Adding LDAP entries from the command line
Okay, so we've been dealing with LDAP a bit here on Ghacks, but mostly we've look at GUI tools (check out LDAP content on Ghacks). All of the GUI tools are good, but nothing beats the command line for pure control and power. And what's best, once you have LDAP installed, you have all the tools necessary to manage your LDAP data! There's really no need for further installation.
So, yeah...LDAP comes with it's own set of management tools and, in this article, we are going to take a look at the primary tool for adding entries to your LDAP databases: ldapadd.
From file or command?
One of the best things about the ldapadd command is that you can have it read all of your entries from files. That way you don't have to issue lengthy commands every time you want to add an entry. This also means you can add multiple entries at once. I will show you how to add entries this way so your LDAP administration life is much simpler. And from that process you should be able to glean enough to know the full command-line process.
When you see an ldapadd command for the first time, you might cringe, thinking it far too difficult to use. But once you understand the usage, it becomes quite easy. Now, you must have admin rights to issue the ldapadd command; so, depending up your distribution, you will either have to su to the root user or use sudo to issue the command.
The basic usage of the ldapadd command is:
ldapadd [OPTIONS] [CREDENTIALS] filename
Any file name you read into the ldapadd command should be in the form of an .ldif file. Now, let's take a look at the more common options you will use with ldapadd:
- x: Use simple authentication, instead of SASL authentication.
- D: This options means you are going to use the Distinguished Name (binddn) to bind to the LDAP directory.
- W: Prompt for simple authentication.
- f: The file name you want to read into ldapadd.
Using the D option means you are going to be using a Distinguished Name. What this means is that you are going to authenticate in the form of:
The above entry means you are using the admin user on the domain wallen.local.
Now, let's take a look at the format of the file you will use. Let's examine a very basic entry. Let's say I want to add the user Willow Wallen to my LDAP address book. I will do that within the file users.ldif. The entry looks like:
# Willow's Entry
dn: cn=Willow Wallen,ou=people,dc=wallen,dc=local
cn: Willow Wallen
This will add the user Willow Wallen to the group people and she will be labeled as a person. Save that file and now let's add her with the command:
sudo ldapadd -x -D cn=admin,dc=wallen,dc=local -W -f users.ldif
You will have to enter both your sudo password and your ldap password.
You have taken one major step forward in your usage of LDAP. This is a very powerful, very complex tool you have at your finger tips. It's important to understand the basics and learn one step at a time. We'll continue our journey into LDAP in upcoming articles.