LDAP Data Interchange Format

Last updated
LDIF
Filename extension
.ldif
Internet media type text/plain, text/x-ldif
Type of formatData interchange
Standard RFC  2849

The LDAP Data Interchange Format (LDIF) is a standard plain text data interchange format for representing Lightweight Directory Access Protocol (LDAP) directory content and update requests. LDIF conveys directory content as a set of records, one record for each object (or entry). It also represents update requests, such as Add, Modify, Delete, and Rename, as a set of records, one record for each update request.

Contents

LDIF was designed in the early 1990s by Tim Howes, Mark C. Smith, and Gordon Good while at the University of Michigan. [1] LDIF was updated and extended in the late 1990s for use with Version 3 of LDAP. This later version of LDIF is called version 1 and is formally specified in RFC 2849, an IETF Standard Track RFC. RFC 2849 is authored by Gordon Good and was published in June 2000. It is currently a Proposed Standard.

A number of extensions to LDIF have been proposed over the years. One extension has been formally specified by the IETF and published. RFC 4525, authored by Kurt Zeilenga, extended LDIF to support the LDAP Modify-Increment extension. It is expected that additional extensions will be published by the IETF in the future.

Content record format

Each content record is represented as a group of attributes, with records separated from one another by blank lines. The individual attributes of a record are represented as single logical lines (represented as one or more multiple physical lines via a line-folding mechanism), comprising "name: value" pairs. Value data that do not fit within a portable subset of ASCII characters are marked with '::' after the attribute name and encoded into ASCII using base64 encoding. Comments can be added beginning the line by a pound-sign ("#", ASCII 35). [2]

Tools that employ LDIF

The OpenLDAP utilities include tools for exporting data from LDAP servers to LDIF content records (ldapsearch), [3] importing data from LDIF content records to LDAP servers (ldapadd), [4] and applying LDIF change records to LDAP servers (ldapmodify). [5]

LDIF is one of the formats for importing and exporting address book data that the address books in Netscape Communicator and in the Mozilla Application Suite support.

Microsoft Windows 2000 Server and Windows Server 2003 include an LDIF based command line tool named LDIFDE for importing and exporting information in Active Directory.

JXplorer is a cross platform open source java application that can browse and do basic editing of LDIF files.

LDIF fields

dn
distinguished name
This refers to the name that uniquely identifies an entry in the directory.
dc
domain component
This refers to each component of the domain. For example www.mydomain.com would be written as DC=www,DC=mydomain,DC=com
ou
organisational unit
This refers to the organisational unit (or sometimes the user group) that the user is part of. If the user is part of more than one group, you may specify as such, e.g., OU= Lawyer,OU= Judge.
cn
common name
This refers to the individual object (person's name; meeting room; recipe name; job title; etc.) for whom/which you are querying.

Examples of LDIF

This is an example of a simple directory entry with several attributes, represented as a record in LDIF:

# Add a directory "The Postmaster"dn:cn=The Postmaster,dc=example,dc=comobjectClass:organisationalRolecn:The Postmaster

This is an example of an LDIF record that modifies multiple single-valued attributes for two different directory entries (this format is used by Microsoft's LDIFDE tool):

dn:CN=John Smith,OU=Legal,DC=example,DC=comchangetype:modifyreplace:employeeIDemployeeID:1234-replace:employeeNumberemployeeNumber:98722-replace:extensionAttribute6extensionAttribute6:JSmith98-dn:CN=Jane Smith,OU=Accounting,DC=example,DC=comchangetype:modifyreplace:employeeIDemployeeID:5678-replace:employeeNumberemployeeNumber:76543-replace:extensionAttribute6extensionAttribute6:JSmith14-

Note: the "-" character between each attribute change is required. Also note that each directory entry ends with a "-" followed by a blank line. The final "-" is required by Microsoft's LDIFDE tool, but not needed by most ldif implementations.

This is an example of an LDIF file that adds a telephone number to an existing user:

dn:cn=Peter Michaels,ou=Artists,l=San Francisco,c=USchangetype:modifyadd:telephonenumbertelephonenumber:+1 415 555 0002

An example of LDIF containing a control:

version:1dn:o=testing,dc=example,dc=comcontrol:1.3.6.1.1.13.1falsecnchangetype:addobjectClass:topobjectClass:organisationo:testing

RFCs

Related Research Articles

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Windows Server operating systems include it as a set of processes and services. Originally, only centralized domain management used Active Directory. However, it ultimately became an umbrella title for various directory-based identity-related services.

<span class="mw-page-title-main">Email</span> Mail sent using electronic means

Email is a method of transmitting and receiving messages using electronic devices. It was conceived in the late–20th century as the digital version of, or counterpart to, mail. Email is a ubiquitous and very widely used communication medium; in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries.

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

Multipurpose Internet Mail Extensions (MIME) is a standard that extends the format of email messages to support text in character sets other than ASCII, as well as attachments of audio, video, images, and application programs. Message bodies may consist of multiple parts, and header information may be specified in non-ASCII character sets. Email messages with MIME formatting are typically transmitted with standard protocols, such as the Simple Mail Transfer Protocol (SMTP), the Post Office Protocol (POP), and the Internet Message Access Protocol (IMAP).

The Java Naming and Directory Interface (JNDI) is a Java API for a directory service that allows Java software clients to discover and look up data and resources via a name. Like all Java APIs that interface with host systems, JNDI is independent of the underlying implementation. Additionally, it specifies a service provider interface (SPI) that allows directory service implementations to be plugged into the framework. The information looked up via JNDI may be supplied by a server, a flat file, or a database; the choice is up to the implementation used.

The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data connections between the client and the server. FTP users may authenticate themselves with a plain-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP).

<span class="mw-page-title-main">XMPP</span> Communications protocol for message-oriented middleware

Extensible Messaging and Presence Protocol is an open communication protocol designed for instant messaging (IM), presence information, and contact list maintenance. Based on XML, it enables the near-real-time exchange of structured data between two or more network entities. Designed to be extensible, the protocol offers a multitude of applications beyond traditional IM in the broader realm of message-oriented middleware, including signalling for VoIP, video, file transfer, gaming and other uses.

In computer programming, Base64 is a group of binary-to-text encoding schemes that transforms binary data into a sequence of printable characters, limited to a set of 64 unique characters. More specifically, the source binary data is taken 6 bits at a time, then this group of 6 bits is mapped to one of 64 unique characters.

<span class="mw-page-title-main">OpenLDAP</span> Implemenation of an internet protocol

OpenLDAP is a free, open-source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP Project. It is released under its own BSD-style license called the OpenLDAP Public License.

In computing, a directory service or name service maps the names of network resources to their respective network addresses. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is a critical component of a network operating system. A directory server or name server is a server which provides such a service. Each resource on the network is considered an object by the directory server. Information about a particular resource is stored as a collection of attributes associated with that resource or object.

Directory Services Markup Language (DSML) is a representation of directory service information in an XML syntax.

JSON is an open standard file format and data interchange format that uses human-readable text to store and transmit data objects consisting of name–value pairs and arrays. It is a commonly used data format with diverse uses in electronic data interchange, including that of web applications with servers.

Many email clients now offer some support for Unicode. Some clients will automatically choose between a legacy encoding and Unicode depending on the mail's content, either automatically or when the user requests it.

The Common Indexing Protocol (CIP) was an attempt in the IETF working group FIND during the mid-1990s to define a protocol for exchanging index information between directory services.

<span class="mw-page-title-main">JXplorer</span> Open-source software

JXplorer is a free, open-source client for browsing Lightweight Directory Access Protocol (LDAP) servers and LDAP Data Interchange Format (LDIF) files. It is released under an Apache-equivalent license. JXplorer is written in Java and is platform independent, configurable, and has been translated into a number of languages. In total, as of 2018, JXplorer has been downloaded over 2 million times from SourceForge and is bundled with several Linux distributions.

A directory information tree (DIT) is data represented in a hierarchical tree-like structure consisting of the Distinguished Names (DNs) of directory service entries.

In information and communications technology, a media type, content type or MIME type is a two-part identifier for file formats and content formats. Their purpose is comparable to filename extensions and uniform type identifiers, in that they identify the intended data format. They are mainly used by technologies underpinning the Internet, and also used on Linux desktop systems.

PKI Resource Query Protocol (PRQP) is an Internet protocol used for obtaining information about services associated with an X.509 Certificate Authority. It is described by RFC 7030 published on October 23, 2013. PRQP aims to improve Interoperability and Usabilities issues among PKIs, helping finding services and data repositories associated with a CA. Messages communicated via PRQP are encoded in ASN.1 and are usually communicated over HTTP.

<span class="mw-page-title-main">Json2Ldap</span>

Json2Ldap is a JSON-to-LDAP gateway software, written in Java and developed by Nimbus Directory Services. It provides a JSON-RPC 2.0 interface for web clients to access one or more LDAP v3 - compatible directories. The Json2Ldap web API supports the standard LDAP directory requests as well as several extended operations and controls.

LDAP Admin is a free, open-source LDAP directory management tool licensed under the GNU General Public License. Small and compact, LDAP Admin is also highly configurable through the use of the template extensions. In addition to common browsing and editing functions, LDAP Admin provides a directory management functionality by supporting a number of application-specific LDAP objects such as Posix and Samba groups and accounts, Postfix objects and a number of Active Directory objects. It also provides an XML-based template engine which extends the application in a seamless way allowing it to support virtually unlimited number of user defined objects.

References

  1. "LDAP Series Part III - The Historical Secrets | Linux Journal". www.linuxjournal.com. Retrieved 25 November 2024.
  2. Wilson, Neil (26 April 2018). "LDIF: The LDAP Data Interchange Format". LDAP.com. Retrieved 25 November 2024.
  3. "ldapsearch(1) - Linux man page". linux.die.net. Retrieved 25 November 2024.
  4. "ldapadd(1) - Linux man page". linux.die.net. Retrieved 25 November 2024.
  5. "ldapmodify(1) - Linux man page". linux.die.net. Retrieved 25 November 2024.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.