LDIF data management

Edit online

To use directory data, you must add data to a directory server instance from an existing instance or from an LDAP Data Interchange Format (LDIF) file.

You can use Configuration Tool to import data from an LDIF file or to export data from a database to an LDIF file. LDIF is used to represent LDAP entries in text form. When you import data, you can add entries to an empty directory database or to a database that contains entries. You can also use Configuration Tool to validate the data in the LDIF file without adding the data to the directory.

You can add data to an instance that is configured with DB2® database. You must not add directory data to a proxy server instance, as it is not supported.

If you want to import LDIF data from another server instance, you must cryptographically synchronize the server instances. You must synchronize two-way cryptography between directory server instances to reduce the time that is required to encrypt and decrypt data during server communications. When you import an LDIF data that is not cryptographically synchronized, AES encrypted entries in the file are not imported. For more information about synchronize two-way cryptography, see Command Reference.

If the server instances are not cryptographically synchronized, provide the encryption seed and encryption salt of the target server when you export an LDIF file from a source server. The AES-encrypted data is decrypted by using the AES keys of the source server and then it is encrypted with the encryption seed and salt values of target server. This encrypted data is stored in the LDIF file.

To import data, you must meet the following requirements before you start the process:

  • Import or export of LDIF data is not supported for a proxy server instance or an instance that is not configured with a DB2 database.
  • Add the required suffixes on the target server to which you want to import the data. See Suffix configuration.
  • You must stop the target server to which you want to import data.

After you load large amounts of data, such as populating the database with idsbulkload, you must optimize the database. This operation can improve the performance of the database.

You can also use the following command-line utilities to import, export, or validate LDIF data:

  • To import data from an LDIF file, use the idsldif2db or the idsbulkload utility.
  • To export data to an LDIF file, use the idsdb2ldif utility.
  • To validate the data in the LDIF file, use the idsbulkload utility

For more information about the command-line utilities, see Command Reference.

Examples

To retrieve the encryption salt value of a server, run the idsldapsearch command of the following format: 
idsldapsearch -h host_name -p port -D adminDN -w adminPWD \
 -b "cn=crypto,cn=localhost" objectclass=* ibm-slapdCryptoSalt

ibm-slapdCryptoSalt=:SxaQ+.qdKor
The string after equals sign (=) in the ibm-slapdCryptoSalt attribute is the encryption salt. In the example, :SxaQ+.qdKor is the encryption salt.