LDIF examples

An LDIF content file contains entries that can be loaded to the directory.

Here is an example of an LDIF content file that contains three entries:

      dn: cn=John E Doe, o=University of High
       er Learning, c=US
      cn: John E Doe
      cn: John Doe
      objectclass: person
      sn: Doe
  
      dn: cn=Bjorn L Doe, o=University of High
       er Learning, c=US
      cn: Bjorn L Doe
      cn: Bjorn Doe
      objectclass: person
      sn: Doe
  
      dn: cn=Jennifer K. Doe, o=University of High
       er Learning, c=US
      cn: Jennifer K. Doe
      cn: Jennifer Doe
      objectclass: person
      sn: Doe
      jpegPhoto:: /9j/4AAQSkZJRgABAAAAAQABAAD/2wBDABALD
       A4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQ
       ERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVG
      ...

The jpegPhoto in the entry of Jennifer Doe is encoded by using base-64. The textual attribute values can also be specified in base-64 format. However, if so, the base-64 encoding must be in the code page of the wire format for the protocol. That is, for LDAP V2, the IA5 character set and for LDAP V3, the UTF-8 encoding.

LDIF example: Content

LDIF file: Change types

You can modify and delete existing directory entries when an LDIF file contains change types. For example, the following LDIF file entry shows the object class insectopia being added to the existing entry dn= cn=foo, ou=bar by using the modify change type:

dn: cn=foo, ou=bar
changetype: modify
add: objectclass
objectclass: insectopia

For a complete list of change types, see RFC 2849.

Change type files can also contain LDAP controls. LDAP controls can be used to extend certain LDAP Version 3 operations.

A control must contain a unique object identifier (OID) that identifies the control. Make sure that your server supports the control that you want to use.

The following example shows the LDAP control syntax. Brackets indicate optional data; only the OID is required.

control: OID [true||false] [string || :: 64string]

Where:

OID is the OID that identifies the control you want to use.
string is a string that does not include Line Feed, Carriage Return, NULL, colon, space or < symbol.
64string is a base-64 encoded string.

The following example uses the Subtree delete control to delete the ou=Product Development, dc=airius, dc=com entry:

dn: ou=Product Development, dc=airius, dc=com
control: 1.2.840.113556.1.4.805 true
changetype: delete

When controls are included in an LDIF file, implementations might choose to ignore some or all of them. This implementation might be necessary if the changes described in the LDIF file are being sent on an LDAPv2 connection (LDAPv2 does not support controls), or the particular controls are not supported by the remote server. If the criticality of a control is "true", then the implementation must either include the control, or must not send the operation to a remote server.

For more information, see LDAP controls and Object Identifiers (OIDs) for extended operations and controls.