ldapmodify(1)
NAME
ldapmodify, ldapadd - ldap entry addition and modification
tools
SYNOPSIS
ldapmodify [-a] [-c] [-r] [-n] [-v] [-F] [-d debuglevel] [-
D binddn] [-w passwd] [-h ldaphost] [-M authentication] [-
p ldapport] [-f file] [-l nb-ldap-connections]
ldapadd [-c] [-n] [-v] [-F] [-d debuglevel] [-D binddn] [-
w passwd] [-h ldaphost] [-p ldapport] [-f file] [-l nb-
ldap-connections]
DESCRIPTION
The ldapmodify utility opens a connection to an LDAP server,
binds and modifies or adds entries. The entry information is
read from standard input or from file, specified using the
-f option. The ldapadd utility is implemented as a hard link
to the ldapmodify tool. When invoked as ldapadd, the -a (add
new entry) option is turned on automatically.
Both ldapadd and ldapmodify reject duplicate attribute-
name/value pairs for the same entry.
OPTIONS
The following options are supported:
-a Adds new entries. The default for ldapmodify is to
modify existing entries. If invoked as ldapadd, this
option is always set.
-c Specifies continuous operation mode. Errors are
reported, but ldapmodify and ldapadd continue with
modifications. The default is to exit after reporting
an error.
-D binddn
Uses the distinguished name binddn to bind to the
directory.
-d debuglevel
Sets the LDAP debugging level. Useful levels of debug-
ging for ldapmodify and ldapadd are:
1 Trace
2 Packets
4 Arguments
32 Filters
128 Access control
To request more than one category of debugging infor-
mation, add the masks. For example, to request trace
and filter information, specify a debuglevel of 33.
-F Forces application of all changes regardless of the
content of input lines that begin with replica:. By
default, replica: lines are compared against the LDAP
server host and port in use to decide whether a replog
record should be applied.
-f file
Reads the entry modification information from file
instead of from standard input.
-h ldaphost
Specifies an alternate host on which the slapd server
is running.
-l nb-ldap-connections
Specifies the number of LDAP connections that ldapadd
or ldapmodify will open to process the modifications
in the directory. The default is one connection.
-M authentication
Specifies the authentication mechanism used to bind to
the directory.
The default authentication method for ldapmodify and
ldapadd is simple bind. simple bind sends the password
to the server in the clear. The password is subject to
snooping if the server is not local. You must use spe-
cial care when you use this command with the default
authentication method. If your server supports the
challenge response method CRAM-MD5 authentication
method, you can override the default authentication
method by using the -M option with CRAM-MD5 as the
value for authentication.
The bind DN and bind password are mandatory with this
option.
-n Previews modifications, but makes no changes to
entries. Useful in conjunction with -v and -d for
debugging.
-p ldapport
Specifies an alternate TCP port where the slapd server
is listening.
-r Replaces existing value with the specified value. This
is the default for ldapmodify. When ldapadd is called,
or if the -a option is specified, the -r option is
ignored.
-v Uses verbose mode, with diagnostics written to stan-
dard output.
-w passwd
Use passwd as the password for authentication to the
directory. When you use -w passwd to specify the pass-
word to be used for authentication, the password is
visible to other users of the system by means of the
ps command, in script files or in shell history. If
you use either the ldapmodify command or the ldapadd
command without this option, the command will prompt
for the password and read it from standard in. When
used without the -w option, the password will not be
visible to other users.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
Non-zero
An error occurred. A diagnostic message is written to
standard error.
EXAMPLES
The format of the content of file (or standard input if no
-f option is specified) is illustrated in the following
examples.
Example 1: Modifying an entry
The file /tmp/entrymods contains the following modification
instructions:
dn: cn=Modify Me, o=XYZ, c=US
changetype: modify
replace: mail
mail: modme@atlanta.xyz.com
-
add: title
title: System Manager
-
add: jpegPhoto
jpegPhoto:< file:///tmp/modme.jpeg
-
delete: description
-
The command:
example% ldapmodify -r -f /tmp/entrymods
modifies the Modify Me entry as follows:
1. The current value of the mail attribute is replaced with
the value, modme@atlanta.xyz.com.
2. A title attribute with the value, System Manager, is
added.
3. A jpegPhoto attribute is added, using the contents of the
file, /tmp/modme.jpeg, as the attribute value.
4. The description attribute is removed.
Example 2: Creating a new entry
The file, /tmp/newentry, contains the following information
for creating a new entry:
dn: cn=Ann Jones, o=XYZ, c=US
objectClass: person
cn: Ann Jones
cn: Annie Jones
sn: Jones
title: Director of Research and Development
mail: ajones@londonrd.xyz.us.com
uid: ajones
The command
example% ldapadd -f /tmp/newentry
adds a new entry for Ann Jones, using the information in the
file.
Example 3: Deleting an entry
The file, /tmp/badentry, contains the following information
about an entry to be deleted:
dn: cn=Ann Jones, o=XYZ, c=US
changetype: delete
The command:
example% ldapmodify -f /tmp/badentry
removes Ann Jones' entry.
ATTRIBUTES
See attributes(5) for a description of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcsu |
|_____________________________|_____________________________|
| Stability Level | Evolving |
|_____________________________|_____________________________|
SEE ALSO
ldap(1), ldapdelete(1), ldaplist(1), ldapmodrdn(1), ldap-
search(1), ldapaddent(1M), ldap_cachemgr(1M),
ldap_get_option(3LDAP), ldap_set_option(3LDAP), attri-
butes(5)
Man(1) output converted with
man2html