LDAP Data Interchange Format provides a mechanism for representing directory data in text format. LDIF data is typically used to initialize directory databases, but also may be used to move data between different directories that cannot replicate directly, or even as an alternative backup format. This chapter shows you how to import and export LDIF. This chapter also covers creating test data in LDIF format, and manipulating LDIF data with command-line tools. When you install OpenDJ, you have the option of importing sample data generated at installation time. This procedure demonstrates how to generate LDIF on the command line using the make-ldif. The make-ldif command uses templates to provide sample data. Default templates are located in the OpenDJ/config/MakeLDIF/ directory. The example.template file can be used to create a suffix with inetOrgPerson entries of the type you have the option to generate at installation time. Write a file to act as the template for your generated LDIF. The resulting test data template depends on what data you expect to encounter in production. Base your work on your knowledge of the production data, and on the sample template, OpenDJ/config/MakeLDIF/example.template, and associated data. Create additional data files for the content in your template to be selected randomly from a file, rather than generated by an expression. Additional data files are located in the same directory as your template file. Decide whether you want to generate the same test data each time you run the make-ldif command with your template. If so, pick an integer same random seed to provide each time you run the command. Before generating a very large LDIF file, make sure you have enough space on disk. Run the make-ldif command to generate your LDIF file. $ make-ldif --randomSeed 0 -t /path/to/my.template \ > -o generated.ldif Processed 1000 entries Processed 2000 entries ... Processed 10000 entries LDIF processing complete. 10003 entries written You can also use the OpenDJ Control Panel to import data (Directory Data > Import LDIF...). This procedure demonstrates how to import LDIF using the command line tool, import-ldif. You can import LDIF most quickly after shutting down OpenDJ directory server. Alternatively, if you do not want to shut the server down, you can schedule a task to import the data while the server is online. To speed up the operation for large data sets such as importing millions of entries, first shut down the server where you plan to import data. $ stop-ds Create a new JE backend for your data if you do not want to use an existing backend, such as userRoot, and set the base DN corresponding to your data. $ dsconfig create-backend --backend-name testData --type local-db >>>> Configuring the "base-dn" property Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. Syntax: DN Enter a value for the "base-dn" property: dc=example,dc=org Enter another value for the "base-dn" property [continue]: >>>> Configuring the "enabled" property Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. Select a value for the "enabled" property: 1) true 2) false ?) help q) quit Enter choice: 1 >>>> Configure the properties of the Local DB Backend Property Value(s) -------------------------------------- 1) backend-id testData 2) base-dn "dc=example,dc=org" 3) compact-encoding true 4) db-cache-percent 10 5) db-cache-size 0 b 6) db-directory db 7) enabled true 8) index-entry-limit 4000 9) writability-mode enabled ?) help f) finish - create the new Local DB Backend q) quit Enter choice [f]: The Local DB Backend was created successfully The following example imports dc=example,dc=org data into the existing userRoot JE backend, replacing any data already loaded. If you stopped the server, import the data directly. $ import-ldif -b dc=example,dc=org -n userRoot -l /path/to/generated.ldif If not, schedule a task to import the data while online. $ import-ldif -X -p 4444 -h `hostname` -D "cn=Directory Manager" -w password \ > -b dc=example,dc=org -n userRoot -l /path/to/generated.ldif Notice that the task is scheduled through communication over SSL on the administration port, by default 4444. You can schedule the import task to start at a particular time using the --start option. The -X option trusts all SSL certificates, such as a default self-signed certificate used for testing. You can also use the OpenDJ Control Panel to export data (Directory Data > Export LDIF...). This procedure demonstrates how to export LDIF using the command line tool, export-ldif. To speed up the operation for large data sets such as exporting millions of entries, first shut down the server. $ stop-ds The following example exports dc=example,dc=org data from the userRoot JE backend. If you stopped the server, export the data directly. $ export-ldif -b dc=example,dc=org -n userRoot -l /path/to/backup.ldif If not, schedule a task to export the data while online. $ export-ldif -X -p 4444 -h `hostname` -D "cn=Directory Manager" -w password \ > -b dc=example,dc=org -n userRoot -l /path/to/backup.ldif \ --start 20111221230000 The --start 20111221230000 option tells OpenDJ to start the export at 11 PM on December 21, 2012, assuming the world has not ended yet.

This section demonstrates the ldifsearch, ldifmodify, and ldif-diff tools.

The ldifsearch command lets you search LDIF files in a similar way to how you search LDAP directories with the ldapsearch command. $ ldifsearch -b dc=example,dc=org -l generated.ldif "(sn=Grenier)" mobile dn: uid=user.4630,ou=People,dc=example,dc=org mobile: +1 728 983 6669 The -l ldif-file option compares to the hostname and port options used to connect to an LDAP directory. Otherwise the command syntax and LDIF output is familiar to ldapsearch users.

The ldifmodify command lets you apply changes to LDIF files, generating a new, changed version of the original file. $ cat changes.ldif dn: uid=user.0,ou=People,dc=example,dc=org changetype: modify replace: description description: This is the new description for Aaccf Amar. - replace: initials initials: AAA $ ldifmodify -s generated.ldif -m changes.ldif -t new.ldif Notice that the resulting new LDIF file is likely to be about the same size as the source LDIF file.

The ldif-diff command reports differences between two LDIF files in LDIF format. $ ldif-diff -s old.ldif -t new.ldif dn: uid=user.0,ou=People,dc=example,dc=org changetype: modify add: initials initials: AAA - delete: initials initials: ASA - add: description description: This is the new description for Aaccf Amar. - delete: description description: This is the description for Aaccf Amar. The -o ldif-file option can be used to save the output to a file. As the ldif-diff command reads both files into memory, constructing tree maps to perform the comparison, the command is designed to work with small files and fragments. The command can quickly run out of memory when calculating differences between large files.