The ldapmodify tool provides two methods for adding a single entry:

  • Using an LDIF file
  • Using the command line

The attributes must conform to your schema and contain the required object classes.

Adding requests with the ignore-no-user-modification control enables a client to include attributes that are not normally allowed from external sources, such as the userPassword attribute, which is a user-modifiable attribute. An add request with the ignore-no-user-modification control allows a one-time exception to the password policy, even if the requesting client does not have the bypass-pw-policy privilege. This exception enables specifying pre-encoded passwords.


When adding an entry, the server can ensure that the entry's relative distinguished name (RDN) is unique and does not contain any sensitive information by replacing the provided entry's RDN with the server-generated entryUUID value. An LDAP client written with the LDAP SDK for Java can use the NameWithEntryUUIDRequestControl to explicitly indicate which add requests should be named in this way or the ldapmodify tool with the --nameWithEntryUUID argument.

The auto-name-with-entry-uuid-connection-criteria and auto-name-with-entry-uuid-request-criteria global configuration properties can be used to identify which add requests should be automatically named this way.

You can also use the uniqueness request control with ldapmodify for enforcing uniqueness on a per-request basis. Provide at least one of the uniquenessAttribute or uniquenessFilter arguments with the request. For more information about this control, see the LDAP SDK documentation and the com.unboundid.ldap.sdk.unboundidds.controls.UniquenessResponseControl class for using the control.