[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Deleting all Data

Tay, Gary wrote:
May be some simple scriptings could help.

Eg: delete all entries under People branch:

1) Find out who they are, export them to People.ldif, script is

# db2ldif_People.sh
# Execute these for iPlanet Directory Server
if [ -n "`ps -ef | grep 'ns-slapd' | grep -v grep`" ]
   YYYY=`date +'%Y'`
   cd /usr/iplanet/ds5/slapd-`hostname`/ldif
   rm -f $YYYY*.ldif
   ../db2ldif -n UserRoot -s "ou=People,dc=example,dc=com"
   cp $YYYY*.ldif /home/ldap/People.ldif

# Execute these for OpenLDAP Server
if [ -n "`ps -ef | grep 'slapd' | grep -v grep`" ]
   # For RedHat
   # For Others
   $BINDIR/ldapsearch -x -LLL -b "ou=People,dc=example,dc=com" \
              -D "cn=Manager,dc=example,dc=com" \
              -w `cat /etc/ldap.secret` \
              "objectclass=*" >/home/ldap/People.ldif
chmod 600 /home/ldap/People.ldif

2) Delete them via ldapdelete, script is openldap_delete_Peoples.sh

#! /bin/sh
# openldap_delete_Peoples.sh
# Destructive script
# Never do deletion at LDAP Master Server
# Do deletion only at LDAP Slave Server
[ "`uname -n`" = "ldap1" ] && exit

# Un-Comment for RedHat
# Un-Comment for others

grep "^dn:" People.ldif | sed 's/^dn: //' >openldap_delete_Peoples.ldif

Why not just request the dn attribute in the first case (if you're going to ldapsearch ...)? Retreiving all attibutes (including things like photos, certificates etc etc) just to not use them is a bit of a waste ...

if [ -f mgr.pwd ]
$BINDIR/ldapdelete -c -x -D "cn=Manager,dc=example,dc=com" -w `cat
mgr.pwd` -f openldap_delete_Peoples.ldif
echo "mgr.pwd not found"
echo "Please enter LDAP password for cn=Manager,dc=example,dc=com..."
$BINDIR/ldapdelete -c -x -D "cn=Manager,dc=example,dc=com" -W -f

Ouch!!! This is going to perform really badly ... when you can just remove the database files instead.

I have this need also as I don't use slurpd for LDAP data replication
and instead use scripts to delete all Peoples/groups and then re-add
them back. I do know this does not give the best performance, just for
small BDB.

For a db of any size, this is going to take a *long* time. For BDB on OpenLDAP, you could instead script hot backups of the db files, and restore them on the slave (which would be at least an order of magnitude faster for anything but the smallest DBs).


Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)