<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML ><HEAD ><TITLE >The ldapsearch, ldapdelete and ldapmodify utilities</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="LDAP Linux HOWTO" HREF="index.html"><LINK REL="UP" TITLE="Database Creation and Maintenance" HREF="dbcreation.html"><LINK REL="PREVIOUS" TITLE="More on the LDIF Format" HREF="moreonldif.html"><LINK REL="NEXT" TITLE="Additional Information and Features" HREF="additional.html"></HEAD ><BODY CLASS="section" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >LDAP Linux HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="moreonldif.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Chapter 5. Database Creation and Maintenance</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="additional.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="section" ><H1 CLASS="section" ><A NAME="Utilities" ></A >5.4. The ldapsearch, ldapdelete and ldapmodify utilities</H1 ><P ><B CLASS="command" >ldapsearch</B > - ldapsearch is a shell accessible interface to the ldap_search(3) library call. Use this utility to search for entries on your LDAP database backend. </P ><P >The synopsis to call ldapsearch is the following (take a look at the ldapsearch man page to see what each option means): </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" > ldapsearch [-n] [-u] [-v] [-k] [-K] [-t] [-A] [-B] [-L] [-R] [-d debuglevel] [-F sep] [-f file] [-x] [-D binddn] [-W] [-w bindpasswd] [-h ldaphost] [-p ldapport] [-b searchbase] [-s base|one|sub] [-a never|always|search|find] [-l timelimit] [-z sizelimit] filter [attrs...] </PRE ></FONT ></TD ></TR ></TABLE ><P ><B CLASS="command" >ldapsearch</B > opens a connection to an LDAP server, binds, and performs a search using the filter <EM >filter</EM >. The filter should conform to the string representation for LDAP filters as defined in RFC 1558. If ldapsearch finds one or more entries, the attributes specified by <EM >attrs</EM > are retrieved and the entries and values are printed to standard output. If no attrs are listed, all attributes are returned.</P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" > ldapsearch -x -b 'o=TUDelft,c=NL' 'objectclass=*' ldapsearch -b 'o=TUDelft,c=NL' 'cn=Rene van Leuken' ldasearch -u -b 'o=TUDelft,c=NL' 'cn=Luiz Malere' sn mail </PRE ></FONT ></TD ></TR ></TABLE ><P >The -b option stands for searchbase (initial search point), the -u option stands for userfriendly output information and the -x option is used to specify simple authentication.</P ><P ><B CLASS="command" >ldapdelete - </B >ldapdelete is a shell accessible interface to the ldap_delete(3) library call. Use this utility to delete entries on our LDAP database backend.</P ><P >The synopsis to call ldapdelete is the following (take a look at the ldapdelete man page to see what each option means): </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" > ldapdelete [-n] [-v] [-k] [-K] [-c] [-d debuglevel] [-f file] [-D binddn] [-W] [-w passwd] [-h ldaphost] [-p ldapport] [dn]... </PRE ></FONT ></TD ></TR ></TABLE ><P ><B CLASS="command" >ldapdelete</B > opens a connection to an LDAP server, binds, and deletes one or more entries. If one or more dn arguments are provided, entries with those Distinguished Names are deleted. Each dn should be a string-represented DN as defined in RFC 1779. If no dn arguments are provided, a list of DNs is read from standard input (or from file if the -f flag is used). </P ><P >Here are some examples of the use of ldapdelete: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" > ldapdelete 'cn=Luiz Malere,o=TUDelft,c=NL' ldapdelete -v 'cn=Rene van Leuken,o=TUDelft,c=NL' -D 'cn=Luiz Malere,o=TUDelft,c=NL' -W </PRE ></FONT ></TD ></TR ></TABLE ><P >The -v option stands for verbose mode, the -D option stands for Binddn (the dn to authenticate against) and the -W option stands for password prompt. </P ><P ><B CLASS="command" >ldapmodify - </B >ldapmodify is a shell accessible interface to the ldap_modify(3) and ldap_add(3) library calls. Use this utility to modify entries on our LDAP database backend. </P ><P >The synopsis to call ldapmodify is the following (take a look at the ldapmodify man page to see what each option mean): </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" > ldapmodify [-a] [-b] [-c] [-r] [-n] [-v] [-k] [-d debuglevel] [-D binddn] [-W] [-w passwd] [-h ldaphost] [-p ldapport] [-f file] ldapadd [-b] [-c] [-r] [-n] [-v] [-k] [-K] [-d debuglevel] [-D binddn] [-w passwd] [-h ldaphost] [-p ldapport] [-f file] </PRE ></FONT ></TD ></TR ></TABLE ><P ><B CLASS="command" >ldapadd</B > is implemented as a hard link to the ldapmodify tool. When invoked as ldapadd the -a (add new entry) flag of ldapmodify is turned on automatically. ldapmodify opens a connection to an LDAP server, binds, and modifies or adds entries. The entry information is read from standard input or from file through the use of the -f option. </P ><P >Here are some examples of the use of ldapmodify: </P ><P >Assuming that the file /tmp/entrymods exists and has the contents: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" > dn: cn=Modify Me, o=University of Michigan, c=US changetype: modify replace: mail mail: modme@terminator.rs.itd.umich.edu - add: title title: Grand Poobah - add: jpegPhoto jpegPhoto: /tmp/modme.jpeg - delete: description - </PRE ></FONT ></TD ></TR ></TABLE ><P >The command: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" >ldapmodify -b -r -f /tmp/entrymods </PRE ></FONT ></TD ></TR ></TABLE ><P >will replace the contents of the "Modify Me" entry's mail attribute with the value "modme@terminator.rs.itd.umich.edu", add a title of "Grand Poobah", and the contents of the file /tmp/modme.jpeg as a jpegPhoto, and completely remove the description attribute. </P ><P >The same modifications as above can be performed using the older ldapmodify input format: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" > cn=Modify Me, o=University of Michigan, c=US mail=modme@terminator.rs.itd.umich.edu +title=Grand Poobah +jpegPhoto=/tmp/modme.jpeg -description </PRE ></FONT ></TD ></TR ></TABLE ><P >And plus the command bellow: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" >ldapmodify -b -r -f /tmp/entrymods </PRE ></FONT ></TD ></TR ></TABLE ><P >Assuming that the file /tmp/newentry exists and has the contents: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" > dn: cn=Barbara Jensen, o=University of Michigan, c=US objectClass: person cn: Barbara Jensen cn: Babs Jensen sn: Jensen title: the world's most famous manager mail: bjensen@terminator.rs.itd.umich.edu uid: bjensen </PRE ></FONT ></TD ></TR ></TABLE ><P >The command: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" >ldapadd -f /tmp/entrymods </PRE ></FONT ></TD ></TR ></TABLE ><P >will add the entry with dn: cn=Barbara Jensen, o=University of Michigan, c=US if it's not already present. If an entry with this dn already exists, the command will point out the error and will not overwrite the entry.</P ><P >Assuming that the file /tmp/newentry exists and has the contents: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" > dn: cn=Barbara Jensen, o=University of Michigan, c=US changetype: delete </PRE ></FONT ></TD ></TR ></TABLE ><P >The command: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" >ldapmodify -f /tmp/entrymods </PRE ></FONT ></TD ></TR ></TABLE ><P >will remove Babs Jensen's entry. </P ><P >The -f option stands for file (read the modification information from a file instead of standard input), the -b option stands for binary (any values starting with a '/' on the input file are interpreted as binaries), the -r stands for replace (replace existing values by default). </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="moreonldif.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="additional.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >More on the LDIF Format</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="dbcreation.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Additional Information and Features</TD ></TR ></TABLE ></DIV ></BODY ></HTML >
