ipa commands
ipa help commands
automember-add Add an automember rule.
automember-add-condition Add conditions to an automember rule.
automember-default-group-remove Remove default (fallback) group for all unmatched entries.
automember-default-group-set Set default (fallback) group for all unmatched entries.
automember-default-group-show Display information about the default (fallback) automember groups.
automember-del Delete an automember rule.
automember-find Search for automember rules.
automember-find-orphans Search for orphan automember rules. The command might need to be run as a privileged user user to get all orphan rules.
automember-mod Modify an automember rule.
automember-rebuild Rebuild auto membership.
automember-remove-condition Remove conditions from an automember rule.
automember-show Display information about an automember rule.
automountkey-add Create a new automount key.
automountkey-del Delete an automount key.
automountkey-find Search for an automount key.
automountkey-mod Modify an automount key.
automountkey-show Display an automount key.
automountlocation-add Create a new automount location.
automountlocation-del Delete an automount location.
automountlocation-find Search for an automount location.
automountlocation-import Import automount files for a specific location.
automountlocation-show Display an automount location.
automountlocation-tofiles Generate automount files for a specific location.
automountmap-add Create a new automount map.
automountmap-add-indirect Create a new indirect mount point.
automountmap-del Delete an automount map.
automountmap-find Search for an automount map.
automountmap-mod Modify an automount map.
automountmap-show Display an automount map.
ca-add Create a CA.
ca-del Delete a CA.
ca-disable Disable a CA.
ca-enable Enable a CA.
ca-find Search for CAs.
ca-mod Modify CA configuration.
ca-show Display the properties of a CA.
caacl-add Create a new CA ACL.
caacl-add-ca Add CAs to a CA ACL.
caacl-add-host Add target hosts and hostgroups to a CA ACL.
caacl-add-profile Add profiles to a CA ACL.
caacl-add-service Add services to a CA ACL.
caacl-add-user Add users and groups to a CA ACL.
caacl-del Delete a CA ACL.
caacl-disable Disable a CA ACL.
caacl-enable Enable a CA ACL.
caacl-find Search for CA ACLs.
caacl-mod Modify a CA ACL.
caacl-remove-ca Remove CAs from a CA ACL.
caacl-remove-host Remove target hosts and hostgroups from a CA ACL.
caacl-remove-profile Remove profiles from a CA ACL.
caacl-remove-service Remove services from a CA ACL.
caacl-remove-user Remove users and groups from a CA ACL.
caacl-show Display the properties of a CA ACL.
cert-find Search for existing certificates.
cert-remove-hold Take a revoked certificate off hold.
cert-request Submit a certificate signing request.
cert-revoke Revoke a certificate.
cert-show Retrieve an existing certificate.
cert-status Check the status of a certificate signing request.
certmap-match Search for users matching the provided certificate.
certmapconfig-mod Modify Certificate Identity Mapping configuration.
certmapconfig-show Show the current Certificate Identity Mapping configuration.
certmaprule-add Create a new Certificate Identity Mapping Rule.
certmaprule-del Delete a Certificate Identity Mapping Rule.
certmaprule-disable Disable a Certificate Identity Mapping Rule.
certmaprule-enable Enable a Certificate Identity Mapping Rule.
certmaprule-find Search for Certificate Identity Mapping Rules.
certmaprule-mod Modify a Certificate Identity Mapping Rule.
certmaprule-show Display information about a Certificate Identity Mapping Rule.
certprofile-del Delete a Certificate Profile.
certprofile-find Search for Certificate Profiles.
certprofile-import Import a Certificate Profile.
certprofile-mod Modify Certificate Profile configuration.
certprofile-show Display the properties of a Certificate Profile.
class-find Search for classes.
class-show Display information about a class.
command-find Search for commands.
command-show Display information about a command.
config-mod Modify configuration options.
config-show Show the current configuration.
console Start the IPA interactive Python console, or run a script.
delegation-add Add a new delegation.
delegation-del Delete a delegation.
delegation-find Search for delegations.
delegation-mod Modify a delegation.
delegation-show Display information about a delegation.
dns-update-system-records Update location and IPA server DNS records
dnsconfig-mod Modify global DNS configuration.
dnsconfig-show Show the current global DNS configuration.
dnsforwardzone-add Create new DNS forward zone.
dnsforwardzone-add-permission Add a permission for per-forward zone access delegation.
dnsforwardzone-del Delete DNS forward zone.
dnsforwardzone-disable Disable DNS Forward Zone.
dnsforwardzone-enable Enable DNS Forward Zone.
dnsforwardzone-find Search for DNS forward zones.
dnsforwardzone-mod Modify DNS forward zone.
dnsforwardzone-remove-permission Remove a permission for per-forward zone access delegation.
dnsforwardzone-show Display information about a DNS forward zone.
dnsrecord-add Add new DNS resource record.
dnsrecord-del Delete DNS resource record.
dnsrecord-find Search for DNS resources.
dnsrecord-mod Modify a DNS resource record.
dnsrecord-show Display DNS resource.
dnsserver-find Search for DNS servers.
dnsserver-mod Modify DNS server configuration
dnsserver-show Display configuration of a DNS server.
dnszone-add Create new DNS zone (SOA record).
dnszone-add-permission Add a permission for per-zone access delegation.
dnszone-del Delete DNS zone (SOA record).
dnszone-disable Disable DNS Zone.
dnszone-enable Enable DNS Zone.
dnszone-find Search for DNS zones (SOA records).
dnszone-mod Modify DNS zone (SOA record).
dnszone-remove-permission Remove a permission for per-zone access delegation.
dnszone-show Display information about a DNS zone (SOA record).
domainlevel-get Query current Domain Level.
domainlevel-set Change current Domain Level.
env <ipaclient.plugins.misc.env>
group-add Create a new group.
group-add-member Add members to a group.
group-del Delete group.
group-detach Detach a managed group from a user.
group-find Search for groups.
group-mod Modify a group.
group-remove-member Remove members from a group.
group-show Display information about a named group.
hbacrule-add Create a new HBAC rule.
hbacrule-add-host Add target hosts and hostgroups to an HBAC rule.
hbacrule-add-service Add services to an HBAC rule.
hbacrule-add-user Add users and groups to an HBAC rule.
hbacrule-del Delete an HBAC rule.
hbacrule-disable Disable an HBAC rule.
hbacrule-enable Enable an HBAC rule.
hbacrule-find Search for HBAC rules.
hbacrule-mod Modify an HBAC rule.
hbacrule-remove-host Remove target hosts and hostgroups from an HBAC rule.
hbacrule-remove-service Remove service and service groups from an HBAC rule.
hbacrule-remove-user Remove users and groups from an HBAC rule.
hbacrule-show Display the properties of an HBAC rule.
hbacsvc-add Add a new HBAC service.
hbacsvc-del Delete an existing HBAC service.
hbacsvc-find Search for HBAC services.
hbacsvc-mod Modify an HBAC service.
hbacsvc-show Display information about an HBAC service.
hbacsvcgroup-add Add a new HBAC service group.
hbacsvcgroup-add-member Add members to an HBAC service group.
hbacsvcgroup-del Delete an HBAC service group.
hbacsvcgroup-find Search for an HBAC service group.
hbacsvcgroup-mod Modify an HBAC service group.
hbacsvcgroup-remove-member Remove members from an HBAC service group.
hbacsvcgroup-show Display information about an HBAC service group.
hbactest Simulate use of Host-based access controls
help Display help for a command or topic.
host-add Add a new host.
host-add-cert Add certificates to host entry
host-add-managedby Add hosts that can manage this host.
host-add-principal Add new principal alias to host entry
host-allow-create-keytab Allow users, groups, hosts or host groups to create a keytab of this host.
host-allow-retrieve-keytab Allow users, groups, hosts or host groups to retrieve a keytab of this host.
host-del Delete a host.
host-disable Disable the Kerberos key, SSL certificate and all services of a host.
host-disallow-create-keytab Disallow users, groups, hosts or host groups to create a keytab of this host.
host-disallow-retrieve-keytab Disallow users, groups, hosts or host groups to retrieve a keytab of this host.
host-find Search for hosts.
host-mod Modify information about a host.
host-remove-cert Remove certificates from host entry
host-remove-managedby Remove hosts that can manage this host.
host-remove-principal Remove principal alias from a host entry
host-show Display information about a host.
hostgroup-add Add a new hostgroup.
hostgroup-add-member Add members to a hostgroup.
hostgroup-del Delete a hostgroup.
hostgroup-find Search for hostgroups.
hostgroup-mod Modify a hostgroup.
hostgroup-remove-member Remove members from a hostgroup.
hostgroup-show Display information about a hostgroup.
idoverridegroup-add Add a new Group ID override.
idoverridegroup-del Delete an Group ID override.
idoverridegroup-find Search for an Group ID override.
idoverridegroup-mod Modify an Group ID override.
idoverridegroup-show Display information about an Group ID override.
idoverrideuser-add Add a new User ID override.
idoverrideuser-add-cert Add one or more certificates to the idoverrideuser entry
idoverrideuser-del Delete an User ID override.
idoverrideuser-find Search for an User ID override.
idoverrideuser-mod Modify an User ID override.
idoverrideuser-remove-cert Remove one or more certificates to the idoverrideuser entry
idoverrideuser-show Display information about an User ID override.
idrange-add Add new ID range.
idrange-del Delete an ID range.
idrange-find Search for ranges.
idrange-mod Modify ID range.
idrange-show Display information about a range.
idview-add Add a new ID View.
idview-apply Applies ID View to specified hosts or current members of specified hostgroups. If any other ID View is applied to the host, it is overridden.
idview-del Delete an ID View.
idview-find Search for an ID View.
idview-mod Modify an ID View.
idview-show Display information about an ID View.
idview-unapply Clears ID View from specified hosts or current members of specified hostgroups.
krbtpolicy-mod Modify Kerberos ticket policy.
krbtpolicy-reset Reset Kerberos ticket policy to the default values.
krbtpolicy-show Display the current Kerberos ticket policy.
location-add Add a new IPA location.
location-del Delete an IPA location.
location-find Search for IPA locations.
location-mod Modify information about an IPA location.
location-show Display information about an IPA location.
migrate-ds Migrate users and groups from DS to IPA.
netgroup-add Add a new netgroup.
netgroup-add-member Add members to a netgroup.
netgroup-del Delete a netgroup.
netgroup-find Search for a netgroup.
netgroup-mod Modify a netgroup.
netgroup-remove-member Remove members from a netgroup.
netgroup-show Display information about a netgroup.
otpconfig-mod Modify OTP configuration options.
otpconfig-show Show the current OTP configuration.
otptoken-add Add a new OTP token.
otptoken-add-managedby Add users that can manage this token.
otptoken-add-yubikey Add a new YubiKey OTP token.
otptoken-del Delete an OTP token.
otptoken-find Search for OTP token.
otptoken-mod Modify a OTP token.
otptoken-remove-managedby Remove users that can manage this token.
otptoken-show Display information about an OTP token.
otptoken-sync Synchronize an OTP token.
output-find Search for command outputs.
output-show Display information about a command output.
param-find Search command parameters.
param-show Display information about a command parameter.
passwd Set a user's password.
permission-add Add a new permission.
permission-del Delete a permission.
permission-find Search for permissions.
permission-mod Modify a permission.
permission-show Display information about a permission.
ping Ping a remote server.
pkinit-status Report PKINIT status on the IPA masters
plugins <ipaclient.plugins.misc.plugins>
privilege-add Add a new privilege.
privilege-add-permission Add permissions to a privilege.
privilege-del Delete a privilege.
privilege-find Search for privileges.
privilege-mod Modify a privilege.
privilege-remove-permission Remove permissions from a privilege.
privilege-show Display information about a privilege.
pwpolicy-add Add a new group password policy.
pwpolicy-del Delete a group password policy.
pwpolicy-find Search for group password policies.
pwpolicy-mod Modify a group password policy.
pwpolicy-show Display information about password policy.
radiusproxy-add Add a new RADIUS proxy server.
radiusproxy-del Delete a RADIUS proxy server.
radiusproxy-find Search for RADIUS proxy servers.
radiusproxy-mod Modify a RADIUS proxy server.
radiusproxy-show Display information about a RADIUS proxy server.
realmdomains-mod Modify realm domains.
realmdomains-show Display the list of realm domains.
role-add Add a new role.
role-add-member Add members to a role.
role-add-privilege Add privileges to a role.
role-del Delete a role.
role-find Search for roles.
role-mod Modify a role.
role-remove-member Remove members from a role.
role-remove-privilege Remove privileges from a role.
role-show Display information about a role.
selfservice-add Add a new self-service permission.
selfservice-del Delete a self-service permission.
selfservice-find Search for a self-service permission.
selfservice-mod Modify a self-service permission.
selfservice-show Display information about a self-service permission.
selinuxusermap-add Create a new SELinux User Map.
selinuxusermap-add-host Add target hosts and hostgroups to an SELinux User Map rule.
selinuxusermap-add-user Add users and groups to an SELinux User Map rule.
selinuxusermap-del Delete a SELinux User Map.
selinuxusermap-disable Disable an SELinux User Map rule.
selinuxusermap-enable Enable an SELinux User Map rule.
selinuxusermap-find Search for SELinux User Maps.
selinuxusermap-mod Modify a SELinux User Map.
selinuxusermap-remove-host Remove target hosts and hostgroups from an SELinux User Map rule.
selinuxusermap-remove-user Remove users and groups from an SELinux User Map rule.
selinuxusermap-show Display the properties of a SELinux User Map rule.
server-del Delete IPA server.
server-find Search for IPA servers.
server-mod Modify information about an IPA server.
server-role-find Find a server role on a server(s)
server-role-show Show role status on a server
server-show Show IPA server.
server-state Set enabled/hidden state of a server.
service-add Add a new IPA service.
service-add-cert Add new certificates to a service
service-add-host Add hosts that can manage this service.
service-add-principal Add new principal alias to a service
service-allow-create-keytab Allow users, groups, hosts or host groups to create a keytab of this service.
service-allow-retrieve-keytab Allow users, groups, hosts or host groups to retrieve a keytab of this service.
service-del Delete an IPA service.
service-disable Disable the Kerberos key and SSL certificate of a service.
service-disallow-create-keytab Disallow users, groups, hosts or host groups to create a keytab of this service.
service-disallow-retrieve-keytab Disallow users, groups, hosts or host groups to retrieve a keytab of this service.
service-find Search for IPA services.
service-mod Modify an existing IPA service.
service-remove-cert Remove certificates from a service
service-remove-host Remove hosts that can manage this service.
service-remove-principal Remove principal alias from a service
service-show Display information about an IPA service.
servicedelegationrule-add Create a new service delegation rule.
servicedelegationrule-add-member Add member to a named service delegation rule.
servicedelegationrule-add-target Add target to a named service delegation rule.
servicedelegationrule-del Delete service delegation.
servicedelegationrule-find Search for service delegations rule.
servicedelegationrule-remove-member Remove member from a named service delegation rule.
servicedelegationrule-remove-target Remove target from a named service delegation rule.
servicedelegationrule-show Display information about a named service delegation rule.
servicedelegationtarget-add Create a new service delegation target.
servicedelegationtarget-add-member Add member to a named service delegation target.
servicedelegationtarget-del Delete service delegation target.
servicedelegationtarget-find Search for service delegation target.
servicedelegationtarget-remove-member Remove member from a named service delegation target.
servicedelegationtarget-show Display information about a named service delegation target.
show-mappings Show mapping of LDAP attributes to command-line option.
stageuser-activate Activate a stage user.
stageuser-add Add a new stage user.
stageuser-add-cert Add one or more certificates to the stageuser entry
stageuser-add-certmapdata Add one or more certificate mappings to the stage user entry.
stageuser-add-manager Add a manager to the stage user entry
stageuser-add-principal Add new principal alias to the stageuser entry
stageuser-del Delete a stage user.
stageuser-find Search for stage users.
stageuser-mod Modify a stage user.
stageuser-remove-cert Remove one or more certificates to the stageuser entry
stageuser-remove-certmapdata Remove one or more certificate mappings from the stage user entry.
stageuser-remove-manager Remove a manager to the stage user entry
stageuser-remove-principal Remove principal alias from the stageuser entry
stageuser-show Display information about a stage user.
sudocmd-add Create new Sudo Command.
sudocmd-del Delete Sudo Command.
sudocmd-find Search for Sudo Commands.
sudocmd-mod Modify Sudo Command.
sudocmd-show Display Sudo Command.
sudocmdgroup-add Create new Sudo Command Group.
sudocmdgroup-add-member Add members to Sudo Command Group.
sudocmdgroup-del Delete Sudo Command Group.
sudocmdgroup-find Search for Sudo Command Groups.
sudocmdgroup-mod Modify Sudo Command Group.
sudocmdgroup-remove-member Remove members from Sudo Command Group.
sudocmdgroup-show Display Sudo Command Group.
sudorule-add Create new Sudo Rule.
sudorule-add-allow-command Add commands and sudo command groups affected by Sudo Rule.
sudorule-add-deny-command Add commands and sudo command groups affected by Sudo Rule.
sudorule-add-host Add hosts and hostgroups affected by Sudo Rule.
sudorule-add-option Add an option to the Sudo Rule.
sudorule-add-runasgroup Add group for Sudo to execute as.
sudorule-add-runasuser Add users and groups for Sudo to execute as.
sudorule-add-user Add users and groups affected by Sudo Rule.
sudorule-del Delete Sudo Rule.
sudorule-disable Disable a Sudo Rule.
sudorule-enable Enable a Sudo Rule.
sudorule-find Search for Sudo Rule.
sudorule-mod Modify Sudo Rule.
sudorule-remove-allow-command Remove commands and sudo command groups affected by Sudo Rule.
sudorule-remove-deny-command Remove commands and sudo command groups affected by Sudo Rule.
sudorule-remove-host Remove hosts and hostgroups affected by Sudo Rule.
sudorule-remove-option Remove an option from Sudo Rule.
sudorule-remove-runasgroup Remove group for Sudo to execute as.
sudorule-remove-runasuser Remove users and groups for Sudo to execute as.
sudorule-remove-user Remove users and groups affected by Sudo Rule.
sudorule-show Display Sudo Rule.
topic-find Search for help topics.
topic-show Display information about a help topic.
topologysegment-add Add a new segment.
topologysegment-del Delete a segment.
topologysegment-find Search for topology segments.
topologysegment-mod Modify a segment.
topologysegment-reinitialize Request a full re-initialization of the node retrieving data from the other node.
topologysegment-show Display a segment.
topologysuffix-find Search for topology suffixes.
topologysuffix-show Show managed suffix.
topologysuffix-verify Verify replication topology for suffix.
trust-add Add new trust to use.
trust-del Delete a trust.
trust-fetch-domains Refresh list of the domains associated with the trust
trust-find Search for trusts.
trust-mod Modify a trust (for future use).
trust-show Display information about a trust.
trustconfig-mod Modify global trust configuration.
trustconfig-show Show global trust configuration.
trustdomain-del Remove information about the domain associated with the trust.
trustdomain-disable Disable use of IPA resources by the domain of the trust
trustdomain-enable Allow use of IPA resources by the domain of the trust
trustdomain-find Search domains of the trust
user-add Add a new user.
user-add-cert Add one or more certificates to the user entry
user-add-certmapdata Add one or more certificate mappings to the user entry.
user-add-manager Add a manager to the user entry
user-add-principal Add new principal alias to the user entry
user-del Delete a user.
user-disable Disable a user account.
user-enable Enable a user account.
user-find Search for users.
user-mod Modify a user.
user-remove-cert Remove one or more certificates to the user entry
user-remove-certmapdata Remove one or more certificate mappings from the user entry.
user-remove-manager Remove a manager to the user entry
user-remove-principal Remove principal alias from the user entry
user-show Display information about a user.
user-stage Move deleted user into staged area
user-status Lockout status of a user account
user-undel Undelete a delete user account.
user-unlock Unlock a user account
vault-add Create a new vault.
vault-add-member Add members to a vault.
vault-add-owner Add owners to a vault.
vault-archive Archive data into a vault.
vault-del Delete a vault.
vault-find Search for vaults.
vault-mod Modify a vault.
vault-remove-member Remove members from a vault.
vault-remove-owner Remove owners from a vault.
vault-retrieve Retrieve a data from a vault.
vault-show Display information about a vault.
vaultconfig-show Show vault configuration.
vaultcontainer-add-owner Add owners to a vault container.
vaultcontainer-del Delete a vault container.
vaultcontainer-remove-owner Remove owners from a vault container.
vaultcontainer-show Display information about a vault container.Last updated
Was this helpful?