OpenLDAP — Import DIT with data

You can refer to my story Install openLDAP in ubuntu to setup an openLDAP instance in your Ubuntu server.

Assuming that you already have openLDAP installed and running, let’s look into a real requirement.

If you are new to LDAP, I strongly recommend that you learn and get to know the basics before continuing.

Below are some links that I found helpful.

[1] https://www.digitalocean.com/community/tutorials/understanding-the-ldap-protocol-data-hierarchy-and-entry-components

[2] https://sites.google.com/site/openldaptutorial/Home/openldap---beginners

Requirement:

You might need to troubleshoot data in a LDAP instance of an organization by replicating it locally. For that, do the following.

1. Import the custom schema to LDAP. (If they have introduced new objectClasses, attributes)

2. Export LDIF(with entries) from the LDAP connection of the organization

3. Import LDIF(with entries) to a local LDAP connection using Apache Active directory.

Details:

1. Import the custom schema to LDAP. (If they have introduced new objectClasses, attributes)

The custom schema can be of the below format. If you ever need to design a schema of yours, this OID reference can be helpful.

attributetype ( 2.16.840.1.113730.3.2.2.1.1.1.11.5
NAME ‘deviceId’
DESC ‘RFC3136: devices id’
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )

objectclass ( 2.16.840.1.113730.3.2.2.1.1.1.11.4
NAME ‘testDevice’
DESC ‘RFC3133: a Device’
SUP device
STRUCTURAL
MAY ( cn $ deviceId ))

Edit the “slapd.conf” file to include this schema and then restart the LDAP server for it to get effect.

include /usr/local/etc/openldap/schema/test.schema

2. Export LDIF(with entries) from the LDAP connection of the organization

You can use a tool like Apache directory studio, and create a connection to the organizations LDAP server. If you don’t have Apache DS installed, it’s very easy to get it. Follow this documentation.

Then you can export the entries as in LDIF structure.

RightClick at Root DSE → Export → LDIF export..

3. Import LDIF(with entries) to a local LDAP connection using Apache Active directory.

You can do it with either Apache DS or with your local LDAP.

• To use Apache DS for the import, create a connection to your local LDAP server.

RightClick at Root DSE → Import → LDIF import..

• To use openLDAP commands, use the below command.

ldapadd -x -D “cn=Manager,dc=test,dc=com” -W -f dc.ldif -c

Note that to get the exact DIT structure as the external LDAP, “rootdn” in your slapd.conf file should match. For example, in the above command “dc=test,dc=com” refers to your rootdn.

When executing the above command you’ll see the logs on getting entries added.

Now if you “Reload Entry” in Apache DS you will have the same structure as external LDAP :)

Enjoy!