Understanding LDAP (part 2) - A Little Black Book Is Born (
Page 5 of 9 )
Once you've got the server up and running, the next step is to populate the
database with a few entries. There are two ways to do this: add entries one at a
time using the "ldapadd" command, or add them all at once via an LDIF file
(basically, a single text file containing a series of entries in a defined
format). I'll show you both techniques here. Let's try the second method first -
create an ASCII text file named "entries.ldif" and place the following data in
it:
dn: dc=melonfire, dc=com
objectclass: dcObject
objectclass: organization
o: Melonfire
dc: melonfire.com
dn: mail=root@melonfire-mail.com, dc=melonfire, dc=com
objectclass: inetOrgPerson
cn: Keith
sn: Richards
mail: root@melonfire-mail.com
dn: mail=joe@melonfire-mail.com, dc=melonfire, dc=com
objectclass: inetOrgPerson
cn: Joe
sn: Somebody
mail: joe@melonfire-mail.com
dn: mail=sarah@melonfire-mail.com, dc=melonfire, dc=com
objectclass: inetOrgPerson
cn: Sarah
sn: Nobody
mail: sarah@melonfire-mail.com
telephoneNumber: 23 67 128 5639
Most of this should be familiar to you from
the first part of this article - each entry has a DN which uniquely identifies
it, an object identifier that indicates which class It belongs to (and therefore
which rules it must adhere to), and a series of attribute-value pairs that make
up the data for the entry. Note that the first two entries are essential - these
are the entries for the root of the tree and for the database administrator,
respectively. It should be noted at this point that the rules for selecting a
base DN for the DIT are fairly arbitrary - if your LDAP directory serves a
particular domain, you can use an instance of the "dcObject" class for your base
DN,
dn: dc=melonfire, dc=com
objectclass: dcObject
dc: melonfire.com
whereas if your LDAP directory serves an entire
organization, you could use the "organization" class in your base DN.
dn: o=Melonfire, c=IN
objectclass: organization
o: Melonfire
You can add more entries for other users in the organization
to the end of the file (as I said, only the first two are essential) and, when
you're done, you can import them all into the database using the following
command:
[root@olympus] $ /usr/local/openldap/bin/ldapadd -x -D
"cn=root,dc=melonfire,dc=com" -W -f entries.ldif -c
When you're
prompted for a password, enter the password value supplied for the "rootpw"
configuration directive in "slapd.conf" ("secret", in the example above). This
is necessary because adding, removing and editing entries are tasks that can
only be performed by the directory administrator. You should see something like
this:
adding new entry "dc=melonfire, dc=com"
adding new entry "mail=root@melonfire-mail.com, dc=melonfire, dc=com"
adding new entry "mail=joe@melonfire-mail.com, dc=melonfire, dc=com"
adding new entry mail=sarah@melonfire-mail.com, dc=melonfire, dc=com
In
other words, the LDAP server has accepted and saved your entries to the
database. You can also add entries one at a time by using the "ldapadd" command
in interactive mode:
[root@olympus] $ /usr/local/openldap/bin/ldapadd -x -D
"cn=root,dc=melonfire,dc=com" -W Enter LDAP Password: ****
dn: mail=sarah@melonfire-mail.com, dc=melonfire, dc=com
objectclass: inetOrgPerson
cn: Sarah
sn: Nobody
mail: sarah@melonfire-mail.com
telephoneNumber: 23 67 128 5639
adding new entry "mail=saraha@melonfire-mail.com, dc=melonfire, dc=com"
