These classnotes are depreciated. As of 2005, I no longer teach the classes. Notes will remain online for legacy purposes

LDAP01/Brute Force Directory Commands

Classnotes | LDAP01 | RecentChanges | Preferences

OpenLDAP comes with a variety of commands for accessing the directory. The first we shall look at are the "brute force" commands for doing things to and with the directory.

slapadd

Slapadd is used to add entries specified in LDAP Directory Interchange Format (LDIF) to a slapd(8) database. It opens the given database determined by the database number or suffix and adds entries corresponding to the provided LDIF to the database. The LDIF input is read from standard input or the specified file.

As slapadd is designed to accept LDIF in database order, as produced by slapcat(8), it does not verify that superior entries exist before adding an entry, does not perform all user and system schema checks, and does not maintain operational attributes (such as createTimeStamp? and modifiersName).

Slapadd is brute force because it does not check for superior entries and it will overwrite any differing entries without prompting. It can also severely break an LDAP directory if operated on while it is running. Thus, you should probably turn off slapd before running slapadd.

Slappadd accepts the following options:

-v
enable verbose mode.
-c
enable continue (ignore errors) mode.
-u
enable dry-run (don't write to backend) mode.
-d level
enable debugging messages as defined by the specified level.
-b suffix
Use the specified suffix to determine which database to add entries to. The -b cannot be used in conjunction with the -n option.
-n dbnum
Add entries to the dbnum-th database listed in the configuration file. The -n cannot be used in conjunction with the -b option.
-f slapd.conf
specify an alternative slapd.conf(5) file.
-l ldif-file
Read LDIF from the specified file instead of standard input.

Thus, if I had an LDIF file called "corpdir.ldif", I could use slapadd in either of the following ways:

 # slapadd -l corpdir.ldif
  or
 # cat corpdir.ldif | slapadd

slapcat

Once a directory has been populated, you can dump the directories content in LDIF format using the slapcat command. The resulting LDIF is suitable for slapadd, but not for ldapadd as the entries are in database order and not-necessarily LDAP order.

slapcat accepts the same parameters as slapadd above. So, if I wanted to dump the directory into an LDIF file called "back.ldif" I could issue either

 # slapcat > back.ldif
  or
 # slapcat -l back.ldif


Classnotes | LDAP01 | RecentChanges | Preferences
This page is read-only | View other revisions
Last edited September 22, 2003 9:36 pm (diff)
Search:
(C) Copyright 2003 Samuel Hart
Creative Commons License
This work is licensed under a Creative Commons License.