Modifying Entries Using ldapmodify
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Note –
Ensure that you use the ldapmodify utility that is provided as a part of the Directory Server Enterprise Edition software.
Use the changetype: modify keyword to add, replace, or remove attributes and their values in an existing entry. When you specify changetype: modify, you must also provide one or more change operations to indicate how the entry is to be modified. The three possible LDIF change operations are shown in the following example:
dn: entryDN changetype: modify add: attribute attribute: value... - replace: attribute attribute: newValue... - delete: attribute [attribute: value] ... |
Use a hyphen (-) on a line to separate operations on the same entry, and use a blank line to separate groups of operations on different entries. You can also give several attribute: value pairs for each operation.
Adding an Attribute Value
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
The following example shows how you can use the same add LDIF syntax to add values to existing multi-valued attribute and to attributes that do not yet exist:
$ ldapmodify -h host1 -p 1389 -D cn=admin,cn=Administrators,cn=config -w - Enter bind password: dn: uid=bjensen,ou=People,dc=example,dc=com changetype: modify add: cn cn: Babs Jensen - add: mobile mobile: (408) 555-7844 |
This operation might fail and the server will return an error if any of the following are true:
-
The given value already exists for an attribute.
-
The value does not follow the syntax defined for the attribute.
-
The attribute type is not required or allowed by the entry’s object classes.
-
The attribute type is not multi-valued and a value already exists for it.
Using the Binary Attribute Subtype
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
The attribute;binary subtype indicates that attribute values must be transported over LDAP as binary data, regardless of their actual syntax. This subtype is designed for complex syntax that does not have LDAP string representations, such as userCertificate. The binary subtype should not be used outside of this purpose.
When used with the ldapmodify command, appropriate subtypes can be added to attribute names in any of the LDIF statements.
To enter a binary value, you may type it directly in the LDIF text or read it from another file. The LDIF syntax for reading it from a file is shown in the following example:
$ ldapmodify -h host1 -p 1389 -D cn=admin,cn=Administrators,cn=config -w - Enter bind password: version: 1 dn: uid=bjensen,ou=People,dc=example,dc=com changetype: modify add: userCertificate;binary userCertificate;binary:< file:///local/cert-file |
To use the :< syntax to specify a file name, you must begin the LDIF statement with the line version: 1. When ldapmodify processes this statement, it will set the attribute to the value that is read from the entire contents of the given file.
By default, the search returns the binary attributes when used with the ;binary option. Set the compat-flag to norfc4522 to disable rfc4522 compliance.
Adding an Attribute With a Language Subtype
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Language and pronunciation subtypes of attributes designate localized values. When you specify a language subtype for an attribute, the subtype is added to the attribute name as follows:
attribute;lang-CC |
where attribute is an existing attribute type, and cc is the two-letter country code to designate the language. You may optionally add a pronunciation subtype to a language subtype to designate a phonetic equivalent for the localized value. In this case the attribute name is as follows:
attribute;lang-CC;phonetic |
To perform an operation on an attribute with a subtype, you must explicitly match its subtype. For example, if you want to modify an attribute value that has the lang-fr language subtype, you must include lang-fr in the modify operation as follows:
$ ldapmodify -h host1 -p 1389 -D cn=admin,cn=Administrators,cn=config -w - Enter bind password: dn: uid=bjensen,ou=People,dc=example,dc=com changetype: modify add: homePostalAddress;lang-fr homePostalAddress;lang-fr: 34, rue de la Paix |
Note –
If the attribute value contains non-ASCII characters, they must be UTF-8 encoded.
Modifying Attribute Values
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
The following example shows how to change the value of an attribute by using the replace syntax in LDIF:
$ ldapmodify -h host1 -p 1389 -D cn=admin,cn=Administrators,cn=config -w - Enter bind password: dn: uid=bjensen,ou=People,dc=example,dc=com changetype: modify replace: sn sn: Morris - replace: cn cn: Barbara Morris cn: Babs Morris |
All current values of the specified attributes are removed, and all given values are added.
After changing an attribute value, you can use the ldapsearch command to verify the change.
Trailing Spaces in Attribute Values
When you modify an attribute value, do not unintentionally include trailing spaces at the end of the value. The trailing spaces are stored in the server as part of the attribute's value, and leads to unexpected values being stored
When you verify the change using DSCC or the ldapsearch command, the value you see might be plain text or some other unexpected value. This depends on which Directory Server client you use.
Deleting an Attribute Value
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
The following example shows how to delete an attribute entirely and to delete only one value of a multi valued attribute:
$ ldapmodify -h host1 -p 1389 -D cn=admin,cn=Administrators,cn=config -w - Enter bind password: dn: uid=bjensen,ou=People,dc=example,dc=com changetype: modify delete: facsimileTelephoneNumber - delete: cn cn: Babs Morris |
When using the delete syntax without specifying an attribute: value pair, all values of the attribute are removed. If you specify an attribute: value pair, only that value is removed.
Modifying One Value of a Multi Valued Attribute
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
To modify one value of a multi valued attribute with the ldapmodify command, you must perform two operations as shown in the following example:
$ ldapmodify -h host1 -p 1389 -D cn=admin,cn=Administrators,cn=config -w - Enter bind password: dn: uid=bjensen,ou=People,dc=example,dc=com changetype: modify delete: mobile mobile: (408) 555-7845 - add: mobile mobile: (408) 555-5487 |
- © 2010, Oracle Corporation and/or its affiliates