LDAP Data Interchange Format

LDIF (abbreviation of the English for LDAP Data Interchange Format) is an ASCII-based file format for representing information from an LDAP directory.

LDAP only describes a communication protocol for directory services, the internal representation of data in a directory is not specified and thus different for concrete implementations from different manufacturers. Nevertheless, to allow easy exchange of data between heterogeneous directories LDIF specified as an exchange format.

As with LDAP care was taken in the development of LDIF it as simple as possible to make the format. The restriction to a purely textual representation of the format is human-readable and thus can be interpreted easily.

An LDAP object is described by multiple LDIF lines. It always starts with the distinguished name dn, specifying the absolute position in the LDAP tree. This is followed by one or more object classes define which attributes are permitted or required. Then follow the attribute / value pairs that represent the actual content. Multi-Value attributes are specified more than once, it is done one value per line. The object definition is terminated by a blank line. A line (#) starts with a hash sign represents a comment and is ignored by tools. Long lines can be broken by a newline followed by a space is specified.

LDIF formats

There are two basic LDIF formats may not be mixed within a file:

  • LDIF Content: Describes items than those with attributes
  • LDIF Change: Describes changes of entries and their attributes. Several different statements can be specified per Einträg.

Examples

Example: LDIF content file firmenstruktur.ldif with five LDAP objects:

Dn: dc = structure -net, dc = de   objectClass: organization   objectclass: top   o: Structure Net   l: Hamburg   postalCode: 21033   street address: Bill Wiese 22     dn: ou = Sales, dc = structure -net, dc = de   objectclass: organizationalunit   ou: Sales   description: sale   telephone number: 040-7654321   facsimiletelephonenumber: 040-7654321     dn: ou = Development, dc = structure -net, dc = de   objectclass: organizationalunit   ou: Development   description: Development   telephone number: 040-7654321   facsimiletelephonenumber: 040-7654321     dn: ou = support, dc = structure -net, dc = de   objectclass: organizationalunit   ou: Support   description: Support   telephone number: 040-7654321   facsimiletelephonenumber: 040-7654321     dn: uid = admin, dc = structure -net, dc = de   objectclass: person   objectclass: organizationalPerson   objectclass: inetorgperson   cn: admin   cn: System Administrator   cn: Thomas Bendler   sn: Bendler   uid: admin   mail: [email protected]   l: Hamburg   postalCode: 21033   street address: bill wiese 22   telephone number: 040-7654321   facsimiletelephonenumber: 040-7654321 from: Thomas Bendler: Linux LDAP HOWTO.

Example: LDIF content file with line break:

Dn: ou = Very Long, o = TestOrg, dc = de   objectclass: organizationalunit   ou: veryLong   description: This is a very long description. It is so long that it here ->    <- Wraps.    This is possible be repeated any number of times. It does not matter    whether only the data is separated or attribute name.    Disconnect is everywhere in LDIF text possible.   attr    ibut: Example for a umbrochenes attribute. Example: LDIF change file with comment:

# Modify existing example Department: Add Description ( description attribute )   dn: ou = example, o = TestOrg, dc = de   changetype: modify   add: description   description: This is the description text     # Entry with more changesets instructions   Add # 1 Description   Replace # 2 Postal Code   Replace # 3 phone number by several new   # Delete 4th Street   Delete # 5 specific fax number ( other fax numbers remain )   dn: ou = AmpleEx, o = TestOrg, dc = de   changetype: modify   add: description   description: test1234   -   replace: postalCode   postalCode: 12345   -   replace: telephoneNumber   telephone number: 01234 56789   telephone number: 98765 4321-0   -   delete: street   -   delete: facsimileTelephoneNumber   facsimileTelephoneNumber: deleteJustThisValue

# Create new LDAP entry   dn: cn = FooBar, ou = example, o = TestOrg, dc = de   changetype: add   objectclass: person   objectclass: organizationalPerson   objectclass: inetOrgPerson   cn: FooBar   sn: Bar   givenName: Foo   mail: [email protected]   telephone number: 1234 567890 see also

  • VCard
18284
de