Hi,

 I'm still newbie in LDAP topic, but I was also desperate when I was searching for valid way how to do it.

Only way I found was to stop LDAP server, go to /etc/ldap/ (or whatever), find DIT and delete it manually.

I know that at older versions it was only way and I'm not sure if this function (for deleting whole DIT) is implemented yet.


Regards

  Martin

From: openldap-technical <openldap-technical-bounces@openldap.org> on behalf of Hongfu Huang <hongfu.huang@adnovum.ch>
Sent: 19 June 2017 14:35:28
To: openldap-technical@openldap.org
Subject: Delete the root entry of a DIT (mdb as backend)
 
Hi all,

I have defined a DIT (LMDB) as follows:

> dn: olcDatabase={3}mdb,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcMdbConfig
> olcDatabase: {3}mdb
> olcDbDirectory: /var/lib/ldap/mycompany/o=mycompany
> olcSuffix: o=mycompany
> olcRootDN: uid=admin,ou=system
> olcAccess: {0}to attrs=userPassword,shadowLastChange by
>   dn="uid=admin,ou=system" write by anonymous auth by self write by * none
> olcAccess: {1}to * by dn="uid=admin,ou=system" write by * none
> olcAddContentAcl: FALSE
> olcLastMod: TRUE
> olcMaxDerefDepth: 15
> olcReadOnly: FALSE
> olcSyncUseSubentry: FALSE
> olcMonitoring: TRUE
> olcDbEnvFlags: writemap
> olcDbEnvFlags: nometasync
> olcDbNoSync: FALSE
> olcDbIndex: objectClass pres,eq
> olcDbIndex: cn pres,eq,sub
> olcDbIndex: uid pres,eq,sub
> olcDbIndex: uidNumber pres,eq
> olcDbIndex: gidNumber pres,eq
> olcDbIndex: mail pres,eq,sub
> olcDbIndex: ou pres,eq,sub
> olcDbIndex: sn pres,eq,sub
> olcDbIndex: givenName pres,eq,sub
> olcDbIndex: loginShell pres,eq
> olcDbIndex: memberUid pres,eq,sub
> olcDbIndex: nisMapName pres,eq,sub
> olcDbIndex: nisMapEntry pres,eq,sub
> olcDbMaxReaders: 0
> olcDbMaxSize: 4294967296
> olcDbMode: 0600
> olcDbSearchStack: 16
I can add the root entry as:

> dn: o=mycompany
> objectClass: organization
> objectClass: top
> o: mycompany
And I can also add and delete sub-entries under o=mycompany. But I can
not delete the root entry o=mycompany, even there is no sub-entry below it.

Please no that the rootdn (uid=admin,ou=system) is not under the subffix
(o=mycompany), that is why no rootPW is defined for this DIT. The rootDN
and rootPW are defined in the second DIT (in BDB)

The weird thing was that I could search and found it:

> ldapsearch -x -D uid=admin,ou=system -w XXXXXXXXX  -H
> ldap://localhost:389  -b o=mycompany
> # extended LDIF
> #
> # LDAPv3
> # base <o=cornerbank> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # mycompany
> dn: o=mycompany
> o: mycompany
> objectClass: organization
> objectClass: top
>
> # search result
> search: 2
> result: 0 Success
But it would fail if I tried to delete it:

> $ ldapdelete -x -D uid=admin,ou=system -w XXXXXXXXX  -H
> ldap://localhost:389  o=mycompany
> ldap_delete: No such object (32)
> 32
In the other words, I could import the whole DIT for o=mycompany, but
could not delete the whole DIT (the root entry o=mycompany could not be
deleted). Does somebody know how to solve this problem? Thanks!

Regards

--
Hongfu Huang, Senior System Integrator
M.Sc. Computer Science

AdNovum Informatik AG
Roentgenstrasse 22, 8005 Zurich, Switzerland
phone +41 44 272 6111, direct +41 44 270 5266
hongfu.huang@adnovum.ch, www.adnovum.ch

Locations: Zurich (HQ), Bern, Lausanne, Budapest, Ho Chi Minh City, Singapore