To add something to the LDAP directory, you need to first create a LDIF file.
The ldif file should contain definitions for all attributes that are required for the entries that you want to create.
With this ldif file, you can use ldapadd command to import the entries into the directory as explained in this tutorial.
If you are new to OpenLDAP, you should first install OpenLDAP on your system.
To add a new group to the LDAP groups OU, you need to create a LDIF with the group information as shown in the example ldif file below.
First, create an ldif file. In this example, I am adding the user adam to the dbagrp (group id: 678)
Here is a simple example to verify if the users exists in the LDAP database:
To delete an entry, you don’t need to create an ldif file. The following will delete user “adam” that we created earlier.
The ldif file should contain definitions for all attributes that are required for the entries that you want to create.
With this ldif file, you can use ldapadd command to import the entries into the directory as explained in this tutorial.
If you are new to OpenLDAP, you should first install OpenLDAP on your system.
Create a LDIF file for New User
The following is a sample LDIF file that will be used to create a new user.# cat adam.ldif dn: uid=adam,ou=users,dc=tgs,dc=com objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount cn: adam uid: adam uidNumber: 16859 gidNumber: 100 homeDirectory: /home/adam loginShell: /bin/bash gecos: adam userPassword: {crypt}x shadowLastChange: 0 shadowMax: 0 shadowWarning: 0
Add a LDAP User using ldapadd
Now, use ldapadd command and the above ldif file to create a new user called adam in our OpenLDAP directory as shown below:# ldapadd -x -W -D "cn=ramesh,dc=tgs,dc=com" -f adam.ldif Enter LDAP Password: adding new entry "uid=adam,ou=users,dc=tgs,dc=com"
Assign Password to LDAP User
To set the password for the LDAP user we just created above, use ldappasswd command as shown in the below example:# ldappasswd -s welcome123 -W -D "cn=ramesh,dc=tgs,dc=com" -x "uid=adam,ou=users,dc=tgs,dc=com" Enter LDAP Password:In the above command:
- -s specify the password for the username entry
- -x The username entry for which the password is changed
- -D specify your DN here. i.e Distinguished name to authenticate in the server
Create LDIF file for New Group
Similar to adding user, you’ll also need a ldif file to add a group.To add a new group to the LDAP groups OU, you need to create a LDIF with the group information as shown in the example ldif file below.
# cat group1.ldif dn: cn=dbagrp,ou=groups,dc=tgs,dc=com objectClass: top objectClass: posixGroup gidNumber: 678
Add a LDAP Group using ldapadd
Just like adding user, use ldapadd command to add the group from the group1.ldif file that we created above.# ldapadd -x -W -D "cn=ramesh,dc=tgs,dc=com" -f group1.ldif Enter LDAP Password: adding new entry "cn=dbagrp,ou=groups,dc=tgs,dc=com"
Create LDIF file for an existing Group
To add an existing user to a group, we should still create an ldif file.First, create an ldif file. In this example, I am adding the user adam to the dbagrp (group id: 678)
# cat file1.ldif dn: cn=dbagrp,ou=groups,dc=tgs,dc=com changetype: modify add: memberuid memberuid: adam
Add an User to an existing Group using ldapmodify
To add an user to an existing group, we’ll be using ldapmodify. This example will use the above LDIF file to add user adam to dbagrp.# ldapmodify -x -W -D "cn=ramesh,dc=tgs,dc=com" -f file1.ldif Enter LDAP Password: modifying entry "cn=dbagrp,ou=groups,dc=tgs,dc=com"
Verify LDAP Entries
Once you’ve added an user or group, you can use ldapsearch to verify it.Here is a simple example to verify if the users exists in the LDAP database:
# ldapsearch -x -W -D "cn=ramesh,dc=tgs,dc=com" -b "uid=adam,ou=users,dc=tgs,dc=com" "(objectclass=*)" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <uid=adam,ou=users,dc=tgs,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # adam, users, tgs.com dn: uid=adam,ou=users,dc=tgs,dc=com objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount cn: adam uid: adam uidNumber: 16859 gidNumber: 100 homeDirectory: /home/adam loginShell: /bin/bash gecos: adam shadowLastChange: 0 shadowMax: 0 shadowWarning: 0 userPassword:: e1NTSEF9b0lPd3AzYTBmT2xQcHBPNDcrK0VHRndEUjdMV2hSZ2U= # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
Delete an Entry from LDAP using ldapdelete
If you’ve made a mistake while adding an user or group, you can remove the entry using ldapdelete.To delete an entry, you don’t need to create an ldif file. The following will delete user “adam” that we created earlier.
# ldapdelete -W -D "cn=ramesh,dc=tgs,dc=com" "uid=adam,ou=users,dc=tgs,dc=com" Enter LDAP Password: