Tech Support

Internet Exchange Frequently Asked Questions

Internet Exchange Directory Server
Import/Export Tools

Introduction
Internet Exchange Messaging Servers support the open Internet directory standard LDAP (Lightweight Directory Access Protocol) as the central storage for user accounts, mailing lists, mail routing and configuration information. It provides tools for administrators to import/export the LDAP database from/to a text file in LDIF (LDAP Data Interchange Format). LDIF is a common interchange format which provides a means to exchange LDAP data between different LDAP servers which use different internal data storage mechanisms.  It also facilitates the exchange of directory data between the LDAP directory and other legacy systems with the use of LDAP Import/Export tools.

LDIF File Format
LDIF is a standard text-based format for representing LDAP directory entries. An LDIF file consists of a series of LDAP records separated by line separators. Each entry consists of a sequence of lines that represent a directory entry in the LDAP database. Each LDAP entry is uniquely identified by Distinguish Name (DN) which is constructed according to the naming model of the LDAP directory.  The LDAP data are defined as a set of attribute-value pairs.

An individual LDAP entry represented in LDIF format consists of two parts: the DN and a series of attribute-value pairs. The first line of each LDAP record must be the DN, which is composed of a string, which begins with "DN", followed by a ":" and then the DN value of the entry.  After the line for DN, there follows a series of description of the attribute value pairs.  Each attribute-value pair is represented by a string composed of the name of the attribute, followed by a colon ":" and then the value of the attribute.

The Internet Exchange Directory Server utilizes the new standard of LDAP naming style (rfc2377), DC (Domain Component) to organize the LDAP directory data.   The DC naming style is a new namig style to construct Internet directory infrastructure for Internet based applications.  It is based on the name hierarchy of the existing DNS infrastructure.

The upper portions of a directory tree are constructed using the registered DNS names using the attribute "dc" (Domain Component). A domain name like jade.net can be constructed as "dc=jade, dc=net". All other subdomains under jade.net can be named under this directory tree, e.g "dc=sales, dc=jade, dc=net" represent the directory tree for the domain sales.jade.net. Internet Exchange uses the "mail" attribute in combination with the "dc" to define the DN of each registered users. E.g DN: mail=john@jade.net, dc=jade, dc=net represent the registered mail user john@jade.net.

Each domain should be defined in LDAP as an entry with objectclass "domain", as shown in the following example. These LDAP domain entries are automatically added during registering new users, if the domain of the new user does not exist.

dn: dc=net
objectclass: domain
dn: dc=jade, dc=net
objectclass: domain

In the above example, a directory tree for domain jade.net is defined. First we should define the first componnet with a DN "dc=net", and then define the sub domains with the DN "dc=jade, dc=net". The objectclass for the domain entry are defined as "domain" which is required. Similarly, domain names with other top domains like .com, .org can also be defined in the same LDAP database.  Therefore, mail users with multiple domains can be supported.

The following shows an example of LDIF file with a user entry

dn: mail=john@jade.net, dc=jade, dc=net
objectclass: ieperson
mail: john@jade.net
cn: John Brown
firstname: John
sn: Brown
othermailbox: LOCAL$john@jade.net
othermailbox: CCMAIL$John Brown at PO
dn: mail=peter@sales.jade.net, dc=sales, dc=jade, dc=net
objectclass: ieperson
mail: peter@sales.jade.net
cn: Peter Brown
firstname: Peter
sn: Brown
othermailbox: LOCAL$peter@sales.jade.net

In this example, the first entry specifies the DN "mail=john@jade.net, dc=jade, dc=net". This entry also include a objectclass attribute with value "ieperson". An objectclass in LDAP defines what kinds of attributes are required for a particular entry and what kinds of attributes are optional. The Internet mail address is john@jade.net as defined by the attribute "mail". The CN (Common Name) is "John Brown" which is composed from the values of "sn" (Surname) and "firstname" attributes.

Internet Exchange use the attribute "othermailbox" to define the mail routing for different channels, such as CCMAIL, NOTES, LOCAL, SMTPC and BSMTP. The format to specify this value of the othermailbox is a string of channel name, followed by a "$" charater and then the address defined in the corresponding channel. For example, the value "LOCAL$john@jade.net" of "othermailbox" attribute specifies a LOCAL user (with an account in Internet Exchange Message Store) with account name john@jade.net. Multiple values can be defined such that a incoming message will be route to multiple channels.

LDAP Export Tool
The LDAP data export tool that comes with Internet Exchange is "ldbmcat". It is located under the Internet Exchange installation directory.  It exports the LDAP entries from the LDAP database to a text-based file in LDIF format.

The LDAP database are located in directory LDDPDB under the installation directory of Internet Exchange.

By default, when the program is run without argument, it will export the LDAP database under the default directory. It outputs the LDAP entries to the LDIF under the LDAPDB directory with file ldif.  It it will recursively increment the file name extension if the one already exists, just in case. e.g. ldif.0, ldif.1.

If a database filename is passed as an argument to the program, it will export this database instead of the default one. There are several LDAP database files under the LDAPDB directory, the main database that should use to export is "id2entry.dbb".

ldbmcat c:\iev4\ldapdb\id2entry.dbb

You’ll be prompted with the result of the conversion process, which also indicates the name of the LDIF file containing the exported data, as shown below.

C:\ie4>  ldbmcat
LDAP database C:\IE4\LDAPDB\id2entry.dbb has been successfully exported to LDIF file C:\IE4\LDAPDB\ldif.3

LDAP Import Tool
The LDAP Import tool, ldif2ldbm, is also located under the installation directory of Internet Exchange. It will import LDAP entries defined in a LDIF file to the LDAP database. It will output the new LDAP database to the existing LDAPDB directory.

Usage:

ldif2ldbm ldif_file conf_file

The first argument is the path of the LDIF file and the second one is the configuration file of LDAP, slapd.conf that comes with Internet Exchange, located under the Installation directory.

Please be cautious of the running import tool, as it will overwrite your existing LDAP database, always make a backup of the existing database before running this tool.

Suggested steps to import new LDAP entries to an existing LDAP database.

    1. Backup all the database files in the LDAPDB directory under the Installation directory.
    2. Run export tool to export the existing data to a LDIF file, which include the configuration setting of Internet Exchange as well as the mail users information.
    3. Add/modify the LDAP entries of this LDIF file. You may append new users entries to this file. Please remember that every record should be separated by an empty line.
    4. Run the Import tool to convert the LDIF to the LDAP database.

Conclusion
In this document, the LDIF file format and import/export tools are described. They provide a convenient way for administrators to manipulate the directory data. However, the tools and especially the import tool should be used with great caution.