ldapmodify: be careful with attribute options

Clients must include the attribute options when using an attribute name following a mod-spec. Consider the following LDIF:

# wrong
dn: cn=test,c=us
changetype: modify
replace: your-attribute-name
your-attribute-name;binary: binary-stuff

your-attribute-name must contain the option (binary in this case). Here is the corrected LDIF:

# right
dn: cn=test,c=us
changetype: modify
replace: your-attribute-name;binary
your-attribute-name;binary: binary-stuff

Some broken ldapmodify tools (notably the legacy OpenLDAP ldapmodify tool) and directory servers accept the first wrong LDIF as correct. Be sure to follow the standards.

About Terry Gardner

Terry Gardner was a leading directory services architect with experience with many large scale directory services installations and messaging server installations, and was a Subject Matter Expert in the field of Directory Services and Solaris (operating system) performance. Mr. Gardner also participated in the open-source software community. Mr. Gardner passed away in December, 2013.
This entry was posted in computing, LDAP and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s