Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Reference 11 g Release 1 (11.1.1.5.0) |
1. Directory Server Enterprise Edition File Reference
Software Layout for Directory Server Enterprise Edition
Directory Server Instance Default Layout
Directory Proxy Server Instance Default Layout
Part I Directory Server Reference
4. Directory Server LDIF and Search Filters
Representing Binary Data by Using Standard LDIF Notation
Organizational Unit Entries in LDIF
Organizational Person Entries in LDIF
Guidelines for Defining Directories by Using LDIF
Storing Information in Multiple Languages
Guidelines for Providing LDIF Input
Terminating LDIF Input on the Command Line
Searching the Directory With ldapsearch
ldapsearch Command-Line Format
Specifying Search Filters on the Command Line
Displaying Subsets of Attributes
Searching Multi-Valued Attributes
Using Client Authentication When Searching
Using Attributes in Search Filters
Using Operators in Search Filters
Specifying Search Filters Using a File
Specifying Non 7-Bit ASCII Characters in Search Filters
Searching for Operational Attributes
6. Directory Server Monitoring
7. Directory Server Replication
8. Directory Server Data Caching
11. Directory Server Groups and Roles
12. Directory Server Class of Service
14. Directory Server Internationalization Support
Part II Directory Proxy Server Reference
15. Directory Proxy Server Overview
16. Directory Proxy Server Load Balancing and Client Affinity
17. Directory Proxy Server Distribution
18. Directory Proxy Server Virtualization
19. Connections Between Directory Proxy Server and Backend LDAP Servers
20. Connections Between Clients and Directory Proxy Server
21. Directory Proxy Server Client Authentication
22. Security in Directory Proxy Server
23. Directory Proxy Server Logging
LDIF files consist of one or more directory entries separated by a blank line. Each LDIF entry consists of the following parts:
Entry ID (optional)
Distinguished name (required)
One or more object classes
Multiple attribute definitions
The LDIF format is defined in RFC 2849.
The following example shows a basic directory entry in LDIF.
Example 4-1 A Directory Entry in LDIF
dn: distinguished_name objectClass: object_class objectClass: object_class ... attribute_type[;subtype]: attribute_value attribute_type[;subtype]: attribute_value ...
All other attributes and object classes are optional. Object classes and attributes can be specified in any order. The space after the colon is optional.
The following table describes the fields in a LDIF file.
Table 4-1 LDIF Fields
|
The LDIF syntax for representing a change to an entry in the directory is different from the syntax described above.
When you specify LDIF, you can break and continue a line or fold a line by indenting the continued portion of the line by one space. For example, the following two statements are identical:
dn: cn=Babs Jensen,dc=example,dc=com dn: cn=Babs J ensen,dc=exam ple,dc=com
You are not required to break and continue LDIF lines. However, doing so can improve the readability of an LDIF file.
You can represent binary data in LDIF by using one of the following methods:
Standard LDIF notation, the lesser than, <, symbol
Command-line utility, ldapmodify with the -b option
Base 64 encoding
The following example gives the standard LDIF notation of binary data:
jpegphoto:< file:/path/to/photo
In the example, the path is relative to the client, not to the server. To use standard notation, you do not need to specify the ldapmodify -b parameter. However, you must add the following line to the beginning of your LDIF file or to your LDIF update statements:
version:1
For example, you could use the ldapmodify command, as follows:
$ ldapmodify -D userDN -w passwd version: 1 dn: cn=Barbara Jensen,ou=People,dc=example,dc=com changetype: modify add: userCertificate userCertificate;binary:< file:BabsCert
For backward compatibility with earlier versions of Directory Server, binary data can be represented by using the ldapmodify -b command. However, when possible, use the standard LDIF notation to represent binary data.
Directory Server accepts the ldapmodify command with the -b parameter and the following LDIF notation:
jpegphoto: /path/to/photo
This notation indicates that the ldapmodify command should read the referenced file for binary values if the attribute value begins with a slash.
Base 64 encoded data is represented by the :: symbol, as shown in this example:
jpegPhoto:: encoded_data
In addition to binary data, the following values must be base 64 encoded:
Any value that begins with a semicolon, ;, or a space
Any value that contains non ASCII data, including new lines
Use the ldif command with the -b parameter to convert binary data to LDIF format, as follows.
$ ldif -b attributeName
For more information about how to use the ldif command, see the ldif(1) man page.
In the above example, attributeName is the name of the attribute to which you are supplying the binary data. The binary data is read from standard input and the results are written to standard output. Use redirection operators to select input and output files.
The command takes any input and formats it with the correct line continuation and appropriate attribute information. The command also assesses whether the input requires base–64 encoding. The following example takes a binary file containing a JPEG image and converts it into LDIF format for the attribute named jpegPhoto. The output is saved to out.ldif:
$ ldif -b jpegPhoto < aphoto.jpg > out.ldif
The -b option specifies that the utility should interpret the entire input as a single binary value. If the -b option is not present, each line is considered as a separate input value.
You can edit the output file to add the LDIF statements required to create or modify the directory entry that will contain the binary value. For example, you can open the file out.ldif in a text editor and add the following lines at the top of the file.
dn: cn=Barbara Jensen,ou=People,dc=example,dc=com changetype: modify add: jpegPhoto jpegPhoto:: encoded_data
In this example, encoded_data represents the contents of the out.ldif file produced by the command.