DXmodify Tool -- Add New or Changed Information to a Directory

Use the DXmodify tool to do any of the following:
cad1214
Use the DXmodify tool to do any of the following:
  • Populate an empty directory
  • Add complete new entries to an existing directory
  • Add new attributes to existing entries
  • Modify, rename, or delete attributes of an entry
  • Load a binary file
When you run the DXmodify tool, you can enter the new or changed information from standard input or from an LDIF file.
This command has the following format:
dxmodify [action] [options]
  • action
    Specifies the action the tool will take. The DXmodify tool follows any changetype directives in the LDIF file. If the LDIF file contains entries and no changetype directives, then you can tell DXmodify whether it should add these entries or replace existing entries. DXmodify replaces entries if either of the following conditions are true:
    • The entry in the LDIF file is a modify operation and the modify type is specified for an attribute in the LDIF file
    • -r is specified
    • -a
      Adds the entries in the LDIF file to the directory.
    • -r
      Replaces the entries or attributes in the directory with those in the LDIF file.
  • options
    Denotes one or more of the following options:
  • -c
    Runs in continuous mode. Errors are reported, but the process is not stopped.
  • -d
    level
    [
    -
    d
    level
    ...]
    Sets the LDAP debug levels.
    • level
      Defines the level of debugging as follows:
      -1 Enable all debugging
      0 No debugging
      1 Trace function
      2 Debug packet handling
      4 Heavy trace debugging
      8 Connection management
      16 Print out packages sent and received
      32 Search filter processing
      64 Configuration file processing
      128 Access control list processing
      256 Stats log connections/operations/results
      512 Stats log entries sent
      1024 Print communication with shell backends
      2048 Print entry parsing debugging
      You can add numbers together to specify multiple debug levels at the same time. For example, a debug level of 6 specifies the debugging levels of both 2 and 4.
  • -D
    bindDN
    Specifies the distinguished name of the user performing the bind.
  • -E
    search-extension
    Specifies a search extension such as paged results. For example, to return results in pages of 10, use this command:
    dxsearch -h host -E pr=10 "(cn=*)"
  • -F
    Forces all change records to be used.
  • -f
    filename
    Specifies a source LDIF file. If you do not specify this option, or do not specify a file name, then DXmodify waits for input from standard input.
  • -H
    URI
    Specifies the LDAP URI of the directory host. If you do not specify this, the tool uses
    localhost
    instead.
    You can use an IPv6 address, as in the following example:
    -H ldap://[2001:db8:0:1:99a4:6159:198f:b309]
  • -h
    dap-host
    This option has been deprecated. Use the -H option instead. The -h option still works in the current version of CA Directory.
    Specifies the address or host name of the directory host. If you do not specify this, the tool uses
    localhost
    instead.
    You can include OSI addressing for transport, session, and presentation SAPs by fully expanding
    dap-host
    :
    hostname:port/tsel/ssel/psel
    You can include binary and ASCII characters in the
    tsel
    ,
    ssel
    , and
    psel
    selectors, using the % followed by the two hexadecimal digits that represent the ASCII code for the character, for example:
    • / is expressed as %2F
    • % is expressed as %25
  • -l
    timelimit
    Specifies the time limit (in seconds) for each DAP operation.
  • -M
    Enables the
    Manage DSA
    IT control.
  • -MM
    Enables the
    Manage DSA
    IT control, and makes it critical. For more information, see LDAP Controls in the
    Administration Guide
    .
  • -n
    Shows what would be done, but does not actually do it. This can be useful for debugging purposes, usually you use this with the -v option.
  • -P 2|3
    Specifies the LDAP protocol. By default, this is set to 3.
  • -p
    dap-port
    Specifies the port on directory host computer. If you do not specify this, the tool uses port 102, the OSI port, by default
    You can combine the -h and -p arguments into a single argument, and express them as a dotted IP address or hostname. For example, you can replace the options on the first line with those on the second:
    -h 192.168.19.202 -p 19389 -h 192.168.19.202:19389
  • -q
    Runs in quiet mode, in which successful operations are not reported.
  • -S
    file
    Writes any skipped modifications into the specified file.
  • -s
    time
    Specifies the time (in milliseconds) to sleep after each operation.
  • -v
    Runs in verbose mode.
  • -W
    Prompts the user for the bind password.
  • -w
    password
    Specifies the bind password.
  • -y
    filename
    Specifies a file that contains the bind password.
  • -Z [
    ssld_config_filename
    ]
    Specifies that the tool should start a TLS request, using the specified configuration file. If you omit the filename, the tool uses DXHOME/config/ssld/dxldap.conf.
    Use -ZZ to require a response from the DSA when a request is successful.
    Note:
    For more information, see SSLD Configuration File.
Example: Make Multiple Changes to an Entry
This example uses the Democorp sample directory supplied with CA Directory. You can repeat this example as a training exercise.
You can make multiple changes, such as changing the title and postal address, adding a second telephone number, and deleting the description of an entry.
This example shows that you can replace the values of multiple attributes using one replace statement as long as the replace statement specifies the first attribute name in the series.
  1. Create an LDIF file named
    h-modify.ldif
    that contains the following:
    dn: cn=Murray HORSFALL, ou=Repair,ou=Operations,o=Democorp,c=AU changetype: modify replace: title title: Chief Information Officer - add: telephone telephone: 797 8888 - delete: description - replace: postalAddress postalAddress: 173 Toorak Rd $ South Yarra postalCode: 3066
  2. Use DXmodify to apply the edited file as follows:
    dxmodify -h localhost:19389 -f h-modify.ldif
Example: Add a Binary File
This shows how to add a JPEG file with a personnel record from staff.ldif.
For JPEG files, the object class is
cosinePilotObject
, the X.500 attribute name is
cosineJpegPhoto
, and the LDAP attribute name is
JpegPhoto
.
This example uses the Democorp sample directory supplied with CA Directory. You can repeat this example as a training exercise.
To add a binary file, follow these instructions:
  1. Decide on the directory schema object class and attribute to use to hold the binary data.
    For this example, use the
    cosineJpegPhoto
    attribute within the
    cosinePilotObject
    object class.
  2. Create entries in an LDIF file with the following syntax:
    attributeName:< FILE://path
    For this example, create staff.ldif with the following form:
    dn: cn=Peter Bell,ou=Infrastructure,ou=Support,o=Democorp,c=AU oc: organizationalPerson oc: newPilotPerson oc: cosinePilotObject cn: Peter Bell sn: BELL cosineJpegPhoto:< FILE://d:\temp\PHOTO\BELPE01.jpg title: Design Supervisor telephone: 881 9256 description: Computing mail: Peter.BELL@Democorp.com postalAddress: 7-11 Fine Street$Penville CA postalCode: 32750
  3. Run the following command:
    dxmodify -a -c -h hostname:19389 -f staff.ldif