dsutil

manage the administration of users or roles

Synopsis

install-path/bin/dsutil 
subcommand [options] [operands]

Description

The dsutil command activates or inactivates a user or a role. This command also allows to check the status of a user or of a role. Use the dsutil command with any of the subcommands described in this man page.

Subcommands

The following subcommands are supported.

dsutil account-activate

Activates a single user or users members of a role.

The format of the subcommand is:

dsutil account-activate DN

dsutil account-inactivate

Inactivates a single user or users members of a role.

The format of the subcommand is:

dsutil account-inactivate DN

dsutil account-status

Indicates whether a user or role is activated.

The format of the subcommand is:

dsutil account-status DN

Global Options

The following options are global, and are applicable to all commands and subcommands.

-c
--accept-cert: Does not ask for confirmation before accepting non-trusted server certificates.
-?
--help: Displays this message or subcommand help message.
-h HOST
--hostname HOST: Connects to Directory Server on HOST (Default: $DIRSERV_HOST or localhost).
-i
--no-inter: Does not ask for confirmation.
-p PORT
--port PORT: Connects to Directory Server on PORT (Default: $DIRSERV_PORT or 389) .
-w FILE
--pwd-file FILE: Binds with password read from FILE (Default: $LDAP_ADMIN_PWF or prompts for password)
-j
--reject-cert: Does not ask for confirmation before rejecting non-trusted server certificates (for this session only).
-P PORT
--secure-port PORT: Connects to Directory Server on secure port PORT for secure LDAP traffic. The default secure LDAP port is 636 or 1636.
-e
--unsecured: Connects over LDAP with no secure connection (Enabled if $DIRSERV_UNSECURED is set).
-D USER_DN
--user-dn USER_DN: Binds as USER_DN (Default: $LDAP_ADMIN_USER or cn=Directory Manager).
-v
--verbose: Displays extra information.
-V
--version: Displays dsutil version.

Subcommand Operands

The following operands are applicable to the subcommands where they are specified.

DN: DN of the user or role to be activated.

Exit Status

The following exit status values are returned:

0

Success

1

Syntax error

4

Operand does not exist

6

Operand invalid state

Applicable only to account-inactivate and account-activate commands.

102

Activated

Applicable only to the account-status command

103

Inactivated

Applicable only to the account-status command

104

Inactivated through role

Applicable only to the account-status command.

125

Internal error

Examples

The following examples show how the dsutil command is used.

Example 1 Inactivate a user

$ dsutil account-inactivate -p 1389 -w pwd-file \
uid=bjensen,ou=People,dc=example,dc=com

This command inactivates the user whose DN is uid=bjensen,ou=People,dc=example,dc=com.

In this example, the LDAP port is specified as 1389. If you do not specify the port number, the default port number 389 is used.

Example 2 Check the status of a user

$ dsutil account-status -p 1389 -w pwd-file \
uid=bjensen,ou=People,dc=example,dc=com

This command checks whether the user whose DN is uid=bjensen,ou=People,dc=example,dc=com is active or inactive.

In this example, the LDAP port is specified as 1389. If you do not specify the port number, the default port number 389 is used.

Example 3 Activate a user

$ dsutil account-activate -p 1389 -w pwd-file \
uid=bjensen,ou=People,dc=example,dc=com

This command activates the user whose DN is uid=bjensen,ou=People,dc=example,dc=com.

In this example, the LDAP port is specified as 1389. If you do not specify the port number, the default port number 389 is used.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWdsee7
Stability Level	Evolving