PingDirectory

Adding entries

Depending on the number of entries that you want to add to your PingDirectory server, you can use the ldapmodify tool for small additions.

The ldapmodify tool provides two methods for adding a single entry:

  • Using an LDIF file

  • Using the command line

The attributes must conform to your schema and contain the required object classes.

Adding requests with the ignore-no-user-modification control enables a client to include attributes that are not normally allowed from external sources, such as the userPassword attribute, which is a user-modifiable attribute. An add request with the ignore-no-user-modification control allows a one-time exception to the password policy, even if the requesting client does not have the bypass-pw-policy privilege. This exception enables specifying pre-encoded passwords.

When adding an entry, the server can ensure that the entry’s relative distinguished name (RDN) is unique and does not contain any sensitive information by replacing the provided entry’s RDN with the server-generated entryUUID value. An LDAP client written with the LDAP SDK for Java can use the NameWithEntryUUIDRequestControl to explicitly indicate which add requests should be named in this way or the ldapmodify tool with the --nameWithEntryUUID argument.

The auto-name-with-entry-uuid-connection-criteria and auto-name-with-entry-uuid-request-criteria global configuration properties can be used to identify which add requests should be automatically named this way.

You can also use the uniqueness request control with ldapmodify for enforcing uniqueness on a per-request basis. Provide at least one of the uniquenessAttribute or uniquenessFilter arguments with the request. For more information about this control, see the LDAP SDK documentation and the com.unboundid.ldap.sdk.unboundidds.controls.UniquenessResponseControl class for using the control.

Adding an entry using an LDIF file

Use the ldapmodify tool to add an entry from an LDIF file.

Steps

  1. Open a text editor and create an entry that conforms with your schema.

    The PingDirectory server encrypts the password and stores its encrypted value in the server. Make sure that the LDIF file has limited read permissions for only authorized administrators.

    Example:

    The following example adds the entry in the file and saves the file as add-user.ldif. For the userPassword attribute, enter the cleartext password.

    dn: uid=user.2000,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
postalAddress: Toby Hall$73600 Mash Street$Cincinnati, OH 50563 postalCode: 50563
description: This is the description for Toby Hall.
uid: user.2000
userPassword: wordsmith employeeNumber: 2000
initials: TBH
givenName: Toby
pager: +1 596 232 3321
mobile: +1 039 311 9878
cn: Toby Hall
sn: Hall
telephoneNumber: +1 097 678 9688
street: 73600 Mash Street
homePhone: +1 214 233 8484
l: Cincinnati
mail: user.2000@maildomain.net
st: OH

  2. To add the entry specified in the LDIF file, run the ldapmodify tool.

    Example:

    $ bin/ldapmodify --defaultAdd --filename add-user.ldif

    Result:

    A confirmation message of the new addition appears. If the command is successful, you’ll see generated success messages with the "#" symbol.

    # Processing ADD request for uid=user.2000,ou=People,dc=example,dc=com
# ADD operation successful for DN uid=user.2000,ou=People,dc=example,dc=com

Adding an entry using the changetype LDIF directive

About this task

RFC 2849 specifies LDIF directives that you can use within your LDIF files. The most commonly used directive is changetype, which follows the dn: directive and defines the operation on the entry. The main advantage of using this method in an LDIF file is that you can combine add and modify in one file.

Steps

  1. Open a text editor and create an entry that conforms with your schema.

    Example:

    This example uses changetype: add to add the following entry in the file and saves the file as add-user2.ldif.

    dn: uid=user.2001,ou=People,dc=example,dc=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
postalAddress: Seely Dorm$100 Apple Street$Cincinnati, OH 50563
postalCode: 50563
description: This is the description for Seely Dorm.
uid: user.2001
userPassword: pleasantry
employeeNumber: 2001
initials: SPD
givenName: Seely pager: +1 596 665 3344
mobile: +1 039 686 4949
cn: Seely Dorm
sn: Dorm
telephoneNumber: +1 097 257 7542
street: 100 Apple Street
homePhone: +1 214 521 4883
l: Cincinnati
mail: user.2001@maildomain.net
st: OH

  2. To add the entry specified in the LDIF file, run the ldapmodify tool.

    Example:

    In this example, you do not need to use the --defaultAdd or its shortform -a option with the command.

    $ bin/ldapmodify --filename add-user2.ldif

    Result:

    A confirmation message displays confirming the addition.

Adding multiple entries in a single file

About this task

Add multiple entries in your LDIF file by separating each distinguished name (DN) and its entry with a blank line from the next entry.

Steps

  1. Open a text editor and create some entries that conform to your schema.

    Example:

    For example, add the following entries in the file and save the file as add-user3.ldif. Separate each entry with a blank line.

    dn: uid=user.2003,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass:
organizationalPerson
objectClass: inetOrgPerson
...(similar attributes to previous examples)...

dn: uid=user.2004,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
...(similar attributes to previous examples)...

  2. To add the entries specified in the LDIF file, run the ldapmodify tool.

    Example:

    This example uses the short form arguments for the ldapmodify tool.

    $ bin/ldapmodify -h server.example.com -p 389 \
  -D "cn=admin,dc=example,dc=com" -w password -a -f add-user3.ldif

    The -h option specifies the host name, the -p option specifies the LDAP listener port, -D specifies the bind DN, -w specifies the bind DN password, -a specifies that entries that omit a changetype are treated as add operations, and -f specifies the path to the input file. If the operation is successful, you will see commented messages (those begining with "#") for each addition.

    Result:

    # Processing ADD request for uid=user.2003,ou=People,dc=example,dc=com
# ADD operation successful for DN uid=user.2003,ou=People,dc=example,dc=com
# Processing ADD request for uid=user.2004,ou=People,dc=example,dc=com
# ADD operation successful for DN uid=user.2004,ou=People,dc=example,dc=com