[EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote:
>
>
> You can else try something like this..
>
> - Make un sub program that take a DN in paramter and make search for
> objects with "objectClass=organizationalUnit" and a "BASE" scope.
> -> If found, for each objects, recursively call your sub program with
> DN as parameter.
> -> And then, delete all entries under this OU.
>
> I think, this method works, i have done something like this in java. But it
> may exist a better way to do this.
Here you go. You might need to implement paged result sets, if your
directory enforces a result limit.
Can somebody with commit access include this into the examples? Also,
suggestions for improvement of speed are welcome :-)
Thanks,
--
Mike
#!/usr/bin/perl -w
#
# recursive-ldap-delete.pl
#
# Mike Jackson <[EMAIL PROTECTED]>
#
use strict;
use Net::LDAP;
my $server = "localhost";
my $binddn = "cn=directory manager";
my $bindpasswd = "foobar";
my $base = "dc=bigcorp,dc=com";
my $delbranch = "ou=users,$base"; # branch to remove
my $ldap = Net::LDAP->new( $server ) or die "$@";
$ldap->bind( $binddn, password => $bindpasswd, version => 3 );
my $result = $ldap->search( base => $delbranch,
filter => "(objectclass=*)" );
my @dnlist;
my $entry;
foreach $entry ( $result->all_entries ) { push @dnlist, $entry->dn }
# explode dn into an array and push
# arrays to indexed hash of arrays
my %HoL;
my $i = 0;
for ( @dnlist ) {
s/,$base//;
$HoL{$i} = [ split(",", $_) ];
$i++;
}
# sorted descending by number of members (leaf nodes last)
foreach my $key ( sort { @{$HoL{$b}} <=> @{$HoL{$a}} } keys %HoL ) {
my $dn = join(",", @{ $HoL{$key} }).",$base";
$ldap->delete($dn);
}
$entry->update ( $ldap );
$ldap->unbind;
0;
