ldapmodify.1 8.43 KB
Newer Older
1
.TH LDAPMODIFY 1 "RELEASEDATE" "OpenLDAP LDVERSION"
Kurt Zeilenga's avatar
Kurt Zeilenga committed
2
.\" $OpenLDAP$
Kurt Zeilenga's avatar
Kurt Zeilenga committed
3
.\" Copyright 1998-2012 The OpenLDAP Foundation All Rights Reserved.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
5
.SH NAME
Kurt Zeilenga's avatar
Kurt Zeilenga committed
6
ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
Kurt Zeilenga's avatar
Kurt Zeilenga committed
7
8
.SH SYNOPSIS
.B ldapmodify
9
[\c
10
.BR \-V [ V ]]
11
[\c
12
.BI \-d \ debuglevel\fR]
Kurt Zeilenga's avatar
Kurt Zeilenga committed
13
[\c
14
15
16
17
.BR \-n ]
[\c
.BR \-v ]
[\c
18
19
20
21
22
23
24
25
.BR \-a ]
[\c
.BR \-c ]
[\c
.BI \-f \ file\fR]
[\c
.BI \-S \ file\fR]
[\c
26
.BR \-M [ M ]]
27
[\c
28
.BR \-x ]
29
30
31
[\c
.BI \-D \ binddn\fR]
[\c
32
33
.BR \-W ]
[\c
34
35
.BI \-w \ passwd\fR]
[\c
Kurt Zeilenga's avatar
Add -y.    
Kurt Zeilenga committed
36
37
.BI \-y \ passwdfile\fR]
[\c
Kurt Zeilenga's avatar
Kurt Zeilenga committed
38
39
.BI \-H \ ldapuri\fR]
[\c
40
41
42
43
.BI \-h \ ldaphost\fR]
[\c
.BI \-p \ ldapport\fR]
[\c
44
.BR \-P \ { 2 \||\| 3 }]
45
[\c
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
46
47
48
49
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
50
.BI \-o \ opt \fR[= optparam \fR]]
51
[\c
52
.BI \-O \ security-properties\fR]
53
[\c
Kurt Zeilenga's avatar
Kurt Zeilenga committed
54
55
56
57
.BR \-I ]
[\c
.BR \-Q ]
[\c
58
59
.BR \-N ]
[\c
60
.BI \-U \ authcid\fR]
61
[\c
Kurt Zeilenga's avatar
Kurt Zeilenga committed
62
63
.BI \-R \ realm\fR]
[\c
64
65
66
67
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
68
.BR \-Z [ Z ]]
Kurt Zeilenga's avatar
Kurt Zeilenga committed
69
70
.LP
.B ldapadd
71
[\c
72
.BR \-V [ V ]]
73
[\c
74
.BI \-d \ debuglevel\fR]
Kurt Zeilenga's avatar
Kurt Zeilenga committed
75
[\c
76
77
78
79
.BR \-n ]
[\c
.BR \-v ]
[\c
80
81
82
83
84
85
.BR \-c ]
[\c
.BI \-f \ file\fR]
[\c
.BI \-S \ file\fR]
[\c
86
.BR \-M [ M ]]
87
[\c
88
.BR \-x ]
89
90
91
[\c
.BI \-D \ binddn\fR]
[\c
92
93
.BR \-W ]
[\c
94
95
.BI \-w \ passwd\fR]
[\c
Kurt Zeilenga's avatar
Add -y.    
Kurt Zeilenga committed
96
97
.BI \-y \ passwdfile\fR]
[\c
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
98
99
.BI \-H \ ldapuri\fR]
[\c
100
101
102
103
.BI \-h \ ldaphost\fR]
[\c
.BI \-p \ ldapport\fR]
[\c
104
.BR \-P \ { 2 \||\| 3 }]
105
[\c
106
107
108
109
110
111
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BI \-o \ opt \fR[= optparam \fR]]
[\c
112
.BI \-O \ security-properties\fR]
113
[\c
Kurt Zeilenga's avatar
Kurt Zeilenga committed
114
115
116
.BR \-I ]
[\c
.BR \-Q ]
117
[\c
118
119
.BR \-N ]
[\c
120
.BI \-U \ authcid\fR]
121
[\c
Kurt Zeilenga's avatar
Kurt Zeilenga committed
122
123
.BI \-R \ realm\fR]
[\c
124
125
126
127
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
128
.BR \-Z [ Z ]]
Kurt Zeilenga's avatar
Kurt Zeilenga committed
129
130
131
.SH DESCRIPTION
.B ldapmodify
is a shell-accessible interface to the
132
133
134
.BR ldap_add_ext (3),
.BR ldap_modify_ext (3),
.BR ldap_delete_ext (3)
Kurt Zeilenga's avatar
Kurt Zeilenga committed
135
and
136
.BR ldap_rename (3).
Kurt Zeilenga's avatar
Kurt Zeilenga committed
137
138
139
140
library calls.
.B ldapadd
is implemented as a hard link to the ldapmodify tool.  When invoked as
.B ldapadd
141
the \fB\-a\fP (add new entry) flag is turned on automatically.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
142
143
144
145
.LP
.B ldapmodify
opens a connection to an LDAP server, binds, and modifies or adds entries.
The entry information is read from standard input or from \fIfile\fP through
146
the use of the \fB\-f\fP option.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
147
148
.SH OPTIONS
.TP
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
.BR \-V [ V ]
Print version info.
If \fB\-VV\fP is given, only the version information is printed.
.TP
.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldapmodify
must be compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
.B \-n
Show what would be done, but don't actually modify entries.  Useful for
debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Use verbose mode, with many diagnostics written to standard output.
.TP
Kurt Zeilenga's avatar
Kurt Zeilenga committed
165
166
167
168
169
170
171
172
173
174
175
176
177
.B \-a
Add new entries.  The default for
.B ldapmodify
is to modify existing entries.  If invoked as
.BR ldapadd ,
this flag is always set.
.TP
.B \-c
Continuous operation mode.  Errors are reported, but
.B ldapmodify
will continue with modifications.  The default is to exit after
reporting an error.
.TP
178
179
180
181
.BI \-f \ file
Read the entry modification information from \fIfile\fP instead of from
standard input.
.TP
Kurt Zeilenga's avatar
Kurt Zeilenga committed
182
.BI \-S \ file
183
Add or change records which were skipped due to an error are written to \fIfile\fP 
Kurt Zeilenga's avatar
Kurt Zeilenga committed
184
and the error message returned by the server is added as a comment. Most useful in 
185
conjunction with \fB\-c\fP.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
186
.TP
187
.BR \-M [ M ]
188
189
190
191
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
Kurt Zeilenga's avatar
Kurt Zeilenga committed
192
193
194
.B \-x 
Use simple authentication instead of SASL.
.TP
195
.BI \-D \ binddn
Kurt Zeilenga's avatar
Kurt Zeilenga committed
196
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
197
For SASL binds, the server is expected to ignore this value.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
198
.TP
199
200
201
202
.B \-W
Prompt for simple authentication.
This is used instead of specifying the password on the command line.
.TP
203
.BI \-w \ passwd
Kurt Zeilenga's avatar
Kurt Zeilenga committed
204
205
Use \fIpasswd\fP as the password for simple authentication.
.TP
Kurt Zeilenga's avatar
Add -y.    
Kurt Zeilenga committed
206
207
208
209
.BI \-y \ passwdfile
Use complete contents of \fIpasswdfile\fP as the password for
simple authentication.
.TP
Kurt Zeilenga's avatar
Kurt Zeilenga committed
210
.BI \-H \ ldapuri
211
212
213
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
fields are allowed; a list of URI, separated by whitespace or commas
is expected.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
214
.TP
215
.BI \-h \ ldaphost
Kurt Zeilenga's avatar
Kurt Zeilenga committed
216
Specify an alternate host on which the ldap server is running.
217
Deprecated in favor of \fB\-H\fP.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
218
.TP
219
.BI \-p \ ldapport
Kurt Zeilenga's avatar
Kurt Zeilenga committed
220
Specify an alternate TCP port where the ldap server is listening.
221
Deprecated in favor of \fB\-H\fP.
222
.TP
223
.BR \-P \ { 2 \||\| 3 }
224
Specify the LDAP protocol version to use.
225
.TP
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
226
227
228
229
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
.TP
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]

Pierangelo Masarati's avatar
Pierangelo Masarati committed
230
Specify general extensions with \fB\-e\fP and modify extensions with \fB\-E\fP.
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
231
232
233
234
\'\fB!\fP\' indicates criticality.

General extensions:
.nf
Pierangelo Masarati's avatar
Pierangelo Masarati committed
235
236
237
238
  [!]assert=<filter>    (an RFC 4515 Filter)
  !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
  [!]bauthzid           (RFC 3829 authzid control)
  [!]chaining[=<resolve>[/<cont>]]
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
239
240
241
  [!]manageDSAit
  [!]noop
  ppolicy
Pierangelo Masarati's avatar
Pierangelo Masarati committed
242
243
244
245
246
247
248
  [!]postread[=<attrs>] (a comma-separated attribute list)
  [!]preread[=<attrs>]  (a comma-separated attribute list)
  [!]relax
  sessiontracking
  abandon,cancel,ignore (SIGINT sends abandon/cancel,
  or ignores response; if critical, doesn't wait for SIGINT.
  not really controls)
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
249
250
.fi

Pierangelo Masarati's avatar
Pierangelo Masarati committed
251
Modify extensions:
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
252
.nf
Pierangelo Masarati's avatar
Pierangelo Masarati committed
253
  [!]txn[=abort|commit]
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
254
255
.fi
.TP
256
.BI \-o \ opt \fR[= optparam \fR]]
257
258
259
260
261
262
263
264
265

Specify general options.

General options:
.nf
  nettimeout=<timeout>  (in seconds, or "none" or "max")
  ldif-wrap=<width>     (in columns, or "no" for no wrapping)
.fi
.TP
266
267
268
.BI \-O \ security-properties
Specify SASL security properties.
.TP
Kurt Zeilenga's avatar
Kurt Zeilenga committed
269
270
271
272
273
274
275
.B \-I
Enable SASL Interactive mode.  Always prompt.  Default is to prompt
only as needed.
.TP
.B \-Q
Enable SASL Quiet mode.  Never prompt.
.TP
276
277
278
.B \-N
Do not use reverse DNS to canonicalize SASL host name.
.TP
279
280
281
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
282
.TP
Kurt Zeilenga's avatar
Kurt Zeilenga committed
283
284
285
286
.BI \-R \ realm
Specify the realm of authentication ID for SASL bind. The form of the realm
depends on the actual SASL mechanism used.
.TP
287
288
289
290
.BI \-X \ authzid
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
291
.BI dn: "<distinguished name>"
292
or
293
.BI u: <username>
294
295
296
297
298
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
299
.BR \-Z [ Z ]
300
Issue StartTLS (Transport Layer Security) extended operation. If you use
301
.B \-ZZ\c
302
, the command will require the operation to be successful.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
303
.SH INPUT FORMAT
304
The contents of \fIfile\fP (or standard input if no \fB\-f\fP flag is given on
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
305
the command line) must conform to the format defined in
Kurt Zeilenga's avatar
Kurt Zeilenga committed
306
.BR ldif (5)
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
307
(LDIF as defined in RFC 2849).
Kurt Zeilenga's avatar
Kurt Zeilenga committed
308
309
310
311
312
313
.SH EXAMPLES
Assuming that the file
.B /tmp/entrymods
exists and has the contents:
.LP
.nf
Kurt Zeilenga's avatar
Kurt Zeilenga committed
314
    dn: cn=Modify Me,dc=example,dc=com
Kurt Zeilenga's avatar
Kurt Zeilenga committed
315
316
    changetype: modify
    replace: mail
317
    mail: modme@example.com
318
    \-
Kurt Zeilenga's avatar
Kurt Zeilenga committed
319
320
    add: title
    title: Grand Poobah
321
    \-
Kurt Zeilenga's avatar
Kurt Zeilenga committed
322
    add: jpegPhoto
Howard Chu's avatar
Howard Chu committed
323
    jpegPhoto:< file:///tmp/modme.jpeg
324
    \-
Kurt Zeilenga's avatar
Kurt Zeilenga committed
325
    delete: description
326
    \-
Kurt Zeilenga's avatar
Kurt Zeilenga committed
327
328
329
330
331
.fi
.LP
the command:
.LP
.nf
332
    ldapmodify \-f /tmp/entrymods
Kurt Zeilenga's avatar
Kurt Zeilenga committed
333
334
335
336
.fi
.LP
will replace the contents of the "Modify Me" entry's
.I mail
Kurt Zeilenga's avatar
Kurt Zeilenga committed
337
attribute with the value "modme@example.com", add a
Kurt Zeilenga's avatar
Kurt Zeilenga committed
338
339
340
341
342
343
344
345
346
347
348
349
350
.I title
of "Grand Poobah", and the contents of the file "/tmp/modme.jpeg"
as a
.IR jpegPhoto ,
and completely remove the
.I description
attribute.
.LP
Assuming that the file
.B /tmp/newentry
exists and has the contents:
.LP
.nf
Kurt Zeilenga's avatar
Kurt Zeilenga committed
351
    dn: cn=Barbara Jensen,dc=example,dc=com
Kurt Zeilenga's avatar
Kurt Zeilenga committed
352
353
354
355
356
    objectClass: person
    cn: Barbara Jensen
    cn: Babs Jensen
    sn: Jensen
    title: the world's most famous mythical manager
Kurt Zeilenga's avatar
Kurt Zeilenga committed
357
    mail: bjensen@example.com
Kurt Zeilenga's avatar
Kurt Zeilenga committed
358
    uid: bjensen
359
.fi
Kurt Zeilenga's avatar
Kurt Zeilenga committed
360
361
362
363
.LP
the command:
.LP
.nf
364
    ldapadd \-f /tmp/newentry
Kurt Zeilenga's avatar
Kurt Zeilenga committed
365
366
367
368
369
370
371
.fi
.LP
will add a new entry for Babs Jensen, using the values from the
file
.B /tmp/newentry.
.LP
Assuming that the file
Kurt Zeilenga's avatar
Kurt Zeilenga committed
372
.B /tmp/entrymods
Kurt Zeilenga's avatar
Kurt Zeilenga committed
373
374
375
exists and has the contents:
.LP
.nf
Kurt Zeilenga's avatar
Kurt Zeilenga committed
376
    dn: cn=Barbara Jensen,dc=example,dc=com
Kurt Zeilenga's avatar
Kurt Zeilenga committed
377
    changetype: delete
378
.fi
Kurt Zeilenga's avatar
Kurt Zeilenga committed
379
380
381
382
.LP
the command:
.LP
.nf
383
    ldapmodify \-f /tmp/entrymods
Kurt Zeilenga's avatar
Kurt Zeilenga committed
384
385
386
387
.fi
.LP
will remove Babs Jensen's entry.
.SH DIAGNOSTICS
Kurt Zeilenga's avatar
Kurt Zeilenga committed
388
389
Exit status is zero if no errors occur.  Errors result in a non-zero
exit status and a diagnostic message being written to standard error.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
390
391
392
393
394
.SH "SEE ALSO"
.BR ldapadd (1),
.BR ldapdelete (1),
.BR ldapmodrdn (1),
.BR ldapsearch (1),
395
.BR ldap.conf (5),
Kurt Zeilenga's avatar
Kurt Zeilenga committed
396
.BR ldap (3),
397
398
399
400
.BR ldap_add_ext (3),
.BR ldap_delete_ext (3),
.BR ldap_modify_ext (3),
.BR ldap_modrdn_ext (3),
401
.BR ldif (5),
Kurt Zeilenga's avatar
Kurt Zeilenga committed
402
.BR slapd.replog (5)
Kurt Zeilenga's avatar
Kurt Zeilenga committed
403
404
.SH AUTHOR
The OpenLDAP Project <http://www.openldap.org/>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
405
.SH ACKNOWLEDGEMENTS
406
.so ../Project