1 .TH LDAPMODIFY 1 "RELEASEDATE" "OpenLDAP LDVERSION"
3 .\" Copyright 1998-2011 The OpenLDAP Foundation All Rights Reserved.
4 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
22 .BI \-d \ debuglevel\fR]
30 .BI \-y \ passwdfile\fR]
34 .BI \-h \ ldaphost\fR]
36 .BI \-p \ ldapport\fR]
38 .BR \-P \ { 2 \||\| 3 }]
40 .BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
42 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
44 .BI \-O \ security-properties\fR]
76 .BI \-d \ debuglevel\fR]
84 .BI \-y \ passwdfile\fR]
88 .BI \-h \ ldaphost\fR]
90 .BI \-p \ ldapport\fR]
92 .BR \-P \ { 2 \||\| 3 }]
94 .BI \-O \ security-properties\fR]
100 .BI \-U \ authcid\fR]
106 .BI \-X \ authzid\fR]
115 is a shell-accessible interface to the
116 .BR ldap_add_ext (3),
117 .BR ldap_modify_ext (3),
118 .BR ldap_delete_ext (3)
123 is implemented as a hard link to the ldapmodify tool. When invoked as
125 the \fB\-a\fP (add new entry) flag is turned on automatically.
128 opens a connection to an LDAP server, binds, and modifies or adds entries.
129 The entry information is read from standard input or from \fIfile\fP through
130 the use of the \fB\-f\fP option.
134 Add new entries. The default for
136 is to modify existing entries. If invoked as
138 this flag is always set.
141 Continuous operation mode. Errors are reported, but
143 will continue with modifications. The default is to exit after
147 Add or change records which where skipped due to an error are written to \fIfile\fP
148 and the error message returned by the server is added as a comment. Most useful in
149 conjunction with \fB\-c\fP.
152 Show what would be done, but don't actually modify entries. Useful for
153 debugging in conjunction with \fB\-v\fP.
156 Use verbose mode, with many diagnostics written to standard output.
159 Enable manage DSA IT control.
161 makes control critical.
164 Set the LDAP debugging level to \fIdebuglevel\fP.
166 must be compiled with LDAP_DEBUG defined for this option to have any effect.
169 Read the entry modification information from \fIfile\fP instead of from
173 Use simple authentication instead of SASL.
176 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
177 For SASL binds, the server is expected to ignore this value.
180 Prompt for simple authentication.
181 This is used instead of specifying the password on the command line.
184 Use \fIpasswd\fP as the password for simple authentication.
187 Use complete contents of \fIpasswdfile\fP as the password for
188 simple authentication.
191 Specify URI(s) referring to the ldap server(s); only the protocol/host/port
192 fields are allowed; a list of URI, separated by whitespace or commas
196 Specify an alternate host on which the ldap server is running.
197 Deprecated in favor of \fB\-H\fP.
200 Specify an alternate TCP port where the ldap server is listening.
201 Deprecated in favor of \fB\-H\fP.
203 .BR \-P \ { 2 \||\| 3 }
204 Specify the LDAP protocol version to use.
206 .BI \-O \ security-properties
207 Specify SASL security properties.
209 .BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
211 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
213 Specify general extensions with \fB\-e\fP and modify extensions with \fB\-E\fP.
214 \'\fB!\fP\' indicates criticality.
218 [!]assert=<filter> (an RFC 4515 Filter)
219 !authzid=<authzid> ("dn:<dn>" or "u:<user>")
220 [!]bauthzid (RFC 3829 authzid control)
221 [!]chaining[=<resolve>[/<cont>]]
225 [!]postread[=<attrs>] (a comma-separated attribute list)
226 [!]preread[=<attrs>] (a comma-separated attribute list)
229 abandon,cancel,ignore (SIGINT sends abandon/cancel,
230 or ignores response; if critical, doesn't wait for SIGINT.
236 [!]txn[=abort|commit]
240 Enable SASL Interactive mode. Always prompt. Default is to prompt
244 Enable SASL Quiet mode. Never prompt.
247 Specify the authentication ID for SASL bind. The form of the ID
248 depends on the actual SASL mechanism used.
251 Specify the realm of authentication ID for SASL bind. The form of the realm
252 depends on the actual SASL mechanism used.
255 Specify the requested authorization ID for SASL bind.
257 must be one of the following formats:
258 .BI dn: "<distinguished name>"
263 Specify the SASL mechanism to be used for authentication. If it's not
264 specified, the program will choose the best mechanism the server knows.
267 Issue StartTLS (Transport Layer Security) extended operation. If you use
269 , the command will require the operation to be successful.
271 The contents of \fIfile\fP (or standard input if no \fB\-f\fP flag is given on
272 the command line) must conform to the format defined in
274 (LDIF as defined in RFC 2849).
276 Assuming that the file
278 exists and has the contents:
281 dn: cn=Modify Me,dc=example,dc=com
284 mail: modme@example.com
290 jpegPhoto:< file:///tmp/modme.jpeg
299 ldapmodify \-f /tmp/entrymods
302 will replace the contents of the "Modify Me" entry's
304 attribute with the value "modme@example.com", add a
306 of "Grand Poobah", and the contents of the file "/tmp/modme.jpeg"
309 and completely remove the
313 Assuming that the file
315 exists and has the contents:
318 dn: cn=Barbara Jensen,dc=example,dc=com
323 title: the world's most famous mythical manager
324 mail: bjensen@example.com
331 ldapadd \-f /tmp/newentry
334 will add a new entry for Babs Jensen, using the values from the
338 Assuming that the file
340 exists and has the contents:
343 dn: cn=Barbara Jensen,dc=example,dc=com
350 ldapmodify \-f /tmp/entrymods
353 will remove Babs Jensen's entry.
355 Exit status is zero if no errors occur. Errors result in a non-zero
356 exit status and a diagnostic message being written to standard error.
364 .BR ldap_add_ext (3),
365 .BR ldap_delete_ext (3),
366 .BR ldap_modify_ext (3),
367 .BR ldap_modrdn_ext (3),
371 The OpenLDAP Project <http://www.openldap.org/>