Oct 15 2008
Iplanet Command Line LDAP tutorial
Managing Entries From the Command Line
The command-line utilities allow you to manipulate the contents of your directory.
They can be useful if you want to write scripts to perform bulk management of
your directory, or to test your Directory Server. For example, you might want to
ensure that it returns the expected information after you have made changes to
access control information.
Using the command-line utilities, you can provide information directly from the
command-line, or through an input file in LDIF.
This section provides information about:
• Providing Input From the Command Line
• Creating a Root Entry From the Command Line
• Adding Entries Using LDIF
• Adding and Modifying Entries Using ldapmodify
• Deleting Entries Using ldapdelete
• Using Special Characters
Providing Input From the Command Line
When you provide input to the ldapmodify and ldapdelete utilities directly from
the command line, you must use LDIF statements. For detailed information on
LDIF statements, refer to “LDIF Update Statements,” on page 54.
The ldapmodify and ldapdelete utilities read the statements that you enter in
exactly the same way as if they were read from a file. When you finish providing
input, enter the character that your shell recognizes as the end of file (EOF) escape
sequence. The utility then begins operations based on the input you supplied.
Typically, the EOF escape sequence is one of the following, depending upon the
type of machine you use:
• UNIX—Almost always control-D (^D)
NOTE You cannot modify your directory unless the appropriate access
control rules have been set. For information on creating access
control rules for your directory, see Chapter 6, “Managing Access
Control.”
Managing Entries From the Command Line
48 iPlanet Directory Server Administrator’s Guide • April 2001
• Windows NT—Usually control-Z followed by a carriage return (^Z
For example, suppose you want to input some LDIF update statements to
ldapmodify. Then, on a UNIX system, you would do the following:
prompt> ldapmodify -D bindDN -w password -h hostname
> dn: cn=Barry Nixon, ou=people, dc=siroe,dc=com
> changetype: modify
> delete: telephonenumber
> -
> add: manager
> manager: cn=Harry Cruise, ou=people, dc=siroe,dc=com
> ^D
prompt>
When you add an entry from the command-line or from LDIF, make sure that an
entry representing a subtree is created before new entries are created under that
branch. For example, if you want to place an entry in a People subtree, then create
entry representing that subtree before creating entries within the subtree.
For example:
dn: dc=siroe,dc=com
dn: ou=People, dc=siroe,dc=com
…
People subtree entries.
…
dn: ou=Group, dc=siroe,dc=com
…
Group subtree entries.
…
Creating a Root Entry From the Command Line
You can use the ldapmodify command-line utility to create a new root entry in a
database. For example, you might add the new root entry as follows:
prompt% ldapmodify -a -D “dn=directory manager” -w secret
The ldapmodify utility binds to the server and prepares it to add an entry.
You create the new root object as follows:
dn: Suffix_Name
objectclass: newobjectclass
Managing Entries From the Command Line
Chapter 2 Creating Directory Entries 49
The DN corresponds to the DN of the root or sub-suffix contained by the database.
The newobjectclass value depends upon the type of object class you are adding to
the database. You may need to specify additional mandatory attributes depending
upon the root object you add.
Adding Entries Using LDIF
You can use an LDIF file to add multiple entries or to import an entire database. To
add entries using an LDIF file and the Directory Server Console:
1. Define the entries in an LDIF file.
LDIF is described in Appendix A, “LDAP Data Interchange Format.”
2. Import the LDIF file from the Directory Server Console.
See “Performing an Import From the Console,” on page 134 for information.
When you import the LDIF file, select “Append to database” on the Import
dialog box so that the server will only import entries that do not currently exist
in the directory.
You can also add entries described in an LDIF file from the command line using the
ldapmodify command with the -f option.
Adding and Modifying Entries Using ldapmodify
You use the ldapmodify command to add and modify entries in an existing
Directory Server database. The ldapmodify command opens a connection to the
specified server using the distinguished name and password you supply, and
modifies the entries based on LDIF update statements contained in a specified file.
Because ldapmodify uses LDIF update statements, ldapmodify can do everything
that ldapdelete can do.
If schema checking is turned on when you use this utility, then the server performs
schema checking for the entire entry when it is modified:
NOTE You can use this method only if you have one database per suffix. If
you create a suffix that is stored in several databases, you must use
the ldif2db utility with the -n option to specify the database that
will hold the new entries. For information, refer to “Importing
From the Command Line,” on page 137.
Managing Entries From the Command Line
50 iPlanet Directory Server Administrator’s Guide • April 2001
• If the server detects an attribute or object class in the entry that is not known to
the server, then the modify operation will fail when it reaches the erroneous
entry. All entries that were processed before the error was encountered will be
successfully added or modified. If you run ldapmodify with the -c option (do
not stop on errors), all correct entries processed after the erroneous entry will
be successfully added or modified.
• If a required attribute is not present, the modify operation fails. This happens
even if the offending object class or attribute is not being modified. This
situation can occur if you run the Directory Server with schema checking
turned off, add unknown object classes or attributes, and then turn schema
checking on.
For more information, see “Turning Schema Checking On and Off,” on page 326.
To create a database suffix (such as dc=siroe,dc=com) using ldapmodify you
must bind to the directory as the Directory Manager.
Adding Entries Using ldapmodify
Here is a typical example of how to use the ldapmodify utility to add entries to the
directory. Suppose that:
• You want to create the entries specified in the file new.ldif.
• You have created a database administrator who has the authority to modify the
entries, and whose distinguished name is cn=Directory Manager,
dc=siroe,dc=com.
• The database administrator’s password is King-Pin.
• The server is located on cyclops.
• The server uses port number 845.
In this example, the LDIF statements in the new.ldif file do not specify a change
type. They follow the format defined in “LDIF File Format,” on page 471.
To add the entries, you must enter the following command:
ldapmodify -a -D “cn=Directory Manager,dc=siroe,dc=com” -w King-Pin
-h cyclops -p 845 -f new.ldif
The following table describes the ldapmodify parameters used in the example:
Parameter Name Description
-a Specifies that the modify operation will add new entries to the
directory.
Managing Entries From the Command Line
Chapter 2 Creating Directory Entries 51
For full information on ldapmodify parameters, refer to the iPlanet Directory Server
Configuration, Command, and File Reference.
Modifying Entries Using ldapmodify
Here is a typical example of how to use the ldapmodify utility to modify entries
that are present in the directory. Suppose that:
• You want to modify entries as specified in the file modify_statements.
• You have created a database administrator that has the authority to modify the
entries, and whose distinguished name is cn=Directory Manager,
dc=siroe,dc=com.
• The database administrator’s password is King-Pin.
• The server is located on cyclops.
• The server uses port number 845.
To modify the entries, you must first create the modify_statements file with the
appropriate LDIF update statements, and then enter the following command:
ldapmodify -D “cn=Directory Manager,dc=siroe,dc=com” -w King-Pin -h
cyclops -p 845 -f modify_statements
-D Specifies the distinguished name with which to authenticate
to the server. The value must be a DN recognized by the
Directory Server, and it must also have the authority to
modify the entries.
-w Specifies the password associated with the distinguished
name specified in the -D parameter.
-h Specifies the name of the host on which the server is running.
-p Specifies the port number that the server uses.
-f Optional parameter that specifies the file containing the LDIF
update statements used to define the modifications. If you do
not supply this parameter, the update statements are read
from stdin. For information on supplying LDIF update
statements from the command line, refer to “Providing Input
From the Command Line,” on page 47
Parameter Name Description
Managing Entries From the Command Line
52 iPlanet Directory Server Administrator’s Guide • April 2001
The following table describes the ldapmodify parameters used in the example:
For full information on ldapmodify parameters, refer to the iPlanet Directory Server
Configuration, Command, and File Reference.
Deleting Entries Using ldapdelete
Use the ldapdelete command-line utility to delete entries from the directory. This
utility opens a connection to the specified server using the distinguished name and
password you provide, and deletes the entry or entries.
You can only delete entries at the end of a branch. You cannot delete entries that
are branch points in the directory tree.
For example, of the following three entries:
ou=People,dc=siroe,dc=com
cn=Paula Simon,ou=People,dc=siroe,dc=com
cn=Jerry O’Connor,ou=People,dc=siroe,dc=com
you can delete only the last two entries. The entry that identifies the People subtree
can be deleted only if there aren’t any entries below it. If you want to delete
ou=People,dc=siroe,dc=com, you must first delete Paula Simon and Jerry
O’Connor’s entries, and all other entries in that subtree.
Parameter Name Description
-D Specifies the distinguished name with which to authenticate
to the server. The value must be a DN recognized by the
Directory Server, and it must also have the authority to
modify the entries.
-w Specifies the password associated with the distinguished
name specified in the -D parameter.
-h Specifies the name of the host on which the server is running.
-p Specifies the port number that the server uses.
-f Optional parameter that specifies the file containing the LDIF
update statements used to define the modifications. If you do
not supply this parameter, the update statements are read
from stdin. For information on supplying LDIF update
statements from the command line, refer to “Providing Input
From the Command Line,” on page 47.
Managing Entries From the Command Line
Chapter 2 Creating Directory Entries 53
Here is a typical example of how to use the ldapdelete utility. Suppose that:
• You want to delete the entries identified by the distinguished names:
cn=Robert Jenkins,ou=People,dc=siroe,dc=com and cn=Lisa Jangles,
ou=People,dc=siroe,dc=com.
• You have created a database administrator that has the authority to modify the
entries, and whose distinguished name is cn=Directory Manager,
dc=siroe,dc=com.
• The database administrator’s password is King-Pin.
• The server is located on cyclops.
• The server uses port number 845.
To delete the entries for users Robert Jenkins and Lisa Jangles, enter the following
command:
ldapdelete -D “cn=Directory Manager,dc=siroe,dc=com” -w King-Pin -h
cyclops -p 845 “cn=Robert Jenkins,ou=People,dc=siroe,dc=com”
“cn=Lisa Jangles,ou=People,dc=siroe,dc=com”
The following table describes the ldapdelete parameters used in the example:
For full information on ldapdelete parameters, refer to the iPlanet Directory Server
Configuration, Command, and File Reference.
Parameter Name Description
-D Specifies the distinguished name with which to authenticate
to the server. The value must be a DN recognized by the
Directory Server, and it must also have the authority to
modify the entries.
-w Specifies the password associated with the distinguished
name specified in the -D parameter.
-h Specifies the name of the host on which the server is running.
-p Specifies the port number that the server uses.
LDIF Update Statements
54 iPlanet Directory Server Administrator’s Guide • April 2001
Using Special Characters
When using the Directory Server command-line client tools, you may need to
specify values that contain characters that have special meaning to the
command-line interpreter (such as space [ ], asterisk [*], backslash [\], and so
forth). When this situation occurs, enclose the value in quotation marks (“”). For
example:
-D “cn=Barbara Jensen,ou=Product Development,dc=siroe,dc=com”
Depending on the command-line utility you use, you should use either single or
double quotation marks for this purpose. Refer to your operating system
documentation for more information.
In addition, if you are using DNs that contain commas, you must escape the
commas with a backslash (\). For example:
-D “cn=Patricia Fuentes,ou=people,o=Siroe Bolivia\,S.A.”
To delete user Patricia Fuentes from the Siroe Bolivia, S.A. tree, you would enter
the following command:
ldapdelete -D “cn=Directory Manager,dc=siroe,dc=com” -w King-Pin -h
cyclops -p 845 “cn=Patricia Fuentes,ou=People,o=Siroe Bolivia\,S.A.”
LDIF Update Statements
Use LDIF update statements to define how ldapmodify should change your
directory. In general, LDIF update statements are a series of statements that:
• Specify the distinguished name of the entry to be modified.
• Specify a change type that defines how a specific entry is to be modified (add,
delete, modify, modrdn).
• Specify a series of attributes and their changed values.
A change type is required unless you use ldapmodify with the -a parameter. If
you specify the -a parameter, then an add operation (changetype: add) is
assumed. However, any other change type overrides the -a parameter.
If you specify a modify operation (changetype: modify), a change operation is
required that indicates how the entry should be changed.
LDIF Update Statements
Chapter 2 Creating Directory Entries 55
If you specify changetype: modrdn, change operations are required that specify
how the relative distinguished name (RDN) is to be modified. A distinguished
name’s RDN is the left-most value in the DN. For example, the distinguished name
uid=ssarette,dc=siroe,dc=com has an RDN of uid=ssarette.
The general format of LDIF update statements is as follows:
dn: distinguished_name
changetype_identifier
change_operation_identifier
list_of_attributes
-
change_operation_identifier
list_of_attributes
-
A dash (-) must be used to denote the end of a change operation if subsequent
change operations are specified. For example, the following statement adds the
telephone number and manager attributes to the entry:
dn: cn=Lisa Jangles,ou=People,dc=siroe,dc=com
changetype: modify
add: telephonenumber
telephonenumber: (408) 555-2468
-
add: manager
manager: cn=Harry Cruise,ou=People,dc=siroe,dc=com
In addition, the line continuation operator is a single space. Therefore, the
following two statements are identical:
dn: cn=Lisa Jangles,ou=People,dc=siroe,dc=com
dn: cn=Lisa Jangles,
ou=People,
dc=siroe,dc=com
The following sections describe the change types in detail.
Adding an Entry Using LDIF
Use changetype: add to add an entry to your directory. When you add an entry,
make sure to create an entry representing a branch point before you try to create
new entries under that branch. That is, if you want to place an entry in a People
and a Groups subtree, then create the branch point for those subtrees before
creating entries within the subtrees.
LDIF Update Statements
56 iPlanet Directory Server Administrator’s Guide • April 2001
The following LDIF update statements can be used to create the People and the
Groups subtrees, and then create entries within those trees:
dn: dc=siroe,dc=com
changetype: add
objectclass: top
objectclass: organization
o: siroe.com
dn: ou=People, dc=siroe,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: People
ou: Marketing
dn: cn=Pete Minsky,ou=People,dc=siroe,dc=com
changetype: add
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Pete Minsky
givenName: Pete
sn: Minsky
ou: People
ou: Marketing
uid: pminsky
dn: cn=Sue Jacobs,ou=People,dc=siroe,dc=com
changetype: add
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Sue Jacobs
givenName: Sue
sn: Jacobs
ou: People
ou: Marketing
uid: sjacobs
dn: ou=Groups,dc=siroe,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: Groups
LDIF Update Statements
Chapter 2 Creating Directory Entries 57
dn: cn=Administrators,ou=Groups,dc=siroe,dc=com
changetype: add
objectclass: top
objectclass: groupOfNames
member: cn=Sue Jacobs,ou=People,dc=siroe,dc=com
member: cn=Pete Minsky,ou=People,dc=siroe,dc=com
cn: Administrators
dn: ou=Siroe Bolivia\, S.A.,dc=siroe,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: Siroe Bolivia\, S.A.
dn: cn=Carla Flores,ou=Siroe Bolivia\, S.A.,dc=siroe,dc=com
changetype: add
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Carla Flores
givenName: Carla
sn: Flores
ou: Siroe Bolivia\, S.A.
uid: cflores
Renaming an Entry Using LDIF
Use changetype:modrdn to change an entry’s relative distinguished name (RDN).
An entry’s RDN is the left-most element in the distinguished name. Therefore, the
RDN for:
cn=Barry Nixon,ou=People,dc=siroe,dc=com
is:
cn=Barry Nixon
And the RDN for:
ou=People,dc=siroe,dc=com
is:
ou=People
Therefore, this rename operation allows you to change the left-most value in an
entry’s distinguished name.
LDIF Update Statements
58 iPlanet Directory Server Administrator’s Guide • April 2001
For example, the entry
cn=Sue Jacobs,ou=People,dc=siroe,dc=com
can be modified to be:
cn=Susan Jacobs,ou=People,dc=siroe,dc=com
but it cannot be modified to be:
cn=Sue Jacobs,ou=old employees,dc=siroe,dc=com
The following example can be used to rename Sue Jacobs to Susan Jacobs:
dn: cn=Sue Jacobs,ou=Marketing,dc=siroe,dc=com
changetype: modrdn
newrdn: cn=Susan Jacobs
deleteoldrdn: 0
Because deleteoldrdn is 0, this example retains the existing RDN as a value in the
new entry. The resulting entry would therefore have a common name (cn) attribute
set to both Sue Jacobs and Susan Jacobs in addition to all the other attributes
included in the original entry. However, if you used
dn: cn=Sue Jacobs,ou=Marketing,dc=siroe,dc=com
changetype: modrdn
newrdn: cn=Susan Jacobs
deleteoldrdn: 1
the server would delete cn=Sue Jacobs and only cn=Susan Jacobs would remain
within the entry.
A Note on Renaming Entries
You cannot rename an entry with the modrdn change type such that the entry
moves to a completely different subtree. To move an entry to a completely different
branch you must create a new entry in the alternative subtree using the old entry’s
attributes, and then delete the old entry.
Also, for the same reasons that you cannot delete an entry if it is a branch point,
you cannot rename an entry if it has any children. Doing so would orphan the
children in the tree, which is not allowed by the LDAP protocol. For example, of
the following three entries:
ou=People,dc=siroe,dc=com
cn=Paula Simon,ou=People,dc=siroe,dc=com
cn=Jerry O’Connor,ou=People,dc=siroe,dc=com
you can rename only the last two entries. The entry that identifies the People
subtree can be renamed only if no other entries exist below it.
LDIF Update Statements
Chapter 2 Creating Directory Entries 59
Modifying an Entry Using LDIF
Use changetype:modify to add, replace, or remove attributes and/or attribute
values to the entry. When you specify changetype:modify, you must also provide
a change operation to indicate how the entry is to be modified. Change operations
can be:
• add: attribute
Adds the specified attribute or attribute value. If the attribute type does not
currently exist for the entry, then the attribute and its corresponding value are
created. If the attribute type already exists for the entry, then the specified
attribute value is added to the existing value. If the particular attribute value
already exists for the entry, then the operation fails and the server returns an
error.
• replace: attribute
The specified values are used to entirely replace the attribute’s value(s). If the
attribute does not already exist, it is created. If no replacement value is
specified for the attribute, the attribute is deleted.
• delete: attribute
The specified attribute is deleted. If more than one value of an attribute exists
for the entry, then all values of the attribute are deleted in the entry. To delete
just one of many attribute values, specify the attribute and associated value on
the line following the delete change operation.
This section contains the following topics:
• Adding Attributes to Existing Entries Using LDIF
• Changing an Attribute Value Using LDIF
• Deleting All Values of an Attribute Using LDIF
• Deleting a Specific Attribute Value Using LDIF
Adding Attributes to Existing Entries Using LDIF
You use changetype:modify with the add operation to add an attribute and an
attribute value to an entry.
LDIF Update Statements
60 iPlanet Directory Server Administrator’s Guide • April 2001
For example, the following LDIF update statement adds a telephone number to the
entry:
dn: cn=Barney Fife,ou=People,dc=siroe,dc=com
changetype: modify
add: telephonenumber
telephonenumber: 555-1212
The following example adds two telephone numbers to the entry:
dn: cn=Barney Fife,ou=People,dc=siroe,dc=com
changetype: modify
add: telephonenumber
telephonenumber: 555-1212
telephonenumber: 555-6789
The following example adds two telephonenumber attributes and a manager
attribute to the entry:
dn: cn=Barney Fife,ou=People,dc=siroe,dc=com
changetype: modify
add: telephonenumber
telephonenumber: 555-1212
telephonenumber: 555-6789
-
add: manager
manager: cn=Sally Nixon,ou=People,dc=siroe,dc=com
The following example adds a jpeg photograph to the directory. The jpeg photo can
be displayed by Directory Server Gateway. In order to add this attribute to the
directory, you must use the ldapmodify -b parameter (which indicates that
ldapmodify should read the referenced file for binary values if the attribute value
begins with a slash):
dn: cn=Barney Fife,ou=People,dc=siroe,dc=com
changetype: modify
add: jpegphoto
jpegphoto: /path/to/photo
Alternatively, you can add a jpeg photograph to the directory using the following
standard LDIF notation:
jpegphoto: < file:/path/to/photo
If you use this standard notation, you do not need to specify the ldapmodify -b
parameter. However, you must add the following line to the beginning of your
LDIF file, or your LDIF update statements:
version:1
LDIF Update Statements
Chapter 2 Creating Directory Entries 61
For example, you could use the following ldapmodify command:
prompt% ldapmodify -D userDN -w user_passwd
>version: 1
>dn: cn=Barney Fife,ou=People,dc=siroe,dc=com
>changetype: modify
>add: userCertificate
>userCertificate;binary:< file: BarneysCert
Changing an Attribute Value Using LDIF
Use changetype:modify with the replace operation to change all values of an
attribute in an entry.
For example, the following LDIF update statement changes Barney’s manager from
Sally Nixon to Wally Hensford:
dn: cn=Barney Fife,ou=People,dc=siroe,dc=com
changetype: modify
replace: manager
manager: cn=Wally Hensford, ou=People, dc=siroe,dc=com
If the entry has multiple instances of the attribute, then to change one of the
attribute values, you must delete the attribute value that you want to change, and
then add the replacement value. For example, consider the following entry:
cn=Barney Fife,ou=People,dc=siroe,dc=com
objectClass: inetOrgPerson
cn: Barney Fife
sn: Fife
telephonenumber: 555-1212
telephonenumber: 555-5678
To change the telephone number 555-1212 to 555-4321, use the following LDIF
update statement:
dn: cn=Barney Fife,ou=People,dc=siroe,dc=com
changetype: modify
delete: telephonenumber
telephonenumber: 555-1212
-
add: telephonenumber
telephonenumber: 555-4321
NOTE You can use the standard LDIF notation only with the ldapmodify
command, not with other command-line utilities.
LDIF Update Statements
62 iPlanet Directory Server Administrator’s Guide • April 2001
Barney’s entry is now as follows:
cn=Barney Fife,ou=People,dc=siroe,dc=com
objectClass: inetOrgPerson
cn: Barney Fife
sn: Fife
telephonenumber: 555-5678
telephonenumber: 555-4321
Deleting All Values of an Attribute Using LDIF
Use changetype:modify with the delete operation to delete an attribute from an
entry. If the entry has more than one instance of the attribute, you must indicate
which of the attributes you want to delete.
For example, the following LDIF update statement deletes all instances of the
telephonenumber attribute from the entry, regardless of how many times it
appears in the entry:
dn: cn=Barney Fife,ou=People,dc=siroe,dc=com
changetype: modify
delete: telephonenumber
If you want to delete just a specific instance of the telephonenumber attribute, then
you simply delete that specific attribute value. The following section describes how
to do this.
Deleting a Specific Attribute Value Using LDIF
Use changetype:modify with the delete operation to delete an attribute value
from an entry.
For example, consider the following entry:
cn=Barney Fife,ou=People,dc=siroe,dc=com
objectClass: inetOrgPerson
cn: Barney Fife
sn: Fife
telephonenumber: 555-1212
telephonenumber: 555-5678
To delete the 555-1212 telephone number from this entry, use the following LDIF
update statement:
dn: cn=Barney Fife,ou=People,dc=siroe,dc=com
changetype: modify
delete: telephonenumber
telephonenumber: 555-1212
LDIF Update Statements
Chapter 2 Creating Directory Entries 63
Barney’s entry then becomes:
cn=Barney Fife,ou=People,dc=siroe,dc=com
objectClass: inetOrgPerson
cn: Barney Fife
sn: Fife
telephonenumber: 555-5678
Deleting an Entry Using LDIF
Use changetype:delete to delete an entry from your directory. You can only
delete leaf entries. Therefore, when you delete an entry, make sure that no other
entries exist under that entry in the directory tree. That is, you cannot delete an
organizational unit entry unless you have first deleted all the entries that belong to
the organizational unit.
For example, of the following three entries:
ou=People,dc=siroe,dc=com
cn=Paula Simon,ou=People,dc=siroe,dc=com
cn=Jerry O’Connor,ou=People,dc=siroe,dc=com
you can delete only the last two entries. The entry that identifies the People subtree
can be deleted only if no other entries exist below it.
The following LDIF update statements can be used to delete person entries:
dn: cn=Pete Minsky,ou=People,dc=siroe,dc=com
changetype: delete
dn: cn=Sue Jacobs,ou=People,dc=siroe,dc=com
changetype: delete
CAUTION Do not delete the suffix o=NetscapeRoot. The iPlanet
Administration Server uses this suffix to store information about
installed iPlanet Servers. Deleting this suffix could force you to
reinstall all of your iPlanet servers, including the directory server.
Maintaining Referential Integrity
64 iPlanet Directory Server Administrator’s Guide • April 2001
Modifying an Entry in an Internationalized
Directory
If the attribute values in your directory are associated with one or more languages
other than English, the attribute values are associated with language tags. When
using the ldapmodify command-line utility to modify an attribute that has an
associated language tag, you must match the value and language tag exactly or the
modify operation will fail.
For example, if you want to modify an attribute value that has a language tag of
lang-fr, you must include the lang-fr in the modify operation as follows:
dn: bjensen,dc=siroe,dc=com
changetype: modify
replace: homePostalAddress;lang-fr
homePostalAddress;lang-fr: 34 rue de Seine