[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapmodify on multiple dn's

To: Jason Joines <support@bus.okstate.edu>
Subject: Re: ldapmodify on multiple dn's
From: Jon Roberts <jon@jonanddeb.net>
Date: Wed, 06 Apr 2005 16:23:15 -0500
Cc: openldap-software@OpenLDAP.org
In-reply-to: <42544D99.30401@bus.okstate.edu>
References: <42544D99.30401@bus.okstate.edu>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113

Jason Joines wrote:

I need to delete a user from a large number of groups. Is there anyway to use ldapmodify to remove the user from all the groups at once?


LDIF is probably the right idea.

I tried using an LDIF like the following but as soon as ldapmodify gets to the next dn, it throws an error about unknown attribute type.


It helps if you post the exact error message you get.

I also tried with just a blank line instead of a dash and with no separator.

Use a blank like between entries. A dash is used to separate operations on different attributes from the same dn.

dn: cn=web,dc=my,dc=domain,dc=org
changetype: modify
delete: memberuid
memberuid: jadoe

Assuming these are posixgroups from the nis.schema and jadoe is a value of each groups memberuid attribute, this should work. If they aren't posixgroup but rather groupofnames entries, you need something more like:

dn: cn=web,dc=my,dc=domain,dc=org
changetype: modify
delete: member
member: uid=jadoe,dc=my,dc=domain,dc=org

Jon Roberts
www.mentata.com

References:
- ldapmodify on multiple dn's
  - From: Jason Joines <support@bus.okstate.edu>

Prev by Date: Re: ldapmodify on multiple dn's
Next by Date: Re: Permissions error
Index(es):
- Chronological
- Thread