LDIF - LDAP Data Interchange Format
Is a standard plain text data interchange format for representing LDAP directory content as a set of records, one record for each object (or entry).
LDIF is meant to be able to describe any entry within an LDAP system, as well as any modification that must take place.
LDIF fields
- DN
- Distinguished Name - This refers to the name that uniquely identifies an entry in the directory
- DC
- Domain Component - This refers to each component on the domain. For example www.symas.com would be written as DC=www,DC=symas,DC=com
DC is only a tradition, a ???. And mirroring the fully qualified domain name (FQDN) for the base domain is commonly used using DC. The RFCs do not define a “D” (Domain) objectClass. It could be defined in customer schema and values like “example.com” (a DN string, a well known attribute type) could be used. Being something of a rebel, I (Marty) set up my suffix with things like
organization=symas corp.
- OU
- Organizational Unit - This refers to the organization unit(or sometimes the user group) that the user is part of. If the user is part of more than one group, you may specify as such. Example: OU=Engineer,OU=Manager
- CN
- Common Name - This refers to the individual object (person’s name; meeting room; job title; etc.) for whom/which you are querying.
CN MAY be the Relative Distinguished Name (RDN) by which the entry is commonly known. When the entry is created, the RDN is the left-most part as in
cn=bowser,dc=example,dc=comwhere the RDN iscn=bowser. Other attributes (attribute names MAY actually be used in an RDN).
LDIF for Adding an Entry
LDIF for Modifying an Exiting Entry
Modifications, including adding entries in the middle of a stream of
LDIF modifications, are done based on a changetype
pseudo-attribute. There are several values for the
changetype:
add- the entry will be added. If it is there, the operation will fail.modify- the entry will be modified, possibly modified by more detailed directions.delete- the entry (or attribute(s))replace- applies to the following attribute(s)
Using switches to modify, add and removed entries using LDIF
changetype: add
Example: to add a user entry:
dn: uid=jsmith1,ou=People,dc=example,dc=com
changetype: add
objectClass: inetOrgPerson
description: John Smith from Accounting. John is the project manager of the building project, so contact him with any questions.
cn: John Smith
sn: Smith
uid: jsmith1changetype: modify
dn: uid=sbrown20, ou=People,dc=example,dc=com changetype: modify add: mail mail: sbrown@example.com
This entry will attribute_type mail to the current specified user account
changetype: delete
Example:
dn: ou=othergroup,dc=example,dc=comchangetype: delete
This will remove the ou=othergroup
changetype: modify
replace:
delete:
Example:
dn: uid=sbrown20,ou=People,dc=example,dc=com
changetype: modify
replace: mail
mail: sbrown2@example.com
This entry will replace email address of the user account.
dn: uid=jsmith1,ou=People,dc=example,dc=com
changetype: modify
delete: mail
mail: sbrown2@example.com
This modification will remove email specified
changetype: modrdn
Example:
dn: uid=sbrown20,ou=People,dc=example,dc=com
changetype: modrdn
newrdn: uid=sbrown200
deleteoldrdn: 0
This will entry will rename the uid:sbrown20 to sbrown200. Leaving deleteoldrdn to 0 will not remove the old UID but switching to 1 will remove the old attribute.
Example:
dn: ou=superusers,dc=example,dc=com
changetype: add
objectClass: organizationalUnit
ou: superusers
dn: uid=sbrown2,ou=People,dc=example,dc=com
changetype: modrdn
newrdn: uid=sbrown2
deleteoldrdn: 0
newsuperior: ou=superusers,dc=example,dc=com
The first set changes will create the new OU superusers. In the second entry, it moves sbrown2 to the new created OU superusers
If need to add an image or audio file to user account use the following:
Example:
dn: uid=jsmith1,ou=People,dc=example,dc=com
changetype: modify
add: jpegPhoto
jpegPhoto:< file:///tmp/john.jpgExample:
dn: uid=jsmith1,ou=People,dc=example,dc=com
changetype: modify
add: audio
audio:< file:///tmp/hellojohn.mp3