1ldapmodify(1)                    User Commands                   ldapmodify(1)
2
3
4

NAME

6       ldapmodify, ldapadd - ldap entry addition and modification tools
7

SYNOPSIS

9       ldapmodify [-a] [-c] [-r] [-n] [-v] [-F] [-b] [-A] [-q]
10            [-H] [-?] [-E] [-J] [-Z] [-M] [-d debuglevel]
11            [-D bindDN] [-j filename] [-J [:criticality]]
12            [-B baseDN] [-V version] [-Y proxyDN] [-O hopLimit]
13            [-i locale] [-k path] [-e errorFile] [-P path]
14            [-N certificate] [-w passwd] [-o attributename=value]
15            [-h ldaphost] [-W password] [-p ldapport] [-f file]
16            [-l nb-ldap-connections]
17
18
19       ldapadd [-c] [-n] [-v] [-F]
20            [ [-b] [-A] [-q] [-H] [-?] [-E] [-J] [-Z] [-M]-d debuglevel]
21            [-D bindDN] [-j filename] [-B baseDN] [-V version]
22            [-Y proxyDN] [-O hopLimit] [-i locale] [-k path]
23            [-e errorFile] [-P path] [-N certificate] [-w passwd]
24            [-o attributename=value] [-h ldaphost] [-W password]
25            [-p ldapport] [-f file] [-l nb-ldap-connections]
26
27

DESCRIPTION

29       The  ldapmodify utility opens a connection to an LDAP server, binds and
30       modifies or adds entries. The entry information is read  from  standard
31       input  or from file, specified using the -f option. The ldapadd utility
32       is implemented as a hard link to the ldapmodify tool. When  invoked  as
33       ldapadd, the -a (add new entry) option is turned on automatically.
34
35
36       Both ldapadd and ldapmodify reject duplicate attribute-name/value pairs
37       for the same entry.
38

OPTIONS

40       The following options are supported:
41
42       -a
43
44           Adds new entries. The default for ldapmodify is to modify  existing
45           entries. If invoked as ldapadd, this option is always set.
46
47
48       -A
49
50           Non-ASCII  mode:  display non-ASCII values, in conjunction with the
51           -v option.
52
53
54       -b
55
56           Handle binary files. The ldapmodify tool will scan every  attribute
57           value  in  the input to determine whether it is a valid file refer‐
58           ence. If the reference is valid, it will use the  contents  of  the
59           file  as the attribute's value. This option is used to input binary
60           data, such as a JPEG image, for an attribute. For example, the cor‐
61           responding  LDIF  input  would be: " jpegPhoto: /tmp/photo.jpg" The
62           ldapmodify tool also supports the LDIF :< URL notation for directly
63           including file contents.
64
65
66       -B baseDN
67
68           Specify  the  base  DN when performing additions, usually in double
69           quotes ("") for the shell. All entries will be  placed  under  this
70           suffix, thus providing bulk import functionality.
71
72
73       -c
74
75           Specifies continuous operation mode. Errors are reported, but ldap‐
76           modify and  ldapadd continue with modifications. The default is  to
77           exit after reporting an error.
78
79
80       -D bindDN
81
82           Uses the distinguished name bindDN to bind to the directory.
83
84
85       -d debuglevel
86
87           Sets the LDAP debugging level. Useful levels of debugging for ldap‐
88           modify and ldapadd are:
89
90           1      Trace
91
92
93           2      Packets
94
95
96           4      Arguments
97
98
99           32     Filters
100
101
102           128    Access control
103
104           To request more than one category of debugging information, add the
105           masks.  For example, to request trace and filter information, spec‐
106           ify a debuglevel of 33.
107
108
109       -e errorFile
110
111           Invalid update statements in the input will be copied to the error‐
112           File  for  debugging. Use with the -c option to correct errors when
113           processing large LDIF input.
114
115
116       -E
117
118           Ask server to expose (report) bind identity by means of authentica‐
119           tion response control.
120
121
122       -F
123
124           Forces  application  of  all  changes  regardless of the content of
125           input lines that begin with replica:. By  default,  replica:  lines
126           are compared against the LDAP server host and port in use to decide
127           whether a replog record should be applied.
128
129
130       -f file
131
132           Reads the entry modification information from file instead of  from
133           standard input.
134
135
136       -?
137
138           Display the usage help text that briefly describes all options.
139
140
141       -H
142
143           Display the usage help text that briefly describes all options.
144
145
146       -h ldaphost
147
148           Specifies an alternate host on which the LAPD server is running.
149
150
151       -i locale
152
153           Specify  the  character  set to use for the -f LDIFfile or standard
154           input. The default is the character set specified in the LANG envi‐
155           ronment  variable.  You  might choose to use this option to perform
156           the conversion from the specified character set to UTF8, thus over‐
157           riding the LANG setting.
158
159
160       -j filename
161
162           Specify a file containing the password for the bind DN or the pass‐
163           word for the SSL client's key database. To  protect  the  password,
164           use this option in scripts and place the password in a secure file.
165           This option is mutually exclusive of the -w and -W options.
166
167
168       -J [:criticality[:value|::b64value|b64value|:fileurl]]
169
170           Criticality is a boolean value (default is false).
171
172
173       -k path
174
175           Specify the path to a  directory  containing  conversion  routines.
176           These routines are used if you want to specify a locale that is not
177           supported by default by your directory server. This is for NLS sup‐
178           port.
179
180
181       -l nb-ldap-connections
182
183           Specifies the number of LDAP connections that ldapadd or ldapmodify
184           will open to  process  the  modifications  in  the  directory.  The
185           default is one connection.
186
187
188       -M
189
190           Manage  smart referrals. When they are the target of the operation,
191           modify the entry containing  the  referral  instead  of  the  entry
192           obtained by following the referral.
193
194
195       -n
196
197           Previews  modifications, but makes no changes to entries. Useful in
198           conjunction with -v and -d for debugging.
199
200
201       -N certificate
202
203           Specify the certificate name to use  for  certificate-based  client
204           authentication. For example: -N "Directory-Cert".
205
206
207       -o attributename=value
208
209           For  SASL mechanisms and other options such as security properties,
210           mode of operation, authorization  ID,  authentication  ID,  and  so
211           forth.
212
213           The different attribute names and their values are as follows:
214
215           secProp="number"    For defining SASL security properties.
216
217
218           realm="value"       Specifies SASL realm (default is realm=none).
219
220
221           authzid="value"     Specify  the  authorization  ID  name  for SASL
222                               bind.
223
224
225           authid="value"      Specify the authentication ID for SASL bind.
226
227
228           mech="value"        Specifies the various SASL mechanisms.
229
230
231
232       -O hopLimit
233
234           Specify the maximum number of referral hops to follow while finding
235           an entry to modify. By default, there is no limit.
236
237
238       -p ldapport
239
240           Specifies  an  alternate  TCP  port where the secure LDAP server is
241           listening.
242
243
244       -P path
245
246           Specify the path and filename of the client's certificate database.
247           For example:
248
249             -P /home/uid/.netscape/cert7.db
250
251           When  using  the  command on the same host as the directory server,
252           you can use the server's own certificate database. For example:
253
254             -P installDir/lapd-serverID/alias/cert7.db
255
256           Use the -P option alone to specify server authentication only.
257
258
259       -r
260
261           Replaces existing value with  the  specified  value.  This  is  the
262           default for ldapmodify. When ldapadd is called, or if the -a option
263           is specified, the -r option is ignored.
264
265
266       -v
267
268           Uses verbose mode, with diagnostics written to standard output.
269
270
271       -V version
272
273           Specify the LDAP protocol version number to be used for the  delete
274           operation,  either  2 or 3. LDAP v3 is the default. Specify LDAP v2
275           when connecting to servers that do not support v3.
276
277
278       -W password
279
280           Specify the password for the client's key database given in the  -P
281           option.  This  option  is  required  for  certificate-based  client
282           authentication. Specifying password on the command line  has  secu‐
283           rity  issues because the password can be seen by others on the sys‐
284           tem by means of the ps command. Use the -j instead to  specify  the
285           password from the file. This option is mutually exclusive of -j.
286
287
288       -w passwd
289
290           Use  passwd  as  the  password for authentication to the directory.
291           When you use -w passwd to specify  the  password  to  be  used  for
292           authentication,  the password is visible to other users of the sys‐
293           tem by means of the ps command, in script files or  in  shell  his‐
294           tory.  If you use either the ldapmodify command or the ldapadd com‐
295           mand without this option, the command will prompt for the  password
296           and  read it from standard in. When used without the -w option, the
297           password will not be visible to other users.
298
299
300       -Y proxyid
301
302           Specify the proxy DN (proxied authorization id) to use for the mod‐
303           ify operation, usually in double quotes ("") for the shell.
304
305
306       -Z
307
308           Specify  that  SSL  be  used  to  provide  certificate-based client
309           authentication. This option requires the -N and  SSL  password  and
310           any other of the SSL options needed to identify the certificate and
311           the key database.
312
313

EXIT STATUS

315       The following exit values are returned:
316
317       0            Successful completion.
318
319
320       Non-zero     An error occurred. A  diagnostic  message  is  written  to
321                    standard error.
322
323

EXAMPLES

325       The format of the content of file (or standard input if no -f option is
326       specified) is illustrated in the following examples.
327
328       Example 1 Modifying an Entry
329
330
331       The file /tmp/entrymods contains the  following  modification  instruc‐
332       tions:
333
334
335              dn: cn=Modify Me, o=XYZ, c=US
336             changetype: modify
337             replace: mail
338             mail: modme@atlanta.xyz.com
339             -
340             add: title
341             title: System Manager
342             -
343             add: jpegPhoto
344             jpegPhoto:< file:///tmp/modme.jpeg
345             -
346             delete: description
347             -
348
349
350
351       The command:
352
353
354         example% ldapmodify -r -f /tmp/entrymods
355
356
357
358
359       modifies the Modify Me entry as follows:
360
361
362           1.     The current value of the mail attribute is replaced with the
363                  value, modme@atlanta.xyz.com.
364
365           2.     A title attribute with the value, System Manager, is added.
366
367           3.     A jpegPhoto attribute is added, using the  contents  of  the
368                  file, /tmp/modme.jpeg, as the attribute value.
369
370           4.     The description attribute is removed.
371
372       Example 2 Creating a New Entry
373
374
375       The  file, /tmp/newentry, contains the following information for creat‐
376       ing a new entry:
377
378
379             dn: cn=Ann Jones, o=XYZ, c=US
380             objectClass: person
381             cn: Ann Jones
382             cn: Annie Jones
383             sn: Jones
384             title: Director of Research and Development
385             mail: ajones@londonrd.xyz.us.com
386             uid: ajones
387
388
389
390       The command
391
392
393         example% ldapadd -f /tmp/newentry
394
395
396
397
398       adds a new entry for Ann Jones, using the information in the file.
399
400
401       Example 3 Creating a New Entry on an IPv6 Server
402
403
404       The file, /tmp/newentry, contains the following information for  creat‐
405       ing a new entry: on an IPv6 server.
406
407
408             dn: cn=Ann Jones, o=XYZ, c=US
409             objectClass: person
410             cn: Ann Jones
411             cn: Annie Jones
412             sn: Jones
413             title: Director of Research and Development
414             mail: ajones@londonrd.xyz.us.com
415             uid: ajones
416
417
418
419       The command
420
421
422         example% ldapadd -c -v -h '['fec0::111:a00:20ff:feaa:a364']':389 \
423                                  -D cn=Directory Manager -w secret \
424                                  -f /tmp/entry
425
426
427
428
429       adds  a  new  entry for Directory Manager, using the information in the
430       file.
431
432
433       Example 4 Deleting an Entry
434
435
436       The file, /tmp/badentry, contains the following  information  about  an
437       entry to be deleted:
438
439
440             dn: cn=Ann Jones, o=XYZ, c=US
441             changetype: delete
442
443
444
445       The command:
446
447
448         example% ldapmodify -f /tmp/badentry
449
450
451
452
453       removes Ann Jones' entry.
454
455

ATTRIBUTES

457       See attributes(5) for a description of the following attributes:
458
459
460
461
462       ┌─────────────────────────────┬─────────────────────────────┐
463       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
464       ├─────────────────────────────┼─────────────────────────────┤
465       │Availability                 │SUNWcsu                      │
466       │Stability Level              │Evolving                     │
467       └─────────────────────────────┴─────────────────────────────┘
468

SEE ALSO

470       ldap(1), ldapdelete(1), ldaplist(1), ldapmodrdn(1), ldapsearch(1), lda‐
471       paddent(1M),         ldap_cachemgr(1M),         ldap_get_option(3LDAP),
472       ldap_set_option(3LDAP), attributes(5)
473
474
475
476SunOS 5.11                        15 Jan 2004                    ldapmodify(1)
Impressum