LDAP data interchange format (LDIF)

Edit online

The information provided here describes the LDAP Data Interchange Format (LDIF), as used by the idsldapmodify, idsldapsearch, and idsldapadd utilities.

The LDIF specified here is also supported by the server utilities provided with IBM® Security Directory Server.

LDIF is used to represent LDAP entries in text form.The basic form of an LDIF entry is:

dn: <distinguished name>
<attrtype> : <attrvalue>
<attrtype> : <attrvalue>
...

A line can be continued by starting the next line with a single space or tab character, for example:

dn: cn=John E Doe, o=University of Higher Learning, c=US

Multiple attribute values are specified on separate lines, for example:

cn: John E Doe
cn: John Doe

If an <attrvalue> contains a non-US-ASCII character, or begins with a space or a colon ':', the <attrtype> is followed by a double colon and the value is encoded in base-64 notation. For example, the value " begins with a space" would be encoded like this:

cn:: IGJlZ2lucyB3aXRoIGEgc3BhY2U=

Multiple entries within the same LDIF file are separated by a blank line. Multiple blank lines are considered a logical end-of-file.