1
.TH LDAPMODIFY 1 "RELEASEDATE" "OpenLDAP LDVERSION"
2
.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodify.1,v 1.49.2.7 2008/02/11 23:26:39 kurt Exp $
3
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
4
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6
ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
22
.BI \-d \ debuglevel\fR]
30
.BI \-y \ passwdfile\fR]
34
.BI \-h \ ldaphost\fR]
36
.BI \-p \ ldapport\fR]
38
.BI \-P \ 2\fR\||\|\fI3\fR]
40
.BR \-O \ security-properties ]
72
.BI \-d \ debuglevel\fR]
80
.BI \-y \ passwdfile\fR]
84
.BI \-h \ ldaphost\fR]
86
.BI \-p \ ldapport\fR]
88
.BI \-P \ 2\fR\||\|\fI3\fR]
90
.BR \-O \ security-properties ]
102
.BI \-X \ authzid\fR]
111
is a shell-accessible interface to the
112
.BR ldap_add_ext (3),
113
.BR ldap_modify_ext (3),
114
.BR ldap_delete_ext (3)
119
is implemented as a hard link to the ldapmodify tool. When invoked as
121
the -a (add new entry) flag is turned on automatically.
124
opens a connection to an LDAP server, binds, and modifies or adds entries.
125
The entry information is read from standard input or from \fIfile\fP through
126
the use of the -f option.
130
Add new entries. The default for
132
is to modify existing entries. If invoked as
134
this flag is always set.
137
Continuous operation mode. Errors are reported, but
139
will continue with modifications. The default is to exit after
143
Add or change records which where skipped due to an error are written to \fIfile\fP
144
and the error message returned by the server is added as a comment. Most useful in
148
Show what would be done, but don't actually modify entries. Useful for
149
debugging in conjunction with -v.
152
Use verbose mode, with many diagnostics written to standard output.
155
Enable manage DSA IT control.
157
makes control critical.
160
Set the LDAP debugging level to \fIdebuglevel\fP.
162
must be compiled with LDAP_DEBUG defined for this option to have any effect.
165
Read the entry modification information from \fIfile\fP instead of from
169
Use simple authentication instead of SASL.
172
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
175
Prompt for simple authentication.
176
This is used instead of specifying the password on the command line.
179
Use \fIpasswd\fP as the password for simple authentication.
182
Use complete contents of \fIpasswdfile\fP as the password for
183
simple authentication.
186
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
187
fields are allowed; a list of URI, separated by whitespace or commas
191
Specify an alternate host on which the ldap server is running.
192
Deprecated in favor of -H.
195
Specify an alternate TCP port where the ldap server is listening.
196
Deprecated in favor of -H.
198
.BI \-P \ 2\fR\||\|\fI3
199
Specify the LDAP protocol version to use.
201
.BI \-O \ security-properties
202
Specify SASL security properties.
205
Enable SASL Interactive mode. Always prompt. Default is to prompt
209
Enable SASL Quiet mode. Never prompt.
212
Specify the authentication ID for SASL bind. The form of the ID
213
depends on the actual SASL mechanism used.
216
Specify the realm of authentication ID for SASL bind. The form of the realm
217
depends on the actual SASL mechanism used.
220
Specify the requested authorization ID for SASL bind.
222
must be one of the following formats:
224
.I <distinguished name>
230
Specify the SASL mechanism to be used for authentication. If it's not
231
specified, the program will choose the best mechanism the server knows.
234
Issue StartTLS (Transport Layer Security) extended operation. If you use
236
, the command will require the operation to be successful.
238
The contents of \fIfile\fP (or standard input if no \-f flag is given on
239
the command line) must conform to the format defined in
241
(LDIF as defined in RFC 2849).
243
Assuming that the file
245
exists and has the contents:
248
dn: cn=Modify Me,dc=example,dc=com
251
mail: modme@example.com
257
jpegPhoto:< file:///tmp/modme.jpeg
266
ldapmodify -f /tmp/entrymods
269
will replace the contents of the "Modify Me" entry's
271
attribute with the value "modme@example.com", add a
273
of "Grand Poobah", and the contents of the file "/tmp/modme.jpeg"
276
and completely remove the
280
Assuming that the file
282
exists and has the contents:
285
dn: cn=Barbara Jensen,dc=example,dc=com
290
title: the world's most famous mythical manager
291
mail: bjensen@example.com
298
ldapadd -f /tmp/newentry
301
will add a new entry for Babs Jensen, using the values from the
305
Assuming that the file
307
exists and has the contents:
310
dn: cn=Barbara Jensen,dc=example,dc=com
317
ldapmodify -f /tmp/entrymods
320
will remove Babs Jensen's entry.
322
Exit status is zero if no errors occur. Errors result in a non-zero
323
exit status and a diagnostic message being written to standard error.
331
.BR ldap_add_ext (3),
332
.BR ldap_delete_ext (3),
333
.BR ldap_modify_ext (3),
334
.BR ldap_modrdn_ext (3),
338
The OpenLDAP Project <http://www.openldap.org/>