LDIF Configuration - file /etc/dirsrv/slapd-*/dse.ldif

class insights.parsers.ldif_config.LDIFParser(*args, **kwargs)[source]

Bases: Parser, list


This class is deprecated and will be removed from 3.5.0. Please use the insights.parsers.dse_ldif.DseLDIF instead.

Parse the content of the directory server configuration of the /etc/dirsrv/slapd-*/dse.ldif file.

The file dse.ldif is in the LDIF format. LDIF contains multi-row records where each record is identified by a dn: line (“dn” as in “distinguished name”) and the record’s other lines are attributes. The value may be specified as UTF-8 text or as base64 encoded data, or a URI may be provided to the location of the attribute value.


  1. This parser unwraps the multiple ‘aci:’ lines to a single line.

  2. This parser only keeps the last value of a multiple keys and discrads the others before it.

Sample output:

aci: (targetattr != "aci")(version 3.0; aci "rootdse anon read access"; allow(
 read,search,compare) userdn="ldap:///anyone";)
aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(
createTimestamp: 20201026161200Z
creatorsName: cn=server,cn=plugins,cn=config
modifiersName: cn=Directory Manager
modifyTimestamp: 20210608144722Z
nsslapd-return-default-opattr: namingContexts
nsslapd-return-default-opattr: supportedControl
nsslapd-return-default-opattr: supportedExtension
nsslapd-return-default-opattr: supportedLDAPVersion
nsslapd-return-default-opattr: supportedSASLMechanisms
nsslapd-return-default-opattr: vendorName
nsslapd-return-default-opattr: vendorVersion
objectClass: top

dn: cn=changelog5,cn=config
cn: changelog5
createTimestamp: 20201026161228Z
creatorsName: cn=Directory Manager
modifiersName: cn=Directory Manager
modifyTimestamp: 20201026161228Z
nsslapd-changelogdir: /var/lib/dirsrv/slapd-IDM-NYPD-FINEST/cldb
nsslapd-changelogmaxage: 7d
objectClass: top
objectClass: extensibleobject

A list of dictionaries for each ‘dn’ attribute block of the ldif configuration.

Return type:



>>> ldif_config[0]['dn']
>>> ldif_config[0]['aci']  # the 2 aci are connected into one
'(targetattr != "aci")(version 3.0; aci "rootdse anon read access"; allow(read,search,compare) userdn="ldap:///anyone";)(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(,cn=permissions,cn=pbac,dc=idm";)'
>>> ldif_config[0]['nsslapd-return-default-opattr']  # only keep the last
>>> ldif_config[1]['dn']
>>> ldif_config[1]['modifiersName']
'cn=Directory Manager'
>>> ldif_config[1]['modifyTimestamp']

This method must be implemented by classes based on this class.


Get the list for the ‘dn’ attribute block by searching the ldif configuration. This uses the insights.parsers.keyword_search() function for searching, see its documentation for usage details. If no search parameters are given or does match the search, then nothing will be returned.


A list of dictionaries for each ‘dn’ attribute block of the ldif configuration that match the given search criteria.

Return type:



>>> ldif_config.search(dn__contains='cn=config')[0] == ldif_config[1]
>>> ldif_config.search(dn='cn=sasl,cn=config') == []
>>> ldif_config.search(cn='changelog5')[0] == ldif_config[1]