In this section, I will be adding an entry to an LDAP directory using the ldapadd command.

Creating an LDIF File

Create an LDIF file (as shown below) named melody.ldif:

dn: uid=mhunter, ou=People, o=airius.com givenname: Melody telephonenumber: +1 412 555 8234 sn: Hunter userpassword: {MD4}yLYn5mv9vZ1kq/hHfuiFCg== ou: Human Resources ou: People l: Butler roomnumber: 1213 manager: uid=jhunter, ou=People, o=airius.com mail: mhunter@airius.com facsimiletelephonenumber: +1 412 555 8235 objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson uid: mhunter cn: Melody Hunter title: VP, Operations

Assuming the host for the directory server is named alex and running on port 389, you can use the following to add the above entry:

# ldapadd -v -D "cn=orcladmin" -w "welcome" -p 389 -h alex -f melody.ldif
add givenname:
        Melody
add telephonenumber:
        +1 412 555 8234
add sn:
        Hunter
add userpassword:
        {MD4}yLYn5mv9vZ1kq/hHfuiFCg==
add ou:
        Human Resources
        People
add l:
        Butler
add roomnumber:
        1213
add manager:
        uid=jhunter, ou=People, o=airius.com
add mail:
        mhunter@airius.com
add facsimiletelephonenumber:
        +1 412 555 8235
add objectclass:
        top
        person
        organizationalPerson
        inetOrgPerson
add uid:
        mhunter
add cn:
        Melody Hunter
add title:
        VP, Operations
adding new entry uid=mhunter, ou=People, o=airius.com
modify complete

Using a Here Document

You can also use the ldapadd without having to first create the file by using a here document as follows:

# ldapadd -D "cn=orcladmin" -w "welcome" -p 389 -h alex <<EOF
> dn: uid=mhunter, ou=People, o=airius.com
> givenname: Melody
> telephonenumber: +1 412 555 8234
> sn: Hunter
> userpassword: {MD4}yLYn5mv9vZ1kq/hHfuiFCg==
> ou: Human Resources
> ou: People
> l: Butler
> roomnumber: 1213
> manager: uid=jhunter, ou=People, o=airius.com
> mail: mhunter@airius.com
> facsimiletelephonenumber: +1 412 555 8235
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> uid: mhunter
> cn: Melody Hunter
> title: VP, Operations
> EOF

adding new entry uid=mhunter, ou=People, o=airius.com

NOTE: Keep the following in mind when attempting to add an entry to your LDAP directory: You cannot enter any operational attributes (i.e. orclguid, creatorsname, modifiersname, createtimestamp, modifytimestamp, pwdchangedtime) when attempting to add an entry. They -v command-line option specifies verbose mode which simply means to give a detailed output from the command. You cannot add a new entry (a non-first level entry) without a parent. Attempting to do so will result in an error. If I try to add, for example, an entry to ou=People2, o=airius.com (which does not exist), I will get the following error: adding new entry uid=mhunter, ou=People2, o=airius.com ldap_add_s: No such object

Now that we have successfully added an entry, I want to search for it. For this, we can use the command-line tool ldapsearch. Here is the general syntax for the ldapsearch command that is included with Oracle Internet Directory:

ldapsearch [options] filter [attributes...]

---

In the following query, I want to search for the entry we just added and include all of the attributes:

# ldapsearch -v -D "cn=orcladmin" -w "welcome" -h alex -p 389 -s sub -b "o=airius.com" "uid=mhunter"
ldap_init( alex, 389 )
filter pattern: uid=mhunter
returning: ALL
filter is: (uid=mhunter)
uid=mhunter, ou=People, o=airius.com
givenname=Melody
telephonenumber=+1 412 555 8234
sn=Hunter
userpassword={MD4}yLYn5mv9vZ1kq/hHfuiFCg==
ou=Human Resources
ou=People
l=Butler
roomnumber=1213
manager=uid=jhunter, ou=People, o=airius.com
mail=mhunter@airius.com
facsimiletelephonenumber=+1 412 555 8235
objectclass=top
objectclass=person
objectclass=organizationalPerson
objectclass=inetOrgPerson
uid=mhunter
cn=Melody Hunter
title=VP, Operations
1 matches

---

Now, I want to perform the same search, but this time not include the verbose option (-v) and only include several of the attributes for the output:

# ldapsearch -D "cn=orcladmin" -w "welcome" -h alex -p 389 -s sub -b "o=airius.com" "uid=mhunter" dn cn uid
uid=mhunter, ou=People, o=airius.com
cn=Melody Hunter
uid=mhunter

---

For this search, I want to limit the amount of entries being returned. To do this, I can use the -z parameter. If I were to search for all entries with Jeff as part of the command name (cn:), I would have 4 records. For this example, I want to limit the search to only two records:

# ldapsearch -D "cn=orcladmin" -w "welcome" -h alex -p 389 -s sub -b "o=airius.com" -z 2 "cn=Jeff*" dn cn uid
uid=jcampai2, ou=People, o=airius.com
cn=Jeffrey Campaigne
uid=jcampai2

uid=jmuffly, ou=People, o=airius.com
cn=Jeff Muffly
uid=jmuffly
ldap_search: Sizelimit exceeded

The Oracle Internet Directory includes the ldapmodify utility that, like its name suggests, is used to modify entries stored within the LDAP directory. Although a book could be written on just using the ldapmodify command, I will provide a few examples that will give you a feel for how this command can be used.

---

To start off, here is an example that adds an optional attribute to the entry we added in the ldapadd example above. Let's add the departmentNumber attribute by first creating an LDIF file (shown below) named melody_modify.ldif:

dn: uid=mhunter, ou=People, o=airius.com changetype: modify add: departmentNumber departmentNumber: HR-342

Assuming the host for the directory server is named alex and running on port 389, you can use the following to modify the above entry in order to add the departmentNumber attribute:

# ldapmodify -D "cn=orcladmin" -w "welcome" -p 389 -h alex -f melody_modify.ldif
modifying entry uid=mhunter, ou=People, o=airius.com

---

Now let's use the delete option for ldapmodify in order to remove the optional attribute we just added: departmentNumber. Just like above, we create an LDIF file named melody_modify.ldif and use the ldapmodify command as follows:

dn: uid=mhunter, ou=People, o=airius.com changetype: modify delete: departmentNumber

# ldapmodify -D "cn=orcladmin" -w "welcome" -p 389 -h alex -f melody_modify.ldif
modifying entry uid=mhunter, ou=People, o=airius.com

---

For a last example, let's use the replace option of the ldapmodify command. For this example, I want to replace the title from "VP, Operations" to "VP, Human Resources" as follows:

dn: uid=mhunter, ou=People, o=airius.com changetype: modify replace: title title: VP, Human Resources

# ldapmodify -D "cn=orcladmin" -w "welcome" -p 389 -h alex -f melody_modify.ldif
modifying entry uid=mhunter, ou=People, o=airius.com

One of the last type of operations you would typically want to perform on an LDAP entry is to delete it. This is where the ldapdelete command-line tool can come in handy. Keep in mind, however, that you can only delete non-leaf entries. If you try to delete a non-leaf entry, the operation will fail. Let's know delete the entry we created in the ldapadd section of this document:

# ldapdelete -D "cn=orcladmin" -w "welcome" -p 389 -h alex -v "uid=mhunter, ou=People, o=airius.com"
deleting entry uid=mhunter, ou=People, o=airius.com
delete completed

One of the last commands I will be covering in this article is the ldapmoddn command. You can use this command to modify any RDN or DN entry you have access to.

---

For this first example, I will modify an RDN of the following entry: "uid=mlott, ou=People, o=airius.com".

# ldapmoddn -D "cn=orcladmin" -w "welcome" -p 389 -h alex -b "uid=mlott, ou=People, o=airius.com" -R "uid=mikelott"
uid=mlott, ou=People, o=airius.com renamed successfully.

---

Now, for a more complex example. I want to change (or better said, move the RDN "ahunter") the entry "uid=ahunter, ou=People, o=airius.com" to "uid=ahunter, ou=People, dc=idevelopment, dc=info":

# ldapmoddn -D "cn=orcladmin" -w "welcome" -p 389 -h alex -b "uid=ahunter, ou=People, o=airius.com" -R "uid=ahunter" -N "ou=People, dc=idevelopment, dc=info"
uid=ahunter, ou=People, o=airius.com renamed successfully.