The ldapmodify utility modifies the attributes of an existing entry or adds new entries. It has the following syntax:
ldapmodify [options]
NOTE:On a NetWare server, the utility is called lmodify.
If the -f option is specified, ldapmodify reads the modifications from a file. If the -f option is not specified, ldapmodify reads the modifications from stdin.
HINT:Output from the ldap utilities is sent to stdout. If the utility exits before you can view the output, redirect the output to a file, for example, ldapmodify [options] > out.txt.
Replace [options] with one or more of the following:
Option |
Description |
---|---|
-a |
Adds new entries. The default for ldapmodify is to modify existing entries. If invoked to add entries, this flag must be set. This option can be used with the -f <file> option to read the entries to add from a file. A changetype should not be specified in the file. |
-c |
Enables continuous operation mode. Errors are reported, but ldapmodify will continue with modifications. The default is to exit after reporting an error |
-r |
Replaces existing values by default. |
-f <file> |
Reads the entry modification information from a file instead of from standard input. The maximum length of a record is 4096 lines. The record is assumed to be an LDIF record if the first line starts with a pound sign or a colon appears to the left of an equals sign. Each record should include a changetype line specifying add, modify, replace, or delete. (See LDIF Examples.) |
-F |
Forces the application to apply all changes regardless of the contents of input lines that begin with the following: replica: By default, these lines are compared against the LDAP server host and port in use to decide if a replog record should actually be applied. |
Common Options |
Description |
-C |
Enable referral following. (anonymous bind.) |
-d <level> |
Sets the LDAP debugging level to the specified level. The ldapmodify utility must be compiled with LDAP_DEBUG defined for this option to have any effect. |
-D <binddn> |
Specifies the dn to use in binding to the LDAP server. The dn should be a string-represented dn as defined in RFC 1779. |
-e <file> |
Specifies the certificate file to use with an SSL bind. |
-E |
Use the key file at /etc/opt/novell/certs/SSCert.der for SSL bind. NOTE:This option works only on Cypress Linux. |
-h <host> |
Specifies an alternate host on which the LDAP server is running. |
-l <limit> |
Specifies the connection timeout (in seconds). |
-M |
enable Manage DSA IT control. (non-critical) |
-MM |
enable Manage DSA IT control. (critical) |
-n |
Shows what would be done, but doesn’t actually modify entries. Useful for debugging in conjunction with -v (verbose mode) which writes many diagnostics to standard output. |
-p <port> |
Specifies an alternate TCP port where the LDAP server is listening. |
-P <version> |
Specifies the LDAP version (2 or 3). |
-v |
Uses the verbose mode which writes many diagnostics to standard output. |
-w <passwd> |
Specifies the password to use for simple authentication. |
-W |
Prompts the user for the password for simple authentication. This is used instead of specifying the password on the command line |
-Z |
Starts TLS before binding to perform the operation. If an error occurs during the Start TLS operation the error is ignored and the operation continues. It is recommended that the -ZZ option be used in place of this option to cause the operation to abort if an error occurs. If a port is specified with this with this option, it must accept clear text connections. To verify the server identity, this option should be used in conjunction with the -e option to specify a server certificate file to validate the server trusted root certificate when TLS is started. If the -e option is not specified, any certificate from the server will be accepted. |
-ZZ |
Starts TLS before binding to perform the operation. If an error occurs during the Start TLS operation the operation is aborted. If a port is specified with this with this option, it must accept clear text connections. To verify server identity, this option should be used in conjunction with the -e option to specify a server certificate file to validate the server trusted root certificate when TLS is started. If the -e option is not specified, any certificate from the server is accepted. |