|
Oracle® Identity Management User Reference
10g Release 2 (10.1.2) B15883-01 |
|
 Previous |
 Next |
|
Oracle® Identity Management User Reference
10g Release 2 (10.1.2) B15883-01 |
|
|
Previous |
Next |
The ldapadd command-line tool enables you to add entries, their object classes, attributes, and values to the directory. To add attributes to an existing entry, use the ldapmodify command, explained in "ldapmodify".
ldapadd -h oid_hostname -D "binddn" -w password [-Y "proxy_dn"] [-p ldap_port] [-V ldap_version] {-f ldif_filename | -X dsml_filename} [-b] [-n] [-c [-o log_file_name]] [-M] [-v] [-O ref_hop_limit] [-i 1|0] [-k|-K] [-U SSL_auth_mode {-W wallet_location -P wallet_password}] [-d debug_level] [-E character_set]
-h oid_hostname
Required. The host name or IP address of the Oracle Internet Directory server.
-D "binddn"
Required. The DN of the Oracle Internet Directory user needed to bind to the directory (for example, cn=orcladmin).
-w password
Required. The user password needed to bind to the directory.
-Y "proxy_dn"
Optional. The DN of a proxy user. After binding to the directory, the add operation will be performed as this user.
-p ldap_port
Optional. The port number used to connect to the Oracle Internet Directory server. Defaults to port 389.
-V ldap_version
Optional. The version of the LDAP protocol to use. Allowed values are 2 or 3. Defaults to 3 (LDAP v3).
-f ldif_filename | -X dsml_filename
Required. The full path and file name of the input file that contains the data you want to import.
Use the -f argument to supply an LDIF file. See Appendix A, "LDIF File Format" for information on formatting an LDIF file.
Use the -X argument to supply a Directory Service Markup Language (DSML) file. See "Adding Data to the Directory Using a DSML File" for more information about formatting a DSML file.
-b
Optional. Use this option if your input file has binary file names in it, which are preceded by the forward slash character. The tool retrieves the actual values from the file referenced.
-n
Optional. Enables you to preview what would occur in an operation without actually performing the operation.
-c
Optional. Proceeds in spite of errors. All errors will be reported. If the -c argument is not used, the tool will stop when an error occurs.
-o log_file_name
Optional. Used with the -c argument. Writes the LDIF entries with errors to a log file. Specify the full path and name of the log file.
-M
Optional. Instructs the tool to send the ManageDSAIT control to the server. The ManageDSAIT control instructs the server not to send referrals to clients. Instead a referral entry is returned as a regular entry.
-v
Optional. Runs the tool in verbose mode.
-O ref_hop_limit
Optional. The number of referral hops that a client should process. Defaults to 5.
-i 1 | 0
Optional. Specifies whether or not to bind as the current user when following referrals. 1 means bind as the current user, 0 means bind anonymously. The default is 0 (zero).
-k | -K
Optional. The -k argument authenticates using Kerberos authentication instead of simple authentication. To enable this option, you must compile with KERBEROS defined.You must already have a valid ticket granting ticket. Use the -K argument if you want to only perform the first step of the Kerberos bind.
-U SSL_auth_mode
Optional. The SSL authentication mode:
1 for no authentication required.
2 for one way authentication required. You must also supply a wallet location and wallet password.
3 for two way authentication required. You must also supply a wallet location and wallet password.
-W wallet_location
Required if using one way or two way SSL authentication (-U 2|3). The location of the wallet file that contains the server's SSL certificates.
Example for UNIX:
-W "file:/home/my_dir/my_wallet"
Example for Microsoft Windows:
-W "file:C:\my_dir\my_wallet"
-P wallet_password
Required if using one way or two way SSL authentication (-U 2|3). The wallet password for the wallet specified in the -W argument.
-d debug_level
Optional. If not specified the default of 0 (not enabled) is used. Debug levels are additive. Add the numbers representing the functions that you want to activate, and use the sum of those in the command-line option. For example, to trace search filter processing (512) and active connection management (256), enter 768 as the debug level (512 + 256 = 768). Debug levels are as follows:
1 — Heavy trace debugging
128 — Debug packet handling
256 — Connection management, related to network activities
512 — Search filter processing
1024 — Entry parsing
2048 — Configuration file processing
8192 — Access control list processing
491520 — Log of communication with the database
524288 — Schema related operations
4194304 — Replication specific operations
8388608 — Log of entries, operations and results for each connection
16777216 — Trace function call arguments
67108864 — Number and identity of clients connected to this server
117440511 — All possible operations and data
-E character_set
Optional. The native character set encoding. Defaults to the character set of the user's terminal. Each supported character set has a unique acronym, for example, WE8MSWIN1252, JA16SJIS, or AL32UTF8.
Using the ldapadd tool, you can perform the following tasks:
You can use ldapadd to add entries or schema information to the directory from an LDIF file. The file must be correctly formatted. See Appendix A, "LDIF File Format" for information about formatting an LDIF file.
Example:
ldapadd -h myhost.company.com -D "cn=orcladmin" -w password -p 389 -f ~/myfiles/input.ldif -v
You can use ldapadd to add entries or schema information to the directory from a Directory Service Markup Language (DSML) file that contains <addRequest> elements. For more information about the formatting DSML files, visit the OASIS Web site at http://www.oasis-open.org. The following example shows a sample DSML entry for a user.
Example:
<addRequest dn="CN=Alice,OU=HR,DC=Example,DC=COM"> <attr name="objectclass"><value>top</value></attr> <attr name="objectclass"><value>person</value></attr> <attr name="objectclass"><value>organizationalPerson</value></attr> <attr name="sn"><value>Johnson</value></attr> <attr name="givenName"><value>Alice</value></attr> <attr name="title"><value>Software Design Engineer</value></attr> </addRequest>
Once you have a correctly formatted DSML file, you can add data to the directory using ldapadd and supplying the DSML file as the input file.
Example:
ldapadd -h myhost.company.com -D "cn=orcladmin" -w password -p 389 -X ~/myfiles/input.xml -v
