If you’ve worked with LDAP (Lightweight Directory Access Protocol) before, you’ve probably run across LDIF files. LDIF is a schema defined in text files that defines LDAP directory content as a set of records. LDIF files define one record for each object (or entry) and store actions to perform on those objects like adding, modifying, removing and renaming objects.

In this article, you’ll get a deeper understanding of what the LDIF format is, what a file looks like and how it’s used by various tools.

The LDIF Format

The LDIF format is always represented in plain-text files with an LDF extension. Because they are plain-text, you can easily view them in your favorite text editor. Visual Studio Code, for example, has a syntax highlighter extension for LDIF files that you can install which will make working with LDIF files easier.

An LDIF file consists of a number of records each separated from the next by a blank line. Each record refers to a single object and consists of a number of lines. You can see an example of the structure below.

Sample LDIF file showing records and objects

Each line of a record can contains:

An LDAP attribute – This is a line that consists of an LDAP attribute name, followed by a colon, a space and then the attribute value.

– This is a line that consists of an LDAP attribute name, followed by a colon, a space and then the attribute value. A changetype – A changetype line in a record identifies the type of change to be made to the AD object (add, delete, modify, moddn/modrdn). A changetype of modify is followed by the change operations themselves.

– A changetype line in a record identifies the type of change to be made to the AD object (add, delete, modify, moddn/modrdn). A changetype of modify is followed by the change operations themselves. A change operation – These lines represent the changes to be made (add, delete or replace). If object is being changed more than one way, you may also notice a dash representing separating multiple change operations within a modify changetype.

– These lines represent the changes to be made (add, delete or replace). If object is being changed more than one way, you may also notice a dash representing separating multiple change operations within a modify changetype. A comment line – These are lines that start with the hash (“#”) character.

Each record correlates to an AD object. Each AD object that the record refers to is identified by the first line of the record, which contains the distinguished name (DN) attribute for the LDAP object.

Example LDF File

In the next screenshot, you will see a snippet of an LDIF file generated for a user LDAP object type. This file was exported with the LDIFDE tool representing a user account for Paul Cox.

Each line of the example file below represents one of the attributes for Paul, apart from the comment line.

You’ll see that this record has two multi-valued LDAP/Active Directory attributes such as objectClass and memberOf . These attributes are represented by multiple lines – one for each value. Also note that the objectGUID attribute is base64 encoded. Attributes are encoded in the LDIF file because that particular attribute is not stored in LDAP as a plain text or numeric value. Instead, it is stored as a 16-byte binary value.

Since this example file was exported with the ldifde tool, it is ready to be re-imported elsewhere so it has a changetype of add.

LDIF file example

As mentioned earlier, one tool you can work with LDIF files is called ldifde in Windows but others exist as well. LDIF files can be generated and consumed by a variety of tools such the OpenLDAP tools available on Linux and Mac OS, the python module python-ldap and the perl Net::LDAP::LDIF module.

Further Reading