Filter
Top Products
264 Chapter 15 Working with Open Directory
Finding Network Information
The lookupd daemon acts as an information broker and cache. It is called by various
routines in the System framework to find information about user accounts, groups,
printers, email aliases and distribution lists, computer names, Internet addresses, and
several other kinds of information. lookupd also has a channel to query Open Directory,
allowing access to data from LDAP and other directory services.
To look up a user by name:
$ lookupd -q user -a name anne
This returns the user records that have a short name of “anne.”
To run lookupd in interactive mode:
$ lookupd -d
>?
Typing ? at the lookupd interactive promt (>) displays all the possible commands for
lookupd.
To list the attributes of a user:
> userWithName:
anne
See the lookupd man page for more information.
Manipulating a Single Named Group Record
dseditgroup allows manipulation of a single named group record on either the default
local directory domain or the specified directory domain. The following examples show
some uses for dseditgroup.
To display the attributes of a group in the local directory domain:
$ dseditgroup -o read
groupname
To create a group in a specified domain:
$ dseditgroup -o create -n /LDAPv3/
ldap.example.com
-u
myusername
-P
mypassword
-r "
Group Name
" -c "
comment
" -s
1234
-k "
some keyword
"
groupname
To delete a group from a specified domain:
$ dseditgroup -o delete -n /LDAPv3/
ldap.example.com
-u
myusername
-P
mypassword groupname
Parameter Description
myuser
User name authenticated with administrator user
mypassword
User password
Group Name
Real name to add or replace
comment
Comment or add or replace
1234
Time to livein seconds to add or replace