Sun Internet Mail Server 3.5 Reference Manual: 2

`ldapmodify`

The ldapmodify command opens a connection to an LDAP server, binds, and modifies or adds entries. The entry information is read from standard input or from a file, specified using the -f option. The ldapadd command is a variation of the ldapmodify command. When invoked as ldapadd, the -a (add new entry) flag is automatically turned on. Both ldapadd and ldapmodify reject duplicate attribute-name/value pairs for the same entry.

Syntax

ldapmodify [ -abcrnvF ] [ -d debuglevel ] [ -D binddn ] [ -w passwd ] [ -h ldaphost ]\ [ -p ldapport ] [ -f file ]

ldapadd [ -bcnvF ] [ -d debuglevel ] [ -D binddn ] [ -w passwd ] [ -h ldaphost ]\
[ -p ldapport ] [ -f file ]

The parameters for these commands are:

[ -a ]

Adds new entries. The default for ldapmodify is to modify existing entries. If invoked as ldapadd, this flag is always set.

[ -b ]

Assumes that any value that starts with a forward slash (/) is the pathname of a file containing the actual attribute value. This is useful for attribute values in binary format.

[ -c ]

Runs in continuous operation mode. Errors are reported, but ldapmodify continues with modifications. The default is to exit after reporting an error.

[ -r ]

Replaces existing value with the specified value. This is the default for ldapmodify. When ldapadd is called, or if the -a option is specified, the -r option is ignored.

[ -n ]

Previews modifications, but make no changes to entries. Useful in conjunction with -v and -d for debugging.

[ -v ]

Uses verbose mode, with diagnostics written to standard output.

[ -F ]

Forces application of all changes regardless of the content of input lines that begin with replica:. By default, replica: lines are compared against the LDAP server host and port in use to decide whether a replog record should be applied.

[ -d debuglevel ]

Sets the LDAP debugging level. Useful levels of debugging for ldapmodify and ldapadd are:
1 - Trace
2 - Packets
4 - Arguments
32 - Filters
128 - Access control
To request more than one category of debugging information, add the masks. For example, to request trace and filter information, specify a debug level of 33. See the following section "slapdcmd" for a complete list of debugging and trace levels.

[ -D binddn ]

Uses the distinguished name binddn to bind to the directory.

[ -f file ]

Reads the entry modification information from file instead of from standard input.

[ -h ldaphost ]

Specifies an alternate host on which the slapd server is running.

[ -p ldapport ]

Specifies an alternate TCP port where the slapd server is listening.

[ -w passwd ]

Uses passwd as the password for authentication to the directory.

Input Format

The format of the input to ldapadd and ldapmodify is defined in "slapdrepl." The following exceptions to the slapd.replog file format are allowed:

If the first line of a record consists of a decimal number (entry id), it is ignored.

Lines that begin with replica: are matched against the LDAP server host and port in use to decide whether a particular replog record should be applied. The -F flag can be used to force ldapmodify to apply all of the replog changes, regardless of the presence or absence of any replica: lines. Any other lines that precede the dn: line are ignored.

If no changetype: line is present, the default is add if the -a flag is set (or if the program was invoked as ldapadd) and modify otherwise.

If the changetype: is modify and no add:, replace:, or delete: lines appear, the default is replace: if the -r flag is set and add: otherwise.

These exceptions to the slapd.replog format allow LDIF entries to be used as input to ldapmodify or ldapadd. For details on the LDIF format and the ldif command, see "ldif2ldbm." Information about configuring slapd.replog is available in Chapter 4, "Sun Directory Services Configuration," in the section entitled "Directory Service Log Files."

Examples


	1.	The file `/tmp/entrymods` contains the following modification instructions:

dn: cn=Modify Me, o=XYZ, c=US

changetype: modify

replace: mail

mail: modme@atlanta.xyz.com

add: title

title: System Manager

add: jpegPhoto

jpegPhoto: /tmp/modme.jpeg

delete: description

The command:
% ldapmodify -b -r -f /tmp/entrymods
modifies the Modify Me entry as follows:

The current value of the mail attribute is replaced with the value modme@atlanta.xyz.com.

A title attribute with the value System Manager is added.

A jpegPhoto attribute is added, using the contents of the file /tmp/modme.jpeg as the attribute value.

The description attribute is removed.


	2.	The file `/tmp/newentry` contains the following information for creating a new entry:

dn: cn=Ann Jones, o=XYZ, c=US

objectClass: person

cn: Ann Jones

cn: Annie Jones

sn: Jones

title: Director of Research and Development

mail: ajones@londonrd.xyz.us.com

uid: ajones

The following command adds a new entry for Ann Jones, using the information in the file:
% ldapadd -f /tmp/newentry


	3.	The file `/tmp/badentry` contains the following information about an entry to be deleted:

dn: cn=Ann Jones, o=XYZ, c=US

changetype: delete

The following command removes the entry for Ann Jones:
% ldapmodify -f /tmp/badentry

`[ -a ]`	Adds new entries. The default for `ldapmodify` is to modify existing entries. If invoked as `ldapadd`, this flag is always set.
`[ -b ]`	Assumes that any value that starts with a forward slash (/) is the pathname of a file containing the actual attribute value. This is useful for attribute values in binary format.
`[ -c ]`	Runs in continuous operation mode. Errors are reported, but `ldapmodify` continues with modifications. The default is to exit after reporting an error.
`[ -r ]`	Replaces existing value with the specified value. This is the default for `ldapmodify`. When `ldapadd` is called, or if the `-a` option is specified, the `-r` option is ignored.
`[ -n ]`	Previews modifications, but make no changes to entries. Useful in conjunction with `-v` and `-d` for debugging.
`[ -v ]`	Uses verbose mode, with diagnostics written to standard output.
`[ -F ]`	Forces application of all changes regardless of the content of input lines that begin with replica:. By default, replica: lines are compared against the LDAP server host and port in use to decide whether a replog record should be applied.
`[ -d` debuglevel ]	Sets the LDAP debugging level. Useful levels of debugging for `ldapmodify` and `ldapadd` are: 1 - Trace 2 - Packets 4 - Arguments 32 - Filters 128 - Access control To request more than one category of debugging information, add the masks. For example, to request trace and filter information, specify a debug level of 33. See the following section "slapdcmd" for a complete list of debugging and trace levels.
`[ -D` binddn ]	Uses the distinguished name binddn to bind to the directory.
`[ -f` file ]	Reads the entry modification information from file instead of from standard input.
`[ -h` ldaphost ]	Specifies an alternate host on which the `slapd` server is running.
`[ -p` ldapport ]	Specifies an alternate TCP port where the `slapd` server is listening.
`[ -w` passwd ]	Uses passwd as the password for authentication to the directory.

ldapmodify

Syntax ldapmodify [ -abcrnvF ] [ -d debuglevel ] [ -D binddn ] [ -w passwd ] [ -h ldaphost ]\ [ -p ldapport ] [ -f file ] ldapadd [ -bcnvF ] [ -d debuglevel ] [ -D binddn ] [ -w passwd ] [ -h ldaphost ]\ [ -p ldapport ] [ -f file ]

Input Format

Examples

`ldapmodify`

Syntax

`ldapmodify` [ `-abcrnvF` ] [ `-d` debuglevel ] [ `-D` binddn ] [ `-w` passwd ] [ `-h` ldaphost ]\ [ `-p` ldapport ] [ `-f` file ]

`ldapadd` [ `-bcnvF` ] [ `-d` debuglevel ] [ `-D` binddn ] [ `-w` passwd ] [ `-h` ldaphost ]\
[ `-p` ldapport ] [ `-f` file ]