Using slapcat
Learn how to effectively use slapcat for extracting and managing LDAP directory data with ease and efficiency.
Updated at March 2nd, 2026
Table of Contents
Date: 11-04-2022
slapcat is the safest, most accurate way to export the contents of an OpenLDAP database to an LDIF file.
It reads directly from the underlying LMDB (or HDB/BDB) files — bypassing slapd — and produces a full, schema-validated snapshot of your data for Symas OpenLDAP 2.6+.
What slapcat Does
slapcat dumps entries in LDIF format from a database backend. It works even if slapd is not running.
We recommend shutting down
slapdsinceslapcatreads the raw LMDB environment.
slapcat can export:
- The main data database (
dc=example,dc=com) - The configuration database (
cn=config) - Or selected subtrees or DNs.
Think of it as the “cold backup” or “offline export” tool for OpenLDAP.
Syntax
slapcat -f /opt/symas/etc/openldap/slapd.conf -l /tmp/ldap_backup.ldifBasic Parameters
| Option | Meaning |
|---|---|
-f |
Path to your slapd.conf (if not using cn=config). |
-F |
Path to your cn=config directory (slapd.d) instead of -f. |
-b |
Restrict export to a specific base DN (subtree). |
-n |
Specify a numeric database index instead of a DN. |
-l |
Output LDIF file name. |
-v |
Verbose — shows progress and metadata. |
Examples
Export the entire database
sudo -u ldap slapcat -F /opt/symas/etc/openldap/slapd.conf -l /backups/full.ldifExport by database number
sudo -u ldap slapcat -n 1 -l /backups/db1.ldifNote: slapcat -n 0 dumps cn=config; -n 1 is usually your main data DB.)
Export While slapd Is Running (Safe Read)
LMDB allows concurrent readers, so you can run slapcat while slapd is live, but:
- The dump reflects a consistent point-in-time view of the DB
- Writes during the dump won’t appear in the export
- Large dumps can momentarily pressure the page cache
For more information, please see slapcat Man Page.