ldap: ldif & dsml fall 2004 rev. 2. ldif light-weight data interchange format rfc 2849 common...
TRANSCRIPT
LDIF
• Light-weight Data Interchange Format
• RFC 2849
• Common format to exchange data• entry
• schema
LDIF Limitations
• Limited to printable text
• Binary values MUST be Base64 encoded
• Too closely tied to LDAP
• Either new records or changes (not both)
LDIF Benefits
• Manipulate directory information in a text file
• Easily change data sets (mass changing of object attributes)
• Very simple to learn
LDIF Format
<attribute type name> : <value of attribute>
This value is the attribute name in the directory. Examples would bedn, objectClass, phone, sn
LDIF Format<attribute type name> : <value of attribute>
This value is the actual value of the attribute. This should be a text stringwith a few exceptions. Those exceptions usually require the value to beBase64 encoded. The exceptions are NULL, LF, CR, :, <
Example of Base64:
<xml></xml>
would need to be base64 encoded
the base64 encoded value would be:
PHhtbD48L3htbD4=
Example
version: 1# Add a new entrydn: cn=Fiona Jensen, ou=Marketing, dc=airius, dc=comchangetype: addobjectclass: topobjectclass: personobjectclass: organizationalPersoncn: Fiona Jensensn: Jensenuid: fionatelephonenumber: +1 408 555 1212jpegphoto:< file:///usr/local/directory/photos/fiona.jpg
# Delete an existing entrydn: cn=Robert Jensen, ou=Marketing, dc=airius, dc=comchangetype: delete
# Modify an entry's relative distinguished namedn: cn=Paul Jensen, ou=Product Development, dc=airius, dc=comchangetype: modrdnnewrdn: cn=Paula Jensendeleteoldrdn: 1
# Modify an entry: add an additional value to the postaladdress# attribute, completely delete the description attribute, replace# the telephonenumber attribute with two values, and delete a specific# value from the facsimiletelephonenumber attributedn: cn=Paula Jensen, ou=Product Development, dc=airius, dc=comchangetype: modifyadd: postaladdresspostaladdress: 123 Anystreet $ Sunnyvale, CA $ 94086-
delete: description-replace: telephonenumbertelephonenumber: +1 408 555 1234telephonenumber: +1 408 555 5678-delete: facsimiletelephonenumberfacsimiletelephonenumber: +1 408 555 9876-
# Modify an entry: replace the postaladdress attribute with an empty# set of values (which will cause the attribute to be removed), and# delete the entire description attribute. Note that the first will# always succeed, while the second will only succeed if at least# one value for the description attribute is present.dn: cn=Ingrid Jensen, ou=Product Support, dc=airius, dc=comchangetype: modifyreplace: postaladdress-delete: description-
LDIF Entry Exampleversion: 1
## Extend user objects#
dn: cn=testuser,ou=utah,o=applechangetype: modifyadd: objectClassobjectClass: posixAccountuidNumber: 1010gidNumber: 20homeDirectory: /Network/Servers/engserver2.apple.com/ENG2.DATA/USERS/testuser-add: objectClassobjectClass: apple-userapple-user-homeurl:: PGhvbWVfZGlyPjx1cmw+YWZwOi8vYmlncmVkLmV4YW1wbGUubmV0L0VORzIuREFUQTwvdXJsPjxwYXRoPlVTRVJTL3Rlc3R1c2VyPC9wYXRoPjwvaG9tZV9kaXI+
# apple-user-homeurl:: <home_dir><url>afp://bigred.example.net/ENG2.DATA</url><path>USERS/testuser</path></home_dir>
LDIF Schema Representation
• Similar to the schema files we have made
• “dn” is cn=schema
• Add or delete object classes or attributes
LDIF Schema Exampledn: cn=schemachangetype: modifyadd: attributeTypesattributeTypes: ( 1.3.6.1.4.1.63.1000.1.1.1.1.15 NAME 'apple-user-authenticationhint' DESC 'password hint' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
## User auxiliary object class.#
dn: cn=schemachangetype: modifyadd: objectclassesobjectclasses: ( 1.3.6.1.4.1.63.1000.1.1.2.1 NAME 'apple-user' SUP top AUXILIARY DESC 'user account' MAY ( apple-user-homeurl $ apple-user-class $ apple-user-homequota $ apple-user-mailattribute $ apple-user-printattribute $ apple-mcxflags $ apple-mcxsettings $ apple-user-adminlimits $ apple-user-picture $ apple-user-authenticationhint ) )
DSML v1
• Represent directory entries
• Represent schema
• Defined in dsml.dtd, dsml.xdr, dsml.xsd
• Namespace• http://dsml.org/DSML
DSML Document Types• Type 1
• contains only directory entries
• does not reference schema
• Type 2• contains only directory entries
• references schema in external doc
• Type 3• contains only directory schema
• Type 4• contains directory entries and schema
DSML Document Format
<dsml:dsml xmlns:dsml=”http://www.dsml.org/DSML>
</dsml:dsml>
...
This may also contain a XML attribute named “complete”
The value can either be “true” or “false”
true - if the document contains all the schema for the entries in the document
false - the schema is referenced in an other document
DSML Entries Elements
<dsml:directory-entries>
</dsml:directory-entries>
<dsml:objectclass>
</dsml:objectclass>
<dsml:oc-value> </dsml:oc-value>
<dsml:entry dn=”Distinguished Name”>
<dsml:entry>
Object Classes
This may also contain a XML attribute named “ref”, this points to thedefinition of the objectclass
DSML Entries Example
<dsml:directory-entries>
</dsml:directory-entries>
<dsml:objectclass>
</dsml:objectclass>
<dsml:oc-value>person</dsml:oc-value>
<dsml:entry dn=”cn=dsinema, ou=dev, o=company”>
<dsml:entry>
<dsml:dsml xmlns:dsml=”http://www.dsml.org/DSML>
</dsml:dsml>
<dsml:oc-value>top</dsml:oc-value>
<dsml:oc-value>organizationalPerson</dsml:oc-value>
Object Classes
DSML Entries Example
<dsml:directory-entries>
</dsml:directory-entries>
<dsml:objectclass>
</dsml:objectclass>
<dsml:oc-value>person</dsml:oc-value>
<dsml:entry dn=”cn=dsinema, ou=dev, o=company”>
<dsml:entry>
<dsml:dsml xmlns:dsml=”http://www.dsml.org/DSML>
</dsml:dsml>
<dsml:oc-value>top</dsml:oc-value>
<dsml:oc-value>organizationalPerson</dsml:oc-value>
Object Classes
DSML Entries Elements
<dsml:directory-entries>
</dsml:directory-entries>
<dsml:attr name=”Attribute Name”>
</dsml:attr>
<dsml:value> </dsml:value>
<dsml:entry dn=”Distinguished Name”>
<dsml:entry>
Attributes
This may also contain a XML attribute named “ref”, this points to thedefinition of the objectclass
DSML Entries Example
<dsml:directory-entries>
</dsml:directory-entries>
<dsml:attr name=”email”>
</dsml:attr>
<dsml:value>[email protected]</dsml:value>
<dsml:entry dn=”cn=dsinema, ou=dev, o=company”>
<dsml:entry>
<dsml:dsml xmlns:dsml=”http://www.dsml.org/DSML>
</dsml:dsml>
<dsml:value>[email protected]</dsml:value>
Attributes
DSML Entries Example
<dsml:attr name=”certifcate”>
</dsml:attr>
<dsml:value encoding=”base64”>XZKiASLiWNDAL92jJ=
</dsml:value>
Binary values must still be encoded. At this point still in Base64, thislimitation is because of LDAP. NOTE: that values in LDIF that werenot binary that had to be base64 encoded DO NOT need to beencoded (example is a string starting with a : or <)
Attributes
DSML Entries Elements
<dsml:directory-schema><dsml:class id=”Class Name”>
</dsml:class><dsml:attribute-type>
</dsml:attribute-type></dsml:directory-schema>
Schema
DSML Entries Elements
<dsml:directory-schema><dsml:class id=”Class Name” superior=” ”
type=” ”> <dsml:name></dsml:name> <dsml:description></dsml:description> <dsml:object-indentifier></dsml:object-
indentifier> <dsml:attribute ref=”” required=””>
</dsml:attribute></dsml:class>
</dsml:directory-schema>
Schema - ObjectClass
<dsml:class> can have one more attribute “obsolete” the value iseither true or false the default is false
DSML Entries Elements
<dsml:directory-schema><dsml:attribute id=”Attr Name”> <dsml:name></dsml:name> <dsml:description></dsml:description> <dsml:object-indentifier></dsml:object-
indentifier> <dsml:syntax> </dsml:syntax> <dsml:equality> </dsml:equality></dsml:attribute>
</dsml:directory-schema>
Schema - Attributes
<dsml:class> can have a couple more attributes “obsolete”, “single-value”,“user-modification”
Schema Example
Attribute
ObjectClass( 1.3.6.1.4.1.17946.1.2.1 NAME 'cartoon-character' SUP top STRUCTURAL
DESC 'Cartoon character and all his/her attributes' MUST ( cartoon-catchPhrase $ cartoon-homeNetwork ) MAY ( cartoon-biography ) )
( 1.3.6.1.4.1.17946.1.1.1 NAME 'cartoon-catchPhrase' DESC 'Each cartooncharacter MUST have a catch phrase, an example would be D'oh' EQUALITY
caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
( 1.3.6.1.4.1.17946.1.1.2 NAME 'cartoon-homeNetwork' DESC 'Each cartooncharacter must have a home network, and example would be Fox Channel,Disney Channel' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
( 1.3.6.1.4.1.17946.1.1.3 NAME 'cartoon-biography' DESC 'This is a URL thatshould point to a web page that contains this characters biography' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
<dsml:directory-schema><dsml:class id="cartoon-character" superior="top" type="structural"> <dsml:name>cartoon-character</dsml:name> <dsml:description>Cartoon character and all his/her attributes</dsml:description> <dsml:object-identifier>1.3.6.1.4.1.17946.1.2.1</dsml:object-identifier> <dsml:attribute ref="cartoon-catchPhrase" required="true"></dsml:attribute> <dsml:attribute ref="cartoon-homeNetwork" required="true"></dsml:attribute> <dsml:attribute ref="cartoon-biography" required="false"></dsml:attribute></dsml:class><dsml:attribute-type id="cartoon-catchPhrase"> <dsml:name>cartoon-catchPhrase</dsml:name> <dsml:description>Each cartoon character MUST have a catch phrase, an example would be
D'oh</dsml:description> <dsml:object-identifier>1.3.6.1.4.1.17946.1.1.1</dsml:object-identifier> <dsml:syntax>1.3.6.1.4.1.1466.115.121.1.15</dsml:syntax> <dsml:equality>2.5.13.2</dsml:equality></dsml:attribute-type><dsml:attribute-type id="cartoon-homeNetwork" single-value="true"> <dsml:name>cartoon-homeNetwork</dsml:name> <dsml:description>Each cartoon character must have a home network example Fox
Channel</dsml:description> <dsml:object-identifier>1.3.6.1.4.1.17946.1.1.2</dsml:object-identifier> <dsml:syntax>1.3.6.1.4.1.1466.115.121.1.15</dsml:syntax> <dsml:equality>2.5.13.2</dsml:equality></dsml:attribute-type><dsml:attribute-type id="cartoon-biography"> <dsml:name>cartoon-biography</dsml:name> <dsml:description>This is a URL</dsml:description> <dsml:object-identifier>1.3.6.1.4.1.17946.1.1.2</dsml:object-identifier> <dsml:syntax>1.3.6.1.4.1.1466.115.121.1.15</dsml:syntax> <dsml:equality>2.5.13.2</dsml:equality></dsml:attribute-type>
<dsml:directory-schema>
DSML Schema