Importing & Exporting LDIF Data

Importing & Exporting LDIF Data Provisioning Importing data Restoring From LDIF Exporting data Backup LDIF Import LDIF Export LDAP Data Interchange Format provides a mechanism for representing directory data in text format. LDIF data is typically used to initialize directory databases, but also may be used to move data between different directories that cannot replicate directly, or even as an alternative backup format. This chapter shows you how to import and export LDIF. This chapter also covers creating test data in LDIF format, and manipulating LDIF data with command-line tools.

Generating Test Data When you install OpenDJ, you have the option of importing sample data generated during the installation. This procedure demonstrates how to generate LDIF using the make-ldif command. To Generate Test LDIF Data Importing data Test data The make-ldif command uses templates to provide sample data. Default templates are located in the OpenDJ/config/MakeLDIF/ directory. The example.template file can be used to create a suffix with entries of the type inetOrgPerson. You can do the equivalent in OpenDJ Control Panel (Directory Data > New Base DN... > Import Automatically Generated Example Data). Write a file to act as the template for your generated LDIF. The resulting test data template depends on what data you expect to encounter in production. Base your work on your knowledge of the production data, and on the sample template, OpenDJ/config/MakeLDIF/example.template, and associated data. See make-ldif.template for reference information about template files. Create additional data files for the content in your template to be selected randomly from a file, rather than generated by an expression. Additional data files are located in the same directory as your template file. Decide whether you want to generate the same test data each time you run the make-ldif command with your template. If so, provide the same randomSeed integer each time you run the command. Before generating a very large LDIF file, make sure you have enough space on disk. Run the make-ldif command to generate your LDIF file. $ make-ldif --randomSeed 0 --templateFile /path/to/my.template --ldifFile /path/to/generated.ldif Processed 1000 entries Processed 2000 entries ... Processed 10000 entries LDIF processing complete. 10003 entries written

Importing & Exporting Data You can use the OpenDJ Control Panel to import data (Directory Data > Import LDIF...) and to export data (Directory Data > Export LDIF...). The following procedures demonstrate how to use the import-ldif and export-ldif commands. To Import LDIF Data The most efficient method of importing LDIF data is to take the OpenDJ server offline. Alternatively, you can schedule a task to import the data while the server is online. If you do not want to use the default userRoot backend, create a new JE backend for your data. See for details. The following example imports dc=example,dc=org data into the userRoot backend, overwriting existing data. If you want to speed up the process—for example because you have millions of directory entries to import—first shut down the server, and then run the import-ldif command. $ stop-ds $ import-ldif --offline --includeBranch dc=example,dc=org --backendID userRoot --ldifFile /path/to/generated.ldif If not, schedule a task to import the data while online. $ import-ldif --port 4444 --hostname opendj.example.com --bindDN "cn=Directory Manager" --bindPassword password --includeBranch dc=example,dc=org --backendID userRoot --ldifFile /path/to/generated.ldif --trustAll Notice that the task is scheduled through communication over SSL on the administration port, by default 4444. You can schedule the import task to start at a particular time using the option. The option trusts all SSL certificates, such as a default self-signed certificate used for testing. To Export LDIF Data The following example exports dc=example,dc=org data from the userRoot backend. If you want to speed up export, first shut down the server, and then export data using the export-ldif command. $ stop-ds $ export-ldif --offline --includeBranch dc=example,dc=org --backendID userRoot --ldifFile /path/to/backup.ldif If not, schedule a task to export the data while online. $ export-ldif --port 4444 --hostname opendj.example.com --bindDN "cn=Directory Manager" --bindPassword password --includeBranch dc=example,dc=org --backendID userRoot --ldifFile /path/to/backup.ldif --start 20111221230000 --trustAll The option tells OpenDJ to start the export at 11 PM on December 21, 2012. If OpenDJ is stopped at this time, then when you start OpenDJ again, the server attempts to perform the task after starting up.

Other Tools For Working With LDIF Data LDIF Tools This section demonstrates the ldifsearch, ldifmodify, and ldif-diff tools.

Searching in LDIF With <command>ldifsearch</command> The ldifsearch command lets you search LDIF files in a similar way to how you search LDAP directories with the ldapsearch command. $ ldifsearch --baseDN dc=example,dc=org --ldifFile generated.ldif "(sn=Grenier)" mobile dn: uid=user.4630,ou=People,dc=example,dc=org mobile: +1 728 983 6669 The option replaces the and options used to connect to an LDAP directory. Otherwise the command syntax and LDIF output is familiar to ldapsearch users.

Updating LDIF With <command>ldifmodify</command> The ldifmodify command lets you apply changes to LDIF files, generating a new, changed version of the original file. $ cat changes.ldif dn: uid=user.0,ou=People,dc=example,dc=org changetype: modify replace: description description: This is the new description for Aaccf Amar. - replace: initials initials: AAA $ ldifmodify --sourceLDIF generated.ldif --changesLDIF changes.ldif --targetLDIF new.ldif Notice that the resulting new LDIF file is likely to be about the same size as the source LDIF file.

Comparing LDIF With <command>ldif-diff</command> The ldif-diff command reports differences between two LDIF files in LDIF format. $ ldif-diff --sourceLDIF old.ldif --targetLDIF new.ldif dn: uid=user.0,ou=People,dc=example,dc=org changetype: modify add: initials initials: AAA - delete: initials initials: ASA - add: description description: This is the new description for Aaccf Amar. - delete: description description: This is the description for Aaccf Amar. As the ldif-diff command reads both files into memory, constructing tree maps to perform the comparison, the command is designed to work with small files and fragments. The command can quickly run out of memory when calculating differences between large files.

Creating a New Database Backend Database backend Creating OpenDJ stores your data in a backend. OpenDJ stores directory data in backends. Backends are what you backup and restore. By default, OpenDJ stores your data in a backend named userRoot. You can create new backends using the dsconfig command. The following example creates a local backend named testData. $ dsconfig create-backend --backend-name testData --type local-db >>>> Configuring the "base-dn" property Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. Syntax: DN Enter a value for the "base-dn" property: dc=example,dc=org Enter another value for the "base-dn" property [continue]: >>>> Configuring the "enabled" property Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. Select a value for the "enabled" property: 1) true 2) false ?) help q) quit Enter choice: 1 >>>> Configure the properties of the Local DB Backend Property Value(s) -------------------------------------- 1) backend-id testData 2) base-dn "dc=example,dc=org" 3) compact-encoding true 4) db-cache-percent 10 5) db-cache-size 0 b 6) db-directory db 7) enabled true 8) index-entry-limit 4000 9) writability-mode enabled ?) help f) finish - create the new Local DB Backend q) quit Enter choice [f]: The Local DB Backend was created successfully Alternatively, you can create a new backend in OpenDJ Control Panel (Directory Data > New Base DN... > Backend > New Backend: backend-name).

Deleting a Database Backend Database backend Deleting You delete a database backend by using the dsconfig delete-backend command. When you delete a database backend by using the dsconfig delete-backend command, OpenDJ does not actually remove the database files for two reasons. First, a mistake could potentially cause lots of data to be lost. Second, deleting a large database backend could cause severe service degradation due to a sudden increase in I/O load. Instead, after you run the dsconfig delete-backend command you must also manually remove the database backend files. If you do run the dsconfig delete-backend command by mistake and have not yet deleted the actual files, then you can recover from the mistake by creating the backend again, reconfiguring the indexes that were removed, and rebuilding the indexes as described in the section on Configuring & Rebuilding Indexes.