Chapter 6. Command-Line Utilities
258
Option Description
-w Specifies the password associated with the
distinguished name specified in the -D option.
For example:
-w mypassword
If a dash (-) is used as the password value,
the utility prompts for the password after the
command is entered. This avoids having the
password on the command line.
Table 6.11. Commonly-Used ldapmodify Options
SSL Options
Use the following command-line options to specify that ldapmodify is to use LDAP over SSL
(LDAPS) when communicating with the Directory Server. LDAPS encrypts data during transit. Also,
use these options for certificate-based authentication. These options are valid only when SSL has
been turned on and configured for the Directory Server. For more information on certificate-based
authentication and on creating a certificate database for use with LDAP clients, see the "Managing
SSL" chapter in the Directory Server Administrator's Guide.
Ensure that the Directory Server's encrypted port is specified when using these options.
Option Description
-3 Specifies that hostnames should be checked in
SSL certificates.
-I Specifies the SSL key password file that contains
the token:password pair.
-K Specifies the path, including the filename, of
the private key database of the client. Either the
absolute or relative (to the server root) path can
be specified. The -K option must be used when
the key database has a different name than
key3.db or when the key database is not under
the same directory as the certificate database,
the cert8.db file (the path for which is specified
with the -P option).
-N Specifies the certificate name to use for
certificate-based client authentication. For
example:
-N Server-Cert
If this option is specified, then the -Z and -
W options are required. Also, if this option is
specified, then the -D and -w options must not
be specified, or certificate-based authentication
will not occur, and the bind operation will use the
