This article explains how to export LDAP entries in LDIF format.
Note: Exporting user accounts to LDIF format includes only user passwords with type "Crypt" and not those with type "Password Server" or "Open Directory.
You can use the Terminal Application to export LDAP contents in LDIF format by following these steps:
$ sudo ldapsearch -LLL -H ldap://<IP Address> -b "<distinguished name>" > <target>
The following example will export User account information to a file "userexport.ldif":
sudo ldapsearch -LLL -H ldap://myserver.foo.com -b "cn=users,dc=foo,dc=com" > userexport.ldif
Where "ldap://myserver.foo.com" is the Fully Qualified Domain Name of the server hosting the LDAP database, "cn=users,dc=foo,dc=com" specifies the path to the users container which is being backed up ("cn=users" is the root-level container which contains user records, and "dc=example,dc=com" is the Search Base.), and "userexport.ldif" is the target file to which the LDIF information will be written.
The ldapsearch command requires one to specify a distinguished name, which is the method of describing a path to an object. A distinguished name is composed of a container name (cn=users, cn=groups, or cn=computer_lists) followed by the search base. To determine the search base, connect to the LDAP server with Server Admin and select Open Directory > Settings > Protocols > LDAP > Search Base.
To export all users from a server with search base "dc=example,dc=com":
cn=users,dc=example,dc=com
To export all groups from a server with search base "dc=example,dc=com":
cn=groups,dc=example,dc=com
To export all computer lists from a server with search base "dc=example,dc=com":
cn=computer_lists,dc=example,dc=com