Exporting LDIF data with the Configuration Tool

Before you export LDIF data, be sure that you have enough space to export all the data.

To export data from the database to an LDIF file:

1. In the Configuration Tool, click Export LDIF data in the task list on the left.
2. In the Export LDIF data window on the right, type the path and file name of the LDIF file in the Path and LDIF file name field. Alternatively, you can click Browse to locate the file.
3. If you want to overwrite the data in an existing file, select the Overwrite if file exists check box.
4. If you want to export the creatorsName, createTimestamp, modifiersName, and modifyTimestamp operational attributes, select the Export operational attributes check box.

   These operational attributes are created and modified by the server when a directory entry is created or modified; they are also modified any time the entry is modified. They contain information about the user who created or modified the entry and the time the entry was created or modified. These entries are stored as a base-64-encoded control in the LDIF file.

5. If you are exporting data that will be imported into an Advanced Encryption Standard (AES)-enabled server and if the two servers are not cryptographically synchronized, select the Export data for AES-enabled destination server check box. Then complete the Encryption seed and Encryption salt fields with the values for the destination server. (See Appendix E. Synchronizing two-way cryptography between server instances for information about cryptographic synchronization of servers.)

   When the source server (the server you are exporting data from) and the destination server (the server into which you will be importing the data) are using non-matching directory key stash files, and you specify the encryption seed and salt values of the destination server, any AES-encrypted data will be decrypted using the source server's AES keys, then re-encrypted using the destination server's encryption seed and salt values. This encrypted data is stored in the LDIF file.

   You can obtain the destination server's salt value by searching (using the ldapsearch utility) the server's 'cn=crypto,cn=localhost' entry. The attribute type is ibm-slapdCryptoSalt. For example:

   ldapsearch -D adminDN -w adminPw -b "cn=crypto,cn=localhost" 
     objectclass=* ibm-slapdCryptoSalt 

   A value similar to the following is returned:

   ibm-slapdCryptoSalt=:SxaQ+.qdKor

   The part of the string after the equal to sign (=) is the encryption salt. In this example, the encryption salt is :SxaQ+.qdKor.

6. Select Export deleted entries if you want to export entries that have been deleted but are still stored in the tombstone subtree. For more information about the tombstone subtree, see the IBM® Tivoli® Directory Server 6.3 Administration Guide.
7. If you want to specify a filter for entries that are exported to the LDIF file, in the Filter entry DN field, type the DN of a valid replication filter. This filter is used to export only some of the directory database entries to the LDIF file. For more information about replication filters, see the IBM Tivoli Directory Server 6.3 Administration Guide.
8. If you want comments to be added into the LDIF file, add these comments to the Comments field.
9. If you want to export only some of the data in the directory, complete the Subtree DN field. The subtree DN identifies the top entry of the subtree that is to be written to the LDIF output file. This entry, plus all entries below it in the directory hierarchy, are written to the file. If you do not specify this option, all directory entries stored in the database are written to the output file based on the suffixes specified in the Tivoli Directory Server configuration file.
10. Click Export.

[ Top of Page | Previous Page | Next Page ]