Name
ldapmodify, ldapadd — LDAP modify entry and LDAP add
entry tools
Synopsis
ldapmodify [−a] [−c] [ −S file ] [−n] [−v] [−M[M]] [ −d debuglevel ] [ −D binddn ] [−W] [ −w passwd ] [ −y passwdfile ] [ −H ldapuri ] [ −h ldaphost ] [ −p ldapport ] [ −P 2 | 3 ] [ −O security−properties ]
[−I] [−Q] [ −U authcid ] [ −R realm ] [−x] [ −X authzid ] [ −Y mech ] [−Z[Z]] [ −f file ]
ldapadd [−c] [ −S file ] [−n] [−v] [−M[M]] [ −d debuglevel ] [ −D binddn ] [−W] [ −w passwd ] [ −y passwdfile ] [ −h ldaphost ] [ −p ldapport ] [ −P 2 | 3 ] [ −O security−properties ]
[−I] [−Q] [ −U authcid ] [ −R realm ] [−x] [ −X authzid ] [ −Y mech ] [−Z[Z]] [ −f file ]
DESCRIPTION
ldapmodify
is a shell-accessible interface to the ldap_modify(3) and ldap_add(3) library calls.
ldapadd is
implemented as a hard link to the ldapmodify tool. When
invoked as ldapadd the -a (add new entry) flag
is turned on automatically.
ldapmodify
opens a connection to an LDAP server, binds, and modifies or
adds entries. The entry information is read from standard
input or from file
through the use of the -f option.
OPTIONS
−a-
Add new entries. The default for
ldapmodify
is to modify existing entries. If invoked as
ldapadd,
this flag is always set.
−c-
Continuous operation mode. Errors are reported, but
ldapmodify will continue with
modifications. The default is to exit after reporting
an error.
−S
file-
Add or change records which where skipped due to an
error are written to file and the error
message returned by the server is added as a comment.
Most useful in conjunction with -c.
−n-
Show what would be done, but don't actually modify
entries. Useful for debugging in conjunction with
-v.
−v-
Use verbose mode, with many diagnostics written to
standard output.
−F-
Force application of all changes regardless of the
contents of input lines that begin with replica: (by default,
replica: lines are compared against the LDAP server
host and port in use to decide if a replog record
should actually be applied).
−M[M]-
Enable manage DSA IT control. −MM makes control critical.
−d
debuglevel-
Set the LDAP debugging level to debuglevel.
ldapmodify must be compiled
with LDAP_DEBUG defined for this option to have any
effect.
−f
file-
Read the entry modification information from
file instead of
from standard input.
−x-
Use simple authentication instead of SASL.
−D
binddn-
Use the Distinguished Name binddn to bind to the
LDAP directory.
−W-
Prompt for simple authentication. This is used
instead of specifying the password on the command
line.
−w
passwd-
Use passwd
as the password for simple authentication.
−y
passwdfile-
Use complete contents of passwdfile as the
password for simple authentication.
−H
ldapuri-
Specify URI(s) referring to the ldap server(s); only
the protocol/host/port fields are allowed; a list of
URI, separated by whitespace or commas is expected.
−h
ldaphost-
Specify an alternate host on which the ldap server
is running. Deprecated in favor of -H.
−p
ldapport-
Specify an alternate TCP port where the ldap server
is listening. Deprecated in favor of -H.
−P
2|3-
Specify the LDAP protocol version to use.
−O
security−properties-
Specify SASL security properties.
−I-
Enable SASL Interactive mode. Always prompt. Default
is to prompt only as needed.
−Q-
Enable SASL Quiet mode. Never prompt.
−U
authcid-
Specify the authentication ID for SASL bind. The
form of the ID depends on the actual SASL mechanism
used.
−R
realm-
Specify the realm of authentication ID for SASL
bind. The form of the realm depends on the actual SASL
mechanism used.
−X
authzid-
Specify the requested authorization ID for SASL
bind. authzid
must be one of the following formats: dn: <distinguished name>
or u:
<username>
−Y
mech-
Specify the SASL mechanism to be used for
authentication. If it's not specified, the program will
choose the best mechanism the server knows.
−Z[Z]-
Issue StartTLS (Transport Layer Security) extended
operation. If you use −ZZ , the command will require
the operation to be successful.
INPUT FORMAT
The contents of file (or standard input if no
−f flag is given on the command line) should conform to
the format defined in ldif(1) (LDIF as defined RFC
2849), or slapd.replog(5) (an
extended form of LDIF) with the exceptions noted below.
Lines that begin with "replica:" are matched against the
LDAP server host and port in use to decide if a particular
replog record should be applied. Any other lines that precede
the "dn:" line are ignored. The -F flag can be used to force
ldapmodify to
apply all of the replog changes, regardless of the presence
or absence of any "replica:" lines.
If no "changetype:" line is present, the default is "add"
if the -a flag is set (or if the program was invoked as
ldapadd) and
"modify" otherwise.
If changetype is "modify" and no "add:", "replace:", or
"delete:" lines appear, the default is "replace" for ldapmodify(1) and "add" for
ldapadd(1).
Note that the above exceptions to the slapd.replog(5) format
allow ldif(5) entries to be used
as input to ldapmodify or ldapadd.
EXAMPLES
Assuming that the file /tmp/entrymods exists and has the
contents:
the command:
will replace the contents of the "Modify Me" entry's
mail attribute with
the value "modme@example.com", add a title of "Grand Poobah", and
the contents of the file "/tmp/modme.jpeg" as a jpegPhoto, and completely
remove the description attribute.
Assuming that the file /tmp/newentry exists and has the
contents:
the command:
will add a new entry for Babs Jensen, using the values
from the file /tmp/newentry.
Assuming that the file /tmp/entrymods exists and has the
contents:
the command:
will remove Babs Jensen's entry.
DIAGNOSTICS
Exit status is zero if no errors occur. Errors result in a
non-zero exit status and a diagnostic message being written
to standard error.
SEE ALSO
ldapadd(1), ldapdelete(1), ldapmodrdn(1), ldapsearch(1), ldap.conf(5), ldap(3), ldap_add(3), ldap_delete(3), ldap_modify(3), ldap_modrdn(3), ldif(5), slapd.replog(5)
AUTHOR
The OpenLDAP Project <http://www.openldap.org/>
ACKNOWLEDGEMENTS
OpenLDAP is
developed and maintained by The OpenLDAP Project
(http://www.openldap.org/). OpenLDAP is derived from
University of Michigan LDAP 3.3 Release.
