LDAPFORM(1) BSD General Commands Manual LDAPFORM(1)NAMEldapform — prepare an LDIF form to update a given ldap entry.
SYNOPSISldapform [options] filter
ldapform-e [options] filter
ldapedit [options] filter
DESCRIPTION
The ldapform utility creates a text file in ldif(5) format, which can be
used to add or modify entries in an LDAP server. The ldapedit utility
does the same, but also submits the changes back to that server.
Both utilities require read access to operational attributes of the top
level subschema to obtain the objectclass and attribute definitions.
This means that the authorized user should be able to get the info using
the following command:
% ldapsearch [authopts] -b cn=Subschema -s base '(objectClass=*)' +
If the above fails, check your ACLs.
OPTIONS-b base
Specify the search base for the filter.
-C Use compact format. See FORMATS below.
-D dn Specify the distinguished name of the authenticating user for
simple binds.
-f file
Write output to file. When in edit mode, this flag will use file
instead of a temporary file and the file will not be removed when
submitted to the server.
-H uri Specify the URI of the ldap server. The options -h -and -p are
ignored when using this option.
-h hostname
Specify the hostname of the ldap server. If a uri is also speci‐
fied (see -H) this option is ignored.
-O props
Specify security properties for SASL authentication as a comma-
separated list. Refer to SASL_SECPROPS in ldap.conf(5) for more
information.
-p port
Specify the port to connect to. Default: 389. This option is
ignored if -H is set.
-R realm
Specify the realm for SASL authentication.
-s scope
Specify the search scope for the filter. Can be one of
base
Search base only.
one
One level.
sub
Base and all descendants (subtree).
children
Children only. Requires LDAPv3 subordinate feature exten‐
sion.
-U authcid
Authentication ID for SASL authentication.
-v [v] Increase verbosity. When specified twice, trace information will
be printed.
-W Prompt for password when using simple binds. Will fail if not
using a tty, use -y instead.
-w password
Specify the password for simple binds.
-X authzid
Authorization ID for SASL authentication if different from
authcid
-x Use simple binds.
-Y mech
Specify the SASL authentication mechanism.
-y pwfile
Specify the file containing the password for simple binds. Use
‘-’ for stdin.
-Z [Z] Use the START TLS LDAP operation on a normal connection. If used
twice, require it to succeed.
FORMATS
Standard format is meant for modifications. For each matching entry, a
‘changetype’ attribute is printed. For each ‘objectClass’ attribute a
‘delete’ attribute is printed. For all other attributes, an ‘add’ and
‘delete’ attribute are printed, along with the attribute and it's value
(if available). Each attribute is continued properly with a dash on a
line by itself.
Compact format is meant for additions. For each matching entry all
attributes are printed with it's value (if available). This makes it eas‐
ier to copy an entry to a different entry. Both formats preceed an
attribute section with a comment describing the attribute, if one is
available in the schema definition as stored by the server.
DIAGNOSTICS
EX_USAGE Unknown option or using invalid combination of options.
EX_UNAVAILABLE Connection to the LDAP server or TLS negotiation failed.
Diagnostics are printed on stderr.
EX_CANTCREAT The file argument to the -f option cannot be created.
EX_OK All went well.
FILES
The following files work as described in ldap.conf(5):
/usr/local/etc/openldap/ldap.conf
~/.ldaprc
./.ldaprc
ENVIRONMENT
The variables LDAPRC and LDAPCONF work as described in ldap.conf(5).
Additionally, the variables LDAP_USE_TLS and LDAP_REQUIRE_TLS work as -Z
and -ZZ respectively. That is, when set they activate and may require
TLS. These do not work for Openldap supplied tools.
BUGS
· SASL authentication is untested and may not work.
· Edit mode is currently non existent.
· If TLS negotiation fails, so will simple binds. As such, the
net effect of -Z and -ZZ are identical. However, compatibility
with Openldap tools is kept.
· Portability framework not in place yet, so either have FreeBSD
compatible interfaces available or use a VM.
SEE ALSOldapsearch(1), ldapmodify(1), ldif(5), ldap.conf(5)BSD Jan, 04 2012 BSD