PingAuthorize Server Documentation Index
Command-Line Tool Reference Home

ldifmodify

Description
Examples
Arguments

Description

Apply a set of changes (including add, delete, modify, and modify DN operations) to a set of entries contained in an LDIF file. The changes will be read from a second file (containing change records rather than entries), and the updated entries will be written to a third LDIF file. Unlike ldapmodify, the ldifmodify cannot read the changes to apply from standard input.

All of the change records will be read into memory before processing begins, so it is important to ensure that the tool is given enough memory to hold those change records. However, it will only operate on a single source entry at a time, so the size of the source LDIF file does not significantly impact the amount of memory that the tool requires.

Note that the tool will attempt to correctly handle multiple changes affecting the same entry. However, because it only operates on one entry at a time, it cannot always behave in exactly the same way as if it were applying the changes over LDAP to a server populated with the source LDIF file. For example, it is not possible to reject an attempt to delete an entry that has subordinates, so any delete will be treated as a subtree delete.

Further, not all types of modify DN change records are supported. In particular, modify DN change records are not permitted if they target any entry that has been targeted by a previous change record (for example, renaming an entry that was created by a previous add change record).

Finally, it cannot perform other types of validation, like ensuring that all of the necessary superior entries exist when adding a new entry, or ensuring that a modify DN will not introduce a conflict with an existing entry.

Examples

Apply the changes contained in LDIF file 'changes.ldif' to the entries contained in LDIF file 'original.ldif' and write the updated entries to LDIF file 'updated.ldif'.
ldifmodify --sourceLDIF original.ldif --changesLDIF changes.ldif \
     --targetLDIF updated.ldif

Arguments

-V
--version

Description Display PingAuthorize Server version information

-H
--help

Description Display general usage information

--help-debug

Description Display help for using debug options
Advanced Yes

-s {path}
--sourceLDIF {path}

Description The path to an LDIF file containing the source entries to be updated. This argument must be provided exactly once, and the file must exist.
Required Yes
Multi-Valued No

--sourceEncryptionPassphraseFile {path}

Description The path to the file containing the passphrase needed to decrypt the contents of the source LDIF file (if it is encrypted). If this argument is provided, the file must exist and must contain exactly one line that contains only the encryption passphrase. If the source LDIF file is encrypted but this argument is not provided, and if the file was not encrypted with a key from the server's encryption settings database, then the tool will interactively prompt for the passphrase.
Required No
Multi-Valued No

-m {path}
--changesLDIF {path}

Description The path to the file containing the LDIF change records that represent the changes to apply. This argument must be provided exactly once, and the file must exist. The entire contents of the file will be read into memory so that all changes will be available when processing entries in the source LDIF file.
Required Yes
Multi-Valued No

--changesEncryptionPassphraseFile {path}

Description The path to the file containing the passphrase needed to decrypt the contents of the changes LDIF file (if it is encrypted). If this argument is provided, the file must exist and must contain exactly one line that contains only the encryption passphrase. If the changes LDIF file is encrypted but this argument is not provided, and if the file was not encrypted with a key from the server's encryption settings database, then the tool will interactively prompt for the passphrase.
Required No
Multi-Valued No

--stripTrailingSpaces

Description Strip off any illegal trailing spaces identified in LDIF entries rather than rejecting those entries.

--strictModifications

Description Use strict mode when applying modifications to entries. If this argument is provided, then the tool will report an error when trying to modify an entry to add an attribute value that already exists in the entry or to remove an attribute value that does not exist in the entry. By default, the tool will operate in lenient mode, and these 'no-op' modifications will be permitted.

--ignoreDuplicateDeletes

Description Ignore subsequent deletes that target an entry that has already been deleted by an earlier change. By default, subsequent deletes that target an already-deleted entry will be reported as an error.

--ignoreDeletesOfNonexistentEntries

Description Ignore deletes that target entries that do not exist in the source LDIF file. By default, deletes targeting nonexistent entries will be reported as an error.

--ignoreModifiesOfNonexistentEntries

Description Ignore modifies that target entries that do not exist in the source LDIF file. By default, modifies targeting nonexistent entries will be reported as an error.

-t {path}
--targetLDIF {path}

Description The path to the file to which the updated entries will be written. This argument must be provided exactly once. If the path exists, then it must reference a file rather than a directory, and that file will be overwritten with the updated entries. If the path does not exist, then its parent directory must exist.
Required Yes
Multi-Valued No

--compressTarget

Description GZIP-compress the data written to the target LDIF file.

--encryptTarget

Description Encrypt the data written to the target LDIF file. If the --targetEncryptionPassphraseFile argument is not provided to supply the passphrase to use to generate the encryption key, then the tool will interactively prompt for the passphrase.

--targetEncryptionPassphraseFile {path}

Description The path to the file containing the passphrase that will be used to encrypt the data as it is written to the target file. If this argument is not provided and the output file is to be encrypted, then the tool will interactively prompt for the passphrase.
Required No
Multi-Valued No

--wrapColumn {value}

Description The column at which long lines should be wrapped. By default, long lines will be wrapped based on the terminal width (or 80 columns if the terminal width cannot be determined).
Upper Bound 2147483647
Required No
Multi-Valued No

-T
--doNotWrap

Description Do not wrap long lines as they are written.

--suppressComments

Description Do not include comments in the target LDIF file. By default, each entry will include a comment to indicate what changes (if any) were applied to it.

--interactive

Description Launch the tool in interactive mode.

--propertiesFilePath {path}

Description The path to a properties file used to specify default values for arguments not supplied on the command line.
Required No
Multi-Valued No

--generatePropertiesFile {path}

Description Write an empty properties file that may be used to specify default values for arguments.
Required No
Multi-Valued No

--noPropertiesFile

Description Do not obtain any argument values from a properties file.

--suppressPropertiesFileComment

Description Suppress output listing the arguments obtained from a properties file.