Ping a Specific Port

Question

Qippur

Asked: 2018-06-14 07:59:36 +0800 CST2018-06-14 07:59:36 +0800 CST 2018-06-14 07:59:36 +0800 CST

OPENLDAP: How to delete an o= entry?

772

I created an organization (o=otherorg,dc=example,dc=com) inside my OpenLDAP server running on Debian stretch. Now I want to remove it, but no tool I tried allows me to. Below is a chunk of slapcat output I would like to remove the "dn: o=otherorg,dc=example,dc=com" entry I tried with:

ldapdelete -x -W -D "cn=admin,dc=example,dc=com" "o=otherorg,dc=example,dc=com"

I created a file named delete.ldif containing:

dn: o=otherorg,dc=example,dc=com
changetype: delete

and ran:

 ldapmodify -Y EXTERNAL -H ldapi:/// -f /path/to/delete.ldiff

All without success

dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: example.com
dc: example
structuralObjectClass: organization
entryUUID: 99585550-02ab-1038-9dc9-000000000000
creatorsName: cn=admin,dc=example,dc=com
createTimestamp: 19700101164420Z
entryCSN: 19700101164420.615825Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 19700101164420Z
contextCSN: 19700101173944.872394Z#000000#000#000000
contextCSN: 19700101173733.720551Z#000000#001#000000

dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
structuralObjectClass: organizationalRole
creatorsName: cn=admin,dc=example,dc=com
userPassword:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
entryUUID: 995956ee-02ab-1038-9dca-000000000000
createTimestamp: 19700101164420Z
entryCSN: 19700101164420.622825Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 19700101164420Z

dn: o=otherorg,dc=example,dc=com
entryUUID: 7a6cd5be-02b3-1038-8346-000000000000
creatorsName: cn=admin,dc=example,dc=com
createTimestamp: 19700101173944Z
entryCSN: 19700101173944.872394Z#000000#000#000000
objectClass: top
objectClass: glue
structuralObjectClass: glue
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 19700101173944Z

1 Answers

Voted

rda · Answer 1 · 2018-06-18T22:55:57+08:00

Best Answer

rda

2018-06-18T22:55:57+08:002018-06-18T22:55:57+08:00

An entry can be deleted using:

ldapdelete <dn>

or recursively:

ldapdelete -r <dn>

However, the entry you are trying to delete is a glue entry, which can't be operated on using normal LDAP operations. This glue is used in referrals, when a sub-tree is managed by another DSA. They are also used by syncrepl as shadow databases and may also appear due to replication problems.

To treat such entries as normal entries, add the -M option to ldapsearch, ldapmodify or ldapdelete. Delete this type of entry using:

ldapdelete -M <dn>

This option sends the manageDsaIT control, see rfc3296:

The client may provide the ManageDsaIT control with an operation to indicate that the operation is intended to manage objects within the DSA (server) Information Tree. The control causes Directory-specific entries (DSEs), regardless of type, to be treated as normal entries allowing clients to interrogate and update these entries using LDAP operations.

1

OPENLDAP: How to delete an o= entry?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?