-.TH LDAPMODIFY 1 "20 August 2000" "OpenLDAP LDVERSION"
+.TH LDAPMODIFY 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
[\c
.BR \-c ]
[\c
-.BR \-C ]
-[\c
-.BR \-r ]
+.BI \-S \ file\fR]
[\c
.BR \-n ]
[\c
.BR \-v ]
[\c
-.BR \-k ]
-[\c
-.BR \-K ]
-[\c
.BR \-M[M] ]
[\c
.BI \-d \ debuglevel\fR]
[\c
.BI \-w \ passwd\fR]
[\c
+.BI \-y \ passwdfile\fR]
+[\c
.BI \-H \ ldapuri\fR]
[\c
.BI \-h \ ldaphost\fR]
[\c
.BR \-Q ]
[\c
-.BI \-U \ username\fR]
+.BI \-U \ authcid\fR]
+[\c
+.BI \-R \ realm\fR]
[\c
.BR \-x ]
[\c
[\c
.BR \-c ]
[\c
-.BR \-C ]
-[\c
-.BR \-r ]
+.BI \-S \ file\fR]
[\c
.BR \-n ]
[\c
.BR \-v ]
[\c
-.BR \-k ]
-[\c
-.BR \-K ]
-[\c
.BR \-M[M] ]
[\c
.BI \-d \ debuglevel\fR]
[\c
.BI \-w \ passwd\fR]
[\c
+.BI \-y \ passwdfile\fR]
+[\c
.BI \-h \ ldaphost\fR]
[\c
.BI \-p \ ldapport\fR]
[\c
.BR \-Q ]
[\c
-.BI \-U \ username\fR]
+.BI \-U \ authcid\fR]
+[\c
+.BI \-R \ realm\fR]
[\c
.BR \-x ]
[\c
.SH DESCRIPTION
.B ldapmodify
is a shell-accessible interface to the
-.BR ldap_modify (3)
+.BR ldap_add_ext (3),
+.BR ldap_modify_ext (3),
+.BR ldap_delete_ext (3)
and
-.BR ldap_add (3)
+.BR ldap_rename (3).
library calls.
.B ldapadd
is implemented as a hard link to the ldapmodify tool. When invoked as
.BR ldapadd ,
this flag is always set.
.TP
-.B \-C
-Automatically chase referrals.
-.TP
.B \-c
Continuous operation mode. Errors are reported, but
.B ldapmodify
will continue with modifications. The default is to exit after
reporting an error.
.TP
-.B \-r
-Replace existing values by default.
+.BI \-S \ file
+Add or change records which where skipped due to an error are written to \fIfile\fP
+and the error message returned by the server is added as a comment. Most useful in
+conjunction with -c.
.TP
.B \-n
Show what would be done, but don't actually modify entries. Useful for
.B \-v
Use verbose mode, with many diagnostics written to standard output.
.TP
-.B \-k
-Use Kerberos authentication instead of simple authentication. It is
-assumed that you already have a valid ticket granting ticket. You must
-compile with Kerberos support for this option to have any effect.
-.TP
-.B \-K
-Same as \-k, but only does step 1 of the Kerberos bind. This is useful
-when connecting to a slapd and there is no x500dsa.hostname principal
-registered with your Kerberos servers.
-.TP
.B \-F
Force application of all changes regardless of the contents of input
lines that begin with
.BI \-w \ passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
+.BI \-y \ passwdfile
+Use complete contents of \fIpasswdfile\fP as the password for
+simple authentication.
+.TP
.BI \-H \ ldapuri
-Specify URI(s) referring to the ldap server(s).
+Specify URI(s) referring to the ldap server(s); only the protocol/host/port
+fields are allowed; a list of URI, separated by whitespace or commas
+is expected.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
-.BI \-U \ username
-Specify the username for SASL bind. The syntax of the username depends on the
-actual SASL mechanism used.
+.BI \-U \ authcid
+Specify the authentication ID for SASL bind. The form of the ID
+depends on the actual SASL mechanism used.
+.TP
+.BI \-R \ realm
+Specify the realm of authentication ID for SASL bind. The form of the realm
+depends on the actual SASL mechanism used.
.TP
.BI \-X \ authzid
Specify the requested authorization ID for SASL bind.
.SH INPUT FORMAT
The contents of \fIfile\fP (or standard input if no \-f flag is given on
the command line) should conform to the format defined in
-.BR slapd.replog (5),
+.BR ldif (1)
+(LDIF as defined RFC 2849), or
+.BR slapd.replog (5)
+(an extended form of LDIF)
with the exceptions noted below.
.LP
Lines that begin with "replica:" are matched against the LDAP server host
.LP
If no "changetype:" line is present, the default is "add" if the -a
flag is set (or if the program was invoked as
-.I ldapmodify)
+.I ldapadd)
and "modify" otherwise.
.LP
If changetype is "modify" and no "add:", "replace:", or "delete:" lines
-appear, the default is "replace" if the -r flag is set and "add"
-otherwise.
+appear, the default is "replace" for
+.BR ldapmodify (1)
+and "add" for
+.BR ldapadd (1).
.LP
Note that the above exceptions to the
.BR slapd.replog (5)
exists and has the contents:
.LP
.nf
- dn: cn=Modify Me, dc=example, dc=com
+ dn: cn=Modify Me,dc=example,dc=com
changetype: modify
replace: mail
- mail: modme@OpenLDAP.org
+ mail: modme@example.com
-
add: title
title: Grand Poobah
-
add: jpegPhoto
- jpegPhoto:< file://tmp/modme.jpeg
+ jpegPhoto:< file:///tmp/modme.jpeg
-
delete: description
-
the command:
.LP
.nf
- ldapmodify -b -r -f /tmp/entrymods
+ ldapmodify -f /tmp/entrymods
.fi
.LP
will replace the contents of the "Modify Me" entry's
exists and has the contents:
.LP
.nf
- dn: cn=Barbara Jensen, dc=example, dc=com
+ dn: cn=Barbara Jensen,dc=example,dc=com
objectClass: person
cn: Barbara Jensen
cn: Babs Jensen
the command:
.LP
.nf
- ldapadd -f /tmp/entrymods
+ ldapadd -f /tmp/newentry
.fi
.LP
will add a new entry for Babs Jensen, using the values from the
.B /tmp/newentry.
.LP
Assuming that the file
-.B /tmp/newentry
+.B /tmp/entrymods
exists and has the contents:
.LP
.nf
- dn: cn=Barbara Jensen, dc=example, dc=com
+ dn: cn=Barbara Jensen,dc=example,dc=com
changetype: delete
.LP
the command:
.BR ldapsearch (1),
.BR ldap.conf (5),
.BR ldap (3),
-.BR ldap_add (3),
-.BR ldap_delete (3),
-.BR ldap_modify (3),
-.BR ldap_modrdn (3),
+.BR ldap_add_ext (3),
+.BR ldap_delete_ext (3),
+.BR ldap_modify_ext (3),
+.BR ldap_modrdn_ext (3),
+.BR ldif (5),
.BR slapd.replog (5)
-.SH BUGS
-There is no interactive mode, but there probably should be.
.SH AUTHOR
The OpenLDAP Project <http://www.openldap.org/>
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project