ldapadd/ldapmodify: clarifications needed about these commands

Question

The ldapmodify man page states that:

The default for ldapmodify is to modify existing entries

Yet when I try to import an LDIF file with ldapmodify I get the below error:

ldapmodify: modify operation type is missing at line X

Q1: Why, which arguments should I add to my ldapmodify command?

If I import an LDIF file using ldapadd and the entry already exists I get the below error:

ldap_add: Already exists (68)

This can be ignored using the -c switch (for continue), however ldap_add won't update existing entries. Instead, in order to update existing entries one should use ldapmodify, however ldapmodify won't add missing entries.

Q2: Is there a way to import an LDIF files by creating missing entries AND updating existing ones at the same time?

score 14 · Accepted Answer · edited Jul 06 '16 at 22:55

The ldif for ldapmodify has a different syntax than a regular ldif. For example: if you want to add the 'foo' entry with value 'bar' you should write your ldif like this:

dn: cn=ToModify,dc=example,dc=com
changetype: Modify
add: foo
foo: bar

replace: mail
mail: new@email.com

delete: unneededEntry

This ldif will add the attribute foo with value bar, update the mail attribute to new@email.com and delete the unneededEntry. then invoke the ldapmodify command.

ldapmodify -f update.ldif

(if needed with other options like simple auth for example)

score 2 · Answer 2 · answered Sep 23 '15 at 10:36

2

Try the -a switch

Add or modify options:
  -a         add values (default is to replace)

answered Sep 23 '15 at 10:36

tok

153

score 1 · Answer 3 · answered Jul 14 '11 at 12:54

1

Goez answer seems fine.

However if you are unfamiliar with ldif it can make sense to use

ldapvi

instead. You can edit already existing entries or add new ones.

apt-get install ldapvi

answered Jul 14 '11 at 12:54

cstamas

6,917

ldapadd/ldapmodify: clarifications needed about these commands

3 Answers3