Microsoft Identity Integration Server 2003 graphic

Using the management agent for LDAP Data Interchange Format (LDIF)

By using the management agent for LDAP Data Interchange Format (LDIF), you can synchronize data in LDIF format.

The following Microsoft Identity Integration Server 2003 versions support this management agent:

Microsoft Identity Integration Server 2003, Enterprise Edition

Connected data source support

LDAP Data Interchange Format (LDIF)

Management agent type

This is a file-based management agent.

Schema

The schema is generated based on the discovery of the data in the template input file. When you refresh the schema for this management agent, Management Agent Designer starts, reads the template input file, and then updates the management agent schema. Then, you can update the management agent configuration based on the new schema.

Remarks

LDIF data consists of one or more entries separated by a blank line. Each entry consists of an optional entry ID, a required distinguished name, one or more object classes, and attribute definitions for each object class definition. Binary data must be base64 encoded. The following is an example of an LDIF file with two entries, with the second entry containing a base-64-encoded value:

dn: cn=Barry Johnson, ou=Product Development, dc=airius, dc=com
objectclass: top objectclass: person objectclass: organizationalPerson
cn: Barry Johnson
sn: Johnson
telephonenumber: +1 408 555 0212

dn: cn=Brian Johnson, ou=Accounting, dc=airius, dc=com
objectclass: top objectclass: person objectclass: organizationalPerson
cn: Brian Johnson
sn: Johnson
telephonenumber: +1 408 555 0212
description:: V2hhdCBhIGNhcmVmdWwgcmVhZGVyIHlvdSBhcmUhICBUaGlzIHZhbHVl IGlzIGJhc2UtNjQtZW5jb2RlZCBiZWNhdXNlIGl0IGhhcyBhIGNvbnRyb2wgY2hhcmFjdG VyIGluIGl0IChhIENSKS4NICBCeSB0aGUgd2F5LCB5b3Ugc2hvdWxkIHJlYWxseSBnZXQg b3V0IG1vcmUu

Updates in an LDIF file are specified using changetype. You can only have one changetype for each DN entry. Changetype can have five values:

Add adds a new value to an attribute that does not currently have a value.
Delete deletes all values of an attribute.
Modify adds, deletes, or replaces the values of an attribute.
Moddn renames an object.
Modrdn renames an object.

The following example modifies an entry, adds an additional value to the postaladdress attribute, completely deletes the description attribute, replaces the telephonenumber attribute with two values, and deletes a specific value from the facsimiletelephonenumber attribute.

dn: cn=Barry Johnson, ou=Product Development, dc=ABC, dc=com
changetype: modify
add: postaladdress
postaladdress: 123 Anystreet $ Redmond, WA $ 98000
-
delete: description
-
replace: telephonenumber
telephonenumber: 425 555 0197
telephonenumber: 425 555 0198
-
delete: facsimiletelephonenumber
facsimiletelephonenumber: 425 555 0199

Complete documentation on LDIF can be found in RFC 2849.

When you create a management agent for LDIF, the sample file should contain all object classes that you plan to use. If, during an import from a data file, Microsoft Identity Integration Server 2003 encounters an object class that has not been defined, or mapped, it will only traverse the object class hierarchy to the level that was defined in the sample file.

For example, you map the object classes in the following table from the sample file during the creation of the management agent.

Object class in sample file	Mapped to object type in management agent
top, OrganizationalUnit	OrganizationalUnit
top, person	person
top, person, organizationalPerson	organizationalPerson

After the management agent is created, if you import a data file that contains an object class that is not defined, or mapped, in the management agent, Microsoft Identity Integration Server 2003 matches that object against the object class with the longest continuous prefix in the object class hierarchy.

For example, given the mappings defined above, Microsoft Identity Integration Server 2003 maps defined and undefined object classes as shown in the following table.

Object class	Object type
top, organizationalUnit	organizationalUnit
top, organizationalUnit, container	organizationalUnit
top, person	person
top, person, inetOrgPerson	person
top, person, organizationalPerson	organizationalPerson
top, person, organizationalPerson, inetOrgPerson	organizationalPerson

Microsoft Identity Integration Server 2003 treats all data as case sensitive.
File-based management agents do not export characters that are not in the destination code page. Microsoft Identity Integration Server 2003 fails when it attempts to export objects that contain any character that is not in the target connected data source code page. If you try to avoid this behavior by converting the file to Unicode and then doing a best-fit translation, Microsoft Identity Integration Server 2003 cannot confirm the export. As a workaround, you can do your own file translation during export attribute flow.
For file-based management agents, the template input file should contain all the object classes and attributes that will be synchronized, and it should be in a full import format.
If you use a template input file that is larger than 200 KB, Microsoft Identity Integration Server 2003 analyzes only the first 100 objects when discovering the schema. As a result, if there are object classes and attributes that you want to synchronize that do not appear in the first 100 objects, manually add those object classes and attributes as connector space object types and attributes. Depending on the size of the file, a delay might occur when Microsoft Identity Integration Server 2003 reads the entire file.
This management agent supports password management. For more information, see Related Topics.