1ldapmodify(1) User Commands ldapmodify(1)
2
6 ldapmodify, ldapadd - ldap entry addition and modification tools
7
9 ldapmodify [-a] [-c] [-r] [-n] [-v] [-F] [-b] [-A] [-q]
10 [-H] [-?] [-E] [-J] [-Z] [-M] [-d debuglevel]
11 [-D bindDN] [-j filename] [-J [:criticality]]
12 [-B baseDN] [-V version] [-Y proxyDN] [-O hopLimit]
13 [-i locale] [-k path] [-e errorFile] [-P path]
14 [-N certificate] [-w passwd] [-o attributename=value]
15 [-h ldaphost] [-W password] [-p ldapport] [-f file]
16 [-l nb-ldap-connections]
17 ldapadd [-c] [-n] [-v] [-F]
20 [ [-b] [-A] [-q] [-H] [-?] [-E] [-J] [-Z] [-M]-d debuglevel]
21 [-D bindDN] [-j filename] [-B baseDN] [-V version]
22 [-Y proxyDN] [-O hopLimit] [-i locale] [-k path]
23 [-e errorFile] [-P path] [-N certificate] [-w passwd]
24 [-o attributename=value] [-h ldaphost] [-W password]
25 [-p ldapport] [-f file] [-l nb-ldap-connections]
26
29 The ldapmodify utility opens a connection to an LDAP server, binds and
30 modifies or adds entries. The entry information is read from standard
31 input or from file, specified using the -f option. The ldapadd utility
32 is implemented as a hard link to the ldapmodify tool. When invoked as
33 ldapadd, the -a (add new entry) option is turned on automatically.
34 Both ldapadd and ldapmodify reject duplicate attribute-name/value pairs
37 for the same entry.
38
40 The following options are supported:
41 -a
43 Adds new entries. The default for ldapmodify is to modify existing
45 entries. If invoked as ldapadd, this option is always set.
46 -A
49 Non-ASCII mode: display non-ASCII values, in conjunction with the
51 -v option.
52 -b
55 Handle binary files. The ldapmodify tool will scan every attribute
57 value in the input to determine whether it is a valid file refer‐
58 ence. If the reference is valid, it will use the contents of the
59 file as the attribute's value. This option is used to input binary
60 data, such as a JPEG image, for an attribute. For example, the cor‐
61 responding LDIF input would be: " jpegPhoto: /tmp/photo.jpg" The
62 ldapmodify tool also supports the LDIF :< URL notation for directly
63 including file contents.
64 -B baseDN
67 Specify the base DN when performing additions, usually in double
69 quotes ("") for the shell. All entries will be placed under this
70 suffix, thus providing bulk import functionality.
71 -c
74 Specifies continuous operation mode. Errors are reported, but ldap‐
76 modify and ldapadd continue with modifications. The default is to
77 exit after reporting an error.
78 -D bindDN
81 Uses the distinguished name bindDN to bind to the directory.
83 -d debuglevel
86 Sets the LDAP debugging level. Useful levels of debugging for ldap‐
88 modify and ldapadd are:
89 1 Trace
91 2 Packets
94 4 Arguments
97 32 Filters
100 128 Access control
103 To request more than one category of debugging information, add the
105 masks. For example, to request trace and filter information, spec‐
106 ify a debuglevel of 33.
107 -e errorFile
110 Invalid update statements in the input will be copied to the error‐
112 File for debugging. Use with the -c option to correct errors when
113 processing large LDIF input.
114 -E
117 Ask server to expose (report) bind identity by means of authentica‐
119 tion response control.
120 -F
123 Forces application of all changes regardless of the content of
125 input lines that begin with replica:. By default, replica: lines
126 are compared against the LDAP server host and port in use to decide
127 whether a replog record should be applied.
128 -f file
131 Reads the entry modification information from file instead of from
133 standard input.
134 -?
137 Display the usage help text that briefly describes all options.
139 -H
142 Display the usage help text that briefly describes all options.
144 -h ldaphost
147 Specifies an alternate host on which the LAPD server is running.
149 -i locale
152 Specify the character set to use for the -f LDIFfile or standard
154 input. The default is the character set specified in the LANG envi‐
155 ronment variable. You might choose to use this option to perform
156 the conversion from the specified character set to UTF8, thus over‐
157 riding the LANG setting.
158 -j filename
161 Specify a file containing the password for the bind DN or the pass‐
163 word for the SSL client's key database. To protect the password,
164 use this option in scripts and place the password in a secure file.
165 This option is mutually exclusive of the -w and -W options.
166 -J [:criticality[:value|::b64value|b64value|:fileurl]]
169 Criticality is a boolean value (default is false).
171 -k path
174 Specify the path to a directory containing conversion routines.
176 These routines are used if you want to specify a locale that is not
177 supported by default by your directory server. This is for NLS sup‐
178 port.
179 -l nb-ldap-connections
182 Specifies the number of LDAP connections that ldapadd or ldapmodify
184 will open to process the modifications in the directory. The
185 default is one connection.
186 -M
189 Manage smart referrals. When they are the target of the operation,
191 modify the entry containing the referral instead of the entry
192 obtained by following the referral.
193 -n
196 Previews modifications, but makes no changes to entries. Useful in
198 conjunction with -v and -d for debugging.
199 -N certificate
202 Specify the certificate name to use for certificate-based client
204 authentication. For example: -N "Directory-Cert".
205 -o attributename=value
208 For SASL mechanisms and other options such as security properties,
210 mode of operation, authorization ID, authentication ID, and so
211 forth.
212 The different attribute names and their values are as follows:
214 secProp="number" For defining SASL security properties.
216 realm="value" Specifies SASL realm (default is realm=none).
219 authzid="value" Specify the authorization ID name for SASL
222 bind.
223 authid="value" Specify the authentication ID for SASL bind.
226 mech="value" Specifies the various SASL mechanisms.
229 -O hopLimit
233 Specify the maximum number of referral hops to follow while finding
235 an entry to modify. By default, there is no limit.
236 -p ldapport
239 Specifies an alternate TCP port where the secure LDAP server is
241 listening.
242 -P path
245 Specify the path and filename of the client's certificate database.
247 For example:
248 -P /home/uid/.netscape/cert7.db
250 When using the command on the same host as the directory server,
252 you can use the server's own certificate database. For example:
253 -P installDir/lapd-serverID/alias/cert7.db
255 Use the -P option alone to specify server authentication only.
257 -r
260 Replaces existing value with the specified value. This is the
262 default for ldapmodify. When ldapadd is called, or if the -a option
263 is specified, the -r option is ignored.
264 -v
267 Uses verbose mode, with diagnostics written to standard output.
269 -V version
272 Specify the LDAP protocol version number to be used for the delete
274 operation, either 2 or 3. LDAP v3 is the default. Specify LDAP v2
275 when connecting to servers that do not support v3.
276 -W password
279 Specify the password for the client's key database given in the -P
281 option. This option is required for certificate-based client
282 authentication. Specifying password on the command line has secu‐
283 rity issues because the password can be seen by others on the sys‐
284 tem by means of the ps command. Use the -j instead to specify the
285 password from the file. This option is mutually exclusive of -j.
286 -w passwd
289 Use passwd as the password for authentication to the directory.
291 When you use -w passwd to specify the password to be used for
292 authentication, the password is visible to other users of the sys‐
293 tem by means of the ps command, in script files or in shell his‐
294 tory. If you use either the ldapmodify command or the ldapadd com‐
295 mand without this option, the command will prompt for the password
296 and read it from standard in. When used without the -w option, the
297 password will not be visible to other users.
298 -Y proxyid
301 Specify the proxy DN (proxied authorization id) to use for the mod‐
303 ify operation, usually in double quotes ("") for the shell.
304 -Z
307 Specify that SSL be used to provide certificate-based client
309 authentication. This option requires the -N and SSL password and
310 any other of the SSL options needed to identify the certificate and
311 the key database.
312
315 The following exit values are returned:
316 0 Successful completion.
318 Non-zero An error occurred. A diagnostic message is written to
321 standard error.
322
325 The format of the content of file (or standard input if no -f option is
326 specified) is illustrated in the following examples.
327 Example 1 Modifying an Entry
329 The file /tmp/entrymods contains the following modification instruc‐
332 tions:
333 dn: cn=Modify Me, o=XYZ, c=US
336 changetype: modify
337 replace: mail
338 mail: modme@atlanta.xyz.com
339 -
340 add: title
341 title: System Manager
342 -
343 add: jpegPhoto
344 jpegPhoto:< file:///tmp/modme.jpeg
345 -
346 delete: description
347 -
348 The command:
352 example% ldapmodify -r -f /tmp/entrymods
355 modifies the Modify Me entry as follows:
360 1. The current value of the mail attribute is replaced with the
363 value, modme@atlanta.xyz.com.
364 2. A title attribute with the value, System Manager, is added.
366 3. A jpegPhoto attribute is added, using the contents of the
368 file, /tmp/modme.jpeg, as the attribute value.
369 4. The description attribute is removed.
371 Example 2 Creating a New Entry
373 The file, /tmp/newentry, contains the following information for creat‐
376 ing a new entry:
377 dn: cn=Ann Jones, o=XYZ, c=US
380 objectClass: person
381 cn: Ann Jones
382 cn: Annie Jones
383 sn: Jones
384 title: Director of Research and Development
385 mail: ajones@londonrd.xyz.us.com
386 uid: ajones
387 The command
391 example% ldapadd -f /tmp/newentry
394 adds a new entry for Ann Jones, using the information in the file.
399 Example 3 Creating a New Entry on an IPv6 Server
402 The file, /tmp/newentry, contains the following information for creat‐
405 ing a new entry: on an IPv6 server.
406 dn: cn=Ann Jones, o=XYZ, c=US
409 objectClass: person
410 cn: Ann Jones
411 cn: Annie Jones
412 sn: Jones
413 title: Director of Research and Development
414 mail: ajones@londonrd.xyz.us.com
415 uid: ajones
416 The command
420 example% ldapadd -c -v -h '['fec0::111:a00:20ff:feaa:a364']':389 \
423 -D cn=Directory Manager -w secret \
424 -f /tmp/entry
425 adds a new entry for Directory Manager, using the information in the
430 file.
431 Example 4 Deleting an Entry
434 The file, /tmp/badentry, contains the following information about an
437 entry to be deleted:
438 dn: cn=Ann Jones, o=XYZ, c=US
441 changetype: delete
442 The command:
446 example% ldapmodify -f /tmp/badentry
449 removes Ann Jones' entry.
454
457 See attributes(5) for a description of the following attributes:
458 ┌─────────────────────────────┬─────────────────────────────┐
463 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
464 ├─────────────────────────────┼─────────────────────────────┤
465 │Availability │SUNWcsu │
466 │Stability Level │Evolving │
467 └─────────────────────────────┴─────────────────────────────┘
468
470 ldap(1), ldapdelete(1), ldaplist(1), ldapmodrdn(1), ldapsearch(1), lda‐
471 paddent(1M), ldap_cachemgr(1M), ldap_get_option(3LDAP),
472 ldap_set_option(3LDAP), attributes(5)
473SunOS 5.11 15 Jan 2004 ldapmodify(1)