LDAP Data Interchange Format
Encyclopedia
The LDAP Data Interchange Format (LDIF) is a standard plain text
data interchange format for representing LDAP
(Lightweight Directory Access Protocol) directory content and update requests. LDIF conveys directory content as a set of records, one record for each object (or entry). It represents update requests, such as Add, Modify, Delete, and Rename, as a set of records, one record for each update request.
LDIF was designed in the early 1990s by Tim Howes
, Mark C Smith, and Gordon Good while at the University of Michigan
. LDIF was updated and extended in the late 1990s for use with Version 3 of LDAP. This later version of LDIF is called version 1 and is formally specified in RFC 2849, an IETF
Standard Track RFC. RFC 2849, authored by Gordon Good, was published in June 2000 and is currently a Proposed Standard.
A number of extensions to LDIF have been proposed over the years. One extension has been formally specified by the IETF and published. RFC 4525, authored by Kurt Zeilenga, extended LDIF to support the LDAP Modify-Increment extension. It is expected that additional extensions will be published by the IETF in the future.
characters are marked with '::' after the attribute name and encoded into ASCII using base64
encoding. The content record format is a subset of the Internet Directory Information type.RFC 2425
utilities include tools for exporting data from LDAP servers to LDIF content records (ldapsearch), importing data from LDIF content records to LDAP servers (ldapadd), and applying LDIF change records to LDAP servers (ldapmodify).
LDIF is one of the formats for importing and exporting address book data that the address books in Netscape Communicator
and in the Mozilla Application Suite
support. Yahoo! Mail does not encode certain characters properly when one exports their Yahoo! address book in LDIF format. For example, ampersand (&) is encoded as an HTML Extended Character (&) instead of the ampersand character. As a result, when the LDIF file is imported into Thunderbird, for example, a text phrase like "John & Jane Doe" comes out in one's address book as "John & Jane Doe". The only corrective means at the moment is manually editing the address book after an Import.
Microsoft Windows 2000 Server
and Windows Server 2003
include an LDIF based command line tool named LDIFDE for importing and exporting information in Active Directory
.
JXplorer
is a cross platform open source java application that can browse and do basic editing of LDIF files.
This refers to the name that uniquely identifies an entry in the directory.
dc: domain component
This refers to each component of the domain. For example www.google.com would be written as DC=www,DC=google,DC=com
ou: organizational unit
This refers to the organizational unit (or sometimes the user group) that the user is part of. If the user is part of more than one group, you may specify as such, e.g., OU= Lawyer,OU= Judge.
cn: common name
This refers to the individual object (person's name; meeting room; recipe name; job title; etc.) for whom/which you are querying.
dn: cn=The Postmaster,dc=example,dc=com
objectClass: organizationalRole
cn: The Postmaster
This is an example of an LDIF record that modifies multiple single-valued attributes for two different directory entries (this format is used by Microsoft's LDIFDE tool):
dn: CN=John Smith,OU=Legal,DC=example,DC=com
changetype: modify
replace:employeeID
employeeID: 1234
-
replace:employeeNumber
employeeNumber: 98722
-
replace: extensionAttribute6
extensionAttribute6: JSmith98
-
dn: CN=Jane Smith,OU=Accounting,DC=example,DC=com
changetype: modify
replace:employeeID
employeeID: 5678
-
replace:employeeNumber
employeeNumber: 76543
-
replace: extensionAttribute6
extensionAttribute6: JSmith14
-
Note: the "-" character between each attribute change is required. Also note that each directory entry ends with a "-" followed by a blank line. The final "-" is required.
This is an example of an LDIF file that adds a telephone number to an existing user:
dn: cn=Peter Michaels, ou=Artists, l=San Francisco, c=US
changetype: modify
add: telephonenumber
telephonenumber: +1 415 555 0002
An example of LDIF containing a control:
version: 1
dn: o=testing,dc=example,dc=com
control: 1.3.6.1.1.13.1 false cn
changetype: add
objectClass: top
objectClass: organization
o: testing
Plain text
In computing, plain text is the contents of an ordinary sequential file readable as textual material without much processing, usually opposed to formatted text....
data interchange format for representing LDAP
Lightweight Directory Access Protocol
The Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network...
(Lightweight Directory Access Protocol) directory content and update requests. LDIF conveys directory content as a set of records, one record for each object (or entry). It represents update requests, such as Add, Modify, Delete, and Rename, as a set of records, one record for each update request.
LDIF was designed in the early 1990s by Tim Howes
Tim Howes
Tim Howes is the co-inventor of the Lightweight Directory Access Protocol , the Internet standard for accessing directory servers. The main purpose was to handle situations that the X.500 protocol suite could not address....
, Mark C Smith, and Gordon Good while at the University of Michigan
University of Michigan
The University of Michigan is a public research university located in Ann Arbor, Michigan in the United States. It is the state's oldest university and the flagship campus of the University of Michigan...
. LDIF was updated and extended in the late 1990s for use with Version 3 of LDAP. This later version of LDIF is called version 1 and is formally specified in RFC 2849, an IETF
Internet Engineering Task Force
The Internet Engineering Task Force develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standards bodies and dealing in particular with standards of the TCP/IP and Internet protocol suite...
Standard Track RFC. RFC 2849, authored by Gordon Good, was published in June 2000 and is currently a Proposed Standard.
A number of extensions to LDIF have been proposed over the years. One extension has been formally specified by the IETF and published. RFC 4525, authored by Kurt Zeilenga, extended LDIF to support the LDAP Modify-Increment extension. It is expected that additional extensions will be published by the IETF in the future.
Content Record Format
Each content record is represented as a group of attributes, with records separated from one another by blank lines. The individual attributes of a record are represented as single logical lines (represented as one or more multiple physical lines via a line-folding mechanism), comprising "name: value" pairs. Value data that do not fit within a portable subset of ASCIIASCII
The American Standard Code for Information Interchange is a character-encoding scheme based on the ordering of the English alphabet. ASCII codes represent text in computers, communications equipment, and other devices that use text...
characters are marked with '::' after the attribute name and encoded into ASCII using base64
Base64
Base64 is a group of similar encoding schemes that represent binary data in an ASCII string format by translating it into a radix-64 representation...
encoding. The content record format is a subset of the Internet Directory Information type.RFC 2425
Tools that employ LDIF
The OpenLDAPOpenLDAP
OpenLDAP Software is a free, open source implementation of the Lightweight Directory Access Protocol developed by the OpenLDAP Project. It is released under its own BSD-style license called the OpenLDAP Public License. LDAP is a platform-independent protocol. Several common Linux distributions...
utilities include tools for exporting data from LDAP servers to LDIF content records (ldapsearch), importing data from LDIF content records to LDAP servers (ldapadd), and applying LDIF change records to LDAP servers (ldapmodify).
LDIF is one of the formats for importing and exporting address book data that the address books in Netscape Communicator
Netscape Communicator
Netscape Communicator was an Internet suite produced by Netscape Communications Corporation. Initially released in June 1997, Netscape Communicator 4.0 was the successor to Netscape Navigator 3.x and included more groupware features intended to appeal to enterprises.- Editions :Netscape...
and in the Mozilla Application Suite
Mozilla Application Suite
The Mozilla Application Suite is a cross-platform integrated Internet suite. Its development was initiated by Netscape Communications Corporation, before their acquisition by AOL. It is based on the source code of Netscape Communicator...
support. Yahoo! Mail does not encode certain characters properly when one exports their Yahoo! address book in LDIF format. For example, ampersand (&) is encoded as an HTML Extended Character (&) instead of the ampersand character. As a result, when the LDIF file is imported into Thunderbird, for example, a text phrase like "John & Jane Doe" comes out in one's address book as "John & Jane Doe". The only corrective means at the moment is manually editing the address book after an Import.
Microsoft Windows 2000 Server
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
and Windows Server 2003
Windows Server 2003
Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005...
include an LDIF based command line tool named LDIFDE for importing and exporting information in Active Directory
Active Directory
Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
.
JXplorer
JXplorer
JXplorer is a free, open source client for browsing Lightweight Directory Access Protocol servers and LDAP Data Interchange Format files. It is released under an Apache-equivalent license. JXplorer is written in Java and is platform independent, configurable, and has been translated into a...
is a cross platform open source java application that can browse and do basic editing of LDIF files.
LDIF fields
dn: distinguished nameThis refers to the name that uniquely identifies an entry in the directory.
dc: domain component
This refers to each component of the domain. For example www.google.com would be written as DC=www,DC=google,DC=com
ou: organizational unit
This refers to the organizational unit (or sometimes the user group) that the user is part of. If the user is part of more than one group, you may specify as such, e.g., OU= Lawyer,OU= Judge.
cn: common name
This refers to the individual object (person's name; meeting room; recipe name; job title; etc.) for whom/which you are querying.
Examples of LDIF
This is an example of a simple directory entry with several attributes, represented as a record in LDIF:dn: cn=The Postmaster,dc=example,dc=com
objectClass: organizationalRole
cn: The Postmaster
This is an example of an LDIF record that modifies multiple single-valued attributes for two different directory entries (this format is used by Microsoft's LDIFDE tool):
dn: CN=John Smith,OU=Legal,DC=example,DC=com
changetype: modify
replace:employeeID
employeeID: 1234
-
replace:employeeNumber
employeeNumber: 98722
-
replace: extensionAttribute6
extensionAttribute6: JSmith98
-
dn: CN=Jane Smith,OU=Accounting,DC=example,DC=com
changetype: modify
replace:employeeID
employeeID: 5678
-
replace:employeeNumber
employeeNumber: 76543
-
replace: extensionAttribute6
extensionAttribute6: JSmith14
-
Note: the "-" character between each attribute change is required. Also note that each directory entry ends with a "-" followed by a blank line. The final "-" is required.
This is an example of an LDIF file that adds a telephone number to an existing user:
dn: cn=Peter Michaels, ou=Artists, l=San Francisco, c=US
changetype: modify
add: telephonenumber
telephonenumber: +1 415 555 0002
An example of LDIF containing a control:
version: 1
dn: o=testing,dc=example,dc=com
control: 1.3.6.1.1.13.1 false cn
changetype: add
objectClass: top
objectClass: organization
o: testing
RFCs
- RFC 2849 — The LDAP Data Interchange Format (LDIF) - Technical Specification
- RFC 4510 — Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map
- RFC 4525 — LDAP Modify-Increment Extension