Home Man
Today's Posts

Linux & Unix Commands - Search Man Pages

RedHat 9 (Linux i386) - man page for ldapmodify (redhat section 1)

LDAPMODIFY(1)			     General Commands Manual			    LDAPMODIFY(1)

       ldapmodify, ldapadd - LDAP modify entry and LDAP add entry tools

       ldapmodify  [-a]  [-c]  [-n]  [-v]  [-k]  [-K]  [-M[M]]	[-d debuglevel]  [-D binddn] [-W]
       [-w passwd] [-H ldapuri]  [-h ldaphost]	[-p ldapport]  [-P 2|3]  [-O security-properties]
       [-I] [-Q] [-U authcid] [-x] [-X authzid] [-Y mech] [-Z[Z]] [-f file]

       ldapadd	[-c]  [-n]  [-v]  [-k]	[-K] [-M[M]] [-d debuglevel] [-D binddn] [-W] [-w passwd]
       [-h ldaphost] [-p ldapport] [-P 2|3] [-O security-properties] [-I] [-Q] [-U authcid]  [-x]
       [-X authzid] [-Y mech] [-Z[Z]] [-f file]

       ldapmodify  is  a shell-accessible interface to the ldap_modify(3) and ldap_add(3) library
       calls.  ldapadd is implemented as a hard link to the ldapmodify	tool.	When  invoked  as
       ldapadd the -a (add new entry) flag is turned on automatically.

       ldapmodify opens a connection to an LDAP server, binds, and modifies or adds entries.  The
       entry information is read from standard input or from file  through  the  use  of  the  -f

       -a     Add  new	entries.   The	default for ldapmodify is to modify existing entries.  If
	      invoked as ldapadd, this flag is always set.

       -c     Continuous operation mode.  Errors are reported, but ldapmodify will continue  with
	      modifications.  The default is to exit after reporting an error.

       -n     Show  what  would be done, but don't actually modify entries.  Useful for debugging
	      in conjunction with -v.

       -v     Use verbose mode, with many diagnostics written to standard output.

       -k     Use Kerberos IV authentication instead of simple	authentication.   It  is  assumed
	      that  you  already have a valid ticket granting ticket.  You must compile with Ker-
	      beros support for this option to have any effect.

       -K     Same as -k, but only does step 1 of the Kerberos IV bind.  This is useful when con-
	      necting  to a slapd and there is no x500dsa.hostname principal registered with your
	      Kerberos Domain Controller(s).

       -F     Force application of all changes regardless of the contents  of  input  lines  that
	      begin  with  replica:  (by  default,  replica:  lines are compared against the LDAP
	      server host and port in use to  decide  if  a  replog  record  should  actually  be

       -M[M]  Enable manage DSA IT control.  -MM makes control critical.

       -d debuglevel
	      Set  the	LDAP  debugging  level	to  debuglevel.  ldapmodify must be compiled with
	      LDAP_DEBUG defined for this option to have any effect.

       -f file
	      Read the entry modification information from file instead of from standard input.

       -x     Use simple authentication instead of SASL.

       -D binddn
	      Use the Distinguished Name binddn to bind to the LDAP directory.

       -W     Prompt for simple authentication.  This is used instead of specifying the  password
	      on the command line.

       -w passwd
	      Use passwd as the password for simple authentication.

       -H ldapuri
	      Specify URI(s) referring to the ldap server(s).

       -h ldaphost
	      Specify an alternate host on which the ldap server is running.  Deprecated in favor
	      of -H.

       -p ldapport
	      Specify an alternate TCP port where the ldap server is  listening.   Deprecated  in
	      favor of -H.

       -P 2|3 Specify the LDAP protocol version to use.

       -O security-properties
	      Specify SASL security properties.

       -I     Enable SASL Interactive mode.  Always prompt.  Default is to prompt only as needed.

       -Q     Enable SASL Quiet mode.  Never prompt.

       -U authcid
	      Specify  the  authentication  ID	for  SASL bind. The form of the ID depends on the
	      actual SASL mechanism used.

       -X authzid
	      Specify the requested authorization ID for SASL bind.  authzid must be one  of  the
	      following formats: dn:<distinguished name> or u:<username>

       -Y mech
	      Specify  the  SASL  mechanism to be used for authentication. If it's not specified,
	      the program will choose the best mechanism the server knows.

       -Z[Z]  Issue StartTLS (Transport Layer Security) extended operation. If you use	-ZZ,  the
	      command will require the operation to be successful.

       The contents of file (or standard input if no -f flag is given on the command line) should
       conform to the format defined in slapd.replog(5), with the exceptions noted below.

       Lines that begin with "replica:" are matched against the LDAP server host and port in  use
       to  decide  if a particular replog record should be applied.  Any other lines that precede
       the "dn:" line are ignored.  The -F flag can be used to force ldapmodify to apply  all  of
       the replog changes, regardless of the presence or absence of any "replica:" lines.

       If no "changetype:" line is present, the default is "add" if the -a flag is set (or if the
       program was invoked as ldapmodify) and "modify" otherwise.

       If changetype is "modify" and no  "add:",  "replace:",  or  "delete:"  lines  appear,  the
       default is "replace" for and "add" ldapmodify(1) for ldapadd(1).

       Note  that  the above exceptions to the slapd.replog(5) format allow ldif(5) entries to be
       used as input to ldapmodify or ldapadd.

       Assuming that the file /tmp/entrymods exists and has the contents:

	   dn: cn=Modify Me, dc=example, dc=com
	   changetype: modify
	   replace: mail
	   mail: modme@OpenLDAP.org
	   add: title
	   title: Grand Poobah
	   add: jpegPhoto
	   jpegPhoto:< file://tmp/modme.jpeg
	   delete: description

       the command:

	   ldapmodify -r -f /tmp/entrymods

       will replace the contents of the  "Modify  Me"  entry's	mail  attribute  with  the  value
       "modme@example.com",  add  a  title  of	"Grand	Poobah",  and  the  contents  of the file
       "/tmp/modme.jpeg" as a jpegPhoto, and completely remove the description attribute.

       Assuming that the file /tmp/newentry exists and has the contents:

	   dn: cn=Barbara Jensen, dc=example, dc=com
	   objectClass: person
	   cn: Barbara Jensen
	   cn: Babs Jensen
	   sn: Jensen
	   title: the world's most famous mythical manager
	   mail: bjensen@example.com
	   uid: bjensen

       the command:

	   ldapadd -f /tmp/entrymods

       will add a new entry for Babs Jensen, using the values from the file /tmp/newentry.

       Assuming that the file /tmp/newentry exists and has the contents:

	   dn: cn=Barbara Jensen, dc=example, dc=com
	   changetype: delete

       the command:

	   ldapmodify -f /tmp/entrymods

       will remove Babs Jensen's entry.

       Exit status is zero if no errors occur.	Errors result in a non-zero  exit  status  and	a
       diagnostic message being written to standard error.

       ldapadd(1),    ldapdelete(1),   ldapmodrdn(1),	ldapsearch(1),	 ldap.conf(5),	 ldap(3),
       ldap_add(3), ldap_delete(3), ldap_modify(3), ldap_modrdn(3), slapd.replog(5)

       There is no interactive mode, but there probably should be.

       The OpenLDAP Project <http://www.openldap.org/>

       OpenLDAP is developed and maintained by The OpenLDAP  Project  (http://www.openldap.org/).
       OpenLDAP is derived from University of Michigan LDAP 3.3 Release.

OpenLDAP 2.0.27-Release 		  20 August 2001			    LDAPMODIFY(1)

All times are GMT -4. The time now is 04:44 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
Show Password