On 9/13/24 11:48 AM, Quanah Gibson-Mount wrote:


--On Friday, September 13, 2024 10:59 AM -0400 Brendan Kearney <bpk678@gmail.com> wrote:

sadly, my command-line-fu is lacking and most of the tools i use will not
work (they all crash and cannot enumerate the base of dc=bpk2,dc=com). 
i am trying:

ldapdelete "cACertificate;binary,dc=bpk2,dc=com"
and
ldapdelete "cACertificate,dc=bpk2,dc=com"

but both attempts return:

ldap_delete: Invalid DN syntax (34)
     additional info: invalid DN


ldapdelete is for deleting entire entries.  If you want to remove attributes, you use ldapmodify.

ldapmodify ...
dn: ...
changetype: modify
delete: cACertificate
-
delete: cAPrivateKey
-
delete: objectClass
objectClass: autoCA



--Quanah

i took several tries at this and each different try fails...

[brendan@x1titanium ~]$ ldapmodify
SASL/GSSAPI authentication started
SASL username: brendan@BPK2.COM
SASL SSF: 256
SASL data security layer installed.
dn: dc=bpk2,dc=com
changetype: modify
delete: cACertificate
-
delete: cAPrivateKey
-
delete: objectClass
objectClass: autoCA

modifying entry "dc=bpk2,dc=com"
ldap_modify: Undefined attribute type (17)
    additional info: cACertificate: requires ;binary transfer

ok, add the ";binary" string to the attribute to be deleted...

[brendan@x1titanium ~]$ ldapmodify
SASL/GSSAPI authentication started
SASL username: brendan@BPK2.COM
SASL SSF: 256
SASL data security layer installed.
dn: dc=bpk2,dc=com
changetype: modify
delete: cACertificate;binary
-
delete: cAPrivateKey;binary
-
delete: objectClass
objectClass: autoCA

modifying entry "dc=bpk2,dc=com"
ldap_modify: Invalid syntax (21)
    additional info: objectClass: value #0 invalid per syntax

ok, try deleting the attributes only, instead of the attributes and the objectClass all at once...

[brendan@x1titanium ~]$ ldapmodify
SASL/GSSAPI authentication started
SASL username: brendan@BPK2.COM
SASL SSF: 256
SASL data security layer installed.
dn: dc=bpk2,dc=com
changetype: modify
delete: cACertificate;binary
-
delete: cAPrivateKey;binary

modifying entry "dc=bpk2,dc=com"
ldap_modify: Object class violation (65)
    additional info: unrecognized objectClass 'autoCA'

i have no idea why the attempts to delete the attributes and objectClass fail.  is adding the ";binary" string to the attribute the correct action to overcome the error?

thanks,

brendan