The export-ldif command exports the contents of a directory server back end to LDIF format.
This command is not supported for the proxy.
export-ldif [options]
The export-ldif command exports the contents of a directory server back end to LDIF format. This command can run the export immediately or can be scheduled to run at a specified date and time. For more information, see Configuring Commands As Tasks in Sun OpenDS Standard Edition 2.2 Administration Guide.
Because some back ends cannot be imported to the directory server, the export-ldif command does not export the following back ends: monitor, ads-truststore, backup, config-file-handler.
You can run the export-ldif command in online or offline mode.
Online mode. In online mode, export-ldif contacts a running directory server instance over SSL, through the administration connector, and registers an export task. The command runs in online mode automatically if you specify any of the task back end connection options. For more information about the administration connector, see Managing Administration Traffic to the Server in Sun OpenDS Standard Edition 2.2 Administration Guide.
Offline mode. In offline mode, export-ldif accesses the database directly rather than through a directory server instance. To perform an offline export, the directory server must be stopped.
The export-ldif command accepts an option in either its short form (for example, -b branchDN) or its long form equivalent (for example, --includeBranch branchDN).
Append the export to an existing LDIF file rather than overwriting it. If this option is not provided, the directory server overwrites the specified LDIF file, if it exists.
Specify the base DN for a branch or subtree of the data to be exported. This option can be used multiple times to specify multiple base DNs. If this option is provided, entries contained in the back end that are not at or below one of the provided base DNs are skipped.
Specify the base DN for a branch or subtree of the data to be omitted from the export. This option can be used multiple times to specify multiple base DNs. If this option is provided, any entries contained in the back end that are at or below one of the provided base DNs are skipped. Note that the use of the --excludeBranch option takes precedence over the --includeBranch option. If an entry is at or below a DN contained in both the included and excluded lists, it is not included. This capability makes it possible to include data for only part of a branch. For example, you can include all entries below dc=example,dc=com except those below ou=People,dc=example,dc=com.
Compress the LDIF data as it is written. The data is compressed using the GZIP format, which is the format used by the --isCompressed option of the import-ldif command.
Exclude the specified attribute name during the export. This option can be used multiple times to specify multiple attributes. If this option is provided, any attributes listed are omitted from the entries that are exported.
Exclude the entries identified by the specified search filter during the export. This option can be used multiple times to specify multiple filters. If this option is provided, any entry in the back end that matches the filter is skipped. Note that the use of the --excludeFilter option takes precedence over the --includeFilter option. If an entry matches filters in both the included and excluded lists, the entry is skipped.
Include the specified attribute name in the export. This option can be used multiple times to specify multiple attributes. If this option is provided, any attributes not listed are omitted from the entries that are exported.
Include the entries identified by the specified search filter in the export. This option can be used multiple times to specify multiple filters. If this option is provided, any entry in the back end that does not match the filter is skipped.
Export the data to the specified LDIF file. This is a required option.
For online exports, the root for relative paths is the instance root, rather than the current working directory. So, for example, a path of exports/ldif.ldif here refers to instance-root/exports/ldif.ldif.
Specify the back end ID of the data to be exported. The available back ends in the directory server can be determined using the list-backends command. This is a required option.
Exclude operational attributes in the export.
Specify the column at which to wrap long lines when writing to the LDIF file. A value of 0 indicates that the data should not be wrapped.
Running an online export requires access to the tasks back end. Access to the tasks back end is provided over SSL through the administration connector. These connection options are used when the export runs online.
Use the bind DN to authenticate to the directory server. This option is used when performing simple authentication and is not required if SASL authentication is to be used. The default value for this option is cn=Directory Manager.
Contact the directory server on the specified hostname or IP address. If this option is not provided, a default of localhost is used.
Use the bind password in the specified file when authenticating to the directory server. This option must not be used in conjunction with --bindPassword.
Use the client keystore certificate in the specified path.
Use the specified certificate for client authentication.
Use the specified options for SASL authentication.
Contact the directory server at the specified administration port. If this option is not provided, a default administration port of 4444 is used.
Use the client trust store certificate in the specified path. This option is not needed if --trustAll is used, although a trust store should be used when working in a production environment.
Use the password needed to access the certificates in the client trust store. This option is only required if --trustStorePath is used and the specified trust store requires a password in order to access its contents (which most trust stores do not require). This option must not be used in conjunction with --trustStorePasswordFile.
Use the password in the specified file to access the certificates in the client keystore. This option is only required if --keyStorePath is used. This option must not be used in conjunction with --keyStorePassword.
Use the password in the specified file to access the certificates in the client trust store. This option is only required if --trustStorePath is used and the specified trust store requires a password in order to access its contents (most trust stores do not require this). This option must not be used in conjunction with --trustStorePassword.
Use the bind password when authenticating to the directory server. This option can be used for simple authentication as well as password-based SASL mechanisms. This option must not be used in conjunction with --bindPasswordFile. To prompt for the password, type -w -.
Use the password needed to access the certificates in the client keystore. This option is only required if --keyStorePath is used. This option must not be used in conjunction with --keyStorePasswordFile.
Trust all server SSL certificates that the directory server presents. This option can be used for convenience and testing purposes, but for security reasons a trust store should be used to determine whether the client should accept the server certificate.
These options are used when you specify that the export should run as a scheduled task.
Specify the email address of a recipient to be notified when the task completes. This option can be specified more than once in a single command.
Specify the ID of a task upon which this task depends. A task does not start executing until all of its dependencies have completed execution.
Specify the email address of a recipient to be notified if an error occurs when this task executes. This option can be specified more than once in a single command.
Specify the action that this task will take if one of its dependent tasks fails. The value must be one of PROCESS, CANCEL, or DISABLE. If no value is specified, the default action is CANCEL.
Indicates that the task is recurring and will be scheduled according to the schedulePattern, expressed as a crontab(5) compatible time and date pattern.
Indicates the date and time at which the operation starts when scheduled as a directory server task expressed in the format YYYYMMDDhhmmss. A value of 0 schedules the task for immediate execution. When this option is specified, the operation is scheduled to start at the specified time after which the command exits immediately.
Indicates that a properties file is not used to obtain the default command-line options.
Specify the path to the properties file that contains the default command-line options.
Display command-line usage information for the command and exit without making any attempt to run an export.
Display the version information for the directory server and exit rather than attempting to run this command.
The following examples show how to use the directory server commands. You can use the commands on any UNIX, Linux, or Windows system that has at least the Java SE 5 (at least Sun version 1.5.0_08, preferably the latest version of Java SE 6) runtime environment installed on its target system.
The following example exports the userRoot back end, starting at the base DN specified by the -b option. The command exports the data to an LDIF file specified by -l. The directory server must be stopped before performing an offline export.
$ stop-ds $ export-ldif -b dc=example,dc=com -n userRoot -l /usr/tmp/export.ldif [17/Oct/2008:12:24:33 +0200] category=JEB severity=NOTICE msgID=8847447 msg=Exported 102 entries and skipped 0 in 0 seconds (average rate 159.4/sec)
An export is automatically run online if you specify any of the task back end connection options. Because an online export contacts the server over SSL, you must specify how to trust the SSL server certificate. This examples uses the -X option to trust all certificates.
$ export-ldif -h localhost -p 4444 -D "cn=Directory Manager" -w password -X \ --includeBranch "dc=example,dc=com" --backendID userRoot \ --ldifFile /usr/tmp/export.ldif
You can schedule an export to run at some future date by using the -t or --start option to specify the start time. Like a regular online export, a scheduled export contacts the task back end of a running directory server and the relevant task back end connection options must be specified.
This example schedules an export of the userRoot back end to start on December 24.
$ export-ldif -h localhost -p 4444 -D "cn=Directory Manager" -w password -X \ --includeBranch "dc=example,dc=com" --backendID userRoot \ --ldifFile /usr/tmp/export.ldif --start 20081224121500 Export task 2008101712361910 scheduled to start Dec 24, 2008 12:15:00 PM SAST
You can view a scheduled task by using the manage-tasks command. For more information, see Configuring Commands As Tasks in Sun OpenDS Standard Edition 2.2 Administration Guide.
Offline mode. An exit code of 0 indicates that the operation completed successfully. A non-zero exit code indicates that an error occurred during processing.
Online mode. If -t or --start is specified, an exit code of 0 indicates that the task was created successfully. A nonzero exit code indicates that an error occurred when the task was created. If -t or --start is not specified, the exit codes are the same as those specified for offline mode.
The directory server supports the use of a properties file that passes in any default option values used with the export-ldif command. The properties file is convenient when working in different configuration environments, especially in scripted or embedded applications. For more information, see Using a Properties File With Server Commands.
The export-ldif command is located at these paths:
UNIX and Linux: install-dir/bin/export-ldif
Windows: install-dir\bat\export-ldif.bat