如何从 LDAP 中删除所有记录? [英] How to remove all records from LDAP?

问题描述

是否可以通过一行命令从 LDAP 中删除所有条目?

Is it possible to remove all entries from LDAP by one-line commend?

我试过了:

ldapdelete -r 'cn=*,dc=domain,dc=com' -w

但它不起作用.我没有更好的主意；/

but it's not working. I have no better ideas;/

推荐答案

ldapdelete是删除特定的DN，不能使用通配符.

ldapdelete is to remove specific DN, you can't use a wilcard.

没有原生的oneliner".您可以执行 ldapsearch 并将由此搜索产生的 DN 列表提供给 ldapdelete

There is no native "oneliner". You can execute a ldapsearch and provide the list of DN resulting from this search to the ldapdelete

类似:

ldapsearch -LLL -s one -b "dc=domain,dc=com" "(cn=*)" dn | awk -F": " '$1~/^s*dn/{print $2}' > listOfDNtoRemove.txt && ldapdelete -r -f listOfDNtoRemove.txt

• -s one : ldapsearch 上的这个选项是只检索分支 dc=domain,dc=com
• -LLL : 这个选项是有 LDIF 格式输出
• -r : 该选项是递归删除之前找到的第一级分支及其子分支
• awk -F": " '$1~/^s*dn/{print $2}' : 这个 awk 是只打印以 <开头的行code>dn: 并打印 dn
的值
• -s one : this option on the ldapsearch is to retrieve only the first level child under the branch dc=domain,dc=com
• -LLL : this option is to have LDIF format output
• -r : this option is to recursively delete the previously first level branch found and their childs
• awk -F": " '$1~/^s*dn/{print $2}' : this awk is to print only the line starting by dn: and printing the value of the dn

注意:ldapdelete 还从标准输入读取 DN 列表，因此您可以将 ldapsearch 结果直接通过管道传输到 ldapdelete 如果你想避免临时文件

NOTE : ldapdelete also reads the list of DN from the standard input, so you can pipe the ldapsearch results directly to the ldapdelete if you want to avoid the temporary file

这篇关于如何从 LDAP 中删除所有记录?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！