| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Directory Server Enterprise Edition Reference 11 g Release 1 (11.1.1.5.0) |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Directory Server Enterprise Edition Reference 11 g Release 1 (11.1.1.5.0) |
1. Directory Server Enterprise Edition File Reference
Software Layout for Directory Server Enterprise Edition
Directory Server Instance Default Layout
Directory Proxy Server Instance Default Layout
Part I Directory Server Reference
4. Directory Server LDIF and Search Filters
Representing Binary Data by Using Standard LDIF Notation
Representing Binary Data by Using the ldapmodify -b Command
Representing Binary Data by Using Base 64 Encoding
Organizational Unit Entries in LDIF
Organizational Person Entries in LDIF
Guidelines for Defining Directories by Using LDIF
Storing Information in Multiple Languages
Searching the Directory With ldapsearch
ldapsearch Command-Line Format
Specifying Search Filters on the Command Line
Displaying Subsets of Attributes
Searching Multi-Valued Attributes
Using Client Authentication When Searching
Using Attributes in Search Filters
Using Operators in Search Filters
Specifying Search Filters Using a File
Specifying Non 7-Bit ASCII Characters in Search Filters
Searching for Operational Attributes
6. Directory Server Monitoring
7. Directory Server Replication
8. Directory Server Data Caching
11. Directory Server Groups and Roles
12. Directory Server Class of Service
14. Directory Server Internationalization Support
Part II Directory Proxy Server Reference
15. Directory Proxy Server Overview
16. Directory Proxy Server Load Balancing and Client Affinity
17. Directory Proxy Server Distribution
18. Directory Proxy Server Virtualization
19. Connections Between Directory Proxy Server and Backend LDAP Servers
20. Connections Between Clients and Directory Proxy Server
21. Directory Proxy Server Client Authentication
22. Security in Directory Proxy Server
23. Directory Proxy Server Logging
All directory data is stored using the UTF-8 encoding of Unicode. Therefore, any LDIF input you provide must also be UTF-8 encoded. The LDIF format is described in detail in “LDAP Data Interchange Format Reference” in the Oracle Directory Server Enterprise Edition Reference.
Consider the following points when you provide LDIF input:
An object is a blank line followed by a line that starts with dn:. This line is the distinguished name of the object. All other lines are the object’s attributes.
Comments start with # (and end with the EOL.)
Lines starting with a single space continue the previous line.
Binary values are base-64 encoded, and represented with a double colon (::) after the attribute name.
Carriage return and line feed add unsafe characters in an LDIF entry.
Do not unintentionally leave trailing spaces at the end of an attribute value when you change the attribute value by using the ldapmodify command. For example, jensen with a trailing space is different from jensen without any trailing space.
The ldapmodify and ldapdelete utilities read the LDIF statements that you enter after the command in exactly the same way as if they were read from a file. When you finish providing input, enter the character that your shell recognizes as the end of file (EOF) escape sequence.
Typically, the EOF escape sequence is Control-D (^D).
The following example shows how to terminate input to the ldapmodify command:
prompt\> ldapmodify -h host -p port -D cn=admin,cn=Administrators,cn=config -w - dn: cn=Barry Nixon,ou=People,dc=example,dc=com changetype: modify delete: telephonenumber ^D prompt\>
For simplicity and portability, examples in this document do not show prompts or EOF sequences.
When entering command options on the command line, you may need to escape characters that have special meaning to the command-line interpreter, such as space ( ), asterisk (*), backslash (\\), and so forth. For example, many DNs contain spaces, and you must enclose the value in double quotation marks ("") for most UNIX shells:
Depending on your command-line interpreter, you should use either single or double quotation marks for this purpose. Refer to your operating system documentation for more information.
Note that LDIF statements after the ldapmodify command are being interpreted by the command, not by the shell, and therefore do not need special consideration.
Attribute OIDs are by default not supported in attribute names. This was not the case in some previous versions of Directory Server. If you used attribute OIDs as attribute names in a previous version of Directory Server, you must set the attribute nsslapd-attribute-name-exceptions to on for the attribute OIDs to be accepted.
When adding or modifying an entry, the attributes you use must be required or allowed by the object classes in your entry, and your attributes must contain values that match their defined syntax.
When modifying an entry, Directory Server performs schema checking on the entire entry, not only the attributes being modified. Therefore, the operation may fail if any object class or attribute in the entry does not conform to the schema.
In any sequence of LDIF text for adding entries, either on the command line or in a file, parent entries must be listed before their children. This way, when the server process the LDIF text, it will create the parent entries before the children entries.
For example, if you want to create entries in a People subtree that does not exist in your directory, then list an entry representing the People container before the entries within the subtree:
dn: dc=example,dc=com dn: ou=People,dc=example,dc=com ... People subtree entries... dn: ou=Group,dc=example,dc=com ... Group subtree entries...
You can use the ldapmodify command-line utility to create any entry in the directory, however, the root of a suffix or subsuffix is a special entry that must be associated with the necessary configuration entries.
Before adding or modifying entries with very large attribute values, you may need to configure the server to accept them. To protect against overloading the server, clients are limited to sending data no larger than 2 MB by default.
If you add an entry larger than this, or modify an attribute to a value which is larger, the server will refuse to perform the operation and immediately close the connection. For example, binary data such as multimedia contents in one or more attributes of an entry may exceed this limit.
Also, the entry defining a large static group may contain so many members that their representation exceeds the limit. However, such groups are not recommended for performance reasons, and you should consider redesigning your directory structure.
The command-line tools process all entries or modifications in the LDIF input sequentially. The default behavior is to stop processing when the first error occurs. Use the -c option to continue processing all input regardless of any errors. You will see the error condition in the output of the tool.
In addition to the considerations listed above, common errors are:
Not having the appropriate access permission for the operation.
Adding an entry with a DN that already exists in the directory.
Adding an entry below a parent that does not exist.
|