HP-UX Directory Server 8.1 configuration, command, and file reference
Table 6-11 Commonly-used ldapmodify options (continued)
DescriptionOption
Specifies the distinguished name with which to authenticate to the server. The value must be a DN
recognized by the Directory Server, and it must also have the authority to modify the entries. For
example:
-D "uid=bjensen, dc=example,dc=com"
This option cannot be used with the -N option.
-D
Option that specifies the file containing the LDIF update statements used to define the directory
modifications. For example:
-f modify_statements
If this option is not supplied, the update statements are read from STDIN.
For information on supplying LDIF update statements from the command-line, see the "Creating
Directory Entries" chapter in the HP-UX Directory Server administrator guide.
-f
Specifies that the password policy request control not be sent with the bind request. By default, the
new LDAP password policy request control is sent with bind requests. The ldapmodify tool can
parse and display information from the response control if it is returned by a server; that is, the tool
will print an appropriate error or warning message when a server sends the password policy response
control with an appropriate value. The criticality of the request control is set to false to ensure
that all LDAPv3 servers that do not understand the control can ignore it. To suppress sending of
the request control with the bind request, include -g on the command-line.
-g
Specifies the name of the host on which the server is running. For example:
-h cyclops
-h
Specifies the port number that the server uses. For example:
-p 1049
The default is 389.If -Z is used, the default is 636.
-p
Causes each add to be performed silently as opposed to being echoed to the screen individually.
-q
Specifies the password associated with the distinguished name specified in the -D option. For
example:
-w mypassword
If a dash (-) is used as the password value, the utility prompts for the password after the command
is entered. This avoids having the password on the command line.
-w
6.5.3 ldapmodify SSL options
Use the following command-line options to specify that the ldapmodify utility is to use LDAP
over SSL (LDAPS) when communicating with the Directory Server. LDAPS encrypts data during
transit. Also, use these options for certificate-based authentication. These options are valid only
when SSL has been turned on and configured for the Directory Server. For more information on
certificate-based authentication and on creating a certificate database for use with LDAP clients,
see the "Managing SSL" chapter in the HP-UX Directory Server administrator guide.
Ensure that the Directory Server's encrypted port is specified when using these options.
Table 6-12 ldapmodify SSL options
DescriptionOption
Specifies that host names should be checked in SSL certificates.
-3
Specifies the SSL key password file that contains the token:password pair.-I
Specifies the path, including the file name, of the private key database of the client. Either the absolute
or relative (to the server root) path can be specified. The -K option must be used when the key
database has a different name than key3.db or when the key database is not under the same
directory as the certificate database, the cert8.db file (the path for which is specified with the -P
option).
-K
202 Command-line utilities