Copy To LDIF (DB2LDIF)
| Where allowed to run: All environments (*ALL) Threadsafe: Yes |
Parameters Examples Error messages |
The Copy To LDIF (DB2LDIF) command is used to copy the directory contents of a Directory Server instance to a LDAP Data Interchange Format (LDIF) file. The Directory Server provides a Lightweight Directory Access Protocol (LDAP) server on IBM i.
Restriction: You must do or satisfy one of the following conditions to use this command:
- Have all object (*ALLOBJ) and input/output system configuration (*IOSYSCFG) special authorities.
- Supply the administrator distinguished name and password.
- Be a Directory Services administrator. The caller is a Directory Services administrator if the Directory Services server has been configured to grant administrator access to authorized users and the caller is authorized to the 'Directory Services Administrator' function of the operating system.
| Top |
Parameters
| Keyword | Description | Choices | Notes |
|---|---|---|---|
| INSTANCE | Instance | Name, QUSRDIR | Optional, Positional 2 |
| LDIFSTMF | LDIF stream file | Path name | Required, Positional 1 |
| ADMIN | Administrator | Element list | Optional |
| Element 1: Distinguished name | Character value | ||
| Element 2: Password | Character value | ||
| SUBTREE | Subtree distinguished name | Character value, *ALL | Optional |
| LOCALHOST | Copy cn=localhost | *NOCOPY, *COPY | Optional |
| PWDPOLICY | Copy cn=pwdpolicy | *NOCOPY, *COPY | Optional |
| NESTRPLC | Copy nested replication | *COPY, *NOCOPY | Optional |
| OPRATR | Copy operational attributes | *COPY, *NOCOPY | Optional |
| PASSPHRASE | Passphrase | Character value | Optional |
| ENCSALT | Encryption salt | Character value | Optional |
| FILTERDN | Filter distinguished name | Character value | Optional |
| FILTERCMT | Filter comments | Character value | Optional |
| EXPORTDLT | Export deleted entries | *NO, *YES | Optional |
| Top |
Instance (INSTANCE)
Specifies the Directory Server instance whose directory entries are to be copied.
- QUSRDIR
- The name of the system default Directory Server instance.
- name
- Specify the Directory Server instance name. The name has a minimum of one character and a maximum of eight characters.
| Top |
LDIF stream file (LDIFSTMF)
Specifies the integrated file system path to the LDAP Data Interchange Format (LDIF) stream file.
This is a required parameter.
- path-name
- Specify the path name of the LDIF stream file to contain the copy of the Directory Server instance directory entries.
| Top |
Administrator (ADMIN)
Specifies the Directory Server administrator. If not specified, the user must have all object (*ALLOBJ) and input/output system configuration (*IOSYSCFG) special authorities.
Element 1: Distinguished name
- character-value
- Specify the distinguished name for the Directory Server administrator, for example, cn=administrator. A maximum of 50 characters is allowed.
Element 2: Password
- character-value
- Specify the password for the Directory Server administrator. The password is case sensitive and must be enclosed in apostrophes. A maximum of 50 characters is allowed.
| Top |
Subtree distinguished name (SUBTREE)
Specifies the distinguished name (DN) of the root of a directory subtree to copy to the LDAP Data Interchange Format (LDIF) stream file. This object, and all descendant objects will be copied.
- *ALL
- To copy the entire directory tree.
- character-value
- Specify the subtree distinguished name to be copied. A maximum of 50 characters is allowed.
| Top |
Copy cn=localhost (LOCALHOST)
Specifies whether data located under the distinguished name cn=localhost is copied to the LDAP Data Interchange Format (LDIF) stream file.
- *NOCOPY
- The contents of cn=localhost are not copied to the LDIF stream file.
- *COPY
- The contents of cn=localhost are copied to the LDIF stream file.
| Top |
Copy cn=pwdpolicy (PWDPOLICY)
Specifies whether data located under the distinguished name cn=pwdpolicy is copied to the LDAP Data Interchange Format (LDIF) stream file.
- *NOCOPY
- The contents of cn=pwdpolicy are not copied to the LDIF stream file.
- *COPY
- The contents of cn=pwdpolicy are copied to the LDIF stream file. This can only be specified when *ALL is used for the subtree DN (SUBTREE) parameter.
| Top |
Copy nested replication (NESTRPLC)
Specifies whether nested replication contexts are copied to the LDAP Data Interchange Format (LDIF) stream file. For example, if a directory contains the replication contexts o=acme and cn=external users,o=acme, this option can be used to copy data under the distinguished name o=acme while excluding all entries under the distinguished name cn=external users,o=acme.
- *COPY
- Data from nested replication contexts is copied to the LDIF stream file.
- *NOCOPY
- Data from nested replication contexts is not copied to the LDIF stream file. This can only be specified if a subtree DN (SUBTREE) is specified.
| Top |
Copy operational attributes (OPRATR)
Specifies whether the following four operational attributes are copied to the LDAP Data Interchange Format (LDIF) stream file:
- creatorsName
- createTimestamp
- modifiersName
- modifyTimestamp.
- *COPY
- The operational attributes are copied to the LDIF stream file.
- *NOCOPY
- The operational attributes are not copied to the LDIF stream file.
| Top |
Passphrase (PASSPHRASE)
Specifies the Advanced Encryption Standard (AES) passphrase to be used to encrypt any encrypted information stored in the LDAP Data Interchange Format (LDIF) stream file. This passphrase must match the passphrase used by the Directory Server instance that will copy the information from this LDIF stream file. This should only be specified if the target Directory Server instance is using AES encryption to encrypt data.
- character-value
- Specify the passphrase. A minimum of 12 characters and maximum of 1016 characters is allowed. The passphrase is case sensitive, therefore characters must be enclosed in apostrophes. Valid characters are:
!#$@[\]`{}| 'carat' 'tilde' " % & ' ( ) * + , - . / ? > = < ; : _ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9
| Top |
Encryption salt (ENCSALT)
Specifies the Advanced Encryption Standard (AES) salt to be used to encrypt any encrypted information stored in the LDAP Data Interchange Format (LDIF) stream file. The encryption salt must match the encryption salt used by the Directory Server instance that will copy the information from the LDIF stream file created by the command. This should only be specified if the target Directory Server instance is using AES encryption to encrypt data.
- character-value
- Specify the encryption salt. Exactly 12 characters must be used. The encryption salt is case sensitive, therefore characters must be enclosed in apostrophes. Valid characters are:
!#$@[\]`{}| 'carat' 'tilde' " % & ' ( ) * + , - . / ? > = < ; : _ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9
| Top |
Filter distinguished name (FILTERDN)
Specifies a filter DN to be used as a filter for objectclasses and attributes.
- character-value
- Specify the filter distinguished name to be used to filter data. A maximum of 50 characters is allowed.
| Top |
Filter comments (FILTERCMT)
Specified some comments to be added into the LDIF file.
- character-value
- Specifies the comments. A maximum of 256 characters is allowed.
| Top |
Export deleted entries (EXPORTDLT)
Specifies whether the deleted entries are exported to the LDAP Data Interchange Format (LDIF) stream file. If the Subtree distinguished name (SUBTREE) is given along with this option, then the Subtree distinguished name must be cn=Deleted Objects.
- *NO
- Do not export the deleted entries to the LDIF stream file.
- *YES
- Export the deleted entries to the LDIF stream file.
| Top |
Examples
Example 1: Copy Entire QUSRDIR Directory
DB2LDIF INSTANCE(QUSRDIR) LDIFSTMF('/ldap/qusrdir.ldif')
This command copies the entries from the Directory Server directory for the QUSRDIR instance to the qusrdir.ldif stream file in the ldap directory. The user running the command this way must have all object (*ALLOBJ) and input/output system configuration (*IOSYSCFG) special authorities.
Example 2: Copy the o=ibm Subtree Only
DB2LDIF INSTANCE(QUSRDIR) LDIFSTMF('/ldap/ibmsubtree.ldif')
SUBTREE('o=ibm') ADMIN('cn=admin' 'secret')
This command copies the o=ibm subtree entries from the Directory Server directory for the QUSRDIR instance to the ibmsubtree.ldif stream file in the ldap directory.
Example 3: Copy the cn=localhost Entries
DB2LDIF INSTANCE(DOGGIES)
LDIFSTMF('/ldap/includelocal.ldif')
SUBTREE(*ALL) LOCALHOST(*COPY)
ADMIN('cn=fluffy' 'poodle')
This command copies the entries from the Directory Server directory for the DOGGIES instance including the entries in cn=localhost to the includelocal.ldif stream file in the ldap directory.
| Top |
Error messages
*ESCAPE Messages
- GLD0202
- Administrator DN or password not correct.
- GLD0213
- Error opening or creating file.
- GLD0215
- Directory server instance &1 not found.
- GLD0218
- Not enough authority or incorrect distinguished name and password specified.
- GLD022B
- Cannot find object &1.
- GLD0234
- Export subtree is not a replication context.
- GLD0413
- Validation list entry error occurred.
| Top |