Manual Pages for UNIX Darwin command on man dseditgroup
MyWebUniversity

Manual Pages for UNIX Darwin command on man dseditgroup

dseditgroup(8) BSD System Manager's Manual dseditgroup(8)



NAME
     ddsseeddiittggrroouupp - group record manipulation tool.



SYNOPSIS
     ddsseeddiittggrroouupp [options] [parameters] groupname

                 options:

                       -oo operation   perform (read, create, delete, edit,

                                      checkmember) operation with given group-

                                      name

                       -pp             prompt for authentication password

                       -qq             disables interactive verification

                       -vv             verbose logging to stdout


                 parameters:

                       -mm member      username to use for checkmember option

                       -nn nodename    directory node location of group record

                       -uu username    authenticate with admin username

                       -PP password    authentication password

                       -aa recordname  name of the record to add

                       -dd recordname  name of the record to delete

                       -tt recordtype  type of the record to add or delete

                       -ii gid         gid to add/replace

                       -gg guid        GUID to add/replace

                       -SS sid         SID to add/replace

                       -rr realname    realname to add/replace

                       -kk keyword     keyword to add

                       -cc comment     comment to add/replace

                       -ss timetolive  seconds to live to add/replace

                       -ff n | l       change the group's format - 'n' for the

                                      new group format and 'l' for the legacy
                                      group format


DESCRIPTION
     ddsseeddiittggrroouupp allows manipulation of a single named group record on either
     the default local node or the specified DirectoryService node. For the

     "read" operation the authentication search policy (/Search node) is con-

     sulted. Default behaviour is presented below after a discussion of each
     operation and the possible parameters.

     Options and their descriptions:


     -oo operation

              If "read" then the parameters of the specified groupname will be
              displayed. This is the default option. The authentication search
              policy (/Search node) will be used.

              If "create" then create a group with the specified groupname on
              either the default local node or the specified DirectoryService
              node.

              If "delete" then delete a group with the specified groupname on
              either the default local node or the specified DirectoryService
              node.

              If "edit" then edit a group with the specified groupname on
              either the default local node or the specified DirectoryService
              node.


              If "checkmember" then check if the user specified with -m or

              current logged in user is a member of the specified groupname.
              The authentication search policy (/Search node) is used to find
              the member. The specified node (defaults to the authentication
              search policy) is used to find the group. If the specified node
              is not on the authentication search policy the behaviour is
              undefined.


     -pp       You will be prompted for a password to use in conjunction with

              the specified username.


     -qq       This disables interactive verification of replace or delete

              operations.


     -vv       This enables the logging of the DirectoryService API calls and

              their return codes.

     Parameters and their descriptions:


     -mm member

              The username of the account to verify group membership when

              using -oo checkmember



     -nn nodename

              Directory Service node name such as /LDAPv3/ldap.company.com and
              whose default value is the local node. "." can also be used to
              specify the local node.


     -uu username

              Username of a user that has administrative privileges on this
              computer.


     -PP password

              Password to use in conjunction with the specified username.  If
              this is not specified, you will be prompted for a password.


     -aa recordname

              The name of the record to be added to the group specified by
              groupname. This name is related to the first record found on the
              authentication search policy when a search is made with this
              recordname and the given recordtype.


     -dd recordname

              The name of the record to be deleted from the group specified by
              groupname. This name is related to the first record found on the
              authentication search policy when a search is made with this
              recordname and the given recordtype.


     -tt recordtype

              The type of the record to be added to or deleted from the group
              specified by groupname. Valid values are user, computer, and
              group.


     -ii gid   This is a group id. This will be automatically created if not

              specified for a create.


     -gg guid  This is a text representation of an 128 bit id. This will be

              automatically created if not specified for a create.


     -rr realname

              This is a simple text string.


     -kk keyword

              This is a simple text string.


     -cc comment

              This is a simple text string.


     -ss timetolive

              The number of seconds that this record is deemed valid as a
              cached value. There will be no automatically created default
              value if not specified for a create.

DDEEFFAAUULLTT BBEEHHAAVVIIOOUURR

     dseditgroup mygroup


     This simple version of the command will default to:


     dseditgroup -o read -n . -u $USER mygroup


     The output will be the parameters of the "mygroup" group record if the
     shell user has read access to the local node's group record of name
     "mygroup".

EEXXAAMMPPLLEESS
     ddsseeddiittggrroouupp extragroup


     ddsseeddiittggrroouupp -oo read extragroup


                    The attributes of the group extragroup from the local node
                    are displayed.


     ddsseeddiittggrroouupp -oo create -nn /LDAPv3/ldap.company.com -uu myusername -PP

              mypassword -rr "Extra Group" -cc "a nice comment" -ss 3600 -kk "some

              keyword" extragroup

                    The group extragroup is created from the node
                    /LDAPv3/ldap.company.com with the realname, comment,
                    timetolive (instead of default of 14400 = 4 hours), and
                    keyword atttribute values given above if the user
                    myusername has supplied a correct password and has write
                    access.


     ddsseeddiittggrroouupp -oo delete -nn /LDAPv3/ldap.company.com -uu myusername -PP

              mypassword extragroup

                    The group extragroup is deleted from the node
                    /LDAPv3/ldap.company.com if the user myusername has
                    supplied a correct password and has write access.


     ddsseeddiittggrroouupp -oo edit -nn /LDAPv3/ldap.company.com -uu myusername -pp -aa

              username -tt user extragroup


                    The group extragroup from the node
                    /LDAPv3/ldap.company.com will have the username added if
                    the username is in a user record on the search policy and
                    if the correct password is presented interactively for the
                    user myusername which also need to have write access.


     ddsseeddiittggrroouupp -oo edit -nn /LDAPv3/ldap.company.com -uu myusername -PP -aa

              mysubgroup -tt group extragroup


                    The group extragroup from the node
                    /LDAPv3/ldap.company.com will have the mysubgroup added if
                    the mysubgroup is in a group record on the search policy
                    and if the user myusername has supplied a correct password
                    and has write access.


     ddsseeddiittggrroouupp -oo edit -nn /LDAPv3/ldap.company.com -uu myusername -pp -dd

              username -tt user extragroup


                    The group extragroup from the node
                    /LDAPv3/ldap.company.com will have the username deleted if
                    the correct password is presented interactively for the
                    user myusername which also need to have write access.


     ddsseeddiittggrroouupp -oo checkmember extragroup


                    Will write out a message specifying if the current user is
                    a member of extragroup on the authentication search
                    policy.


     ddsseeddiittggrroouupp -oo checkmember -nn  . extragroup


                    Will write out a message specifying if the current user is
                    a member of extragroup on the local node.


     ddsseeddiittggrroouupp -nn /LDAPv3/ldap.company.com -oo checkmember -mm user extragroup


                    Will write out a message specifying if user (found in
                    /Search) is a member of extragroup on the specified node
                    /LDAPv3/ldap.company.com. The specified node
                    /LDAPv3/ldap.company.com needs to be on the authentication
                    search policy for a valid answer.

Mac OS                           March 01 2004                          Mac OS



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™