ipa-ldap-updater(1)

1ipa-ldap-updater(1)                                        ipa-ldap-updater(1)
2
3
4

NAME

6       ipa-ldap-updater - Update the IPA LDAP configuration
7

SYNOPSIS

9       ipa-ldap-updater [options] input_file(s) ipa-ldap-updater [options]
10

DESCRIPTION

12       Run  with  no  file  arguments, ipa-ldap-updater will process all files
13       with the extension .update in /usr/share/ipa/updates.
14
15       An update file describes an LDAP entry and a set of  operations  to  be
16       performed  on  that  entry. It can be used to add new entries or modify
17       existing entries. It cannot remove entries, just specific values  in  a
18       given attribute.
19
20       Blank lines and lines beginning with # are ignored.
21
22       There are 4 keywords:
23
24           * default: the starting value
25           * add: add a value (or values) to an attribute
26           * remove: remove a value (or values) from an attribute
27           * only: set an attribute to this
28
29       Values  is  a comma-separated field so multi-values may be added at one
30       time. Double or single quotes may be put around individual values  that
31       contain embedded commas.
32
33       The difference between the default and add keywords is if the DN of the
34       entry exists then default is ignored. So for  updating  something  like
35       schema, which will be under cn=schema, you must always use add (because
36       cn=schema is guaranteed to exist). It will not re-add the same informa‐
37       tion again and again.
38
39       It alsos provide some things that can be templated such as architecture
40       (for plugin paths), realm and domain name.
41
42       The available template variables are:
43
44           * $REALM - the kerberos realm (EXAMPLE.COM)
45           * $FQDN - the fully-qualified domain name of the IPA  server  being
46       updated (ipa.example.com)
47           * $DOMAIN - the domain name (example.com)
48           * $SUFFIX - the IPA LDAP suffix (dc=example,dc=com)
49           *  $LIBARCH  -  set  to  64 on x86_64 systems to be used for plugin
50       paths
51           * $TIME - an integer representation of current time
52
53       A few rules:
54
55          1. Only one rule per line
56          2. Each line stands alone (e.g. an only followed by an only  results
57       in the last only being used)
58          3.  adding a value that exists is ok. The request is ignored, dupli‐
59       cate values are not added
60          4. removing a value that doesn't exist is ok. It is simply ignored.
61          5. If a DN doesn't exist it is created from the 'default' entry  and
62       all updates are applied
63          6. If a DN does exist the default values are skipped
64          7. Only the first rule on a line is respected
65

OPTIONS

67       -d, --debug
68              Enable debug logging when more verbose output is needed
69
70       -t, --test
71              Run through the update without changing anything. If changes are
72              available then the command returns 2. If no updates  are  avail‐
73              able it returns 0.
74
75       -y     File containing the Directory Manager password
76

EXIT STATUS

78       0 if the command was successful
79
80       1 if an error occurred
81
82       2 if run with in test mode (-t) and updates are available
83
84
85
86freeipa                           Sep 12 2008              ipa-ldap-updater(1)