LDAP data interchange format (LDIF)

Edit online

LDAP Data Interchange Format is a standard text format for representing LDAP objects and LDAP updates (add, modify, delete, modify DN) in a textual form. Files containing LDIF records can be used to transfer data between directory servers or used as input by LDAP tools like ldapadd and ldapmodify.

LDIF content records are used to represent LDAP directory content and consist of a line identifying the object, followed by lines containing the attribute-value pairs for the object. This type of file is used by the ldapadd Qshell utility as well the directory import and export tools in IBM Navigator for i and the CPYFRMLDIF (LDIF2DB) and CPYTOLDIF (DB2LDIF) CL commands.

Note: It is recommended to run the DB2LDIF command in one standalone job.

LDIF change records are used to represent directory updates. These records consist of a line identifying the directory object, followed by lines describing the changes to the object. The changes include adding, deleting, renaming, or moving objects as well as modifying existing objects.

There are two input styles for both of these records: A standard LDIF style defined by RFC 2849: The LDAP Data Interchange Format (LDIF) - Technical Specification; and an older non-standard modify style. Use of the standard LDIF style is recommended; the older style is documented here for use with older tools that produce or use that style.

Input styles

The ldapmodify and ldapadd Qshell utilities accept two forms of input. The type of input is determined by the format of the first input line supplied to ldapmodify or ldapadd.

The first line of input to the ldapmodify or ldapadd command must denote the distinguished name of a directory entry to add or modify. This input line must be of the form: 

dn: distinguished_name

or

distinguished_name

where dn: is a literal string and distinguished_name is the distinguished name of the directory entry to modify (or add). If dn: is found, the input style is set to RFC 2849 LDIF style. If it is not found, the input style is set to modify style.

Note:
  1. The ldapadd command is equivalent to invoking the ldapmodify -a command.
  2. The ldapmodify and ldapadd utilities do not support base64 encoded distinguished names.