Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition

Importing Data From an LDIF File

You can import data to a Directory Server suffix in the following ways:

Note –

The offline import (dsadm import) does not remove the changelog as the changelog data may still be in the suffix. At server start, replication decides if the changelog needs to be kept or not. Online import (dsconf import) decides straight away if changelog needs to be recreated or not.

The following table shows the differences between initializing a suffix and adding, modifying, and deleting entries in bulk.

Table 2–1 Comparison of Initializing a Suffix and Importing Data in Bulk

Domain of Comparison 

Initializing Suffixes 

Adding, Modifying, and Deleting Entries in Bulk 


Overwrites content 

Does not overwrite content 

LDAP operations 


Add, modify, delete 




Response to server failure 

Atomic (all changes are lost after a failure) 

Best effort (all changes made up to the point of the failure remain) 

LDIF file location 

Accessible from server 

On client machine 


If server is local and stopped: 

dsadm import

If server is remote and running: 

dsconf import

ldapmodify -B

Note –

Bulk import using the ldapmodify -B command erases the existing entries under the target suffix.

Initializing a Suffix

Initializing a suffix overwrites the existing data in a suffix with the contents of an LDIF file that contains only entries for addition.

You must be authenticated as the Directory Manager or an Administrator to initialize a suffix.

When the server is running, only the Directory Manager and Administrators can import an LDIF file that contains a root entry. For security reasons, only these users have access to the root entry of a suffix, for example, dc=example,dc=com.

Before restoring suffixes involved in replication agreements, read Restoring Replicated Suffixes.

ProcedureTo Initialize a Suffix

Note –

All LDIF files that you import must use UTF-8 character-set encoding.

When initializing a suffix, the LDIF file must contain the root entry and all directory tree nodes of the corresponding suffix.

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Use one of the following commands to initialize the suffix from an LDIF file, that is, import the contents of a database to an LDIF file.

    Caution – Caution –

    These commands overwrite the data in your suffix.

    • If your server is local and stopped, type:

      $ dsadm import instance-path LDIF-file suffix-DN

      The following example uses the dsadm import command to import two LDIF files into a single suffix:

      $ dsadm import /local/dsInst /local/file/example/demo1.ldif \
       /local/file/example/demo2.ldif dc=example,dc=com
    • If your server is running (local or remote), type:

      $ dsconf import -h host -p port LDIF-file suffix-DN

      The following example imports an LDIF file using dsconf import. You do not need root privileges to run the command, but you must authenticate as a user with root permissions, such as the Directory Manager.

      $ dsconf import -h host1 -p 1389 /local/file/example/demo1.ldif \

      Note –

      When using the dsconf command, the dse.ldif file must be available to the host running the server.

    For more information, see the dsadm(1M) and dsconf(1M)man pages.

Procedure To Load Sample Data in Directory Server Instance

Examples that use command-line tools depend on sample data residing under the dc=example,dc=com suffix of your directory.

You can set up part of the data that is required by creating a dc=example,dc=com suffix. You can then populate the suffix with entries from the install-path/dsee7/resources/ldif/Example.ldif file.

  1. Create a new Directory Server instance and start the instance.

    $ dsadm create -p port -P SSL-port instance-path
    $ dsadm start instance-path
  2. Read the Example.ldif file to find bind passwords needed in the examples.

  3. Create suffix and load the Example.ldif content into the directory by using the following commands:

    $ dsconf create-suffix -h localhost -p 1389 dc=example,dc=com
    $ dsconf import -h localhost -p 1389 \
    install-path/dsee7/resources/ldif/Example.ldif dc=example,dc=com

    For more information, see To Create a Directory Server Instance.

  4. Generate test data for examples by using the makeldif(1) command, as shown in the next step, and the following template:

    define suffix=dc=example,dc=com
    branch: ou=test,[suffix]
    subordinateTemplate: person:100
    template: person
    rdnAttr: uid
    objectclass: top
    objectclass: person
    objectclass: organizationalPerson
    objectclass: inetOrgPerson
    givenName: <first>
    sn: <last>
    cn: {givenName} {sn}
    initials: {givenName:1}{sn:1}
    employeeNumber: <sequential>
    uid: test{employeeNumber}
    mail: {uid}@[maildomain]
    userPassword: auth{employeeNumber}{employeeNumber}
    telephoneNumber: <random>
    description: This is the description for {cn}.
  5. Create a test.template file and copy the template content, as shown above, into it. Use commands such as the following to generate the data in test.ldif and to load the content into the directory.

    Note –

    The test.template file must be created in the install-path/dsee7/dsrk/bin/example_files directory.

    $ cd install-path/dsee7/dsrk/bin/example_files
    $ ../makeldif -t test.template -o test.ldif
    Processing complete.
    101 total entries written.
    $ ../ldapmodify -a -c -D uid=hmiller,dc=example,dc=com -w - -f test.ldif
    Enter bind password:

    If you read Example.ldif, you see that the password for hmiller is hillock.

    Note –

    This step is specific to the zip installation because the makeldif command is available only in the zip distribution.

Adding, Modifying, and Deleting Entries in Bulk

When you perform an ldapmodify operation, you are able to add, modify, or delete entries in bulk. Entries are specified in an LDIF file that contains update statements to modify or delete existing entries. This operation does not erase entries that already exist.

The changed entries may target any suffix that is managed by your Directory Server. As with any other operation that adds entries, the server will index all new entries as they are imported.

The ldapmodify command will import an LDIF file through LDAP and perform all operations that the file contains. Using this command you can modify data in all directory suffixes at the same time.

Before restoring suffixes involved in replication agreements, see Restoring Replicated Suffixes.

ProcedureTo Add, Modify and Delete Entries in Bulk

Note –

All LDIF files that you import must use UTF-8 character-set encoding.

When importing an LDIF file, parent entries must either exist in the directory or be added first from the file.

  1. Add, modify, or delete from an LDIF file in bulk.

    $ ldapmodify -D cn=admin,cn=Administrators,cn=config -w - -B baseDN -f LDIF-file

    The following example performs an import using the ldapmodify command. You do not need root privileges to run this command, but you must authenticate as a user with root permissions, such as cn=Directory Manager or cn=admin,cn=Administrators,cn=config. The last parameter specifies the name of the LDIF file to import.

    $ ldapmodify -D cn=admin,cn=Administrators,cn=config -w - \
     -B dc=example,dc=com -f /local/dsInst/ldif/demo.ldif