Compare the contents of two files containing LDIF entries. The output will be an LDIF file containing the add, delete, and modify change records needed to convert the data in the source LDIF file into the data in the target LDIF file.
This tool works best with small LDIF files because it reads the entire contents of the source and target LDIF files into memory so they can be quickly compared. If you encounter an out of memory error while running the tool, you may need to increase the amount of memory available to the JVM used to invoke it.
The amount of memory available to the JVM may be customized by invoking the JVM with the '-Xms' and '-Xmx' arguments (which specify the initial and maximum amounts of memory that it may use, respectively). These arguments should be immediately followed (without any intervening space) by an integer and a unit to specify the amount of memory that may be used. The unit may be either 'm' to indicate that the size is in megabytes, or 'g' to indicate that it is in gigabytes. For example, '-Xms512m' indicates that the JVM should be given an initial heap size of 512 megabytes, while '-Xmx2g' indicates that it should be given a maximum heap size of two gigabytes.
When invoking the ldif-diff tool included in the installation of a Ping Identity server product, you may edit the config/java.properties file to specify the arguments to use when invoking the JVM. After modifying the file, run the dsjavaproperties tool to ensure that those changes will be used for subsequent tool invocations.
ldif-diff --sourceLDIF actual.ldif --targetLDIF desired.ldif \
--outputLDIF diff.ldif
ldif-diff --sourceLDIF actual.ldif --targetLDIF desired.ldif \
--outputLDIF diff.ldif --includeOperationalAttributes \
--excludeNoUserModificationAttributes --nonReversibleModifications
-V
--version
| Description | Display Data Sync Server version information |
-H
--help
| Description | Display general usage information |
--help-debug
| Description | Display help for using debug options |
| Advanced | Yes |
-s {path}
--sourceLDIF {path}
| Description | The path to the LDIF file containing the entries to use as the source data set. This argument must be specified, and the source LDIF file must exist. The LDIF file may optionally be gzip-compressed and/or passphrase-encrypted. |
| Required | Yes |
| Multi-Valued | No |
--sourceEncryptionPassphraseFile {path}
| Description | The path to the file containing the passphrase used to encrypt the contents of the source LDIF file. If this argument is provided, the file must exist and must contain exactly one line that contains only the encryption passphrase. If the source LDIF file is encrypted but this argument is not provided, and if the file was not encrypted with a key from the server's encryption settings database, then the tool will interactively prompt for the passphrase. |
| Required | No |
| Multi-Valued | No |
-t {path}
--targetLDIF {path}
| Description | The path to the LDIF file containing the entries to use as the target data set. This argument must be specified, and the target LDIF file must exist. The LDIF file may optionally be gzip-compressed and/or passphrase-encrypted. |
| Required | Yes |
| Multi-Valued | No |
--targetEncryptionPassphraseFile {path}
| Description | The path to the file containing the passphrase used to encrypt the contents of the target LDIF file. If this argument is provided, the file must exist and must contain exactly one line that contains only the encryption passphrase. If the target LDIF file is encrypted but this argument is not provided, and if the file was not encrypted with a key from the server's encryption settings database, then the tool will interactively prompt for the passphrase. |
| Required | No |
| Multi-Valued | No |
-o {path}
--outputLDIF {path}
| Description | The path to the LDIF file to which the resulting LDIF add, delete, and modify change records will be written. If this file already exists, then the new LDIF records will be appended to it unless the '--overwriteExisting' argument is provided. If this file does not exist, then the parent directory must exist. If this argument is not provided, then the changes will be written to standard output. |
| Required | No |
| Multi-Valued | No |
--compressOutput
| Description | GZIP-compress the data as it is written to the output file. |
--encryptOutput
| Description | Encrypt the data as it is written to the output file. If the '--outputEncryptionPassphraseFile' argument is provided, then the passphrase contained in that file will be used to encrypt the output. Otherwise, the tool will interactively prompt for the passphrase. |
--outputEncryptionPassphraseFile {path}
| Description | The path to a file containing the passphrase to use to encrypt the contents of the output file. If this argument is provided, then the file must exist, and it must contain exactly one line comprised entirely of the encryption passphrase. |
| Required | No |
| Multi-Valued | No |
-O
--overwriteExistingOutputLDIF
| Description | Overwrite the output file if it already exists, rather than appending to it. This argument must be provided if the output file already exists and either of the '--compressOutput' or '--encryptOutput' arguments is provided. |
--changeType {add|delete|modify}
| Description | The type of change to include in the output. Allowed values are 'add' (to indicate that the output should include LDIF add change records for all entries that are present in the target LDIF but not in the source), 'delete' (to indicate that the output should include LDIF delete change records for all entries that are present in the source LDIF but not in the target), and 'modify' (to indicate that the output should include LDIF modify change records for all entries that are present in both the source and target LDIF files but that differ between the two versions). This argument may be provided multiple times to specify multiple change types. By default, all change types will be included. |
| Default Value | add |
| Required | No |
| Multi-Valued | Yes |
--includeFilter {filter}
| Description | Only include changes to entries that match the given filter (either before or after the change). This argument may be provided multiple times to specify multiple include filters (in which case an entry will only be included if it matches at least one of the provided filters). |
| Required | No |
| Multi-Valued | No |
--excludeFilter {filter}
| Description | Exclude changes to entries that match the given filter (either before or after the change). This argument may be provided multiple times to specify multiple exclude filters (in which case an entry will be excluded if it matches any of the provided filters). |
| Required | No |
| Multi-Valued | No |
--includeAttribute {attributeName}
| Description | Only include the specified attribute in the change records that are written. Changes that do not affect the specified attribute will be omitted from the results. This argument may be provided multiple times to specify multiple include attributes. |
| Required | No |
| Multi-Valued | Yes |
--excludeAttribute {attributeName}
| Description | Exclude the specified attribute from the change records that are written. Changes that affect only the specified attribute will be omitted from the results. This argument may be provided multiple times to specify multiple exclude attributes. |
| Required | No |
| Multi-Valued | Yes |
-i
--includeOperationalAttributes
| Description | Include operational attributes in the output file, in both add and modify change records. By default, only user attributes will be included. |
-e
--excludeNoUserModificationAttributes
| Description | Exclude operational attributes declared with the NO-USER-MODIFICATION constraint. This argument is only applicable if the '--includeOperationalAttributes' argument is provided. |
--nonReversibleModifications
| Description | Generate modify change records in non-reversible form, in which attribute differences are written with the 'replace' modification type. By default, modifications will be generated in reversible form, with delete modifications to remove existing values that are no longer included and add modifications to insert new values. Using reversible form is generally considered safer, as attempts to apply the modifications are more likely to fail if the entry has been updated. Modifications generated in non-reversible form are more likely to succeed when applied, but at a greater risk of losing changes that have been processed since the LDIF files were generated. |
-S
--singleValueChanges
| Description | Generate a separate modify change record for each attribute value that is to be removed from or added to the target entry. By default, all modifications to an entry will be provided in a single modify change record. If a separate modify change record is generated for each attribute value, it may be easier to apply changes if the data set has changed since the LDIF files were generated (by instructing the tool that is applying changes to ignore failures). |
--stripTrailingSpaces
| Description | Strip off any illegal trailing spaces identified in LDIF entries rather than rejecting those entries. |
--schemaPath {path}
| Description | The path to an LDIF file (or a directory containing multiple LDIF files) with the schema definitions to use during processing. This argument may be used multiple times to specify multiple schema paths. If this argument is ot provided, the server's schema will be used. |
| Required | No |
| Multi-Valued | Yes |
--interactive
| Description | Launch the tool in interactive mode. |
--propertiesFilePath {path}
| Description | The path to a properties file used to specify default values for arguments not supplied on the command line. |
| Required | No |
| Multi-Valued | No |
--generatePropertiesFile {path}
| Description | Write an empty properties file that may be used to specify default values for arguments. |
| Required | No |
| Multi-Valued | No |
--noPropertiesFile
| Description | Do not obtain any argument values from a properties file. |
--suppressPropertiesFileComment
| Description | Suppress output listing the arguments obtained from a properties file. |