ldapmodify
Chapter 7 Command-Line Utilities 245
Additional ldapmodify Options
The following options offer additional functionality.
Option Description
-K Specifies the path, including the filename, of the private key database of the
client. You may specify the absolute or relative (to the server root) path.
You must specify the -K option when the key database has a different name
than key3.db or when the key database is not under the same directory as
the certificate database, the cert8.db file (the path for which is specified with
the -P option).
-N Specifies the certificate name to use for certificate-based client authentication.
For example, -N Server-Cert. If this option is specified, then the -Z and -W
options are required. Also, if this option is specified, then the -D and -w
options must not be specified, or certificate-based authentication will not
occur, and the bind operation will use the authentication credentials specified
on -D and -w.
-P Specifies the path, including the filename, of the certificate database of the
client. You may specify the absolute or relative (to the server root) path. This
option is used only with the -Z option.
When used on a machine where an SSL-enabled web browser is configured,
the path specified on this option can be pointed to the certificate database for
the web browser. For example:
-P /security/cert.db
You can also store the client security files on the Directory Server in the
serverRoot/alias directory. In this case, the -P option calls out a path and
filename similar to the following:
-P /redhat/servers/alias/client-cert.db
-W Specifies the password for the certificate database identified on the -P option.
For example, -W serverpassword.
-Z Specifies that SSL is to be used for the directory request.
-ZZ Specifies the Start TLS request. Use this option if you want to make a cleartext
connection into a secure one. If the server does not support Start TLS, you do
not need to abort the command; it will continue in cleartext.
-ZZZ Enforces the Start TLS request. The server must respond that the request was
successful. If the server does not support Start TLS (such as Start TLS is not
enabled or the certificate information is incorrect), the command is aborted
immediately.
To Next Page
Loading...
Need help?
General
