Chapter 4. Populating Directory Databases
4.1. Importing Data
Table 4.1. Import Method Comparison
|LDAP operations||Add, modify, delete||Add only|
|Partition specialty||Works on all partitions||Local partitions only|
|Response to server failure||Best effort (all changes made up to the point of the failure remain)||Atomic (all changes are lost after a failure)|
|LDIF file location||Local to Console||Local to Console or local to server|
| Imports configuration information (||Yes||No|
4.1.1. Importing Entries with Large Attributes
nsslapd-cachememsizeattribute defines the size allowed for the entry cache.
nsslapd-cachememsizeattribute high enough so that the import buffer has enough memory to process the entries.
4.1.2. Importing Large Numbers of Entries
ulimitvalue to the maximum number of allows processes for the system user.
[root@server ~]# ulimit -u 4096
4.1.3. Setting EntryUSN Initial Values During Import
nsslapd-entryusn-import-initvalattribute, which sets a starting USN for all imported entries.
- An integer, which is the explicit start number used for every imported entry.
- next, which means that every imported entry uses whatever the highest entry USN value was on the server before the import operation, incremented by one.
nsslapd-entryusn-import-initvalis not set, then all entry USNs begin at zero.
nsslapd-entryusn-import-initvalvalue is next, then every imported entry is assigned a USN of 1001:
ldapsearch -D "cn=directory manager" -w secret -p 389 -h server.example.com -x "(cn=*)" entryusn dn: dc=example,dc=com entryusn: 1001 dn: ou=Accounting,dc=example,dc=com entryusn: 1001 dn: ou=Product Development,dc=example,dc=com entryusn: 1001 ... dn: uid=jsmith,ou=people,dc=example,dc=com entryusn: 1001 ...
nsslapd-entryusn-import-initvalattribute to the server into which data are being imported or to the master server which will perform the initialization.
[root@server ~]# ldapmodify -D "cn=directory manager" -W -x -D "cn=directory manager" -w secret -p 389 -h server.example.com -x dn: cn=config changetype: modify add: nsslapd-entryusn-import-initval nsslapd-entryusn-import-initval: next
nsslapd-entryusn-import-initvalattribute is not replicated between servers. This means that the value must be set specifically on whichever supplier server is being used to initialize a replica.
nsslapd-entryusn-import-initvalset to next and is used to initialize a replica, then the entry USNs for imported entries have the highest value plus one. If Supplier2 does not have
nsslapd-entryusn-import-initvalset and is used to initialize a replica, then all entry USNs for imported entries begin at zero — even if Supplier1 and Supplier 2 have a multi-master replication agreement between them.
4.1.4. Importing a Database from the Console
ldapmodifyoperation is executed to append data, as well as to modify and delete entries. The operation is performed on all of the databases managed by the Directory Server and on remote databases to which the Directory Server has a configured database link.
- Select the Tasks tab. Scroll to the bottom of the screen, and select Import Database.Alternatively, open the Configuration tab and select Import from the Console menu.
- In the Import Database dialog box, enter the full path to the LDIF file to import in the LDIF file field, or click to select the file to import.If the Console is running on a machine remote to the directory, the field name appears as LDIF file (on the machine running the Console). When browsing for a file, you are not browsing the current directory for the Directory Server host, but the filesystem of the machine running the Console.When importing a database through a remote Console, do not use a relative path to the database. For remote imports, the operation fails with the error Cannot write to file... if a relative path is given for the file. Always use an absolute path for remote import operations.
- In the Options box, select one or both of the following options:
- Add Only. The LDIF file may contain modify and delete instructions in addition to the default add instructions. For the server to ignore operations other than add, select the Add only check box.
- Continue on Error. Select the Continue on error check box for the server to continue with the import even if errors occur. For example, use this option to import an LDIF file that contains some entries that already exist in the database in addition to new ones. The server notes existing entries in the rejects file while adding all new entries.
- In the File for Rejects field, enter the full path to the file in which the server is to record all entries it cannot import, or click to select the file which will contain the rejects.A reject is an entry which cannot be imported into the database; for example, the server cannot import an entry that already exists in the database or an entry that has no parent object. The Console will write the error message sent by the server to the rejects file.Leaving this field blank means the server will not record rejected entries.
4.1.5. Initializing a Database from the Console
Directory Managerin order to initialize a database because an LDIF file that contains a root entry cannot be imported into a database except as the Directory Manager (root DN). Only the Directory Manager has access to the root entry, such as
o=NetscapeRootsuffix unless you are restoring data. Otherwise, initializing the database deletes information and may require re-installing the Directory Server.
- Select the Configuration tab.
- Expand the Data tree in the left navigation pane. Expand the suffix of the database to initialize, then click the database itself.
- Right-click the database, and select Initialize Database.Alternatively, select Initialize Database from the Object menu.
- In the LDIF file field, enter the full path to the LDIF file to import, or click .
- If the Console is running from a machine local to the file being imported, clickand proceed with the import immediately. If the Console is running from a machine remote to the server containing the LDIF file, select one of the following options, then click :
The default LDIF directory is
- From local machine. Indicates that the LDIF file is located on the local machine.
- From server machine. Indicates that the LDIF file is located on a remote server.
4.1.6. Importing from the Command Line
- Using ldif2db. This import method overwrites the contents of the database and requires the server to be stopped; see Section 184.108.40.206, “Importing Using the ldif2db Command-Line Script”.
- Using ldif2db.pl. This import method overwrites the contents of the database while the server is still running; see Section 220.127.116.11, “Importing Using the ldif2db.pl Perl Script”.
- Using ldif2ldap. This method appends the LDIF file through LDAP. This method is useful to append data to all of the databases; see Section 18.104.22.168, “Importing Using the ldif2ldap Command-Line Script”.
- Creating a cn=tasks entry. This method creates a temporary task entry which automatically launches an import operation. This is functionally like running
ldif2db. See Section 22.214.171.124, “Importing through the cn=tasks Entry”.
-Eoption with the script. See Section 126.96.36.199, “Exporting and Importing an Encrypted Database” for more information.
188.8.131.52. Importing Using the ldif2db Command-Line Script
ldif2dbscript overwrites the data in the specified database. Also, the script requires that the Directory Server be stopped when the import begins.
o=NetscapeRootconfiguration information with the
o=NetscapeRootconfiguration information in the files being imported.
- Stop the server.
[root@server ~]# service dirsrv stop instance
- Run the
[root@server ~]# /usr/lib64/dirsrv/slapd-instance_name/ldif2db -n Database1 -i /var/lib/dirsrv/slapd-instance_name/ldif/demo.ldif -i /var/lib/dirsrv/slapd-instance_name/ldif/demo2.ldifOn 32-bit installations, the
ldif2dbscript is located in the
/usr/lib64/dirsrv/slapd-instance_name/directory.For more information about using this script, see the Directory Server Configuration and Command-Line Tool Reference.
WarningIf the database specified in the
-noption does not correspond with the suffix contained by the LDIF file, all of the data contained by the database is deleted, and the import fails. Make sure that the database name is not misspelled.
- Start the server.
[root@server ~]# service dirsrv start instance
Table 4.2. ldif2db Parameters
|-i|| Specifies the full path name of the LDIF files to be imported. This option is required. To import more than one LDIF file at a time, use multiple |
|-n||Specifies the name of the database to which to import the data.|
184.108.40.206. Importing Using the ldif2db.pl Perl Script
ldif2db.plscript overwrites the data in the specified database. This script requires the server to be running in order to perform the import.
[root@server ~]# ldif2db.pl -D "cn=Directory Manager" -w secret -i /var/lib/dirsrv/slapd-instance_name/ldif/demo.ldif -n Database1
rootprivileges to run the script, but you must authenticate as the Directory Manager.
Table 4.3. ldif2db.pl Options
|-D||Specifies the DN of the administrative user.|
|-w||Specifies the password of the administrative user.|
|-i|| Specifies the LDIF files to be imported. This option is required. To important multiple LDIF files at a time, use multiple |
|-n||Specifies the name of the database to which to import the data.|
220.127.116.11. Importing Using the ldif2ldap Command-Line Script
ldif2ldapscript appends the LDIF file through LDAP. Using this script, data are imported to all directory databases at the same time. The server must be running in order to import using
[root@server ~]# ldif2ldap "cn=Directory Manager" secretpwd /var/lib/dirsrv/slapd-instance_name/ldif/demo.ldif
ldif2ldapscript requires the DN of the administrative user, the password of the administrative user, and the absolute path and filename of the LDIF files to be imported.
18.104.22.168. Importing through the cn=tasks Entry
cn=tasks,cn=configentry in the Directory Server configuration is a container entry for temporary entries that the server uses to manage tasks. Several common directory tasks have container entries under
cn=tasks,cn=config. Temporary task entries can be created under
cn=import,cn=tasks,cn=configto initiate an import operation.
ldif2db.plscripts, an import operation in
cn=tasksoverwrites all of the information in the database.
- A unique name (
- The filename of the LDIF file to import (
- The name of the database into which to import the file (
-xoptions, respectively, for the
ldapmodify, as described in Section 3.2.4, “Adding and Modifying Entries Using ldapmodify”. For example:
-a-D "cn=directory manager" -W -p 389 -h server.example.com -x dn: cn=example import,cn=import,cn=tasks,cn=config changetype: add objectclass: extensibleObject cn: example import nsFilename: /home/files/example.ldif nsInstance: userRoot nsIncludeSuffix: ou=People,dc=example,dc=com nsExcludeSuffix: ou=Groups,dc=example,dc=com