UnboundID Metrics Engine Command-Line Tool Reference

Metrics Engine Documentation Index
Command-Line Tool Reference Home

ldapmodify

Description

Perform LDAP modify, add, delete, and modify DN operations in the Metrics Engine.

This tool translates entry modifications encoded in the LDIF change records format (see RFC 2849) into protocol operations requests sent to the directory. Change records can be stored in a file and specified using the --filename option, or the --filename option can be omitted in which case this tool accepts change records from standard input. Blank lines cause the current record to be translated and sent to the server.

Examples

Read change records from change_records.ldif and apply them to the entries in the server. Change records that have no changetype are considered 'add' operations:

ldapmodify --bindDN uid=admin,dc=example,dc=com --bindPassword password \
     --defaultAdd -f change_records.ldif

Invoke the tool with no file option specified which causes ldapmodify to pause, accepting change records from the standard input:

ldapmodify --bindDN uid=admin,dc=example,dc=com --bindPassword password

Read change records from a file and apply them to the entries in the server. Extra information about the state of the description attribute is printed both immediately before and after the operation is processed. Only entries with the departmentNumber attribute having a value of 031502 are processed. All operations are processed as the user 'admin2':

ldapmodify --bindDN uid=admin,dc=example,dc=com --bindPassword password \
     --filename change_records.ldif \
     --assertionFilter "(departmentNumber=031502)" \
     --preReadAttributes description --postReadAttributes description \
     --proxyAs dn:uid=admin2,dc=example,dc=com

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

Arguments

-H
--help

Description

Display general usage information

--help-ldap

Description

Display help for using LDAP options

--help-sasl

Description

Display help for using SASL options

--help-debug

Description	Display help for using debug options
Advanced	Yes

--propertiesFilePath {propertiesFilePath}

Description	Path to the file that contains default property values used for command-line arguments
Required	No
Multi-Valued	No

--noPropertiesFile

Description

Specify that no properties file will be used to get default command-line argument values

--script-friendly

Description

Use script-friendly mode

-h {host}
--hostname {host}

Description	Metrics Engine hostname or IP address
Default Value	localhost
Required	No
Multi-Valued	No

-p {port}
--port {port}

Description	Metrics Engine port number
Default Value	389
Required	No
Multi-Valued	No

-Z
--useSSL

Description

Use SSL for secure communication with the server

-q
--useStartTLS

Description

Use StartTLS to secure communication with the server

-D {bindDN}
--bindDN {bindDN}

Description	DN used to bind to the server
Required	No
Multi-Valued	No

-w {bindPassword}
--bindPassword {bindPassword}

Description	Password used to bind to the server
Required	No
Multi-Valued	No

-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}

Description	Bind password file
Required	No
Multi-Valued	No

-a
--defaultAdd

Description

Treat records with no changetype as add operations

-f {file}
--filename {file}

Description	LDIF file containing the changes to apply
Required	No
Multi-Valued	No

-r
--useSASLExternal

Description

Use the SASL EXTERNAL authentication mechanism

-o {name=value}
--saslOption {name=value}

Description	SASL bind options
Required	No
Multi-Valued	Yes

-X
--trustAll

Description

Trust all server SSL certificates

-K {keyStorePath}
--keyStorePath {keyStorePath}

Description	Certificate key store path
Required	No
Multi-Valued	No

-W {keyStorePassword}
--keyStorePassword {keyStorePassword}

Description	Certificate key store PIN
Required	No
Multi-Valued	No

-u {keyStorePasswordFile}
--keyStorePasswordFile {keyStorePasswordFile}

Description	Certificate key store PIN file
Required	No
Multi-Valued	No

-N {nickname}
--certNickname {nickname}

Description	Nickname of the certificate for SSL client authentication
Required	No
Multi-Valued	No

-P {trustStorePath}
--trustStorePath {trustStorePath}

Description	Certificate trust store path
Required	No
Multi-Valued	No

-Y {authzID}
--proxyAs {authzID}

Description	Use the proxied authorization control to request operations be processed using a given authorization ID instead of the identity associated with the connection (see RFC 4370)
Required	No
Multi-Valued	No

-E
--reportAuthzID

Description

Use the authorization identity control

--assertionFilter {filter}

Description	Use the LDAP assertion control with the provided filter to specify a condition that must be true for the operation to be processed normally (see RFC 4528)
Required	No
Multi-Valued	No

--preReadAttributes {attrList}

Description	Use the LDAP ReadEntry pre-read control which causes the server to return information about a modified entry as it was immediately before the entry was modified (see RFC 4527)
Required	No
Multi-Valued	No

--postReadAttributes {attrList}

Description	Use the LDAP ReadEntry post-read control which causes the server to return information about a modified entry as it was immediately after the entry was modified (see RFC 4527)
Required	No
Multi-Valued	No

--useTransaction

Description

Use a transaction to perform all operations as a single atomic unit

-J {controloid[:criticality[:value|::b64value|:
--control {controloid[:criticality[:value|::b64value|:

Description Use a request control with the provided information

Required No

Multi-Valued Yes

--version

Description Display Metrics Engine version information

-V {version}
--ldapVersion {version}

Description LDAP protocol version number

Default Value 3

Required No

Multi-Valued No

-i {encoding}
--encoding {encoding}

Description Use the specified character set for command-line input

Required No

Multi-Valued No

-c
--continueOnError

Description Continue processing even if there are errors

--stripTrailingSpaces

Description Strip out any illegal trailing spaces contained in change records rather than rejecting them

-n
--dry-run

Description Show what would be done but do not perform any operation

-s
--useSoftDelete

Description Process delete operations as soft delete requests, whereby entries are renamed and hidden instead of being permanently deleted. The Identity Data Store must be configured to allow soft deletes

--allowUndelete

Description Process add operations which include the ds-undelete-from-dn attribute as undelete requests. Undelete requests re-add previously soft-deleted entries back to the directory as non-deleted entries by providing the Undelete Request Control with the add operation. The Identity Data Store must be configured to allow soft deletes to process any undelete requests and the client user must have the soft-delete-read privilege

--useAdministrativeSession

Description Attempt to use an administrative session to have operations processed on a dedicated pool of worker threads. This may be useful when trying to diagnose problems in a server that is unresponsive because all normal worker threads are busy processing other requests

-v
--verbose

Description Use verbose mode

Description	Use a request control with the provided information
Required	No
Multi-Valued	Yes

Description	LDAP protocol version number
Default Value	3
Required	No
Multi-Valued	No

Description	Use the specified character set for command-line input
Required	No
Multi-Valued	No