Import LDIF data into a Directory Server backend.
Connection parameters are not required when importing to a local Directory Server that is not running. However, connection parameters are required if the Directory Server is remote, or if the Directory Server is running locally and it is inconvenient to have to stop it for the import. You can use the options to include or exclude specific attributes and branches of the tree, and to include or exclude entries matching a given filter. The input file may be compressed.
This tool features both an offline mode of operation as well as the ability to schedule an operation to run within the Directory Server's process. To schedule an operation supply LDAP connection options that allow this tool to communicate with the server through its task interface. Tasks can be scheduled to run immediately or at a later time (see Task Scheduling Options below). Once scheduled, tasks can be managed using the manage-tasks tool.
import-ldif --backendID userRoot --ldifFile userRoot.ldif
import-ldif --backendID userRoot --ldifFile userRoot.ldif \
--rejectFile rejects.ldif --skipFile skipped.ldif --overwrite
import-ldif --task --hostname server1 --port 389 \
--bindDN uid=admin,dc=example,dc=com --bindPassword password \
--backendID userRoot --ldifFile userRoot.ldif
import-ldif --backendID userRoot --templateFile example.template
import-ldif --includeBranch dc=example,dc=com --ldifFile people.ldif
-V
--version
| Description | Display Directory Server version information |
-H
--help
| Description | Display general usage information |
--help-ldap
| Description | Display help for using LDAP options |
--help-sasl
| Description | Display help for using SASL options |
--help-debug
| Description | Display help for using debug options |
| Advanced | Yes |
-Z
--useSSL
| Description | Use SSL for secure communication with the server |
-q
--useStartTLS
| Description | Use StartTLS to secure communication with the server |
--useNoSecurity
| Description | Use no security when communicating with the server |
-h {host}
--hostname {host}
| Description | Directory Server hostname or IP address |
| Default Value | localhost |
| Required | No |
| Multi-Valued | No |
-p {port}
--port {port}
| Description | Directory Server port number |
| Default Value | 389 |
| Required | No |
| Multi-Valued | No |
-D {bindDN}
--bindDN {bindDN}
| Description | DN used to bind to the server |
| Default Value | cn=Directory Manager |
| Required | No |
| Multi-Valued | No |
-w {bindPassword}
--bindPassword {bindPassword}
| Description | Password used to bind to the server |
| Required | No |
| Multi-Valued | No |
-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}
| Description | Bind password file |
| Required | No |
| Multi-Valued | No |
-o {name=value}
--saslOption {name=value}
| Description | SASL bind options |
| Required | No |
| Multi-Valued | Yes |
-X
--trustAll
| Description | Trust all server SSL certificates |
-P {truststorePath}
--trustStorePath {truststorePath}
| Description | Certificate truststore path |
| Default Value | /home/centos/workspace/Core-Release/build/package/PingDirectory/config/truststore |
| Required | No |
| Multi-Valued | No |
-T {truststorePassword}
--trustStorePassword {truststorePassword}
| Description | Certificate truststore PIN |
| Required | No |
| Multi-Valued | No |
-U {path}
--trustStorePasswordFile {path}
| Description | Certificate truststore PIN file |
| Required | No |
| Multi-Valued | No |
-K {keystorePath}
--keyStorePath {keystorePath}
| Description | Certificate keystore path |
| Required | No |
| Multi-Valued | No |
-W {keystorePassword}
--keyStorePassword {keystorePassword}
| Description | Certificate keystore PIN |
| Required | No |
| Multi-Valued | No |
-u {keystorePasswordFile}
--keyStorePasswordFile {keystorePasswordFile}
| Description | Certificate keystore PIN file |
| Required | No |
| Multi-Valued | No |
-N {nickname}
--certNickname {nickname}
| Description | Nickname of the certificate for SSL client authentication |
| Required | No |
| Multi-Valued | No |
--useAdministrativeSession
| Description | Attempt to use an administrative session to have operations processed on a dedicated pool of worker threads. This may be useful when trying to diagnose problems in a server that is unresponsive because all normal worker threads are busy processing other requests |
--propertiesFilePath {propertiesFilePath}
| Description | Path to the file that contains default property values used for command-line arguments |
| Required | No |
| Multi-Valued | No |
--usePropertiesFile
| Description | Specify that a properties file will be used to get default command-line argument values |
--script-friendly
| Description | Use script-friendly mode |
--task
| Description | Indicates that this tool should be invoked as a task which runs inside the Directory Server rather than as a separate process. At present, this argument is optional, but in a future release it may be required for running as a task |
-t {startTime}
--start {startTime}
| Description | Indicates the date/time, expressed in format 'YYYYMMDDhhmmss', when the operation starts when scheduled as a server task. A value of '0' causes the task to be scheduled for immediate execution. When this option is specified, the operation is scheduled to start at the specified time, after which this utility will exit immediately |
| Required | No |
| Multi-Valued | No |
--startAlert
| Description | Generate an administrative alert when the task starts running |
--successAlert
| Description | Generate an administrative alert when the task completes successfully |
--errorAlert
| Description | Generate an administrative alert when the task fails to complete successfully |
--startNotify {emailAddress}
| Description | Email address of a recipient to be notified when this task starts running |
| Required | No |
| Multi-Valued | Yes |
--completionNotify {emailAddress}
| Description | Email address of a recipient to be notified when the task completes, regardless of whether it succeeded or failed |
| Required | No |
| Multi-Valued | Yes |
--successNotify {emailAddress}
| Description | Email address of a recipient to be notified when this task completes successfully |
| Required | No |
| Multi-Valued | Yes |
--errorNotify {emailAddress}
| Description | Email address of a recipient to be notified if an error occurs when this task executes |
| Required | No |
| Multi-Valued | Yes |
--dependency {taskID}
| Description | ID of a task upon which this task depends. A task will not start execution until all its dependencies have completed execution |
| Required | No |
| Multi-Valued | Yes |
--failedDependencyAction {action}
| Description | Action this task will take should one of its dependent tasks fail. The value must be one of the following: PROCESS,CANCEL,DISABLE. If not specified, the default value is CANCEL |
| Required | No |
| Multi-Valued | Yes |
-Q
--quiet
| Description | Use quiet mode |
-l {ldifFile}
--ldifFile {ldifFile}
| Description | Path to the LDIF file to be imported |
| Required | No |
| Multi-Valued | Yes |
-A {templateFile}
--templateFile {templateFile}
| Description | Path to a MakeLDIF template to use to generate the import data |
| Required | No |
| Multi-Valued | No |
-n {backendName}
--backendID {backendName}
| Description | Backend ID for the backend to import |
| Required | No |
| Multi-Valued | No |
-F
--clearBackend
| Description | Remove all entries for all base DNs in the backend before importing. This is primarily useful for backends that contain multiple base DNs |
-b {branchDN}
--includeBranch {branchDN}
| Description | Base DN of a branch to include in the LDIF import |
| Required | No |
| Multi-Valued | Yes |
-B {branchDN}
--excludeBranch {branchDN}
| Description | Base DN of a branch to exclude from the LDIF import |
| Required | No |
| Multi-Valued | Yes |
-i {attribute}
--includeAttribute {attribute}
| Description | Attribute to include in the LDIF import |
| Required | No |
| Multi-Valued | Yes |
-e {attribute}
--excludeAttribute {attribute}
| Description | Attribute to exclude from the LDIF import |
| Required | No |
| Multi-Valued | Yes |
-I {filter}
--includeFilter {filter}
| Description | Filter to identify entries to include in the LDIF import |
| Required | No |
| Multi-Valued | Yes |
-E {filter}
--excludeFilter {filter}
| Description | Filter to identify entries to exclude from the LDIF import |
| Required | No |
| Multi-Valued | Yes |
-R {rejectFile}
--rejectFile {rejectFile}
| Description | Write rejected entries to the specified file |
| Required | No |
| Multi-Valued | No |
--skipFile {skipFile}
| Description | Write skipped entries to the specified file |
| Required | No |
| Multi-Valued | No |
-O
--overwrite
| Description | Overwrite an existing reject and/or skip file rather than appending to it |
-s {seed}
--randomSeed {seed}
| Description | Seed for the MakeLDIF random number generator |
| Default Value | 0 |
| Required | No |
| Multi-Valued | No |
--stripTrailingSpaces
| Description | Strip out any illegal trailing spaces contained in entries rather than rejecting those entries |
--countRejects
| Description | Count the number of entries rejected by the server and return that value as the exit code (values greater than 255 will be reduced to 255 due to exit code restrictions) |
-c
--isCompressed
| Description | The LDIF file is compressed with gzip compression. This argument is no longer necessary, as the tool should automatically detect whether the file is compressed |
-y
--isEncrypted
| Description | The LDIF file is encrypted. This argument is no longer necessary, as the tool should automatically detect whether the file is encrypted |
--promptForEncryptionPassphrase
| Description | Interactively prompt for a passphrase that can be used to generate the key needed to decrypt the encrypted LDIF file. It may be used if the file was encrypted with a key generated from a passphrase provided directly to the export-ldif command, or if it was encrypted with an encryption settings definition that was created with the password. It may not be used in conjunction with the --encryptionPassphraseFile argument, nor can it be used when running the import as a task |
--encryptionPassphraseFile {path}
| Description | The path to a file that contains a passphrase that can be used to generate the key needed to decrypt the encrypted LDIF file. It may be used if the file was encrypted with a key generated from a passphrase provided directly to the export-ldif command, or if it was encrypted with an encryption settings definition that was created with the password. It may not be used in conjunction with the --promptForEncryptionPassphrase argument. The passphrase file must exist on the server system, regardless of whether the import is running locally or as a task, and an absolute path is recommended when running as a task |
| Required | No |
| Multi-Valued | No |
--isSigned
| Description | Attempt to verify any digital signature contained in the LDIF file |
--addMissingRdnAttributes
| Description | Add values to entries for missing RDN attribute values rather than reject |
-r
--overwriteExistingEntries
| Description | Indicates that any existing entries in a branch being imported should be overwritten |
--excludeOperational
| Description | Exclude operational attributes from the LDIF import |
--excludeReplication
| Description | Exclude replication attributes from the LDIF import |
--logFilePath {logFilePath}
| Description | Echo the console output to the specified log file, instead of the default ' |
| Required | No |
| Multi-Valued | No |