4.2. Exporting Data

LDAP Data Interchange Format (LDIF) files are used to export database entries from the Directory Server databases. LDIF is a standard format described in RFC 2849, The LDAP Data Interchange Format (LDIF) - Technical Specification.
Exporting data can be useful for the following:
  • Backing up the data in the database.
  • Copying data to another Directory Server.
  • Exporting data to another application.
  • Repopulating databases after a change to the directory topology.
For example, if a directory contains one database, and its contents are split into two databases, then the two new databases receive their data by exporting the contents of the old databases and importing it into the two new databases, as illustrated in Figure 4.1, “Splitting a Database Contents into Two Databases”.


The export operations do not export the configuration information (cn=config), schema information (cn=schema), or monitoring information (cn=monitor).
Splitting a Database Contents into Two Databases

Figure 4.1. Splitting a Database Contents into Two Databases

The Directory Server Console or command-line utilities can be used to export data.


Do not stop the server during an export operation.

4.2.1. Exporting Directory Data to LDIF Using the Console

Some or all of directory data can be exported to LDIF, depending upon the location of the final exported file. When the LDIF file is on the server, only the data contained by the databases local to the server can be exported. If the LDIF file is remote to the server, all of the databases and database links can be exported.
Export operations can be run to get data from a server instance that is local to the Directory Server Console or from a different host machine (a remote export operation).
Export directory data to LDIF from the Directory Server Console while the server is running:
  1. Select the Tasks tab. Scroll to the bottom of the screen, and click Export Database(s).
    Alternatively, select the Configuration tab and click the Export from the Console menu.
  2. Enter the full path and filename of the LDIF file in the LDIF File field, or click Browse to locate the file.
    Browse is not enabled if the Console is running on a remote server. When the Browse button is not enabled, the file is stored in the default directory, /var/lib/dirsrv/slapd-instance_name/ldif.
  3. If the Console is running on a machine remote to the server, two radio buttons are displayed beneath the LDIF File field.
    • Select To local machine to export the data to an LDIF file on the machine from which the Console is running.
    • Select To server machine to export to an LDIF file located on the server's machine.
  4. To export the whole directory, select the Entire database radio button.
    To export only a single subtree of the suffix contained by the database, select the Subtree radio button, and then enter the name of the suffix in the Subtree text box. This option exports a subtree that is contained by more than one database.
    Alternatively, click Browse to select a suffix or subtree.

4.2.2. Exporting a Single Database to LDIF Using the Console

It is also possible to export a single database to LDIF. Do the following while the server is running:
  1. Select the Configuration tab.
  2. Expand the Data tree in the left navigation pane. Expand the suffix, and select the database under the suffix.
  3. Right-click the database, and select Export Database.
    Alternatively, select Export Database from the Object menu.
  4. In the LDIF file field, enter the full path to the LDIF file, or click Browse.
    When the Browse button is not enabled, the file is stored in the default directory, /var/lib/dirsrv/slapd-instance_name/ldif.

4.2.3. Exporting to LDIF from the Command Line

There are three methods for exporting data through the command line:
  • Using db2ldif. This method runs the command-line utility; unlike the import script, ldif2db, this utility can be run while the server is running.
  • Using db2ldif.pl. This Perl script behaves the same as the db2ldif command-line utility and takes the same options.
  • Creating a cn=tasks entry. This method creates a temporary task entry which automatically launches an export operation. This is functionally like running db2ldif, with one exception: when running db2ldif or db2ldif.pl for a replica (with a -r option, the server must be stopped first. The cn=tasks entry can be added and export replica information while the server is still running. See Section, “Exporting through the cn=tasks Entry”. Exporting a Database Using db2ldif or db2ldif.pl

Databases can be exported to LDIF using the db2ldif command-line script or the db2ldif.pl Perl script. Both of these tools export all of the database contents or a part of their contents to LDIF when the server is running or stopped.
These script take the same options.


The -E option is required to export a database that has been encrypted. See Section, “Exporting and Importing an Encrypted Database” for more information.


If the database being exported is a replica, then the server must be stopped before the export script is run and the export script must have the -r.
To export to LDIF from the command linerun either the db2ldif command-line script or the db2ldif.pl Perl script. For example:
[root@server ~]# db2ldif -n database1 -a /export/output.ldif
This exports the database contents to /export/output.ldif. If the -a option is not specified, then the database information is exported to /var/lib/dirsrv/slapd-instance_name/ldif/instance_name-database1-date.ldif. For example:
[root@server ~]# db2ldif -n database1
It is also possible to specify which suffixes to export, using the -s option. For example:
[root@server ~]# db2ldif -s "dc=example,dc=com"
The LDIF file in this case would be /var/lib/dirsrv/slapd-instance_name/ldif/instance_name-example-2017_04_30_112718.ldif, using the name of the suffix rather than the database.
If the suffix specified is a root suffix, such as dc=example,dc=com, then it is not necessary to specify the database or to use the -n option.
For more information about using these scripts, see the Directory Server Configuration and Command-Line Tool Reference.

Table 4.4. db2ldif Options

Option Description
-n Specifies the name of the database from which the file is being exported.
-s Specifies the suffix or suffixes to include in the export. If the suffix is a root suffix, such as dc=example,dc=com, then the -n option is not required. There can be multiple -s arguments.
-a Defines the output file to which Directory Server exports the LDIF. This file must be an absolute path. If the -a option is not given, the output ldif is stored in the /var/lib/dirsrv/slapd-instance_name/ldif directory and is automatically named serverID-database-YYYY_MM_DD_hhmmxx.ldif with the -n option or serverID-firstsuffixvalue-YYYY_MM_DD_hhmmxx.ldif with the -s option.
-r Specifies that the exported database is a consumer replica. In this case, the appropriate settings and entries are included with the LDIF to initialize the replica when the LDIF is imported.
-E Decrypts an encrypted database so it can be exported. Exporting through the cn=tasks Entry

The cn=tasks,cn=config entry in the Directory Server configuration is a container entry for temporary entries that the server uses to manage tasks. Several common directory tasks have container entries under cn=tasks,cn=config. Temporary task entries can be created under cn=export,cn=tasks,cn=config to initiate an export operation.
The export task entry requires three attributes:
  • A unique name (cn)
  • The filename of the LDIF file to which to export the database (nsFilename)
  • The name of the database to export (nsInstance)
It is also possible to supply the DNs of suffixes to include or exclude from the export operation, analogous to the -s and -x options, respectively, for the db2ldif and db2ldif.pl scripts. Additionally, if the database is a replica, then the appropriate replica information can be included to initialize the new consumer when the LDIF is imported; this is set in the nsExportReplica, corresponding to the -r option.
The entry is simply added using ldapmodify, as described in Section 3.2.4, “Adding and Modifying Entries Using ldapmodify”. For example:
ldapmodify -a -D "cn=directory manager" -W -p 389 -h server.example.com -x

dn: cn=example export,cn=export,cn=tasks,cn=config
changetype: add
objectclass: extensibleObject
cn: example export
nsInstance: userRoot
nsFilename: /home/files/example.ldif
nsExportReplica: true
nsIncludeSuffix: ou=People,dc=example,dc=com
nsExcludeSuffix: ou=Groups,dc=example,dc=com
As soon as the task is completed, the entry is removed from the directory configuration.
The Directory Server Configuration and Command-Line Tool Reference has more information on the available attributes for running Directory Server export tasks under the cn=tasks entries.