Adding records – RSA Security 6.1 User Manual

RSA RADIUS Server 6.1 Administrator’s Guide

Using the LDAP Configuration Interface

93

The following syntax is valid if the same keyword applies throughout the
transaction:

dn: distinguished-name-of-entry
changetype: keyword
subkeyword: attribute
attribute: value
subkeyword: attribute
attribute: value
subkeyword: attribute
attribute: value
.
.
.

subkeyword: attribute

entries are optional and indicate that you want to

apply the change to a specific attribute within the entry. If there are no

subkeyword: attribute

entries in the transaction, the change applies to the

entire entry. For example, it is faster to delete an entire entry:

dn: radiusname=TINYCO.COM,radiusclass=client,o=radius
changetype: delete

but if you want to delete only a few attributes from the entry, you may do so:

dn: radiusname=TINYCO.COM,radiusclass=client,o=radius
changetype: delete
delete: acct-shared-secret

If the

subkeyword

is

add

or

replace

, an

attribute: value

entry must

appear immediately following the

subkeyword: attribute

entry. If the

subkeyword is

delete

, the

attribute: value

entry does not apply and

should be omitted.

Adding Records

You can populate an LDAP database by creating an LDIF file that imports entries
from one LDAP database into another. You can search the first database for the
entries you want, then add them to the second database. You can even use the
search operation to filter out attributes from the first database that you do not
want in the second database. You can search the first database using

ldapsearch

. This creates an LDIF file which you can then input to

ldapmodify

.

To import entries from one LDAP database into another, run the

ldapsearch

command on the first database. Request only the attributes you want for the new
database. When

ldapsearch

completes processing, edit the output LDIF file.

After each line that begins with

dn:

, add a single line containing the text