Red Hat DIRECTORY SERVER 8.0 Command Reference Manual page 195

Option
-P
-Q
-W
-Z
-ZZ
-ZZZ
Description
-N Server-Cert
If this option is specified, then the -Z and -
W options are required. Also, if this option is
specified, then the -D and -w options must not
be specified, or certificate-based authentication
will not occur, and the bind operation will use the
authentication credentials specified on -D and -
w.
Specifies the absolute path, including the
filename, of the certificate database of the client.
This option is used only with the -Z option. When
used on a machine where an SSL-enabled web
browser is configured, the path specified on this
option can be pointed to the certificate database
for the web browser. For example:
-P /security/cert.db
The client security files can be stored on
the Directory Server in the /etc/dirsrv/
slapd-instance_name directory. In this case,
the -P option calls out a path and filename
similar to the following:
-P /etc/dirsrv/slapd-instance_name/client-
cert.db
Specifies the token and certificate name, which is
separated by a semicolon (:) for PKCS11.
Specifies the password for the certificate
database identified on the -P option. For
example:
-W serverpassword
Specifies that SSL is to be used for the directory
request.
Specifies the Start TLS request. Use this option
to make a cleartext connection into a secure
one. If the server does not support Start TLS, the
command does not need aborted; it will continue
in cleartext.
Enforces the Start TLS request. The server
must respond that the request was successful.
If the server does not support Start TLS, such
as Start TLS is not enabled or the certificate
ldapmodify
185