Used for adding, deleting, modifying and renaming entries. All operations are specified using LDIF statements.

The syntax for the ldapmodify command is as follows:

When adding new entries, make sure that a parent entry exists (a branch point) before adding entries in that branch.

The “changetype: add” statement is used in the LDIF format to indicate a new entry. The following statements illustrate the creation of a new user. Note that distinguished names usually contain the LDAP domain name, which is, for convenience, often the DNS domain name:

dn: cn=Mieke Michiels, ou=People, o=example.com
changetype: add
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Mieke Michiels
givenName: Mieke
sn: Michiels
ou: People
ou: Management
uid: mmichiel

The “changetype: modify” statement can be used to add, replace or remove attributes and/or attribute values to the entry. When using this statement, also specify the type of change operation. This change type can be either “add: attributename”, “replace: attributename” or “delete: attributename”. These update statements would add a telephone number to the above defined new user entry:

dn: cn=Mieke Michiels, ou=People, o=example.com
changetype: modify
add: telephonenumber
telephonenumber: 016 345 678

Adding, modifying and deleting user and group entries is discussed in detail in Chapter 2, More on users and groups.

The “changetype: delete” statement is used to remove an entry from the directory server. Only entries at the end of a branch can be deleted. The following LDIF update statements remove a user:

dn: cn=Mieke Michiels, ou=People, o=example.com
changetype: delete