import-ldif
import-ldif — import directory data from LDIF
Description
This utility can be used to import LDIF data into a Directory Server backend, overwriting existing data. It cannot be used to append data to the backend database.
Options
The import-ldif command takes the following options:
Command options:
-A | --templateFile {templateFile}-
Path to a MakeLDIF template to use to generate the import data.
-b | --includeBranch {branchDN}-
Base DN of a branch to include in the LDIF import.
-B | --excludeBranch {branchDN}-
Base DN of a branch to exclude from the LDIF import.
-c | --isCompressed-
LDIF file is compressed. Default: false
--countRejects-
Count the number of entries rejected by the server and return that value as the exit code (values > 255 will be reduced to 255 due to exit code restrictions). Default: false
-e | --excludeAttribute {attribute}-
Attribute to exclude from the LDIF import.
--excludeFilter {filter}-
Filter to identify entries to exclude from the LDIF import.
-F | --clearBackend-
Remove all entries for all base DNs in the backend before importing. Default: false
-i | --includeAttribute {attribute}-
Attribute to include in the LDIF import.
--includeFilter {filter}-
Filter to identify entries to include in the LDIF import.
-l | --ldifFile {ldifFile}-
Path to the LDIF file to import. All paths are relative to the server’s installation directory, which can be remote.
-n | --backendId {backendName}-
Backend ID for the backend to import.
-O | --overwrite-
Overwrite an existing rejects and/or skip file rather than appending to it. Default: false
--offline-
Indicates that the command must be run in offline mode. When using this option, the command writes to server files. Run the command as a user having the same filesystem permissions as the user running the server. Default: false
-R | --rejectFile {rejectFile}-
Write rejected entries to the specified file.
-s | --randomSeed {seed}-
Seed for the MakeLDIF random number generator. To always generate the same data with the same command, use the same non-zero seed value. A value of zero (the default) results in different data each time the tool is run. Default: 0
-S | --skipSchemaValidation-
Skip schema validation during the LDIF import. Default: false
--skipFile {skipFile}-
Write skipped entries to the specified file.
--threadCount {count}-
Number of threads used to read LDIF files during import. If 0, the number of threads will be set to twice the number of CPUs. Default: 0
--tmpDirectory {directory}-
Path to temporary directory for index scratch files during LDIF import. Default: import-tmp
Task Scheduling Options
--completionNotify {emailAddress}-
Email address of a recipient to be notified when the task completes. This option may be specified more than once.
--dependency {taskID}-
ID of a task upon which this task depends. A task will not start execution until all its dependencies have completed execution.
--description {description}-
Gives a description to the task.
--errorNotify {emailAddress}-
Email address of a recipient to be notified if an error occurs when this task executes. This option may be specified more than once.
--failedDependencyAction {action}-
Action this task will take should one if its dependent tasks fail. The value must be one of PROCESS, CANCEL, DISABLE. If not specified defaults to CANCEL.
--recurringTask {schedulePattern}-
Indicates the task is recurring and will be scheduled according to the value argument expressed in crontab(5) compatible time/date pattern. The schedule pattern for a recurring task supports only the following
crontabfeatures:
| Field | Allowed Values |
|---|---|
minute |
0-59 |
hour |
0-23 |
day of month |
1-31 |
month |
1-12 (or names) |
day of week |
0-7 (0 or 7 is Sunday, or use names) |
A field can contain an asterisk, * . An asterisk stands for first-last .
Fields can include ranges of numbers. A range is two numbers separated by a hyphen, and is inclusive. For example, 8-10 for an "hour" field means execution at hours 8, 9, and 10.
Fields can include lists. A list is a set of numbers or ranges separated by commas. For example, 4,8-10 for an "hour" field means execution at hours 4, 8, 9, and 10.
When using names for in "month" or "day of week" fields, use the first three letters of the particular month or day of the week. Case does not matter. Ranges and lists of names are not supported.
-t | --start {startTime}-
Indicates the date/time at which this operation will start when scheduled as a server task expressed in YYYYMMDDhhmmssZ format for UTC time or YYYYMMDDhhmmss for local time. A value of '0' will cause the task to be scheduled for immediate execution. When this option is specified the operation will be scheduled to start at the specified time after which this utility will exit immediately.
--taskId {taskID}-
Gives an ID to the task.
Task Backend Connection Options
--connectTimeout {timeout}-
Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. Default: 30000
-D | --bindDn {bindDN}-
DN to use to bind to the server. Default: uid=admin
-E | --reportAuthzId-
Use the authorization identity control. Default: false
-h | --hostname {host}-
Fully-qualified server host name or IP address. Default: localhost.localdomain
-N | --certNickname {nickname}-
Nickname of the certificate that should be sent to the server for SSL client authentication.
-o | --saslOption {name=value}-
SASL bind options.
-p | --port {port}-
Directory server administration port number.
--providerArg {argument}-
Configuration argument for the PKCS#11 provider.
--providerClass {class}-
Full class name of the PKCS#11 provider.
--providerName {name}-
Name of the PKCS#11 provider.
-T | --trustStorePassword[:env|:file] {trustStorePassword}-
Truststore password which will be used as the cleartext configuration value.
--useJavaKeyStore {keyStorePath}-
JKS keystore containing the certificate which should be used for SSL client authentication.
--useJavaTrustStore {trustStorePath}-
Use a JKS truststore file for validating server certificate.
--useJceKeyStore {keyStorePath}-
JCEKS keystore containing the certificate which should be used for SSL client authentication.
--useJceTrustStore {trustStorePath}-
Use a JCEKS truststore file for validating server certificate.
--useJvmTrustStore-
Use the JVM truststore for validating server certificate. Default: false
--usePasswordPolicyControl-
Use the password policy request control. Default: false
--usePkcs11KeyStore-
PKCS#11 keystore containing the certificate which should be used for SSL client authentication. Default: false
--usePkcs12KeyStore {keyStorePath}-
PKCS#12 keystore containing the certificate which should be used for SSL client authentication.
--usePkcs12TrustStore {trustStorePath}-
Use a PKCS#12 truststore file for validating server certificate.
-w | --bindPassword[:env|:file] {bindPassword}-
Password to use to bind to the server. Omit this option while providing the bind DN to ensure that the command prompts for the password, rather than entering the password as a command argument.
-W | --keyStorePassword[:env|:file] {keyStorePassword}-
Keystore password which will be used as the cleartext configuration value.
-X | --trustAll-
Trust all server SSL certificates. Default: false
Utility input/output options:
--no-prompt-
Use non-interactive mode. If data in the command is missing, the user is not prompted and the tool will fail. Default: false
--noPropertiesFile-
No properties file will be used to get default command line argument values. Default: false
--propertiesFilePath {propertiesFilePath}-
Path to the file containing default property values used for command line arguments.
-Q | --quiet-
Use quiet mode (no output). Default: false
General options:
-V | --version-
Display Directory Server version information. Default: false
-H | --help-
Display this usage information. Default: false