LDAP data interchange format (LDIF)

Edit online

This documentation describes the LDAP Data Interchange Format (LDIF), as used by the ldapmodify, ldapsearch, and ldapadd utilities.

The LDIF specified here is also supported by the server utilities that are provided with the IBM® Directory. To know more about the syntax and usage of the command-line utilities, see IBM Security Verify Directory Command Reference.

LDIF is used to represent LDAP entries in text form. The basic form of an LDIF entry is:

dn: distinguished name
attrtype : attrvalue
attrtype : attrvalue
...

A line can be continued by starting the next line with a single space or tab character, for example:

      dn: cn=John E Doe, o=University of High
       er Learning, c=US

Multiple attribute values are specified on separate lines, for example:

      cn: John E Doe
      cn: John Doe

If an attrvalue contains a non-US-ASCII character, or begins with a space or a colon (:), the attrtype is followed by a double colon and the value is encoded in base-64 notation. For example, the value begins with a space is encoded as:

      cn:: IGJlZ2lucyB3aXRoIGEgc3BhY2U=

Multiple entries within the same LDIF file are separated by a blank line. Multiple blank lines are considered a logical end-of-file.