beautypg.com

RSA Security 6.1 User Manual

Page 104

background image

92

Using the LDAP Configuration Interface

September 2005

NOTE: You can also use the -h option with ldapmodify to specify the name

of a remote host on which the LDAP interface is available. Run the LDAP
utilities remotely only if you are convinced that unauthorized snooping on the
network between the LDAP client and server is not an issue.

The difference in syntax between the LDIF files generated by

ldapsearch

and

those required for input to

ldapmodify

is that the

ldapmodify

input files

must contain a

changetype

entry immediately following each

dn

entry in the

file. The

changetype

entry specifies how to use the data to change the LDAP

database.

The full syntax for

changetype

within each transaction is as follows:

dn: distinguished-name-of-entry
changetype: keyword
subkeyword: attribute
attribute: value
changetype: keyword
subkeyword: attribute
attribute: value
changetype: keyword
subkeyword: attribute
attribute: value
.
.
.

where:

keyword

can be

add, modify,

or

delete;

subkeyword

can be (respectively)

: add, replace,

or

delete;

attribute

can be any LDAP attribute in the entry

value

is the value to assign to the attribute

.

Repeated

changetype:

keyword

entries are not required within a transaction

unless you change the keyword. From top to bottom within the transaction, the
latest keyword applies until another

changetype

:

keyword

entry is provided.

-w radadmin

The command is providing an authentication password
of

radadmin

.

NOTE: The -w parameter value (in this case,
radadmin) must match the password of the

account named by the -D parameter.

-f filename

This is the input LDIF file to process.

Table 18. Modifying Records Using the ldapmodify Command (Continued)

ldapmodify Option

Meaning