dseditgroup(8) BSD System Manager's Manual dseditgroup(8)
NAME
dseditgroup -- group record manipulation tool.
SYNOPSIS
dseditgroup [options] [parameters] groupname
options:
-o operation perform (read, create, delete, edit,
checkmember) operation with given group-
name
-p prompt for authentication password
-q disables interactive verification
-v verbose logging to stdout
parameters:
-m member username to use for checkmember option
-n nodename directory node location of group record
-u username authenticate with admin username
-P password authentication password
-a recordname name of the record to add
-d recordname name of the record to delete
-t recordtype type of the record to add or delete
-i gid gid to add/replace
-g guid GUID to add/replace
-r realname realname to add/replace
-k keyword keyword to add
-c comment comment to add/replace
-s timetolive seconds to live to add/replace
-f n l change the group's format - 'n' for the
new group format and 'l' for the legacy
group format
DESCRIPTION
dseditgroup allows manipulation of a single named group record on either
the default local node or the specified DirectoryService node. Default
behaviour is presented below after a discussion of options and possible
parameters.
Options list and their descriptions:
-o operation
If "read" then the parameters of the specified groupname will be
displayed. This is the default option. If "create" then create
a group with the specified groupname. If "delete" then delete a
group with the specified groupname. If "edit" then edit a group
with the specified groupname. If "checkmember" then check if
the user specified with -m or current logged in user is a member
of the specified groupname.
-p You will be prompted for a password to use in conjunction with
the specified username.
-q This disables interactive verification of replace or delete
operations.
-v This enables the logging of the DirectoryService API calls and
their return codes.
Parameters list and their descriptions:
-m member
The username of the account you wish to verify group membership
when using -o checkmember option.
-n nodename
Directory Service node name such as /LDAPv3/ldap.company.com and
whose default value is the local node /NetInfo/DefaultLocalNode.
-u username
Username of a user that has administrative privileges on this
computer.
-P password
Password to use in conjunction with the specified username. If
this is not specified, you will be prompted for a password.
-a recordname
The name of the record to be added to the group specified by
groupname. This name is related to the first record found on the
authentication search policy when a search is made with this
recordname and the given recordtype.
-d recordname
The name of the record to be deleted from the group specified by
groupname. This name is related to the first record found on the
authentication search policy when a search is made with this
recordname and the given recordtype.
-t recordtype
The type of the record to be added to or deleted from the group
specified by groupname. Valid values are user, computer, and
group.
-i gid This is a group id. This will be automatically created if not
specified for a create.
-g guid This is a text representation of an 128 bit id. This will be
automatically created if not specified for a create.
-r realname
This is a simple text string.
-k keyword
This is a simple text string.
-c comment
This is a simple text string.
-s timetolive
The number of seconds that this record is deemed valid as a
cached value. There will be no automatically created default
value if not specified for a create.
DEFAULT BEHAVIOUR
dseditgroup mygroup
This simple version of the command will default to:
dseditgroup -o read -d /NetInfo/DefaultLocalNode -u $USER mygroup
The output will be the parameters of the "mygroup" group record if the
shell user has read access to the local node's group record of name
"mygroup". TBU:
EXAMPLES
dseditgroup extragroup
dseditgroup -o read extragroup
The attributes of the group extragroup from the local node
are displayed.
dseditgroup -o create -n /LDAPv3/ldap.company.com -u myusername -P
mypassword -r "Extra Group" -c "a nice comment" -s 3600 -k "some
keyword" extragroup
The group extragroup is created from the node
/LDAPv3/ldap.company.com with the realname, comment,
timetolive (instead of default of 14400 = 4 hours), and
keyword atttribute values given above if the user
myusername has supplied a correct password and has write
access.
dseditgroup -o delete -n /LDAPv3/ldap.company.com -u myusername -P
mypassword extragroup
The group extragroup is deleted from the node
/LDAPv3/ldap.company.com if the user myusername has
supplied a correct password and has write access.
dseditgroup -o edit -n /LDAPv3/ldap.company.com -u myusername -p -a
username -t user extragroup
The group extragroup from the node
/LDAPv3/ldap.company.com will have the username added if
the username is in a user record on the search policy and
if the correct password is presented interactively for the
user myusername which also need to have write access.
dseditgroup -o edit -n /LDAPv3/ldap.company.com -u myusername -P -a
mysubgroup -t group extragroup
The group extragroup from the node
/LDAPv3/ldap.company.com will have the mysubgroup added if
the mysubgroup is in a group record on the search policy
and if the user myusername has supplied a correct password
and has write access.
dseditgroup -o edit -n /LDAPv3/ldap.company.com -u myusername -p -d
username -t user extragroup
The group extragroup from the node
/LDAPv3/ldap.company.com will have the username deleted if
the correct password is presented interactively for the
user myusername which also need to have write access.
Mac OS March 01 2004 Mac OS
|
