RSA Security 6.1 User Manual
Page 104
92
Using the LDAP Configuration Interface
September 2005
NOTE: You can also use the -h option with ldapmodify to specify the name
of a remote host on which the LDAP interface is available. Run the LDAP
utilities remotely only if you are convinced that unauthorized snooping on the
network between the LDAP client and server is not an issue.
The difference in syntax between the LDIF files generated by
ldapsearch
and
those required for input to
ldapmodify
is that the
ldapmodify
input files
must contain a
changetype
entry immediately following each
dn
entry in the
file. The
changetype
entry specifies how to use the data to change the LDAP
database.
The full syntax for
changetype
within each transaction is as follows:
dn: distinguished-name-of-entry
changetype: keyword
subkeyword: attribute
attribute: value
changetype: keyword
subkeyword: attribute
attribute: value
changetype: keyword
subkeyword: attribute
attribute: value
.
.
.
where:
keyword
can be
add, modify,
or
delete;
subkeyword
can be (respectively)
: add, replace,
or
delete;
attribute
can be any LDAP attribute in the entry
value
is the value to assign to the attribute
.
Repeated
changetype:
keyword
entries are not required within a transaction
unless you change the keyword. From top to bottom within the transaction, the
latest keyword applies until another
changetype
:
keyword
entry is provided.
-w radadmin
The command is providing an authentication password
of
radadmin
.
NOTE: The -w parameter value (in this case,
radadmin) must match the password of the
account named by the -D parameter.
-f filename
This is the input LDIF file to process.
Table 18. Modifying Records Using the ldapmodify Command (Continued)
ldapmodify Option
Meaning