Management Agent for LDAP Data Interchange Format (LDIF)

Applies To: Windows Server 2003 with SP1

Use the management agent for LDAP Data Interchange Format (LDIF) to synchronize data in LDIF format.

Properties

Available in Identity Integration Feature Pack for Microsoft® Windows Server™ Active Directory® (IIFP)

No

Management agent type

File-based

Supported connected data source versions

  • LDAP Data Interchange Format (LDIF)

MIIS 2003 features supported

  • Password management by using a password extension

  • Full import

  • Delta import

  • Export

Schema Information

  • The schema is generated based on the discovery of the data in the template input file. When you refresh the schema for this management agent, Management Agent Designer starts, reads the template input file, and then updates the management agent schema. Then, you can update the management agent configuration based on the new schema.

Remarks

  • LDIF data consists of one or more entries separated by a blank line. Each entry consists of an optional entry ID, a required distinguished name, one or more object classes, and attribute definitions for each object class definition. Binary data must be base64 encoded. The following is an example of an LDIF file with two entries, with the second entry containing a base-64-encoded value:

    dn: cn=Barry Johnson, ou=Product Development, dc=airius, dc=com
    objectclass: top objectclass: person objectclass: organizationalPerson
    cn: Barry Johnson
    sn: Johnson
    telephonenumber: +1 408 555 0212
    dn: cn=Brian Johnson, ou=Accounting, dc=airius, dc=com
    objectclass: top objectclass: person objectclass: organizationalPerson
    cn: Brian Johnson
    sn: Johnson
    telephonenumber: +1 408 555 0212
    description:: V2hhdCBhIGNhcmVmdWwgcmVhZGVyIHlvdSBhcmUhICBUaGlzIHZhbHVl IGlzIGJhc2UtNjQtZW5jb2RlZCBiZWNhdXNlIGl0IGhhcyBhIGNvbnRyb2wgY2hhcmFjdGVyIGluIGl0IChhIENSKS4NICBCeSB0aGUgd2F5LCB5b3Ugc2hvdWxkIHJlYWxseSBnZXQg b3V0IG1vcmUu 
    

    Updates in an LDIF file are specified using changetype. You can only have one changetype for each distinguished name entry. Changetype can have five values:

    • Add adds a new value to an attribute that does not currently have a value.

    • Delete deletes all values of an attribute.

    • Modify adds, deletes, or replaces the values of an attribute.

    • Moddn renames an object.

    • Modrdn renames an object.

    The following example modifies an entry, adds an additional value to the postaladdress attribute, completely deletes the description attribute, replaces the telephonenumber attribute with two values, and deletes a specific value from the facsimiletelephonenumber attribute.

    dn: cn=Barry Johnson, ou=Product Development, dc=ABC, dc=com
    changetype: modify
    add: postaladdress
    postaladdress: 123 Anystreet $ Redmond, WA $ 98000
    -
    delete: description
    -
    replace: telephonenumber
    telephonenumber: 425 555 0197
    telephonenumber: 425 555 0198
    -
    delete: facsimiletelephonenumber
    facsimiletelephonenumber: 425 555 0199
    

    Complete documentation on LDIF can be found in RFC 2849.

    When you create a management agent for LDIF, the sample file should contain all object classes that you plan to use. If, during an import from a data file, ILM 2007 FP1 encounters an object class that has not been defined, or mapped, it will only traverse the object class hierarchy to the level that was defined in the sample file.

    For example, you map the object classes in the following table from the sample file during the creation of the management agent.

    Object class in sample file Mapped to object type in management agent

    top, OrganizationalUnit

    OrganizationalUnit

    top, person

    person

    top, person, organizationalPerson

    organizationalPerson

    After the management agent is created, if you import a data file that contains an object class that is not defined, or mapped, in the management agent, ILM 2007 FP1 matches that object against the object class with the longest continuous prefix in the object class hierarchy.

    For example, given the mappings defined above, ILM 2007 FP1 maps defined and undefined object classes as shown in the following table.

    Object class Object type

    top, organizationalUnit

    organizationalUnit

    top, organizationalUnit, container

    organizationalUnit

    top, person

    person

    top, person, inetOrgPerson

    person

    top, person, organizationalPerson

    organizationalPerson

    top, person, organizationalPerson, inetOrgPerson

    organizationalPerson

  • ILM 2007 FP1 treats all data as case sensitive.

  • File-based management agents do not export characters that are not in the destination code page. ILM 2007 FP1 fails when it attempts to export objects that contain any character that is not in the target connected data source code page. If you try to avoid this behavior by converting the file to Unicode and then doing a best-fit translation, ILM 2007 FP1 cannot confirm the export. As a workaround, you can do your own file translation during export attribute flow.

  • For file-based management agents, the template input file should contain all the object classes and attributes that will be synchronized, and it should be in a full import format.

  • If you use a template input file that is larger than 200 KB, ILM 2007 FP1 analyzes only the first 100 objects when discovering the schema. As a result, if there are object classes and attributes that you want to synchronize that do not appear in the first 100 objects, manually add those object classes and attributes as connector space object types and attributes. Depending on the size of the file, a delay might occur when ILM 2007 FP1 reads the entire file.

See Also

Concepts

Management Agents in MIIS 2003