Hi, I'm still newbie in LDAP topic, but I was also desperate when I was searching for valid way how to do it.
Only way I found was to stop LDAP server, go to /etc/ldap/ (or whatever), find DIT and delete it manually. I know that at older versions it was only way and I'm not sure if this function (for deleting whole DIT) is implemented yet. Regards Martin ________________________________ From: openldap-technical <[email protected]> on behalf of Hongfu Huang <[email protected]> Sent: 19 June 2017 14:35:28 To: [email protected] Subject: Delete the root entry of a DIT (mdb as backend) Hi all, I have defined a DIT (LMDB) as follows: > dn: olcDatabase={3}mdb,cn=config > objectClass: olcDatabaseConfig > objectClass: olcMdbConfig > olcDatabase: {3}mdb > olcDbDirectory: /var/lib/ldap/mycompany/o=mycompany > olcSuffix: o=mycompany > olcRootDN: uid=admin,ou=system > olcAccess: {0}to attrs=userPassword,shadowLastChange by > dn="uid=admin,ou=system" write by anonymous auth by self write by * none > olcAccess: {1}to * by dn="uid=admin,ou=system" write by * none > olcAddContentAcl: FALSE > olcLastMod: TRUE > olcMaxDerefDepth: 15 > olcReadOnly: FALSE > olcSyncUseSubentry: FALSE > olcMonitoring: TRUE > olcDbEnvFlags: writemap > olcDbEnvFlags: nometasync > olcDbNoSync: FALSE > olcDbIndex: objectClass pres,eq > olcDbIndex: cn pres,eq,sub > olcDbIndex: uid pres,eq,sub > olcDbIndex: uidNumber pres,eq > olcDbIndex: gidNumber pres,eq > olcDbIndex: mail pres,eq,sub > olcDbIndex: ou pres,eq,sub > olcDbIndex: sn pres,eq,sub > olcDbIndex: givenName pres,eq,sub > olcDbIndex: loginShell pres,eq > olcDbIndex: memberUid pres,eq,sub > olcDbIndex: nisMapName pres,eq,sub > olcDbIndex: nisMapEntry pres,eq,sub > olcDbMaxReaders: 0 > olcDbMaxSize: 4294967296 > olcDbMode: 0600 > olcDbSearchStack: 16 I can add the root entry as: > dn: o=mycompany > objectClass: organization > objectClass: top > o: mycompany And I can also add and delete sub-entries under o=mycompany. But I can not delete the root entry o=mycompany, even there is no sub-entry below it. Please no that the rootdn (uid=admin,ou=system) is not under the subffix (o=mycompany), that is why no rootPW is defined for this DIT. The rootDN and rootPW are defined in the second DIT (in BDB) The weird thing was that I could search and found it: > ldapsearch -x -D uid=admin,ou=system -w XXXXXXXXX -H > ldap://localhost:389 -b o=mycompany > # extended LDIF > # > # LDAPv3 > # base <o=cornerbank> with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # mycompany > dn: o=mycompany > o: mycompany > objectClass: organization > objectClass: top > > # search result > search: 2 > result: 0 Success But it would fail if I tried to delete it: > $ ldapdelete -x -D uid=admin,ou=system -w XXXXXXXXX -H > ldap://localhost:389 o=mycompany > ldap_delete: No such object (32) > 32 In the other words, I could import the whole DIT for o=mycompany, but could not delete the whole DIT (the root entry o=mycompany could not be deleted). Does somebody know how to solve this problem? Thanks! Regards -- Hongfu Huang, Senior System Integrator M.Sc. Computer Science AdNovum Informatik AG Roentgenstrasse 22, 8005 Zurich, Switzerland phone +41 44 272 6111, direct +41 44 270 5266 [email protected], www.adnovum.ch<http://www.adnovum.ch> Locations: Zurich (HQ), Bern, Lausanne, Budapest, Ho Chi Minh City, Singapore
