Modern directory servers like OpenDJ can handle a high load of write requests, replicating changes quickly both on the LAN and over the WAN.

The four basic CRUD operations — create, read, update, and delete — correspond to the LDAP operations add, search, modify (or modify DN), and delete.The LDAP bind operation can potentially result in an update. Some directory servers can be configured to write time stamps in order to track successful or failed binds for password policy reasons. Adds An add request is used to create a new entry in an LDAP directory. The entry must have a unique distinguished name that belongs under a base DN served by the directory. The entry must have a list of attributes that are valid according to the directory schema. Search requests are described in the chapter on Searching & Comparing Directory Data. Modifications A modify request is used to add, delete, or replace attribute values on an entry in an LDAP directory. The resulting entry must be valid according to the directory schema. Renames A modify DN request is used to rename or move a directory entry. In both cases the distinguished name changes. Renaming involves changing the relative distinguished name, for example from cn=Bob,ou=People,dc=example,dc=com to cn=Ted,ou=People,dc=example,dc=com. Moving involves changing the container where the entry is found, for example from cn=Barbara Jensen,ou=People,dc=Old Company,dc=com to cn=Barbara Jensen,ou=People,dc=New Company,dc=com. Although they are both considered modify DN operations, renaming a leaf entry is generally much simpler than moving a container entry that has child entries. Not all modify DN operations mobilize equivalent resources on the directory server. Deletes A delete request is used to remove an entry from an LDAP directory. Directory servers can restrict deletes to leaf entries, so that you cannot remove an entry that has other child entries. For example, you have to delete uid=bjensen,ou=People,dc=example,dc=com and other peer entries before you delete ou=People,dc=example,dc=com unless you send a subtree delete request control. Authorizations As a rule, your client application must be authorized to create, update, and delete directory data. Therefore to prepare to change directory data, you first get a connection, and then bind on that connection as a user who is authorized to make the changes you plan to request.

Adds The Connection.add() methods let you provide the entry to add as an AddRequest, an Entry, or as LDIF. If the changes to make are already expressed in LDIF, then you can also use ChangeRecordReaders, ChangeRecords, and ChangeRecordWriters to handle the changes. The following excerpt demonstrates how to add a simple user entry under ou=People,dc=example,dc=com. // An entry to add to the directory DN entryDN = DN.valueOf("cn=Bob,ou=People,dc=example,dc=com"); Entry entry = new LinkedHashMapEntry(entryDN.toString()) .addAttribute("cn", "Bob") .addAttribute("objectclass", "top") .addAttribute("objectclass", "person") .addAttribute("objectclass", "organizationalPerson") .addAttribute("objectclass", "inetOrgPerson") .addAttribute("mail", "subgenius@example.com") .addAttribute("sn", "Dobbs"); final LDAPConnectionFactory factory = new LDAPConnectionFactory(host, port); Connection connection = null; try { connection = factory.getConnection(); // Bind as a user who has the right to add entries. connection.bind(adminDN, adminPwd); connection.add(entry); } catch (final ErrorResultException e) { System.err.println(e.getMessage()); System.exit(e.getResult().getResultCode().intValue()); return; } finally { if (connection != null) { connection.close(); } }

Modifications The Connection.modify() methods let you add, replace, and delete attributes values on an entry. Either the modifications are expressed in LDIF, or you build a ModifyRequest to express the changes. The following excerpt demonstrates how to replace one attribute value and to add another. final LDAPConnectionFactory factory = new LDAPConnectionFactory(host, port); Connection connection = null; try { connection = factory.getConnection(); // Bind as a user who has the right to modify entries. connection.bind(adminDN, adminPwd); // Here, entry is a user entry with DN cn=Bob,ou=People,dc=example,dc=com. Entry old = TreeMapEntry.deepCopyOfEntry(entry); entry = entry.replaceAttribute("mail", "spammer@example.com") .addAttribute("description", "I see the fnords."); ModifyRequest request = Entries.diffEntries(old, entry); connection.modify(request); } catch (final ErrorResultException e) { System.err.println(e.getMessage()); System.exit(e.getResult().getResultCode().intValue()); return; } finally { if (connection != null) { connection.close(); } }

Renames The Connection.modifyDN() methods serve to rename entries and to move them around. The following excerpt demonstrates how to rename an entry. final LDAPConnectionFactory factory = new LDAPConnectionFactory(host, port); Connection connection = null; try { connection = factory.getConnection(); // Bind as a user who has the right to rename entries. connection.bind(adminDN, adminPwd); // Here, entryDN contains cn=Bob,ou=People,dc=example,dc=com. // The second argument is the new relative distinguished name. connection.modifyDN(entryDN.toString(), "cn=Ted"); } catch (final ErrorResultException e) { System.err.println(e.getMessage()); System.exit(e.getResult().getResultCode().intValue()); return; } finally { if (connection != null) { connection.close(); } } If you must move rather than rename entries, have a look at the methods for ModifyDNRequest. You can get a new request by using Requests static methods.

Deletes The following excerpt demonstrates how to delete an entry with DN cn=Ted,ou=People,dc=example,dc=com. final LDAPConnectionFactory factory = new LDAPConnectionFactory(host, port); Connection connection = null; try { connection = factory.getConnection(); // Bind as a user who has the right to delete entries. connection.bind(adminDN, adminPwd); connection.delete("cn=Ted,ou=People,dc=example,dc=com"); } catch (final ErrorResultException e) { System.err.println(e.getMessage()); System.exit(e.getResult().getResultCode().intValue()); return; } finally { if (connection != null) { connection.close(); } } If you must delete an entire branch of entries instead of a single leaf entry, build a DeleteRequest that includes the SubtreeDeleteRequestControl.