Managing Directory Entries 13-11 ACP by Using the Data Browser in ODSM on page 29-21 and Setting or Modifying Entry-Level Access by Using the Data Browser in ODSM on page 29-21. Managing Entries by Using LDAP Command-Line Tools This section contains the following topics: ■ Listing All the Attributes in the Directory by Using ldapsearch ■ Listing Operational Attributes by Using ldapsearch ■ Attribute Case in ldapsearch Output ■ Adding a User Entry by Using ldapadd ■ Modifying a User Entry by Using ldapmodify ■ Adding an Attribute Option by Using ldapmodify ■ Deleting an Attribute Option by Using ldapmodify ■ Searching for Entries with Attribute Options by Using ldapsearch Listing All the Attributes in the Directory by Using ldapsearch Use the following command line to list of all the attributes, including those that do not have values: ldapsearch -p port -h host -D cn=orcladmin -q -b cn=subschemasubentry \ -s base objectclass= Listing Operational Attributes by Using ldapsearch By default, ldapsearch does not return operational attributes. If you add the character + to the list of attributes in the search request, however, ldapsearch returns all operational attributes. Searching for an entry with + returns only operational attributes. For example: ldapsearch -h adc2190517 -p 3060 -D cn=orcladmin -w welcome -b c=uk -L -s base objectclass= + dn: c=UK orclguid: 8EB5730F5852DECBE040E80A7452694E creatorsname: cn=orcladmin createtimestamp: 20100826065339z modifytimestamp: 20100826065339z modifiersname: cn=orcladmin orclnormdn: c=uk By comparison, a search with but not + returns all user attributes: ldapsearch -h adc2190517 -p 3060 -D cn=orcladmin -w welcome -b c=uk -L -s base objectclass= dn: c=UK c: uk objectclass: top objectclass: country 13-12 Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory Attribute Case in ldapsearch Output In the output from the ldapsearch command, the attribute names are shown in lower case if the attribute orclReqattrCasein the instance-specific configuration entry is 0. If orclReqattrCase is set to 1, the attribute names in the output are shown in the same case in which they were entered on the command line. Example: ldapsearch -h localhost -p 389 -b dc=oracle,dc=com -s base -L objectclass= DC If orclReqattrCase is 0 the output looks like this: dn: dc=oracle,dc=com dc: oracle If orclReqattrCase is 1, the output looks like this: dn: dc=oracle,dc=com DC: oracle If an attribute is specified more than once on the same command line, the attribute names in the output will match the case of the first attribute specification. Adding a User Entry by Using ldapadd The following example shows how to add an entry for an employee named John. Use ldapadd as follows: ldapadd -p port_number -h host -D cn=orcladmin -q -f entry.ldif where entry.ldif looks like this: dn: cn=john, c=us objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: john cn;lang-fr:Jean cn;lang-en-us:John sn: Doe jpegPhoto: photojohn.jpg userpassword: password This file contains the cn, sn, jpegPhoto, and userpassword attributes. For the cn attribute, it specifies two options: cn;lang-fr, and cn;lang-en-us. These options return the common name in either French or American English. For the jpegPhoto attribute, it specifies the path and file name of the corresponding JPEG image you want to include as an entry attribute. Notes: ■ When you add or modify an entry, the Oracle directory server does not verify the syntax of the attribute values in the entry. ■ Do not insert a tilde ~ in a user name.