PMDF System Manager's Guide

37.7.1 LDIF File Format

LDIF file format is little more than a sequence of attribute-value pairs for each directory entry, one attribute-value pair per line with the attribute and value separated by a colon and a space, (or two colons and a space for encoded values), and with a blank line separating entries. Special characters in column one of a line are used to indicate deletion or modification of entries or attributes, or continuation of a line, as shown in Table 37-2; note that the default, if no special character is present, is an "Add" operation.

Table 37-2 LDIF File Operation Tags
Character Operation

! Delete

+ Modify

* Advisory

Add

space Continuation of previous line

Note that a space at the beginning of a line is used to indicate a continuation line.

**Table 37-2 LDIF File Operation Tags**
Character	Operation
`!`	Delete
`+`	Modify
`*`	Advisory
	Add
space	Continuation of previous line

Note

As of this writing, there is ongoing Internet standardization work to standardize LDIF format. The PMDF DIRSYNC/CONVERT LDIF=file-spec TRUELDIF=file-spec and PMDF DIRSYNC/CONVERT TRUELDIF=file-spec LDIF=file-spec (OpenVMS) and

pmdf dirsync -convert LDIF=file-spec 
TRUELDIF=file-spec

and

pmdf dirsync -convert 
TRUELDIF=file-spec LDIF=file-spec

(unix and NT) utilities are provided to convert between PMDF-DIRSYNC LDIF format and Internet LDIF format, in case an eventual Internet standard for LDIF format differs from the PMDF-DIRSYNC usage.

37.7.1.1 Encoded Values

Values can either be represented as is, with no encoding, or values can be BASE64 encoded (as for binary values such as image or audio data); the presence of an encoded value is signalled by the use of two colons followed by a space (rather than the normal one colon followed by a space) as the separator between the attribute and its value.

In addition to outright binary data, any value beginning with a space, colon, or less-than character will be encoded, and any value containing characters in the ASCII range below the space character (below hexadecimal 20) or above the uppermost ASCII character (above hexadecimal 7E) will be encoded.

37.7.1.2 LDIF add Operations

The typical appearance of an LDIF file representing new entries to be added is:

entry1-attribute1: entry1-value1 entry1-attribute2: entry1-value2 ... entry1-attributen: entry1-valuen entry2-attribute1: entry2-value1 entry2-attribute2: entry2-value2 ... entry2-attributem: entry2-valuem ...

Or perhaps

entry1-attribute1: entry1-value1 entry1-attribute2: entry1-long-value2 continuation-of-entry1-long-value2 entry1-attribute3:: entry1-binary-value3 ... entry1-attributen: entry1-valuen entry2-attribute1: entry2-value1 entry2-attribute2: entry2-value2 ... entry2-attributem: entry2-valuem ...

when including some binary values, or long values.

Note that each directory entry typically comprises multiple attribute-value pairs.

37.7.1.3 LDIF delete Operations

There are three sorts of delete operations: deleting an entire entry, deleting all occurrences of a particular sort of attribute in an entry, or deleting the occurrence of an attribute with a particular value in an entry.

The deletion of an entire entry is specified by a delete of the DN (Distinguished Name) attribute for an entry, e.g.,

!DN: cn=John Smith, o=Widgets Inc., st=Somewhere, c=US

Note that this appears as a single line in an LDIF file, separated with blank lines from any other entries in the LDIF file.

The deletion of all occurrences of a particular attribute within an entry is specified by a delete of that particular attribute within an entry (hence necessarily a modify entry), e.g.,

+DN: cn=Sue Smith, o=Widgets Inc., st=Somewhere, c=US !pager:

corresponds to deleting all pager attribute-value pairs for the entry with distinguished name cn=Sue Smith, o=Widgets Inc., st=Somewhere, c=US.

The deletion of a particular value of an attribute within an entry is specified by a delete of that particular attribute within an entry (hence necessarily a modify entry), e.g.,

+DN: cn=Adam Smith, o=Widgets Inc., st=Somewhere, c=US !phone: 123-4569

37.7.1.4 LDIF modify Operations

Any time an attribute must be added to or removed from an existing entry, or when an attribute's value must be changed, the overall operation on the entry will necessarily be a modify operation. Within an entry being modified, modifies can be performed to change particular attribute values. Section 37.7.1.3 above showed examples of cases of modifying an entry by deleting attribute-value pairs from it. Another example, where Adam Smith gets a new FAX number and changes his room number, is:

+DN: cn=Adam Smith, o=Widgets Inc., st=somewhere, c=US +room: 105 fax: 123-4446

After this modification, the room attribute will have the single value 105, and the fax attribute will have the value 123-4446 in addition to whatever value(s) it had before.

37.7.1.5 LDIF advisory Operations

Advisory or "maintain" operations are usually seen within entries that are undergoing some modification; the attributes marked as advisory are those attributes that are not being changed. For instance, an entry

+DN: cn=Becky Brown, o=Widgets Inc., st=somewhere, c=US *room: 203 *phone: 123-1415 *pager: 123-5550 pager: 123-5551

indicates that Becky Brown is keeping the same room and phone numbers, and retaining here old 123-5550 pager number, as well as being given an additional new pager number, 123-5551.

Figure 37-3 shows another example of advisory attributes.

Figure 37-3 Advisory Attributes

37.7.1.6 LDIF Differencing Files

LDIF files from a DIRBOT differencing step have a special aspect to their format.¹ The special feature is that in an LDIF difference file, that is, an LDIF file generated by the differencing processing phase, the first attribute in an entry is the "distinguishing" attribute. For instance, in the case of an LDAP directory, this attribute would be the dn ---the distinguished name.