[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Deleting all Data

To: "Tay, Gary" <Gary_Tay@platts.com>
Subject: Re: Deleting all Data
From: Buchan Milne <bgmilne@obsidian.co.za>
Date: Fri, 15 Oct 2004 11:00:33 +0200
Cc: Edwardd@discovery.co.za, Sadik Kumlali <Sadik.Kumlali@telenity.com>, openldap-software@OpenLDAP.org
In-reply-to: <A04B6AE6ED3BD742B64D5B17093F64E2912F5C@IMSSGPX01.ims.mhm.mhc>
References: <A04B6AE6ED3BD742B64D5B17093F64E2912F5C@IMSSGPX01.ims.mhm.mhc>
User-agent: Mozilla Thunderbird 0.7.3 (X11/20040806)

Tay, Gary wrote:

May be some simple scriptings could help.

Eg: delete all entries under People branch:

1) Find out who they are, export them to People.ldif, script is
db2ldif_People.sh

# db2ldif_People.sh
#
# Execute these for iPlanet Directory Server
if [ -n "`ps -ef | grep 'ns-slapd' | grep -v grep`" ]
then
   YYYY=`date +'%Y'`
   cd /usr/iplanet/ds5/slapd-`hostname`/ldif
   rm -f $YYYY*.ldif
   ../db2ldif -n UserRoot -s "ou=People,dc=example,dc=com"
   cp $YYYY*.ldif /home/ldap/People.ldif
fi

# Execute these for OpenLDAP Server
if [ -n "`ps -ef | grep 'slapd' | grep -v grep`" ]
then
   # For RedHat
   BINDIR=/usr/bin
   # For Others
   #BINDIR=/usr/local/bin
   $BINDIR/ldapsearch -x -LLL -b "ou=People,dc=example,dc=com" \
              -D "cn=Manager,dc=example,dc=com" \
              -w `cat /etc/ldap.secret` \
              "objectclass=*" >/home/ldap/People.ldif
fi
chmod 600 /home/ldap/People.ldif

2) Delete them via ldapdelete, script is openldap_delete_Peoples.sh

#! /bin/sh
# openldap_delete_Peoples.sh
# Destructive script
# Never do deletion at LDAP Master Server
# Do deletion only at LDAP Slave Server
[ "`uname -n`" = "ldap1" ] && exit

# Un-Comment for RedHat
BINDIR=/usr/bin
# Un-Comment for others
#BINDIR=/usr/local/bin

grep "^dn:" People.ldif | sed 's/^dn: //' >openldap_delete_Peoples.ldif

Why not just request the dn attribute in the first case (if you're going to ldapsearch ...)? Retreiving all attibutes (including things like photos, certificates etc etc) just to not use them is a bit of a waste ...

if [ -f mgr.pwd ] then $BINDIR/ldapdelete -c -x -D "cn=Manager,dc=example,dc=com" -w `cat mgr.pwd` -f openldap_delete_Peoples.ldif else echo "mgr.pwd not found" echo "Please enter LDAP password for cn=Manager,dc=example,dc=com..." $BINDIR/ldapdelete -c -x -D "cn=Manager,dc=example,dc=com" -W -f openldap_delete_Peoples.ldif fi

Ouch!!! This is going to perform really badly ... when you can just remove the database files instead.

===
I have this need also as I don't use slurpd for LDAP data replication
and instead use scripts to delete all Peoples/groups and then re-add
them back. I do know this does not give the best performance, just for
small BDB.

For a db of any size, this is going to take a *long* time. For BDB on OpenLDAP, you could instead script hot backups of the db files, and restore them on the slave (which would be at least an order of magnitude faster for anything but the smallest DBs).

Regards,
Buchan

--
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)

References:
- RE: Deleting all Data
  - From: "Tay, Gary" <Gary_Tay@platts.com>

Prev by Date: Re: DB_CONFIG
Next by Date: RE: Deleting all Data
Index(es):
- Chronological
- Thread