1 .TH LDAPMODIFY 1 "RELEASEDATE" "OpenLDAP LDVERSION"
3 .\" Copyright 1998-2013 The OpenLDAP Foundation All Rights Reserved.
4 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
12 .BI \-d \ debuglevel\fR]
36 .BI \-y \ passwdfile\fR]
40 .BI \-h \ ldaphost\fR]
42 .BI \-p \ ldapport\fR]
44 .BR \-P \ { 2 \||\| 3 }]
46 .BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
48 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
50 .BI \-o \ opt \fR[= optparam \fR]]
52 .BI \-O \ security-properties\fR]
74 .BI \-d \ debuglevel\fR]
96 .BI \-y \ passwdfile\fR]
100 .BI \-h \ ldaphost\fR]
102 .BI \-p \ ldapport\fR]
104 .BR \-P \ { 2 \||\| 3 }]
106 .BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
108 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
110 .BI \-o \ opt \fR[= optparam \fR]]
112 .BI \-O \ security-properties\fR]
120 .BI \-U \ authcid\fR]
124 .BI \-X \ authzid\fR]
131 is a shell-accessible interface to the
132 .BR ldap_add_ext (3),
133 .BR ldap_modify_ext (3),
134 .BR ldap_delete_ext (3)
139 is implemented as a hard link to the ldapmodify tool. When invoked as
141 the \fB\-a\fP (add new entry) flag is turned on automatically.
144 opens a connection to an LDAP server, binds, and modifies or adds entries.
145 The entry information is read from standard input or from \fIfile\fP through
146 the use of the \fB\-f\fP option.
151 If \fB\-VV\fP is given, only the version information is printed.
154 Set the LDAP debugging level to \fIdebuglevel\fP.
156 must be compiled with LDAP_DEBUG defined for this option to have any effect.
159 Show what would be done, but don't actually modify entries. Useful for
160 debugging in conjunction with \fB\-v\fP.
163 Use verbose mode, with many diagnostics written to standard output.
166 Add new entries. The default for
168 is to modify existing entries. If invoked as
170 this flag is always set.
173 Continuous operation mode. Errors are reported, but
175 will continue with modifications. The default is to exit after
179 Read the entry modification information from \fIfile\fP instead of from
183 Add or change records which were skipped due to an error are written to \fIfile\fP
184 and the error message returned by the server is added as a comment. Most useful in
185 conjunction with \fB\-c\fP.
188 Enable manage DSA IT control.
190 makes control critical.
193 Use simple authentication instead of SASL.
196 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
197 For SASL binds, the server is expected to ignore this value.
200 Prompt for simple authentication.
201 This is used instead of specifying the password on the command line.
204 Use \fIpasswd\fP as the password for simple authentication.
207 Use complete contents of \fIpasswdfile\fP as the password for
208 simple authentication.
211 Specify URI(s) referring to the ldap server(s); only the protocol/host/port
212 fields are allowed; a list of URI, separated by whitespace or commas
216 Specify an alternate host on which the ldap server is running.
217 Deprecated in favor of \fB\-H\fP.
220 Specify an alternate TCP port where the ldap server is listening.
221 Deprecated in favor of \fB\-H\fP.
223 .BR \-P \ { 2 \||\| 3 }
224 Specify the LDAP protocol version to use.
226 .BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
228 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
230 Specify general extensions with \fB\-e\fP and modify extensions with \fB\-E\fP.
231 \'\fB!\fP\' indicates criticality.
235 [!]assert=<filter> (an RFC 4515 Filter)
236 !authzid=<authzid> ("dn:<dn>" or "u:<user>")
237 [!]bauthzid (RFC 3829 authzid control)
238 [!]chaining[=<resolve>[/<cont>]]
242 [!]postread[=<attrs>] (a comma-separated attribute list)
243 [!]preread[=<attrs>] (a comma-separated attribute list)
245 sessiontracking[=<username>]
246 abandon,cancel,ignore (SIGINT sends abandon/cancel,
247 or ignores response; if critical, doesn't wait for SIGINT.
253 [!]txn[=abort|commit]
256 .BI \-o \ opt \fR[= optparam \fR]]
258 Specify general options.
262 nettimeout=<timeout> (in seconds, or "none" or "max")
263 ldif-wrap=<width> (in columns, or "no" for no wrapping)
266 .BI \-O \ security-properties
267 Specify SASL security properties.
270 Enable SASL Interactive mode. Always prompt. Default is to prompt
274 Enable SASL Quiet mode. Never prompt.
277 Do not use reverse DNS to canonicalize SASL host name.
280 Specify the authentication ID for SASL bind. The form of the ID
281 depends on the actual SASL mechanism used.
284 Specify the realm of authentication ID for SASL bind. The form of the realm
285 depends on the actual SASL mechanism used.
288 Specify the requested authorization ID for SASL bind.
290 must be one of the following formats:
291 .BI dn: "<distinguished name>"
296 Specify the SASL mechanism to be used for authentication. If it's not
297 specified, the program will choose the best mechanism the server knows.
300 Issue StartTLS (Transport Layer Security) extended operation. If you use
302 , the command will require the operation to be successful.
304 The contents of \fIfile\fP (or standard input if no \fB\-f\fP flag is given on
305 the command line) must conform to the format defined in
307 (LDIF as defined in RFC 2849).
309 Assuming that the file
311 exists and has the contents:
314 dn: cn=Modify Me,dc=example,dc=com
317 mail: modme@example.com
323 jpegPhoto:< file:///tmp/modme.jpeg
332 ldapmodify \-f /tmp/entrymods
335 will replace the contents of the "Modify Me" entry's
337 attribute with the value "modme@example.com", add a
339 of "Grand Poobah", and the contents of the file "/tmp/modme.jpeg"
342 and completely remove the
346 Assuming that the file
348 exists and has the contents:
351 dn: cn=Barbara Jensen,dc=example,dc=com
356 title: the world's most famous mythical manager
357 mail: bjensen@example.com
364 ldapadd \-f /tmp/newentry
367 will add a new entry for Babs Jensen, using the values from the
371 Assuming that the file
373 exists and has the contents:
376 dn: cn=Barbara Jensen,dc=example,dc=com
383 ldapmodify \-f /tmp/entrymods
386 will remove Babs Jensen's entry.
388 Exit status is zero if no errors occur. Errors result in a non-zero
389 exit status and a diagnostic message being written to standard error.
397 .BR ldap_add_ext (3),
398 .BR ldap_delete_ext (3),
399 .BR ldap_modify_ext (3),
400 .BR ldap_modrdn_ext (3),
403 The OpenLDAP Project <http://www.openldap.org/>