Jump to content

LDAP Data Interchange Format

From Wikipedia, the free encyclopedia
Not to be confused withData Interchange Format.
LDIF
Filename extension
.ldif
Internet media typetext/plain
Type of formatData interchange
StandardRFC 2849

TheLDAP Data Interchange Format(LDIF) is a standardplain textdata interchange format for representingLightweight Directory Access Protocol(LDAP) directory content and update requests. LDIF conveys directory content as a set of records, one record for each object (or entry). It also represents update requests, such as Add, Modify, Delete, and Rename, as a set of records, one record for each update request.

LDIF was designed in the early 1990s byTim Howes,Mark C. Smith, and Gordon Good while at theUniversity of Michigan.LDIF was updated and extended in the late 1990s for use with Version 3 of LDAP. This later version of LDIF is called version 1 and is formally specified in RFC 2849, anIETFStandard TrackRFC.RFC 2849 is authored by Gordon Good and was published in June 2000. It is currently a Proposed Standard.

A number of extensions to LDIF have been proposed over the years. One extension has been formally specified by the IETF and published. RFC 4525, authored by Kurt Zeilenga, extended LDIF to support the LDAP Modify-Increment extension. It is expected that additional extensions will be published by the IETF in the future.

Content record format[edit]

Each content record is represented as a group of attributes, with records separated from one another by blank lines. The individual attributes of a record are represented as single logical lines (represented as one or more multiple physical lines via a line-folding mechanism), comprising "name: value" pairs. Value data that do not fit within a portable subset ofASCIIcharacters are marked with '::' after the attribute name and encoded into ASCII usingbase64encoding. The content record format is a subset of the Internet Directory Information type.RFC 2425

Tools that employ LDIF[edit]

TheOpenLDAPutilities include tools for exporting data from LDAP servers to LDIF content records (ldapsearch), importing data from LDIF content records to LDAP servers (ldapadd), and applying LDIF change records to LDAP servers (ldapmodify).

LDIF is one of the formats for importing and exporting address book data that the address books inNetscape Communicatorand in theMozilla Application Suitesupport.

MicrosoftWindows 2000 ServerandWindows Server 2003include an LDIF based command line tool named LDIFDE for importing and exporting information inActive Directory.

JXploreris a cross platform open source java application that can browse and do basic editing of LDIF files.

LDIF fields[edit]

dn
distinguished name
This refers to the name that uniquely identifies an entry in the directory.
dc
domain component
This refers to each component of the domain. For example www.mydomain.com would be written as DC=www,DC=mydomain,DC=com
ou
organisational unit
This refers to the organisational unit (or sometimes the user group) that the user is part of. If the user is part of more than one group, you may specify as such, e.g., OU= Lawyer,OU= Judge.
cn
common name
This refers to the individual object (person's name; meeting room; recipe name; job title; etc.) for whom/which you are querying.

Examples of LDIF[edit]

This is an example of a simple directory entry with several attributes, represented as a record in LDIF: 

dn:cn=The Postmaster,dc=example,dc=com
objectClass:organisationalRole
cn:The Postmaster

This is an example of an LDIF record that modifies multiple single-valued attributes for two different directory entries (this format is used by Microsoft's LDIFDE tool): 

dn:CN=John Smith,OU=Legal,DC=example,DC=com
changetype:modify
replace:employeeID
employeeID:1234
-
replace:employeeNumber
employeeNumber:98722
-
replace:extensionAttribute6
extensionAttribute6:JSmith98
-

dn:CN=Jane Smith,OU=Accounting,DC=example,DC=com
changetype:modify
replace:employeeID
employeeID:5678
-
replace:employeeNumber
employeeNumber:76543
-
replace:extensionAttribute6
extensionAttribute6:JSmith14
-

Note: the "-" character between each attribute change is required. Also note that each directory entry ends with a "-" followed by a blank line. The final "-" is required by Microsoft's LDIFDE tool, but not needed by most ldif implementations.

This is an example of an LDIF file that adds a telephone number to an existing user: 

dn:cn=Peter Michaels,ou=Artists,l=San Francisco,c=US
changetype:modify
add:telephonenumber
telephonenumber:+1 415 555 0002

An example of LDIF containing a control: 

version:1
dn:o=testing,dc=example,dc=com
control:1.3.6.1.1.13.1falsecn
changetype:add
objectClass:top
objectClass:organisation
o:testing

RFCs[edit]

  • RFC2849— The LDAP Data Interchange Format (LDIF) - Technical Specification
  • RFC4510— Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map
  • RFC4525— LDAP Modify-Increment Extension

External links[edit]

Retrieved from "https://en.wikipedia.org/w/index.php?title=LDAP_Data_Interchange_Format&oldid=1230531412"