1LDAPMODIFY(1) General Commands Manual LDAPMODIFY(1)
2
6 ldapmodify, ldapadd - LDAP modify entry and LDAP add entry tools
7
9 ldapmodify [-a] [-c] [-S file] [-n] [-v] [-M[M]] [-d debuglevel]
10 [-D binddn] [-W] [-w passwd] [-y passwdfile] [-H ldapuri] [-h ldaphost]
11 [-p ldapport] [-P 2|3] [-O security-properties] [-I] [-Q] [-U authcid]
12 [-R realm] [-x] [-X authzid] [-Y mech] [-Z[Z]] [-f file]
13 ldapadd [-c] [-S file] [-n] [-v] [-M[M]] [-d debuglevel] [-D binddn]
15 [-W] [-w passwd] [-y passwdfile] [-h ldaphost] [-p ldapport] [-P 2|3]
16 [-O security-properties] [-I] [-Q] [-U authcid] [-R realm] [-x]
17 [-X authzid] [-Y mech] [-Z[Z]] [-f file]
18
20 ldapmodify is a shell-accessible interface to the ldap_modify(3) and
21 ldap_add(3) library calls. ldapadd is implemented as a hard link to
22 the ldapmodify tool. When invoked as ldapadd the -a (add new entry)
23 flag is turned on automatically.
24 ldapmodify opens a connection to an LDAP server, binds, and modifies or
26 adds entries. The entry information is read from standard input or
27 from file through the use of the -f option.
28
30 -a Add new entries. The default for ldapmodify is to modify exist‐
31 ing entries. If invoked as ldapadd, this flag is always set.
32 -c Continuous operation mode. Errors are reported, but ldapmodify
34 will continue with modifications. The default is to exit after
35 reporting an error.
36 -S file
38 Add or change records which where skipped due to an error are
39 written to file and the error message returned by the server is
40 added as a comment. Most useful in conjunction with -c.
41 -n Show what would be done, but don't actually modify entries.
43 Useful for debugging in conjunction with -v.
44 -v Use verbose mode, with many diagnostics written to standard out‐
46 put.
47 -F Force application of all changes regardless of the contents of
49 input lines that begin with replica: (by default, replica: lines
50 are compared against the LDAP server host and port in use to
51 decide if a replog record should actually be applied).
52 -M[M] Enable manage DSA IT control. -MM makes control critical.
54 -d debuglevel
56 Set the LDAP debugging level to debuglevel. ldapmodify must be
57 compiled with LDAP_DEBUG defined for this option to have any
58 effect.
59 -f file
61 Read the entry modification information from file instead of
62 from standard input.
63 -x Use simple authentication instead of SASL.
65 -D binddn
67 Use the Distinguished Name binddn to bind to the LDAP directory.
68 -W Prompt for simple authentication. This is used instead of spec‐
70 ifying the password on the command line.
71 -w passwd
73 Use passwd as the password for simple authentication.
74 -y passwdfile
76 Use complete contents of passwdfile as the password for simple
77 authentication.
78 -H ldapuri
80 Specify URI(s) referring to the ldap server(s); only the proto‐
81 col/host/port fields are allowed; a list of URI, separated by
82 whitespace or commas is expected.
83 -h ldaphost
85 Specify an alternate host on which the ldap server is running.
86 Deprecated in favor of -H.
87 -p ldapport
89 Specify an alternate TCP port where the ldap server is listen‐
90 ing. Deprecated in favor of -H.
91 -P 2|3 Specify the LDAP protocol version to use.
93 -O security-properties
95 Specify SASL security properties.
96 -I Enable SASL Interactive mode. Always prompt. Default is to
98 prompt only as needed.
99 -Q Enable SASL Quiet mode. Never prompt.
101 -U authcid
103 Specify the authentication ID for SASL bind. The form of the ID
104 depends on the actual SASL mechanism used.
105 -R realm
107 Specify the realm of authentication ID for SASL bind. The form
108 of the realm depends on the actual SASL mechanism used.
109 -X authzid
111 Specify the requested authorization ID for SASL bind. authzid
112 must be one of the following formats: dn:<distinguished name> or
113 u:<username>
114 -Y mech
116 Specify the SASL mechanism to be used for authentication. If
117 it's not specified, the program will choose the best mechanism
118 the server knows.
119 -Z[Z] Issue StartTLS (Transport Layer Security) extended operation. If
121 you use -ZZ, the command will require the operation to be suc‐
122 cessful.
123
125 The contents of file (or standard input if no -f flag is given on the
126 command line) should conform to the format defined in ldif(1) (LDIF as
127 defined RFC 2849), or slapd.replog(5) (an extended form of LDIF) with
128 the exceptions noted below.
129 Lines that begin with "replica:" are matched against the LDAP server
131 host and port in use to decide if a particular replog record should be
132 applied. Any other lines that precede the "dn:" line are ignored. The
133 -F flag can be used to force ldapmodify to apply all of the replog
134 changes, regardless of the presence or absence of any "replica:" lines.
135 If no "changetype:" line is present, the default is "add" if the -a
137 flag is set (or if the program was invoked as ldapadd) and "modify"
138 otherwise.
139 If changetype is "modify" and no "add:", "replace:", or "delete:" lines
141 appear, the default is "replace" for ldapmodify(1) and "add" for lda‐
142 padd(1).
143 Note that the above exceptions to the slapd.replog(5) format allow
145 ldif(5) entries to be used as input to ldapmodify or ldapadd.
146
148 Assuming that the file /tmp/entrymods exists and has the contents:
149 dn: cn=Modify Me,dc=example,dc=com
151 changetype: modify
152 replace: mail
153 mail: modme@example.com
154 -
155 add: title
156 title: Grand Poobah
157 -
158 add: jpegPhoto
159 jpegPhoto:< file:///tmp/modme.jpeg
160 -
161 delete: description
162 -
163 the command:
165 ldapmodify -f /tmp/entrymods
167 will replace the contents of the "Modify Me" entry's mail attribute
169 with the value "modme@example.com", add a title of "Grand Poobah", and
170 the contents of the file "/tmp/modme.jpeg" as a jpegPhoto, and com‐
171 pletely remove the description attribute.
172 Assuming that the file /tmp/newentry exists and has the contents:
174 dn: cn=Barbara Jensen,dc=example,dc=com
176 objectClass: person
177 cn: Barbara Jensen
178 cn: Babs Jensen
179 sn: Jensen
180 title: the world's most famous mythical manager
181 mail: bjensen@example.com
182 uid: bjensen
183 the command:
185 ldapadd -f /tmp/newentry
187 will add a new entry for Babs Jensen, using the values from the file
189 /tmp/newentry.
190 Assuming that the file /tmp/entrymods exists and has the contents:
192 dn: cn=Barbara Jensen,dc=example,dc=com
194 changetype: delete
195 the command:
197 ldapmodify -f /tmp/entrymods
199 will remove Babs Jensen's entry.
201
203 Exit status is zero if no errors occur. Errors result in a non-zero
204 exit status and a diagnostic message being written to standard error.
205
207 ldapadd(1), ldapdelete(1), ldapmodrdn(1), ldapsearch(1), ldap.conf(5),
208 ldap(3), ldap_add(3), ldap_delete(3), ldap_modify(3), ldap_modrdn(3),
209 ldif(5), slapd.replog(5)
210
212 The OpenLDAP Project <http://www.openldap.org/>
213
215 OpenLDAP is developed and maintained by The OpenLDAP Project
216 (http://www.openldap.org/). OpenLDAP is derived from University of
217 Michigan LDAP 3.3 Release.
218OpenLDAP 2.3.34 2007/2/16 LDAPMODIFY(1)