Unix/Linux Go Back    

OpenDarwin 7.2.1 - man page for ldapmodify (opendarwin section 1)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


       ldapmodify, ldapadd - LDAP modify entry and LDAP add entry tools

       ldapmodify  [-a]  [-c]  [-S file]  [-n] [-v] [-k] [-K] [-M[M]] [-d debuglevel] [-D binddn]
       [-W]  [-w passwd]  [-y passwdfile]  [-H ldapuri]  [-h ldaphost]	 [-p ldapport]	 [-P 2|3]
       [-O security-properties]  [-I]  [-Q]  [-U authcid]  [-R realm] [-x] [-X authzid] [-Y mech]
       [-Z[Z]] [-f file]

       ldapadd [-c] [-S file] [-n]  [-v]  [-k]	[-K]  [-M[M]]  [-d debuglevel]	[-D binddn]  [-W]
       [-w passwd]  [-y passwdfile] [-h ldaphost] [-p ldapport] [-P 2|3] [-O security-properties]
       [-I] [-Q] [-U authcid] [-R realm] [-x] [-X authzid] [-Y mech] [-Z[Z]] [-f file]

       ldapmodify is a shell-accessible interface to the ldap_modify(3) and  ldap_add(3)  library
       calls.	ldapadd  is  implemented  as a hard link to the ldapmodify tool.  When invoked as
       ldapadd the -a (add new entry) flag is turned on automatically.

       ldapmodify opens a connection to an LDAP server, binds, and modifies or adds entries.  The
       entry  information  is  read  from  standard  input or from file through the use of the -f

       -a     Add new entries.	The default for ldapmodify is to  modify  existing  entries.   If
	      invoked as ldapadd, this flag is always set.

       -c     Continuous  operation mode.  Errors are reported, but ldapmodify will continue with
	      modifications.  The default is to exit after reporting an error.

       -S file
	      Add or change records which where skipped due to an error are written to	file  and
	      the error message returned by the server is added as a comment. Most useful in con-
	      junction with -c.

       -n     Show what would be done, but don't actually modify entries.  Useful  for	debugging
	      in conjunction with -v.

       -v     Use verbose mode, with many diagnostics written to standard output.

       -k     Use  Kerberos  IV  authentication  instead of simple authentication.  It is assumed
	      that you already have a valid ticket granting ticket.  You must compile  with  Ker-
	      beros support for this option to have any effect.

       -K     Same as -k, but only does step 1 of the Kerberos IV bind.  This is useful when con-
	      necting to a slapd and there is no x500dsa.hostname principal registered with  your
	      Kerberos Domain Controller(s).

       -F     Force  application  of  all  changes regardless of the contents of input lines that
	      begin with replica: (by default, replica:  lines	are  compared  against	the  LDAP
	      server  host  and  port  in  use	to  decide  if a replog record should actually be

       -M[M]  Enable manage DSA IT control.  -MM makes control critical.

       -d debuglevel
	      Set the LDAP debugging level to  debuglevel.   ldapmodify  must  be  compiled  with
	      LDAP_DEBUG defined for this option to have any effect.

       -f file
	      Read the entry modification information from file instead of from standard input.

       -x     Use simple authentication instead of SASL.

       -D binddn
	      Use the Distinguished Name binddn to bind to the LDAP directory.

       -W     Prompt  for simple authentication.  This is used instead of specifying the password
	      on the command line.

       -w passwd
	      Use passwd as the password for simple authentication.

       -y passwdfile
	      Use complete contents of passwdfile as the password for simple authentication.

       -H ldapuri
	      Specify URI(s) referring to the ldap server(s).

       -h ldaphost
	      Specify an alternate host on which the ldap server is running.  Deprecated in favor
	      of -H.

       -p ldapport
	      Specify  an  alternate  TCP port where the ldap server is listening.  Deprecated in
	      favor of -H.

       -P 2|3 Specify the LDAP protocol version to use.

       -O security-properties
	      Specify SASL security properties.

       -I     Enable SASL Interactive mode.  Always prompt.  Default is to prompt only as needed.

       -Q     Enable SASL Quiet mode.  Never prompt.

       -U authcid
	      Specify the authentication ID for SASL bind. The form of	the  ID  depends  on  the
	      actual SASL mechanism used.

       -R realm
	      Specify the realm of authentication ID for SASL bind. The form of the realm depends
	      on the actual SASL mechanism used.

       -X authzid
	      Specify the requested authorization ID for SASL bind.  authzid must be one  of  the
	      following formats: dn:<distinguished name> or u:<username>

       -Y mech
	      Specify  the  SASL  mechanism to be used for authentication. If it's not specified,
	      the program will choose the best mechanism the server knows.

       -Z[Z]  Issue StartTLS (Transport Layer Security) extended operation. If you use	-ZZ,  the
	      command will require the operation to be successful.

       The contents of file (or standard input if no -f flag is given on the command line) should
       conform to the format defined in slapd.replog(5), with the exceptions noted below.

       Lines that begin with "replica:" are matched against the LDAP server host and port in  use
       to  decide  if a particular replog record should be applied.  Any other lines that precede
       the "dn:" line are ignored.  The -F flag can be used to force ldapmodify to apply  all  of
       the replog changes, regardless of the presence or absence of any "replica:" lines.

       If no "changetype:" line is present, the default is "add" if the -a flag is set (or if the
       program was invoked as ldapadd) and "modify" otherwise.

       If changetype is "modify" and no  "add:",  "replace:",  or  "delete:"  lines  appear,  the
       default is "replace" for ldapmodify(1) and "add" for ldapadd(1).

       Note  that  the above exceptions to the slapd.replog(5) format allow ldif(5) entries to be
       used as input to ldapmodify or ldapadd.

       Assuming that the file /tmp/entrymods exists and has the contents:

	   dn: cn=Modify Me,dc=example,dc=com
	   changetype: modify
	   replace: mail
	   mail: modme@OpenLDAP.org
	   add: title
	   title: Grand Poobah
	   add: jpegPhoto
	   jpegPhoto:< file://tmp/modme.jpeg
	   delete: description

       the command:

	   ldapmodify -f /tmp/entrymods

       will replace the contents of the  "Modify  Me"  entry's	mail  attribute  with  the  value
       "modme@example.com",  add  a  title  of	"Grand	Poobah",  and  the  contents  of the file
       "/tmp/modme.jpeg" as a jpegPhoto, and completely remove the description attribute.

       Assuming that the file /tmp/newentry exists and has the contents:

	   dn: cn=Barbara Jensen,dc=example,dc=com
	   objectClass: person
	   cn: Barbara Jensen
	   cn: Babs Jensen
	   sn: Jensen
	   title: the world's most famous mythical manager
	   mail: bjensen@example.com
	   uid: bjensen

       the command:

	   ldapadd -f /tmp/newentry

       will add a new entry for Babs Jensen, using the values from the file /tmp/newentry.

       Assuming that the file /tmp/entrymods exists and has the contents:

	   dn: cn=Barbara Jensen,dc=example,dc=com
	   changetype: delete

       the command:

	   ldapmodify -f /tmp/entrymods

       will remove Babs Jensen's entry.

       Exit status is zero if no errors occur.	Errors result in a non-zero  exit  status  and	a
       diagnostic message being written to standard error.

       ldapadd(1),    ldapdelete(1),   ldapmodrdn(1),	ldapsearch(1),	 ldap.conf(5),	 ldap(3),
       ldap_add(3), ldap_delete(3), ldap_modify(3), ldap_modrdn(3), slapd.replog(5)

       The OpenLDAP Project <http://www.openldap.org/>

       OpenLDAP is developed and maintained by The OpenLDAP  Project  (http://www.openldap.org/).
       OpenLDAP is derived from University of Michigan LDAP 3.3 Release.

Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 02:36 PM.