ldapadd
ldapadd
is a command-line utility used to add entries to an LDAP directory. It reads the data to be added from a file or from standard input and communicates with an LDAP server to perform the additions.
Usage of ldapadd
Basic Usage
To add entries to an LDAP directory, you typically provide an LDIF (LDAP Data Interchange Format) file containing the entries to be added. The basic command is:
ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f new_entries.ldif
-x
: Use simple authentication.-D "cn=admin,dc=example,dc=com"
: Specify the bind DN for authentication.-W
: Prompt for the bind DN password.-f new_entries.ldif
: Specify the LDIF file containing the entries to add.
Common Options and Parameters
-H ldap://ldap.example.com
: Specify the LDAP server URL.-D "binddn"
: Use the specified bind DN to bind to the directory.-w password
: Use the specified bind DN password (insecure, use only in scripts).-f filename
: Read the entries to be added from the specified file.-ZZ
: Require a secure TLS connection.-c
: Continue on errors (skip entries that cause errors).
Example LDIF File
An LDIF file (new_entries.ldif
) might look like this:
dn: uid=john,dc=example,dc=com
objectClass: inetOrgPerson
uid: john
sn: Doe
cn: John Doe
mail: john.doe@example.com
userPassword: secret
dn: uid=jane,dc=example,dc=com
objectClass: inetOrgPerson
uid: jane
sn: Smith
cn: Jane Smith
mail: jane.smith@example.com
userPassword: secret
This file defines two new entries to be added to the LDAP directory.
Example Commands
Add Entries from LDIF File
Add entries defined in an LDIF file:
ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f new_entries.ldif
This command will prompt for the bind DN password and then add the entries from the file.
Add Entries from Standard Input
You can also provide the LDIF data directly via standard input:
ldapadd -x -D "cn=admin,dc=example,dc=com" -W <<EOF dn: uid=jane,dc=example,dc=com objectClass: inetOrgPerson uid: jane sn: Smith cn: Jane Smith mail: jane.smith@example.com userPassword: secret EOF
Using a Secure Connection
Add entries using a secure connection:
ldapadd -x -ZZ -H ldap://ldap.example.com -D "cn=admin,dc=example,dc=com" -W -f new_entries.ldif
Continue on Errors
Add entries and continue on errors:
ldapadd -x -c -D "cn=admin,dc=example,dc=com" -W -f new_entries.ldif
This command will skip any entries that cause errors and continue with the rest.
Security Considerations
Avoid Hardcoding Passwords: Do not hardcode passwords in scripts or command lines. Use prompts or secure methods to pass passwords.
Use Secure Connections: Always use secure connections (
-ZZ
for StartTLS) to protect data during transmission.Proper LDIF File Permissions: Ensure that the LDIF file has appropriate permissions to prevent unauthorized access.
Limit Privileges: Use the least privilege principle. Bind with an account that has only the necessary permissions to add entries.
Conclusion
The ldapadd
utility is essential for adding entries to an LDAP directory. By understanding its options and secure usage practices, administrators can effectively manage and expand LDAP directories while maintaining security and integrity. Properly configured, ldapadd
facilitates the efficient addition of user and resource entries in LDAP environments.
Last updated