[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Deleting all Data



Tay, Gary wrote:
May be some simple scriptings could help.

Eg: delete all entries under People branch:

1) Find out who they are, export them to People.ldif, script is
db2ldif_People.sh

# db2ldif_People.sh
#
# Execute these for iPlanet Directory Server
if [ -n "`ps -ef | grep 'ns-slapd' | grep -v grep`" ]
then
   YYYY=`date +'%Y'`
   cd /usr/iplanet/ds5/slapd-`hostname`/ldif
   rm -f $YYYY*.ldif
   ../db2ldif -n UserRoot -s "ou=People,dc=example,dc=com"
   cp $YYYY*.ldif /home/ldap/People.ldif
fi

# Execute these for OpenLDAP Server
if [ -n "`ps -ef | grep 'slapd' | grep -v grep`" ]
then
   # For RedHat
   BINDIR=/usr/bin
   # For Others
   #BINDIR=/usr/local/bin
   $BINDIR/ldapsearch -x -LLL -b "ou=People,dc=example,dc=com" \
              -D "cn=Manager,dc=example,dc=com" \
              -w `cat /etc/ldap.secret` \
              "objectclass=*" >/home/ldap/People.ldif
fi
chmod 600 /home/ldap/People.ldif

2) Delete them via ldapdelete, script is openldap_delete_Peoples.sh

#! /bin/sh
# openldap_delete_Peoples.sh
# Destructive script
# Never do deletion at LDAP Master Server
# Do deletion only at LDAP Slave Server
[ "`uname -n`" = "ldap1" ] && exit

# Un-Comment for RedHat
BINDIR=/usr/bin
# Un-Comment for others
#BINDIR=/usr/local/bin

grep "^dn:" People.ldif | sed 's/^dn: //' >openldap_delete_Peoples.ldif

Why not just request the dn attribute in the first case (if you're going to ldapsearch ...)? Retreiving all attibutes (including things like photos, certificates etc etc) just to not use them is a bit of a waste ...


if [ -f mgr.pwd ]
then
$BINDIR/ldapdelete -c -x -D "cn=Manager,dc=example,dc=com" -w `cat
mgr.pwd` -f openldap_delete_Peoples.ldif
else
echo "mgr.pwd not found"
echo "Please enter LDAP password for cn=Manager,dc=example,dc=com..."
$BINDIR/ldapdelete -c -x -D "cn=Manager,dc=example,dc=com" -W -f
openldap_delete_Peoples.ldif
fi



Ouch!!! This is going to perform really badly ... when you can just remove the database files instead.


===
I have this need also as I don't use slurpd for LDAP data replication
and instead use scripts to delete all Peoples/groups and then re-add
them back. I do know this does not give the best performance, just for
small BDB.

For a db of any size, this is going to take a *long* time. For BDB on OpenLDAP, you could instead script hot backups of the db files, and restore them on the slave (which would be at least an order of magnitude faster for anything but the smallest DBs).


Regards,
Buchan

--
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)