1 .TH LDAPMODIFY 1 "RELEASEDATE" "OpenLDAP LDVERSION"
3 .\" Copyright 1998-2012 The OpenLDAP Foundation All Rights Reserved.
4 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
22 .BI \-d \ debuglevel\fR]
30 .BI \-y \ passwdfile\fR]
34 .BI \-h \ ldaphost\fR]
36 .BI \-p \ ldapport\fR]
38 .BR \-P \ { 2 \||\| 3 }]
40 .BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
42 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
44 .BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]]
46 .BI \-O \ security-properties\fR]
78 .BI \-d \ debuglevel\fR]
86 .BI \-y \ passwdfile\fR]
90 .BI \-h \ ldaphost\fR]
92 .BI \-p \ ldapport\fR]
94 .BR \-P \ { 2 \||\| 3 }]
96 .BI \-O \ security-properties\fR]
102 .BI \-U \ authcid\fR]
108 .BI \-X \ authzid\fR]
117 is a shell-accessible interface to the
118 .BR ldap_add_ext (3),
119 .BR ldap_modify_ext (3),
120 .BR ldap_delete_ext (3)
125 is implemented as a hard link to the ldapmodify tool. When invoked as
127 the \fB\-a\fP (add new entry) flag is turned on automatically.
130 opens a connection to an LDAP server, binds, and modifies or adds entries.
131 The entry information is read from standard input or from \fIfile\fP through
132 the use of the \fB\-f\fP option.
136 Add new entries. The default for
138 is to modify existing entries. If invoked as
140 this flag is always set.
143 Continuous operation mode. Errors are reported, but
145 will continue with modifications. The default is to exit after
149 Add or change records which were skipped due to an error are written to \fIfile\fP
150 and the error message returned by the server is added as a comment. Most useful in
151 conjunction with \fB\-c\fP.
154 Show what would be done, but don't actually modify entries. Useful for
155 debugging in conjunction with \fB\-v\fP.
158 Use verbose mode, with many diagnostics written to standard output.
161 Enable manage DSA IT control.
163 makes control critical.
166 Set the LDAP debugging level to \fIdebuglevel\fP.
168 must be compiled with LDAP_DEBUG defined for this option to have any effect.
171 Read the entry modification information from \fIfile\fP instead of from
175 Use simple authentication instead of SASL.
178 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
179 For SASL binds, the server is expected to ignore this value.
182 Prompt for simple authentication.
183 This is used instead of specifying the password on the command line.
186 Use \fIpasswd\fP as the password for simple authentication.
189 Use complete contents of \fIpasswdfile\fP as the password for
190 simple authentication.
193 Specify URI(s) referring to the ldap server(s); only the protocol/host/port
194 fields are allowed; a list of URI, separated by whitespace or commas
198 Specify an alternate host on which the ldap server is running.
199 Deprecated in favor of \fB\-H\fP.
202 Specify an alternate TCP port where the ldap server is listening.
203 Deprecated in favor of \fB\-H\fP.
205 .BR \-P \ { 2 \||\| 3 }
206 Specify the LDAP protocol version to use.
208 .BI \-O \ security-properties
209 Specify SASL security properties.
211 .BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
213 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
215 Specify general extensions with \fB\-e\fP and modify extensions with \fB\-E\fP.
216 \'\fB!\fP\' indicates criticality.
220 [!]assert=<filter> (an RFC 4515 Filter)
221 !authzid=<authzid> ("dn:<dn>" or "u:<user>")
222 [!]bauthzid (RFC 3829 authzid control)
223 [!]chaining[=<resolve>[/<cont>]]
227 [!]postread[=<attrs>] (a comma-separated attribute list)
228 [!]preread[=<attrs>] (a comma-separated attribute list)
230 sessiontracking[=<username>]
231 abandon,cancel,ignore (SIGINT sends abandon/cancel,
232 or ignores response; if critical, doesn't wait for SIGINT.
238 [!]txn[=abort|commit]
241 .BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]
243 Specify general options.
247 nettimeout=<timeout> (in seconds, or "none" or "max")
248 ldif-wrap=<width> (in columns, or "no" for no wrapping)
252 Enable SASL Interactive mode. Always prompt. Default is to prompt
256 Enable SASL Quiet mode. Never prompt.
259 Specify the authentication ID for SASL bind. The form of the ID
260 depends on the actual SASL mechanism used.
263 Specify the realm of authentication ID for SASL bind. The form of the realm
264 depends on the actual SASL mechanism used.
267 Specify the requested authorization ID for SASL bind.
269 must be one of the following formats:
270 .BI dn: "<distinguished name>"
275 Specify the SASL mechanism to be used for authentication. If it's not
276 specified, the program will choose the best mechanism the server knows.
279 Issue StartTLS (Transport Layer Security) extended operation. If you use
281 , the command will require the operation to be successful.
283 The contents of \fIfile\fP (or standard input if no \fB\-f\fP flag is given on
284 the command line) must conform to the format defined in
286 (LDIF as defined in RFC 2849).
288 Assuming that the file
290 exists and has the contents:
293 dn: cn=Modify Me,dc=example,dc=com
296 mail: modme@example.com
302 jpegPhoto:< file:///tmp/modme.jpeg
311 ldapmodify \-f /tmp/entrymods
314 will replace the contents of the "Modify Me" entry's
316 attribute with the value "modme@example.com", add a
318 of "Grand Poobah", and the contents of the file "/tmp/modme.jpeg"
321 and completely remove the
325 Assuming that the file
327 exists and has the contents:
330 dn: cn=Barbara Jensen,dc=example,dc=com
335 title: the world's most famous mythical manager
336 mail: bjensen@example.com
343 ldapadd \-f /tmp/newentry
346 will add a new entry for Babs Jensen, using the values from the
350 Assuming that the file
352 exists and has the contents:
355 dn: cn=Barbara Jensen,dc=example,dc=com
362 ldapmodify \-f /tmp/entrymods
365 will remove Babs Jensen's entry.
367 Exit status is zero if no errors occur. Errors result in a non-zero
368 exit status and a diagnostic message being written to standard error.
376 .BR ldap_add_ext (3),
377 .BR ldap_delete_ext (3),
378 .BR ldap_modify_ext (3),
379 .BR ldap_modrdn_ext (3),
383 The OpenLDAP Project <http://www.openldap.org/>