LDAP Directory Interchange Format

The LDAP Directory Interchange Format (LDIF) provides you with a simple way to transfer directory information between LDAP directory servers. LDIF files hold LDAP directory entries in a simple text format. The format of LDIF files the directory server uses has changed slightly beginning with V4R5 of AS/400 Directory Services. LDIF files consist of a sequence of lines that describe a directory entry or a set of changes to a directory entry. They cannot describe both.

The general format of an LDIF entry is:

version: 1
dn: distinguished name
attrtype1: attrvalue1
...

where:

version shows the version of the LDIF file format. The version number must be "1". If the version number is absent, LDIF file is considered to be in an older LDIF file format. When the LDIF file is version 1, the content MUST be UTF-8 encoded.
distinguished name is the distinguished name of the directory entry
attrtype1 is an LDAP attribute type (such as cn or ou)
attrvalue1 is value of the attribute

Each entry can have several attributes. Each attribute appears on a separate line. If an attribute value is longer than a single line, it may be continued on the next line, and is preceded by a space or tab character.

Blank lines separate multiple entries within the same LDIF file. Any line that begins with a pound-sign ("#") is a comment line, and must be ignored when parsing an LDIF file.

Any distinguished name or attribute value that meets one of the following conditions should be base-64 encoded:

It contains carriage returns or line feeds.
It starts with a colon (":"), SPACE, or less-than ("<").
It ends with space.

Base-64 encoded attributes are designated by using two colons between the attribute name and the value.

External references are in the file:// URL format. There should be colon and less than (":<") between the attribute type and the external reference value.

Here are some examples of LDIF files:

Example 1: A simple LDAP file with two entries

version: 1
   dn: cn=Barbara Jensen, ou=Rochester, o=Big Company, c=US
   objectclass: top
   objectclass: person
   objectclass: organizationalPerson
   cn: Barbara Jensen
   cn: Barbara J Jensen
   cn: Babs Jensen
   sn: Jensen
   uid: bjensen
   telephonenumber: +1 408 555 1212
   description: A big sailing fan.
 
   dn: cn=Bjorn Jensen, ou=Rochester, o=Big Company, c=US
   objectclass: top
   objectclass: person
   objectclass: organizationalPerson
   cn: Bjorn Jensen
   sn: Jensen
   telephonenumber: +1 408 555 1212
   description:Babs is a big sailing fan, and travels extensively in sea
    rch of perfect sailing conditions.
   title:Product Manager, Rod and Reel Division

Example 2: A file containing a base-64-encoded value

version: 1
   dn: cn=Gern Jensen, ou=Rochester, o=Big Company, c=US
   objectclass: top
   objectclass: person
   objectclass: organizationalPerson
   cn: Gern Jensen
   cn: Gern O Jensen
   sn: Jensen
   uid: gernj
   telephonenumber: +1 408 555 1212
   description:: V2hhdCBhIGNhcmVmdWwgcmVhZGVyIHlvdSBhcmUhICBUaGlzIHZhbHVlIGlzIGJ
    hc2UtNjQtZW5jb2RlZCBiZWNhdXNlIGl0IGhhcyBhIGNvbnRyb2wgY2hhcmFjdGVyIGluIGl0ICh
    hIENSKS4NICBCeSB0aGUgd2F5LCB5b3Ugc2hvdWxkIHJlYWxseSBnZXQgb3V0IG1vcmUu

Example 3: A file containing a series of change records and comments

Note:

LDIF files with change records cannot be imported into the server directly. However, they are supported by the LDAP shell utilities.

version: 1
   # Add a new entry
   dn: cn=Fiona Jensen, ou=Rochester, o=Big Company, c=US
   changetype: add
   objectclass: top
   objectclass: person
   objectclass: organizationalPerson
   cn: Fiona Jensen
   sn: Jensen
   uid: fiona
   telephonenumber: +1 408 555 1212
   jpegphoto:< file:///usr/local/directory/photos/fiona.jpg
 
   # Delete an existing entry
   dn: cn=Robert Jensen, ou=Rochester, o=Big Company, c=US
   changetype: delete
 
   # Modify an entry's relative distinguished name
   dn: cn=Paul Jensen, ou=Rochester, o=Big Company, c=US
   changetype: modrdn
   newrdn: cn=Paula Jensen
   deleteoldrdn: 1

The order of entries in the LDIF file is important. To successfully add an entry that is specified in the LDIF file to an LDAP directory, its parent entry must first exist in the directory namespace. In the example above, the second and third entries could not be added if the first entry did not exist.

Similarly, to import an LDIF file into a server that supports certain suffixes, the LDIF file must have entries for those suffixes. For example, if your server had the suffix ou=Rochester, o=Big Company, c=US, the LDIF file shown above could be imported. But if your server instead had the suffix o=Big Company, c=US, you must have an entry for that suffix specified first in the LDIF file, as shown here:

dn: o=Big Company, c=US
objectclass: organization
o: Big Company

The specific format and contents of LDIF files are determined by the schema of the server from which they are exported. You can import an LDIF file to any LDAP server that uses the identical schema as the server from which the file was exported. Different vendors' LDAP servers use different schema (with different object classes and attributes). Therefore, you may not be able to import an LDIF file that is created by one server to another server.

As of this writing, an Internet Draft of an Internet Engineering Task Force (IETF) Request for Comments (RFC) on LDIF file specifications is available at the following URL:

http://www.ietf.org

Related procedures:

Importing an LDIF file

Exporting an LDIF file

[ Information Center Home Page | Feedback ]

[ Legal | AS/400 Glossary ]