The ldifmodify Command-Line Tool

Apply a set of changes (including add, delete, modify, and modify DN operations) to a set of entries contained in an LDIF file. The changes will be read from a second file (containing change records rather than entries), and the updated entries will be written to a third LDIF file. Unlike ldapmodify, the ldifmodify cannot read the changes to apply from standard input.

All of the change records will be read into memory before processing begins, so it is important to ensure that the tool is given enough memory to hold those change records. However, it will only operate on a single source entry at a time, so the size of the source LDIF file does not significantly impact the amount of memory that the tool requires.

Note that the tool will attempt to correctly handle multiple changes affecting the same entry. However, because it only operates on one entry at a time, it cannot always behave in exactly the same way as if it were applying the changes over LDAP to a server populated with the source LDIF file. For example, it is not possible to reject an attempt to delete an entry that has subordinates, so any delete will be treated as a subtree delete.

Further, not all types of modify DN change records are supported. In particular, modify DN change records are not permitted if they target any entry that has been targeted by a previous change record (for example, renaming an entry that was created by a previous add change record).

Finally, it cannot perform other types of validation, like ensuring that all of the necessary superior entries exist when adding a new entry, or ensuring that a modify DN will not introduce a conflict with an existing entry.

Usage

ldifmodify {arguments}

Input Arguments

• -s {path} / --sourceLDIF {path} — The path to an LDIF file containing the source entries to be updated. This argument must be provided exactly once, and the file must exist.
  The specified path must refer to a file that exists.
  
  
• --sourceEncryptionPassphraseFile {path} — The path to the file containing the passphrase needed to decrypt the contents of the source LDIF file (if it is encrypted). If this argument is provided, the file must exist and must contain exactly one line that contains only the encryption passphrase. If the source LDIF file is encrypted but this argument is not provided, then the tool will interactively prompt for the passphrase.
  The specified path must refer to a file that exists.
  
  
• -m {path} / --changesLDIF {path} — The path to the file containing the LDIF change records that represent the changes to apply. This argument must be provided exactly once, and the file must exist. The entire contents of the file will be read into memory so that all changes will be available when processing entries in the source LDIF file.
  The specified path must refer to a file that exists.
  
  
• --changesEncryptionPassphraseFile {path} — The path to the file containing the passphrase needed to decrypt the contents of the changes LDIF file (if it is encrypted). If this argument is provided, the file must exist and must contain exactly one line that contains only the encryption passphrase. If the changes LDIF file is encrypted but this argument is not provided, then the tool will interactively prompt for the passphrase.
  The specified path must refer to a file that exists.
  
  
• --stripTrailingSpaces — Strip off any illegal trailing spaces identified in LDIF entries rather than rejecting those entries.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --lenientModifications — Be lenient when applying modifications. If this argument is provided, then neither attempts to add an attribute value that already exists nor attempts to remove an attribute value that does not exist will be considered an error.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --strictModifications — Use strict mode when applying modifications to entries. If this argument is provided, then the tool will report an error when trying to modify an entry to add an attribute value that already exists in the entry or to remove an attribute value that does not exist in the entry. By default, the tool will operate in lenient mode, and these 'no-op' modifications will be permitted.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --ignoreDuplicateDeletes — Ignore subsequent deletes that target an entry that has already been deleted by an earlier change. By default, subsequent deletes that target an already-deleted entry will be reported as an error.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --ignoreDeletesOfNonexistentEntries — Ignore deletes that target entries that do not exist in the source LDIF file. By default, deletes targeting nonexistent entries will be reported as an error.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --ignoreModifiesOfNonexistentEntries — Ignore modifies that target entries that do not exist in the source LDIF file. By default, modifies targeting nonexistent entries will be reported as an error.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  

Output Arguments

• -t {path} / --targetLDIF {path} — The path to the file to which the updated entries will be written. This argument must be provided exactly once. If the path exists, then it must reference a file rather than a directory, and that file will be overwritten with the updated entries. If the path does not exist, then its parent directory must exist.
  The specified path must refer to a file which may or may not exist, but whose parent directory must exist.
  
  
• --compressTarget — GZIP-compress the data written to the target LDIF file.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --encryptTarget — Encrypt the data written to the target LDIF file. If the --targetEncryptionPassphraseFile argument is not provided to supply the passphrase to use to generate the encryption key, then the tool will interactively prompt for the passphrase.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --targetEncryptionPassphraseFile {path} — The path to the file containing the passphrase that will be used to encrypt the data as it is written to the target file. If this argument is not provided and the output file is to be encrypted, then the tool will interactively prompt for the passphrase.
  The specified path must refer to a file that exists.
  
  
• --wrapColumn {value} — The column at which long lines should be wrapped. By default, long lines will be wrapped based on the terminal width (or 80 columns if the terminal width cannot be determined).
  The specified value must not be less than 5 or greater than 2,147,483,647.
  
  
• -T / --doNotWrap — Do not wrap long lines as they are written.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --suppressComments — Do not include comments in the target LDIF file. By default, each entry will include a comment to indicate what changes (if any) were applied to it.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  

Additional Arguments

• --noSchemaCheck — Do not perform schema checking while applying changes to entries.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --interactive — Launch the tool in interactive mode.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• -H / --help — Display usage information for this program.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --help-debug — Display usage information for debug logging.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --enable-debug-logging — Enables debug logging for the tool.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --debug-log-level {level} — The debug log level to use for the tool. Allowed values include 'off', 'severe', 'warning', 'info', 'fine', 'finer', and 'finest'. If this is not specified, a default level of 'severe' will be used.
  
  
• --debug-log-category {category} — The message categories to include in the debug log output. Allowed values include 'asn1', 'connect', 'exception', 'ldap', 'connectionpool', 'ldif', 'monitor', 'codingerror', and 'other'. This argument may be provided multiple times to indicate that multiple categories should be included. If this is not specified, then all categories will be included.
  
  
• --include-debug-stack-traces — Indicates that debug log messages should include a stack trace with the code location from which each debug message originated.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --use-multi-line-debug-messages — Indicates that debug log messages (which will be JSON objects) should be written as multi-line strings rather than single-line strings.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --debug-log-file {path} — The path to the debug log file to be written. If this is not specified, a default path of 'ldifmodify.debug' will be used.
  The specified path must refer to a file which may or may not exist, but whose parent directory must exist.
  
  
• -V / --version — Display version information for this program.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --propertiesFilePath {path} — The path to a properties file used to specify default values for arguments not supplied on the command line.
  The specified path must refer to a file that exists.
  
  
• --generatePropertiesFile {path} — Write an empty properties file that may be used to specify default values for arguments.
  The specified path must refer to a file which may or may not exist, but whose parent directory must exist.
  
  
• --noPropertiesFile — Do not obtain any argument values from a properties file.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --suppressPropertiesFileComment — Suppress output listing the arguments obtained from a properties file.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  

Dependent Argument Sets

• If the --targetEncryptionPassphraseFile argument is provided, then the --encryptTarget argument must also be provided.

Exclusive Argument Sets

• The following arguments cannot be used together: --lenientModifications, --strictModifications
• The following arguments cannot be used together: --wrapColumn, --doNotWrap
• The following arguments cannot be used together: --propertiesFilePath, --noPropertiesFile

Examples

• Apply the changes contained in LDIF file 'changes.ldif' to the entries contained in LDIF file 'original.ldif' and write the updated entries to LDIF file 'updated.ldif'.

    ldifmodify --sourceLDIF original.ldif --changesLDIF changes.ldif \
         --targetLDIF updated.ldif