Modify LDAP entries with the ldapmodify command

Recently I've done a number of articles covering the Lightweight Directory Access Protocol (LDAP) which range from installation, adding entries, to full-blown GUI management tools (See LDAP content on Ghacks for more information). If you're in the dark about LDAP is an application protocol that allows the querying and modifying of directory services data implemented on IP networks. Basically it's a complex, large, directory of information of various forms that can be used for many, varied implementations (company addressbooks, application authentication, etc).

Once LDAP is installed you have, at your fingertips, plenty of tools to add, edit, and delete data on that server. One of those tools is critical to keeping data current. That tool is ldapmodify. In this article I am going to show you how to use this tool to modify an entry in an LDAP server.

Command basics

The ldapmodify command isn't exactly like all other commands. Instead of just running a single command and being done with it, you issue the command, do you work, and then escape out of the command. The actual modification of the data doesn't happen until you escape the command. The sequence goes like this:

1. Issue the ldapmodify command (with appropriate options).
2. Inform ldapmodify what you are modifying.
3. Modify your data.
4. Escape with CTRL-d.
5. ldapmodify will make the changes.

Yes, it does seem like a fairly complex process...and yes it is a complex, but a very necessary process.

Let's take a look at the actual process. As an example I am going to modify the gecos entry of an already existing directory entry. The gecos entry is a general information field that can be used for just about anything). Let's have some fun and change the gecos entry for user scooper and indicate that Sheldon Cooper is a Theoretical Physicist at Caltech University. We'll assume the gecos entry only contains the information "Sheldon Cooper" and the LDAP server's is on 192.168.1.10 and the full dc is wallen.local. Here is the actual process for this task:

Issue the command:

ldapmodify -h localhost -x -W -D "cn=admin,dc=wallen,dc=local"

It will now seem like the command is stuck. It's actually just waiting for input. The input will look like this (hit Enter after each line):

dn: uid=scooper,ou=People,dc=wallen,dc=local
changetype: modify
replace: gecos
gecos: Theoretical Physicist, Caltech University

Once you have completed entering this text, hit Enter, and then hit CTRL-d to escape the command and then you should see something like:

modifying entry "uid=scooper,ou=People,dc=wallen,dc=local"

Now if you issue the ldapsearch command you will see the changes made. The ldapsearch command would look something like:

ldapsearch -x -b "dc=wallen,dc=local" -s sub "objectclass=*"

You should see Sheldon's listing like this:

# scooper, People, wallen.local
dn: uid=scooper,ou=People,dc=wallen,dc=local
uid: scooper
cn: Sheldon Cooper
objectClass: account
objectClass: posixAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 500
gidNumber: 120
homeDirectory: /home/scooper
gecos: Theoretical Physicist Caltech University

You now have modified the entry. Of course you aren't limited to the gecos entry. You can actually modify any entry you want using the same technique.

Final thoughts

Hopefully LDAP is getting easier and easier for you. You can now add and modify entries. We will keep digging and eventually you will have the LDAP basics mastered.

Advertisement