND 'dsidm uniquegroup rename' usage: dsidm [-v] [-j] instance uniquegroup rename [-h] [--keep-old-rdn] selector new_name selector The cn to rename new_name A new group name OPTIONS 'dsidm uniquegroup rename' --keep-old-rdn Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not COMMAND 'dsidm uniquegroup members' usage: dsidm [-v] [-j] instance uniquegroup members [-h] [cn] cn cn of group to list members of COMMAND 'dsidm uniquegroup add_member' usage: dsidm [-v] [-j] instance uniquegroup add_member [-h] [cn] [dn] cn cn of group to add member to dn dn of object to add to group as member COMMAND 'dsidm uniquegroup remove_member' usage: dsidm [-v] [-j] instance uniquegroup remove_member [-h] [cn] [dn] cn cn of group to remove member from dn dn of object to remove from group as member
OPTIONS
-v, --verbose Display verbose operation tracing during command execution -j, --json Return result in JSON object -b BASEDN, --basedn BASEDN Base DN (root naming context) of the instance to manage -D BINDDN, --binddn BINDDN The account to bind as for executing operations -w BINDPW, --bindpw BINDPW Password for the bind DN -W, --prompt Prompt for password of the bind DN -y PWDFILE, --pwdfile PWDFILE Specifies a file containing the password of the bind DN -Z, --starttls Connect with StartTLS
AUTHOR
Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org>
DISTRIBUTION
The latest version of lib389 may be downloaded from ⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html⟩