ldapadd man page on OpenIndiana

Man page or keyword search:  
man Server   20441 pages
apropos Keyword Search (all sections)
Output format
OpenIndiana logo
[printable version]

ldapmodify(1)			 User Commands			 ldapmodify(1)

NAME
       ldapmodify, ldapadd - ldap entry addition and modification tools

SYNOPSIS
       ldapmodify [-a] [-c] [-r] [-n] [-v] [-F] [-b] [-A] [-q]
	    [-H] [-?] [-E] [-J] [-Z] [-M] [-d debuglevel]
	    [-D bindDN] [-j filename] [-J [:criticality]]
	    [-B baseDN] [-V version] [-Y proxyDN] [-O hopLimit]
	    [-i locale] [-k path] [-e errorFile] [-P path]
	    [-N certificate] [-w passwd] [-o attributename=value]
	    [-h ldaphost] [-W password] [-p ldapport] [-f file]
	    [-l nb-ldap-connections]

       ldapadd [-c] [-n] [-v] [-F]
	    [ [-b] [-A] [-q] [-H] [-?] [-E] [-J] [-Z] [-M]-d debuglevel]
	    [-D bindDN] [-j filename] [-B baseDN] [-V version]
	    [-Y proxyDN] [-O hopLimit] [-i locale] [-k path]
	    [-e errorFile] [-P path] [-N certificate] [-w passwd]
	    [-o attributename=value] [-h ldaphost] [-W password]
	    [-p ldapport] [-f file] [-l nb-ldap-connections]

DESCRIPTION
       The  ldapmodify utility opens a connection to an LDAP server, binds and
       modifies or adds entries. The entry information is read	from  standard
       input  or from file, specified using the -f option. The ldapadd utility
       is implemented as a hard link to the ldapmodify tool. When  invoked  as
       ldapadd, the -a (add new entry) option is turned on automatically.

       Both ldapadd and ldapmodify reject duplicate attribute-name/value pairs
       for the same entry.

OPTIONS
       The following options are supported:

       -a

	   Adds new entries. The default for ldapmodify is to modify  existing
	   entries. If invoked as ldapadd, this option is always set.

       -A

	   Non-ASCII  mode:  display non-ASCII values, in conjunction with the
	   -v option.

       -b

	   Handle binary files. The ldapmodify tool will scan every  attribute
	   value  in  the input to determine whether it is a valid file refer‐
	   ence. If the reference is valid, it will use the  contents  of  the
	   file	 as the attribute's value. This option is used to input binary
	   data, such as a JPEG image, for an attribute. For example, the cor‐
	   responding  LDIF  input  would be: " jpegPhoto: /tmp/photo.jpg" The
	   ldapmodify tool also supports the LDIF :< URL notation for directly
	   including file contents.

       -B baseDN

	   Specify  the	 base  DN when performing additions, usually in double
	   quotes ("") for the shell. All entries will be  placed  under  this
	   suffix, thus providing bulk import functionality.

       -c

	   Specifies continuous operation mode. Errors are reported, but ldap‐
	   modify and  ldapadd continue with modifications. The default is  to
	   exit after reporting an error.

       -D bindDN

	   Uses the distinguished name bindDN to bind to the directory.

       -d debuglevel

	   Sets the LDAP debugging level. Useful levels of debugging for ldap‐
	   modify and ldapadd are:

	   1	  Trace

	   2	  Packets

	   4	  Arguments

	   32	  Filters

	   128	  Access control

	   To request more than one category of debugging information, add the
	   masks.  For example, to request trace and filter information, spec‐
	   ify a debuglevel of 33.

       -e errorFile

	   Invalid update statements in the input will be copied to the error‐
	   File	 for  debugging. Use with the -c option to correct errors when
	   processing large LDIF input.

       -E

	   Ask server to expose (report) bind identity by means of authentica‐
	   tion response control.

       -F

	   Forces  application	of  all	 changes  regardless of the content of
	   input lines that begin with replica:. By  default,  replica:	 lines
	   are compared against the LDAP server host and port in use to decide
	   whether a replog record should be applied.

       -f file

	   Reads the entry modification information from file instead of  from
	   standard input.

       -?

	   Display the usage help text that briefly describes all options.

       -H

	   Display the usage help text that briefly describes all options.

       -h ldaphost

	   Specifies an alternate host on which the LAPD server is running.

       -i locale

	   Specify  the	 character  set to use for the -f LDIFfile or standard
	   input. The default is the character set specified in the LANG envi‐
	   ronment  variable.  You  might choose to use this option to perform
	   the conversion from the specified character set to UTF8, thus over‐
	   riding the LANG setting.

       -j filename

	   Specify a file containing the password for the bind DN or the pass‐
	   word for the SSL client's key database. To  protect	the  password,
	   use this option in scripts and place the password in a secure file.
	   This option is mutually exclusive of the -w and -W options.

       -J [:criticality[:value|::b64value|b64value|:fileurl]]

	   Criticality is a boolean value (default is false).

       -k path

	   Specify the path to a  directory  containing	 conversion  routines.
	   These routines are used if you want to specify a locale that is not
	   supported by default by your directory server. This is for NLS sup‐
	   port.

       -l nb-ldap-connections

	   Specifies the number of LDAP connections that ldapadd or ldapmodify
	   will open to	 process  the  modifications  in  the  directory.  The
	   default is one connection.

       -M

	   Manage  smart referrals. When they are the target of the operation,
	   modify the entry containing	the  referral  instead	of  the	 entry
	   obtained by following the referral.

       -n

	   Previews  modifications, but makes no changes to entries. Useful in
	   conjunction with -v and -d for debugging.

       -N certificate

	   Specify the certificate name to use	for  certificate-based	client
	   authentication. For example: -N "Directory-Cert".

       -o attributename=value

	   For	SASL mechanisms and other options such as security properties,
	   mode of operation, authorization  ID,  authentication  ID,  and  so
	   forth.

	   The different attribute names and their values are as follows:

	   secProp="number"    For defining SASL security properties.

	   realm="value"       Specifies SASL realm (default is realm=none).

	   authzid="value"     Specify	the  authorization  ID	name  for SASL
			       bind.

	   authid="value"      Specify the authentication ID for SASL bind.

	   mech="value"	       Specifies the various SASL mechanisms.

       -O hopLimit

	   Specify the maximum number of referral hops to follow while finding
	   an entry to modify. By default, there is no limit.

       -p ldapport

	   Specifies  an  alternate  TCP  port where the secure LDAP server is
	   listening.

       -P path

	   Specify the path and filename of the client's certificate database.
	   For example:

	     -P /home/uid/.netscape/cert7.db

	   When	 using	the  command on the same host as the directory server,
	   you can use the server's own certificate database. For example:

	     -P installDir/lapd-serverID/alias/cert7.db

	   Use the -P option alone to specify server authentication only.

       -r

	   Replaces existing value with	 the  specified	 value.	 This  is  the
	   default for ldapmodify. When ldapadd is called, or if the -a option
	   is specified, the -r option is ignored.

       -v

	   Uses verbose mode, with diagnostics written to standard output.

       -V version

	   Specify the LDAP protocol version number to be used for the	delete
	   operation,  either  2 or 3. LDAP v3 is the default. Specify LDAP v2
	   when connecting to servers that do not support v3.

       -W password

	   Specify the password for the client's key database given in the  -P
	   option.  This  option  is  required	for  certificate-based	client
	   authentication. Specifying password on the command line  has	 secu‐
	   rity	 issues because the password can be seen by others on the sys‐
	   tem by means of the ps command. Use the -j instead to  specify  the
	   password from the file. This option is mutually exclusive of -j.

       -w passwd

	   Use	passwd	as  the	 password for authentication to the directory.
	   When you use -w passwd to specify  the  password  to	 be  used  for
	   authentication,  the password is visible to other users of the sys‐
	   tem by means of the ps command, in script files or  in  shell  his‐
	   tory.  If you use either the ldapmodify command or the ldapadd com‐
	   mand without this option, the command will prompt for the  password
	   and	read it from standard in. When used without the -w option, the
	   password will not be visible to other users.

       -Y proxyid

	   Specify the proxy DN (proxied authorization id) to use for the mod‐
	   ify operation, usually in double quotes ("") for the shell.

       -Z

	   Specify  that  SSL  be  used	 to  provide  certificate-based client
	   authentication. This option requires the -N and  SSL	 password  and
	   any other of the SSL options needed to identify the certificate and
	   the key database.

EXIT STATUS
       The following exit values are returned:

       0	    Successful completion.

       Non-zero	    An error occurred. A  diagnostic  message  is  written  to
		    standard error.

EXAMPLES
       The format of the content of file (or standard input if no -f option is
       specified) is illustrated in the following examples.

       Example 1 Modifying an Entry

       The file /tmp/entrymods contains the  following	modification  instruc‐
       tions:

	      dn: cn=Modify Me, o=XYZ, c=US
	     changetype: modify
	     replace: mail
	     mail: modme@atlanta.xyz.com
	     -
	     add: title
	     title: System Manager
	     -
	     add: jpegPhoto
	     jpegPhoto:< file:///tmp/modme.jpeg
	     -
	     delete: description
	     -

       The command:

	 example% ldapmodify -r -f /tmp/entrymods

       modifies the Modify Me entry as follows:

	   1.	  The current value of the mail attribute is replaced with the
		  value, modme@atlanta.xyz.com.

	   2.	  A title attribute with the value, System Manager, is added.

	   3.	  A jpegPhoto attribute is added, using the  contents  of  the
		  file, /tmp/modme.jpeg, as the attribute value.

	   4.	  The description attribute is removed.

       Example 2 Creating a New Entry

       The  file, /tmp/newentry, contains the following information for creat‐
       ing a new entry:

	     dn: cn=Ann Jones, o=XYZ, c=US
	     objectClass: person
	     cn: Ann Jones
	     cn: Annie Jones
	     sn: Jones
	     title: Director of Research and Development
	     mail: ajones@londonrd.xyz.us.com
	     uid: ajones

       The command

	 example% ldapadd -f /tmp/newentry

       adds a new entry for Ann Jones, using the information in the file.

       Example 3 Creating a New Entry on an IPv6 Server

       The file, /tmp/newentry, contains the following information for	creat‐
       ing a new entry: on an IPv6 server.

	     dn: cn=Ann Jones, o=XYZ, c=US
	     objectClass: person
	     cn: Ann Jones
	     cn: Annie Jones
	     sn: Jones
	     title: Director of Research and Development
	     mail: ajones@londonrd.xyz.us.com
	     uid: ajones

       The command

	 example% ldapadd -c -v -h '['fec0::111:a00:20ff:feaa:a364']':389 \
				  -D cn=Directory Manager -w secret \
				  -f /tmp/entry

       adds  a	new  entry for Directory Manager, using the information in the
       file.

       Example 4 Deleting an Entry

       The file, /tmp/badentry, contains the following	information  about  an
       entry to be deleted:

	     dn: cn=Ann Jones, o=XYZ, c=US
	     changetype: delete

       The command:

	 example% ldapmodify -f /tmp/badentry

       removes Ann Jones' entry.

ATTRIBUTES
       See attributes(5) for a description of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Availability		     │SUNWcs			   │
       │Interface Stability	     │Committed			   │
       └─────────────────────────────┴─────────────────────────────┘

SEE ALSO
       ldap(1), ldapdelete(1), ldaplist(1), ldapmodrdn(1), ldapsearch(1), lda‐
       paddent(1M),	    ldap_cachemgr(1M),	       ldap_get_option(3LDAP),
       ldap_set_option(3LDAP), attributes(5)

SunOS 5.11			  15 Jan 2004			 ldapmodify(1)
[top]

List of man pages available for OpenIndiana

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net