8

Is it possible to remove all entries from LDAP by one-line commend?

I tried:

ldapdelete -r 'cn=*,dc=domain,dc=com' -w

but it's not working. I have no better ideas;/

user207421
  • 305,947
  • 44
  • 307
  • 483
ruan
  • 179
  • 1
  • 2
  • 8

2 Answers2

7

ldapdelete is to remove specific DN, you can't use a wilcard.

There is no native "oneliner". You can execute a ldapsearch and provide the list of DN resulting from this search to the ldapdelete

Something like : 

ldapsearch -LLL -s one -b "dc=domain,dc=com" "(cn=*)" dn | awk -F": " '$1~/^\s*dn/{print $2}' > listOfDNtoRemove.txt && ldapdelete -r -f listOfDNtoRemove.txt
  • -s one : this option on the ldapsearch is to retrieve only the first level child under the branch dc=domain,dc=com
  • -LLL : this option is to have LDIF format output
  • -r : this option is to recursively delete the previously first level branch found and their childs
  • awk -F": " '$1~/^\s*dn/{print $2}' : this awk is to print only the line starting by dn: and printing the value of the dn

NOTE : ldapdelete also reads the list of DN from the standard input, so you can pipe the ldapsearch results directly to the ldapdelete if you want to avoid the temporary file

Esteban
  • 1,752
  • 1
  • 8
  • 17
1

With the HDB backend

You can try this approach: go to the /var/lib/ldap directory and run this command:

sudo rm __db.* *.bdb log.*

The slapd server should preferably be shutdown before running this command.

Make sure you have a backup of the files before executing this

With the MDB backend

Similar as the above, but the file names are different:

sudo rm *.mdb
Per Lundberg
  • 3,837
  • 1
  • 36
  • 46
tarun mittal
  • 331
  • 4
  • 13