Specifications
Chapter 15 Configuring and Managing Open Directory 265
Manipulating a Single Named Group Record
Use dseditgroup to manipulate a single named group record on the default local
directory domain or on the specified directory domain. The following examples show
uses for dseditgroup.
To view the attributes of a group in the local directory domain:
$ dseditgroup -o read
groupname
To create a group in a domain:
$ dseditgroup -o create -n /LDAPv3/
ldap.example.com
-u
diradmin_name
-P
diradmin_password
-r "
Group Name
" -c "
comment
" -s
1234
-k "
some
keyword
"
groupname
To create a Windows group in a domain:
1 Create the group.
$ dseditgroup -o create -n /LDAPv3/
ldap.example.com
-u
diradmin_name
-P
diradmin_password
-r "
Group Name
"
groupname
2 Set the domain group relative identifier (RID).
$ dscl -u
diradmin_name
-P
diradmin_password
/LDAPv3/
ldap.example.com
-create /Groups/
groupname
SMBRID
RID
To delete a group from a domain:
$ dseditgroup -o delete -n /LDAPv3/
ldap.example.com
-u
diradmin_name
-P
diradmin_password groupname
For more information, see the dseditgroup man page.
Adding or Removing LDAP Server Configurations
Use dsconfigldap to add or remove LDAP server configurations in directory services.
To add an LDAP server:
$ dsconfigldap -v -a
myldap.example.com
To remove an LDAP server:
$ dsconfigldap -v -r
myldap.example.com
Parameter Description
diradmin_name
Name of the directory administrator
diradmin_password
Password of the directory administrator
Group Name
Real name to add or replace
comment
Comment or add or replace
1234
Time-to-live, in seconds, to add or replace
some keyword
Keyword to add
groupname
Group name