LDIF Examples : Add modify and Delete users (inetorgperson)

LDIF : Light weight Data Interchange format.

Please go through https://www.ietf.org/rfc/rfc2849.txt for reference

 

Case:  Add an entry to any LDAP Server. (Ex: InetOrgPerson)

Steps: Read the objectclass definition for the entry .

Must attributes for InetOrgPerson: CN (Common Name) and SN  (Surname)

Naming Attribute: UID / CN i.e. RDN (Relative Distinguished Name) can be CN or, UID.

Optional Attributes: Many ( Additionally all the attributes deifined in objectclasses which are used to derive InetOrgperson is available too)

 

Ex:  Adding a sample user “bob” under organization “troubleshoot:


dn: cn=bob,o=troubleshoot
changetype: add
objectclass: inetOrgPerson
cn: bob
sn: test
userpassword: sdh^@hg(^3
title: Test User
TelephoneNumber: 555 555 6666
mail: bob@troubleshoot.com

Ex: Adding additional attributes “UID” and country to entry “bob”


dn: cn=bob,o=troubleshoot
changetype: modify
add: uid
uid: bob-uid
-
add: c
c:UD

Ex: Adding one more value for mail


dn: cn=bob,o=troubleshoot
changetype: modify
add: mail
mail: newmailid@troubleshoot.com

Ex: Replacing all previous values of mail with a new one.


dn: cn=bob,o=troubleshoot
changetype: modify
replace: mail
mail: finalmail@troubleshoot.com

Ex: Delete title


dn: cn=bob,o=troubleshoot
changetype: modify
delete: title

Ex: Delete entry bob


dn: cn=bob,o=troubleshoot
changetype: delete

Let me know through comment if you need example for any of below or, you have any other question….. I’ll update the post with response asap…

Ex: Change RDN

Ex: Alias

Ex: Add to a group

Ex:

Advertisements

Open LDAP – Installation and configuration

Software Download

Download OpenLDAP Source code from 

http://www.openldap.org/software/download/OpenLDAP/openldap-release/

 

Pre Work :

Set below environmental variable. The path may change based on your local system install location of berkleyDB

———————

CPPFLAGS=”-I/usr/local/berkeleyDB/include”

export CPPFLAGS

LDFLAGS=”-L/usr/local/lib -L/usr/local/berkeleyDB/lib -R/usr/loca/berkeleyDB/lib”

export LDFLAGS

LD_LIBRARY_PATH=”/usr/local/berkeleyDB/lib”

export LD_LIBRARY_PATH

———————

 

Building OpenLDAP Source code: 

Go to folder where you have extracted openLDAP

Run below commands: (if you want/need to support TLS , run with flag –with-tls )

# ./configure 

# make depend

# make

# make test (if this fails, please logout and re-login and run this command)

 

Configuring openLDAP :

 

Go to /usr/local/etc/openldap 

Update slapd.conf under title :  BDB database definitions

suffix          “dc=ACME,dc=com”

rootdn          “cn=Manager,dc=idcqa,dc=com”

rootpw          password

Note: Replace “dc=amce,dc=com” with your required DN.

You can set password as hashed value. for that use slappasswd to generate the hash.  

 

Starting the Server

Start LDAP Server using below command

/usr/local/libexec/slapd -d127 -h “ldap://:389/ ldaps://:636/”  &

This will start server in debug mode and it will listen cleartext on 389 and TLS on 636

Sample LDIFs 

Use Below LDIF to add your first entry (save it as root.ldif)

dn: dc=ACME,dc=com

dc: ACME

description: ACME  Corp.

objectClass: dcObject

objectClass: organization

o: Acme

 

Command to add the entry to OpenLDAP: 

ldapadd -a -h localhost -p 389 -D “cn=Manager,dc=idcqa,dc=com” -w password  -f root.ldif -x

# ldapadd command will get installed along with openLDAP installation

 

Create Group:

create a ldif file with following contents to add a group under dc=Acme,dc=com

dn: cn=group1,dc=acme,dc=com

objectClass: groupOfNames

cn: group1

member:

Command:   ldapadd  -h localhost -p 389 -D “cn=Manager,dc=idcqa,dc=com” -w password  -f group.ldif -x

 

Creating User 

create a ldif file with following contents:

dn: cn=u1,dc=acme,dc=com

changetype: add

objectClass: inetOrgPerson

objectClass: organizationalPerson

objectClass: person

objectClass: top

sn: u1

cn: u1

mail: u1@acme.com

userPassword: password

Continue reading