1ipa-ldap-updater(1) IPA Manual Pages ipa-ldap-updater(1)
2
6 ipa-ldap-updater - Update the IPA LDAP configuration
7
9 ipa-ldap-updater [options] input_file(s)
10
12 ipa-ldap-updater is utility which can be used to update the IPA LDAP
13 server.
14 An update file describes an LDAP entry and a set of operations to be
16 performed on that entry. It can be used to add new entries or modify
17 existing entries.
18 Blank lines and lines beginning with # are ignored.
20 There are 7 keywords:
22 * default: the starting value
24 * add: add a value to an attribute
25 * remove: remove a value from an attribute
26 * only: set an attribute to this
27 * onlyifexist: set an attribute to this only if the entry exists
28 * deleteentry: remove the entry
29 * replace: replace an existing value, format is old::new
30 * addifnew: add a new attribute and value only if the attribute
31 doesn't already exist. Only works with single-value attributes.
32 * addifexist: add a new attribute and value only if the entry
33 exists. This is used to update optional entries.
34 The difference between the default and add keywords is if the DN of the
36 entry exists then default is ignored. So for updating something like
37 schema, which will be under cn=schema, you must always use add (because
38 cn=schema is guaranteed to exist). It will not re-add the same informa‐
39 tion again and again.
40 It also provides some things that can be templated such as architecture
42 (for plugin paths), realm and domain name.
43 The available template variables are:
45 * $REALM - the kerberos realm (EXAMPLE.COM)
47 * $FQDN - the fully-qualified domain name of the IPA server being
48 updated (ipa.example.com)
49 * $DOMAIN - the domain name (example.com)
50 * $SUFFIX - the IPA LDAP suffix (dc=example,dc=com)
51 * $ESCAPED_SUFFIX - the ldap-escaped IPA LDAP suffix
52 * $LIBARCH - set to 64 on x86_64 systems to be used for plugin
53 paths
54 * $TIME - an integer representation of current time
55 For base64 encoded values a double colon ('::') must be used between
57 attribute and value.
58 Base64 format examples:
60 add:binaryattr::d2UgbG92ZSBiYXNlNjQ=
61 replace:binaryattr::SVBBIGlzIGdyZWF0::SVBBIGlzIHJlYWxseSBncmVhdA==
62 A few rules:
64 1. Only one rule per line
66 2. Each line stands alone (e.g. an only followed by an only results
67 in the last only being used)
68 3. Adding a value that exists is ok. The request is ignored, dupli‐
69 cate values are not added
70 4. Removing a value that doesn't exist is ok. It is simply ignored.
71 5. If a DN doesn't exist it is created from the 'default' entry and
72 all updates are applied
73 6. If a DN does exist the default values are skipped
74 7. Only the first rule on a line is respected
75 ipa-ldap-updater allows to execute update plugins. Plugins to be exe‐
77 cuted are specified with following keyword, in update files:
78 * plugin: name of plugin
79 This keyword is not bounded to DN, and plugin names have to be regis‐
81 tered in API.
82 Additionally, ipa-ldap-updater can update the schema based on LDIF
84 files. Any missing object classes and attribute types are added, and
85 differing ones are updated to match the LDIF file. To enable this
86 behavior, use the --schema-file options. Schema files should be in
87 LDIF format, and may only specify attributeTypes and objectClasses
88 attributes of cn=schema.
89
92 -d, --debug
93 Enable debug logging when more verbose output is needed
94 -u, --upgrade
96 Upgrade an installed server in offline mode (implies --schema)
97 -S, --schema-file
99 Specify a schema file. May be used multiple times. Implies
100 --schema.
101
103 0 if the command was successful
104 1 if an error occurred
106IPA Sep 12 2008 ipa-ldap-updater(1)