#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2009
    Posts
    2
    Rep Power
    0

    Ldapsearch, ldapmodify and ldapdelete incompatible due to prefix "dn:"?


    Using ldapsearch to pull some entities from LDAP server. The result will be of type:

    dn: cn=systemuser,cn=system,cn=Users,dc=ds,dc=domain,dc=int
    middlename:: 2HR0ZXJuYXZu
    givenname:: RuVybmF2bg==
    sn:: xnR0ZXJuYXZu
    ...

    Now if I want to do ldapdelete on this output it turns out that the "dn: " part on line 1 is causing problems for ldapdelete. So need to do some grep-and-remove first.
    Is this really so, that the ldapsearch, ldapmodify and ldapdelete are incompatible when it comes to ldif-format.
    This "dn: "-prefix should not cause trouble for ldapdelete really, should it?
    The reason for asking is that we want to maintain ldap structure with one ldif-file, using the same file for both ldapadd and ldapdelete. Do not want to introduce changetype either as that would cause two files as well.


  2. #2
  3. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2008
    Posts
    85
    Rep Power
    7
    hm, you can delete them by sed or more convinient way to manipulate LDAP-tree it's a net::ldap::ldif perl module.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2009
    Posts
    2
    Rep Power
    0
    Originally Posted by umbrella
    hm, you can delete them by sed or more convinient way to manipulate LDAP-tree it's a net::ldap::ldif perl module.
    yes sed, or other search and replace functionality will make an ldapsearch result suitable for ldapdelete.
    I was just wondering if this is really so, that ldapsearch and ldapdelete in a way is incompatible, or if I did miss some flag to make a ldapsearch result compatible with ldapdelete.
    It is only this tiny dn: addition that is causing ldapdelete to fail, ldapmodify is quite happy with it.
    But good to know that perl has a library for it, maybe java has one too?

    thanks for the reply
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2009
    Location
    Charlotte, NC
    Posts
    111
    Rep Power
    9
    The ldapdelete function wants the DN of the entry as input, which does not include the LDIF key 'dn: ' as part of the DN. When you perform an ldapmodify and you want to use a LDIF formatted file to ADD entries then the file must be in LDIF format 'key: value' with a single blank line between each entry you wish to add and 2 or more blank lines at the end of the file to let the ldapmodify commmand know it has reached the end of the file and exit properly.

    Example: you use ldapsearch to find a number of accounts that need to be remove because you fired an entire department.
    Code:
    ldapsearch -T -h ldap_host -p ldap_port -D "" -w "" -b ldap_base -s sub "(&(deptid=12345)(objectclass=person))" dn > sed -n 's/dn: //' > delete.out
    now you have a list of DN's that you can delete
    Code:
    ldapdelete -T -h ldap_host -p ldap_port -D "cn=directory manager" -w "dm_pwd" -b ldap_base -s sub -f delete.out
    [code]

IMN logo majestic logo threadwatch logo seochat tools logo