DSIDM(1) Generated Python Manual DSIDM(1) NAME dsidm SYNOPSIS dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-Z] [-j] instance {account,group,initialise,init,organizationalunit,ou,posixgroup,user,client_config,role,service,uniquegroup} ... POSITIONAL ARGUMENTS dsidm account Manage generic accounts, with tasks like modify, locking and unlocking. To create an account, see "user" subcommand instead. dsidm group Manage groups. The organizationalUnit (by default "ou=groups") needs to exist prior to managing groups. Groups uses the objectclass "groupOfNames" and the grouping attribute "member" dsidm initialise Initialise a backend with domain information and sample entries dsidm organizationalunit Manage organizational units dsidm posixgroup Manage posix groups The organizationalUnit (by default ou=groups") needs to exist prior to managing posix groups. dsidm user Manage posix users. The organizationalUnit (by default "ou=people") needs to exist prior to managing users. dsidm client_config Display and generate client example configs for this LDAP server dsidm role Manage roles. dsidm service Manage service accounts dsidm uniquegroup Manage groups. The organizationalUnit (by default "ou=groups") needs to exist prior to managing groups. Unique groups uses the objectclass "groupOfUniqueNames" and the grouping attribute "uniquemember" COMMAND 'dsidm account' usage: dsidm instance account [-h] {list,get-by-dn,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status,reset_password,change_password,bulk_update} ... POSITIONAL ARGUMENTS 'dsidm account' dsidm account list list accounts that could login to the directory dsidm account get-by-dn get-by-dn dsidm account modify-by-dn modify-by-dn :: ... dsidm account rename-by-dn rename the object dsidm account delete deletes the account dsidm account lock lock dsidm account unlock unlock dsidm account entry-status status of a single entry dsidm account subtree-status status of a subtree dsidm account reset_password Reset the password of an account. This should be performed by a directory admin. dsidm account change_password Change the password of an account. This can be performed by any user (with correct rights) dsidm account bulk_update Perform a common operation to a set of entries COMMAND 'dsidm account list' usage: dsidm instance account list [-h] COMMAND 'dsidm account get-by-dn' usage: dsidm instance account get-by-dn [-h] [dn] dn The dn to get and display COMMAND 'dsidm account modify-by-dn' usage: dsidm instance account modify-by-dn [-h] dn changes [changes ...] dn The dn to get and display changes A list of changes to apply in format: :: COMMAND 'dsidm account rename-by-dn' usage: dsidm instance account rename-by-dn [-h] [--keep-old-rdn] dn new_dn dn The dn to rename new_dn A new role dn OPTIONS 'dsidm account rename-by-dn' --keep-old-rdn Specify whether the old RDN (i.e. 'cn: old_role') should be kept as an attribute of the entry or not COMMAND 'dsidm account delete' usage: dsidm instance account delete [-h] [dn] dn The dn of the account to delete COMMAND 'dsidm account lock' usage: dsidm instance account lock [-h] [dn] dn The dn to lock COMMAND 'dsidm account unlock' usage: dsidm instance account unlock [-h] [dn] dn The dn to unlock COMMAND 'dsidm account entry-status' usage: dsidm instance account entry-status [-h] [-V] [dn] dn The single entry dn to check OPTIONS 'dsidm account entry-status' -V, --details Print more account policy details about the entry COMMAND 'dsidm account subtree-status' usage: dsidm instance account subtree-status [-h] [-V] [-f FILTER] [-s {one,sub}] [-i] [-o BECOME_INACTIVE_ON] basedn basedn Search base for finding entries OPTIONS 'dsidm account subtree-status' -V, --details Print more account policy details about the entries -f FILTER, --filter FILTER Search filter for finding entries -s {one,sub}, --scope {one,sub} Search scope (one, sub - default is sub -i, --inactive-only Only display inactivated entries -o BECOME_INACTIVE_ON, --become-inactive-on BECOME_INACTIVE_ON Only display entries that will become inactive before specified date (in a format 2007-04-25T14:30) COMMAND 'dsidm account reset_password' usage: dsidm instance account reset_password [-h] [dn] [new_password] dn The dn to reset the password for new_password The new password to set COMMAND 'dsidm account change_password' usage: dsidm instance account change_password [-h] [dn] [new_password] [current_password] dn The dn to change the password for new_password The new password to set current_password The accounts current password COMMAND 'dsidm account bulk_update' usage: dsidm instance account bulk_update [-h] [-f FILTER] [-s {one,sub}] [-x] basedn changes [changes ...] basedn Search base for finding entries, only the children of this DN are processed changes A list of changes to apply in format: :: OPTIONS 'dsidm account bulk_update' -f FILTER, --filter FILTER Search filter for finding entries, default is '(objectclass=*)' -s {one,sub}, --scope {one,sub} Search scope (one, sub - default is sub -x, --stop Stop processing updates when an error occurs. Default is False COMMAND 'dsidm group' usage: dsidm instance group [-h] {list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member} ... POSITIONAL ARGUMENTS 'dsidm group' dsidm group list list dsidm group get get dsidm group get_dn get_dn dsidm group create create dsidm group delete deletes the object dsidm group modify modify :: ... dsidm group rename rename the object dsidm group members List member dns of a group dsidm group add_member Add a member to a group dsidm group remove_member Remove a member from a group COMMAND 'dsidm group list' usage: dsidm instance group list [-h] COMMAND 'dsidm group get' usage: dsidm instance group get [-h] [selector] selector The term to search for COMMAND 'dsidm group get_dn' usage: dsidm instance group get_dn [-h] [dn] dn The dn to get COMMAND 'dsidm group create' usage: dsidm instance group create [-h] [--cn [CN]] OPTIONS 'dsidm group create' --cn [CN] Value of cn COMMAND 'dsidm group delete' usage: dsidm instance group delete [-h] [dn] dn The dn to delete COMMAND 'dsidm group modify' usage: dsidm instance group modify [-h] selector changes [changes ...] selector The cn to modify changes A list of changes to apply in format: :: COMMAND 'dsidm group rename' usage: dsidm instance group rename [-h] [--keep-old-rdn] selector new_name selector The cn to rename new_name A new group name OPTIONS 'dsidm group rename' --keep-old-rdn Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not COMMAND 'dsidm group members' usage: dsidm instance group members [-h] [cn] cn cn of group to list members of COMMAND 'dsidm group add_member' usage: dsidm instance group add_member [-h] [cn] [dn] cn cn of group to add member to dn dn of object to add to group as member COMMAND 'dsidm group remove_member' usage: dsidm instance group remove_member [-h] [cn] [dn] cn cn of group to remove member from dn dn of object to remove from group as member COMMAND 'dsidm initialise' usage: dsidm instance initialise [-h] [--version VERSION] OPTIONS 'dsidm initialise' --version VERSION The version of entries to create. COMMAND 'dsidm organizationalunit' usage: dsidm instance organizationalunit [-h] {list,get,get_dn,create,delete,modify,rename} ... POSITIONAL ARGUMENTS 'dsidm organizationalunit' dsidm organizationalunit list list dsidm organizationalunit get get dsidm organizationalunit get_dn get_dn dsidm organizationalunit create create dsidm organizationalunit delete deletes the object dsidm organizationalunit modify modify :: ... dsidm organizationalunit rename rename the object COMMAND 'dsidm organizationalunit list' usage: dsidm instance organizationalunit list [-h] COMMAND 'dsidm organizationalunit get' usage: dsidm instance organizationalunit get [-h] [selector] selector The term to search for COMMAND 'dsidm organizationalunit get_dn' usage: dsidm instance organizationalunit get_dn [-h] [dn] dn The dn to get COMMAND 'dsidm organizationalunit create' usage: dsidm instance organizationalunit create [-h] [--ou [OU]] OPTIONS 'dsidm organizationalunit create' --ou [OU] Value of ou COMMAND 'dsidm organizationalunit delete' usage: dsidm instance organizationalunit delete [-h] [dn] dn The dn to delete COMMAND 'dsidm organizationalunit modify' usage: dsidm instance organizationalunit modify [-h] selector changes [changes ...] selector The ou to modify changes A list of changes to apply in format: :: COMMAND 'dsidm organizationalunit rename' usage: dsidm instance organizationalunit rename [-h] [--keep-old-rdn] selector new_name selector The ou to rename new_name A new organizational unit name OPTIONS 'dsidm organizationalunit rename' --keep-old-rdn Specify whether the old RDN (i.e. 'ou: old_ou') should be kept as an attribute of the entry or not COMMAND 'dsidm posixgroup' usage: dsidm instance posixgroup [-h] {list,get,get_dn,create,delete,modify,rename} ... POSITIONAL ARGUMENTS 'dsidm posixgroup' dsidm posixgroup list list dsidm posixgroup get get dsidm posixgroup get_dn get_dn dsidm posixgroup create create dsidm posixgroup delete deletes the object dsidm posixgroup modify modify :: ... dsidm posixgroup rename rename the object COMMAND 'dsidm posixgroup list' usage: dsidm instance posixgroup list [-h] COMMAND 'dsidm posixgroup get' usage: dsidm instance posixgroup get [-h] [selector] selector The term to search for COMMAND 'dsidm posixgroup get_dn' usage: dsidm instance posixgroup get_dn [-h] [dn] dn The dn to get COMMAND 'dsidm posixgroup create' usage: dsidm instance posixgroup create [-h] [--cn [CN]] [--gidNumber [GIDNUMBER]] OPTIONS 'dsidm posixgroup create' --cn [CN] Value of cn --gidNumber [GIDNUMBER] Value of gidNumber COMMAND 'dsidm posixgroup delete' usage: dsidm instance posixgroup delete [-h] [dn] dn The dn to delete COMMAND 'dsidm posixgroup modify' usage: dsidm instance posixgroup modify [-h] selector changes [changes ...] selector The cn to modify changes A list of changes to apply in format: :: COMMAND 'dsidm posixgroup rename' usage: dsidm instance posixgroup rename [-h] [--keep-old-rdn] selector new_name selector The cn to rename new_name A new posix group name OPTIONS 'dsidm posixgroup rename' --keep-old-rdn Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not COMMAND 'dsidm user' usage: dsidm instance user [-h] {list,get,get_dn,create,modify,rename,delete} ... POSITIONAL ARGUMENTS 'dsidm user' dsidm user list list dsidm user get get dsidm user get_dn get_dn dsidm user create create dsidm user modify modify :: ... dsidm user rename rename the object dsidm user delete deletes the object COMMAND 'dsidm user list' usage: dsidm instance user list [-h] COMMAND 'dsidm user get' usage: dsidm instance user get [-h] [selector] selector The term to search for COMMAND 'dsidm user get_dn' usage: dsidm instance user get_dn [-h] [dn] dn The dn to get COMMAND 'dsidm user create' usage: dsidm instance user create [-h] [--uid [UID]] [--cn [CN]] [--displayName [DISPLAYNAME]] [--uidNumber [UIDNUMBER]] [--gidNumber [GIDNUMBER]] [--homeDirectory [HOMEDIRECTORY]] OPTIONS 'dsidm user create' --uid [UID] Value of uid --cn [CN] Value of cn --displayName [DISPLAYNAME] Value of displayName --uidNumber [UIDNUMBER] Value of uidNumber --gidNumber [GIDNUMBER] Value of gidNumber --homeDirectory [HOMEDIRECTORY] Value of homeDirectory COMMAND 'dsidm user modify' usage: dsidm instance user modify [-h] selector changes [changes ...] selector The uid to modify changes A list of changes to apply in format: :: COMMAND 'dsidm user rename' usage: dsidm instance user rename [-h] [--keep-old-rdn] selector new_name selector The uid to modify new_name A new user name OPTIONS 'dsidm user rename' --keep-old-rdn Specify whether the old RDN (i.e. 'cn: old_user') should be kept as an attribute of the entry or not COMMAND 'dsidm user delete' usage: dsidm instance user delete [-h] [dn] dn The dn to delete COMMAND 'dsidm client_config' usage: dsidm instance client_config [-h] {sssd.conf,ldap.conf,display} ... POSITIONAL ARGUMENTS 'dsidm client_config' dsidm client_config sssd.conf Generate a SSSD configuration for this LDAP server dsidm client_config ldap.conf Generate an OpenLDAP ldap.conf configuration for this LDAP server dsidm client_config display Display generic application parameters for LDAP connection COMMAND 'dsidm client_config sssd.conf' usage: dsidm instance client_config sssd.conf [-h] [allowed_group] allowed_group The name of the group allowed access to this system COMMAND 'dsidm client_config ldap.conf' usage: dsidm instance client_config ldap.conf [-h] COMMAND 'dsidm client_config display' usage: dsidm instance client_config display [-h] COMMAND 'dsidm role' usage: dsidm instance role [-h] {list,get,get-by-dn,create-managed,create-filtered,create-nested,modify-by-dn,rename-by-dn,delete,lock,unlock,entry-status,subtree-status} ... POSITIONAL ARGUMENTS 'dsidm role' dsidm role list list roles that could login to the directory dsidm role get get dsidm role get-by-dn get-by-dn dsidm role create-managed create dsidm role create-filtered create dsidm role create-nested create dsidm role modify-by-dn modify-by-dn :: ... dsidm role rename-by-dn rename the object dsidm role delete deletes the role dsidm role lock lock dsidm role unlock unlock dsidm role entry-status status of a single entry dsidm role subtree-status status of a subtree COMMAND 'dsidm role list' usage: dsidm instance role list [-h] COMMAND 'dsidm role get' usage: dsidm instance role get [-h] [selector] selector The term to search for COMMAND 'dsidm role get-by-dn' usage: dsidm instance role get-by-dn [-h] [dn] dn The dn to get and display COMMAND 'dsidm role create-managed' usage: dsidm instance role create-managed [-h] [--cn [CN]] OPTIONS 'dsidm role create-managed' --cn [CN] Value of cn COMMAND 'dsidm role create-filtered' usage: dsidm instance role create-filtered [-h] [--cn [CN]] OPTIONS 'dsidm role create-filtered' --cn [CN] Value of cn COMMAND 'dsidm role create-nested' usage: dsidm instance role create-nested [-h] [--cn [CN]] [--nsRoleDN [NSROLEDN]] OPTIONS 'dsidm role create-nested' --cn [CN] Value of cn --nsRoleDN [NSROLEDN] Value of nsRoleDN COMMAND 'dsidm role modify-by-dn' usage: dsidm instance role modify-by-dn [-h] dn changes [changes ...] dn The dn to modify changes A list of changes to apply in format: :: COMMAND 'dsidm role rename-by-dn' usage: dsidm instance role rename-by-dn [-h] [--keep-old-rdn] dn new_dn dn The dn to rename new_dn A new account dn OPTIONS 'dsidm role rename-by-dn' --keep-old-rdn Specify whether the old RDN (i.e. 'cn: old_account') should be kept as an attribute of the entry or not COMMAND 'dsidm role delete' usage: dsidm instance role delete [-h] [dn] dn The dn of the role to delete COMMAND 'dsidm role lock' usage: dsidm instance role lock [-h] [dn] dn The dn to lock COMMAND 'dsidm role unlock' usage: dsidm instance role unlock [-h] [dn] dn The dn to unlock COMMAND 'dsidm role entry-status' usage: dsidm instance role entry-status [-h] [dn] dn The single entry dn to check COMMAND 'dsidm role subtree-status' usage: dsidm instance role subtree-status [-h] [-f FILTER] [-s {base,one,sub}] basedn basedn Search base for finding entries OPTIONS 'dsidm role subtree-status' -f FILTER, --filter FILTER Search filter for finding entries -s {base,one,sub}, --scope {base,one,sub} Search scope (base, one, sub - default is sub COMMAND 'dsidm service' usage: dsidm instance service [-h] {list,get,get_dn,create,modify,rename,delete} ... POSITIONAL ARGUMENTS 'dsidm service' dsidm service list list dsidm service get get dsidm service get_dn get_dn dsidm service create create dsidm service modify modify :: ... dsidm service rename rename the object dsidm service delete deletes the object COMMAND 'dsidm service list' usage: dsidm instance service list [-h] COMMAND 'dsidm service get' usage: dsidm instance service get [-h] [selector] selector The term to search for COMMAND 'dsidm service get_dn' usage: dsidm instance service get_dn [-h] [dn] dn The dn to get COMMAND 'dsidm service create' usage: dsidm instance service create [-h] [--cn [CN]] [--description [DESCRIPTION]] OPTIONS 'dsidm service create' --cn [CN] Value of cn --description [DESCRIPTION] Value of description COMMAND 'dsidm service modify' usage: dsidm instance service modify [-h] selector changes [changes ...] selector The cn to modify changes A list of changes to apply in format: :: COMMAND 'dsidm service rename' usage: dsidm instance service rename [-h] [--keep-old-rdn] selector new_name selector The cn to modify new_name A new service name OPTIONS 'dsidm service rename' --keep-old-rdn Specify whether the old RDN (i.e. 'cn: old_service') should be kept as an attribute of the entry or not COMMAND 'dsidm service delete' usage: dsidm instance service delete [-h] [dn] dn The dn to delete COMMAND 'dsidm uniquegroup' usage: dsidm instance uniquegroup [-h] {list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member} ... POSITIONAL ARGUMENTS 'dsidm uniquegroup' dsidm uniquegroup list list dsidm uniquegroup get get dsidm uniquegroup get_dn get_dn dsidm uniquegroup create create dsidm uniquegroup delete deletes the object dsidm uniquegroup modify modify :: ... dsidm uniquegroup rename rename the object dsidm uniquegroup members List member dns of a group dsidm uniquegroup add_member Add a member to a group dsidm uniquegroup remove_member Remove a member from a group COMMAND 'dsidm uniquegroup list' usage: dsidm instance uniquegroup list [-h] COMMAND 'dsidm uniquegroup get' usage: dsidm instance uniquegroup get [-h] [selector] selector The term to search for COMMAND 'dsidm uniquegroup get_dn' usage: dsidm instance uniquegroup get_dn [-h] [dn] dn The dn to get COMMAND 'dsidm uniquegroup create' usage: dsidm instance uniquegroup create [-h] [--cn [CN]] OPTIONS 'dsidm uniquegroup create' --cn [CN] Value of cn COMMAND 'dsidm uniquegroup delete' usage: dsidm instance uniquegroup delete [-h] [dn] dn The dn to delete COMMAND 'dsidm uniquegroup modify' usage: dsidm instance uniquegroup modify [-h] selector changes [changes ...] selector The cn to modify changes A list of changes to apply in format: :: COMMAND 'dsidm uniquegroup rename' usage: dsidm instance uniquegroup rename [-h] [--keep-old-rdn] selector new_name selector The cn to rename new_name A new group name OPTIONS 'dsidm uniquegroup rename' --keep-old-rdn Specify whether the old RDN (i.e. 'cn: old_group') should be kept as an attribute of the entry or not COMMAND 'dsidm uniquegroup members' usage: dsidm instance uniquegroup members [-h] [cn] cn cn of group to list members of COMMAND 'dsidm uniquegroup add_member' usage: dsidm instance uniquegroup add_member [-h] [cn] [dn] cn cn of group to add member to dn dn of object to add to group as member COMMAND 'dsidm uniquegroup remove_member' usage: dsidm instance uniquegroup remove_member [-h] [cn] [dn] cn cn of group to remove member from dn dn of object to remove from group as member OPTIONS -b BASEDN, --basedn BASEDN Base DN (root naming context) of the instance to manage -v, --verbose Display verbose operation tracing during command execution -D BINDDN, --binddn BINDDN The account to bind as for executing operations -w BINDPW, --bindpw BINDPW Password for the bind DN -W, --prompt Prompt for password of the bind DN -y PWDFILE, --pwdfile PWDFILE Specifies a file containing the password of the bind DN -Z, --starttls Connect with StartTLS -j, --json Return result in JSON object AUTHOR Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org> DISTRIBUTION The latest version of lib389 may be downloaded from lib389 3.0.1 2024-04-05 DSIDM(1)