dsidm命令详解

0 实验环境

CPU	：loongson 3a5000（LoongArch架构）
操作系统	：Loongnix Server 8.4（衍生自CentOS 8.4）
内核版本	：4.19.190-6.5.lns8.loongarch64

1 dsidm命令的作用

创建了本地实例，添加用户eve和组server_admins之后，目录服务器中的结构图。

dsidm命令就是用来管理（增加、修改、删除等操作）这个结构图内容的。

1.1 名词解释

1. ou：organizational unit ，组织单元
2. cn：common name ，通用名称
3. dn：distinguish name ，

2 命令详解

dsidm命令的帮助文档还是比较详细的，而且里面的子命令也都有帮助文档，所以通过help参数已经可以基本掌握该命令的用法。

2.1 命令基本格式

usage: dsidm [-h] [-b BASEDN] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE]
             [-Z] [-j]
             instance
             {account,group,initialise,organizationalunit,posixgroup,user,client_config,role}
             ...

2.2 用户相关命令

usage: dsidm instance user [-h]
                           {list,get,get_dn,create,modify,rename,delete} ...

2.2.1 增加用户

[root@bogon ~]# dsidm localhost user create
Enter value for uid : huangyang
Enter value for cn : Huangyang
Enter value for displayName : Huangyang User
Enter value for uidNumber : 1000
Enter value for gidNumber : 1000
Enter value for homeDirectory : /home/huangyang
Successfully created huangyang

2.2.2 列出用户名称

[root@bogon sssd]# dsidm localhost user list
demo_user
huangyang
eve

2.2.3 用户密码

用户密码需要用到account子命令

2.2.3.1 重置用户密码

[root@bogon ~]# dsidm localhost account reset_password uid=eve,ou=people,dc=example,dc=com
Enter new password for uid=eve,ou=people,dc=example,dc=com : 
CONFIRM - Enter new password for uid=eve,ou=people,dc=example,dc=com : 
reset password for uid=eve,ou=people,dc=example,dc=com

2.2.3.2 修改用户密码

[root@bogon ~]# dsidm localhost account change_password -h
usage: dsidm instance account change_password [-h]
                                              [dn] [new_password]
                                              [current_password]

2.2.4 查看指定用户的信息

[root@bogon sssd]# dsidm localhost user get huangyang
dn: uid=huangyang,ou=people,dc=example,dc=com
cn: Huangyang
......

2.2.5 改动用户属性

[root@bogon sssd]# dsidm localhost user modify -h
usage: dsidm instance user modify [-h] selector changes [changes ...]

positional arguments:
  selector    The uid to modify
  changes     A list of changes to apply in format:
              <add|delete|replace>:<attribute>:<value>

2.2.5.1 增加属性

[root@bogon sssd]# dsidm localhost user modify eve "add:description:Eve Test User"
Successfully modified uid=eve,ou=people,dc=example,dc=com

可以通过get子命令查看用户中增加的属性，如下：

[root@bogon sssd]# dsidm localhost user get eve
dn: uid=eve,ou=people,dc=example,dc=com
cn: Eve
description: Eve Test User
......

2.2.5.2 修改属性

[root@bogon ~]# dsidm localhost user modify eve "replace:description:Eve Test User(New)"
Successfully modified uid=eve,ou=people,dc=example,dc=com

2.2.5.3 删除属性

[root@bogon ~]# dsidm localhost user modify eve "delete:description:Eve Test User(New)"
Successfully modified uid=eve,ou=people,dc=example,dc=com

2.2.6 重命名用户

[root@bogon ~]# dsidm localhost user rename eve EVE
Successfully renamed to uid=EVE,ou=people,dc=example,dc=com
[root@bogon ~]# dsidm localhost user get EVE
dn: uid=EVE,ou=people,dc=example,dc=com
cn: Eve
......

2.2.7 删除用户

[root@bogon ~]# dsidm localhost user delete uid=EVE,ou=people,dc=example,dc=com
Deleting nsUserAccount uid=EVE,ou=people,dc=example,dc=com :
Type 'Yes I am sure' to continue: Yes I am sure
Successfully deleted uid=EVE,ou=people,dc=example,dc=com
[root@bogon ~]# dsidm localhost user list
demo_user
huangyang

2.3 组相关命令

[root@bogon ~]# dsidm localhost group -h
usage: dsidm instance group [-h]
                            {list,get,get_dn,create,delete,modify,rename,members,add_member,remove_member}
                            ...

在组相关命令中，list、get、create、delete、rename和modify与上面用户相关命令中对应的用法没有太多差异，此处不再赘述。
下面将要介绍的是组和组内成员之间的三个命令。

2.3.1 查看指定组内成员

此处要查看的组名称是server_admins。

[root@bogon ~]# dsidm localhost group members server_admins
dn: uid=huangyang,ou=people,dc=example,dc=com

2.3.2 给指定组添加成员

为了添加成员，我将之前删除的eve用户又增加到了目录服务器中。

[root@bogon ~]# dsidm localhost group add_member server_admins uid=eve,ou=people,dc=example,dc=com
added member: uid=eve,ou=people,dc=example,dc=com
[root@bogon ~]# dsidm localhost group members server_admins
dn: uid=huangyang,ou=people,dc=example,dc=com
dn: uid=eve,ou=people,dc=example,dc=com

2.3.3 删除组内成员

[root@bogon ~]# dsidm localhost group remove_member server_admins uid=eve,ou=people,dc=example,dc=com
removed member: uid=eve,ou=people,dc=example,dc=com
[root@bogon ~]# dsidm localhost group members server_admins
dn: uid=huangyang,ou=people,dc=example,dc=com

2.4 ou相关命令

ou的全称是organizational unit（组织单元）。其中organizationalunit子命令中的所有命令就是用来管理组织单元。

[root@bogon ~]# dsidm localhost organizationalunit -h
usage: dsidm instance organizationalunit [-h]
                                         {list,get,get_dn,create,delete,modify,rename}
                                         ...

positional arguments:
  {list,get,get_dn,create,delete,modify,rename}
                        action
    list                list
    get                 get
    get_dn              get_dn
    create              create
    delete              deletes the object
    modify              modify <add|delete|replace>:<attribute>:<value> ...
    rename              rename the object

结合着帮助文档使用起来难度不是很大，此处也不做过多解读。