Apropos of ldap, the following message states that it is not recommended to write something the directory directly though ldap. http://www.redhat.com/archives/freeipa-users/2014-September/msg00228.html