LDAP Programming
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me

The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.

Go Back   Dev Shed ForumsDatabasesLDAP Programming
Reload this Page

Ldapsearch, ldapmodify and ldapdelete incompatible due to prefix "dn:"?


Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old November 11th, 2009, 09:24 AM
gobigboy gobigboy is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Nov 2009
Posts: 2 gobigboy User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 25 m 3 sec
Reputation Power: 0
Ldapsearch, ldapmodify and ldapdelete incompatible due to prefix "dn:"?
Using ldapsearch to pull some entities from LDAP server. The result will be of type:

dn: cn=systemuser,cn=system,cn=Users,dc=ds,dc=domain,dc=int
middlename:: 2HR0ZXJuYXZu
givenname:: RuVybmF2bg==
sn:: xnR0ZXJuYXZu
...

Now if I want to do ldapdelete on this output it turns out that the "dn: " part on line 1 is causing problems for ldapdelete. So need to do some grep-and-remove first.
Is this really so, that the ldapsearch, ldapmodify and ldapdelete are incompatible when it comes to ldif-format.
This "dn: "-prefix should not cause trouble for ldapdelete really, should it?
The reason for asking is that we want to maintain ldap structure with one ldif-file, using the same file for both ldapadd and ldapdelete. Do not want to introduce changetype either as that would cause two files as well.
Reply With Quote
  #2  
Old November 14th, 2009, 11:24 PM
umbrella's Avatar
umbrella umbrella is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Oct 2008
Posts: 85 umbrella User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 23 h 38 m 31 sec
Reputation Power: 5
hm, you can delete them by sed or more convinient way to manipulate LDAP-tree it's a net::ldap::ldif perl module.
Reply With Quote
  #3  
Old November 15th, 2009, 08:15 AM
gobigboy gobigboy is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Nov 2009
Posts: 2 gobigboy User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 25 m 3 sec
Reputation Power: 0
Quote:
Originally Posted by umbrella
hm, you can delete them by sed or more convinient way to manipulate LDAP-tree it's a net::ldap::ldif perl module.


yes sed, or other search and replace functionality will make an ldapsearch result suitable for ldapdelete.
I was just wondering if this is really so, that ldapsearch and ldapdelete in a way is incompatible, or if I did miss some flag to make a ldapsearch result compatible with ldapdelete.
It is only this tiny dn: addition that is causing ldapdelete to fail, ldapmodify is quite happy with it.
But good to know that perl has a library for it, maybe java has one too?

thanks for the reply
Reply With Quote
  #4  
Old December 20th, 2009, 11:13 AM
ldapswandog ldapswandog is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jan 2009
Location: Charlotte, NC
Posts: 111 ldapswandog User rank is Corporal (100 - 500 Reputation Level)ldapswandog User rank is Corporal (100 - 500 Reputation Level)ldapswandog User rank is Corporal (100 - 500 Reputation Level)ldapswandog User rank is Corporal (100 - 500 Reputation Level) 
Time spent in forums: 22 h 18 m
Reputation Power: 8
The ldapdelete function wants the DN of the entry as input, which does not include the LDIF key 'dn: ' as part of the DN. When you perform an ldapmodify and you want to use a LDIF formatted file to ADD entries then the file must be in LDIF format 'key: value' with a single blank line between each entry you wish to add and 2 or more blank lines at the end of the file to let the ldapmodify commmand know it has reached the end of the file and exit properly.

Example: you use ldapsearch to find a number of accounts that need to be remove because you fired an entire department.
Code:
ldapsearch -T -h ldap_host -p ldap_port -D "" -w "" -b ldap_base -s sub "(&(deptid=12345)(objectclass=person))" dn > sed -n 's/dn: //' > delete.out

now you have a list of DN's that you can delete
Code:
ldapdelete -T -h ldap_host -p ldap_port -D "cn=directory manager" -w "dm_pwd" -b ldap_base -s sub -f delete.out


[code]
Reply With Quote
Reply

Viewing: Dev Shed ForumsDatabasesLDAP Programming > Ldapsearch, ldapmodify and ldapdelete incompatible due to prefix "dn:"?

« Previous Thread | Next Thread »

Developer Shed Advertisers and Affiliates



Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap