You can import data to a Directory Server suffix in the following ways:
Initialize a suffix from an LDIF file. This operation deletes the current data in the suffix and replaces it with the contents of the LDIF file.
Use an LDIF file to perform bulk ldapadd, ldapmodify, or ldapdelete operations. This allows you to add, modify, and delete entries in bulk in any suffix of the directory.
The offline import (dsadm import) does not remove the changelog as the changelog data may still be in the suffix. At server start, replication decides if the changelog needs to be kept or not. Online import (dsconf import) decides straight away if changelog needs to be recreated or not.
The following table shows the differences between initializing a suffix and adding, modifying, and deleting entries in bulk.
Table 2–1 Comparison of Initializing a Suffix and Importing Data in Bulk
Domain of Comparison |
Initializing Suffixes |
Adding, Modifying, and Deleting Entries in Bulk |
---|---|---|
Content |
Overwrites content |
Does not overwrite content |
LDAP operations |
N/A |
Add, modify, delete |
Performance |
Fast |
Slower |
Response to server failure |
Atomic (all changes are lost after a failure) |
Best effort (all changes made up to the point of the failure remain) |
LDIF file location |
Accessible from server |
On client machine |
Commands |
If server is local and stopped: dsadm import If server is remote and running: dsconf import |
ldapmodify -B Note – Bulk import using the ldapmodify -B command erases the existing entries under the target suffix. |
Initializing a suffix overwrites the existing data in a suffix with the contents of an LDIF file that contains only entries for addition.
You must be authenticated as the Directory Manager or an Administrator to initialize a suffix.
When the server is running, only the Directory Manager and Administrators can import an LDIF file that contains a root entry. For security reasons, only these users have access to the root entry of a suffix, for example, dc=example,dc=com.
Before restoring suffixes involved in replication agreements, read Restoring Replicated Suffixes.
All LDIF files that you import must use UTF-8 character-set encoding.
When initializing a suffix, the LDIF file must contain the root entry and all directory tree nodes of the corresponding suffix.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Use one of the following commands to initialize the suffix from an LDIF file, that is, import the contents of a database to an LDIF file.
These commands overwrite the data in your suffix.
If your server is local and stopped, type:
$ dsadm import instance-path LDIF-file suffix-DN |
The following example uses the dsadm import command to import two LDIF files into a single suffix:
$ dsadm import /local/dsInst /local/file/example/demo1.ldif \ /local/file/example/demo2.ldif dc=example,dc=com |
If your server is running (local or remote), type:
$ dsconf import -h host -p port LDIF-file suffix-DN |
The following example imports an LDIF file using dsconf import. You do not need root privileges to run the command, but you must authenticate as a user with root permissions, such as the Directory Manager.
$ dsconf import -h host1 -p 1389 /local/file/example/demo1.ldif \ ou=People,dc=example,dc=com |
When using the dsconf command, the dse.ldif file must be available to the host running the server.
For more information, see the dsadm(1M) and dsconf(1M)man pages.
Examples that use command-line tools depend on sample data residing under the dc=example,dc=com suffix of your directory.
You can set up part of the data that is required by creating a dc=example,dc=com suffix. You can then populate the suffix with entries from the install-path/dsee7/resources/ldif/Example.ldif file.
Create a new Directory Server instance and start the instance.
$ dsadm create -p port -P SSL-port instance-path $ dsadm start instance-path |
Read the Example.ldif file to find bind passwords needed in the examples.
Create suffix and load the Example.ldif content into the directory by using the following commands:
$ dsconf create-suffix -h localhost -p 1389 dc=example,dc=com $ dsconf import -h localhost -p 1389 \ install-path/dsee7/resources/ldif/Example.ldif dc=example,dc=com |
For more information, see To Create a Directory Server Instance.
Generate test data for examples by using the makeldif(1) command, as shown in the next step, and the following template:
define suffix=dc=example,dc=com define maildomain=example.com branch: ou=test,[suffix] subordinateTemplate: person:100 template: person rdnAttr: uid objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson givenName: <first> sn: <last> cn: {givenName} {sn} initials: {givenName:1}{sn:1} employeeNumber: <sequential> uid: test{employeeNumber} mail: {uid}@[maildomain] userPassword: auth{employeeNumber}{employeeNumber} telephoneNumber: <random> description: This is the description for {cn}.
Create a test.template file and copy the template content, as shown above, into it. Use commands such as the following to generate the data in test.ldif and to load the content into the directory.
The test.template file must be created in the install-path/dsee7/dsrk/bin/example_files directory.
$ cd install-path/dsee7/dsrk/bin/example_files $ ../makeldif -t test.template -o test.ldif Processing complete. 101 total entries written. $ ../ldapmodify -a -c -D uid=hmiller,dc=example,dc=com -w - -f test.ldif Enter bind password: … |
If you read Example.ldif, you see that the password for hmiller is hillock.
This step is specific to the zip installation because the makeldif command is available only in the zip distribution.
When you perform an ldapmodify operation, you are able to add, modify, or delete entries in bulk. Entries are specified in an LDIF file that contains update statements to modify or delete existing entries. This operation does not erase entries that already exist.
The changed entries may target any suffix that is managed by your Directory Server. As with any other operation that adds entries, the server will index all new entries as they are imported.
The ldapmodify command will import an LDIF file through LDAP and perform all operations that the file contains. Using this command you can modify data in all directory suffixes at the same time.
Before restoring suffixes involved in replication agreements, see Restoring Replicated Suffixes.
All LDIF files that you import must use UTF-8 character-set encoding.
When importing an LDIF file, parent entries must either exist in the directory or be added first from the file.
Add, modify, or delete from an LDIF file in bulk.
$ ldapmodify -D cn=admin,cn=Administrators,cn=config -w - -B baseDN -f LDIF-file |
The following example performs an import using the ldapmodify command. You do not need root privileges to run this command, but you must authenticate as a user with root permissions, such as cn=Directory Manager or cn=admin,cn=Administrators,cn=config. The last parameter specifies the name of the LDIF file to import.
$ ldapmodify -D cn=admin,cn=Administrators,cn=config -w - \ -B dc=example,dc=com -f /local/dsInst/ldif/demo.ldif |