Table 18. Modifying Records Using the ldapmodify Command (Continued)

ldapmodify Option

Meaning

 

 

-w radadmin

The command is providing an authentication password

 

of radadmin.

 

NOTE: The -wparameter value (in this case,

 

radadmin) must match the password of the

 

account named by the -Dparameter.

-ffilename

This is the input LDIF file to process.

 

 

NOTE: You can also use the -hoption with ldapmodify to specify the name of a remote host on which the LDAP interface is available. Run the LDAP utilities remotely only if you are convinced that unauthorized snooping on the network between the LDAP client and server is not an issue.

The difference in syntax between the LDIF files generated by ldapsearch and those required for input to ldapmodify is that the ldapmodify input files must contain a changetype entry immediately following each dn entry in the file. The changetype entry specifies how to use the data to change the LDAP database.

The full syntax for changetype within each transaction is as follows:

dn: distinguished-name-of-entry

changetype: keyword

subkeyword: attribute

attribute: value

changetype: keyword

subkeyword: attribute

attribute: value

changetype: keyword

subkeyword: attribute

attribute: value

.

.

.

where:

keyword can be add, modify, or delete;

subkeyword can be (respectively): add, replace, or delete; attribute can be any LDAP attribute in the entry

value is the value to assign to the attribute.

Repeated changetype: keyword entries are not required within a transaction unless you change the keyword. From top to bottom within the transaction, the latest keyword applies until another changetype: keyword entry is provided.

92

Using the LDAP Configuration Interface

September 2005

Page 104
Image 104
RSA Security 6.1 manual Where