LDIF file format is little more than a sequence of attribute-value pairs for each directory entry, one attribute-value pair per line with the attribute and value separated by a colon and a space, (or two colons and a space for encoded values), and with a blank line separating entries. Special characters in column one of a line are used to indicate deletion or modification of entries or attributes, or continuation of a line, as shown in Table 36-2 ; note that the default, if no special character is present, is an "Add" operation.
| Character | Operation |
|---|---|
!
|
Delete |
+
|
Modify |
*
|
Advisory |
| Add | |
| space | Continuation of previous line |
Note:
As of this writing, there is ongoing Internet standardization work to standardize LDIF format. The PMDF DIRSYNC/CONVERT LDIF=file-spec TRUELDIF=file-spec and PMDF DIRSYNC/CONVERT TRUELDIF=file-spec LDIF=file-spec (OpenVMS) andpmdf dirsync -convert LDIF=file-spec TRUELDIF=file-specandpmdf dirsync -convert TRUELDIF=file-spec LDIF=file-spec(UNIX and NT) utilities are provided to convert between PMDF-DIRSYNC LDIF format and Internet LDIF format, in case an eventual Internet standard for LDIF format differs from the PMDF-DIRSYNC usage.
36.7.1.1 Encoded values
Values may either be represented as is, with no encoding, or values may
be BASE64 encoded (as for binary values such as image or audio data);
the presence of an encoded value is signalled by the use of two colons
followed by a space (rather than the normal one colon followed by a
space) as the separator between the attribute and its value.
In addition to outright binary data, any value beginning with a space, colon, or less-than character will be encoded, and any value containing characters in the ASCII range below the space character (below hexadecimal 20) or above the uppermost ASCII character (above hexadecimal 7E) will be encoded.
36.7.1.2 LDIF add operations
The typical appearance of an LDIF file representing new entries to be
added is:
entry1-attribute1: entry1-value1 entry1-attribute2: entry1-value2 ... entry1-attributen: entry1-valuen entry2-attribute1: entry2-value1 entry2-attribute2: entry2-value2 ... entry2-attributem: entry2-valuem ...Or perhaps
entry1-attribute1: entry1-value1 entry1-attribute2: entry1-long-value2 continuation-of-entry1-long-value2 entry1-attribute3:: entry1-binary-value3 ... entry1-attributen: entry1-valuen entry2-attribute1: entry2-value1 entry2-attribute2: entry2-value2 ... entry2-attributem: entry2-valuem ...when including some binary values, or long values.
Note that each directory entry typically comprises multiple attribute-value pairs.
36.7.1.3 LDIF delete operations
There are three sorts of delete operations: deleting an entire entry,
deleting all occurrences of a particular sort of attribute in an entry,
or deleting the occurrence of an attribute with a particular value in
an entry.
The deletion of an entire entry is specified by a delete of the DN (Distinguished Name) attribute for an entry, e.g.,
!DN: cn=John Smith, o=Widgets Inc., st=Somewhere, c=USNote that this appears as a single line in an LDIF file, separated with blank lines from any other entries in the LDIF file.
The deletion of all occurrences of a particular attribute within an entry is specified by a delete of that particular attribute within an entry (hence necessarily a modify entry), e.g.,
+DN: cn=Sue Smith, o=Widgets Inc., st=Somewhere, c=US !pager:corresponds to deleting all pager attribute-value pairs for the entry with distinguished name cn=Sue Smith, o=Widgets Inc., st=Somewhere, c=US.
The deletion of a particular value of an attribute within an entry is specified by a delete of that particular attribute within an entry (hence necessarily a modify entry), e.g.,
+DN: cn=Adam Smith, o=Widgets Inc., st=Somewhere, c=US !phone: 123-4569
36.7.1.4 LDIF modify operations
Any time an attribute must be added to or removed from an existing
entry, or when an attribute's value must be changed, the overall
operation on the entry will necessarily be a modify operation. Within
an entry being modified, modifies may be performed to change particular
attribute values. Section 36.7.1.3 above showed examples of cases of
modifying an entry by deleting attribute-value pairs from it. Another
example, where Adam Smith gets a new FAX number and changes his room
number, is:
+DN: cn=Adam Smith, o=Widgets Inc., st=somewhere, c=US +room: 105 fax: 123-4446After this modification, the
room attribute will have the
single value 105, and the fax attribute will have the
value 123-4446 in addition to whatever value(s) it had before.
36.7.1.5 LDIF advisory operations
Advisory or maintain operations are usually seen within entries that
are undergoing some modification; the attributes marked as advisory are
those attributes that are not being changed. For instance, an entry
+DN: cn=Becky Brown, o=Widgets Inc., st=somewhere, c=US *room: 203 *phone: 123-1415 *pager: 123-5550 pager: 123-5551indicates that Becky Brown is keeping the same room and phone numbers, and retaining here old 123-5550 pager number, as well as being given an additional new pager number, 123-5551.
Figure 36-3 shows another example of advisory attributes.
Figure 36-3 Advisory attributes
36.7.1.6 LDIF differencing files
LDIF files from a DIRBOT differencing step have a special aspect to
their format.¹ The special feature is that in an LDIF difference
file, that is, an LDIF file generated by the differencing processing
phase, the first attribute in an entry is the
"distinguishing" attribute. For instance, in the case of an
LDAP directory, this attribute would be the dn ---the
distinguished name.