ldif(5) - f39

1LDIF(5)                       File Formats Manual                      LDIF(5)
2
3
4

NAME

6       ldif - LDAP Data Interchange Format
7

DESCRIPTION

9       The  LDAP  Data Interchange Format (LDIF) is used to represent LDAP en‐
10       tries and change records in text form. LDAP tools, such  as  ldapadd(1)
11       and  ldapsearch(1),  read  and write LDIF entry records.  ldapmodify(1)
12       reads LDIF change records.
13
14       This manual page provides a basic description of LDIF.  A formal speci‐
15       fication of LDIF is published in RFC 2849.
16

ENTRY RECORDS

18       LDIF  entry records are used to represent directory entries.  The basic
19       form of an entry record is:
20
21            dn: <distinguished name>
22            <attrdesc>: <attrvalue>
23            <attrdesc>: <attrvalue>
24            <attrdesc>:: <base64-encoded-value>
25            <attrdesc>:< <URL>
26            ...
27
28       The value may be specified as UTF-8 text or as base64 encoded data,  or
29       a URI may be provided to the location of the attribute value.
30
31       A  line  may be continued by starting the next line with a single space
32       or tab, e.g.,
33
34            dn: cn=Barbara J Jensen,dc=exam
35             ple,dc=com
36
37       Lines beginning with a sharp sign ('#') are ignored.
38
39       Multiple attribute values are specified on separate lines, e.g.,
40
41            cn: Barbara J Jensen
42            cn: Babs Jensen
43
44       If an value contains a non-printing character, or begins with  a  space
45       or  a  colon  ':', the <attrtype> is followed by a double colon and the
46       value is encoded in base 64 notation. e.g., the value " begins  with  a
47       space" would be encoded like this:
48
49            cn:: IGJlZ2lucyB3aXRoIGEgc3BhY2U=
50
51       If the attribute value is located in a file, the <attrtype> is followed
52       by a ':<' and a file: URI.  e.g.,  the  value  contained  in  the  file
53       /tmp/value would be listed like this:
54
55            cn:< file:///tmp/value
56       Other URI schemes (ftp,http) may be supported as well.
57
58       Multiple  entries  within  the  same  LDIF  file are separated by blank
59       lines.
60

ENTRY RECORD EXAMPLE

62       Here is an example of an LDIF file containing three entries.
63
64            dn: cn=Barbara J Jensen,dc=example,dc=com
65            cn: Barbara J Jensen
66            cn: Babs Jensen
67            objectclass: person
68            description:< file:///tmp/babs
69            sn: Jensen
70
71            dn: cn=Bjorn J Jensen,dc=example,dc=com
72            cn: Bjorn J Jensen
73            cn: Bjorn Jensen
74            objectclass: person
75            sn: Jensen
76
77            dn: cn=Jennifer J Jensen,dc=example,dc=com
78            cn: Jennifer J Jensen
79            cn: Jennifer Jensen
80            objectclass: person
81            sn: Jensen
82            jpegPhoto:: /9j/4AAQSkZJRgABAAAAAQABAAD/2wBDABALD
83             A4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQ
84             ERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVG
85            ...
86
87       Note that the description  in  Barbara  Jensen's  entry  is  read  from
88       file:///tmp/babs  and  the  jpegPhoto in Jennifer Jensen's entry is en‐
89       coded using base 64.
90

CHANGE RECORDS

92       LDIF change records are used to represent  directory  change  requests.
93       Each  change  record starts with line indicating the distinguished name
94       of the entry being changed:
95
96            dn: <distinguishedname>
97
98            changetype: <[modify|add|delete|modrdn]>
99
100       Finally, the change information itself is given, the  format  of  which
101       depends  on  what kind of change was specified above.  For a changetype
102       of modify, the format is one or more of the following:
103
104            add: <attributetype>
105            <attrdesc>: <value1>
106            <attrdesc>: <value2>
107            ...
108            -
109
110       Or, for a replace modification:
111
112            replace: <attributetype>
113            <attrdesc>: <value1>
114            <attrdesc>: <value2>
115            ...
116            -
117
118       If no attributetype lines are given to replace, the entire attribute is
119       to be deleted (if present).
120
121       Or, for a delete modification:
122
123            delete: <attributetype>
124            <attrdesc>: <value1>
125            <attrdesc>: <value2>
126            ...
127            -
128
129       If  no attributetype lines are given to delete, the entire attribute is
130       to be deleted.
131
132       For a changetype of add, the format is:
133
134            <attrdesc1>: <value1>
135            <attrdesc1>: <value2>
136            ...
137            <attrdescN>: <value1>
138            <attrdescN>: <value2>
139
140       For a changetype of modrdn or moddn, the format is:
141
142            newrdn: <newrdn>
143            deleteoldrdn: 0 | 1
144            newsuperior: <DN>
145
146       where a value of 1 for deleteoldrdn means to delete the values  forming
147       the  old rdn from the entry, and a value of 0 means to leave the values
148       as non-distinguished attributes in the entry.  The newsuperior line  is
149       optional  and, if present, specifies the new superior to move the entry
150       to.
151
152       For a changetype of delete, no additional information is needed in  the
153       record.
154
155       Note that attribute values may be presented using base64 or in files as
156       described for entry records.  Lines in change records may be  continued
157       in the manner described for entry records as well.
158

CHANGE RECORD EXAMPLE

160       The following sample LDIF file contains a change record of each type of
161       change.
162
163            dn: cn=Babs Jensen,dc=example,dc=com
164            changetype: add
165            objectclass: person
166            objectclass: extensibleObject
167            cn: babs
168            cn: babs jensen
169            sn: jensen
170
171            dn: cn=Babs Jensen,dc=example,dc=com
172            changetype: modify
173            add: givenName
174            givenName: Barbara
175            givenName: babs
176            -
177            replace: description
178            description: the fabulous babs
179            -
180            delete: sn
181            sn: jensen
182            -
183
184            dn: cn=Babs Jensen,dc=example,dc=com
185            changetype: modrdn
186            newrdn: cn=Barbara J Jensen
187            deleteoldrdn: 0
188            newsuperior: ou=People,dc=example,dc=com
189
190            dn: cn=Barbara J Jensen,ou=People,dc=example,dc=com
191            changetype: delete
192
193

INCLUDE STATEMENT

195       The LDIF parser has been extended to support an include  statement  for
196       referencing  other LDIF files.  The include statement must be separated
197       from other records by a blank line.  The referenced file  is  specified
198       using  a  file: URI and all of its contents are incorporated as if they
199       were part of the original LDIF file. As above, other URI schemes may be
200       supported. For example:
201
202            dn: dc=example,dc=com
203            objectclass: domain
204            dc: example
205
206            include: file:///tmp/example.com.ldif
207
208            dn: dc=example,dc=org
209            objectclass: domain
210            dc: example
211       This  feature  is not part of the LDIF specification in RFC 2849 but is
212       expected to appear in a future revision of this spec. It  is  supported
213       by the ldapadd(1), ldapmodify(1), and slapadd(8) commands.
214
215

ACKNOWLEDGEMENTS

223       OpenLDAP Software is developed and maintained by The  OpenLDAP  Project
224       <http://www.openldap.org/>.  OpenLDAP Software is derived from the Uni‐
225       versity of Michigan LDAP 3.3 Release.
226
227
228
229OpenLDAP 2.6.6                    2023/07/31                           LDIF(5)