ldapmodify opens a connection to an LDAP server, binds, and modifies or adds entries. The entry information is read from standard input or from file , specified using the -f option. ldapadd is implemented as a hard link to the ldapmodify tool. When invoked as ldapadd the -a (add new entry) option is turned on automatically.
Both ldapadd and ldapmodify reject duplicate attribute-name/value pairs for the same entry.
Add new entries. The default for ldapmodify is to modify existing entries. If invoked as ldapadd , this option is always set.
Assume that any value that starts with a / is the pathname of a file containing the actual attribute value. This is useful for attribute values in binary format.
Continuous operation mode. Errors are reported, but ldapmodify continues with modifications. The default is to exit after reporting an error.
Replace existing value with the specified value. This is the default for ldapmodify. When ldapadd is called, or if the -a option is specified, the -r option is ignored.
Preview modifications, but make no changes to entries. Useful in conjunction with -v and -d for debugging.
Use verbose mode, with diagnostics written to standard output.
Force application of all changes regardless of the content of input lines that begin replica: . By default, replica: lines are compared against the LDAP server host and port in use to decide whether a replog record should be applied.
To request more than one category of debugging information, add the masks. For example, to request trace and filter information, specify a debuglevel of 33.
Read the entry modification information from file instead of from standard input.
Use the distinguished name binddn to bind to the directory.
Use passwd as the password for authentication to the directory.
Specify an alternate host on which the slapd server is running.
Specifies the authentication mechanism used to bind to the directory. This option can have the value CRAM-MD5 . The bind DN and bind password are mandatory with this option.
Specify an alternate TCP port where the slapd server is listening.
Specifies the number of LDAP connections that ldapadd or ldapmodify will open to process the modifications in the directory. The default is one connection.
1. The file /tmp/entrymods contains the following modification instructions:
dn: cn=Modify Me, o=XYZ, c=US changetype: modify replace: mail mail: firstname.lastname@example.org - add: title title: System Manager - add: jpegPhoto jpegPhoto: /tmp/modme.jpeg - delete: description -
example% ldapmodify -b -r -f /tmp/entrymods
modifies the "Modify Me" entry as follows:
a. The current value of the mail attribute is replaced with the value "email@example.com"
b. A title attribute with the value "System Manager" is added
c. A jpegPhoto attribute is added, using the contents of the file /tmp/modme.jpeg as the attribute value
d. The description attribute is removed
dn: cn=Ann Jones, o=XYZ, c=US objectClass: person cn: Ann Jones cn: Annie Jones sn: Jones title: Director of Research and Development mail: firstname.lastname@example.org uid: ajones
example% ldapad -f /tmp/newentry
adds a new entry for Ann Jones, using the information in the file.
dn: cn=Ann Jones, o=XYZ, c=US changetype: delete
example% ldapmodify -f /tmp/badentry
removes Ann Jones' entry.
See attributes(5) for a description of the following attributes:
|ATTRIBUTE TYPE||ATTRIBUTE VALUE|
Exit status is 0 if no errors occur. Errors result in a non-zero exit status and a diagnostic message being written to standard error.