LDAP Data Interchange Format

from Wikipedia, the free encyclopedia

LDIF (abbreviation of the English for L DAP D ata I nterchange F ormat ) is an ASCII -based file format for representing information from an LDAP - directory .

LDAP only describes a communication protocol for directory services; the internal representation of the data in a directory is not specified and therefore differs for specific implementations by different manufacturers. In order to enable a simple exchange of data even between heterogeneous directories, LDIF was specified as the exchange format.

As with LDAP, care was taken when developing LDIF to make the format as simple as possible. Due to the restriction to a purely textual representation, the format remains human-readable and can therefore be easily interpreted. The file contents are coded in ASCII. As soon as special characters - such as umlauts - are included, the data must be stored base64- coded (some tools and server implementations also support uncoded values). The attribute names are marked with a colon ( attribut:: base64-Wert).

An LDAP object is described by several LDIF lines. It always starts with the distinguished name dn, which indicates the absolute position in the LDAP tree. This is followed by one or more object classes that define which attributes are permitted or required. This is followed by the attribute / value pairs that represent the actual content. Multi-value attributes are specified several times, with one value per line. The object definition is completed by a blank line. A line that begins with a hash mark (#) is a comment and is ignored by tools. Long lines can be broken by specifying a line break followed by a space.

LDIF formats

There are two basic LDIF formats that cannot be mixed within a file:

  • LDIF Content: Describes entries as such with attributes
  • LDIF Change: Describes changes to entries and their attributes. Several different statements can be specified per entry.

Examples

Example: LDIF content file company structure.ldif with five LDAP objects: 

 dn: dc=structure-net, dc=de
 objectclass: organization
 objectclass: top
 o: Structure Net
 l: Hamburg
 postalcode: 21033
 streetaddress: Billwiese 22

 dn: ou=Sales, dc=structure-net, dc=de
 objectclass: organizationalunit
 ou: Sales
 description: Verkauf
 telephonenumber: 040-7654321
 facsimiletelephonenumber: 040-7654321

 dn: ou=Development, dc=structure-net, dc=de
 objectclass: organizationalunit
 ou: Development
 description: Entwicklung
 telephonenumber: 040-7654321
 facsimiletelephonenumber: 040-7654321

 dn: ou=Support, dc=structure-net, dc=de
 objectclass: organizationalunit
 ou: Support
 description: Support
 telephonenumber: 040-7654321
 facsimiletelephonenumber: 040-7654321

 dn: uid=admin, dc=structure-net, dc=de
 objectclass: person
 objectclass: organizationalperson
 objectclass: inetorgperson
 cn: admin
 cn: Systemverwalter
 cn: Thomas Bendler
 sn: Bendler
 uid: admin
 mail: tbendler@structure-net.de
 l: Hamburg
 postalcode: 21033
 streetaddress: billwiese 22
 telephonenumber: 040-7654321
 facsimiletelephonenumber: 040-7654321

from: Thomas Bendler: Linux LDAP-HOWTO .

Example: LDIF content file with line break: 

 dn: ou=VeryLong,o=TestOrg,dc=de
 objectclass: organizationalunit
 ou: veryLong
 l:: w5xiZXJsaW5nZW4=
 description: Dies ist eine sehr lange Beschreibung. Sie ist so lang, dass sie hier->
  <- umbrochen wird.
  Das laesst sich beliebig oft wiederholen. Dabei ist egal,
  ob nur die Daten getrennt werden oder auch Attributsnamen.
  Trennen ist ueberall im LDIF-Text moeglich.
 attr
  ibut: Beispiel fuer ein umbrochenes Attribut.

Example: LDIF change file with comment: 

 # Vorhandene Beispielabteilung modifizieren: Beschreibung (Attribut description) hinzufügen
 dn: ou=Example,o=TestOrg,dc=de
 changeType: modify
 add: description
 description: Dies ist der Beschreibungstext

 # Eintrag mit mehreren Changeanweisungen
 #  1. Beschreibung hinzufügen
 #  2. Postleitzahl ersetzen
 #  3. Telefonnummer durch mehrere neue ersetzen
 #  4. Straße löschen
 #  5. bestimmte Faxnummer löschen (andere Faxnummern bleiben bestehen)
 dn: ou=AmpleEx,o=TestOrg,dc=de
 changeType: modify
 add: description
 description: Test1234
 -
 replace: postalCode
 postalCode: 12345
 -
 replace: telephoneNumber
 telephoneNumber: 01234 56789
 telephoneNumber: 98765 4321-0
 -
 delete: street
 -
 delete: facsimileTelephoneNumber
 facsimileTelephoneNumber: deleteJustThisValue

 # Neuen LDAP-Eintrag anlegen
 dn: cn=FooBar,ou=Example,o=TestOrg,dc=de
 changeType: add
 objectClass: person
 objectClass: organizationalPerson
 objectClass: inetOrgPerson
 cn: FooBar
 sn: Bar
 givenName: Foo
 mail: foobar@testorg.de
 telephonenumber: 1234 567890

See also

Web links