Using LDIFDE Utility

The LDAP Data Interchange Format utility is named LDIFDE. You are able to use this utility to manage the directory. You can export directory entries, import new entries, and change existing entries. This section describes how to export and change new entries.

Using LDIFDE, an administrator is able to create script files that can be used to perform maintenance functions. This section takes a detailed look at how to export, import, and modify existing entries.

LDIFDE has a long list of parameters. The first step is to understand some of the parameters and they can be used. For exporting, there are several parameters. They are as follows:

  • -I is not used for export. Exporting is the default. -I is used for importing into the directory.

  • -f filename is used to specify the filename to her the exported information is exported. The filename is also used on import to specify the information to be imported and from where.

  • -s servername is the name of the server from which the directory information should be exported. The default for this field is the Domain Controller (DC) into which the system running the script is logged.

  • -c FromDN ToDN is used to change the distinguished name (DN) of an object to another DN. The DN of an object is the unique name for the object in the entire active directory. As an example, the DN for a user, Bill Wade in the GPLAB OU in Wadeware's domain could look like - CN=Bill Wade, CN=GPLAB, DC=Wadeware, DC=NET. This is a handy way to export a file and to change where in the tree it is going. Another good use of this is if you are migrating from one domain to another domain.

  • -v turns on the verbose mode. This is best used when testing a script. You are able to see exactly what is transpiring with the redirection log to a file.

  • -j is used to specify the log file location. If you want to log the results of an export, you can also use this option.

  • -t is used to specify the port number for access to the directory service. Port 389 is the default LDAP port.

  • -d is used to specify the base DN of the search for the data export.

As an example, a simple command to export a single user to the directory is to run ldifde -v -f output.lidf -d "cn=test user, cn=users,dc=Wadeware, DC=net". This command produces an output file called OUTPUT.LIDF. OUTPUT.LIDF contains the complete information for the user. This is depicted in the following listing:

dn: CN=test user,CN=Users,DC=Wadeware,DC=net
changetype: add
memberOf: CN=Testgroup,CN=Users,DC=Wadeware,DC=net
accountExpires: 9223372036854775807
streetAddress:
badPasswordTime: 0
badPwdCount: 0
codePage: 0
cn: test user
countryCode: 0
displayName: test user
givenName: test user
instanceType: 4
lastLogoff: 0
lastLogon: 0
logonCount: 0
distinguishedName: CN=test user,CN=Users,DC=Wadeware,DC=net
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=Wadeware,DC=net
objectClass: user
objectGUID:: 2UINsf7tD0WL9cl4wKnn4Q==
objectSid:: AQUAAAAAAAUVAAAATWRJLufL3X0VJa9HgQQAAA==
primaryGroupID: 513
pwdLastSet: 125808936338153952
name: test user
sAMAccountName: testuser
sAMAccountType: 805306368
telephoneNumber: 425-555-6666
userAccountControl: 66048
userPrincipalName: [email protected]
uSNChanged: 130034
uSNCreated: 110608
whenChanged: 19990911215400.0Z
whenCreated: 19990904044032.0ZAs an example

Now that you have exported an entry, it is easier to see how directory entries can be changed and modified. There are three typical directory-entry actions that an administrator is interested in performing. The first is to add new users; followed closely by changing and deleting entries. The LDAP Data Interchange Format (LDIF) draft standard provides for each of these capabilities.

The LDIF draft standard is a proposed standard that describes a file format for modifying directory information. This file format is designed to be used for the import and export of directory information between LDAP directory services.

Adding Entries

To add an entry into the directory, you need to create a file that has the information that you want to add a user. This type of file can be easily created for a user using a script. The first step is to identify what you typically want in a file. For this example, the file to be used is intentionally simple. You can extrapolate from this to create a more sophisticated file to include the fields that you need filled out for each user.

A simple LDIF file includes the version number, the DN, the surname (SN) , given name (GN) , and the telephone number. The LDIF file also contains the control commands to identify the action that should be taken—add, modify, or delete. The following is an example of the file for adding a user.

version: 1
dn: CN=Doug Hauger,CN=Users,DC=Wadeware,DC=net
changetype: add
cn: Doug Hauger
givenName: Doug
sn: Hauger
distinguishedName: CN=Doug Hauger,CN=Users,DC=Wadeware,DC=net
objectClass: user
telephoneNumber: 425-555-9696

This file adds Doug Hauger to the directory under the Users container. The next step is to modify an entry in the directory. Modifying directory entries is a common task for administrators. Every time a user changes locations or phone numbers the directory needs to be changed.

Modifying a User

To modify a user, a file is created that identifies the object to be modified and that has the changetype value of modify. After the change timeline, the attribute or attributes that are going to be changed are followed with the new values for those attributes. The following listing shows how to change the telephone number, delete the postal address, and add a new street address for a user.

version: 1
dn: CN=Doug Hauger,CN=Users,DC=Wadeware,DC=net
changetype: modify
replace: telephonenumber
telephoneNumber: 413-555-9696
delete: postaladdress
add: streetaddress
streetaddress: 1 Pennsylvania Avenue $ Bellevue, WA $ 98004

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.141.35.60