How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I append data to an existing user store in DS (All versions)?

Last updated Jan 12, 2023

The purpose of this article is to provide assistance in adding bulk user data to an existing user data store in DS.

2 readers recommend this article


If you want to add bulk data, there are a few approaches you can take depending on DS version:

  • DS 6.5 introduced support for the experimental LDAP Relax Rules Control, which allows you to temporarily relax specific LDAP rules and allow modifications that are not normally permitted. It is important to restrict which clients or users can access this control to prevent misuse; typically you would only allow directory administrators. See Supported Standards (The LDAP Relax Rules Control (Internet-Draft)) and ACI by Operation (Use Control or Extended Operation section) for further details.
  • Use ldapmodify (which appends entries to an existing user store) as described in the Using ldapmodify to append data section. This process includes the --numConnections option, which performs multiple add operations in parallel.

Using ldapmodify to append data

You can use ldapmodify to append data as follows:

  1. Create a ldif file containing the data you want to append (called entries.ldif in this example).
  2. Apply the changes using the following ldapmodify command depending on your version:
    • DS 7.1 and later: $ ./ldapmodify --hostname --port 1636 --useSsl --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePassword:file /path/to/ds/config/ --bindDN uid=admin --bindPassword password --control RelaxRules:true --numConnections 4 /path/to/entries.ldif
    • DS 7: $ ./ldapmodify --hostname --port 1636 --useSsl --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePasswordFile /path/to/ds/config/ --bindDN uid=admin --bindPassword password --control RelaxRules:true --numConnections 4 /path/to/entries.ldif
    • DS 6.5.x: $ ./ldapmodify --hostname --port 1389 --bindDN "cn=Directory Manager" --bindPassword password --control RelaxRules:true --numConnections 4 /path/to/entries.ldif
    • DS 6: $ ./ldapmodify --hostname --port 1389 --bindDN "cn=Directory Manager" --bindPassword password --numConnections 4 /path/to/entries.ldif

See Modify Entries and Bulk Adds for further information.


The ldapmodify operation will fail if any of your ldif entries match existing entries; you can use the --continueOnError option to continue even if an error is encountered.

See Also

Installing and Administering DS

Import and Export

ForgeRock DS and the LDAP Relax Rules Control

Related Training


Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.