\n The LDAP add operation may be used to create a new entry in the directory. Each add operation consists of one request message and one response message.\n<\/p>\n
<\/a><\/p>\n \n RFC 4511<\/a> section 4.7 defines the add request protocol operation as:\n<\/p>\n \n And its dependencies are also defined elsewhere in RFC 4511<\/a> as follows:\n<\/p>\n \n This is a lot of dependencies, but basically it means that the add request protocol op is a sequence with BER type 0x68<\/tt> that consists of two elements: one for the entry\u2019s distinguished name and another for the set of attributes.\n<\/p>\n \n The entry\u2019s DN is encoded as a simple octet string containing the string representation as described in RFC 4514<\/a>. And the set of attributes is encoded as a sequence, in which each element represents a different attribute. Each of those attributes is itself a sequence of two elements: an octet string with the attribute description (the attribute type name or OID, plus zero or more attribute options, each of which is preceded by a semicolon), and a set of octet strings in which each octet string represents a value for the attribute.\n<\/p>\n \n For example, let\u2019s say that we want to create an add request for the following entry:\n<\/p>\n \n The DN would be encoded as a simple octet string, so its encoded representation is:\n<\/p>\n \n And the sequence of attributes would be encoded as:\n<\/p>\n \n So a complete add request message for the above entry with message ID two and no controls would look like:\n<\/p>\n <\/a><\/p>\n \n When the server completes processing for an add operation, it will send a single response message. The add response protocol operation is defined in RFC 4511<\/a> section 4.7 as follows:\n<\/p>\n \n We\u2019ve already discussed the LDAPResult<\/tt> element in depth in an earlier section<\/a>, so the only operation-specific thing we need to know is the BER type, and for an add response, it\u2019s 0x69<\/tt> (application class, constructed, tag number nine). So the complete LDAP message for an add response with a result code of success, empty matched DN, empty diagnostic message, no referral URLs, and no controls is:\n<\/p>\nThe Add Request<\/h3>\n
AddRequest ::= [APPLICATION 8] SEQUENCE {\n entry LDAPDN,\n attributes AttributeList }\n\nAttributeList ::= SEQUENCE OF attribute Attribute<\/pre>\nLDAPDN ::= LDAPString\n -- Constrained to <distinguishedName> [RFC4514]\n\nLDAPString ::= OCTET STRING -- UTF-8 encoded,\n -- [ISO10646] characters\n\nAttribute ::= PartialAttribute(WITH COMPONENTS {\n ...,\n vals (SIZE(1..MAX))})\n\nPartialAttribute ::= SEQUENCE {\n type AttributeDescription,\n vals SET OF value AttributeValue }\n\nAttributeDescription ::= LDAPString\n -- Constrained to <attributedescription>\n -- [RFC4512]\n\nAttributeValue ::= OCTET STRING<\/pre>\ndn: dc=example,dc=com\nobjectClass: top\nobjectClass: domain\ndc: example<\/pre>\n
04 11 64 63 3d 65 78 61 6d 70\n 6c 65 2c 64 63 3d 63 6f\n 6d<\/pre>\n
30 2f -- Begin the sequence of attributes\n 30 1c -- Begin the sequence for the objectClass attribute\n 04 0b 6f 62 6a 65 63 74 43 6c -- The attribute description\n 61 73 73 -- (octet string \"objectClass\")\n 31 0d -- Begin the set of objectClass values\n 04 03 74 6f 70 -- The first value (octet string \"top\")\n 04 06 64 6f 6d 61 69 6e -- The second value (octet string \"domain\")\n 30 0f -- Begin the sequence for the dc attribute\n 04 02 64 63 -- The attribute description (octet string \"dc\")\n 31 09 -- Begin the set of dc values\n 04 07 65 78 61 6d 70 6c 65 -- The first value (octet string \"example\")<\/pre>\n
30 49 -- Begin the LDAPMessage sequence\n 02 01 02 -- The message ID (integer value 2)\n 68 44 -- Begin the add request protocol op\n 04 11 64 63 3d 65 78 61 6d 70 -- The DN of the entry to add\n 6c 65 2c 64 63 3d 63 6f -- (octet string \"dc=example,dc=com\")\n 6d\n 30 2f -- Begin the sequence of attributes\n 30 1c -- Begin the first attribute sequence\n 04 0b 6f 62 6a 65 63 74 43 6c -- The attribute description\n 61 73 73 -- (octet string \"objectClass\")\n 31 0d -- Begin the set of values\n 04 03 74 6f 70 -- The first value (octet string \"top\")\n 04 06 64 6f 6d 61 69 6e -- The second value (octet string \"domain\")\n 30 0f -- Begin the second attribute sequence\n 04 02 64 63 -- The attribute description (octet string \"dc\")\n 31 09 -- Begin the set of values\n 04 07 65 78 61 6d 70 6c 65 -- The value (octet string \"example\")<\/pre>\n
The Add Response<\/h3>\n
AddResponse ::= [APPLICATION 9] LDAPResult<\/pre>\n
30 0c -- Begin the LDAPMessage sequence\n 02 01 02 -- The message ID (integer value 2)\n 69 07 -- Begin the add response protocol op\n 0a 01 00 -- success result code (enumerated value 0)\n 04 00 -- No matched DN (0-byte octet string)\n 04 00 -- No diagnostic message (0-byte octet string)<\/pre>\n<\/p>\n