DOKK / manpages / debian 11 / python3-lib389 / dsidm.8.en
dsidm(8) System Manager's Manual dsidm(8)

dsidm

dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-Z] [-j] instance {account,group,initialise,organizationalunit,posixgroup,user,client_config,role} ...

The instance name OR the LDAP url to connect to, IE localhost,
ldap://mai.example.com:389

Sub-commands

Manage generic accounts, with tasks like modify, locking and unlocking. To create an account, see "user" subcommand instead.
Manage groups
Initialise a backend with domain information and sample entries
Manage organizational units
Manage posix groups
Manage posix users
Display and generate client example configs for this LDAP server
Manage generic roles, with tasks like modify, locking and unlocking.

usage: dsidm instance account [-h]
{list,get-by-dn,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status,reset_password,change_password}
...

Sub-commands

list accounts that could login to the directory
get-by-dn <dn>
modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
rename the object
deletes the account
lock
unlock
status of a single entry
status of a subtree
Reset the password of an account. This should be performed by a directory admin.
Change the password of an account. This can be performed by any user (with correct rights)

usage: dsidm instance account list [-h]

usage: dsidm instance account get-by-dn [-h] [dn]

The dn to get and display

usage: dsidm instance account modify-by-dn [-h] dn changes [changes ...]

The dn to get and display

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

usage: dsidm instance account rename-by-dn [-h] [--keep-old-rdn] dn new_dn

The dn to rename

A new role dn

Specify whether the old RDN (i.e. 'cn: old_role') should be kept as an
attribute of the entry or not

usage: dsidm instance account delete [-h] [dn]

The dn of the account to delete

usage: dsidm instance account lock [-h] [dn]

The dn to lock

usage: dsidm instance account unlock [-h] [dn]

The dn to unlock

usage: dsidm instance account entry-status [-h] [-V] [dn]

The single entry dn to check

Print more account policy details about the entry

usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER]
[-s {one,sub}] [-i]
[-o BECOME_INACTIVE_ON]
basedn

Search base for finding entries

Print more account policy details about the entries

Search filter for finding entries

Search scope (one, sub - default is sub

Only display inactivated entries

Only display entries that will become inactive before specified date (in a
format 2007-04-25T14:30)

usage: dsidm instance account reset_password [-h] [dn] [new_password]

The dn to reset the password for

The new password to set

usage: dsidm instance account change_password [-h]
[dn] [new_password]
[current_password]

The dn to change the password for

The new password to set

The accounts current password

usage: dsidm instance group [-h]
{list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member}
...

Sub-commands

list
get
get_dn
create
deletes the object
modify <add|delete|replace>:<attribute>:<value> ...
rename the object
List member dns of a group
Add a member to a group
Remove a member from a group

usage: dsidm instance group list [-h]

usage: dsidm instance group get [-h] [selector]

The term to search for

usage: dsidm instance group get_dn [-h] [dn]

The dn to get

usage: dsidm instance group create [-h] [--cn [CN]]

Value of cn

usage: dsidm instance group delete [-h] [dn]

The dn to delete

usage: dsidm instance group modify [-h] selector changes [changes ...]

The cn to modify

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

usage: dsidm instance group rename [-h] [--keep-old-rdn] selector new_name

The cn to rename

A new group name

Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an
attribute of the entry or not

usage: dsidm instance group members [-h] [cn]

cn of group to list members of

usage: dsidm instance group add_member [-h] [cn] [dn]

cn of group to add member to

dn of object to add to group as member

usage: dsidm instance group remove_member [-h] [cn] [dn]

cn of group to remove member from

dn of object to remove from group as member

usage: dsidm instance initialise [-h] [--version VERSION]

The version of entries to create.

usage: dsidm instance organizationalunit [-h]
{list,get,get_dn,create,delete,modify,rename}
...

Sub-commands

list
get
get_dn
create
deletes the object
modify <add|delete|replace>:<attribute>:<value> ...
rename the object

usage: dsidm instance organizationalunit list [-h]

usage: dsidm instance organizationalunit get [-h] [selector]

The term to search for

usage: dsidm instance organizationalunit get_dn [-h] [dn]

The dn to get

usage: dsidm instance organizationalunit create [-h] [--ou [OU]]

Value of ou

usage: dsidm instance organizationalunit delete [-h] [dn]

The dn to delete

usage: dsidm instance organizationalunit modify [-h]
selector changes [changes ...]

The ou to modify

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

usage: dsidm instance organizationalunit rename [-h] [--keep-old-rdn]
selector new_name

The ou to rename

A new organizational unit name

Specify whether the old RDN (i.e. 'ou: old_ou') should be kept as an attribute
of the entry or not

usage: dsidm instance posixgroup [-h]
{list,get,get_dn,create,delete,modify,rename}
...

Sub-commands

list
get
get_dn
create
deletes the object
modify <add|delete|replace>:<attribute>:<value> ...
rename the object

usage: dsidm instance posixgroup list [-h]

usage: dsidm instance posixgroup get [-h] [selector]

The term to search for

usage: dsidm instance posixgroup get_dn [-h] [dn]

The dn to get

usage: dsidm instance posixgroup create [-h] [--cn [CN]]
[--gidNumber [GIDNUMBER]]

Value of cn

Value of gidNumber

usage: dsidm instance posixgroup delete [-h] [dn]

The dn to delete

usage: dsidm instance posixgroup modify [-h] selector changes [changes ...]

The cn to modify

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

usage: dsidm instance posixgroup rename [-h] [--keep-old-rdn]
selector new_name

The cn to rename

A new posix group name

Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an
attribute of the entry or not

usage: dsidm instance user [-h]
{list,get,get_dn,create,modify,rename,delete} ...

Sub-commands

list
get
get_dn
create
modify <add|delete|replace>:<attribute>:<value> ...
rename the object
deletes the object

usage: dsidm instance user list [-h]

usage: dsidm instance user get [-h] [selector]

The term to search for

usage: dsidm instance user get_dn [-h] [dn]

The dn to get

usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]]
[--displayName [DISPLAYNAME]]
[--uidNumber [UIDNUMBER]]
[--gidNumber [GIDNUMBER]]
[--homeDirectory [HOMEDIRECTORY]]

Value of uid

Value of cn

Value of displayName

Value of uidNumber

Value of gidNumber

Value of homeDirectory

usage: dsidm instance user modify [-h] selector changes [changes ...]

The uid to modify

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

usage: dsidm instance user rename [-h] [--keep-old-rdn] selector new_name

The uid to modify

A new user name

Specify whether the old RDN (i.e. 'cn: old_user')should be kept as an
attribute of the entry or not

usage: dsidm instance user delete [-h] [dn]

The dn to delete

usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display} ...

Sub-commands

Generate a SSSD configuration for this LDAP server
Generate an OpenLDAP ldap.conf configuration for this LDAP server
Display generic application parameters for LDAP connection

usage: dsidm instance client_config sssd.conf [-h] [allowed_group]

The name of the group allowed access to this system

usage: dsidm instance client_config ldap.conf [-h]

usage: dsidm instance client_config display [-h]

usage: dsidm instance role [-h]
{list,get-by-dn,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status}
...

Sub-commands

list roles that could login to the directory
get-by-dn <dn>
modify-by-dn <dn> <add|delete|replace>:<attribute>:<value> ...
rename the object
deletes the role
lock
unlock
status of a single entry
status of a subtree

usage: dsidm instance role list [-h]

usage: dsidm instance role get-by-dn [-h] [dn]

The dn to get and display

usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...]

The dn to modify

A list of changes to apply in format: <add|delete|replace>:<attribute>:<value>

usage: dsidm instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn

The dn to rename

A new account dn

Specify whether the old RDN (i.e. 'cn: old_account') should be kept as an
attribute of the entry or not

usage: dsidm instance role delete [-h] [dn]

The dn of the role to delete

usage: dsidm instance role lock [-h] [dn]

The dn to lock

usage: dsidm instance role unlock [-h] [dn]

The dn to unlock

usage: dsidm instance role entry-status [-h] [dn]

The single entry dn to check

usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s {base,one,sub}]
basedn

Search base for finding entries

Search filter for finding entries

Search scope (base, one, sub - default is sub

Basedn (root naming context) of the instance to manage

Display verbose operation tracing during command execution

The account to bind as for executing operations

Password for binddn

Prompt for password for binddn

Specifies a file containing the password for the bind DN

Connect with StartTLS

Return result in JSON object

lib389 was written by Red Hat Inc., and William Brown <389-devel@lists.fedoraproject.org>.

The latest version of lib389 may be downloaded from http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html

Manual