How do I remove all entries from LDAP?

Question

How do I remove all entries from LDAP?

Can I delete all entries from LDAP one line at a time?

I tried:

ldapdelete -r 'cn=*,dc=domain,dc=com' -w

but it doesn't work. I have no better ideas; /

+3

ldap ldap-query openldap

ruan 18 jul. 17 at 8:33

source to share

1 answer

Esteban · Answer 1 · 2017-07-18T09:39:52+0000

ldapdelete

is to remove a specific DN, you cannot use wilcard.

No native "oneliner". You can execute ldapsearch

and provide the DN list resulting from this search inldapdelete

Something like:

ldapsearch -LLL -s one -b "dc=domain,dc=com" "(cn=*)" dn | awk -F": " '$1~/^\s*dn/{print $2}' > listOfDNtoRemove.txt && ldapdelete -r -f listOfDNtoRemove.txt

-s one

: this parameter in ldapsearch

should only fetch the first level child of the branchdc=domain,dc=com
-LLL

: this parameter must be in output format LDIF
-r

: this option is for recursively deleting the found first-level branch and their children
awk -F": " '$1~/^\s*dn/{print $2}'

: this one awk

should only print the line starting with dn:

and print the valuedn

NOTE. ldapdelete

also reads a list of DNs from standard input, so you can directly pipe the results ldapsearch

to ldapdelete

if you want to avoid the temporary file

How do I remove all entries from LDAP?

More articles: