]>
Commit | Line | Data |
---|---|---|
1f554f76 DM |
1 | *pveum* `<COMMAND> [ARGS] [OPTIONS]` |
2 | ||
e2d681b3 | 3 | *pveum acl delete* `<path> --roles <string>` `[OPTIONS]` |
1f554f76 DM |
4 | |
5 | Update Access Control List (add or remove permissions). | |
6 | ||
013dc89f | 7 | `<path>`: `<string>` :: |
1f554f76 DM |
8 | |
9 | Access control path | |
10 | ||
2489d6df | 11 | `--groups` `<string>` :: |
1f554f76 DM |
12 | |
13 | List of groups. | |
14 | ||
2489d6df | 15 | `--propagate` `<boolean>` ('default =' `1`):: |
1f554f76 DM |
16 | |
17 | Allow to propagate (inherit) permissions. | |
18 | ||
2489d6df | 19 | `--roles` `<string>` :: |
1f554f76 DM |
20 | |
21 | List of roles. | |
22 | ||
e9cd3bd4 TL |
23 | `--tokens` `<string>` :: |
24 | ||
25 | List of API tokens. | |
26 | ||
2489d6df | 27 | `--users` `<string>` :: |
1f554f76 DM |
28 | |
29 | List of users. | |
30 | ||
5c1699e5 TL |
31 | *pveum acl list* `[FORMAT_OPTIONS]` |
32 | ||
33 | Get Access Control List (ACLs). | |
34 | ||
e2d681b3 | 35 | *pveum acl modify* `<path> --roles <string>` `[OPTIONS]` |
1f554f76 DM |
36 | |
37 | Update Access Control List (add or remove permissions). | |
38 | ||
013dc89f | 39 | `<path>`: `<string>` :: |
1f554f76 DM |
40 | |
41 | Access control path | |
42 | ||
2489d6df | 43 | `--groups` `<string>` :: |
1f554f76 DM |
44 | |
45 | List of groups. | |
46 | ||
2489d6df | 47 | `--propagate` `<boolean>` ('default =' `1`):: |
1f554f76 DM |
48 | |
49 | Allow to propagate (inherit) permissions. | |
50 | ||
2489d6df | 51 | `--roles` `<string>` :: |
1f554f76 DM |
52 | |
53 | List of roles. | |
54 | ||
e9cd3bd4 TL |
55 | `--tokens` `<string>` :: |
56 | ||
57 | List of API tokens. | |
58 | ||
2489d6df | 59 | `--users` `<string>` :: |
1f554f76 DM |
60 | |
61 | List of users. | |
62 | ||
e2d681b3 TL |
63 | *pveum acldel* |
64 | ||
65 | An alias for 'pveum acl delete'. | |
66 | ||
67 | *pveum aclmod* | |
68 | ||
69 | An alias for 'pveum acl modify'. | |
70 | ||
71 | *pveum group add* `<groupid>` `[OPTIONS]` | |
1f554f76 DM |
72 | |
73 | Create new group. | |
74 | ||
013dc89f | 75 | `<groupid>`: `<string>` :: |
1f554f76 DM |
76 | |
77 | no description available | |
78 | ||
2489d6df | 79 | `--comment` `<string>` :: |
1f554f76 DM |
80 | |
81 | no description available | |
82 | ||
e2d681b3 | 83 | *pveum group delete* `<groupid>` |
1f554f76 DM |
84 | |
85 | Delete group. | |
86 | ||
013dc89f | 87 | `<groupid>`: `<string>` :: |
1f554f76 DM |
88 | |
89 | no description available | |
90 | ||
5c1699e5 TL |
91 | *pveum group list* `[FORMAT_OPTIONS]` |
92 | ||
93 | Group index. | |
94 | ||
e2d681b3 | 95 | *pveum group modify* `<groupid>` `[OPTIONS]` |
1f554f76 DM |
96 | |
97 | Update group data. | |
98 | ||
013dc89f | 99 | `<groupid>`: `<string>` :: |
1f554f76 DM |
100 | |
101 | no description available | |
102 | ||
2489d6df | 103 | `--comment` `<string>` :: |
1f554f76 DM |
104 | |
105 | no description available | |
106 | ||
e2d681b3 TL |
107 | *pveum groupadd* |
108 | ||
109 | An alias for 'pveum group add'. | |
110 | ||
111 | *pveum groupdel* | |
112 | ||
113 | An alias for 'pveum group delete'. | |
114 | ||
115 | *pveum groupmod* | |
116 | ||
117 | An alias for 'pveum group modify'. | |
118 | ||
35a75dd3 | 119 | *pveum help* `[OPTIONS]` |
1f554f76 DM |
120 | |
121 | Get help about specified command. | |
122 | ||
35a75dd3 | 123 | `--extra-args` `<array>` :: |
1f554f76 | 124 | |
35a75dd3 | 125 | Shows help for a specific command |
1f554f76 | 126 | |
2489d6df | 127 | `--verbose` `<boolean>` :: |
1f554f76 DM |
128 | |
129 | Verbose output format. | |
130 | ||
1f554f76 DM |
131 | *pveum passwd* `<userid>` |
132 | ||
133 | Change user password. | |
134 | ||
013dc89f | 135 | `<userid>`: `<string>` :: |
1f554f76 DM |
136 | |
137 | User ID | |
138 | ||
d2656385 TL |
139 | *pveum pool add* `<poolid>` `[OPTIONS]` |
140 | ||
141 | Create new pool. | |
142 | ||
143 | `<poolid>`: `<string>` :: | |
144 | ||
145 | no description available | |
146 | ||
147 | `--comment` `<string>` :: | |
148 | ||
149 | no description available | |
150 | ||
151 | *pveum pool delete* `<poolid>` | |
152 | ||
153 | Delete pool. | |
154 | ||
155 | `<poolid>`: `<string>` :: | |
156 | ||
157 | no description available | |
158 | ||
159 | *pveum pool list* `[FORMAT_OPTIONS]` | |
160 | ||
161 | Pool index. | |
162 | ||
163 | *pveum pool modify* `<poolid>` `[OPTIONS]` | |
164 | ||
165 | Update pool data. | |
166 | ||
167 | `<poolid>`: `<string>` :: | |
168 | ||
169 | no description available | |
170 | ||
171 | `--comment` `<string>` :: | |
172 | ||
173 | no description available | |
174 | ||
175 | `--delete` `<boolean>` :: | |
176 | ||
177 | Remove vms/storage (instead of adding it). | |
178 | ||
179 | `--storage` `<string>` :: | |
180 | ||
181 | List of storage IDs. | |
182 | ||
183 | `--vms` `<string>` :: | |
184 | ||
185 | List of virtual machines. | |
186 | ||
c5aa7e14 TL |
187 | *pveum realm add* `<realm> --type <string>` `[OPTIONS]` |
188 | ||
189 | Add an authentication server. | |
190 | ||
191 | `<realm>`: `<string>` :: | |
192 | ||
193 | Authentication domain ID | |
194 | ||
c30bb419 TL |
195 | `--acr-values` `<string>` :: |
196 | ||
197 | Specifies the Authentication Context Class Reference values that theAuthorization Server is being requested to use for the Auth Request. | |
198 | ||
34f3e481 TL |
199 | `--autocreate` `<boolean>` ('default =' `0`):: |
200 | ||
201 | Automatically create users if they do not exist. | |
202 | ||
c5aa7e14 TL |
203 | `--base_dn` `\w+=[^,]+(,\s*\w+=[^,]+)*` :: |
204 | ||
205 | LDAP base domain name | |
206 | ||
207 | `--bind_dn` `\w+=[^,]+(,\s*\w+=[^,]+)*` :: | |
208 | ||
209 | LDAP bind domain name | |
210 | ||
211 | `--capath` `<string>` ('default =' `/etc/ssl/certs`):: | |
212 | ||
213 | Path to the CA certificate store | |
214 | ||
4772952b TL |
215 | `--case-sensitive` `<boolean>` ('default =' `1`):: |
216 | ||
217 | username is case-sensitive | |
218 | ||
c5aa7e14 TL |
219 | `--cert` `<string>` :: |
220 | ||
221 | Path to the client certificate | |
222 | ||
223 | `--certkey` `<string>` :: | |
224 | ||
225 | Path to the client certificate key | |
226 | ||
34f3e481 TL |
227 | `--client-id` `<string>` :: |
228 | ||
229 | OpenID Client ID | |
230 | ||
231 | `--client-key` `<string>` :: | |
232 | ||
233 | OpenID Client Key | |
234 | ||
c5aa7e14 TL |
235 | `--comment` `<string>` :: |
236 | ||
237 | Description. | |
238 | ||
239 | `--default` `<boolean>` :: | |
240 | ||
241 | Use this as default realm | |
242 | ||
243 | `--domain` `\S+` :: | |
244 | ||
245 | AD domain name | |
246 | ||
247 | `--filter` `<string>` :: | |
248 | ||
249 | LDAP filter for user sync. | |
250 | ||
251 | `--group_classes` `<string>` ('default =' `groupOfNames, group, univentionGroup, ipausergroup`):: | |
252 | ||
253 | The objectclasses for groups. | |
254 | ||
255 | `--group_dn` `\w+=[^,]+(,\s*\w+=[^,]+)*` :: | |
256 | ||
257 | LDAP base domain name for group sync. If not set, the base_dn will be used. | |
258 | ||
259 | `--group_filter` `<string>` :: | |
260 | ||
261 | LDAP filter for group sync. | |
262 | ||
263 | `--group_name_attr` `<string>` :: | |
264 | ||
265 | LDAP attribute representing a groups name. If not set or found, the first value of the DN will be used as name. | |
266 | ||
34f3e481 TL |
267 | `--issuer-url` `<string>` :: |
268 | ||
269 | OpenID Issuer Url | |
270 | ||
c5aa7e14 TL |
271 | `--mode` `<ldap | ldap+starttls | ldaps>` ('default =' `ldap`):: |
272 | ||
273 | LDAP protocol mode. | |
274 | ||
275 | `--password` `<string>` :: | |
276 | ||
277 | LDAP bind password. Will be stored in '/etc/pve/priv/realm/<REALM>.pw'. | |
278 | ||
279 | `--port` `<integer> (1 - 65535)` :: | |
280 | ||
281 | Server port. | |
282 | ||
c30bb419 TL |
283 | `--prompt` `(?:none|login|consent|select_account|\S+)` :: |
284 | ||
285 | Specifies whether the Authorization Server prompts the End-User for reauthentication and consent. | |
286 | ||
287 | `--scopes` `<string>` ('default =' `email profile`):: | |
288 | ||
289 | Specifies the scopes (user details) that should be authorized and returned, for example 'email' or 'profile'. | |
290 | ||
c5aa7e14 TL |
291 | `--secure` `<boolean>` :: |
292 | ||
293 | Use secure LDAPS protocol. DEPRECATED: use 'mode' instead. | |
294 | ||
295 | `--server1` `<string>` :: | |
296 | ||
297 | Server IP address (or DNS name) | |
298 | ||
299 | `--server2` `<string>` :: | |
300 | ||
301 | Fallback Server IP address (or DNS name) | |
302 | ||
303 | `--sslversion` `<tlsv1 | tlsv1_1 | tlsv1_2 | tlsv1_3>` :: | |
304 | ||
305 | LDAPS TLS/SSL version. It's not recommended to use version older than 1.2! | |
306 | ||
7af2edf9 | 307 | `--sync-defaults-options` `[enable-new=<1|0>] [,full=<1|0>] [,purge=<1|0>] [,remove-vanished=[acl];[properties];[entry]] [,scope=<users|groups|both>]` :: |
c5aa7e14 TL |
308 | |
309 | The default options for behavior of synchronizations. | |
310 | ||
311 | `--sync_attributes` `\w+=[^,]+(,\s*\w+=[^,]+)*` :: | |
312 | ||
313 | Comma separated list of key=value pairs for specifying which LDAP attributes map to which PVE user field. For example, to map the LDAP attribute 'mail' to PVEs 'email', write 'email=mail'. By default, each PVE user field is represented by an LDAP attribute of the same name. | |
314 | ||
315 | `--tfa` `type=<TFATYPE> [,digits=<COUNT>] [,id=<ID>] [,key=<KEY>] [,step=<SECONDS>] [,url=<URL>]` :: | |
316 | ||
317 | Use Two-factor authentication. | |
318 | ||
34f3e481 | 319 | `--type` `<ad | ldap | openid | pam | pve>` :: |
c5aa7e14 TL |
320 | |
321 | Realm type. | |
322 | ||
323 | `--user_attr` `\S{2,}` :: | |
324 | ||
325 | LDAP user attribute name | |
326 | ||
327 | `--user_classes` `<string>` ('default =' `inetorgperson, posixaccount, person, user`):: | |
328 | ||
329 | The objectclasses for users. | |
330 | ||
c30bb419 | 331 | `--username-claim` `<string>` :: |
34f3e481 TL |
332 | |
333 | OpenID claim used to generate the unique username. | |
334 | ||
c5aa7e14 TL |
335 | `--verify` `<boolean>` ('default =' `0`):: |
336 | ||
337 | Verify the server's SSL certificate | |
338 | ||
339 | *pveum realm delete* `<realm>` | |
340 | ||
341 | Delete an authentication server. | |
342 | ||
343 | `<realm>`: `<string>` :: | |
344 | ||
345 | Authentication domain ID | |
346 | ||
347 | *pveum realm list* `[FORMAT_OPTIONS]` | |
348 | ||
349 | Authentication domain index. | |
350 | ||
351 | *pveum realm modify* `<realm>` `[OPTIONS]` | |
352 | ||
353 | Update authentication server settings. | |
354 | ||
355 | `<realm>`: `<string>` :: | |
356 | ||
357 | Authentication domain ID | |
358 | ||
c30bb419 TL |
359 | `--acr-values` `<string>` :: |
360 | ||
361 | Specifies the Authentication Context Class Reference values that theAuthorization Server is being requested to use for the Auth Request. | |
362 | ||
34f3e481 TL |
363 | `--autocreate` `<boolean>` ('default =' `0`):: |
364 | ||
365 | Automatically create users if they do not exist. | |
366 | ||
c5aa7e14 TL |
367 | `--base_dn` `\w+=[^,]+(,\s*\w+=[^,]+)*` :: |
368 | ||
369 | LDAP base domain name | |
370 | ||
371 | `--bind_dn` `\w+=[^,]+(,\s*\w+=[^,]+)*` :: | |
372 | ||
373 | LDAP bind domain name | |
374 | ||
375 | `--capath` `<string>` ('default =' `/etc/ssl/certs`):: | |
376 | ||
377 | Path to the CA certificate store | |
378 | ||
4772952b TL |
379 | `--case-sensitive` `<boolean>` ('default =' `1`):: |
380 | ||
381 | username is case-sensitive | |
382 | ||
c5aa7e14 TL |
383 | `--cert` `<string>` :: |
384 | ||
385 | Path to the client certificate | |
386 | ||
387 | `--certkey` `<string>` :: | |
388 | ||
389 | Path to the client certificate key | |
390 | ||
34f3e481 TL |
391 | `--client-id` `<string>` :: |
392 | ||
393 | OpenID Client ID | |
394 | ||
395 | `--client-key` `<string>` :: | |
396 | ||
397 | OpenID Client Key | |
398 | ||
c5aa7e14 TL |
399 | `--comment` `<string>` :: |
400 | ||
401 | Description. | |
402 | ||
403 | `--default` `<boolean>` :: | |
404 | ||
405 | Use this as default realm | |
406 | ||
407 | `--delete` `<string>` :: | |
408 | ||
409 | A list of settings you want to delete. | |
410 | ||
411 | `--digest` `<string>` :: | |
412 | ||
413 | Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications. | |
414 | ||
415 | `--domain` `\S+` :: | |
416 | ||
417 | AD domain name | |
418 | ||
419 | `--filter` `<string>` :: | |
420 | ||
421 | LDAP filter for user sync. | |
422 | ||
423 | `--group_classes` `<string>` ('default =' `groupOfNames, group, univentionGroup, ipausergroup`):: | |
424 | ||
425 | The objectclasses for groups. | |
426 | ||
427 | `--group_dn` `\w+=[^,]+(,\s*\w+=[^,]+)*` :: | |
428 | ||
429 | LDAP base domain name for group sync. If not set, the base_dn will be used. | |
430 | ||
431 | `--group_filter` `<string>` :: | |
432 | ||
433 | LDAP filter for group sync. | |
434 | ||
435 | `--group_name_attr` `<string>` :: | |
436 | ||
437 | LDAP attribute representing a groups name. If not set or found, the first value of the DN will be used as name. | |
438 | ||
34f3e481 TL |
439 | `--issuer-url` `<string>` :: |
440 | ||
441 | OpenID Issuer Url | |
442 | ||
c5aa7e14 TL |
443 | `--mode` `<ldap | ldap+starttls | ldaps>` ('default =' `ldap`):: |
444 | ||
445 | LDAP protocol mode. | |
446 | ||
447 | `--password` `<string>` :: | |
448 | ||
449 | LDAP bind password. Will be stored in '/etc/pve/priv/realm/<REALM>.pw'. | |
450 | ||
451 | `--port` `<integer> (1 - 65535)` :: | |
452 | ||
453 | Server port. | |
454 | ||
c30bb419 TL |
455 | `--prompt` `(?:none|login|consent|select_account|\S+)` :: |
456 | ||
457 | Specifies whether the Authorization Server prompts the End-User for reauthentication and consent. | |
458 | ||
459 | `--scopes` `<string>` ('default =' `email profile`):: | |
460 | ||
461 | Specifies the scopes (user details) that should be authorized and returned, for example 'email' or 'profile'. | |
462 | ||
c5aa7e14 TL |
463 | `--secure` `<boolean>` :: |
464 | ||
465 | Use secure LDAPS protocol. DEPRECATED: use 'mode' instead. | |
466 | ||
467 | `--server1` `<string>` :: | |
468 | ||
469 | Server IP address (or DNS name) | |
470 | ||
471 | `--server2` `<string>` :: | |
472 | ||
473 | Fallback Server IP address (or DNS name) | |
474 | ||
475 | `--sslversion` `<tlsv1 | tlsv1_1 | tlsv1_2 | tlsv1_3>` :: | |
476 | ||
477 | LDAPS TLS/SSL version. It's not recommended to use version older than 1.2! | |
478 | ||
7af2edf9 | 479 | `--sync-defaults-options` `[enable-new=<1|0>] [,full=<1|0>] [,purge=<1|0>] [,remove-vanished=[acl];[properties];[entry]] [,scope=<users|groups|both>]` :: |
c5aa7e14 TL |
480 | |
481 | The default options for behavior of synchronizations. | |
482 | ||
483 | `--sync_attributes` `\w+=[^,]+(,\s*\w+=[^,]+)*` :: | |
484 | ||
485 | Comma separated list of key=value pairs for specifying which LDAP attributes map to which PVE user field. For example, to map the LDAP attribute 'mail' to PVEs 'email', write 'email=mail'. By default, each PVE user field is represented by an LDAP attribute of the same name. | |
486 | ||
487 | `--tfa` `type=<TFATYPE> [,digits=<COUNT>] [,id=<ID>] [,key=<KEY>] [,step=<SECONDS>] [,url=<URL>]` :: | |
488 | ||
489 | Use Two-factor authentication. | |
490 | ||
491 | `--user_attr` `\S{2,}` :: | |
492 | ||
493 | LDAP user attribute name | |
494 | ||
495 | `--user_classes` `<string>` ('default =' `inetorgperson, posixaccount, person, user`):: | |
496 | ||
497 | The objectclasses for users. | |
498 | ||
499 | `--verify` `<boolean>` ('default =' `0`):: | |
500 | ||
501 | Verify the server's SSL certificate | |
502 | ||
503 | *pveum realm sync* `<realm>` `[OPTIONS]` | |
504 | ||
505 | Syncs users and/or groups from the configured LDAP to user.cfg. NOTE: | |
506 | Synced groups will have the name 'name-$realm', so make sure those groups | |
507 | do not exist to prevent overwriting. | |
508 | ||
509 | `<realm>`: `<string>` :: | |
510 | ||
511 | Authentication domain ID | |
512 | ||
513 | `--dry-run` `<boolean>` ('default =' `0`):: | |
514 | ||
515 | If set, does not write anything. | |
516 | ||
517 | `--enable-new` `<boolean>` ('default =' `1`):: | |
518 | ||
519 | Enable newly synced users immediately. | |
520 | ||
521 | `--full` `<boolean>` :: | |
522 | ||
7af2edf9 | 523 | DEPRECATED: use 'remove-vanished' instead. If set, uses the LDAP Directory as source of truth, deleting users or groups not returned from the sync and removing all locally modified properties of synced users. If not set, only syncs information which is present in the synced data, and does not delete or modify anything else. |
c5aa7e14 TL |
524 | |
525 | `--purge` `<boolean>` :: | |
526 | ||
7af2edf9 TL |
527 | DEPRECATED: use 'remove-vanished' instead. Remove ACLs for users or groups which were removed from the config during a sync. |
528 | ||
529 | `--remove-vanished` `[acl];[properties];[entry]` :: | |
530 | ||
531 | A semicolon-seperated list of things to remove when they or the user vanishes during a sync. The following values are possible: 'entry' removes the user/group when not returned from the sync. 'properties' removes the set properties on existing user/group that do not appear in the source (even custom ones). 'acl' removes acls when the user/group is not returned from the sync. | |
c5aa7e14 TL |
532 | |
533 | `--scope` `<both | groups | users>` :: | |
534 | ||
535 | Select what to sync. | |
536 | ||
e2d681b3 | 537 | *pveum role add* `<roleid>` `[OPTIONS]` |
1f554f76 DM |
538 | |
539 | Create new role. | |
540 | ||
013dc89f | 541 | `<roleid>`: `<string>` :: |
1f554f76 DM |
542 | |
543 | no description available | |
544 | ||
2489d6df | 545 | `--privs` `<string>` :: |
1f554f76 DM |
546 | |
547 | no description available | |
548 | ||
e2d681b3 | 549 | *pveum role delete* `<roleid>` |
1f554f76 DM |
550 | |
551 | Delete role. | |
552 | ||
013dc89f | 553 | `<roleid>`: `<string>` :: |
1f554f76 DM |
554 | |
555 | no description available | |
556 | ||
5c1699e5 TL |
557 | *pveum role list* `[FORMAT_OPTIONS]` |
558 | ||
559 | Role index. | |
560 | ||
e2d681b3 | 561 | *pveum role modify* `<roleid>` `[OPTIONS]` |
1f554f76 | 562 | |
e2d681b3 | 563 | Update an existing role. |
1f554f76 | 564 | |
013dc89f | 565 | `<roleid>`: `<string>` :: |
1f554f76 DM |
566 | |
567 | no description available | |
568 | ||
2489d6df | 569 | `--append` `<boolean>` :: |
1f554f76 DM |
570 | |
571 | no description available | |
572 | + | |
573 | NOTE: Requires option(s): `privs` | |
574 | ||
2489d6df | 575 | `--privs` `<string>` :: |
1f554f76 DM |
576 | |
577 | no description available | |
578 | ||
e2d681b3 TL |
579 | *pveum roleadd* |
580 | ||
581 | An alias for 'pveum role add'. | |
582 | ||
583 | *pveum roledel* | |
584 | ||
585 | An alias for 'pveum role delete'. | |
586 | ||
587 | *pveum rolemod* | |
588 | ||
589 | An alias for 'pveum role modify'. | |
590 | ||
1f554f76 DM |
591 | *pveum ticket* `<username>` `[OPTIONS]` |
592 | ||
593 | Create or verify authentication ticket. | |
594 | ||
013dc89f | 595 | `<username>`: `<string>` :: |
1f554f76 DM |
596 | |
597 | User name | |
598 | ||
5370fa8c TL |
599 | `--new-format` `<boolean>` ('default =' `0`):: |
600 | ||
601 | With webauthn the format of half-authenticated tickts changed. New clients should pass 1 here and not worry about the old format. The old format is deprecated and will be retired with PVE-8.0 | |
602 | ||
2489d6df | 603 | `--otp` `<string>` :: |
1f554f76 DM |
604 | |
605 | One-time password for Two-factor authentication. | |
606 | ||
2489d6df | 607 | `--path` `<string>` :: |
1f554f76 DM |
608 | |
609 | Verify ticket, and check if user have access 'privs' on 'path' | |
610 | + | |
611 | NOTE: Requires option(s): `privs` | |
612 | ||
2489d6df | 613 | `--privs` `<string>` :: |
1f554f76 DM |
614 | |
615 | Verify ticket, and check if user have access 'privs' on 'path' | |
616 | + | |
617 | NOTE: Requires option(s): `path` | |
618 | ||
2489d6df | 619 | `--realm` `<string>` :: |
1f554f76 | 620 | |
c2993fe5 | 621 | You can optionally pass the realm using this parameter. Normally the realm is simply added to the username <username>@<relam>. |
1f554f76 | 622 | |
5370fa8c TL |
623 | `--tfa-challenge` `<string>` :: |
624 | ||
625 | The signed TFA challenge string the user wants to respond to. | |
626 | ||
e2d681b3 | 627 | *pveum user add* `<userid>` `[OPTIONS]` |
1f554f76 DM |
628 | |
629 | Create new user. | |
630 | ||
013dc89f | 631 | `<userid>`: `<string>` :: |
1f554f76 DM |
632 | |
633 | User ID | |
634 | ||
2489d6df | 635 | `--comment` `<string>` :: |
1f554f76 DM |
636 | |
637 | no description available | |
638 | ||
2489d6df | 639 | `--email` `<string>` :: |
1f554f76 DM |
640 | |
641 | no description available | |
642 | ||
2489d6df | 643 | `--enable` `<boolean>` ('default =' `1`):: |
1f554f76 | 644 | |
e2d681b3 | 645 | Enable the account (default). You can set this to '0' to disable the account |
1f554f76 | 646 | |
2489d6df | 647 | `--expire` `<integer> (0 - N)` :: |
1f554f76 | 648 | |
c2993fe5 | 649 | Account expiration date (seconds since epoch). '0' means no expiration date. |
1f554f76 | 650 | |
2489d6df | 651 | `--firstname` `<string>` :: |
1f554f76 DM |
652 | |
653 | no description available | |
654 | ||
2489d6df | 655 | `--groups` `<string>` :: |
1f554f76 DM |
656 | |
657 | no description available | |
658 | ||
2489d6df | 659 | `--keys` `<string>` :: |
1f554f76 DM |
660 | |
661 | Keys for two factor auth (yubico). | |
662 | ||
2489d6df | 663 | `--lastname` `<string>` :: |
1f554f76 DM |
664 | |
665 | no description available | |
666 | ||
e2d681b3 | 667 | `--password` `<string>` :: |
1f554f76 DM |
668 | |
669 | Initial password. | |
670 | ||
e2d681b3 | 671 | *pveum user delete* `<userid>` |
1f554f76 DM |
672 | |
673 | Delete user. | |
674 | ||
013dc89f | 675 | `<userid>`: `<string>` :: |
1f554f76 DM |
676 | |
677 | User ID | |
678 | ||
5c1699e5 TL |
679 | *pveum user list* `[OPTIONS]` `[FORMAT_OPTIONS]` |
680 | ||
681 | User index. | |
682 | ||
683 | `--enabled` `<boolean>` :: | |
684 | ||
685 | Optional filter for enable property. | |
686 | ||
e9cd3bd4 TL |
687 | `--full` `<boolean>` ('default =' `0`):: |
688 | ||
689 | Include group and token information. | |
690 | ||
e2d681b3 | 691 | *pveum user modify* `<userid>` `[OPTIONS]` |
1f554f76 DM |
692 | |
693 | Update user configuration. | |
694 | ||
013dc89f | 695 | `<userid>`: `<string>` :: |
1f554f76 DM |
696 | |
697 | User ID | |
698 | ||
2489d6df | 699 | `--append` `<boolean>` :: |
1f554f76 DM |
700 | |
701 | no description available | |
702 | + | |
703 | NOTE: Requires option(s): `groups` | |
704 | ||
2489d6df | 705 | `--comment` `<string>` :: |
1f554f76 DM |
706 | |
707 | no description available | |
708 | ||
2489d6df | 709 | `--email` `<string>` :: |
1f554f76 DM |
710 | |
711 | no description available | |
712 | ||
e2d681b3 | 713 | `--enable` `<boolean>` ('default =' `1`):: |
1f554f76 | 714 | |
e2d681b3 | 715 | Enable the account (default). You can set this to '0' to disable the account |
1f554f76 | 716 | |
2489d6df | 717 | `--expire` `<integer> (0 - N)` :: |
1f554f76 | 718 | |
c2993fe5 | 719 | Account expiration date (seconds since epoch). '0' means no expiration date. |
1f554f76 | 720 | |
2489d6df | 721 | `--firstname` `<string>` :: |
1f554f76 DM |
722 | |
723 | no description available | |
724 | ||
2489d6df | 725 | `--groups` `<string>` :: |
1f554f76 DM |
726 | |
727 | no description available | |
728 | ||
2489d6df | 729 | `--keys` `<string>` :: |
1f554f76 DM |
730 | |
731 | Keys for two factor auth (yubico). | |
732 | ||
2489d6df | 733 | `--lastname` `<string>` :: |
1f554f76 DM |
734 | |
735 | no description available | |
736 | ||
e9cd3bd4 TL |
737 | *pveum user permissions* `[<userid>]` `[OPTIONS]` `[FORMAT_OPTIONS]` |
738 | ||
739 | Retrieve effective permissions of given user/token. | |
740 | ||
741 | `<userid>`: `(?^:^(?^:[^\s:/]+)\@(?^:[A-Za-z][A-Za-z0-9\.\-_]+)(?:!(?^:[A-Za-z][A-Za-z0-9\.\-_]+))?$)` :: | |
742 | ||
743 | User ID or full API token ID | |
744 | ||
745 | `--path` `<string>` :: | |
746 | ||
747 | Only dump this specific path, not the whole tree. | |
748 | ||
ac70d7d1 TL |
749 | *pveum user tfa delete* `<userid>` `[OPTIONS]` |
750 | ||
5370fa8c | 751 | Delete TFA entries from a user. |
ac70d7d1 TL |
752 | |
753 | `<userid>`: `<string>` :: | |
754 | ||
755 | User ID | |
756 | ||
5370fa8c | 757 | `--id` `<string>` :: |
ac70d7d1 | 758 | |
5370fa8c | 759 | The TFA ID, if none provided, all TFA entries will be deleted. |
ac70d7d1 | 760 | |
e9cd3bd4 TL |
761 | *pveum user token add* `<userid> <tokenid>` `[OPTIONS]` `[FORMAT_OPTIONS]` |
762 | ||
763 | Generate a new API token for a specific user. NOTE: returns API token | |
764 | value, which needs to be stored as it cannot be retrieved afterwards! | |
765 | ||
766 | `<userid>`: `<string>` :: | |
767 | ||
768 | User ID | |
769 | ||
770 | `<tokenid>`: `(?^:[A-Za-z][A-Za-z0-9\.\-_]+)` :: | |
771 | ||
772 | User-specific token identifier. | |
773 | ||
774 | `--comment` `<string>` :: | |
775 | ||
776 | no description available | |
777 | ||
778 | `--expire` `<integer> (0 - N)` ('default =' `same as user`):: | |
779 | ||
780 | API token expiration date (seconds since epoch). '0' means no expiration date. | |
781 | ||
782 | `--privsep` `<boolean>` ('default =' `1`):: | |
783 | ||
784 | Restrict API token privileges with separate ACLs (default), or give full privileges of corresponding user. | |
785 | ||
786 | *pveum user token list* `<userid>` `[FORMAT_OPTIONS]` | |
787 | ||
788 | Get user API tokens. | |
789 | ||
790 | `<userid>`: `<string>` :: | |
791 | ||
792 | User ID | |
793 | ||
794 | *pveum user token modify* `<userid> <tokenid>` `[OPTIONS]` `[FORMAT_OPTIONS]` | |
795 | ||
796 | Update API token for a specific user. | |
797 | ||
798 | `<userid>`: `<string>` :: | |
799 | ||
800 | User ID | |
801 | ||
802 | `<tokenid>`: `(?^:[A-Za-z][A-Za-z0-9\.\-_]+)` :: | |
803 | ||
804 | User-specific token identifier. | |
805 | ||
806 | `--comment` `<string>` :: | |
807 | ||
808 | no description available | |
809 | ||
810 | `--expire` `<integer> (0 - N)` ('default =' `same as user`):: | |
811 | ||
812 | API token expiration date (seconds since epoch). '0' means no expiration date. | |
813 | ||
814 | `--privsep` `<boolean>` ('default =' `1`):: | |
815 | ||
816 | Restrict API token privileges with separate ACLs (default), or give full privileges of corresponding user. | |
817 | ||
818 | *pveum user token permissions* `<userid> <tokenid>` `[OPTIONS]` `[FORMAT_OPTIONS]` | |
819 | ||
820 | Retrieve effective permissions of given token. | |
821 | ||
822 | `<userid>`: `<string>` :: | |
823 | ||
824 | User ID | |
825 | ||
826 | `<tokenid>`: `(?^:[A-Za-z][A-Za-z0-9\.\-_]+)` :: | |
827 | ||
828 | User-specific token identifier. | |
829 | ||
830 | `--path` `<string>` :: | |
831 | ||
832 | Only dump this specific path, not the whole tree. | |
833 | ||
834 | *pveum user token remove* `<userid> <tokenid>` `[FORMAT_OPTIONS]` | |
835 | ||
836 | Remove API token for a specific user. | |
837 | ||
838 | `<userid>`: `<string>` :: | |
839 | ||
840 | User ID | |
841 | ||
842 | `<tokenid>`: `(?^:[A-Za-z][A-Za-z0-9\.\-_]+)` :: | |
843 | ||
844 | User-specific token identifier. | |
845 | ||
e2d681b3 TL |
846 | *pveum useradd* |
847 | ||
848 | An alias for 'pveum user add'. | |
849 | ||
850 | *pveum userdel* | |
851 | ||
852 | An alias for 'pveum user delete'. | |
853 | ||
854 | *pveum usermod* | |
855 | ||
856 | An alias for 'pveum user modify'. | |
857 | ||
1f554f76 | 858 |