LDAP: LDIF & DSML Fall 2004 Rev. 2

LDIF Light-weight Data Interchange Format RFC 2849 Common format to exchange data entry schema

LDIF Limitations Limited to printable text Binary values MUST be Base64 encoded Too closely tied to LDAP Either new records or changes (not both)

LDIF Benefits Manipulate directory information in a text file Easily change data sets (mass changing of object attributes) Very simple to learn

LDIF Format :

LDIF Format : This value is the attribute name in the directory. Examples would be dn, objectClass, phone, sn

LDIF Format : This value is the actual value of the attribute. This should be a text string with a few exceptions. Those exceptions usually require the value to be Base64 encoded. The exceptions are NULL, LF, CR, :, < Example of Base64: would need to be base64 encoded the base64 encoded value would be: PHhtbD48L3htbD4=

LDIF Operations changetype: modify modrdn add delete add delete replace

Example version: 1 # Add a new entry dn: cn=Fiona Jensen, ou=Marketing, dc=airius, dc=com changetype: add objectclass: top objectclass: person objectclass: organizationalPerson cn: Fiona Jensen sn: Jensen uid: fiona telephonenumber: jpegphoto:< file:///usr/local/directory/photos/fiona.jpg # Delete an existing entry dn: cn=Robert Jensen, ou=Marketing, dc=airius, dc=com changetype: delete # Modify an entry's relative distinguished name dn: cn=Paul Jensen, ou=Product Development, dc=airius, dc=com changetype: modrdn newrdn: cn=Paula Jensen deleteoldrdn: 1

# Modify an entry: add an additional value to the postaladdress # attribute, completely delete the description attribute, replace # the telephonenumber attribute with two values, and delete a specific # value from the facsimiletelephonenumber attribute dn: cn=Paula Jensen, ou=Product Development, dc=airius, dc=com changetype: modify add: postaladdress postaladdress: 123 Anystreet $ Sunnyvale, CA $ delete: description - replace: telephonenumber telephonenumber: telephonenumber: delete: facsimiletelephonenumber facsimiletelephonenumber: # Modify an entry: replace the postaladdress attribute with an empty # set of values (which will cause the attribute to be removed), and # delete the entire description attribute. Note that the first will # always succeed, while the second will only succeed if at least # one value for the description attribute is present. dn: cn=Ingrid Jensen, ou=Product Support, dc=airius, dc=com changetype: modify replace: postaladdress - delete: description -

LDIF Entry Example version: 1 # # Extend user objects # dn: cn=testuser,ou=utah,o=apple changetype: modify add: objectClass objectClass: posixAccount uidNumber: 1010 gidNumber: 20 homeDirectory: /Network/Servers/engserver2.apple.com/ENG2.DATA/USERS/testuser - add: objectClass objectClass: apple-user apple-user-homeurl:: PGhvbWVfZGlyPjx1cmw+YWZwOi8vYmlncmVkLmV4YW1wbGUubmV0L0VORzIuREFUQTwvdXJsPjxwYXRoPl VTRVJTL3Rlc3R1c2VyPC9wYXRoPjwvaG9tZV9kaXI+ # apple-user-homeurl:: afp://bigred.example.net/ENG2.DATA USERS/testuser

LDIF Schema Representation Similar to the schema files we have made “dn” is cn=schema Add or delete object classes or attributes

LDIF Schema Example dn: cn=schema changetype: modify add: attributeTypes attributeTypes: ( NAME 'apple-user-authenticationhint' DESC 'password hint' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX SINGLE-VALUE ) # # User auxiliary object class. # dn: cn=schema changetype: modify add: objectclasses objectclasses: ( NAME 'apple-user' SUP top AUXILIARY DESC 'user account' MAY ( apple-user-homeurl $ apple-user-class $ apple-user-homequota $ apple-user-mailattribute $ apple-user- printattribute $ apple-mcxflags $ apple-mcxsettings $ apple-user-adminlimits $ apple-user-picture $ apple-user- authenticationhint ) )

DSML Dan Sinema CNS 4650

Why XML? Common representation of data Easy to transfer of data Easy to manipulate data

DSML v1 Represent directory entries Represent schema Defined in dsml.dtd, dsml.xdr, dsml.xsd Namespace

DSML Document Types Type 1 contains only directory entries does not reference schema Type 2 contains only directory entries references schema in external doc Type 3 contains only directory schema Type 4 contains directory entries and schema

DSML Document Format... This may also contain a XML attribute named “complete” The value can either be “true” or “false” true - if the document contains all the schema for the entries in the document false - the schema is referenced in an other document

DSML Entries Elements Object Classes This may also contain a XML attribute named “ref”, this points to the definition of the objectclass

DSML Entries Example person top organizationalPerson Object Classes

DSML Entries Example person top organizationalPerson Object Classes

DSML Entries Elements Attributes This may also contain a XML attribute named “ref”, this points to the definition of the objectclass

DSML Entries Example Attributes

DSML Entries Example XZKiASLiWNDAL92jJ= Binary values must still be encoded. At this point still in Base64, this limitation is because of LDAP. NOTE: that values in LDIF that were not binary that had to be base64 encoded DO NOT need to be encoded (example is a string starting with a : or <) Attributes

DSML Entries Elements Schema

DSML Entries Elements Schema - ObjectClass can have one more attribute “obsolete” the value is either true or false the default is false

DSML Entries Elements Schema - Attributes can have a couple more attributes “obsolete”, “single-value”, “user-modification”

Schema Example Attribute ObjectClass ( NAME 'cartoon-character' SUP top STRUCTURAL DESC 'Cartoon character and all his/her attributes' MUST ( cartoon-catchPhrase $ cartoon-homeNetwork ) MAY ( cartoon-biography ) ) ( NAME 'cartoon-catchPhrase' DESC 'Each cartoon character MUST have a catch phrase, an example would be D'oh' EQUALITY caseIgnoreMatch SYNTAX ) ( NAME 'cartoon-homeNetwork' DESC 'Each cartoon character must have a home network, and example would be Fox Channel, Disney Channel' EQUALITY caseIgnoreMatch SYNTAX SINGLE-VALUE ) ( NAME 'cartoon-biography' DESC 'This is a URL that should point to a web page that contains this characters biography' EQUALITY caseIgnoreMatch SYNTAX )

cartoon-character Cartoon character and all his/her attributes cartoon-catchPhrase Each cartoon character MUST have a catch phrase, an example would be D'oh cartoon-homeNetwork Each cartoon character must have a home network example Fox Channel cartoon-biography This is a URL DSML Schema