Name
ldapmodify — perform LDAP modify, add, delete, mod DN operations
Synopsis
ldapmodify
{options}
Description
This utility can be used to perform LDAP modify, add, delete, and modify DN operations in the directory.
When not using a file to specify modifications, end your input with EOF (Ctrl+D on UNIX, Ctrl+Z on Windows).
Options
The following options are supported.
-a, --defaultAdd
-
Treat records with no changetype as add operations
--assertionFilter {filter}
-
Use the LDAP assertion control with the provided filter
-c, --continueOnError
-
Continue processing even if there are errors
-f, --filename {file}
-
LDIF file containing the changes to apply
-J, --control {controloid[:criticality[:value|::b64value|:<filePath]]}
-
Use a request control with the provided information
-n, --dry-run
-
Show what would be done but do not perform any operation
--postReadAttributes {attrList}
-
Use the LDAP ReadEntry post-read control
--preReadAttributes {attrList}
-
Use the LDAP ReadEntry pre-read control
-Y, --proxyAs {authzID}
-
Use the proxied authorization control with the given authorization ID
LDAP Connection Options
-D, --bindDN {bindDN}
-
DN to use to bind to the server
Default value: cn=Directory Manager
-E, --reportAuthzID
-
Use the authorization identity control
-h, --hostname {host}
-
Directory server hostname or IP address
Default value: localhost.localdomain
-j, --bindPasswordFile {bindPasswordFile}
-
Bind password file
-K, --keyStorePath {keyStorePath}
-
Certificate key store path
-N, --certNickname {nickname}
-
Nickname of certificate for SSL client authentication
-o, --saslOption {name=value}
-
SASL bind options
-p, --port {port}
-
Directory server port number
Default value: 389
-P, --trustStorePath {trustStorePath}
-
Certificate trust store path
-q, --useStartTLS
-
Use StartTLS to secure communication with the server
-T, --trustStorePassword {trustStorePassword}
-
Certificate trust store PIN
-u, --keyStorePasswordFile {keyStorePasswordFile}
-
Certificate key store PIN file
-U, --trustStorePasswordFile {path}
-
Certificate trust store PIN file
--usePasswordPolicyControl
-
Use the password policy request control
-V, --ldapVersion {version}
-
LDAP protocol version number
Default value: 3
-w, --bindPassword {bindPassword}
-
Password to use to bind to the server
-W, --keyStorePassword {keyStorePassword}
-
Certificate key store PIN
-X, --trustAll
-
Trust all server SSL certificates
-Z, --useSSL
-
Use SSL for secure communication with the server
Utility Input/Output Options
-i, --encoding {encoding}
-
Use the specified character set for command-line input
--noPropertiesFile
-
No properties file will be used to get default command line argument values
--propertiesFilePath {propertiesFilePath}
-
Path to the file containing default property values used for command line arguments
-v, --verbose
-
Use verbose mode
Exit Codes
- 0
-
The command completed successfully.
ldap-error
-
An LDAP error occurred while processing the operation.
LDAP result codes are described in RFC 4511. Also see the additional information for details.
- 89
-
An error occurred while parsing the command-line arguments.
Files
You can use ~/.opendj/tools.properties
to set
the defaults for bind DN, host name, and port number as in the following
example.
hostname=directory.example.com port=1389 bindDN=uid=kvaughan,ou=People,dc=example,dc=com ldapcompare.port=1389 ldapdelete.port=1389 ldapmodify.port=1389 ldappasswordmodify.port=1389 ldapsearch.port=1389
Examples
The following example demonstrates use of the command to add an entry to the directory.
$ cat newuser.ldif dn: uid=newuser,ou=People,dc=example,dc=com uid: newuser facsimileTelephoneNumber: +1 408 555 1213 objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top givenName: New cn: New User cn: Real Name telephoneNumber: +1 408 555 1212 sn: Jensen roomNumber: 1234 homeDirectory: /home/newuser uidNumber: 10389 mail: newuser@example.com l: South Pole ou: Product Development ou: People gidNumber: 10636 $ ldapmodify -p 1389 -a -f newuser.ldif -D uid=kvaughan,ou=people,dc=example,dc=com -w bribery Processing ADD request for uid=newuser,ou=People,dc=example,dc=com ADD operation successful for DN uid=newuser,ou=People,dc=example,dc=com
The following example demonstrates adding a Description attribute to the new user's entry.
$ cat newdesc.ldif dn: uid=newuser,ou=People,dc=example,dc=com changetype: modify add: description description: A new user's entry $ ldapmodify -p 1389 -f newdesc.ldif -D uid=kvaughan,ou=people,dc=example,dc=com -w bribery Processing MODIFY request for uid=newuser,ou=People,dc=example,dc=com MODIFY operation successful for DN uid=newuser,ou=People,dc=example,dc=com
The following example demonstrates changing the Description attribute for the new user's entry.
$ cat moddesc.ldif dn: uid=newuser,ou=People,dc=example,dc=com changetype: modify replace: description description: Another description $ ldapmodify -p 1389 -f moddesc.ldif -D uid=kvaughan,ou=people,dc=example,dc=com -w bribery Processing MODIFY request for uid=newuser,ou=People,dc=example,dc=com MODIFY operation successful for DN uid=newuser,ou=People,dc=example,dc=com
The following example demonstrates deleting the new user's entry.
$ cat deluser.ldif dn: uid=newuser,ou=People,dc=example,dc=com changetype: delete $ ldapmodify -p 1389 -f deluser.ldif -D uid=kvaughan,ou=people,dc=example,dc=com -w bribery Processing DELETE request for uid=newuser,ou=People,dc=example,dc=com DELETE operation successful for DN uid=newuser,ou=People,dc=example,dc=com