Filter
Top Products
Chapter 8 Working with Users and Groups 117
dscl displays the settings for the group account, similar to the following output where
the group named parentgroup is shown as nested:
apple-generateduid:4B3A5678-E9C1-2EC3-4567-891D234E5678
apple-group-nestedgroup:1A2B3456-C7D8-9EF1-2345-678G912H3456
cn: parentgroup
gidNumber: 700
objectClass: posixGroup apple-group extensibleObject top
AppleMetaNodeLocation: /LDAPv3/ipaddress
GeneratedUID:4B3A5678-E9C1-2EC3-4567-891D234E5678
NestedGroups:1A2B3456-C7D8-9EF1-2345-678G912H3456
PasswordPlus:********
PrimaryGroupID: 700
RecordName: parentgroup
RecordType: dsRecTypeStandard:Groups
Once a nested group is established, it can be split apart or unnested by using the
dseditgroup tool with the -d option which deletes the group record but leaves the
group intact.
To unnest a group:
$ dseditgroup -o edit [-d
childgroup
] [-t
group
] [-u
username
] [-P
password
]
[-n /LDAPv3/
ipaddess
]
parentgroup
Editing Group Records
You can use dsEditGroup to add, remove, or edit group records in the local directory
service.
To display the information about a particular group:
$ dseditgroup
officegroup
To delete a group:
$ dseditgroup -o delete -n /LDAPv3/
ipaddress
-u
diradmin
groupname
Replace ipaddress with the IP address of the DNS name of the LDAPv3 server, diradmin
with the name of the directory administrator, and groupname with the name of the
group you want to delete.
Parameter Description
childgroup The name of the child group you are adding to the parent group.
group The type of account you are changing. In this case group.
username The short name of a user with LDAP directory service access.
password The user password.
ipaddress The IP address of your directory server.
parentgroup The name of the parent group that the child group is being added
to.