Hi,
I'm still newbie in LDAP topic, but I was also desperate when I was searching for valid way how to do it.
Only way I found was to stop LDAP server, go to /etc/ldap/ (or whatever), find DIT and delete it manually.
I know that at older versions it was only way and I'm not sure if this function (for deleting whole DIT) is implemented yet.
Regards
Martin
________________________________ From: openldap-technical openldap-technical-bounces@openldap.org on behalf of Hongfu Huang hongfu.huang@adnovum.ch Sent: 19 June 2017 14:35:28 To: openldap-technical@openldap.org Subject: Delete the root entry of a DIT (mdb as backend)
Hi all,
I have defined a DIT (LMDB) as follows:
dn: olcDatabase={3}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {3}mdb olcDbDirectory: /var/lib/ldap/mycompany/o=mycompany olcSuffix: o=mycompany olcRootDN: uid=admin,ou=system olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="uid=admin,ou=system" write by anonymous auth by self write by * none olcAccess: {1}to * by dn="uid=admin,ou=system" write by * none olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbEnvFlags: writemap olcDbEnvFlags: nometasync olcDbNoSync: FALSE olcDbIndex: objectClass pres,eq olcDbIndex: cn pres,eq,sub olcDbIndex: uid pres,eq,sub olcDbIndex: uidNumber pres,eq olcDbIndex: gidNumber pres,eq olcDbIndex: mail pres,eq,sub olcDbIndex: ou pres,eq,sub olcDbIndex: sn pres,eq,sub olcDbIndex: givenName pres,eq,sub olcDbIndex: loginShell pres,eq olcDbIndex: memberUid pres,eq,sub olcDbIndex: nisMapName pres,eq,sub olcDbIndex: nisMapEntry pres,eq,sub olcDbMaxReaders: 0 olcDbMaxSize: 4294967296 olcDbMode: 0600 olcDbSearchStack: 16
I can add the root entry as:
dn: o=mycompany objectClass: organization objectClass: top o: mycompany
And I can also add and delete sub-entries under o=mycompany. But I can not delete the root entry o=mycompany, even there is no sub-entry below it.
Please no that the rootdn (uid=admin,ou=system) is not under the subffix (o=mycompany), that is why no rootPW is defined for this DIT. The rootDN and rootPW are defined in the second DIT (in BDB)
The weird thing was that I could search and found it:
ldapsearch -x -D uid=admin,ou=system -w XXXXXXXXX -H ldap://localhost:389 -b o=mycompany # extended LDIF # # LDAPv3 # base <o=cornerbank> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# mycompany dn: o=mycompany o: mycompany objectClass: organization objectClass: top
# search result search: 2 result: 0 Success
But it would fail if I tried to delete it:
$ ldapdelete -x -D uid=admin,ou=system -w XXXXXXXXX -H ldap://localhost:389 o=mycompany ldap_delete: No such object (32) 32
In the other words, I could import the whole DIT for o=mycompany, but could not delete the whole DIT (the root entry o=mycompany could not be deleted). Does somebody know how to solve this problem? Thanks!
Regards
-- Hongfu Huang, Senior System Integrator M.Sc. Computer Science
AdNovum Informatik AG Roentgenstrasse 22, 8005 Zurich, Switzerland phone +41 44 272 6111, direct +41 44 270 5266 hongfu.huang@adnovum.ch, www.adnovum.chhttp://www.adnovum.ch
Locations: Zurich (HQ), Bern, Lausanne, Budapest, Ho Chi Minh City, Singapore