LDIF Examples : Add modify and Delete users (inetorgperson)

LDIF : Light weight Data Interchange format.

Please go through https://www.ietf.org/rfc/rfc2849.txt for reference


Case:  Add an entry to any LDAP Server. (Ex: InetOrgPerson)

Steps: Read the objectclass definition for the entry .

Must attributes for InetOrgPerson: CN (Common Name) and SN  (Surname)

Naming Attribute: UID / CN i.e. RDN (Relative Distinguished Name) can be CN or, UID.

Optional Attributes: Many ( Additionally all the attributes deifined in objectclasses which are used to derive InetOrgperson is available too)


Ex:  Adding a sample user “bob” under organization “troubleshoot:

dn: cn=bob,o=troubleshoot
changetype: add
objectclass: inetOrgPerson
cn: bob
sn: test
userpassword: sdh^@hg(^3
title: Test User
TelephoneNumber: 555 555 6666
mail: bob@troubleshoot.com

Ex: Adding additional attributes “UID” and country to entry “bob”

dn: cn=bob,o=troubleshoot
changetype: modify
add: uid
uid: bob-uid
add: c

Ex: Adding one more value for mail

dn: cn=bob,o=troubleshoot
changetype: modify
add: mail
mail: newmailid@troubleshoot.com

Ex: Replacing all previous values of mail with a new one.

dn: cn=bob,o=troubleshoot
changetype: modify
replace: mail
mail: finalmail@troubleshoot.com

Ex: Delete title

dn: cn=bob,o=troubleshoot
changetype: modify
delete: title

Ex: Delete entry bob

dn: cn=bob,o=troubleshoot
changetype: delete

Let me know through comment if you need example for any of below or, you have any other question….. I’ll update the post with response asap…

Ex: Change RDN

Ex: Alias

Ex: Add to a group



Open LDAP – Installation and configuration

Software Download

Download OpenLDAP Source code from 



Pre Work :

Set below environmental variable. The path may change based on your local system install location of berkleyDB




LDFLAGS=”-L/usr/local/lib -L/usr/local/berkeleyDB/lib -R/usr/loca/berkeleyDB/lib”

export LDFLAGS





Building OpenLDAP Source code: 

Go to folder where you have extracted openLDAP

Run below commands: (if you want/need to support TLS , run with flag –with-tls )

# ./configure 

# make depend

# make

# make test (if this fails, please logout and re-login and run this command)


Configuring openLDAP :


Go to /usr/local/etc/openldap 

Update slapd.conf under title :  BDB database definitions

suffix          “dc=ACME,dc=com”

rootdn          “cn=Manager,dc=idcqa,dc=com”

rootpw          password

Note: Replace “dc=amce,dc=com” with your required DN.

You can set password as hashed value. for that use slappasswd to generate the hash.  


Starting the Server

Start LDAP Server using below command

/usr/local/libexec/slapd -d127 -h “ldap://:389/ ldaps://:636/”  &

This will start server in debug mode and it will listen cleartext on 389 and TLS on 636

Sample LDIFs 

Use Below LDIF to add your first entry (save it as root.ldif)

dn: dc=ACME,dc=com

dc: ACME

description: ACME  Corp.

objectClass: dcObject

objectClass: organization

o: Acme


Command to add the entry to OpenLDAP: 

ldapadd -a -h localhost -p 389 -D “cn=Manager,dc=idcqa,dc=com” -w password  -f root.ldif -x

# ldapadd command will get installed along with openLDAP installation


Create Group:

create a ldif file with following contents to add a group under dc=Acme,dc=com

dn: cn=group1,dc=acme,dc=com

objectClass: groupOfNames

cn: group1


Command:   ldapadd  -h localhost -p 389 -D “cn=Manager,dc=idcqa,dc=com” -w password  -f group.ldif -x


Creating User 

create a ldif file with following contents:

dn: cn=u1,dc=acme,dc=com

changetype: add

objectClass: inetOrgPerson

objectClass: organizationalPerson

objectClass: person

objectClass: top

sn: u1

cn: u1

mail: u1@acme.com

userPassword: password

Continue reading

Lightweight Directory Access protocol ( LDAP ) : Basic layman style introduction

LDAP – Lightweight Directory Access Protocol


 Think of it as a Tree… “Say Apple tree” . It has leaves , Apple etc..,

Apple has property like Cover, color, seeds etc.

Similarly, Leave has properties like It’s Green , It’s soft etc….

Let’s look closely @ Apple,

We can view Apple as “class” in java and it’s occurrence in the tree as instances of Apple Object…. –> In LDAP, it’s exactly same, Apple is ObjectClass and Instances of it on tree are called Objects or. entries.

Properties of Apple ..Color , Cover , Seeds are property that defines Apple… in LDAP , These can be viewed as attribute that defined the  Objectclass “Apple”.

Similarly you can think of other entries on Apple Tree ..i.e. Leaves , stem etc.

 Now, coming back to LDAP, LDAP is a Database which holds data like any other database, but in Hierarchically fashion and are defined by Objectclasses.

The data/objects could be user , Computer, Server, Customer and everything that needs to be represented as data.

Ex: One of the popular used object class is “user” in Active Directory.

     If you look into the schema, it is defined as an object class which must hold attributes like “CN (common Name)” and SN (surname) . It may additionally hold attribute like UID, UserPassword,photo , member (group membership) , title, Supervisor, etc.

Schema , which defines ldapSyntax, Attribute, Objectlass and extensions , are key which defines the data that is stored in an LDAP Server along with access capabilities. We’ll take deep dive into them later.

Below is Sample LDIF file to create a user in LDAP.


dn: cn=user1,cn=users,dc=domainname,dc=com

change type: Add

Objectclass: inetOrgperson

sn: user1

userpassword: password

uid: user1


Oracle Directory Service Control Center – Installation and Configuration


1.  Download and Unpack

    Download the package from Oracle  (Refer to http://docs.oracle.com/cd/E20295_01/html/821-1216/getting-dsee.html )
    Run Below command:

  # mkdir -p /var/tmp/dsee
  # cd /var/tmp/dsee
  # unzip -q ODSEE11_1_1_5_0_xxx.zip
  # cd ODSEE_ZIP_Distribution
  # unzip -q sun-dsee7.zip -d /app/Oracle
  # cd i/app/oracle/dsee7

2. Initialize DSCC Registry

 # ./dsccsetup ads-create
   Choose password for Directory Service Manager:
   Confirm password for Directory Service Manager:
   Creating DSCC registry...
   DSCC Registry has been created successfully

4. Create the WAR file for DSCC

 # ./dsccsetup war-file-create
    Created /app/SunoneInstaller/ODSEE_ZIP_Distribution/install-dir/dsee7/var/dscc7.war

5. Check port and the path assigned to DSCC registry.

# ./dsccsetup status
DSCC Agent is not registered in Cacao
DSCC Registry has been created
Path of DSCC registry is /app/SunoneInstaller/ODSEE_ZIP_Distribution/install-dir/dsee7/var/dcc/ads
Port of DSCC registry is 3998

6. To Pre-Configure the DSCC Agent

# ./dsccsetup cacao-reg
Configuring Cacao...
Cacao will listen on port 21162
Cacao has been successfully configured.
Registering DSCC Agent in Cacao...
Checking Cacao status...
Starting Cacao...
DSCC Agent will use locale en_US.UTF-8 and charset UTF-8
DSCC agent has been successfully registered in Cacao.

7. Deploy the DSCC WAR File
NOTE:  make sure that *.sh files are executeable, if not, the env vars aren't set at start up 

export CATALINA_HOME=/app/tomcat6_0_36/apache-tomcat-6.0.36
export CATALINA_BASE=/app/tomcat6_0_36/apache-tomcat-6.0.36
export JAVA_HOME=/app/jdk1.7.0_09

export CATALINA_OPTS="-Djava.awt.headless=true"

mkdir /app/tomcat6_0_36/apache-tomcat-6.0.36/webapps/dscc7
unzip -d /app/tomcat6_0_36/apache-tomcat-6.0.36/webapps/dscc7 /app/SunoneInstaller/ODSEE_ZIP_Distribution/install-dir/dsee7/var/dscc7.war


 Access admin portal using the URL -


8. Access http://<IP>:8080/dscc7  , which is a very well designed Admin Interface , and create Directory server instances as per your requirement.