Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 488 — #514
i
i
i
i
i
i
i
i
-x switches off the authentication with SASL in this case. -D declares the
user that calls the operation. The valid DN of the administrator is entered
here just like it has been configured in slapd.conf. In the current exam-
ple, this is cn=admin,dc=suse,dc=de. -W circumvents entering the pass-
word on the command line (in clear text) and activates a separate password
prompt. This password was previously determined in slapd.conf with
rootpw. -f passes the file name. See the details of running ldapadd in
Example 21.24.
Example 21.24: ldapadd with example.ldif
ldapadd -x -D cn=admin,dc=suse,dc=de -W -f example.ldif
Enter LDAP password:
adding new entry "dc=suse,dc=de"
adding new entry "ou=devel,dc=suse,dc=de"
adding new entry "ou=doc,dc=suse,dc=de"
adding new entry "ou=it,dc=suse,dc=de"
The user data of individuals can be prepared in separate LDIF files. Exam-
ple 21.25 adds Tux to the new LDAP directory.
Example 21.25: LDIF Data for Tux
# coworker Tux
dn: cn=Tux Linux,ou=devel,dc=suse,dc=de
objectClass: inetOrgPerson
cn: Tux Linux
givenName: Tux
sn: Linux
mail: tux@suse.de
uid: tux
telephoneNumber: +49 1234 567-8
An LDIF file can contain an arbitrary number of objects. It is possible to
pass entire directory branches to the server at once or only parts of it as
shown in the example of individual objects. If it is necessary to modify
some data relatively often, a fine subdivision of single objects is recom-
mended.
Modifying Data in the LDAP Directory
The tool ldapmodify is provided for modifying the data stock. The easiest
way to do this is to modify the corresponding LDIF file then pass this mod-
ified file to the LDAP server. To change the telephone number of colleague
Tux from +49 1234 567-8 to +49 1234 567-10, the LDIF file must be
edited like in Example 21.26 on the next page.
488
21.8. LDAP — A Directory Service