Name

ldapmodify — perform LDAP modify, add, delete, mod DN operations

Synopsis

ldapmodify {options}

Description

This utility can be used to perform LDAP modify, add, delete, and modify DN operations in the directory.

When not using a file to specify modifications, end your input with EOF (Ctrl+D on UNIX, Ctrl+Z on Windows).

Options

The following options are supported.

-a, --defaultAdd

Treat records with no changetype as add operations

--assertionFilter {filter}

Use the LDAP assertion control with the provided filter

-c, --continueOnError

Continue processing even if there are errors

-f, --filename {file}

LDIF file containing the changes to apply

-J, --control {controloid[:criticality[:value|::b64value|:<filePath]]}

Use a request control with the provided information

-n, --dry-run

Show what would be done but do not perform any operation

--postReadAttributes {attrList}

Use the LDAP ReadEntry post-read control

--preReadAttributes {attrList}

Use the LDAP ReadEntry pre-read control

-Y, --proxyAs {authzID}

Use the proxied authorization control with the given authorization ID

LDAP Connection Options

-D, --bindDN {bindDN}

DN to use to bind to the server

Default value: cn=Directory Manager

-E, --reportAuthzID

Use the authorization identity control

-h, --hostname {host}

Directory server hostname or IP address

Default value: localhost.localdomain

-j, --bindPasswordFile {bindPasswordFile}

Bind password file

-K, --keyStorePath {keyStorePath}

Certificate key store path

-N, --certNickname {nickname}

Nickname of certificate for SSL client authentication

-o, --saslOption {name=value}

SASL bind options

-p, --port {port}

Directory server port number

Default value: 389

-P, --trustStorePath {trustStorePath}

Certificate trust store path

-q, --useStartTLS

Use StartTLS to secure communication with the server

-T, --trustStorePassword {trustStorePassword}

Certificate trust store PIN

-u, --keyStorePasswordFile {keyStorePasswordFile}

Certificate key store PIN file

-U, --trustStorePasswordFile {path}

Certificate trust store PIN file

--usePasswordPolicyControl

Use the password policy request control

-V, --ldapVersion {version}

LDAP protocol version number

Default value: 3

-w, --bindPassword {bindPassword}

Password to use to bind to the server

-W, --keyStorePassword {keyStorePassword}

Certificate key store PIN

-X, --trustAll

Trust all server SSL certificates

-Z, --useSSL

Use SSL for secure communication with the server

Utility Input/Output Options

-i, --encoding {encoding}

Use the specified character set for command-line input

--noPropertiesFile

No properties file will be used to get default command line argument values

--propertiesFilePath {propertiesFilePath}

Path to the file containing default property values used for command line arguments

-v, --verbose

Use verbose mode

General Options

--version

Display version information

-?, -H, --help

Display usage information

Exit Codes

0

The command completed successfully.

ldap-error

An LDAP error occurred while processing the operation.

LDAP result codes are described in RFC 4511. Also see the additional information for details.

89

An error occurred while parsing the command-line arguments.

Files

You can use ~/.opendj/tools.properties to set the defaults for bind DN, host name, and port number as in the following example. 

hostname=directory.example.com
port=1389
bindDN=uid=kvaughan,ou=People,dc=example,dc=com

ldapcompare.port=1389
ldapdelete.port=1389
ldapmodify.port=1389
ldappasswordmodify.port=1389
ldapsearch.port=1389

Examples

The following example demonstrates use of the command to add an entry to the directory. 

$ cat newuser.ldif 
dn: uid=newuser,ou=People,dc=example,dc=com
uid: newuser
facsimileTelephoneNumber: +1 408 555 1213
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
givenName: New
cn: New User
cn: Real Name
telephoneNumber: +1 408 555 1212
sn: Jensen
roomNumber: 1234
homeDirectory: /home/newuser
uidNumber: 10389
mail: newuser@example.com
l: South Pole
ou: Product Development
ou: People
gidNumber: 10636

$ ldapmodify -p 1389 -a -f newuser.ldif
 -D uid=kvaughan,ou=people,dc=example,dc=com -w bribery
Processing ADD request for uid=newuser,ou=People,dc=example,dc=com
ADD operation successful for DN uid=newuser,ou=People,dc=example,dc=com

The following example demonstrates adding a Description attribute to the new user's entry. 

$ cat newdesc.ldif 
dn: uid=newuser,ou=People,dc=example,dc=com
changetype: modify
add: description
description: A new user's entry

$ ldapmodify -p 1389 -f newdesc.ldif
 -D uid=kvaughan,ou=people,dc=example,dc=com -w bribery
Processing MODIFY request for uid=newuser,ou=People,dc=example,dc=com
MODIFY operation successful for DN uid=newuser,ou=People,dc=example,dc=com

The following example demonstrates changing the Description attribute for the new user's entry. 

$ cat moddesc.ldif 
dn: uid=newuser,ou=People,dc=example,dc=com
changetype: modify
replace: description
description: Another description

$ ldapmodify -p 1389 -f moddesc.ldif
 -D uid=kvaughan,ou=people,dc=example,dc=com -w bribery
Processing MODIFY request for uid=newuser,ou=People,dc=example,dc=com
MODIFY operation successful for DN uid=newuser,ou=People,dc=example,dc=com

The following example demonstrates deleting the new user's entry.

$ cat deluser.ldif 
dn: uid=newuser,ou=People,dc=example,dc=com
changetype: delete

$ ldapmodify -p 1389 -f deluser.ldif
 -D uid=kvaughan,ou=people,dc=example,dc=com -w bribery
Processing DELETE request for uid=newuser,ou=People,dc=example,dc=com
DELETE operation successful for DN uid=newuser,ou=People,dc=example,dc=com