B.5. Defining Directories Using LDIF
The contents of an entire directory can be defined using LDIF. Using LDIF is an efficient method of directory creation when there are many entries to add to the directory.
To create a directory using LDIF:
- Create an ASCII file containing the entries to add in LDIF format.Make sure each entry is separated from the next by an empty line. Use just one line between entries, and make sure the first line of the file is not be blank, or else the
ldapmodify
utility will exit. For more information, see Section B.4, “Specifying Directory Entries Using LDIF”. - Begin each file with the topmost, or root, entry in the database.The root entry must represent the suffix or sub-suffix contained by the database. For example, if the database has the suffix
dc=example,dc=com
, the first entry in the directory must bedn: dc=example,dc=com
.For information on suffixes, see the "Suffix" parameter described in the Red Hat Directory Server Configuration, Command, and File Reference. - Make sure that an entry representing a branch point in the LDIF file is placed before the entries to create under that branch.For example, to place an entry in a people and a group subtree, create the branch point for those subtrees before creating entries within those subtrees.
Note
The LDIF file is read in order, so parent entries must be listed before the child entries. - Create the directory from the LDIF file using one of the following methods:
- Initializing the database through the web console. Use this method if there is a small database to import (less than 10,000 entries). See Section 6.1.3, “Importing Data Using the Web Console”.
Warning
This method is destructive and will erase any existing data in the suffix. - ldif2db or ldif2db.pl command-line utility. Use this method if there is a large database to import (more than 10,000 entries). See Section 6.1.2.2, “Importing Data While the Server is Offline”.
ldif2db
cannot be used if the server is running.ldif2db.pl
can only be used if the server is running.
Warning
This method is destructive and will erase any existing data in the suffix. - ldapmodify command-line utility with the -a parameter. Use this method if a new subtree is being added to an existing database or there is existing data in the suffix which should not be deleted. Unlike the other methods for creating the directory from an LDIF file, Directory Server must be running before a subtree can be added using
ldapmodify
. See Section 3.1.3, “Adding an Entry”.
Example B.1. LDIF File Example
This LDIF file contains one domain, two organizational units, and three organizational person entries:
dn: dc=example,dc=com objectclass: top objectclass: domain dc: example description: Fictional example domain dn: ou=People,dc=example,dc=com objectclass: top objectclass: organizationalUnit ou: People description: Fictional example organizational unit tel: 555-5559 dn: cn=June Rossi,ou=People,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: June Rossi sn: Rossi givenName: June mail: rossi@example.com userPassword: {sha}KDIE3AL9DK ou: Accounting ou: people telephoneNumber: 2616 roomNumber: 220 dn: cn=Marc Chambers,ou=People,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Marc Chambers sn: Chambers givenname: Marc mail: chambers@example.com userPassword: {sha}jdl2alem87dlacz1 telephoneNumber: 2652 ou: Manufacturing ou: People roomNumber: 167 dn: cn=Robert Wong,ou=People,example.com Corp,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Robert Wong cn: Bob Wong sn: Wong givenname: Robert givenname: Bob mail: bwong@example.com userPassword: {sha}nn2msx761 telephoneNumber: 2881 roomNumber: 211 ou: Manufacturing ou: people dn: ou=Groups,dc=example,dc=com objectclass: top objectclass: organizationalUnit ou: groups description: Fictional example organizational unit