slapadd

slapadd is a utility provided with OpenLDAP, used to populate an LDAP directory database from an LDIF (LDAP Data Interchange Format) file. Unlike ldapadd, which interacts with the LDAP server over the network, slapadd directly accesses the database files on the server, making it faster and more suitable for initial bulk loading of data.

Usage of slapadd

Basic Usage

To add entries to an LDAP directory database using slapadd, you typically provide an LDIF file containing the entries to be added. The basic command is:

slapadd -v -l new_entries.ldif

• -v: Run in verbose mode.

• -l new_entries.ldif: Specify the LDIF file containing the entries to add.

Common Options and Parameters

• -f slapd.conf: Specify the configuration file to use.

• -F slapd.d: Specify the configuration directory to use.

• -n database: Specify the database number (default is 1).

• -q: Enable quick mode (faster but might bypass certain integrity checks).

• -c: Continue on errors (skip entries that cause errors).

• -u: Dry run (check syntax without making changes).

• -s: Use a specific suffix (DN) as the base for the imported data.

Example Commands

1. Add Entries from LDIF File

   Add entries defined in an LDIF file to the default database:

   slapadd -v -l new_entries.ldif

2. Specify Configuration File

   Use a specific configuration file:

   slapadd -v -f /etc/openldap/slapd.conf -l new_entries.ldif

3. Specify Configuration Directory

   Use a specific configuration directory:

   slapadd -v -F /etc/openldap/slapd.d -l new_entries.ldif

4. Add Entries to a Specific Database

   Add entries to a specific database number:

   slapadd -v -n 2 -l new_entries.ldif

5. Quick Mode

   Enable quick mode for faster processing:

   slapadd -v -q -l new_entries.ldif

6. Continue on Errors

   Continue processing even if there are errors in the LDIF file:

   slapadd -v -c -l new_entries.ldif

7. Dry Run

   Check the syntax of the LDIF file without making any changes to the database:

   slapadd -v -u -l new_entries.ldif

8. Use a Specific Suffix

   Import data with a specific base DN:

   slapadd -v -s "dc=example,dc=com" -l new_entries.ldif

Example LDIF File

An LDIF file (new_entries.ldif) might look like this:

dn: uid=john,dc=example,dc=com
objectClass: inetOrgPerson
uid: john
sn: Doe
cn: John Doe
mail: john.doe@example.com
userPassword: secret

dn: uid=jane,dc=example,dc=com
objectClass: inetOrgPerson
uid: jane
sn: Smith
cn: Jane Smith
mail: jane.smith@example.com
userPassword: secret

This file defines two new entries to be added to the LDAP directory.

Security Considerations

1. File Permissions: Ensure that the LDIF file has appropriate permissions to prevent unauthorized access.

2. Backup: Always backup your LDAP database before running slapadd to avoid data loss in case of errors.

3. Run as Root: Ensure slapadd is run with appropriate permissions, typically as the root user, or with sudo.

4. Database Consistency: Be cautious with the -q option, as it may bypass some integrity checks.

Conclusion

The slapadd utility is essential for efficiently populating an LDAP directory database with bulk data. By understanding its options and secure usage practices, administrators can effectively manage the addition of large amounts of data while maintaining security and integrity. Properly configured, slapadd facilitates the rapid and reliable population of LDAP directory databases in various environments.