OpenDJ: Editing LDIF by hand

OpenDJ Community Logo Sometimes the fastest way to get something done involves editing LDIF as text.

If you are not used to working with LDIF in a text editor, OpenDJ Control Panel is a good place to start. Find the entry you want to change in the Manage Entries window, and then select View > LDIF View. When you save changes, OpenDJ Control Panel lets you know if you made a mistake.

LDIF edit error shown in Control Panel

You still need to decipher from the message that lines starting with a string and not white space are interpreted as attribute names, but at least the Control Panel let’s you try again right away. Forgetting to put a space at the start of a continuation line is a common error, so here it is again, command line version.

$ cat broken.ldif
dn: uid=bjensen,ou=People,dc=example,dc=com
changetype: modify
replace: description
description: This description continues on the next line,
but the continuation does not start with a space.

$ ldapmodify -p 1389 -D "cn=Directory Manager" -w password -f broken.ldif
Error at or near line 1 in LDIF file /path/to/broken.ldif:
org.opends.server.util.LDIFException: Unable to parse LDIF entry starting at
line 1 because the line "but the continuation does not start with a space."
does not include an attribute name

Another error that can happen comes from accidentally adding white space at the end of an attribute value. Let’s see what happens when you do that.

$ cat extra-space.ldif
dn: uid=bjensen,ou=People,dc=example,dc=com
changetype: modify
replace: description
description: This description ends with an extra space. 

$ ldapmodify -p 1389 -D "cn=Directory Manager" -w password -f extra-space.ldif
Processing MODIFY request for uid=bjensen,ou=People,dc=example,dc=com
MODIFY operation successful for DN uid=bjensen,ou=People,dc=example,dc=com
$ ldapsearch -p 1389 -b dc=example,dc=com uid=bjensen description
dn: uid=bjensen,ou=People,dc=example,dc=com
description:: VGhpcyBkZXNjcmlwdGlvbiBlbmRzIHdpdGggYW4gZXh0cmEgc3BhY2UuIA==

Notice that the directory happily accepts your mistake… and base64 encodes the result. So the value still shows up as expected when you decode the result, but it can be a surprise if a script somewhere is expecting the value you meant to use without having to base64 decode the value:

$ base64 decode -d VGhpcyBkZXNjcmlwdGlvbiBlbmRzIHdpdGggYW4gZXh0cmEgc3BhY2UuIA==
This description ends with an extra space.

Hope these help next time you have to edit some LDIF.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s