#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2009
    Posts
    2
    Rep Power
    0

    Ldapsearch, ldapmodify and ldapdelete incompatible due to prefix "dn:"?


    Using ldapsearch to pull some entities from LDAP server. The result will be of type:

    dn: cn=systemuser,cn=system,cn=Users,dc=ds,dc=domain,dc=int
    middlename:: 2HR0ZXJuYXZu
    givenname:: RuVybmF2bg==
    sn:: xnR0ZXJuYXZu
    ...

    Now if I want to do ldapdelete on this output it turns out that the "dn: " part on line 1 is causing problems for ldapdelete. So need to do some grep-and-remove first.
    Is this really so, that the ldapsearch, ldapmodify and ldapdelete are incompatible when it comes to ldif-format.
    This "dn: "-prefix should not cause trouble for ldapdelete really, should it?
    The reason for asking is that we want to maintain ldap structure with one ldif-file, using the same file for both ldapadd and ldapdelete. Do not want to introduce changetype either as that would cause two files as well.


  2. #2
  3. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2008
    Posts
    85
    Rep Power
    7
    hm, you can delete them by sed or more convinient way to manipulate LDAP-tree it's a net::ldap::ldif perl module.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2009
    Posts
    2
    Rep Power
    0
    Originally Posted by umbrella
    hm, you can delete them by sed or more convinient way to manipulate LDAP-tree it's a net::ldap::ldif perl module.
    yes sed, or other search and replace functionality will make an ldapsearch result suitable for ldapdelete.
    I was just wondering if this is really so, that ldapsearch and ldapdelete in a way is incompatible, or if I did miss some flag to make a ldapsearch result compatible with ldapdelete.
    It is only this tiny dn: addition that is causing ldapdelete to fail, ldapmodify is quite happy with it.
    But good to know that perl has a library for it, maybe java has one too?

    thanks for the reply
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2009
    Location
    Charlotte, NC
    Posts
    111
    Rep Power
    10
    The ldapdelete function wants the DN of the entry as input, which does not include the LDIF key 'dn: ' as part of the DN. When you perform an ldapmodify and you want to use a LDIF formatted file to ADD entries then the file must be in LDIF format 'key: value' with a single blank line between each entry you wish to add and 2 or more blank lines at the end of the file to let the ldapmodify commmand know it has reached the end of the file and exit properly.

    Example: you use ldapsearch to find a number of accounts that need to be remove because you fired an entire department.
    Code:
    ldapsearch -T -h ldap_host -p ldap_port -D "" -w "" -b ldap_base -s sub "(&(deptid=12345)(objectclass=person))" dn > sed -n 's/dn: //' > delete.out
    now you have a list of DN's that you can delete
    Code:
    ldapdelete -T -h ldap_host -p ldap_port -D "cn=directory manager" -w "dm_pwd" -b ldap_base -s sub -f delete.out
    [code]

IMN logo majestic logo threadwatch logo seochat tools logo