📁

LDIF File Usage in LDAP

Jun 20, 2025

Overview

This lecture explains how to use LDIF files to add, modify, delete, and move entries in an OpenLDAP directory system, including command-line tools and file syntax.

LDIF File Format

  • LDIF (LDAP Data Interchange Format) is a text format for representing LDAP data and directory commands.
  • Each line follows a "key: value" structure, with a required space after the colon.
  • Multi-line attribute values must have continuation lines beginning with a space.
  • Comments begin with "#" and occupy their own lines.

Adding Entries

  • To add entries, list DN and all attributes beneath it, separated by blank lines between entries.
  • Example: dn: ou=People,dc=example,dc=com objectClass: organizationalUnit ou: People
  • To combine adds with mods, use changetype: add after the DN.
  • Multiple entries can be added in a single LDIF file.

Processing Additions

  • Use ldapadd or ldapmodify -a for simple adds, and ldapmodify for files with changetype: add.
  • Syntax example:
    ldapadd -x -D "cn=admin,dc=example,dc=com" -w password -H ldap:// -f filename.ldif

Deleting Entries

  • To delete, specify DN and changetype: delete.
  • Use ldapmodify to process deletion LDIF files.

Modifying Entry Attributes

  • Use changetype: modify with one or more of the following:
    • add: attr to add attribute values
    • replace: attr to overwrite all current values
    • delete: attr to remove all or specified attribute values
  • Multiple attribute changes can be applied to an entry, separated by a line containing just "-".

Renaming and Moving Entries

  • Use changetype: modrdn to rename or move entries.
  • newrdn: gives the new RDN, and deleteoldrdn: specifies if the old RDN attribute should be kept (0) or removed (1).
  • newsuperior: moves the entry to a new parent DN.

Adding Binary Data

  • Binary attributes (e.g., jpegPhoto, audio) use < after the colon and provide a file path.
  • Example:
    jpegPhoto:< file:///tmp/photo.jpg
  • Use ldapsearch -t to extract binary data from the directory.

Key Terms & Definitions

  • LDAP — protocol for accessing and managing directory services.
  • OpenLDAP — open-source implementation of LDAP directory services.
  • LDIF — text format for LDAP data and directory changes.
  • DIT — Directory Information Tree, hierarchical LDAP data structure.
  • DN — Distinguished Name, uniquely identifies an LDAP entry.
  • RDN — Relative Distinguished Name, identifies an entry within its parent.
  • changetype — LDIF directive for specifying add, modify, delete, or modrdn operations.

Action Items / Next Steps

  • Practice writing LDIF files for adding, modifying, and deleting LDAP entries.
  • Review ldapadd and ldapmodify command syntax.
  • Experiment with moving and renaming entries using changetype: modrdn.
  • Try adding binary data to LDAP and retrieving it with ldapsearch -t.

View note sourcehttps://www.digitalocean.com/community/tutorials/how-to-use-ldif-files-to-make-changes-to-an-openldap-system