-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdscl.man
267 lines (202 loc) · 12.6 KB
/
dscl.man
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
dscl(1) BSD General Commands Manual dscl(1)
NNAAMMEE
ddssccll -- Directory Service command line utility
SSYYNNOOPPSSIISS
ddssccll [options] [_d_a_t_a_s_o_u_r_c_e [command]]
options:
--pp prompt for password
--uu _u_s_e_r authenticate as user
--PP _p_a_s_s_w_o_r_d authentication password
--rraaww don't strip off prefix from DirectoryService API
constants
--uurrll print record attribute values in URL-style encod-
ing
--qq quiet - no interactive prompt
commands:
--rreeaadd [_p_a_t_h [_k_e_y ...]]
--lliisstt _p_a_t_h [key]
--sseeaarrcchh _p_a_t_h _k_e_y _v_a_l
--ccrreeaattee _r_e_c_o_r_d___p_a_t_h [_k_e_y [_v_a_l ...]]
--aappppeenndd _r_e_c_o_r_d___p_a_t_h _k_e_y _v_a_l ...
--mmeerrggee _r_e_c_o_r_d___p_a_t_h _k_e_y _v_a_l ...
--ddeelleettee _p_a_t_h [_k_e_y [_v_a_l ...]]
--cchhaannggee _r_e_c_o_r_d___p_a_t_h _k_e_y _o_l_d___v_a_l _n_e_w___v_a_l
--cchhaannggeeii _r_e_c_o_r_d___p_a_t_h _k_e_y _v_a_l___i_n_d_e_x _n_e_w___v_a_l
--ppaasssswwdd _u_s_e_r___p_a_t_h [_n_e_w___p_a_s_s_w_o_r_d | _o_l_d___p_a_s_s_w_o_r_d _n_e_w___p_a_s_s_w_o_r_d]
available only in interactive mode:
--ccdd _d_i_r
--ppuusshhdd [_d_i_r]
--ppooppdd
--aauutthh [_u_s_e_r [_p_a_s_s_w_o_r_d]]
--aauutthhoonnllyy [_u_s_e_r [_p_a_s_s_w_o_r_d]]
--qquuiitt
DDEESSCCRRIIPPTTIIOONN
ddssccll is a general-purpose utility for operating on Directory Service
directory nodes. Its commands allow one to create, read, and manage
Directory Service data. If invoked without any commands, ddssccll runs in an
interactive mode, reading commands from standard input. Interactive pro-
cessing is terminated by the _q_u_i_t command. Leading dashes ("-") are
optional for all commands.
ddssccll operates on a datasource specified on the command line. This may be
a node name or a Mac OS X Server (10.2 or later) host specified by DNS
hostname or IP address. Node names may be absolute paths beginning with
a slash ("/"), or relative domain paths beginning with a dot (".") char-
acter, which specifies the local domain, or "..", specifying the local
domain's parent. If the hostname or IP address form is used then the
user must specify the --uu option and either the --PP of --pp options to spec-
ify an administrative user and password on the remote host to authenti-
cate with to the remote host. The exception to this is if "localhost" is
specified.
PPAATTHH SSPPEECCIIFFIICCAATTIIOONN
There are two modes of operation when specifying paths to operate on. The
two modes correspond to whether the datasource is a node or a host. In
the case of specifying a node, the top level of paths will be record
types. Example top level paths would be:
/Users/alice
/Groups/admin
In the case of specifying a host as a data source, the top level of paths
correspond to Open Directory plug-ins and Search Paths. One can specify
the plug-in to traverse to a node name, after which the paths are equiva-
lent to the former usage. The following might be the equivalent paths as
the above paths:
/NetInfo/root/Users/alice
/LDAPv3/10.0.1.42/Groups/admin
If path components contain keys or values with embedded slash characters,
the slash characters must be escaped with a leading backslash character.
Since the shell also processes escape characters, an extra backslash is
required to correctly specify an escape. For example, to read a mount
record with the name "ldapserver:/Users" in the "/Mounts" path, the fol-
lowing path would be used:
ddssccll . --rreeaadd /Mounts/ldaphost:\\/Users
All pathnames are case-sensitive.
NOTE: You must use double quotes to combine text into a single value. If
you use single quotes then they will actually become part of the value.
Please see the given append example below.
CCOOMMMMAANNDDSS
The action of each command is described below. Some commands have
aliases. For example, "cat" and "." are aliases for "read". Command
aliases are listed in parentheses.
rreeaadd ((ccaatt ..))
Usage: read [_p_a_t_h [_k_e_y ...]]
Prints a directory. Each of the properties are printed one per line.
The property key is followed by a colon, then a space-separated list of
the values for that property. Note that a value which contains embedded
spaces will appear identical to a pair of values.
If The --rraaww flag for raw output has been given, then _r_e_a_d prints the full
DirectoryService API constant for record and attribute types.
If the --uurrll flag has been specified then printed record path attribute
values are encoded in the style of URLs. This is useful if a script or
program is trying to process the output since values will not have any
spaces or other control characters.
lliisstt ((llss))
Usage: list _p_a_t_h
Lists the subdirectories of the given directory. Subdirectories are
listed one per line. In the case of listing a search path, the names are
preceded by an index number that can act as a shortcut and used in place
of the name when specifying a path.
When used in interactive mode, the path is optional. With no path given,
the current directory will be used.
sseeaarrcchh
_p_a_t_h _k_e_y _v_a_l
Searches for records that match a pattern. The search is rooted at the
given path. The path may be a node path or a record type path. Valid
keys are Directory Service record attribute types.
ccrreeaattee ((mmkk))
Usage: create _r_e_c_o_r_d___p_a_t_h [_k_e_y [_v_a_l ...]]
Creates a record, property, or value. If only a record path is given,
the _c_r_e_a_t_e command will create the record if it does not exist. If a key
is given, then a property with that key will be created.
WARNING - If a property with the given key already exists, it will be
destroyed and a new property will be created in its place. To add values
to an existing property, use the _a_p_p_e_n_d or _m_e_r_g_e commands.
If values are included in the command, these values will be set for the
given key.
NOTE - Not all directory nodes support a property without a value. An
error will be given if you attempt to create a property with no value in
such a directory node.
aappppeenndd
Usage: append _r_e_c_o_r_d___p_a_t_h _k_e_y _v_a_l ...
Appends one or more values to a property in a given record. The property
is created if it does not exist.
mmeerrggee
Usage: merge _r_e_c_o_r_d___p_a_t_h _k_e_y _v_a_l ...
Appends one or more values to a property in a given directory if the
property does not already have those values. The property is created if
it does not exist.
cchhaannggee
Usage: change _r_e_c_o_r_d___p_a_t_h _k_e_y _o_l_d___v_a_l _n_e_w___v_a_l
Replaces the given old value in the list of values of the given key with
the new value in the specified record.
cchhaannggeeii
Usage: changei _p_a_t_h _k_e_y _i_n_d_e_x _v_a_l
Replaces the value at the given index in the list of values of the given
key with the new value in the specified record. _i_n_d_e_x is an integer
value. An index of 1 specifies the first value. An index greater than
the number of values in the list will result in an error.
ddeelleettee ((rrmm))
Usage: delete _p_a_t_h [_k_e_y [_v_a_l ...]]
Delete a directory, property, or value. If a directory path is given,
the _d_e_l_e_t_e command will delete the directory. This can only be used on
record type and record paths. If a key is given, then a property with
that key will be deleted. If one or more values are given, those values
will be removed from the property with the given key.
ppaasssswwdd
Usage: passwd _u_s_e_r___p_a_t_h [_n_e_w___p_a_s_w_o_r_d | _o_l_d___p_a_s_s_w_o_r_d _n_e_w___p_a_s_w_o_r_d]
Changes a password for a user. The user must be specified by full path,
not just a username. If you are authenticated to the node (either by
specifying the --uu and --PP flags or by using the auth command when in
interactive node) then you can simply specify a new password. If you are
not authenticated then the user's old password must be specified. If
passwords are not specified while in interactive mode, you will be
prompted for them.
IINNTTEERRAACCTTIIVVEE CCOOMMMMAANNDDSS
ccdd
Usage: cd dir
Sets the current directory. Path names for other ddssccll commands may be
relative to the current directory.
ppuusshhdd ((ppdd))
Usage: pushd path
Similar to the pushd command commonly found in Unix shells. When a path
is specified it sets the current directory while pushing the previous
directory on to the directory stack. If no path is specified it
exchanges the top two elements of the directory stack. It will also
print the final directory stack.
ppooppdd
Usage: popd
Pops the directory stack and returns to the new top directory. It will
also print the final directory stack.
aauutthh ((ssuu))
Usage: auth [_u_s_e_r [_p_a_s_s_w_o_r_d]]
Authenticate as the named user, or as "root" if no user is specified. If
a password is supplied, then that password is used for authentication,
otherwise the command prompts for a password.
If ddssccll is run in host mode, then when this command is run the current
directory must be in the subdirectories of a node.
aauutthhoonnllyy
Usage: authonly [_u_s_e_r [_p_a_s_s_w_o_r_d]]
Used to verify the password of a named user, or of "root" if no user is
specified. If a password is supplied, then that password is used for
authentication, otherwise the command prompts for a password.
If ddssccll is run in host mode, then when this command is run the current
directory must be in the subdirectories of a node.
qquuiitt ((qq))
Usage: quit
Ends processing of interactive commands and terminates the program.
ccoommmmaanndd hhiissttoorryy
The up and down arrow keys will scan through the command history.
ttaabb ccoommpplleettiioonn
When pathnames are being typed, pressing the tab key will result in a
search to auto-complete the typed partial subdirectory name. It will also
attempt to correct capitilization in the process.
EEXXAAMMPPLLEESS
--vviieeww aa rreeccoorrdd iinn tthhee llooccaall ddiirreeccttoorryy nnooddee
dscl . -read /Users/www
--ccrreeaattee oorr rreeppllaaccee tthhee UUsseerrSShheellll aattttrriibbuuttee vvaalluuee ffoorr tthhee wwwwww uusseerr rreeccoorrdd
dscl . -create /Users/www UserShell /usr/bin/false
--lliisstt tthhee uunniiqquueeIIDD vvaalluueess ffoorr aallll uusseerr rreeccoorrddss oonn aa ggiivveenn nnooddee
dscl /LDAPv3/ldap.company.com -list /Users UniqueID
--aappppeenndd aa vvaalluuee tthhaatt hhaass ssppaacceess iinn iitt
dscl . -append /Users/www Comment "This is a comment"
SSEEEE AALLSSOO
DirectoryService(8), DirectoryServiceAttributes(7)
MacOSX August 25, 2003 MacOSX