dsexport(1) BSD General Commands Manual dsexport(1)NAMEdsexport — export records from OpenDirectory
SYNOPSISdsexport [--N] [-r record_list] [-e exclude_attributes]
[-a address -u username [-p password]] output_file node_path
record_type
DESCRIPTION
The dsexport utility exports records from Open Directory.
The first argument is the path to the output file. If the file already
exists it will be overwritten.
The second argument is the path to the OpenDirectory node from which the
records will be read.
The third argument is the type of record to export. If the record type
does not begin with ‘dsRecTypeStandard:’ or ‘dsRecTypeNative:’, the
dsexport utility will determine if the node supports a standard attribute
by the specified name; otherwise, dsexport will assume that the record
type is native. A warning will be printed if the record type is con‐
verted. Standard record types can be listed using the following command:
‘dscl -raw . -list /’.
OPTIONS
The options are as follows:
--N Export all attributes, including native attributes. By default,
dsexport only exports standard attributes.
-r record_list
Comma-separated list of records to export from the specified
node. The -r option may be used multiple times to specify addi‐
tional records to export. If the -r option is not specified,
dsexport will attempt to export all records.
-e exclude
Comma-separated list of attributes that should not be exported.
The -e option may be used multiple times to specify additional
attributes to exclude. The following attributes are always
excluded: ‘dsAttrTypeStandard:AppleMetaNodeLocation’,
‘dsAttrTypeStandard:RecordType’, ‘dsAttrTypeNative:objectClass’.
-a address
Address of the desired proxy machine.
-u username
Username to use for the proxy connection
-p password
Password to use for the proxy connection. If the -p option is
not specified, dsexport will interactively prompt for the pass‐
word.
NOTES
When using an LDAP node, please be aware that dsexport can only export as
many records as the LDAP server is willing to return. If the LDAP server
has several thousand users, you may want to raise the maximum number of
search results that the server returns. This can be done in Server Admin
(my.server.com>OpenDirectory>Settings>Protocols tab). By default this is
set to 11000 results.
EXAMPLES
Export all user records from the local node to ‘export.out’:
$ dsexport export.out /Local/Default dsRecTypeStandard:Users
Export the group records for ‘admin’ and ‘staff’ from the LDAPv3 node on
a proxy machine ‘proxy.machine.com’:
$ dsexport export.out /LDAPv3/127.0.0.1 dsRecTypeStandard:Groups -r
admin,staff -a proxy.machine.com -u diradmin -p password
Export augmented users from the LDAPv3 node, including native attributes
but excluding the PasswordPlus attribute:
$ dsexport augments.out /LDAPv3/127.0.0.1
dsRecTypeStandard:Augments --N -e "dsAttrTypeStandard:PasswordPlus"
EXIT STATUS
The dsexport utility exits 0 on success, and >0 if an error occurs.
SEE ALSOdscl(1), dsimport(1), DirectoryService(8)BSD 20 November 2008 BSD