dsexport(1) General Commands Manual dsexport(1)

dsexportexport records from OpenDirectory

dsexport [--N] [-r record_list] [-e exclude_attributes] [-a address -u username [-p password]] output_file node_path record_type

The dsexport utility exports records from Open Directory.

The first argument is the path to the output file. If the file already exists it will be overwritten.

The second argument is the path to the OpenDirectory node from which the records will be read.

The third argument is the type of record to export. If the record type does not begin with ‘dsRecTypeStandard:’ or ‘dsRecTypeNative:’, the dsexport utility will determine if the node supports a standard attribute by the specified name; otherwise, dsexport will assume that the record type is native. A warning will be printed if the record type is converted. Standard record types can be listed using the following command: ‘dscl -raw . -list /’.

The options are as follows:

Export all attributes, including native attributes. By default, dsexport only exports standard attributes.
record_list
Comma-separated list of records to export from the specified node. The -r option may be used multiple times to specify additional records to export. If the -r option is not specified, dsexport will attempt to export all records.
exclude
Comma-separated list of attributes that should not be exported. The -e option may be used multiple times to specify additional attributes to exclude. The following attributes are always excluded: ‘dsAttrTypeStandard:AppleMetaNodeLocation’, ‘dsAttrTypeStandard:RecordType’, ‘dsAttrTypeNative:objectClass’.
address
Address of the desired proxy machine.
username
Username to use for the proxy connection
password
Password to use for the proxy connection. If the -p option is not specified, dsexport will interactively prompt for the password.

When using an LDAP node, please be aware that dsexport can only export as many records as the LDAP server is willing to return. If the LDAP server has several thousand users, you may want to raise the maximum number of search results that the server returns. This can be done in Server Admin (my.server.com>OpenDirectory>Settings>Protocols tab). By default this is set to 11000 results.

Export all user records from the local node to ‘export.out’:

$ dsexport export.out /Local/Default dsRecTypeStandard:Users

Export the group records for ‘admin’ and ‘staff’ from the LDAPv3 node on a proxy machine ‘proxy.machine.com’:

$ dsexport export.out /LDAPv3/127.0.0.1 dsRecTypeStandard:Groups -r admin,staff -a proxy.machine.com -u diradmin -p password

Export augmented users from the LDAPv3 node, including native attributes but excluding the PasswordPlus attribute:

$ dsexport augments.out /LDAPv3/127.0.0.1 dsRecTypeStandard:Augments --N -e "dsAttrTypeStandard:PasswordPlus"

The dsexport utility exits 0 on success, and >0 if an error occurs.

dscl(1), dsimport(1), DirectoryService(8)

20 November 2008 Mac OS X 12