HP UX Identity Security Software 6.5.3 ldapmodify SSL options

Table 6-11 Commonly-used ldapmodify options (continued)

Option	Description
-D	Specifies the distinguished name with which to authenticate to the server. The value must be a DN
	recognized by the Directory Server, and it must also have the authority to modify the entries. For
	example:
	-D "uid=bjensen, dc=example,dc=com"
	This option cannot be used with the -Noption.

-f	Option that specifies the file containing the LDIF update statements used to define the directory
	modifications. For example:
	-f modify_statements
	If this option is not supplied, the update statements are read from STDIN.
	For information on supplying LDIF update statements from the command-line, see the "Creating
	Directory Entries" chapter in the HP-UX Directory Server administrator guide.

-g	Specifies that the password policy request control not be sent with the bind request. By default, the
	new LDAP password policy request control is sent with bind requests. The ldapmodify tool can
	parse and display information from the response control if it is returned by a server; that is, the tool
	will print an appropriate error or warning message when a server sends the password policy response
	control with an appropriate value. The criticality of the request control is set to false to ensure
	that all LDAPv3 servers that do not understand the control can ignore it. To suppress sending of
	the request control with the bind request, include -gon the command-line.

-h	Specifies the name of the host on which the server is running. For example:
	-h cyclops

-p	Specifies the port number that the server uses. For example:
	-p 1049
	The default is 389.If -Zis used, the default is 636.

-q	Causes each add to be performed silently as opposed to being echoed to the screen individually.

-w	Specifies the password associated with the distinguished name specified in the -Doption. For
	example:
	-w mypassword
	If a dash (-) is used as the password value, the utility prompts for the password after the command
	is entered. This avoids having the password on the command line.

6.5.3 ldapmodify SSL options

Use the following command-line options to specify that the ldapmodify utility is to use LDAP over SSL (LDAPS) when communicating with the Directory Server. LDAPS encrypts data during transit. Also, use these options for certificate-based authentication. These options are valid only when SSL has been turned on and configured for the Directory Server. For more information on certificate-based authentication and on creating a certificate database for use with LDAP clients, see the "Managing SSL" chapter in the HP-UX Directory Server administrator guide.

Ensure that the Directory Server's encrypted port is specified when using these options.

Table 6-12 ldapmodify SSL options

Option	Description
-3	Specifies that host names should be checked in SSL certificates.

-I	Specifies the SSL key password file that contains the token:password pair.

-K	Specifies the path, including the file name, of the private key database of the client. Either the absolute
	or relative (to the server root) path can be specified. The -Koption must be used when the key
	database has a different name than key3.db or when the key database is not under the same
	directory as the certificate database, the cert8.db file (the path for which is specified with the -P
	option).

202 Command-line utilities