B.5. Defining Directories Using LDIF
The contents of an entire directory can be defined using LDIF. Using LDIF is an efficient method of directory creation when there are many entries to add to the directory.
To create a directory using LDIF:
- Create an ASCII file containing the entries to add in LDIF format.Make sure each entry is separated from the next by an empty line. Use just one line between entries, and make sure the first line of the file is not be blank, or else the
ldapmodifyutility will exit. For more information, see Section B.4, “Specifying Directory Entries Using LDIF”. - Begin each file with the topmost, or root, entry in the database.The root entry must represent the suffix or sub-suffix contained by the database. For example, if the database has the suffix
dc=example,dc=com, the first entry in the directory must bedn: dc=example,dc=com.For information on suffixes, see the "Suffix" parameter described in the Red Hat Directory Server Configuration, Command, and File Reference. - Make sure that an entry representing a branch point in the LDIF file is placed before the entries to create under that branch.For example, to place an entry in a people and a group subtree, create the branch point for those subtrees before creating entries within those subtrees.
Note
The LDIF file is read in order, so parent entries must be listed before the child entries. - Create the directory from the LDIF file using one of the following methods:
- Initializing the database through the web console. Use this method if there is a small database to import (less than 10,000 entries). See Section 6.1.3, “Importing Data Using the Web Console”.
Warning
This method is destructive and will erase any existing data in the suffix. - ldif2db or ldif2db.pl command-line utility. Use this method if there is a large database to import (more than 10,000 entries). See Section 6.1.2.2, “Importing Data While the Server is Offline”.
ldif2dbcannot be used if the server is running.ldif2db.plcan only be used if the server is running.
Warning
This method is destructive and will erase any existing data in the suffix. - ldapmodify command-line utility with the -a parameter. Use this method if a new subtree is being added to an existing database or there is existing data in the suffix which should not be deleted. Unlike the other methods for creating the directory from an LDIF file, Directory Server must be running before a subtree can be added using
ldapmodify. See Section 3.1.3, “Adding an Entry”.
Example B.1. LDIF File Example
This LDIF file contains one domain, two organizational units, and three organizational person entries:
dn: dc=example,dc=com
objectclass: top
objectclass: domain
dc: example
description: Fictional example domain
dn: ou=People,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: People
description: Fictional example organizational unit
tel: 555-5559
dn: cn=June Rossi,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: June Rossi
sn: Rossi
givenName: June
mail: rossi@example.com
userPassword: {sha}KDIE3AL9DK
ou: Accounting
ou: people
telephoneNumber: 2616
roomNumber: 220
dn: cn=Marc Chambers,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Marc Chambers
sn: Chambers
givenname: Marc
mail: chambers@example.com
userPassword: {sha}jdl2alem87dlacz1
telephoneNumber: 2652
ou: Manufacturing
ou: People
roomNumber: 167
dn: cn=Robert Wong,ou=People,example.com Corp,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Robert Wong
cn: Bob Wong
sn: Wong
givenname: Robert
givenname: Bob
mail: bwong@example.com
userPassword: {sha}nn2msx761
telephoneNumber: 2881
roomNumber: 211
ou: Manufacturing
ou: people
dn: ou=Groups,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups
description: Fictional example organizational unit