ldapmodify
ldapmodify
— perform LDAP modify, add, delete, mod DN operations
Description
This utility can be used to perform LDAP modify, add, delete, and modify DN operations in the Directory Server. When not using file(s) to specify modifications, end your input with EOF (Ctrl+D on UNIX, Ctrl+Z on Windows).
Options
The ldapmodify
command takes the following options:
Command options:
--assertionFilter {filter}
-
Use the LDAP assertion control with the provided filter.
-c | --continueOnError
-
Continue processing even if there are errors. Default: false
-J | --control {controloid[:criticality[:value|::b64value|:<filePath]]}
-
Use a request control with the provided information. For some controloid values, you can replace object identifiers with user-friendly strings. The values are not case-sensitive:
Assertion
,LdapAssertion
-
Assertion Request Control, Object Identifier: 1.3.6.1.1.12
AccountUsable
,AccountUsability
-
Account Usability Request Control, Object Identifier: 1.3.6.1.4.1.42.2.27.9.5.8
AuthzId
,AuthorizationIdentity
-
Authorization Identity Request Control, Object Identifier: 2.16.840.1.113730.3.4.16
Csn
,ChangeSequenceNumber
-
Change Sequence Number Request Control, Object Identifier: 1.3.6.1.4.1.42.2.27.9.5.9 This is an internal DS server control.
EffectiveRights
,GetEffectiveRights
-
Get Effective Rights Request Control, Object Identifier: 1.3.6.1.4.1.42.2.27.9.5.2
ManageDsaIt
-
Manage DSAIT Request Control, Object Identifier: 2.16.840.1.113730.3.4.2
Noop
,No-Op
-
No-Op Request Control, Object Identifier: 1.3.6.1.4.1.4203.1.10.2
PwdPolicy
,PasswordPolicy
-
Password Policy Request Control, Object Identifier: 1.3.6.1.4.1.42.2.27.8.5.1
PasswordQualityAdvice
-
Password Quality Advice Request Control, Object Identifier: 1.3.6.1.4.1.36733.2.1.5.5
PermissiveModify
-
Permissive Modify Request Control, Object Identifier: 1.2.840.113556.1.4.1413
PSearch
,PersistentSearch
-
Persistent Search Request Control, Object Identifier: 2.16.840.1.113730.3.4.3
PostRead
-
Post Read Request Control, Object Identifier: 1.3.6.1.1.13.2
PreRead
-
Pre Read Request Control, Object Identifier: 1.3.6.1.1.13.1
ProxiedAuthV1
-
Proxied Authorization Request Control V1, Object Identifier: 2.16.840.1.113730.3.4.12
ProxiedAuth
,ProxiedAuthV2
-
Proxied Authorization Request Control V2, Object Identifier: 2.16.840.1.113730.3.4.18
RealAttrsOnly
,RealAttributesOnly
-
Real Attributes Only Request Control, Object Identifier: 2.16.840.1.113730.3.4.17
RelaxRules
-
Relax Rules Request Control, Object Identifier: 1.3.6.1.4.1.4203.666.5.12
TreeDelete
,SubTreeDelete
-
Subtree Delete Request Control, Object Identifier: 1.2.840.113556.1.4.805
Sort
,ServerSideSort
-
Server Side Sort Request Control, Object Identifier: 1.2.840.113556.1.4.473
PagedResults
,SimplePagedResults
-
Simple Paged Results Control, Object Identifier: 1.2.840.113556.1.4.319
SubEntries
-
Sub-Entries Request Control, Object Identifier: 1.3.6.1.4.1.4203.1.10.1
TxnId
,TransactionId
-
Transaction ID Control, Object Identifier: 1.3.6.1.4.1.36733.2.1.5.1 This is an internal ForgeRock control.
VirtualAttrsOnly
,VirtualAttributesOnly
-
Virtual Attributes Only Request Control, Object Identifier: 2.16.840.1.113730.3.4.19
Vlv
,VirtualListView
-
Virtual List View Request Control, Object Identifier: 2.16.840.1.113730.3.4.9
-n | --dry-run
-
Show what would be done but do not perform any operation and do not contact the server. Default: false
--numConnections {numConnections}
-
Number of connections. Default: 1
--postReadAttributes {attrList}
-
Use the LDAP ReadEntry post-read control.
--preReadAttributes {attrList}
-
Use the LDAP ReadEntry pre-read control.
-Y | --proxyAs {authzID}
-
Use the proxied authorization control with the given authorization ID.
LDAP connection options:
--connectTimeout {timeout}
-
Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. Default: 30000
-D | --bindDn {bindDN}
-
DN to use to bind to the server. Default:
-E | --reportAuthzId
-
Use the authorization identity control. Default: false
-h | --hostname {host}
-
Fully-qualified server host name or IP address. Default: localhost.localdomain
-N | --certNickname {nickname}
-
Nickname of the certificate that should be sent to the server for SSL client authentication.
-o | --saslOption {name=value}
-
SASL bind options.
-p | --port {port}
-
Directory server port number.
--providerArg {argument}
-
Configuration argument for the PKCS#11 provider.
--providerClass {class}
-
Full class name of the PKCS#11 provider.
--providerName {name}
-
Name of the PKCS#11 provider.
-q | --useStartTls
-
Use StartTLS to secure communication with the server. Default: false
-T | --trustStorePassword[:env|:file] {trustStorePassword}
-
Truststore password which will be used as the cleartext configuration value.
--useJavaKeyStore {keyStorePath}
-
JKS keystore containing the certificate which should be used for SSL client authentication.
--useJavaTrustStore {trustStorePath}
-
Use a JKS truststore file for validating server certificate.
--useJceKeyStore {keyStorePath}
-
JCEKS keystore containing the certificate which should be used for SSL client authentication.
--useJceTrustStore {trustStorePath}
-
Use a JCEKS truststore file for validating server certificate.
--useJvmTrustStore
-
Use the JVM truststore for validating server certificate. Default: false
--usePasswordPolicyControl
-
Use the password policy request control. Default: false
--usePkcs11KeyStore
-
PKCS#11 keystore containing the certificate which should be used for SSL client authentication. Default: false
--usePkcs12KeyStore {keyStorePath}
-
PKCS#12 keystore containing the certificate which should be used for SSL client authentication.
--usePkcs12TrustStore {trustStorePath}
-
Use a PKCS#12 truststore file for validating server certificate.
-w | --bindPassword[:env|:file] {bindPassword}
-
Password to use to bind to the server. Omit this option while providing the bind DN to ensure that the command prompts for the password, rather than entering the password as a command argument.
-W | --keyStorePassword[:env|:file] {keyStorePassword}
-
Keystore password which will be used as the cleartext configuration value.
-X | --trustAll
-
Trust all server SSL certificates. Default: false
-Z | --useSsl
-
Use SSL for secure communication with the server. Default: false
Utility input/output options:
--no-prompt
-
Use non-interactive mode. If data in the command is missing, the user is not prompted and the tool will fail. Default: false
--noPropertiesFile
-
No properties file will be used to get default command line argument values. Default: false
--propertiesFilePath {propertiesFilePath}
-
Path to the file containing default property values used for command line arguments.
-v | --verbose
-
Use verbose mode. Default: false
General options:
-V | --version
-
Display Directory Server version information. Default: false
-H | --help
-
Display this usage information. Default: false
Exit codes
- 0
-
The command completed successfully.
- ldap-error
-
An LDAP error occurred while processing the operation. LDAP result codes are described in RFC 4511 . Also see the additional information for details.
- 89
-
An error occurred while parsing the command-line arguments.
Files
You can use ~/.opendj/tools.properties
to set the defaults for bind DN, host name, and port number as in the following example:
hostname=directory.example.com port=1389 bindDN=uid=kvaughan,ou=People,dc=example,dc=com ldapcompare.port=1389 ldapdelete.port=1389 ldapmodify.port=1389 ldappasswordmodify.port=1389 ldapsearch.port=1389