What Is A LDIF File?

Document ID : KB000053375
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

We see references to LDIF and do not know neither what it stands for nor how to use it.

Solution:

LDIF stands for LDAP Data Interchange Format. LDIF files are specially formatted text files that can be used to exchange data between LDAP directory servers.

LDIF formats are defined by the Internet Engineering Task Force (IETF) in RFC 2849. The IETF Web site is at http://www.ietf.org/rfc/rfc2849.txt for information about LDIF format.

They are also used as input file on LDAP commands, like as follows:

./ldapmodify -c -h USI252ME -p 389 -D cn=usera \
-w XE52 -x -f usera_create_acid.ldif

Here is a sample of LDIF format:

The standard format for directory entries is as follows:

dn: distinguished_name
changetype: add|delete|modify|modrdn|moddn
attribute_type: attribute_value
...
objectClass: object_class_value
...

The dn Directive:

The dn directive defines the Distinguished Name (DN) of an entry.

The changetype Directive:

The changetype directive defines the operation you want to perform on the entry. The operations that you specify with the changetype directive are:

  • add
  • delete
  • modify
  • modrdn
  • moddn

The attribute_type Directive:

The attribute_type directive is used to specify an attribute type name and value pair. The entry will have an attribute_type directive for each attribute in the entry.

The objectClass Directive:

The objectClass directive is used to specify the object class that is associated with the entry.

Here is the LDIF File for the above LDAP command which illustrates how all directives works:

********************************* Top of Data **************
version: 1                                                  
dn:tssacid=000002,tssadmingrp=acids,host=a52icci,o=ca,c=usa 
changetype: add                                             
objectClass: tssacid                                        
Name:DEFAULT USER 2                                         
tssacid:000002                                              
User-Type:USER                                              
AcidRecordSize:512                                          
Department:D112                                             
userPassword:000002                                         
My-Phone-Number-is:06.17.69.89.00                           
My-Street-is:25, Main St                           
******************************** Bottom of Data ************

The equivalent CA Top Secret TSS command would be:

TSS CRE(000002) TYPE(USER) NAME('DEFAULT USER 2') DEPT(D112) PASS(000002) MYPHONE(06.17.69.89.00) MYSTREET('25, Main St')