3

(This question had been asked on the OpenLDAP list also, but didn't get an answer there)

Trying to delete the result of an LDAP search, I have a problem:

Using

ldapsearch -Q -Y EXTERNAL -H ldapi:/// -b "dc=services,dc=net,$DIT_BASE" \
           -s one -z $SIZE_LIMIT '(objectClass=ipService)' dn |
awk '
/^dn: / {
#      sub(/^dn: /, "");
      print;
}
' |
ldapdelete -v -Y EXTERNAL -H ldapi:///

I get

deleting entry "dn: cn=1ci-smcs@3091/tcp,dc=services,dc=net,...”
ldap_delete: Invalid DN syntax (34)
        additional info: invalid DN”

And when I remove the “dn: “ in front I get

“ldap_delete: Server is unwilling to perform (53)
        additional info: no global superior knowledge”

What do I miss?

U. Windl
  • 943

1 Answers1

6

"no global superior knowledge" means the DN didn't match any subtree known to the LDAP server (and the server doesn't know any upward referrals to redirect you to a better server)¹ – most likely because the DN is truncated due to default LDIF line wrapping, as your grep only matched the 1st line.

Add -o ldif-wrap=no to disable line wrapping.

ldapsearch -LLL -o ldif-wrap=no ... |
    awk '/^dn:/ { print; print "changetype: delete"; print "" }' |
    ldapmodify

¹ The term 'knowledge' refers to all the data that this server is authoritative for, plus replication relationships, plus upward (superior) and downward (subordinate) referrals – a relic of X.500's original "one global directory" design – and 'superior knowledge' would be upward referrals specifically. (Which are still possible to configure in OpenLDAP; there's even a module to give out referrals based on DNS SRV records.)

grawity
  • 501,077