dseditgroup man page on Darwin

Man page or keyword search:  
man Server   23457 pages
apropos Keyword Search (all sections)
Output format
Darwin logo
[printable version]

dseditgroup(8)		  BSD System Manager's Manual		dseditgroup(8)

NAME
     dseditgroup — group record manipulation tool.

SYNOPSIS
     dseditgroup [options] [parameters] groupname

		 options:
		       -o operation   perform (read, create, delete, edit,
				      checkmember) operation with given group‐
				      name
		       -p	      prompt for authentication password
		       -q	      disables interactive verification
		       -v	      verbose logging to stdout

		 parameters:
		       -m member      username to use for checkmember option
		       -n nodename    directory node location of group record
		       -u username    authenticate with admin username
		       -P password    authentication password
		       -a recordname  name of the record to add
		       -d recordname  name of the record to delete
		       -t recordtype  type of the record to add or delete
		       -T grouptype   type of group to create or modify
		       -L	      maintain ComputerLists in parallel with
				      ComputerGroups
		       -i gid	      gid to add/replace
		       -g guid	      GUID to add/replace
		       -S sid	      SID to add/replace
		       -r realname    realname to add/replace
		       -k keyword     keyword to add
		       -c comment     comment to add/replace
		       -s timetolive  seconds to live to add/replace
		       -f n | l	      change the group's format - 'n' for the
				      new group format and 'l' for the legacy
				      group format

DESCRIPTION
     dseditgroup allows manipulation of a single named group record on either
     the default local node or the specified DirectoryService node. For the
     "read" operation the authentication search policy (/Search node) is con‐
     sulted. Default behaviour is presented below after a discussion of each
     operation and the possible parameters.

     Options and their descriptions:

     -o operation
	      If "read" then the parameters of the specified groupname will be
	      displayed. This is the default option. The authentication search
	      policy (/Search node) will be used.

	      If "create" then create a group with the specified groupname on
	      either the default local node or the specified DirectoryService
	      node.

	      If "delete" then delete a group with the specified groupname on
	      either the default local node or the specified DirectoryService
	      node.

	      If "edit" then edit a group with the specified groupname on
	      either the default local node or the specified DirectoryService
	      node.

	      If "checkmember" then check if the user specified with -m or
	      current logged in user is a member of the specified groupname.
	      The authentication search policy (/Search node) is used to find
	      the member. The specified node (defaults to the authentication
	      search policy) is used to find the group. If the specified node
	      is not on the authentication search policy the behaviour is
	      undefined.

     -p	      You will be prompted for a password to use in conjunction with
	      the specified username.

     -q	      This disables interactive verification of replace or delete
	      operations.

     -v	      This enables the logging of the DirectoryService API calls and
	      their return codes.

     Parameters and their descriptions:

     -m member
	      The username of the account to verify group membership when
	      using -o checkmember

     -n nodename
	      Directory Service node name such as /LDAPv3/ldap.company.com and
	      whose default value is the local node. "." can also be used to
	      specify the local node.

     -u username
	      Username of a user that has administrative privileges on this
	      computer.

     -P password
	      Password to use in conjunction with the specified username.  If
	      this is not specified, you will be prompted for a password.

     -a recordname
	      The name of the record to be added to the group specified by
	      groupname. This name is related to the first record found on the
	      authentication search policy when a search is made with this
	      recordname and the given recordtype.

     -d recordname
	      The name of the record to be deleted from the group specified by
	      groupname. This name is related to the first record found on the
	      authentication search policy when a search is made with this
	      recordname and the given recordtype.

     -t recordtype
	      The type of the record to be added to or deleted from the group
	      specified by groupname. Valid values are user, computer, group,
	      or computergroup.

     -T grouptype
	      The type of the group record to be created or modified as speci‐
	      fied by groupname. Valid values are group or computergroup.

     -L	      If used with computergroup will also maintain the computerlist
	      if it exists or create it if a computergroup is created.

     -i gid   This is a group id. This will be automatically created if not
	      specified for a create.

     -g guid  This is a text representation of an 128 bit id. This will be
	      automatically created if not specified for a create.

     -r realname
	      This is a simple text string.

     -k keyword
	      This is a simple text string.

     -c comment
	      This is a simple text string.

     -s timetolive
	      The number of seconds that this record is deemed valid as a
	      cached value. There will be no automatically created default
	      value if not specified for a create.

DEFAULT BEHAVIOUR
     dseditgroup mygroup

     This simple version of the command will default to:

     dseditgroup -o read -n . -u $USER mygroup

     The output will be the parameters of the "mygroup" group record if the
     shell user has read access to the local node's group record of name
     "mygroup".

EXAMPLES
     dseditgroup extragroup

     dseditgroup -o read extragroup

		    The attributes of the group extragroup from the local node
		    are displayed.

     dseditgroup -o create -n /LDAPv3/ldap.company.com -u myusername -P
	      mypassword -r "Extra Group" -c "a nice comment" -s 3600 -k "some
	      keyword" extragroup

		    The group extragroup is created from the node
		    /LDAPv3/ldap.company.com with the realname, comment,
		    timetolive (instead of default of 14400 = 4 hours), and
		    keyword atttribute values given above if the user
		    myusername has supplied a correct password and has write
		    access.

     dseditgroup -o delete -n /LDAPv3/ldap.company.com -u myusername -P
	      mypassword extragroup

		    The group extragroup is deleted from the node
		    /LDAPv3/ldap.company.com if the user myusername has
		    supplied a correct password and has write access.

     dseditgroup -o edit -n /LDAPv3/ldap.company.com -u myusername -p -a
	      username -t user extragroup

		    The group extragroup from the node
		    /LDAPv3/ldap.company.com will have the username added if
		    the username is in a user record on the search policy and
		    if the correct password is presented interactively for the
		    user myusername which also need to have write access.

     dseditgroup -o edit -n /LDAPv3/ldap.company.com -u myusername -P -a
	      mysubgroup -t group extragroup

		    The group extragroup from the node
		    /LDAPv3/ldap.company.com will have the mysubgroup added if
		    the mysubgroup is in a group record on the search policy
		    and if the user myusername has supplied a correct password
		    and has write access.

     dseditgroup -o edit -n /LDAPv3/ldap.company.com -u myusername -p -d
	      username -t user extragroup

		    The group extragroup from the node
		    /LDAPv3/ldap.company.com will have the username deleted if
		    the correct password is presented interactively for the
		    user myusername which also need to have write access.

     dseditgroup -o checkmember extragroup

		    Will write out a message specifying if the current user is
		    a member of extragroup on the authentication search
		    policy.

     dseditgroup -o checkmember -n  . extragroup

		    Will write out a message specifying if the current user is
		    a member of extragroup on the local node.

     dseditgroup -n /LDAPv3/ldap.company.com -o checkmember -m user extragroup

		    Will write out a message specifying if user (found in
		    /Search) is a member of extragroup on the specified node
		    /LDAPv3/ldap.company.com. The specified node
		    /LDAPv3/ldap.company.com needs to be on the authentication
		    search policy for a valid answer.

Mac OS				 March 01 2004				Mac OS
[top]

List of man pages available for Darwin

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net