Sun Microsystems, Inc.
spacer | | |  
black dot
A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z
User Commandsldapmodify(1)


 ldapmodify, ldapadd - ldap entry addition and modification tools


 ldapmodify [-a] [-c] [-r] [-n] [-v] [-F] [-d debuglevel] [-D binddn] [-w passwd] [-h ldaphost] [-M authentication] [-p ldapport] [-f file] [-l nb-ldap-connections]
 ldapadd [-c] [-n] [-v] [-F] [-d debuglevel] [-D binddn] [-w passwd] [-h ldaphost] [-p ldapport] [-f file] [-l nb-ldap-connections]



The ldapmodify utility opens a connection to an LDAP server, binds and modifies or adds entries. The entry information is read from standard input or from file, specified using the -f option. The ldapadd utility is implemented as a hard link to the ldapmodify tool. When invoked as ldapadd, the -a (add new entry) option is turned on automatically.

Both ldapadd and ldapmodify reject duplicate attribute-name/value pairs for the same entry.



The following options are supported:

Adds new entries. The default for ldapmodify is to modify existing entries. If invoked as ldapadd, this option is always set.
Specifies continuous operation mode. Errors are reported, but ldapmodify and ldapadd continue with modifications. The default is to exit after reporting an error.
-D binddn
Uses the distinguished name binddn to bind to the directory.
-d debuglevel
Sets the LDAP debugging level. Useful levels of debugging for ldapmodify and ldapadd are:
Access control

To request more than one category of debugging information, add the masks. For example, to request trace and filter information, specify a debuglevel of 33.

Forces application of all changes regardless of the content of input lines that begin with replica:. By default, replica: lines are compared against the LDAP server host and port in use to decide whether a replog record should be applied.
-f file
Reads the entry modification information from file instead of from standard input.
-h ldaphost
Specifies an alternate host on which the slapd server is running.
-l nb-ldap-connections
Specifies the number of LDAP connections that ldapadd or ldapmodify will open to process the modifications in the directory. The default is one connection.
-M authentication
Specifies the authentication mechanism used to bind to the directory.

The default authentication method for ldapmodify and ldapadd is simple bind. simple bind sends the password to the server in the clear. The password is subject to snooping if the server is not local. You must use special care when you use this command with the default authentication method. If your server supports the challenge response method CRAM-MD5 authentication method, you can override the default authentication method by using the -M option with CRAM-MD5 as the value for authentication.

The bind DN and bind password are mandatory with this option.

Previews modifications, but makes no changes to entries. Useful in conjunction with -v and -d for debugging.
-p ldapport
Specifies an alternate TCP port where the slapd server is listening.
Replaces existing value with the specified value. This is the default for ldapmodify. When ldapadd is called, or if the -a option is specified, the -r option is ignored.
Uses verbose mode, with diagnostics written to standard output.
-w passwd
Use passwd as the password for authentication to the directory. When you use -w passwd to specify the password to be used for authentication, the password is visible to other users of the system by means of the ps command, in script files or in shell history. If you use either the ldapmodify command or the ldapadd command without this option, the command will prompt for the password and read it from standard in. When used without the -w option, the password will not be visible to other users.



The format of the content of file (or standard input if no -f option is specified) is illustrated in the following examples.

Example 1. Modifying an entry

The file /tmp/entrymods contains the following modification instructions:

     dn: cn=Modify Me, o=XYZ, c=US
    changetype: modify
    replace: mail
    add: title
    title: System Manager
    add: jpegPhoto
    jpegPhoto:< file:///tmp/modme.jpeg
    delete: description

The command:

example% ldapmodify -r -f /tmp/entrymods

modifies the Modify Me entry as follows:

  1. The current value of the mail attribute is replaced with the value,
  2. A title attribute with the value, System Manager, is added.
  3. A jpegPhoto attribute is added, using the contents of the file, /tmp/modme.jpeg, as the attribute value.
  4. The description attribute is removed.
Example 2. Creating a new entry

The file, /tmp/newentry, contains the following information for creating a new entry:

    dn: cn=Ann Jones, o=XYZ, c=US
    objectClass: person
    cn: Ann Jones
    cn: Annie Jones
    sn: Jones
    title: Director of Research and Development
    uid: ajones

The command

example% ldapadd -f /tmp/newentry

adds a new entry for Ann Jones, using the information in the file.

Example 3. Deleting an entry

The file, /tmp/badentry, contains the following information about an entry to be deleted:

    dn: cn=Ann Jones, o=XYZ, c=US
    changetype: delete

The command:

example% ldapmodify -f /tmp/badentry

removes Ann Jones' entry.



See attributes(5) for a description of the following attributes:

Stability LevelEvolving



The following exit values are returned:

Successful completion.
An error occurred. A diagnostic message is written to standard error.



ldapdelete(1), ldapmodrdn(1), ldapsearch(1), ldap_get_option(3LDAP), ldap_set_option(3LDAP), attributes(5)

SunOS 5.9Go To TopLast Changed 30 Jan 2002

Copyright 2002 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.