Projects / ldapdiff


ldapdiff compares ldif files with a running LDAP server and does an appropriate add/delete/update for every different entry/attribute.

Operating Systems

Recent releases

  •  12 Dec 2008 23:13

    Release Notes: The source package has been "debianized" and moved to launchpad. objectClass values are compared case-insensitively now. The LDAP_CONTROL_MANAGEDSAIT Server Control Option has been implemented.

    •  14 Oct 2008 17:12

      Release Notes: New ldapdiff.conf parameter scope: "base", "one", "sub", "subordinate", and "children". This is useful for managing the scope of searches. "" has been patched so that LDAP libraries and includes are searched in the default paths, if no option "--with-ldap-sdk" has been given. An implementation of "escaped filter values" conforming to rfc2254 has been added. Detection of existing LDAP entries with an identical DN (but a different filter) and appropriate deletion has been added.

      •  26 Sep 2007 22:41

        Release Notes: The license has been changed to the GPLv3. A bug that generated LDAP server idle timeout for large LDIF input has been fixed. A bug that prevented streaming operations has been fixed. A bug that compared DNs case-sensitively has been fixed. This release has moved to the new LDAP API.

        •  04 Sep 2005 11:49

          Release Notes: New features were added to merge data from multiple sources into a single LDAP server. The return codes were improved. Bugs in ldif file creation and path construction were fixed.

          •  13 Feb 2005 06:18

            Release Notes: This release features a new config parameter "modifybydeladd: yes" in ldapdiff.conf that enables ldapdiff to replace LDAP attributes by deleting and adding the whole LDAP entry.

            Recent comments

            05 Jul 2011 22:47 confusedhacker

            Comparing this program to patch is only useful if your idea of patching involves replacing entire tires to add a scratch. This tool deletes and then recreates the entries, instead of doing a smarter delta-level "true diff" that would involve the actual attributes and their values.

            09 May 2007 13:12 tr1449

            Re: Bug that prevents streaming operations
            Thanks Enzo,

            your patch has been applied to "ldapdiff-1.2.3" available at



            16 Mar 2007 04:40 enzom

            Bug that prevents streaming operations
            If the "-f" option is not given, ldapdiff reads the LDIF data from stdin.
            Unfortunately, in ldapread.c there is code calling ftell() and fseek(), which
            fails (without warnings) if stdin is not seekable (e.g., it's a pipe). I
            reported the bug to the author two weeks ago, but I haven't heard from him, so
            here is the code for the fix, which replaces ftell()/fseek() with the pipe-friendly getc()/ungetc():

            [...]#if 0 /* old code if'd out */   filepos =
            ftell(f);   while(fgets(folderline,sizeof(folderline),f) !=
            NULL){    /* strip \n */    if((pstrip =
            strchr(folderline,'\n')) != NULL){     *pstrip =
            '\0';    }    /* strip \r\n
            */    if((pstrip = strstr(folderline,"\r\n")) !=
            NULL){     *pstrip = '\0';   
            }    if(folderline[0] == ' ' || folderline[0] ==
            '\t'){     clines++;    
            if(strlen(line) + strlen(folderline+1) >
            ldiflog(LOG0,       "attribute size to big
            file:%s line:%d",__FILE__,__LINE__);     
            exit(EXITLDERROR);     }    
            pline = realloc(pline,strlen(pline)+1 +
            strcat(pline,folderline+1);     filepos =
            ftell(f);    }else{    
            break;    }   }  
            fseek(f,filepos,SEEK_SET);#else    /* new code
            */   for(;;) {    char nextch =
            getc(f);    ungetc(nextch, f);   
            if(nextch != ' ' && nextch != '\t')    
            break;    if(fgets(folderline,sizeof(folderline),f) ==
            NULL)     break;    if((pstrip =
            strchr(folderline,'\n')) != NULL){     *pstrip =
            '\0';    }    /* strip \r\n
            */    if((pstrip = strstr(folderline,"\r\n")) !=
            NULL){     *pstrip = '\0';   
            }    clines++;    if(strlen(line) +
            strlen(folderline+1) > MAXATTRLEN){    
            ldiflog(LOG0,      "attribute size too big file:%s
            exit(EXITLDERROR);    }    pline =
            realloc(pline,strlen(pline)+1 + strlen(folderline));   


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.