Provided by: python3-lib389_3.1.2+dfsg1-1_all 
NAME
dsidm
SYNOPSIS
dsidm [-h] [-v] [-j] [-b BASEDN] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-Z] instance
{account,group,initialise,init,organizationalunit,ou,posixgroup,user,client_config,role,service,uniquegroup}
...
POSITIONAL ARGUMENTS
dsidm account
Manage generic accounts, with tasks like modify, locking and unlocking. To create an account, see
"user" subcommand instead.
dsidm group
Manage groups. The organizationalUnit (by default "ou=groups") needs to exist prior to managing
groups. Groups uses the objectclass "groupOfNames" and the grouping attribute "member"
dsidm initialise
Initialise a backend with domain information and sample entries
dsidm organizationalunit
Manage organizational units
dsidm posixgroup
Manage posix groups The organizationalUnit (by default ou=groups") needs to exist prior to
managing posix groups.
dsidm user
Manage posix users. The organizationalUnit (by default "ou=people") needs to exist prior to
managing users.
dsidm client_config
Display and generate client example configs for this LDAP server
dsidm role
Manage roles.
dsidm service
Manage service accounts. The organizationalUnit (by default "ou=Services") needs to exist prior to
managing service accounts.
dsidm uniquegroup
Manage groups. The organizationalUnit (by default "ou=groups") needs to exist prior to managing
groups. Unique groups uses the objectclass "groupOfUniqueNames" and the grouping attribute
"uniquemember"
COMMAND 'dsidm account'
usage: dsidm instance account [-h]
{list,get-by-dn,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status,reset_password,change_password,bulk_update}
...
POSITIONAL ARGUMENTS 'dsidm account'
dsidm account list
list accounts that could login to the directory
dsidm account get-by-dn
get-by-dn <dn>
dsidm account modify-by-dn
modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
dsidm account rename-by-dn
rename the object
dsidm account delete
deletes the account
dsidm account lock
lock
dsidm account unlock
unlock
dsidm account entry-status
status of a single entry
dsidm account subtree-status
status of a subtree
dsidm account reset_password
Reset the password of an account. This should be performed by a directory admin.
dsidm account change_password
Change the password of an account. This can be performed by any user (with correct rights)
dsidm account bulk_update
Perform a common operation to a set of entries
COMMAND 'dsidm account list'
usage: dsidm [-v] [-j] instance account list [-h]
COMMAND 'dsidm account get-by-dn'
usage: dsidm [-v] [-j] instance account get-by-dn [-h] [dn]
dn The dn to get and display
COMMAND 'dsidm account modify-by-dn'
usage: dsidm [-v] [-j] instance account modify-by-dn [-h] dn changes [changes ...]
dn The dn to get and display
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm account rename-by-dn'
usage: dsidm [-v] [-j] instance account rename-by-dn [-h] [--keep-old-rdn] dn new_dn
dn The dn to rename
new_dn A new role dn
OPTIONS 'dsidm account rename-by-dn'
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_role') should be kept as an attribute of the entry or
not
COMMAND 'dsidm account delete'
usage: dsidm [-v] [-j] instance account delete [-h] [dn]
dn The dn of the account to delete
COMMAND 'dsidm account lock'
usage: dsidm [-v] [-j] instance account lock [-h] [dn]
dn The dn to lock
COMMAND 'dsidm account unlock'
usage: dsidm [-v] [-j] instance account unlock [-h] [dn]
dn The dn to unlock
COMMAND 'dsidm account entry-status'
usage: dsidm [-v] [-j] instance account entry-status [-h] [-V] [dn]
dn The single entry dn to check
OPTIONS 'dsidm account entry-status'
-V, --details
Print more account policy details about the entry
COMMAND 'dsidm account subtree-status'
usage: dsidm [-v] [-j] instance account subtree-status [-h] [-V] [-f FILTER]
[-s {one,sub}] [-i]
[-o BECOME_INACTIVE_ON]
basedn
basedn Search base for finding entries
OPTIONS 'dsidm account subtree-status'
-V, --details
Print more account policy details about the entries
-f FILTER, --filter FILTER
Search filter for finding entries
-s {one,sub}, --scope {one,sub}
Search scope (one, sub - default is sub
-i, --inactive-only
Only display inactivated entries
-o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON
Only display entries that will become inactive before specified date (in a format
2007-04-25T14:30)
COMMAND 'dsidm account reset_password'
usage: dsidm [-v] [-j] instance account reset_password [-h] [dn] [new_password]
dn The dn to reset the password for
new_password
The new password to set
COMMAND 'dsidm account change_password'
usage: dsidm [-v] [-j] instance account change_password [-h]
[dn] [new_password]
[current_password]
dn The dn to change the password for
new_password
The new password to set
current_password
The accounts current password
COMMAND 'dsidm account bulk_update'
usage: dsidm [-v] [-j] instance account bulk_update [-h] [-f FILTER] [-s {one,sub}] [-x]
basedn changes [changes ...]
basedn Search base for finding entries, only the children of this DN are processed
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
OPTIONS 'dsidm account bulk_update'
-f FILTER, --filter FILTER
Search filter for finding entries, default is '(objectclass=*)'
-s {one,sub}, --scope {one,sub}
Search scope (one, sub - default is sub
-x, --stop
Stop processing updates when an error occurs. Default is False
COMMAND 'dsidm group'
usage: dsidm instance group [-h]
{list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member}
...
POSITIONAL ARGUMENTS 'dsidm group'
dsidm group list
list
dsidm group get
get
dsidm group get_dn
get_dn
dsidm group create
create
dsidm group delete
deletes the object
dsidm group modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm group rename
rename the object
dsidm group members
List member dns of a group
dsidm group add_member
Add a member to a group
dsidm group remove_member
Remove a member from a group
COMMAND 'dsidm group list'
usage: dsidm [-v] [-j] instance group list [-h]
COMMAND 'dsidm group get'
usage: dsidm [-v] [-j] instance group get [-h] [selector]
selector
The term to search for
COMMAND 'dsidm group get_dn'
usage: dsidm [-v] [-j] instance group get_dn [-h] [dn]
dn The dn to get
COMMAND 'dsidm group create'
usage: dsidm [-v] [-j] instance group create [-h] [--cn [CN]]
OPTIONS 'dsidm group create'
--cn [CN]
Value of cn
COMMAND 'dsidm group delete'
usage: dsidm [-v] [-j] instance group delete [-h] [dn]
dn The dn to delete
COMMAND 'dsidm group modify'
usage: dsidm [-v] [-j] instance group modify [-h] selector changes [changes ...]
selector
The cn to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm group rename'
usage: dsidm [-v] [-j] instance group rename [-h] [--keep-old-rdn] selector new_name
selector
The cn to rename
new_name
A new group name
OPTIONS 'dsidm group rename'
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or
not
COMMAND 'dsidm group members'
usage: dsidm [-v] [-j] instance group members [-h] [cn]
cn cn of group to list members of
COMMAND 'dsidm group add_member'
usage: dsidm [-v] [-j] instance group add_member [-h] [cn] [dn]
cn cn of group to add member to
dn dn of object to add to group as member
COMMAND 'dsidm group remove_member'
usage: dsidm [-v] [-j] instance group remove_member [-h] [cn] [dn]
cn cn of group to remove member from
dn dn of object to remove from group as member
COMMAND 'dsidm initialise'
usage: dsidm [-v] [-j] instance initialise [-h] [--version VERSION]
OPTIONS 'dsidm initialise'
--version VERSION
The version of entries to create.
COMMAND 'dsidm organizationalunit'
usage: dsidm [-v] [-j] instance organizationalunit [-h]
{list,get,get_dn,create,delete,modify,rename} ...
POSITIONAL ARGUMENTS 'dsidm organizationalunit'
dsidm organizationalunit list
list
dsidm organizationalunit get
get
dsidm organizationalunit get_dn
get_dn
dsidm organizationalunit create
create
dsidm organizationalunit delete
deletes the object
dsidm organizationalunit modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm organizationalunit rename
rename the object
COMMAND 'dsidm organizationalunit list'
usage: dsidm [-v] [-j] instance organizationalunit list [-h]
COMMAND 'dsidm organizationalunit get'
usage: dsidm [-v] [-j] instance organizationalunit get [-h] [selector]
selector
The term to search for
COMMAND 'dsidm organizationalunit get_dn'
usage: dsidm [-v] [-j] instance organizationalunit get_dn [-h] [dn]
dn The dn to get
COMMAND 'dsidm organizationalunit create'
usage: dsidm [-v] [-j] instance organizationalunit create [-h] [--ou [OU]]
OPTIONS 'dsidm organizationalunit create'
--ou [OU]
Value of ou
COMMAND 'dsidm organizationalunit delete'
usage: dsidm [-v] [-j] instance organizationalunit delete [-h] [dn]
dn The dn to delete
COMMAND 'dsidm organizationalunit modify'
usage: dsidm [-v] [-j] instance organizationalunit modify [-h]
selector
changes [changes ...]
selector
The ou to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm organizationalunit rename'
usage: dsidm [-v] [-j] instance organizationalunit rename [-h]
[--keep-old-rdn]
selector new_name
selector
The ou to rename
new_name
A new organizational unit name
OPTIONS 'dsidm organizationalunit rename'
--keep-old-rdn
Specify whether the old RDN (i.e. 'ou: old_ou') should be kept as an attribute of the entry or not
COMMAND 'dsidm posixgroup'
usage: dsidm instance posixgroup [-h]
{list,get,get_dn,create,delete,modify,rename} ...
POSITIONAL ARGUMENTS 'dsidm posixgroup'
dsidm posixgroup list
list
dsidm posixgroup get
get
dsidm posixgroup get_dn
get_dn
dsidm posixgroup create
create
dsidm posixgroup delete
deletes the object
dsidm posixgroup modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm posixgroup rename
rename the object
COMMAND 'dsidm posixgroup list'
usage: dsidm [-v] [-j] instance posixgroup list [-h]
COMMAND 'dsidm posixgroup get'
usage: dsidm [-v] [-j] instance posixgroup get [-h] [selector]
selector
The term to search for
COMMAND 'dsidm posixgroup get_dn'
usage: dsidm [-v] [-j] instance posixgroup get_dn [-h] [dn]
dn The dn to get
COMMAND 'dsidm posixgroup create'
usage: dsidm [-v] [-j] instance posixgroup create [-h] [--cn [CN]]
[--gidNumber [GIDNUMBER]]
OPTIONS 'dsidm posixgroup create'
--cn [CN]
Value of cn
--gidNumber [GIDNUMBER]
Value of gidNumber
COMMAND 'dsidm posixgroup delete'
usage: dsidm [-v] [-j] instance posixgroup delete [-h] [dn]
dn The dn to delete
COMMAND 'dsidm posixgroup modify'
usage: dsidm [-v] [-j] instance posixgroup modify [-h] selector changes [changes ...]
selector
The cn to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm posixgroup rename'
usage: dsidm [-v] [-j] instance posixgroup rename [-h] [--keep-old-rdn]
selector new_name
selector
The cn to rename
new_name
A new posix group name
OPTIONS 'dsidm posixgroup rename'
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or
not
COMMAND 'dsidm user'
usage: dsidm instance user [-h]
{list,get,get_dn,create,modify,rename,delete} ...
POSITIONAL ARGUMENTS 'dsidm user'
dsidm user list
list
dsidm user get
get
dsidm user get_dn
get_dn
dsidm user create
create
dsidm user modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm user rename
rename the object
dsidm user delete
deletes the object
COMMAND 'dsidm user list'
usage: dsidm [-v] [-j] instance user list [-h]
COMMAND 'dsidm user get'
usage: dsidm [-v] [-j] instance user get [-h] [selector]
selector
The term to search for
COMMAND 'dsidm user get_dn'
usage: dsidm [-v] [-j] instance user get_dn [-h] [dn]
dn The dn to get
COMMAND 'dsidm user create'
usage: dsidm [-v] [-j] instance user create [-h] [--uid [UID]] [--cn [CN]]
[--displayName [DISPLAYNAME]]
[--uidNumber [UIDNUMBER]]
[--gidNumber [GIDNUMBER]]
[--homeDirectory [HOMEDIRECTORY]]
OPTIONS 'dsidm user create'
--uid [UID]
Value of uid
--cn [CN]
Value of cn
--displayName [DISPLAYNAME]
Value of displayName
--uidNumber [UIDNUMBER]
Value of uidNumber
--gidNumber [GIDNUMBER]
Value of gidNumber
--homeDirectory [HOMEDIRECTORY]
Value of homeDirectory
COMMAND 'dsidm user modify'
usage: dsidm [-v] [-j] instance user modify [-h] selector changes [changes ...]
selector
The uid to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm user rename'
usage: dsidm [-v] [-j] instance user rename [-h] [--keep-old-rdn] selector new_name
selector
The uid to modify
new_name
A new user name
OPTIONS 'dsidm user rename'
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_user') should be kept as an attribute of the entry or
not
COMMAND 'dsidm user delete'
usage: dsidm [-v] [-j] instance user delete [-h] [dn]
dn The dn to delete
COMMAND 'dsidm client_config'
usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display} ...
POSITIONAL ARGUMENTS 'dsidm client_config'
dsidm client_config sssd.conf
Generate a SSSD configuration for this LDAP server
dsidm client_config ldap.conf
Generate an OpenLDAP ldap.conf configuration for this LDAP server
dsidm client_config display
Display generic application parameters for LDAP connection
COMMAND 'dsidm client_config sssd.conf'
usage: dsidm instance client_config sssd.conf [-h] [allowed_group]
allowed_group
The name of the group allowed access to this system
COMMAND 'dsidm client_config ldap.conf'
usage: dsidm instance client_config ldap.conf [-h]
COMMAND 'dsidm client_config display'
usage: dsidm instance client_config display [-h]
COMMAND 'dsidm role'
usage: dsidm [-v] [-j] instance role [-h]
{list,get,get-by-dn,create-managed,create-filtered,create-nested,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status}
...
POSITIONAL ARGUMENTS 'dsidm role'
dsidm role list
list roles that could login to the directory
dsidm role get
get
dsidm role get-by-dn
get-by-dn <dn>
dsidm role create-managed
create
dsidm role create-filtered
create
dsidm role create-nested
create
dsidm role modify-by-dn
modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
dsidm role rename-by-dn
rename the object
dsidm role delete
deletes the role
dsidm role lock
lock
dsidm role unlock
unlock
dsidm role entry-status
status of a single entry
dsidm role subtree-status
status of a subtree
COMMAND 'dsidm role list'
usage: dsidm [-v] [-j] instance role list [-h]
COMMAND 'dsidm role get'
usage: dsidm [-v] [-j] instance role get [-h] [selector]
selector
The term to search for
COMMAND 'dsidm role get-by-dn'
usage: dsidm [-v] [-j] instance role get-by-dn [-h] [dn]
dn The dn to get and display
COMMAND 'dsidm role create-managed'
usage: dsidm [-v] [-j] instance role create-managed [-h] [--cn [CN]]
OPTIONS 'dsidm role create-managed'
--cn [CN]
Value of cn
COMMAND 'dsidm role create-filtered'
usage: dsidm [-v] [-j] instance role create-filtered [-h] [--cn [CN]]
OPTIONS 'dsidm role create-filtered'
--cn [CN]
Value of cn
COMMAND 'dsidm role create-nested'
usage: dsidm [-v] [-j] instance role create-nested [-h] [--cn [CN]]
[--nsRoleDN [NSROLEDN]]
OPTIONS 'dsidm role create-nested'
--cn [CN]
Value of cn
--nsRoleDN [NSROLEDN]
Value of nsRoleDN
COMMAND 'dsidm role modify-by-dn'
usage: dsidm [-v] [-j] instance role modify-by-dn [-h]
dn changes [changes ...]
dn The dn to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm role rename-by-dn'
usage: dsidm [-v] [-j] instance role rename-by-dn [-h] [--keep-old-rdn]
dn new_dn
dn The dn to rename
new_dn A new account dn
OPTIONS 'dsidm role rename-by-dn'
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_account') should be kept as an attribute of the entry
or not
COMMAND 'dsidm role delete'
usage: dsidm [-v] [-j] instance role delete [-h] [dn]
dn The dn of the role to delete
COMMAND 'dsidm role lock'
usage: dsidm [-v] [-j] instance role lock [-h] [dn]
dn The dn to lock
COMMAND 'dsidm role unlock'
usage: dsidm [-v] [-j] instance role unlock [-h] [dn]
dn The dn to unlock
COMMAND 'dsidm role entry-status'
usage: dsidm [-v] [-j] instance role entry-status [-h] [dn]
dn The single entry dn to check
COMMAND 'dsidm role subtree-status'
usage: dsidm [-v] [-j] instance role subtree-status [-h] [-f FILTER]
[-s {base,one,sub}]
basedn
basedn Search base for finding entries
OPTIONS 'dsidm role subtree-status'
-f FILTER, --filter FILTER
Search filter for finding entries
-s {base,one,sub}, --scope {base,one,sub}
Search scope (base, one, sub - default is sub
COMMAND 'dsidm service'
usage: dsidm [-v] [-j] instance service [-h]
{list,get,get_dn,create,modify,rename,delete} ...
POSITIONAL ARGUMENTS 'dsidm service'
dsidm service list
list
dsidm service get
get
dsidm service get_dn
get_dn
dsidm service create
create
dsidm service modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm service rename
rename the object
dsidm service delete
deletes the object
COMMAND 'dsidm service list'
usage: dsidm [-v] [-j] instance service list [-h]
COMMAND 'dsidm service get'
usage: dsidm [-v] [-j] instance service get [-h] [selector]
selector
The term to search for
COMMAND 'dsidm service get_dn'
usage: dsidm [-v] [-j] instance service get_dn [-h] [dn]
dn The dn to get
COMMAND 'dsidm service create'
usage: dsidm [-v] [-j] instance service create [-h] [--cn [CN]]
[--description [DESCRIPTION]]
OPTIONS 'dsidm service create'
--cn [CN]
Value of cn
--description [DESCRIPTION]
Value of description
COMMAND 'dsidm service modify'
usage: dsidm [-v] [-j] instance service modify [-h]
selector changes [changes ...]
selector
The cn to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm service rename'
usage: dsidm [-v] [-j] instance service rename [-h] [--keep-old-rdn]
selector new_name
selector
The cn to modify
new_name
A new service name
OPTIONS 'dsidm service rename'
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_service') should be kept as an attribute of the entry
or not
COMMAND 'dsidm service delete'
usage: dsidm [-v] [-j] instance service delete [-h] [dn]
dn The dn to delete
COMMAND 'dsidm uniquegroup'
usage: dsidm instance uniquegroup [-h]
{list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member}
...
POSITIONAL ARGUMENTS 'dsidm uniquegroup'
dsidm uniquegroup list
list
dsidm uniquegroup get
get
dsidm uniquegroup get_dn
get_dn
dsidm uniquegroup create
create
dsidm uniquegroup delete
deletes the object
dsidm uniquegroup modify
modify <add|delete|replace>:<attribute>:<value> ...
dsidm uniquegroup rename
rename the object
dsidm uniquegroup members
List member dns of a group
dsidm uniquegroup add_member
Add a member to a group
dsidm uniquegroup remove_member
Remove a member from a group
COMMAND 'dsidm uniquegroup list'
usage: dsidm [-v] [-j] instance uniquegroup list [-h]
COMMAND 'dsidm uniquegroup get'
usage: dsidm [-v] [-j] instance uniquegroup get [-h] [selector]
selector
The term to search for
COMMAND 'dsidm uniquegroup get_dn'
usage: dsidm [-v] [-j] instance uniquegroup get_dn [-h] [dn]
dn The dn to get
COMMAND 'dsidm uniquegroup create'
usage: dsidm [-v] [-j] instance uniquegroup create [-h] [--cn [CN]]
OPTIONS 'dsidm uniquegroup create'
--cn [CN]
Value of cn
COMMAND 'dsidm uniquegroup delete'
usage: dsidm [-v] [-j] instance uniquegroup delete [-h] [dn]
dn The dn to delete
COMMAND 'dsidm uniquegroup modify'
usage: dsidm [-v] [-j] instance uniquegroup modify [-h] selector changes [changes ...]
selector
The cn to modify
changes
A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>
COMMAND 'dsidm uniquegroup rename'
usage: dsidm [-v] [-j] instance uniquegroup rename [-h] [--keep-old-rdn]
selector new_name
selector
The cn to rename
new_name
A new group name
OPTIONS 'dsidm uniquegroup rename'
--keep-old-rdn
Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or
not
COMMAND 'dsidm uniquegroup members'
usage: dsidm [-v] [-j] instance uniquegroup members [-h] [cn]
cn cn of group to list members of
COMMAND 'dsidm uniquegroup add_member'
usage: dsidm [-v] [-j] instance uniquegroup add_member [-h] [cn] [dn]
cn cn of group to add member to
dn dn of object to add to group as member
COMMAND 'dsidm uniquegroup remove_member'
usage: dsidm [-v] [-j] instance uniquegroup remove_member [-h] [cn] [dn]
cn cn of group to remove member from
dn dn of object to remove from group as member
OPTIONS
-v, --verbose
Display verbose operation tracing during command execution
-j, --json
Return result in JSON object
-b BASEDN, --basedn BASEDN
Base DN (root naming context) of the instance to manage
-D BINDDN, --binddn BINDDN
The account to bind as for executing operations
-w BINDPW, --bindpw BINDPW
Password for the bind DN
-W, --prompt
Prompt for password of the bind DN
-y PWDFILE, --pwdfile PWDFILE
Specifies a file containing the password of the bind DN
-Z, --starttls
Connect with StartTLS
AUTHOR
Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org>
DISTRIBUTION
The latest version of lib389 may be downloaded from
http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html
lib389 3.1.2 2025-04-10 DSIDM(8)