Unix/Linux Go Back    


CentOS 7.0 - man page for ipa-ldap-updater (centos section 1)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


ipa-ldap-updater(1)			 IPA Manual Pages		      ipa-ldap-updater(1)

NAME
       ipa-ldap-updater - Update the IPA LDAP configuration

SYNOPSIS
       ipa-ldap-updater [options] input_file(s) ipa-ldap-updater [options]

DESCRIPTION
       ipa-ldap-updater is used to apply updates to the IPA LDAP server when the IPA packages are
       being updated. It is not intended to be executed by end-users.

       When run with no file arguments, ipa-ldap-updater will process all files with  the  exten-
       sion .update in /usr/share/ipa/updates.

       An  update  file  describes  an LDAP entry and a set of operations to be performed on that
       entry. It can be used to add new entries or modify existing entries.

       Blank lines and lines beginning with # are ignored.

       There are 7 keywords:

	   * default: the starting value
	   * add: add a value (or values) to an attribute
	   * remove: remove a value (or values) from an attribute
	   * only: set an attribute to this
	   * onlyifexist: set an attribute to this only if the entry exists
	   * deleteentry: remove the entry
	   * replace: replace an existing value, format is old: new
	   * addifnew: add a new attribute and value only if the attribute doesn't already exist.
       Only works with single-value attributes.
	   *  addifexist: add a new attribute and value only if the entry exists. This is used to
       update optional entries.

       Values is a comma-separated field so multi-values may be added at one time. Double or sin-
       gle quotes may be put around individual values that contain embedded commas.

       The  difference between the default and add keywords is if the DN of the entry exists then
       default is ignored. So for updating something like schema, which will be under  cn=schema,
       you must always use add (because cn=schema is guaranteed to exist). It will not re-add the
       same information again and again.

       It alsos provide some things that can  be  templated  such  as  architecture  (for  plugin
       paths), realm and domain name.

       The available template variables are:

	   * $REALM - the kerberos realm (EXAMPLE.COM)
	   *  $FQDN  - the fully-qualified domain name of the IPA server being updated (ipa.exam-
       ple.com)
	   * $DOMAIN - the domain name (example.com)
	   * $SUFFIX - the IPA LDAP suffix (dc=example,dc=com)
	   * $ESCAPED_SUFFIX - the ldap-escaped IPA LDAP suffix
	   * $LIBARCH - set to 64 on x86_64 systems to be used for plugin paths
	   * $TIME - an integer representation of current time

       A few rules:

	  1. Only one rule per line
	  2. Each line stands alone (e.g. an only followed by an only results in  the  last  only
       being used)
	  3.  adding  a value that exists is ok. The request is ignored, duplicate values are not
       added
	  4. removing a value that doesn't exist is ok. It is simply ignored.
	  5. If a DN doesn't exist it is created from the 'default' entry  and	all  updates  are
       applied
	  6. If a DN does exist the default values are skipped
	  7. Only the first rule on a line is respected

       Adds  and updates are applied from shortest to longest length of DN. Deletes are done from
       longest to shortest.

OPTIONS
       -d, --debug
	      Enable debug logging when more verbose output is needed

       -t, --test
	      Run through the update without changing anything. If changes are available then the
	      command returns 2. If no updates are available it returns 0.

       -y     File containing the Directory Manager password

       -l, --ldapi
	      Connect to the LDAP server using the ldapi socket

       -p, ---plugins
	      Execute update plugins as well as any update files. There is no way to execute only
	      the plugins.

       -u, ---upgrade
	      Upgrade an installed server in offline mode (implies --ldapi and --plugins)

       -W, ---password
	      Prompt for the Directory Manager password

EXIT STATUS
       0 if the command was successful

       1 if an error occurred

       2 if run with in test mode (-t) and updates are available

IPA					   Sep 12 2008			      ipa-ldap-updater(1)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 07:18 PM.