Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

LDAPFORM(1)		  BSD General Commands Manual		   LDAPFORM(1)

NAME
     ldapform — prepare an LDIF form to update a given ldap entry.

SYNOPSIS
     ldapform [options] filter
     ldapform -e [options] filter
     ldapedit [options] filter

DESCRIPTION
     The ldapform utility creates a text file in ldif(5) format, which can be
     used to add or modify entries in an LDAP server. The ldapedit utility
     does the same, but also submits the changes back to that server.

     Both utilities require read access to operational attributes of the top
     level subschema to obtain the objectclass and attribute definitions.
     This means that the authorized user should be able to get the info using
     the following command:
	   % ldapsearch [authopts] -b cn=Subschema -s base '(objectClass=*)' +
     If the above fails, check your ACLs.

OPTIONS
     -b base
	     Specify the search base for the filter.

     -C	     Use compact format. See FORMATS below.

     -D dn   Specify the distinguished name of the authenticating user for
	     simple binds.

     -f file
	     Write output to file.  When in edit mode, this flag will use file
	     instead of a temporary file and the file will not be removed when
	     submitted to the server.

     -H uri  Specify the URI of the ldap server. The options -h -and -p are
	     ignored when using this option.

     -h hostname
	     Specify the hostname of the ldap server. If a uri is also speci‐
	     fied (see -H) this option is ignored.

     -O props
	     Specify security properties for SASL authentication as a comma-
	     separated list. Refer to SASL_SECPROPS in ldap.conf(5) for more
	     information.

     -p port
	     Specify the port to connect to. Default: 389. This option is
	     ignored if -H is set.

     -R realm
	     Specify the realm for SASL authentication.

     -s scope
	     Specify the search scope for the filter.  Can be one of

		   base
		   Search base only.

		   one
		   One level.

		   sub
		   Base and all descendants (subtree).

		   children
		   Children only. Requires LDAPv3 subordinate feature exten‐
		   sion.

     -U authcid
	     Authentication ID for SASL authentication.

     -v [v]  Increase verbosity. When specified twice, trace information will
	     be printed.

     -W	     Prompt for password when using simple binds. Will fail if not
	     using a tty, use -y instead.

     -w password
	     Specify the password for simple binds.

     -X authzid
	     Authorization ID for SASL authentication if different from
	     authcid

     -x	     Use simple binds.

     -Y mech
	     Specify the SASL authentication mechanism.

     -y pwfile
	     Specify the file containing the password for simple binds. Use
	     ‘-’ for stdin.

     -Z [Z]  Use the START TLS LDAP operation on a normal connection. If used
	     twice, require it to succeed.

FORMATS
     Standard format is meant for modifications. For each matching entry, a
     ‘changetype’ attribute is printed. For each ‘objectClass’ attribute a
     ‘delete’ attribute is printed. For all other attributes, an ‘add’ and
     ‘delete’ attribute are printed, along with the attribute and it's value
     (if available).  Each attribute is continued properly with a dash on a
     line by itself.

     Compact format is meant for additions. For each matching entry all
     attributes are printed with it's value (if available). This makes it eas‐
     ier to copy an entry to a different entry.	 Both formats preceed an
     attribute section with a comment describing the attribute, if one is
     available in the schema definition as stored by the server.

DIAGNOSTICS
     EX_USAGE  Unknown option or using invalid combination of options.

     EX_UNAVAILABLE  Connection to the LDAP server or TLS negotiation failed.
     Diagnostics are printed on stderr.

     EX_CANTCREAT  The file argument to the -f option cannot be created.

     EX_OK  All went well.

FILES
     The following files work as described in ldap.conf(5):
     /usr/local/etc/openldap/ldap.conf
     ~/.ldaprc
     ./.ldaprc

ENVIRONMENT
     The variables LDAPRC and LDAPCONF work as described in ldap.conf(5).
     Additionally, the variables LDAP_USE_TLS and LDAP_REQUIRE_TLS work as -Z
     and -ZZ respectively. That is, when set they activate and may require
     TLS. These do not work for Openldap supplied tools.

BUGS
	   ·   SASL authentication is untested and may not work.

	   ·   Edit mode is currently non existent.

	   ·   If TLS negotiation fails, so will simple binds. As such, the
	       net effect of -Z and -ZZ are identical. However, compatibility
	       with Openldap tools is kept.

	   ·   Portability framework not in place yet, so either have FreeBSD
	       compatible interfaces available or use a VM.

SEE ALSO
     ldapsearch(1), ldapmodify(1), ldif(5), ldap.conf(5)

BSD				 Jan, 04 2012				   BSD

Vote for polarhome