The dir-cli utility allows you to create and update solution users, create other user accounts, and manage certificates and passwords in vmdir. Use this utility together with vecs-cli and certool to manage your certificate infrastructure.

Creates a solution user. Primarily used by third-party solutions.

Option

Description

--name <name>

Name of the solution user to create

--cert <cert file>

Path to the certificate file. This can be a certificate signed by VMCA or a third-party certificate.

--login <admin_user_id>

By default, administrator@vsphere.local. That administrator can add other users to the CAAdmins vCenter Single Sign-On group to give them administrator privileges.

--password <admin_password>

Password of the administrator user. If you do not specify the password, you are prompted.

List the solution users that dir-cli knows about.

Option

Description

--login <admin_user_id>

By default, administrator@vsphere.local. That administrator can add other users to the CAAdmins vCenter Single Sign-On group to give them administrator privileges.

--password <admin_password>

Password of the administrator user. If you do not specify the password, you are prompted.

Delete a solution user in vmdir. When you delete the solution user, all associated services become unavailable to all management nodes that use this instance of vmdir.

Option

Description

--name

Name of the solution user to delete.

--login <admin_user_id>

By default, administrator@vsphere.local. That administrator can add other users to the CAAdmins vCenter Single Sign-On group to give them administrator privileges.

--password <admin_password>

Password of the administrator user. If you do not specify the password, you are prompted.

Updates the certificate for a specified solution user, that is, collection of services. After running this command, VECS picks up the change after 5 minutes, or you can use vecs-cli force-refresh to force a refresh.

Option

Description

--name <name>

Name of the solution user to update .

--cert <cert_file>

Name of the certificate to assign to the service.

--login <admin_user_id>

By default, administrator@vsphere.local. That administrator can add other users to the CAAdmins vCenter Single Sign-On group to give them administrator privileges.

--password <admin_password>

Password of the administrator user. If you do not specify the password, you are prompted.

Creates a regular user inside vmdir. This command can be used for human users who authenticate to vCenter Single Sign-On with a user name and password. Use this command only during prototyping.

Option

Description

--account <name>

Name of the vCenter Single Sign-On user to create.

--user-password <password>

Initial password for the user.

--first-name <name>

First name for the user.

--last-name <name>

Last name for the user.

--login <admin_user_id>

By default, administrator@vsphere.local. That administrator can add other users to the CAAdmins vCenter Single Sign-On group to give them administrator privileges.

--password <admin_password>

Password of the administrator user. If you do not specify the password, you are prompted.

Deletes the specified user inside vmdir.

Option

Description

--account <name>

Name of the vCenter Single Sign-On user to delete.

--login <admin_user_id>

By default, administrator@vsphere.local. That administrator can add other users to the CAAdmins vCenter Single Sign-On group to give them administrator privileges.

--password <admin_password>

Password of the administrator user. If you do not specify the password, you are prompted.

Adds a user or group to an already existing group.

Option

Description

--name <name>

Name of the group in vmdir.

--add <user_or_group_name>

Name of the user or group to add.

--login <admin_user_id>

By default, administrator@vsphere.local. That administrator can add other users to the CAAdmins vCenter Single Sign-On group to give them administrator privileges.

--password <admin_password>

Password of the administrator user. If you do not specify the password, you are prompted.

Lists a specified vmdir group.

Option

Description

--name <name>

Optional name of the group in vmdir. This option allows you to check whether a group exists.

--login <admin_user_id>

By default, administrator@vsphere.local. That administrator can add other users to the CAAdmins vCenter Single Sign-On group to give them administrator privileges.

--password <admin_password>

Password of the administrator user. If you do not specify the password, you are prompted.

Publishes a trusted root certificate to vmdir.

Option

Description

--cert <file>

Path to certificate file.

--login <admin_user_id>

By default, administrator@vsphere.local. That administrator can add other users to the CAAdmins vCenter Single Sign-On group to give them administrator privileges.

--password <admin_password>

Password of the administrator user. If you do not specify the password, you are prompted.

Unpublishes a trusted root certificate currently in vmdir. Use this command, for example, if you added a different root certificate to vmdir that is now the root certificate for all other certificates in your environment. Unpublishing certificates that are no longer in use is part of hardening your environment.

Option

Description

--cert-file <file>

Path to the certificate file to unpublish

--crl <file>

Path to the CRL file associated with this certificate. Not currently used.

--login <admin_user_id>

By default, administrator@vsphere.local. That administrator can add other users to the CAAdmins vCenter Single Sign-On group to give them administrator privileges.

--password <admin_password>

Password of the administrator user. If you do not specify the password, you are prompted.

Lists all trusted root certificates and their corresponding IDs. You need the certificate IDs to retrieve a certificate with dir-cli trustedcert get.

Option

Description

--login <admin_user_id>

By default, administrator@vsphere.local. That administrator can add other users to the CAAdmins vCenter Single Sign-On group to give them administrator privileges.

--password <admin_password>

Password of the administrator user. If you do not specify the password, you are prompted.

Retrieves a trusted root certificate from vmdir and writes it to a specified file.

Option

Description

--id <cert_ID>

ID of the certificate to retrieve. The ID is displayed in the dir-cli trustedcert list command.

--outcert <path>

Path to write the certificate file to.

--outcrl <path>

Path to write the CRL file to. Not currently used.

--login <admin_user_id>

By default, administrator@vsphere.local. That administrator can add other users to the CAAdmins vCenter Single Sign-On group to give them administrator privileges.

--password <admin_password>

Password of the administrator user. If you do not specify the password, you are prompted.

Creates a random password that meets the password requirements. This command can be used by third-party solution users.

Option

Description

--login <admin_user_id>

By default, administrator@vsphere.local. That administrator can add other users to the CAAdmins vCenter Single Sign-On group to give them administrator privileges.

--password <admin_password>

Password of the administrator user. If you do not specify the password, you are prompted.

Allows an administrator to reset a user's password. If you are a non-administrator user who wants to reset a password, use dir-cli password change instead.

Option

Description

--account

Name of the account to assign a new password to.

--new

New password for the specified user.

--login <admin_user_id>

By default, administrator@vsphere.local. That administrator can add other users to the CAAdmins vCenter Single Sign-On group to give them administrator privileges.

--password <admin_password>

Password of the administrator user. If you do not specify the password, you are prompted.

Allows a user to change their password. You must be the user who owns the account to make this change. Administrators can use dir-cli password reset to reset any password.

Option

Description

--account

Account name.

--current

Current password of the user who owns the account.

--new

New password of the user who owns the account.