Copy To LDIF (CPYTOLDIF)

Where allowed to run: All environments (*ALL)
Threadsafe: Yes
Parameters
Examples
Error messages

The Copy To LDIF (CPYTOLDIF) command is used to copy the directory contents of a Directory Server instance to a LDAP Data Interchange Format (LDIF) file. The Directory Server provides a Lightweight Directory Access Protocol (LDAP) server on IBM i.

Restriction: You must do or satisfy one of the following conditions to use this command:

Top

Parameters

Keyword Description Choices Notes
INSTANCE Instance Name, QUSRDIR Optional, Positional 2
LDIFSTMF LDIF stream file Path name Required, Positional 1
ADMIN Administrator Element list Optional
Element 1: Distinguished name Character value
Element 2: Password Character value
SUBTREE Subtree distinguished name Character value, *ALL Optional
LOCALHOST Copy cn=localhost *NOCOPY, *COPY Optional
PWDPOLICY Copy cn=pwdpolicy *NOCOPY, *COPY Optional
NESTRPLC Copy nested replication *COPY, *NOCOPY Optional
OPRATR Copy operational attributes *COPY, *NOCOPY Optional
PASSPHRASE Passphrase Character value Optional
ENCSALT Encryption salt Character value Optional
FILTERDN Filter distinguished name Character value Optional
FILTERCMT Filter comments Character value Optional
Top

Instance (INSTANCE)

Specifies the Directory Server instance whose directory entries are to be copied.

QUSRDIR
The name of the system default Directory Server instance.
name
Specify the Directory Server instance name. The name has a minimum of one character and a maximum of eight characters.
Top

LDIF stream file (LDIFSTMF)

Specifies the integrated file system path to the LDAP Data Interchange Format (LDIF) stream file.

This is a required parameter.

path-name
Specify the path name of the LDIF stream file to contain the copy of the Directory Server instance directory entries.
Top

Administrator (ADMIN)

Specifies the Directory Server administrator. If not specified, the user must have all object (*ALLOBJ) and input/output system configuration (*IOSYSCFG) special authorities.

Element 1: Distinguished name

character-value
Specify the distinguished name for the Directory Server administrator, for example, cn=administrator. A maximum of 50 characters is allowed.

Element 2: Password

character-value
Specify the password for the Directory Server administrator. The password is case sensitive and must be enclosed in apostrophes. A maximum of 50 characters is allowed.
Top

Subtree distinguished name (SUBTREE)

Specifies the distinguished name (DN) of the root of a directory subtree to copy to the LDAP Data Interchange Format (LDIF) stream file. This object, and all descendant objects will be copied.

*ALL
To copy the entire directory tree.
character-value
Specify the subtree distinguished name to be copied. A maximum of 50 characters is allowed.
Top

Copy cn=localhost (LOCALHOST)

Specifies whether data located under the distinguished name cn=localhost is copied to the LDAP Data Interchange Format (LDIF) stream file.

*NOCOPY
The contents of cn=localhost are not copied to the LDIF stream file.
*COPY
The contents of cn=localhost are copied to the LDIF stream file.
Top

Copy cn=pwdpolicy (PWDPOLICY)

Specifies whether data located under the distinguished name cn=pwdpolicy is copied to the LDAP Data Interchange Format (LDIF) stream file.

*NOCOPY
The contents of cn=pwdpolicy are not copied to the LDIF stream file.
*COPY
The contents of cn=pwdpolicy are copied to the LDIF stream file. This can only be specified when *ALL is used for the subtree DN (SUBTREE) parameter.
Top

Copy nested replication (NESTRPLC)

Specifies whether nested replication contexts are copied to the LDAP Data Interchange Format (LDIF) stream file. For example, if a directory contains the replication contexts o=acme and cn=external users,o=acme, this option can be used to copy data under the distinguished name o=acme while excluding all entries under the distinguished name cn=external users,o=acme.

*COPY
Data from nested replication contexts is copied to the LDIF stream file.
*NOCOPY
Data from nested replication contexts is not copied to the LDIF stream file. This can only be specified if a subtree DN (SUBTREE) is specified.
Top

Copy operational attributes (OPRATR)

Specifies whether the following four operational attributes are copied to the LDAP Data Interchange Format (LDIF) stream file:

*COPY
The operational attributes are copied to the LDIF stream file.
*NOCOPY
The operational attributes are not copied to the LDIF stream file.
Top

Passphrase (PASSPHRASE)

Specifies the Advanced Encryption Standard (AES) passphrase to be used to encrypt any encrypted information stored in the LDAP Data Interchange Format (LDIF) stream file. This passphrase must match the passphrase used by the Directory Server instance that will copy the information from this LDIF stream file. This should only be specified if the target Directory Server instance is using AES encryption to encrypt data.

character-value
Specify the passphrase. A minimum of 12 characters and maximum of 1016 characters is allowed. The passphrase is case sensitive, therefore characters must be enclosed in apostrophes. Valid characters are:

! # $ @ [ \ ] ^ ` { } | ~
" % & ' ( ) * + , - . / ? > = < ; : _
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9

Top

Encryption salt (ENCSALT)

Specifies the Advanced Encryption Standard (AES) salt to be used to encrypt any encrypted information stored in the LDAP Data Interchange Format (LDIF) stream file. The encryption salt must match the encryption salt used by the Directory Server instance that will copy the information from the LDIF stream file created by the command. This should only be specified if the target Directory Server instance is using AES encryption to encrypt data.

character-value
Specify the encryption salt. Exactly 12 characters must be used. The encryption salt is case sensitive, therefore characters must be enclosed in apostrophes. Valid characters are:

! # $ @ [ \ ] ^ ` { } | ~
" % & ' ( ) * + , - . / ? > = < ; : _
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9

Top

Filter distinguished name (FILTERDN)

Specifies a filter DN to be used as a filter for objectclasses and attributes.

character-value
Specify the filter distinguished name to be used to filter data. A maximum of 50 characters is allowed.
Top

Filter comments (FILTERCMT)

Specified some comments to be added into the LDIF file.

character-value
Specifies the comments. A maximum of 256 characters is allowed.
Top

Examples

Example 1: Copy Entire QUSRDIR Directory

CPYTOLDIF   INSTANCE(QUSRDIR) LDIFSTMF('/ldap/qusrdir.ldif')

This command copies the entries from the Directory Server directory for the QUSRDIR instance to the qusrdir.ldif stream file in the ldap directory. The user running the command this way must have all object (*ALLOBJ) and input/output system configuration (*IOSYSCFG) special authorities.

Example 2: Copy the o=ibm Subtree Only

CPYTOLDIF   INSTANCE(QUSRDIR) LDIFSTMF('/ldap/ibmsubtree.ldif')
            SUBTREE('o=ibm') ADMIN('cn=admin' 'secret')

This command copies the o=ibm subtree entries from the Directory Server directory for the QUSRDIR instance to the ibmsubtree.ldif stream file in the ldap directory.

Example 3: Copy the cn=localhost Entries

CPYTOLDIF   INSTANCE(DOGGIES)
            LDIFSTMF('/ldap/includelocal.ldif')
            SUBTREE(*ALL) LOCALHOST(*COPY)
            ADMIN('cn=fluffy' 'poodle')

This command copies the entries from the Directory Server directory for the DOGGIES instance including the entries in cn=localhost to the includelocal.ldif stream file in the ldap directory.

Top

Error messages

*ESCAPE Messages

GLD0202
Administrator DN or password not correct.
GLD0213
Error opening or creating file.
GLD0215
Directory server instance &1 not found.
GLD0218
Not enough authority or incorrect distinguished name and password specified.
GLD022B
Cannot find object &1.
GLD0234
Export subtree is not a replication context.
GLD0413
Validation list entry error occurred.
Top