7

The ldapmodify man page states that:

The default for ldapmodify is to modify existing entries

Yet when I try to import an LDIF file with ldapmodify I get the below error:

ldapmodify: modify operation type is missing at line X

Q1: Why, which arguments should I add to my ldapmodify command?

If I import an LDIF file using ldapadd and the entry already exists I get the below error:

ldap_add: Already exists (68)

This can be ignored using the -c switch (for continue), however ldap_add won't update existing entries. Instead, in order to update existing entries one should use ldapmodify, however ldapmodify won't add missing entries.

Q2: Is there a way to import an LDIF files by creating missing entries AND updating existing ones at the same time?

Dave Wood
  • 103
  • 4
Max
  • 3,373
  • 15
  • 51
  • 71

3 Answers3

13

The ldif for ldapmodify has a different syntax than a regular ldif. For example: if you want to add the 'foo' entry with value 'bar' you should write your ldif like this: 

dn: cn=ToModify,dc=example,dc=com
changetype: Modify
add: foo
foo: bar

replace: mail
mail: new@email.com

delete: unneededEntry

This ldif will add the attribute foo with value bar, update the mail attribute to new@email.com and delete the unneededEntry. then invoke the ldapmodify command. 

ldapmodify -f update.ldif

(if needed with other options like simple auth for example)

Dennis Williamson
  • 60,515
  • 14
  • 113
  • 148
Goez
  • 1,788
  • 1
  • 10
  • 15
  • Thanks. Are you able to comment on Q2 at all? – Max Jul 14 '11 at 12:39
  • As far as I know this is not possible, therefore u have the 2 tools... ldapmodify for existing entries, ldapadd to add new ones. – Goez Jul 14 '11 at 13:21
  • That's also the impression that I was getting. Since I don't have to preserve the existing LDAP content before doing the import, I'm going to purge LDAP with `ldapdelete` then import the LDIF with `slapadd`. – Max Jul 14 '11 at 13:27
2

Try the -a switch

Add or modify options:
  -a         add values (default is to replace)
tok
  • 153
  • 4
1

Goez answer seems fine.

However if you are unfamiliar with ldif it can make sense to use

ldapvi

instead. You can edit already existing entries or add new ones.

apt-get install ldapvi
cstamas
  • 6,607
  • 24
  • 42
  • 1
    Thanks but it doesn't scale up. For individual entry editing I'd much rather use something like this http://directory.apache.org/studio/. – Max Jul 14 '11 at 12:58