.TH dsidm "8" Manual .SH NAME dsidm .SH SYNOPSIS .B dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-Z] [-j] instance {account,group,initialise,organizationalunit,posixgroup,user,client_config,role} ... .SH OPTIONS .TP \fBinstance\fR The instance name OR the LDAP url to connect to, IE localhost, .br ldap://mai.example.com:389 .SS \fBSub-commands\fR .TP \fBdsidm\fR \fI\,account\/\fR Manage generic accounts, with tasks like modify, locking and unlocking. To create an account, see "user" subcommand instead. .TP \fBdsidm\fR \fI\,group\/\fR Manage groups .TP \fBdsidm\fR \fI\,initialise\/\fR Initialise a backend with domain information and sample entries .TP \fBdsidm\fR \fI\,organizationalunit\/\fR Manage organizational units .TP \fBdsidm\fR \fI\,posixgroup\/\fR Manage posix groups .TP \fBdsidm\fR \fI\,user\/\fR Manage posix users .TP \fBdsidm\fR \fI\,client_config\/\fR Display and generate client example configs for this LDAP server .TP \fBdsidm\fR \fI\,role\/\fR Manage generic roles, with tasks like modify, locking and unlocking. .SH OPTIONS 'dsidm account' usage: dsidm instance account [-h] {list,get-by-dn,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status,reset_password,change_password} ... .SS \fBSub-commands\fR .TP \fBdsidm account\fR \fI\,list\/\fR list accounts that could login to the directory .TP \fBdsidm account\fR \fI\,get-by-dn\/\fR get-by-dn .TP \fBdsidm account\fR \fI\,modify-by-dn\/\fR modify-by-dn :: ... .TP \fBdsidm account\fR \fI\,rename-by-dn\/\fR rename the object .TP \fBdsidm account\fR \fI\,delete\/\fR deletes the account .TP \fBdsidm account\fR \fI\,lock\/\fR lock .TP \fBdsidm account\fR \fI\,unlock\/\fR unlock .TP \fBdsidm account\fR \fI\,entry-status\/\fR status of a single entry .TP \fBdsidm account\fR \fI\,subtree-status\/\fR status of a subtree .TP \fBdsidm account\fR \fI\,reset_password\/\fR Reset the password of an account. This should be performed by a directory admin. .TP \fBdsidm account\fR \fI\,change_password\/\fR Change the password of an account. This can be performed by any user (with correct rights) .SH OPTIONS 'dsidm account list' usage: dsidm instance account list [-h] .SH OPTIONS 'dsidm account get-by-dn' usage: dsidm instance account get-by-dn [-h] [dn] .TP \fBdn\fR The dn to get and display .SH OPTIONS 'dsidm account modify-by-dn' usage: dsidm instance account modify-by-dn [-h] dn changes [changes ...] .TP \fBdn\fR The dn to get and display .TP \fBchanges\fR A list of changes to apply in format: :: .SH OPTIONS 'dsidm account rename-by-dn' usage: dsidm instance account rename-by-dn [-h] [--keep-old-rdn] dn new_dn .TP \fBdn\fR The dn to rename .TP \fBnew_dn\fR A new role dn .TP \fB\-\-keep\-old\-rdn\fR Specify whether the old RDN (i.e. 'cn: old_role') should be kept as an .br attribute of the entry or not .SH OPTIONS 'dsidm account delete' usage: dsidm instance account delete [-h] [dn] .TP \fBdn\fR The dn of the account to delete .SH OPTIONS 'dsidm account lock' usage: dsidm instance account lock [-h] [dn] .TP \fBdn\fR The dn to lock .SH OPTIONS 'dsidm account unlock' usage: dsidm instance account unlock [-h] [dn] .TP \fBdn\fR The dn to unlock .SH OPTIONS 'dsidm account entry-status' usage: dsidm instance account entry-status [-h] [-V] [dn] .TP \fBdn\fR The single entry dn to check .TP \fB\-V\fR, \fB\-\-details\fR Print more account policy details about the entry .SH OPTIONS 'dsidm account subtree-status' usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER] [-s {one,sub}] [-i] [-o BECOME_INACTIVE_ON] basedn .TP \fBbasedn\fR Search base for finding entries .TP \fB\-V\fR, \fB\-\-details\fR Print more account policy details about the entries .TP \fB\-f\fR \fI\,FILTER\/\fR, \fB\-\-filter\fR \fI\,FILTER\/\fR Search filter for finding entries .TP \fB\-s\fR {one,sub}, \fB\-\-scope\fR {one,sub} Search scope (one, sub \- default is sub .TP \fB\-i\fR, \fB\-\-inactive\-only\fR Only display inactivated entries .TP \fB\-o\fR \fI\,BECOME_INACTIVE_ON\/\fR, \fB\-\-become\-inactive\-on\fR \fI\,BECOME_INACTIVE_ON\/\fR Only display entries that will become inactive before specified date (in a .br format 2007\-04\-25T14:30) .SH OPTIONS 'dsidm account reset_password' usage: dsidm instance account reset_password [-h] [dn] [new_password] .TP \fBdn\fR The dn to reset the password for .TP \fBnew_password\fR The new password to set .SH OPTIONS 'dsidm account change_password' usage: dsidm instance account change_password [-h] [dn] [new_password] [current_password] .TP \fBdn\fR The dn to change the password for .TP \fBnew_password\fR The new password to set .TP \fBcurrent_password\fR The accounts current password .SH OPTIONS 'dsidm group' usage: dsidm instance group [-h] {list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member} ... .SS \fBSub-commands\fR .TP \fBdsidm group\fR \fI\,list\/\fR list .TP \fBdsidm group\fR \fI\,get\/\fR get .TP \fBdsidm group\fR \fI\,get_dn\/\fR get_dn .TP \fBdsidm group\fR \fI\,create\/\fR create .TP \fBdsidm group\fR \fI\,delete\/\fR deletes the object .TP \fBdsidm group\fR \fI\,modify\/\fR modify :: ... .TP \fBdsidm group\fR \fI\,rename\/\fR rename the object .TP \fBdsidm group\fR \fI\,members\/\fR List member dns of a group .TP \fBdsidm group\fR \fI\,add_member\/\fR Add a member to a group .TP \fBdsidm group\fR \fI\,remove_member\/\fR Remove a member from a group .SH OPTIONS 'dsidm group list' usage: dsidm instance group list [-h] .SH OPTIONS 'dsidm group get' usage: dsidm instance group get [-h] [selector] .TP \fBselector\fR The term to search for .SH OPTIONS 'dsidm group get_dn' usage: dsidm instance group get_dn [-h] [dn] .TP \fBdn\fR The dn to get .SH OPTIONS 'dsidm group create' usage: dsidm instance group create [-h] [--cn [CN]] .TP \fB\-\-cn\fR [\fI\,CN\/\fR] Value of cn .SH OPTIONS 'dsidm group delete' usage: dsidm instance group delete [-h] [dn] .TP \fBdn\fR The dn to delete .SH OPTIONS 'dsidm group modify' usage: dsidm instance group modify [-h] selector changes [changes ...] .TP \fBselector\fR The cn to modify .TP \fBchanges\fR A list of changes to apply in format: :: .SH OPTIONS 'dsidm group rename' usage: dsidm instance group rename [-h] [--keep-old-rdn] selector new_name .TP \fBselector\fR The cn to rename .TP \fBnew_name\fR A new group name .TP \fB\-\-keep\-old\-rdn\fR Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an .br attribute of the entry or not .SH OPTIONS 'dsidm group members' usage: dsidm instance group members [-h] [cn] .TP \fBcn\fR cn of group to list members of .SH OPTIONS 'dsidm group add_member' usage: dsidm instance group add_member [-h] [cn] [dn] .TP \fBcn\fR cn of group to add member to .TP \fBdn\fR dn of object to add to group as member .SH OPTIONS 'dsidm group remove_member' usage: dsidm instance group remove_member [-h] [cn] [dn] .TP \fBcn\fR cn of group to remove member from .TP \fBdn\fR dn of object to remove from group as member .SH OPTIONS 'dsidm initialise' usage: dsidm instance initialise [-h] [--version VERSION] .TP \fB\-\-version\fR \fI\,VERSION\/\fR The version of entries to create. .SH OPTIONS 'dsidm organizationalunit' usage: dsidm instance organizationalunit [-h] {list,get,get_dn,create,delete,modify,rename} ... .SS \fBSub-commands\fR .TP \fBdsidm organizationalunit\fR \fI\,list\/\fR list .TP \fBdsidm organizationalunit\fR \fI\,get\/\fR get .TP \fBdsidm organizationalunit\fR \fI\,get_dn\/\fR get_dn .TP \fBdsidm organizationalunit\fR \fI\,create\/\fR create .TP \fBdsidm organizationalunit\fR \fI\,delete\/\fR deletes the object .TP \fBdsidm organizationalunit\fR \fI\,modify\/\fR modify :: ... .TP \fBdsidm organizationalunit\fR \fI\,rename\/\fR rename the object .SH OPTIONS 'dsidm organizationalunit list' usage: dsidm instance organizationalunit list [-h] .SH OPTIONS 'dsidm organizationalunit get' usage: dsidm instance organizationalunit get [-h] [selector] .TP \fBselector\fR The term to search for .SH OPTIONS 'dsidm organizationalunit get_dn' usage: dsidm instance organizationalunit get_dn [-h] [dn] .TP \fBdn\fR The dn to get .SH OPTIONS 'dsidm organizationalunit create' usage: dsidm instance organizationalunit create [-h] [--ou [OU]] .TP \fB\-\-ou\fR [\fI\,OU\/\fR] Value of ou .SH OPTIONS 'dsidm organizationalunit delete' usage: dsidm instance organizationalunit delete [-h] [dn] .TP \fBdn\fR The dn to delete .SH OPTIONS 'dsidm organizationalunit modify' usage: dsidm instance organizationalunit modify [-h] selector changes [changes ...] .TP \fBselector\fR The ou to modify .TP \fBchanges\fR A list of changes to apply in format: :: .SH OPTIONS 'dsidm organizationalunit rename' usage: dsidm instance organizationalunit rename [-h] [--keep-old-rdn] selector new_name .TP \fBselector\fR The ou to rename .TP \fBnew_name\fR A new organizational unit name .TP \fB\-\-keep\-old\-rdn\fR Specify whether the old RDN (i.e. 'ou: old_ou') should be kept as an attribute .br of the entry or not .SH OPTIONS 'dsidm posixgroup' usage: dsidm instance posixgroup [-h] {list,get,get_dn,create,delete,modify,rename} ... .SS \fBSub-commands\fR .TP \fBdsidm posixgroup\fR \fI\,list\/\fR list .TP \fBdsidm posixgroup\fR \fI\,get\/\fR get .TP \fBdsidm posixgroup\fR \fI\,get_dn\/\fR get_dn .TP \fBdsidm posixgroup\fR \fI\,create\/\fR create .TP \fBdsidm posixgroup\fR \fI\,delete\/\fR deletes the object .TP \fBdsidm posixgroup\fR \fI\,modify\/\fR modify :: ... .TP \fBdsidm posixgroup\fR \fI\,rename\/\fR rename the object .SH OPTIONS 'dsidm posixgroup list' usage: dsidm instance posixgroup list [-h] .SH OPTIONS 'dsidm posixgroup get' usage: dsidm instance posixgroup get [-h] [selector] .TP \fBselector\fR The term to search for .SH OPTIONS 'dsidm posixgroup get_dn' usage: dsidm instance posixgroup get_dn [-h] [dn] .TP \fBdn\fR The dn to get .SH OPTIONS 'dsidm posixgroup create' usage: dsidm instance posixgroup create [-h] [--cn [CN]] [--gidNumber [GIDNUMBER]] .TP \fB\-\-cn\fR [\fI\,CN\/\fR] Value of cn .TP \fB\-\-gidNumber\fR [\fI\,GIDNUMBER\/\fR] Value of gidNumber .SH OPTIONS 'dsidm posixgroup delete' usage: dsidm instance posixgroup delete [-h] [dn] .TP \fBdn\fR The dn to delete .SH OPTIONS 'dsidm posixgroup modify' usage: dsidm instance posixgroup modify [-h] selector changes [changes ...] .TP \fBselector\fR The cn to modify .TP \fBchanges\fR A list of changes to apply in format: :: .SH OPTIONS 'dsidm posixgroup rename' usage: dsidm instance posixgroup rename [-h] [--keep-old-rdn] selector new_name .TP \fBselector\fR The cn to rename .TP \fBnew_name\fR A new posix group name .TP \fB\-\-keep\-old\-rdn\fR Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an .br attribute of the entry or not .SH OPTIONS 'dsidm user' usage: dsidm instance user [-h] {list,get,get_dn,create,modify,rename,delete} ... .SS \fBSub-commands\fR .TP \fBdsidm user\fR \fI\,list\/\fR list .TP \fBdsidm user\fR \fI\,get\/\fR get .TP \fBdsidm user\fR \fI\,get_dn\/\fR get_dn .TP \fBdsidm user\fR \fI\,create\/\fR create .TP \fBdsidm user\fR \fI\,modify\/\fR modify :: ... .TP \fBdsidm user\fR \fI\,rename\/\fR rename the object .TP \fBdsidm user\fR \fI\,delete\/\fR deletes the object .SH OPTIONS 'dsidm user list' usage: dsidm instance user list [-h] .SH OPTIONS 'dsidm user get' usage: dsidm instance user get [-h] [selector] .TP \fBselector\fR The term to search for .SH OPTIONS 'dsidm user get_dn' usage: dsidm instance user get_dn [-h] [dn] .TP \fBdn\fR The dn to get .SH OPTIONS 'dsidm user create' usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]] [--displayName [DISPLAYNAME]] [--uidNumber [UIDNUMBER]] [--gidNumber [GIDNUMBER]] [--homeDirectory [HOMEDIRECTORY]] .TP \fB\-\-uid\fR [\fI\,UID\/\fR] Value of uid .TP \fB\-\-cn\fR [\fI\,CN\/\fR] Value of cn .TP \fB\-\-displayName\fR [\fI\,DISPLAYNAME\/\fR] Value of displayName .TP \fB\-\-uidNumber\fR [\fI\,UIDNUMBER\/\fR] Value of uidNumber .TP \fB\-\-gidNumber\fR [\fI\,GIDNUMBER\/\fR] Value of gidNumber .TP \fB\-\-homeDirectory\fR [\fI\,HOMEDIRECTORY\/\fR] Value of homeDirectory .SH OPTIONS 'dsidm user modify' usage: dsidm instance user modify [-h] selector changes [changes ...] .TP \fBselector\fR The uid to modify .TP \fBchanges\fR A list of changes to apply in format: :: .SH OPTIONS 'dsidm user rename' usage: dsidm instance user rename [-h] [--keep-old-rdn] selector new_name .TP \fBselector\fR The uid to modify .TP \fBnew_name\fR A new user name .TP \fB\-\-keep\-old\-rdn\fR Specify whether the old RDN (i.e. 'cn: old_user')should be kept as an .br attribute of the entry or not .SH OPTIONS 'dsidm user delete' usage: dsidm instance user delete [-h] [dn] .TP \fBdn\fR The dn to delete .SH OPTIONS 'dsidm client_config' usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display} ... .SS \fBSub-commands\fR .TP \fBdsidm client_config\fR \fI\,sssd.conf\/\fR Generate a SSSD configuration for this LDAP server .TP \fBdsidm client_config\fR \fI\,ldap.conf\/\fR Generate an OpenLDAP ldap.conf configuration for this LDAP server .TP \fBdsidm client_config\fR \fI\,display\/\fR Display generic application parameters for LDAP connection .SH OPTIONS 'dsidm client_config sssd.conf' usage: dsidm instance client_config sssd.conf [-h] [allowed_group] .TP \fBallowed_group\fR The name of the group allowed access to this system .SH OPTIONS 'dsidm client_config ldap.conf' usage: dsidm instance client_config ldap.conf [-h] .SH OPTIONS 'dsidm client_config display' usage: dsidm instance client_config display [-h] .SH OPTIONS 'dsidm role' usage: dsidm instance role [-h] {list,get-by-dn,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status} ... .SS \fBSub-commands\fR .TP \fBdsidm role\fR \fI\,list\/\fR list roles that could login to the directory .TP \fBdsidm role\fR \fI\,get-by-dn\/\fR get-by-dn .TP \fBdsidm role\fR \fI\,modify-by-dn\/\fR modify-by-dn :: ... .TP \fBdsidm role\fR \fI\,rename-by-dn\/\fR rename the object .TP \fBdsidm role\fR \fI\,delete\/\fR deletes the role .TP \fBdsidm role\fR \fI\,lock\/\fR lock .TP \fBdsidm role\fR \fI\,unlock\/\fR unlock .TP \fBdsidm role\fR \fI\,entry-status\/\fR status of a single entry .TP \fBdsidm role\fR \fI\,subtree-status\/\fR status of a subtree .SH OPTIONS 'dsidm role list' usage: dsidm instance role list [-h] .SH OPTIONS 'dsidm role get-by-dn' usage: dsidm instance role get-by-dn [-h] [dn] .TP \fBdn\fR The dn to get and display .SH OPTIONS 'dsidm role modify-by-dn' usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...] .TP \fBdn\fR The dn to modify .TP \fBchanges\fR A list of changes to apply in format: :: .SH OPTIONS 'dsidm role rename-by-dn' usage: dsidm instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn .TP \fBdn\fR The dn to rename .TP \fBnew_dn\fR A new account dn .TP \fB\-\-keep\-old\-rdn\fR Specify whether the old RDN (i.e. 'cn: old_account') should be kept as an .br attribute of the entry or not .SH OPTIONS 'dsidm role delete' usage: dsidm instance role delete [-h] [dn] .TP \fBdn\fR The dn of the role to delete .SH OPTIONS 'dsidm role lock' usage: dsidm instance role lock [-h] [dn] .TP \fBdn\fR The dn to lock .SH OPTIONS 'dsidm role unlock' usage: dsidm instance role unlock [-h] [dn] .TP \fBdn\fR The dn to unlock .SH OPTIONS 'dsidm role entry-status' usage: dsidm instance role entry-status [-h] [dn] .TP \fBdn\fR The single entry dn to check .SH OPTIONS 'dsidm role subtree-status' usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s {base,one,sub}] basedn .TP \fBbasedn\fR Search base for finding entries .TP \fB\-f\fR \fI\,FILTER\/\fR, \fB\-\-filter\fR \fI\,FILTER\/\fR Search filter for finding entries .TP \fB\-s\fR {base,one,sub}, \fB\-\-scope\fR {base,one,sub} Search scope (base, one, sub \- default is sub .TP \fB\-b\fR \fI\,BASEDN\/\fR, \fB\-\-basedn\fR \fI\,BASEDN\/\fR Basedn (root naming context) of the instance to manage .TP \fB\-v\fR, \fB\-\-verbose\fR Display verbose operation tracing during command execution .TP \fB\-D\fR \fI\,BINDDN\/\fR, \fB\-\-binddn\fR \fI\,BINDDN\/\fR The account to bind as for executing operations .TP \fB\-w\fR \fI\,BINDPW\/\fR, \fB\-\-bindpw\fR \fI\,BINDPW\/\fR Password for binddn .TP \fB\-W\fR, \fB\-\-prompt\fR Prompt for password for binddn .TP \fB\-y\fR \fI\,PWDFILE\/\fR, \fB\-\-pwdfile\fR \fI\,PWDFILE\/\fR Specifies a file containing the password for the bind DN .TP \fB\-Z\fR, \fB\-\-starttls\fR Connect with StartTLS .TP \fB\-j\fR, \fB\-\-json\fR Return result in JSON object .SH AUTHORS .B lib389 was written by Red Hat Inc., and William Brown <389\-devel@lists.fedoraproject.org>. .SH DISTRIBUTION The latest version of lib389 may be downloaded from .UR http://www.port389.org/docs/389ds/FAQ/upstream\-test\-framework.html .UE