Red Hat Enterprise Linux 5 Administration Unleashed

272CHAPTER 12Identity Management=> bdb_tool_entry_put: id2entry_add failed: DB_KEYEXIST: Key/data pairalready exists (-30996)=> bdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair alreadyexists (-30996)slapadd: could not add entry dn=”dc=example,dc=com” (line=6): txn_aborted!DB_KEYEXIST: Key/data pair already exists (-30996)As you are adding entries, use the slapcat command to view all the entries in the directory.Because the output is in LDIF format, this utility can also be used to create a backupfile of the entries in the directory.The database files for the entries added are created in the /var/lib/ldap/ directory withread permissions only for the file owner. The OpenLDAP daemon runs as the ldap user forsecurity reasons, and the entry files must be readable by the ldap user. Because entries areadded as the root user, use the following command to change the owner of the databasefiles to ldap:chown ldap.ldap /var/lib/ldap/*After adding all the entries to create the directory, start the daemon again with theservice ldap start command run as root. If you fail to change the owner of the databasefiles, a message similar to the following appears when slapd is started again:/var/lib/ldap/__db.005 is not owned by “ldap”[WARNING]After the daemon is back up and running, the ldapsearch utility can be used to query thedatabase by specific parameters. Refer to the ldapsearch man page for a list of allcommand-line options. The openldap-clients package must be installed to use thiscommand. An example query:ldapsearch -b ‘dc=example,dc=com’ ‘(objectclass=*)’If encryption has not been enabled, the -x option must also be specified to use simpleauthentication instead:ldapsearch -x -b ‘dc=example,dc=com’ ‘(objectclass=*)’Modifying and Deleting LDAP EntriesTo modify or delete an entry, use the changetype attribute after the DN in the LDIF file. Itshould be set to one of add, modify, delete, or modrdn. The add type is only used whenadding a new entry. Note that it can’t be used to add new attributes to entries. Use themodify type for adding new attributes and their values, changing the value of anattribute, and deleting existing attributes for a specific entry. The delete type is used todelete an entire entry. The modrdn type is used to change the DN of an entry. Listing 12.7shows some examples. Notice that a blank line separates the entries for each change.