[DSML Supporting Member]

About the DSML Tools

DSML (Directory Services Markup Language) is an XML dialect for directory information. A directory is a hierarchically-organised data store - in other words, a tree of data nodes. For example, a company may have organisational units, each unit will have employees, and each employee will have a name and an email address. Such hierarchically-organised data does not fit well in a database, but is much more suited to a directory.

There is a common standard for directory access in LDAP (Lightweight Directory Access Protocol), version 3 of which is defined in RFC 2251. This allows clients to connect to any directory to read information. There is also a common interchange format, called LDIF (LDAP Data Interchange Format) defined in RFC 2849. However, with the new generation of web applications being XML-aware, an XML dialect for directory information was thought necessary. Hence DSML. DSML allows the new generation of XML-aware applications to use directory information. Here is some sample DSML:

<dsml xmlns:dsml="http://www.dsml.org/DSML">
    <class id="..." ...>
    <attribute-type id="..." ...>
    <entry dn="...">
        <attr name="...">
However, DSML is not an access protocol. In this regard, it is synergistic with LDAP. If there was software that made LDAP requests and output the results as DSML, and read in DSML and executed LDAP write requests, then an LDAP-enabled directory would become DSML-enabled.

The DSML Tools suite is that software.


LDAP2DSML has a command-line syntax much like that of the ldapsearch command. It takes all the usual LDAP search options, such as base DN, filter and scope, and returns a stream of DSML.


DSML2LDAP will take the contents of a DSML file and either adds all the entries to a directory or (and this works best if the DSML file came from that directory) removes all the entries from the directory. It can do this on the basis of DN only, or checking for an exact match to avoid information loss.


For XML data, a standard line-based diff is pretty useless; you will get false differences if the data is rearranged, or there are formatting differences. DSMLDiff does a diff between files A and B on an XML syntactic level, and produces two output files - an "addfile" and a "subfile". If you take file A, remove all the entries in the subfile and add all the entries in the addfile, the resulting data set will be that of file B.

The addfile also contains comments as to the contents of the subfile, meaning that a human can see all the differences between A and B merely by reading the addfile.

Potential uses of this include shipping updates to a large directory over a low-bandwidth link, or for a human to manually inspect the last week's changes to the directory.


XML does not allow one to specify such things as "an entry may only have the attributes permitted by its objectclass" or other directory-level restrictions. To remedy this, DSMLValidate will check your data at a directory level, and correct it if it is in error (by, for example, removing illegal attributes.)

Home | About | Source | Binaries | Documentation | dsml.org | Dependencies | Licensing | Links | Feedback