Language and Page Formatting Options
B.3. Representing Binary Data
Binary data, such as a JPEG image, is represented in LDIF using one of two methods, standard LDIF notation or base-64 encoding.
B.3.1. Standard LDIF Notation
Standard LDIF notation uses the lesser than (<) symbol to indicate that the data are binary. For example:
jpegphoto: < file:/path/to/photo
With this standard notation, it is not necessary to specify the
ldapmodify -bparameter. However, standard notation requires that the following line be added to the beginning of the LDIF file or the LDIF update statements:
# ldapmodify -x -D userDN -W version: 1 dn: cn=Barney Fife,ou=People,dc=example,dc=com changetype: modify add: usercertificate usercertificate;binary: < file: BarneysCert
B.3.2. Base-64 Encoding
Binary data can be converted to base-64, which can be used in LDIF files, for a variety of data, from images to TLS certificates. Base 64-encoded data are identified by using the
::symbol. For example:
In addition to binary data, other values that must be base-64 encoded include the following:
- Any value that begins with a colon (:) or a space.
- Any value that contains non-ASCII data, including new lines.
ldifcommand-line utility with the
-bparameter to convert binary data to LDIF format:
# ldif -b attribute_name
attribute_name is the name of the attribute to which the binary data is supplied. The binary data is read from standard input and the results are written to standard output. Thus, use redirection operators to select input and output files.
ldifcommand-line utility will take any input and format it with the correct line continuation and appropriate attribute information. The
ldifutility also assesses whether the input requires base-64 encoding. For example:
# ldif -b jpegPhoto < mark.jpg > out.ldif
This example takes a binary file containing a JPEG-formatted image and converts it into LDIF format for the attribute
jpegPhoto. The output is saved to
-boption specifies that the
ldifutility should interpret the entire input as a single binary value. If
-bis not present, each line is considered to be a separate input value.