ldapmodify, ldapadd - ldap entry addition  and  modification


     ldapmodify [-a] [-c] [-r] [-n] [-v] [-F] [-d debuglevel]  [-
     D binddn]  [-w passwd]  [-h ldaphost] [-M authentication] [-
     p ldapport] [-f file] [-l nb-ldap-connections]

     ldapadd [-c] [-n] [-v] [-F] [-d debuglevel]  [-D binddn]  [-
     w passwd]   [-h ldaphost]  [-p ldapport]  [-f file]  [-l nb-


     The ldapmodify utility opens a connection to an LDAP server,
     binds and modifies or adds entries. The entry information is
     read from standard input or from file, specified  using  the
     -f option. The ldapadd utility is implemented as a hard link
     to the ldapmodify tool. When invoked as ldapadd, the -a (add
     new entry) option is turned on automatically.

     Both ldapadd  and  ldapmodify  reject  duplicate  attribute-
     name/value pairs for the same entry.


     The following options are supported:

     -a    Adds new entries. The default  for  ldapmodify  is  to
           modify  existing  entries. If invoked as ldapadd, this
           option is always set.

     -c    Specifies  continuous  operation  mode.   Errors   are
           reported,  but  ldapmodify  and  ldapadd continue with
           modifications. The default is to exit after  reporting
           an error.

     -D binddn
           Uses the distinguished name  binddn  to  bind  to  the

     -d debuglevel
           Sets the LDAP debugging level. Useful levels of debug-
           ging for ldapmodify and  ldapadd are:

           1     Trace

           2     Packets

           4     Arguments

           32    Filters
           128   Access control

           To request more than one category of debugging  infor-
           mation,  add  the masks. For example, to request trace
           and filter information, specify a debuglevel of 33.

     -F    Forces application of all changes  regardless  of  the
           content  of  input  lines that begin with replica:. By
           default, replica: lines are compared against the  LDAP
           server host and port in use to decide whether a replog
           record should be applied.

     -f file
           Reads the entry  modification  information  from  file
           instead of from standard input.

     -h ldaphost
           Specifies an alternate host on which the slapd  server
           is running.

     -l nb-ldap-connections
           Specifies the number of LDAP connections that  ldapadd
           or  ldapmodify  will open to process the modifications
           in the directory. The default is one connection.

     -M authentication
           Specifies the authentication mechanism used to bind to
           the directory.

           The default authentication method for  ldapmodify  and
           ldapadd is simple bind. simple bind sends the password
           to the server in the clear. The password is subject to
           snooping if the server is not local. You must use spe-
           cial care when you use this command with  the  default
           authentication  method.  If  your  server supports the
           challenge  response  method  CRAM-MD5   authentication
           method,  you  can  override the default authentication
           method by using the -M option  with  CRAM-MD5  as  the
           value for  authentication.

           The bind DN and bind password are mandatory with  this

     -n    Previews  modifications,  but  makes  no  changes   to
           entries.  Useful  in  conjunction  with  -v and -d for

     -p ldapport
           Specifies an alternate TCP port where the slapd server
           is listening.

     -r    Replaces existing value with the specified value. This
           is the default for ldapmodify. When ldapadd is called,
           or if the -a option is specified,  the  -r  option  is

     -v    Uses verbose mode, with diagnostics written  to  stan-
           dard output.

     -w passwd
           Use passwd as the password for authentication  to  the
           directory. When you use -w passwd to specify the pass-
           word to be used for authentication,  the  password  is
           visible  to  other users of the system by means of the
           ps command, in script files or in  shell  history.  If
           you  use  either the ldapmodify command or the ldapadd
           command without this option, the command  will  prompt
           for  the  password  and read it from standard in. When
           used without the -w option, the password will  not  be
           visible to other users.


     The following exit values are returned:

     0     Successful completion.

           An error occurred. A diagnostic message is written  to
           standard error.


     The format of the content of file (or standard input  if  no
     -f  option  is  specified)  is  illustrated in the following

     Example 1: Modifying an entry

     The file /tmp/entrymods contains the following  modification

          dn: cn=Modify Me, o=XYZ, c=US
         changetype: modify
         replace: mail
         mail: modme@atlanta.xyz.com
         add: title
         title: System Manager
         add: jpegPhoto
         jpegPhoto:< file:///tmp/modme.jpeg
         delete: description

     The command:

     example% ldapmodify -r -f /tmp/entrymods

     modifies the Modify Me entry as follows:

     1. The current value of the mail attribute is replaced  with
        the value, modme@atlanta.xyz.com.

     2. A title attribute with  the  value,  System  Manager,  is

     3. A jpegPhoto attribute is added, using the contents of the
        file, /tmp/modme.jpeg, as the attribute value.

     4. The description attribute is removed.

     Example 2: Creating a new entry

     The file, /tmp/newentry, contains the following  information
     for creating a new entry:

         dn: cn=Ann Jones, o=XYZ, c=US
         objectClass: person
         cn: Ann Jones
         cn: Annie Jones
         sn: Jones
         title: Director of Research and Development
         mail: ajones@londonrd.xyz.us.com
         uid: ajones

     The command

     example% ldapadd -f /tmp/newentry

     adds a new entry for Ann Jones, using the information in the

     Example 3: Deleting an entry

     The file, /tmp/badentry, contains the following  information
     about an entry to be deleted:

         dn: cn=Ann Jones, o=XYZ, c=US
         changetype: delete

     The command:

     example% ldapmodify -f /tmp/badentry

     removes Ann Jones' entry.


     See attributes(5) for a description of the following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWcsu                     |
    | Stability Level             | Evolving                    |


     ldap(1), ldapdelete(1),  ldaplist(1),  ldapmodrdn(1),  ldap-
     search(1),         ldapaddent(1M),        ldap_cachemgr(1M),
     ldap_get_option(3LDAP),    ldap_set_option(3LDAP),    attri-

Man(1) output converted with man2html