How to change an attribute value for all entries of ldap directory using ldapmodify command?

Question

LDAP: How to modify an attribute value for all entries of directory using ldapmodify command? Looking for some syntax like below in modification input file for ldapmodify command

dn: uid=*,ou=People,dc=example,dc=com
changetype: modify
add: customerNumber
customerNumber: 12345
-
add: accountNumber
accountNumber: 12345

I don't believe it's possible to query and modify entries in the one operation, though I'd like to be corrected. — Andy, Mar 08 '15 at 00:28
@Andy Agreed, it isn't possible. OP will have to traverse the DIT. — user207421, Mar 08 '15 at 03:46

score 1 · Answer 1 · answered Mar 09 '15 at 04:29

This can't be done with just ldapmodify, but you can string a couple things together to do what you're asking. The following runs ldapmodify against an ldif file that we build on the fly from an ldapsearch plus the desired modifications.

ldapmodify -f <(ldapsearch -LLL -b ou=People,dc=example,dc=com -s one uid=* dn | sed 's/^$/add: customerNumber\ncustomerNumber: 12345\n-\nadd: accountNumber\naccountNumber: 12345\n-\n/' )

Note: This is gives all matched entries the same customerNumber and accountNumber. If that's not what you want you'll have to use something more complicated than sed, perhaps awk or perl. Also, it's probably complicated enough that you'll want to do it in more than one line first. Make the ldif, review, then run ldapmodify.

How to change an attribute value for all entries of ldap directory using ldapmodify command?

1 Answers1