Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
ldapmodify(1)			 User Commands			 ldapmodify(1)

       ldapmodify, ldapadd - ldap entry	addition and modification tools

       ldapmodify  [-a]	 [-c]  [-r] [-n] [-v] [-F] [-d debuglevel] [-D binddn]
       [-w passwd] [-h ldaphost] [-M authentication]  [-p ldapport]  [-f file]
       [-l nb-ldap-connections]

       ldapadd	[-c]  [-n]  [-v]  [-F] [-d debuglevel] [-D binddn] [-w passwd]
       [-h ldaphost] [-p ldapport] [-f file] [-l nb-ldap-connections]

       The ldapmodify utility opens a connection to an LDAP server, binds  and
       modifies	 or  adds entries. The entry information is read from standard
       input or	from file, specified using the -f option. The ldapadd  utility
       is  implemented	as a hard link to the ldapmodify tool. When invoked as
       ldapadd,	the -a (add new	entry) option is turned	on automatically.

       Both ldapadd and	ldapmodify reject duplicate attribute-name/value pairs
       for the same entry.

       The following options are supported:

       -a    Adds  new entries.	The default for	ldapmodify is to modify	exist-
	     ing entries. If invoked as	ldapadd, this option is	always set.

       -c    Specifies continuous operation mode.  Errors  are	reported,  but
	     ldapmodify	 and  ldapadd continue with modifications. The default
	     is	to exit	after reporting	an error.

       -D binddn
	     Uses the distinguished name binddn	to bind	to the directory.

       -d debuglevel
	     Sets the LDAP debugging level. Useful  levels  of	debugging  for
	     ldapmodify	and  ldapadd are:

	     1	   Trace

	     2	   Packets

	     4	   Arguments

	     32	   Filters

	     128   Access control

	     To	 request  more than one	category of debugging information, add
	     the masks.	For example, to	request	trace and filter  information,
	     specify a	debuglevel of 33.

       -F    Forces  application  of  all changes regardless of	the content of
	     input lines that begin with replica:. By default, replica:	 lines
	     are  compared against the LDAP server host	and port in use	to de-
	     cide whether a replog record should be applied.

       -f file
	     Reads the entry modification information  from  file  instead  of
	     from standard input.

       -h ldaphost
	     Specifies an alternate host on which the slapd server is running.

       -l nb-ldap-connections
	     Specifies the number of LDAP connections that ldapadd or ldapmod-
	     ify will open to process the modifications	in the directory.  The
	     default is	one connection.

       -M authentication
	     Specifies the authentication mechanism used to bind to the	direc-

	     The default authentication	method for ldapmodify and  ldapadd  is
	     simple  bind. simple bind sends the password to the server	in the
	     clear. The	password is subject to snooping	if the server  is  not
	     local.  You  must use special care	when you use this command with
	     the default authentication	method.	If your	 server	 supports  the
	     challenge response	method CRAM-MD5	authentication method, you can
	     override the default authentication method	by using the -M	option
	     with CRAM-MD5 as the value	for  authentication.

	     The bind DN and bind password are mandatory with this option.

       -n    Previews  modifications,  but makes no changes to entries.	Useful
	     in	conjunction with -v and	-d for debugging.

       -p ldapport
	     Specifies an alternate TCP	port where the slapd server is listen-

       -r    Replaces existing value with the specified	value. This is the de-
	     fault for ldapmodify. When	ldapadd	is called, or if the -a	option
	     is	specified, the -r option is ignored.

       -v    Uses verbose mode,	with diagnostics written to standard output.

       -w passwd
	     Use  passwd  as the password for authentication to	the directory.
	     When you use -w passwd to specify the password to be used for au-
	     thentication,  the	password is visible to other users of the sys-
	     tem by means of the ps command, in	script files or	in shell  his-
	     tory.  If	you  use  either the ldapmodify	command	or the ldapadd
	     command without this option, the  command	will  prompt  for  the
	     password  and  read it from standard in. When used	without	the -w
	     option, the password will not be visible to other users.

       The format of the content of file (or standard input if no -f option is
       specified) is illustrated in the	following examples.

       Example 1: Modifying an entry

       The  file  /tmp/entrymods  contains the following modification instruc-

	    dn:	cn=Modify Me, o=XYZ, c=US
	   changetype: modify
	   replace: mail
	   add:	title
	   title: System Manager
	   add:	jpegPhoto
	   jpegPhoto:< file:///tmp/modme.jpeg
	   delete: description

       The command:

       example%	ldapmodify -r -f /tmp/entrymods

       modifies	the Modify Me entry as follows:

       1. The current value of the mail	attribute is replaced with the	value,

       2. A title attribute with the value, System Manager, is added.

       3. A  jpegPhoto	attribute  is  added,  using the contents of the file,
	  /tmp/modme.jpeg, as the attribute value.

       4. The description attribute is removed.

       Example 2: Creating a new entry

       The file, /tmp/newentry,	contains the following information for	creat-
       ing a new entry:

	   dn: cn=Ann Jones, o=XYZ, c=US
	   objectClass:	person
	   cn: Ann Jones
	   cn: Annie Jones
	   sn: Jones
	   title: Director of Research and Development
	   uid:	ajones

       The command

       example%	ldapadd	-f /tmp/newentry

       adds a new entry	for Ann	Jones, using the information in	the file.

       Example 3: Deleting an entry

       The  file,  /tmp/badentry,  contains the	following information about an
       entry to	be deleted:

	   dn: cn=Ann Jones, o=XYZ, c=US
	   changetype: delete

       The command:

       example%	ldapmodify -f /tmp/badentry

       removes Ann Jones' entry.

       See attributes(5) for a description of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWcsu			   |
       |Stability Level		     |Evolving			   |

       The following exit values are returned:

       0     Successful	completion.

	     An	error occurred.	A diagnostic message is	 written  to  standard

       ldapdelete(1),  ldapmodrdn(1),  ldapsearch(1),  ldap_get_option(3LDAP),
       ldap_set_option(3LDAP), attributes(5)

SunOS 5.9			  30 Jan 2002			 ldapmodify(1)


Want to link to this manual page? Use this URL:

home | help