When trying to set a user's initial password phrase using Broadcom LDAP, what is the correct command and ldif syntax? 

Attempting to issue an ldapmodify command with changetype: modify results in a ACF0A005 RECORD(S) NOT FOUND error because the user does not have a passphrase set yet.

The options in LDAP are to either issue an ldapmodify command with changetype: add or to use the ldapadd command.

ldif example using ldapmodify:

dn: acf2UserPwphrase= testuser,acf2lid= testuser,acf2admingrp=lids,host=example.host.net                  
changetype: add                                                
PasswordPhrase: *

ldif example using ldapadd:

dn: acf2UserPwphrase= testuser,acf2lid= testuser,acf2admingrp=lids,host=example.host.net   
PasswordPhrase: *

An ldapmodify with changetype: modify will not work because changetype: modify will only perform a change if the ldap entry already exists. The functionality provided in ACF2 PTF LU09250 allows for the passphrase to be created if one does not exist if the ACF2 CHANGE command is issued in SET LID mode. In SET P(USER) DIV(PWPHRASE) mode, it is still not possible to issue a change command for a record that does not exist. 

For ldif information regarding changing a user's passphrase after it's already been set, see Using Broadcom LDAP Server to change an ACF2 user's password phrase

For more information regarding ldap commands, see the following Broadcom LDAP documentation:

ldapadd - Add an LDAP Object
ldapmodify -- Modify an LDAP Object