Verbose output format.
-*pveum passwd* `<userid>`
+*pveum passwd* `<userid>` `[OPTIONS]`
Change user password.
`<userid>`: `<string>` ::
-User ID
+Full User ID, in the `name@realm` format.
+
+`--confirmation-password` `<string>` ::
+
+The current password of the user performing the change.
*pveum pool add* `<poolid>` `[OPTIONS]`
no description available
-*pveum pool list* `[FORMAT_OPTIONS]`
+*pveum pool list* `[OPTIONS]` `[FORMAT_OPTIONS]`
+
+List pools or get pool configuration.
+
+`--poolid` `<string>` ::
+
+no description available
+
+`--type` `<lxc | qemu | storage>` ::
-Pool index.
+no description available
++
+NOTE: Requires option(s): `poolid`
*pveum pool modify* `<poolid>` `[OPTIONS]`
-Update pool data.
+Update pool.
`<poolid>`: `<string>` ::
no description available
+`--allow-move` `<boolean>` ('default =' `0`)::
+
+Allow adding a guest even if already in another pool. The guest will be removed from its current pool and added to this one.
+
`--comment` `<string>` ::
no description available
-`--delete` `<boolean>` ::
+`--delete` `<boolean>` ('default =' `0`)::
-Remove vms/storage (instead of adding it).
+Remove the passed VMIDs and/or storage IDs instead of adding them.
`--storage` `<string>` ::
-List of storage IDs.
+List of storage IDs to add or remove from this pool.
`--vms` `<string>` ::
-List of virtual machines.
+List of guest VMIDs to add or remove from this pool.
*pveum realm add* `<realm> --type <string>` `[OPTIONS]`
Authentication domain ID
-`--base_dn` `\w+=[^,]+(,\s*\w+=[^,]+)*` ::
+`--acr-values` `^[^\x00-\x1F\x7F <>#"]*$` ::
+
+Specifies the Authentication Context Class Reference values that theAuthorization Server is being requested to use for the Auth Request.
+
+`--autocreate` `<boolean>` ('default =' `0`)::
+
+Automatically create users if they do not exist.
+
+`--base_dn` `<string>` ::
LDAP base domain name
-`--bind_dn` `\w+=[^,]+(,\s*\w+=[^,]+)*` ::
+`--bind_dn` `<string>` ::
LDAP bind domain name
Path to the client certificate key
+`--check-connection` `<boolean>` ('default =' `0`)::
+
+Check bind connection to the server.
+
+`--client-id` `<string>` ::
+
+OpenID Client ID
+
+`--client-key` `<string>` ::
+
+OpenID Client Key
+
`--comment` `<string>` ::
Description.
The objectclasses for groups.
-`--group_dn` `\w+=[^,]+(,\s*\w+=[^,]+)*` ::
+`--group_dn` `<string>` ::
LDAP base domain name for group sync. If not set, the base_dn will be used.
LDAP attribute representing a groups name. If not set or found, the first value of the DN will be used as name.
+`--issuer-url` `<string>` ::
+
+OpenID Issuer Url
+
`--mode` `<ldap | ldap+starttls | ldaps>` ('default =' `ldap`)::
LDAP protocol mode.
Server port.
+`--prompt` `(?:none|login|consent|select_account|\S+)` ::
+
+Specifies whether the Authorization Server prompts the End-User for reauthentication and consent.
+
+`--scopes` `<string>` ('default =' `email profile`)::
+
+Specifies the scopes (user details) that should be authorized and returned, for example 'email' or 'profile'.
+
`--secure` `<boolean>` ::
Use secure LDAPS protocol. DEPRECATED: use 'mode' instead.
LDAPS TLS/SSL version. It's not recommended to use version older than 1.2!
-`--sync-defaults-options` `[enable-new=<1|0>] [,full=<1|0>] [,purge=<1|0>] [,scope=<users|groups|both>]` ::
+`--sync-defaults-options` `[enable-new=<1|0>] [,full=<1|0>] [,purge=<1|0>] [,remove-vanished=([acl];[properties];[entry])|none] [,scope=<users|groups|both>]` ::
The default options for behavior of synchronizations.
Use Two-factor authentication.
-`--type` `<ad | ldap | pam | pve>` ::
+`--type` `<ad | ldap | openid | pam | pve>` ::
Realm type.
The objectclasses for users.
+`--username-claim` `<string>` ::
+
+OpenID claim used to generate the unique username.
+
`--verify` `<boolean>` ('default =' `0`)::
Verify the server's SSL certificate
Authentication domain ID
-`--base_dn` `\w+=[^,]+(,\s*\w+=[^,]+)*` ::
+`--acr-values` `^[^\x00-\x1F\x7F <>#"]*$` ::
+
+Specifies the Authentication Context Class Reference values that theAuthorization Server is being requested to use for the Auth Request.
+
+`--autocreate` `<boolean>` ('default =' `0`)::
+
+Automatically create users if they do not exist.
+
+`--base_dn` `<string>` ::
LDAP base domain name
-`--bind_dn` `\w+=[^,]+(,\s*\w+=[^,]+)*` ::
+`--bind_dn` `<string>` ::
LDAP bind domain name
Path to the client certificate key
+`--check-connection` `<boolean>` ('default =' `0`)::
+
+Check bind connection to the server.
+
+`--client-id` `<string>` ::
+
+OpenID Client ID
+
+`--client-key` `<string>` ::
+
+OpenID Client Key
+
`--comment` `<string>` ::
Description.
`--digest` `<string>` ::
-Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.
+Prevent changes if current configuration file has a different digest. This can be used to prevent concurrent modifications.
`--domain` `\S+` ::
The objectclasses for groups.
-`--group_dn` `\w+=[^,]+(,\s*\w+=[^,]+)*` ::
+`--group_dn` `<string>` ::
LDAP base domain name for group sync. If not set, the base_dn will be used.
LDAP attribute representing a groups name. If not set or found, the first value of the DN will be used as name.
+`--issuer-url` `<string>` ::
+
+OpenID Issuer Url
+
`--mode` `<ldap | ldap+starttls | ldaps>` ('default =' `ldap`)::
LDAP protocol mode.
Server port.
+`--prompt` `(?:none|login|consent|select_account|\S+)` ::
+
+Specifies whether the Authorization Server prompts the End-User for reauthentication and consent.
+
+`--scopes` `<string>` ('default =' `email profile`)::
+
+Specifies the scopes (user details) that should be authorized and returned, for example 'email' or 'profile'.
+
`--secure` `<boolean>` ::
Use secure LDAPS protocol. DEPRECATED: use 'mode' instead.
LDAPS TLS/SSL version. It's not recommended to use version older than 1.2!
-`--sync-defaults-options` `[enable-new=<1|0>] [,full=<1|0>] [,purge=<1|0>] [,scope=<users|groups|both>]` ::
+`--sync-defaults-options` `[enable-new=<1|0>] [,full=<1|0>] [,purge=<1|0>] [,remove-vanished=([acl];[properties];[entry])|none] [,scope=<users|groups|both>]` ::
The default options for behavior of synchronizations.
`--full` `<boolean>` ::
-If set, uses the LDAP Directory as source of truth, deleting users or groups not returned from the sync. Otherwise only syncs information which is not already present, and does not deletes or modifies anything else.
+DEPRECATED: use 'remove-vanished' instead. If set, uses the LDAP Directory as source of truth, deleting users or groups not returned from the sync and removing all locally modified properties of synced users. If not set, only syncs information which is present in the synced data, and does not delete or modify anything else.
`--purge` `<boolean>` ::
-Remove ACLs for users or groups which were removed from the config during a sync.
+DEPRECATED: use 'remove-vanished' instead. Remove ACLs for users or groups which were removed from the config during a sync.
+
+`--remove-vanished` `([acl];[properties];[entry])|none` ('default =' `none`)::
+
+A semicolon-seperated list of things to remove when they or the user vanishes during a sync. The following values are possible: 'entry' removes the user/group when not returned from the sync. 'properties' removes the set properties on existing user/group that do not appear in the source (even custom ones). 'acl' removes acls when the user/group is not returned from the sync. Instead of a list it also can be 'none' (the default).
`--scope` `<both | groups | users>` ::
User name
+`--new-format` `<boolean>` ('default =' `1`)::
+
+This parameter is now ignored and assumed to be 1.
+
`--otp` `<string>` ::
One-time password for Two-factor authentication.
You can optionally pass the realm using this parameter. Normally the realm is simply added to the username <username>@<relam>.
+`--tfa-challenge` `<string>` ::
+
+The signed TFA challenge string the user wants to respond to.
+
*pveum user add* `<userid>` `[OPTIONS]`
Create new user.
`<userid>`: `<string>` ::
-User ID
+Full User ID, in the `name@realm` format.
`--comment` `<string>` ::
no description available
-`--keys` `<string>` ::
+`--keys` `[0-9a-zA-Z!=]{0,4096}` ::
Keys for two factor auth (yubico).
`<userid>`: `<string>` ::
-User ID
+Full User ID, in the `name@realm` format.
*pveum user list* `[OPTIONS]` `[FORMAT_OPTIONS]`
`<userid>`: `<string>` ::
-User ID
+Full User ID, in the `name@realm` format.
`--append` `<boolean>` ::
no description available
-`--keys` `<string>` ::
+`--keys` `[0-9a-zA-Z!=]{0,4096}` ::
Keys for two factor auth (yubico).
*pveum user tfa delete* `<userid>` `[OPTIONS]`
-Change user u2f authentication.
+Delete TFA entries from a user.
`<userid>`: `<string>` ::
-User ID
+Full User ID, in the `name@realm` format.
-`--config` `type=<TFATYPE> [,digits=<COUNT>] [,id=<ID>] [,key=<KEY>] [,step=<SECONDS>] [,url=<URL>]` ::
+`--id` `<string>` ::
-A TFA configuration. This must currently be of type TOTP of not set at all.
+The TFA ID, if none provided, all TFA entries will be deleted.
-`--key` `<string>` ::
+*pveum user tfa list* `[<userid>]`
-When adding TOTP, the shared secret value.
+List TFA entries.
-`--password` `<string>` ::
+`<userid>`: `<string>` ::
-The current password.
+Full User ID, in the `name@realm` format.
-`--response` `<string>` ::
+*pveum user tfa unlock* `<userid>`
+
+Unlock a user's TFA authentication.
+
+`<userid>`: `<string>` ::
-Either the the response to the current u2f registration challenge, or, when adding TOTP, the currently valid TOTP value.
+Full User ID, in the `name@realm` format.
*pveum user token add* `<userid> <tokenid>` `[OPTIONS]` `[FORMAT_OPTIONS]`
`<userid>`: `<string>` ::
-User ID
+Full User ID, in the `name@realm` format.
`<tokenid>`: `(?^:[A-Za-z][A-Za-z0-9\.\-_]+)` ::
`<userid>`: `<string>` ::
-User ID
+Full User ID, in the `name@realm` format.
*pveum user token modify* `<userid> <tokenid>` `[OPTIONS]` `[FORMAT_OPTIONS]`
`<userid>`: `<string>` ::
-User ID
+Full User ID, in the `name@realm` format.
`<tokenid>`: `(?^:[A-Za-z][A-Za-z0-9\.\-_]+)` ::
`<userid>`: `<string>` ::
-User ID
+Full User ID, in the `name@realm` format.
`<tokenid>`: `(?^:[A-Za-z][A-Za-z0-9\.\-_]+)` ::
`<userid>`: `<string>` ::
-User ID
+Full User ID, in the `name@realm` format.
`<tokenid>`: `(?^:[A-Za-z][A-Za-z0-9\.\-_]+)` ::
projects / pve-docs.git / blobdiff