Server User Manual
ldapmodify
259
Option Description
authentication credentials specified on -D and -
w.
-P Specifies the absolute path, including the
filename, of the certificate database of the client.
This option is used only with the -Z option. When
used on a machine where an SSL-enabled web
browser is configured, the path specified on this
option can be pointed to the certificate database
for the web browser. For example:
-P /security/cert.db
The client security files can be stored on
the Directory Server in the /etc/dirsrv/
slapd-instance_name directory. In this case,
the -P option calls out a path and filename
similar to the following:
-P /etc/dirsrv/slapd-instance_name/client-
cert.db
-Q Specifies the token and certificate name, which
is separated by a semicolon (:) for PKCS11.
-W Specifies the password for the certificate
database identified on the -P option. For
example:
-W serverpassword
-Z Specifies that SSL is to be used for the directory
request.
-ZZ Specifies the Start TLS request. Use this option
to make a cleartext connection into a secure
one. If the server does not support Start TLS, the
command does not need aborted; it will continue
in cleartext.
-ZZZ Enforces the Start TLS request. The server
must respond that the request was successful.
If the server does not support Start TLS, such
as Start TLS is not enabled or the certificate
information is incorrect, the command is aborted
immediately.
Table 6.12. ldapmodify SSL Options
SASL Options
SASL mechanisms can be used to authenticate a user, using the -o the required SASL information.
To learn which SASL mechanisms are supported, search the root DSE. See the -b option in Table 6.3,
“Commonly-Used ldapsearch Options”.