--- title: Adding entries description: Depending on the number of entries that you want to add to your PingDirectory server, you can use the ldapmodify tool for small additions. component: pingdirectory version: 11.0 page_id: pingdirectory:pingdirectory_server_administration_guide:pd_ds_add_entries canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_server_administration_guide/pd_ds_add_entries.html revdate: September 13, 2023 page_aliases: ["pd_ds_add_entry_using_ldif_file.adoc", "pd_ds_add_entry_changetype_ldif_directive.adoc", "pd_ds_add_multiple_entries_in_single_file.adoc"] section_ids: adding-an-entry-using-an-ldif-file: Adding an entry using an LDIF file steps: Steps example: Example: example-2: Example: result: Result: adding-an-entry-using-the-changetype-ldif-directive: Adding an entry using the changetype LDIF directive about-this-task: About this task steps-2: Steps example-3: Example: example-4: Example: result-2: Result: adding-multiple-entries-in-a-single-file: Adding multiple entries in a single file about-this-task-2: About this task steps-3: Steps example-5: Example: example-6: Example: result-3: Result: --- # Adding entries Depending on the number of entries that you want to add to your PingDirectory server, you can use the `ldapmodify` tool for small additions. The `ldapmodify` tool provides two methods for adding a single entry: * Using an LDIF file * Using the command line The attributes must conform to your schema and contain the required object classes. Adding requests with the `ignore-no-user-modification` control enables a client to include attributes that are not normally allowed from external sources, such as the `userPassword` attribute, which is a user-modifiable attribute. An add request with the `ignore-no-user-modification` control allows a one-time exception to the password policy, even if the requesting client does not have the `bypass-pw-policy` privilege. This exception enables specifying pre-encoded passwords. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | When adding an entry, the server can ensure that the entry's relative distinguished name (RDN) is unique and does not contain any sensitive information by replacing the provided entry's RDN with the server-generated `entryUUID` value. An LDAP client written with the LDAP SDK for Java can use the `NameWithEntryUUIDRequestControl` to explicitly indicate which add requests should be named in this way or the `ldapmodify` tool with the `--nameWithEntryUUID` argument.The `auto-name-with-entry-uuid-connection-criteria` and `auto-name-with-entry-uuid-request-criteria` global configuration properties can be used to identify which add requests should be automatically named this way.You can also use the uniqueness request control with `ldapmodify` for enforcing uniqueness on a per-request basis. Provide at least one of the `uniquenessAttribute` or `uniquenessFilter` arguments with the request. For more information about this control, see the LDAP SDK documentation and the `com.unboundid.ldap.sdk.unboundidds.controls.UniquenessResponseControl` class for using the control. | ## Adding an entry using an LDIF file Use the `ldapmodify` tool to add an entry from an LDIF file. ### Steps 1. Open a text editor and create an entry that conforms with your schema. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | The PingDirectory server encrypts the password and stores its encrypted value in the server. Make sure that the LDIF file has limited read permissions for only authorized administrators. | #### Example: The following example adds the entry in the file and saves the file as `add-user.ldif`. For the `userPassword` attribute, enter the cleartext password. ``` dn: uid=user.2000,ou=People,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson postalAddress: Toby Hall$73600 Mash Street$Cincinnati, OH 50563 postalCode: 50563 description: This is the description for Toby Hall. uid: user.2000 userPassword: wordsmith employeeNumber: 2000 initials: TBH givenName: Toby pager: +1 596 232 3321 mobile: +1 039 311 9878 cn: Toby Hall sn: Hall telephoneNumber: +1 097 678 9688 street: 73600 Mash Street homePhone: +1 214 233 8484 l: Cincinnati mail: user.2000@maildomain.net st: OH ``` 2. To add the entry specified in the LDIF file, run the `ldapmodify` tool. #### Example: ```shell $ bin/ldapmodify --defaultAdd --filename add-user.ldif ``` #### Result: A confirmation message of the new addition appears. If the command is successful, you'll see generated success messages with the "#" symbol. ``` # Processing ADD request for uid=user.2000,ou=People,dc=example,dc=com # ADD operation successful for DN uid=user.2000,ou=People,dc=example,dc=com ``` ## Adding an entry using the changetype LDIF directive ### About this task RFC 2849 specifies LDIF directives that you can use within your LDIF files. The most commonly used directive is `changetype`, which follows the `dn:` directive and defines the operation on the entry. The main advantage of using this method in an LDIF file is that you can combine `add` and `modify` in one file. ### Steps 1. Open a text editor and create an entry that conforms with your schema. #### Example: This example uses `changetype: add` to add the following entry in the file and saves the file as `add-user2.ldif`. ``` dn: uid=user.2001,ou=People,dc=example,dc=com changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson postalAddress: Seely Dorm$100 Apple Street$Cincinnati, OH 50563 postalCode: 50563 description: This is the description for Seely Dorm. uid: user.2001 userPassword: pleasantry employeeNumber: 2001 initials: SPD givenName: Seely pager: +1 596 665 3344 mobile: +1 039 686 4949 cn: Seely Dorm sn: Dorm telephoneNumber: +1 097 257 7542 street: 100 Apple Street homePhone: +1 214 521 4883 l: Cincinnati mail: user.2001@maildomain.net st: OH ``` 2. To add the entry specified in the LDIF file, run the `ldapmodify` tool. #### Example: In this example, you do not need to use the `--defaultAdd` or its shortform `-a` option with the command. ```shell $ bin/ldapmodify --filename add-user2.ldif ``` #### Result: A confirmation message displays confirming the addition. ## Adding multiple entries in a single file ### About this task Add multiple entries in your LDIF file by separating each distinguished name (DN) and its entry with a blank line from the next entry. ### Steps 1. Open a text editor and create some entries that conform to your schema. #### Example: For example, add the following entries in the file and save the file as `add-user3.ldif`. Separate each entry with a blank line. ``` dn: uid=user.2003,ou=People,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson ...(similar attributes to previous examples)... dn: uid=user.2004,ou=People,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson ...(similar attributes to previous examples)... ``` 2. To add the entries specified in the LDIF file, run the `ldapmodify` tool. #### Example: This example uses the short form arguments for the `ldapmodify` tool. ```shell $ bin/ldapmodify -h server.example.com -p 389 \ -D "cn=admin,dc=example,dc=com" -w password -a -f add-user3.ldif ``` The `-h` option specifies the host name, the `-p` option specifies the LDAP listener port, `-D` specifies the bind DN, `-w` specifies the bind DN password, `-a` specifies that entries that omit a changetype are treated as add operations, and `-f` specifies the path to the input file. If the operation is successful, you will see commented messages (those beginning with "#") for each addition. #### Result: ``` # Processing ADD request for uid=user.2003,ou=People,dc=example,dc=com # ADD operation successful for DN uid=user.2003,ou=People,dc=example,dc=com # Processing ADD request for uid=user.2004,ou=People,dc=example,dc=com # ADD operation successful for DN uid=user.2004,ou=People,dc=example,dc=com ```