1.lf 1 stdin 2.TH LDAPMODIFY 1 "2020/04/28" "OpenLDAP 2.4.50" 3.\" $OpenLDAP$ 4.\" Copyright 1998-2020 The OpenLDAP Foundation All Rights Reserved. 5.\" Copying restrictions apply. See COPYRIGHT/LICENSE. 6.SH NAME 7ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools 8.SH SYNOPSIS 9.B ldapmodify 10[\c 11.BR \-V [ V ]] 12[\c 13.BI \-d \ debuglevel\fR] 14[\c 15.BR \-n ] 16[\c 17.BR \-v ] 18[\c 19.BR \-a ] 20[\c 21.BR \-c ] 22[\c 23.BI \-f \ file\fR] 24[\c 25.BI \-S \ file\fR] 26[\c 27.BR \-M [ M ]] 28[\c 29.BR \-x ] 30[\c 31.BI \-D \ binddn\fR] 32[\c 33.BR \-W ] 34[\c 35.BI \-w \ passwd\fR] 36[\c 37.BI \-y \ passwdfile\fR] 38[\c 39.BI \-H \ ldapuri\fR] 40[\c 41.BI \-h \ ldaphost\fR] 42[\c 43.BI \-p \ ldapport\fR] 44[\c 45.BR \-P \ { 2 \||\| 3 }] 46[\c 47.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] 48[\c 49.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] 50[\c 51.BI \-o \ opt \fR[= optparam \fR]] 52[\c 53.BI \-O \ security-properties\fR] 54[\c 55.BR \-I ] 56[\c 57.BR \-Q ] 58[\c 59.BR \-N ] 60[\c 61.BI \-U \ authcid\fR] 62[\c 63.BI \-R \ realm\fR] 64[\c 65.BI \-X \ authzid\fR] 66[\c 67.BI \-Y \ mech\fR] 68[\c 69.BR \-Z [ Z ]] 70.LP 71.B ldapadd 72[\c 73.BR \-V [ V ]] 74[\c 75.BI \-d \ debuglevel\fR] 76[\c 77.BR \-n ] 78[\c 79.BR \-v ] 80[\c 81.BR \-c ] 82[\c 83.BI \-f \ file\fR] 84[\c 85.BI \-S \ file\fR] 86[\c 87.BR \-M [ M ]] 88[\c 89.BR \-x ] 90[\c 91.BI \-D \ binddn\fR] 92[\c 93.BR \-W ] 94[\c 95.BI \-w \ passwd\fR] 96[\c 97.BI \-y \ passwdfile\fR] 98[\c 99.BI \-H \ ldapuri\fR] 100[\c 101.BI \-h \ ldaphost\fR] 102[\c 103.BI \-p \ ldapport\fR] 104[\c 105.BR \-P \ { 2 \||\| 3 }] 106[\c 107.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] 108[\c 109.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] 110[\c 111.BI \-o \ opt \fR[= optparam \fR]] 112[\c 113.BI \-O \ security-properties\fR] 114[\c 115.BR \-I ] 116[\c 117.BR \-Q ] 118[\c 119.BR \-N ] 120[\c 121.BI \-U \ authcid\fR] 122[\c 123.BI \-R \ realm\fR] 124[\c 125.BI \-X \ authzid\fR] 126[\c 127.BI \-Y \ mech\fR] 128[\c 129.BR \-Z [ Z ]] 130.SH DESCRIPTION 131.B ldapmodify 132is a shell-accessible interface to the 133.BR ldap_add_ext (3), 134.BR ldap_modify_ext (3), 135.BR ldap_delete_ext (3) 136and 137.BR ldap_rename (3). 138library calls. 139.B ldapadd 140is implemented as a hard link to the ldapmodify tool. When invoked as 141.B ldapadd 142the \fB\-a\fP (add new entry) flag is turned on automatically. 143.LP 144.B ldapmodify 145opens a connection to an LDAP server, binds, and modifies or adds entries. 146The entry information is read from standard input or from \fIfile\fP through 147the use of the \fB\-f\fP option. 148.SH OPTIONS 149.TP 150.BR \-V [ V ] 151Print version info. 152If \fB\-VV\fP is given, only the version information is printed. 153.TP 154.BI \-d \ debuglevel 155Set the LDAP debugging level to \fIdebuglevel\fP. 156.B ldapmodify 157must be compiled with LDAP_DEBUG defined for this option to have any effect. 158.TP 159.B \-n 160Show what would be done, but don't actually modify entries. Useful for 161debugging in conjunction with \fB\-v\fP. 162.TP 163.B \-v 164Use verbose mode, with many diagnostics written to standard output. 165.TP 166.B \-a 167Add new entries. The default for 168.B ldapmodify 169is to modify existing entries. If invoked as 170.BR ldapadd , 171this flag is always set. 172.TP 173.B \-c 174Continuous operation mode. Errors are reported, but 175.B ldapmodify 176will continue with modifications. The default is to exit after 177reporting an error. 178.TP 179.BI \-f \ file 180Read the entry modification information from \fIfile\fP instead of from 181standard input. 182.TP 183.BI \-S \ file 184Add or change records which were skipped due to an error are written to \fIfile\fP 185and the error message returned by the server is added as a comment. Most useful in 186conjunction with \fB\-c\fP. 187.TP 188.BR \-M [ M ] 189Enable manage DSA IT control. 190.B \-MM 191makes control critical. 192.TP 193.B \-x 194Use simple authentication instead of SASL. 195.TP 196.BI \-D \ binddn 197Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory. 198For SASL binds, the server is expected to ignore this value. 199.TP 200.B \-W 201Prompt for simple authentication. 202This is used instead of specifying the password on the command line. 203.TP 204.BI \-w \ passwd 205Use \fIpasswd\fP as the password for simple authentication. 206.TP 207.BI \-y \ passwdfile 208Use complete contents of \fIpasswdfile\fP as the password for 209simple authentication. 210.TP 211.BI \-H \ ldapuri 212Specify URI(s) referring to the ldap server(s); only the protocol/host/port 213fields are allowed; a list of URI, separated by whitespace or commas 214is expected. 215.TP 216.BI \-h \ ldaphost 217Specify an alternate host on which the ldap server is running. 218Deprecated in favor of \fB\-H\fP. 219.TP 220.BI \-p \ ldapport 221Specify an alternate TCP port where the ldap server is listening. 222Deprecated in favor of \fB\-H\fP. 223.TP 224.BR \-P \ { 2 \||\| 3 } 225Specify the LDAP protocol version to use. 226.TP 227.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ] 228.TP 229.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ] 230 231Specify general extensions with \fB\-e\fP and modify extensions with \fB\-E\fP. 232\'\fB!\fP\' indicates criticality. 233 234General extensions: 235.nf 236 [!]assert=<filter> (an RFC 4515 Filter) 237 !authzid=<authzid> ("dn:<dn>" or "u:<user>") 238 [!]bauthzid (RFC 3829 authzid control) 239 [!]chaining[=<resolve>[/<cont>]] 240 [!]manageDSAit 241 [!]noop 242 ppolicy 243 [!]postread[=<attrs>] (a comma-separated attribute list) 244 [!]preread[=<attrs>] (a comma-separated attribute list) 245 [!]relax 246 sessiontracking 247 abandon,cancel,ignore (SIGINT sends abandon/cancel, 248 or ignores response; if critical, doesn't wait for SIGINT. 249 not really controls) 250.fi 251 252Modify extensions: 253.nf 254 [!]txn[=abort|commit] 255.fi 256.TP 257.BI \-o \ opt \fR[= optparam \fR]] 258 259Specify general options. 260 261General options: 262.nf 263 nettimeout=<timeout> (in seconds, or "none" or "max") 264 ldif-wrap=<width> (in columns, or "no" for no wrapping) 265.fi 266.TP 267.BI \-O \ security-properties 268Specify SASL security properties. 269.TP 270.B \-I 271Enable SASL Interactive mode. Always prompt. Default is to prompt 272only as needed. 273.TP 274.B \-Q 275Enable SASL Quiet mode. Never prompt. 276.TP 277.B \-N 278Do not use reverse DNS to canonicalize SASL host name. 279.TP 280.BI \-U \ authcid 281Specify the authentication ID for SASL bind. The form of the ID 282depends on the actual SASL mechanism used. 283.TP 284.BI \-R \ realm 285Specify the realm of authentication ID for SASL bind. The form of the realm 286depends on the actual SASL mechanism used. 287.TP 288.BI \-X \ authzid 289Specify the requested authorization ID for SASL bind. 290.I authzid 291must be one of the following formats: 292.BI dn: "<distinguished name>" 293or 294.BI u: <username> 295.TP 296.BI \-Y \ mech 297Specify the SASL mechanism to be used for authentication. If it's not 298specified, the program will choose the best mechanism the server knows. 299.TP 300.BR \-Z [ Z ] 301Issue StartTLS (Transport Layer Security) extended operation. If you use 302.B \-ZZ\c 303, the command will require the operation to be successful. 304.SH INPUT FORMAT 305The contents of \fIfile\fP (or standard input if no \fB\-f\fP flag is given on 306the command line) must conform to the format defined in 307.BR ldif (5) 308(LDIF as defined in RFC 2849). 309.SH EXAMPLES 310Assuming that the file 311.B /tmp/entrymods 312exists and has the contents: 313.LP 314.nf 315 dn: cn=Modify Me,dc=example,dc=com 316 changetype: modify 317 replace: mail 318 mail: modme@example.com 319 \- 320 add: title 321 title: Grand Poobah 322 \- 323 add: jpegPhoto 324 jpegPhoto:< file:///tmp/modme.jpeg 325 \- 326 delete: description 327 \- 328.fi 329.LP 330the command: 331.LP 332.nf 333 ldapmodify \-f /tmp/entrymods 334.fi 335.LP 336will replace the contents of the "Modify Me" entry's 337.I mail 338attribute with the value "modme@example.com", add a 339.I title 340of "Grand Poobah", and the contents of the file "/tmp/modme.jpeg" 341as a 342.IR jpegPhoto , 343and completely remove the 344.I description 345attribute. 346.LP 347Assuming that the file 348.B /tmp/newentry 349exists and has the contents: 350.LP 351.nf 352 dn: cn=Barbara Jensen,dc=example,dc=com 353 objectClass: person 354 cn: Barbara Jensen 355 cn: Babs Jensen 356 sn: Jensen 357 title: the world's most famous mythical manager 358 mail: bjensen@example.com 359 uid: bjensen 360.fi 361.LP 362the command: 363.LP 364.nf 365 ldapadd \-f /tmp/newentry 366.fi 367.LP 368will add a new entry for Babs Jensen, using the values from the 369file 370.B /tmp/newentry. 371.LP 372Assuming that the file 373.B /tmp/entrymods 374exists and has the contents: 375.LP 376.nf 377 dn: cn=Barbara Jensen,dc=example,dc=com 378 changetype: delete 379.fi 380.LP 381the command: 382.LP 383.nf 384 ldapmodify \-f /tmp/entrymods 385.fi 386.LP 387will remove Babs Jensen's entry. 388.SH DIAGNOSTICS 389Exit status is zero if no errors occur. Errors result in a non-zero 390exit status and a diagnostic message being written to standard error. 391.SH "SEE ALSO" 392.BR ldapadd (1), 393.BR ldapdelete (1), 394.BR ldapmodrdn (1), 395.BR ldapsearch (1), 396.BR ldap.conf (5), 397.BR ldap (3), 398.BR ldap_add_ext (3), 399.BR ldap_delete_ext (3), 400.BR ldap_modify_ext (3), 401.BR ldap_modrdn_ext (3), 402.BR ldif (5). 403.SH AUTHOR 404The OpenLDAP Project <http://www.openldap.org/> 405.SH ACKNOWLEDGEMENTS 406.lf 1 ./../Project 407.\" Shared Project Acknowledgement Text 408.B "OpenLDAP Software" 409is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>. 410.B "OpenLDAP Software" 411is derived from the University of Michigan LDAP 3.3 Release. 412.lf 406 stdin 413