LDIF file format is little more than a sequence of attribute-value pairs for each directory entry, one attribute-value pair per line with the attribute and value separated by a colon and a space, (or two colons and a space for encoded values), and with a blank line separating entries. Special characters in column one of a line are used to indicate deletion or modification of entries or attributes, or continuation of a line, as shown in Table 37-2; note that the default, if no special character is present, is an "Add" operation.
|space||Continuation of previous line|
As of this writing, there is ongoing Internet standardization work to standardize LDIF format. The PMDF DIRSYNC/CONVERT LDIF=file-spec TRUELDIF=file-spec and PMDF DIRSYNC/CONVERT TRUELDIF=file-spec LDIF=file-spec (OpenVMS) and
22.214.171.124 Encoded Values
Values can either be represented as is, with no encoding, or values can
be BASE64 encoded (as for binary values such as image or audio data);
the presence of an encoded value is signalled by the use of two colons
followed by a space (rather than the normal one colon followed by a
space) as the separator between the attribute and its value.
In addition to outright binary data, any value beginning with a space, colon, or less-than character will be encoded, and any value containing characters in the ASCII range below the space character (below hexadecimal 20) or above the uppermost ASCII character (above hexadecimal 7E) will be encoded.
126.96.36.199 LDIF add Operations
The typical appearance of an LDIF file representing new entries to be
entry1-attribute1: entry1-value1 entry1-attribute2: entry1-value2 ... entry1-attributen: entry1-valuen entry2-attribute1: entry2-value1 entry2-attribute2: entry2-value2 ... entry2-attributem: entry2-valuem ...
entry1-attribute1: entry1-value1 entry1-attribute2: entry1-long-value2 continuation-of-entry1-long-value2 entry1-attribute3:: entry1-binary-value3 ... entry1-attributen: entry1-valuen entry2-attribute1: entry2-value1 entry2-attribute2: entry2-value2 ... entry2-attributem: entry2-valuem ...
Note that each directory entry typically comprises multiple attribute-value pairs.
188.8.131.52 LDIF delete Operations
There are three sorts of delete operations: deleting an entire entry,
deleting all occurrences of a particular sort of attribute in an entry,
or deleting the occurrence of an attribute with a particular value in
The deletion of an entire entry is specified by a delete of the DN (Distinguished Name) attribute for an entry, e.g.,
!DN: cn=John Smith, o=Widgets Inc., st=Somewhere, c=US
The deletion of all occurrences of a particular attribute within an entry is specified by a delete of that particular attribute within an entry (hence necessarily a modify entry), e.g.,
+DN: cn=Sue Smith, o=Widgets Inc., st=Somewhere, c=US !pager:
The deletion of a particular value of an attribute within an entry is specified by a delete of that particular attribute within an entry (hence necessarily a modify entry), e.g.,
+DN: cn=Adam Smith, o=Widgets Inc., st=Somewhere, c=US !phone: 123-4569
184.108.40.206 LDIF modify Operations
Any time an attribute must be added to or removed from an existing
entry, or when an attribute's value must be changed, the overall
operation on the entry will necessarily be a modify operation. Within
an entry being modified, modifies can be performed to change particular
attribute values. Section 220.127.116.11 above showed examples of cases of
modifying an entry by deleting attribute-value pairs from it. Another
example, where Adam Smith gets a new FAX number and changes his room
+DN: cn=Adam Smith, o=Widgets Inc., st=somewhere, c=US +room: 105 fax: 123-4446
roomattribute will have the single value 105, and the
faxattribute will have the value 123-4446 in addition to whatever value(s) it had before.
18.104.22.168 LDIF advisory Operations
Advisory or "maintain" operations are usually seen within
entries that are undergoing some modification; the attributes marked as
advisory are those attributes that are not being changed. For instance,
+DN: cn=Becky Brown, o=Widgets Inc., st=somewhere, c=US *room: 203 *phone: 123-1415 *pager: 123-5550 pager: 123-5551
Figure 37-3 shows another example of advisory attributes.
Figure 37-3 Advisory Attributes
22.214.171.124 LDIF Differencing Files
LDIF files from a DIRBOT differencing step have a special aspect to
their format.1 The special feature is that in an LDIF
difference file, that is, an LDIF file generated by the differencing
processing phase, the first attribute in an entry is the
"distinguishing" attribute. For instance, in the case of an
LDAP directory, this attribute would be the
1 Note that normally such files are handled entirely automatically by DIRBOT's, with no manual intervention; that is, there is normally no need to ever even look at, let alone modify, such files.