The ldapmodify utility opens a connection to an LDAP server, binds and modifies or adds entries. The entry information is read from standard input or from file, specified using the -f option. The ldapadd utility is implemented as a hard link to the ldapmodify tool. When invoked as ldapadd, the -a (add new entry) option is turned on automatically.
Both ldapadd and ldapmodify reject duplicate attribute-name/value pairs for the same entry.
The following options are supported:
Adds new entries. The default for ldapmodify is to modify existing entries. If invoked as ldapadd, this option is always set.
Specifies continuous operation mode. Errors are reported, but ldapmodify and ldapadd continue with modifications. The default is to exit after reporting an error.
Uses the distinguished name binddn to bind to the directory.
Sets the LDAP debugging level. Useful levels of debugging for ldapmodify and ldapadd are:
To request more than one category of debugging information, add the masks. For example, to request trace and filter information, specify a debuglevel of 33.
Forces application of all changes regardless of the content of input lines that begin with replica:. By default, replica: lines are compared against the LDAP server host and port in use to decide whether a replog record should be applied.
Reads the entry modification information from file instead of from standard input.
Specifies an alternate host on which the slapd server is running.
Specifies the number of LDAP connections that ldapadd or ldapmodify will open to process the modifications in the directory. The default is one connection.
Specifies the authentication mechanism used to bind to the directory.
The default authentication method for ldapmodify and ldapadd is simple bind. simple bind sends the password to the server in the clear. The password is subject to snooping if the server is not local. You must use special care when you use this command with the default authentication method. If your server supports the challenge response method CRAM-MD5 authentication method, you can override the default authentication method by using the -M option with CRAM-MD5 as the value for authentication.
The bind DN and bind password are mandatory with this option.
Previews modifications, but makes no changes to entries. Useful in conjunction with -v and -d for debugging.
Specifies an alternate TCP port where the slapd server is listening.
Replaces existing value with the specified value. This is the default for ldapmodify. When ldapadd is called, or if the -a option is specified, the -r option is ignored.
Uses verbose mode, with diagnostics written to standard output.
Use passwd as the password for authentication to the directory. When you use -w passwd to specify the password to be used for authentication, the password is visible to other users of the system by means of the ps command, in script files or in shell history. If you use either the ldapmodify command or the ldapadd command without this option, the command will prompt for the password and read it from standard in. When used without the -w option, the password will not be visible to other users.
The following exit values are returned:
An error occurred. A diagnostic message is written to standard error.
The format of the content of file (or standard input if no -f option is specified) is illustrated in the following examples.
The file /tmp/entrymods contains the following modification instructions:
dn: cn=Modify Me, o=XYZ, c=US changetype: modify replace: mail mail: email@example.com - add: title title: System Manager - add: jpegPhoto jpegPhoto:< file:///tmp/modme.jpeg - delete: description -
example% ldapmodify -r -f /tmp/entrymods
modifies the Modify Me entry as follows:
The current value of the mail attribute is replaced with the value, firstname.lastname@example.org.
A title attribute with the value, System Manager, is added.
A jpegPhoto attribute is added, using the contents of the file, /tmp/modme.jpeg, as the attribute value.
The description attribute is removed.
The file, /tmp/newentry, contains the following information for creating a new entry:
dn: cn=Ann Jones, o=XYZ, c=US objectClass: person cn: Ann Jones cn: Annie Jones sn: Jones title: Director of Research and Development mail: email@example.com uid: ajones
example% ldapadd -f /tmp/newentry
adds a new entry for Ann Jones, using the information in the file.
The file, /tmp/badentry, contains the following information about an entry to be deleted:
dn: cn=Ann Jones, o=XYZ, c=US changetype: delete
example% ldapmodify -f /tmp/badentry
removes Ann Jones' entry.
See attributes(5) for a description of the following attributes: