Ldap – Delete domain using ldapdelete

ldapopenldap

According to the man page of ldapdelete it should be possible to delete entries

[root@controller ~]# man ldapdelete
EXAMPLE
       The following command:

           ldapdelete "cn=Delete Me,dc=example,dc=com"

       will  attempt  to  delete  the  entry  named   "cn=Delete   Me,dc=exam‐
       ple,dc=com".   Of  course  it  would  probably  be  necessary to supply
       authentication credentials.

but deleting a domain does not work:

[root@controller ~]# ldapdelete -x -D "cn=Manager,dc=my-domain,dc=com" -W "dc=my-domain,dc=com"
Enter LDAP Password:
ldap_delete: No such object (32)

while it exists

[root@controller ~]# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#

#
dn:
namingContexts: dc=my-domain,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Best Answer

Even deleting the base entry will not remove a naming context. You'll have to remove it from your configuration.

Related Solutions

Ubuntu – How to use ldapdelete to delete an improperly set up olc database

Generally the initial setup process for cn=config isn't very easy and there are plenty of ways to shoot yourself in the foot in the process. However, remember that cn=config is stored in LDIF format files in slapd.d (usually in ${prefix}/etc/openldap/) and can be edited by hand (carefully and while slapd isn't running). So if you've locked yourself out (no RootDN/RootPW) or completely mangled your cn=config somehow, you can always fix it there.

A good way to get a basic config going is to actually do it in the old style slapd.conf fashion and then convert it to slapd.d (using slaptest -f -F) once the basic stuff (databases, modules and a RootDN/RootPW) is sorted.

Linux – LDAP+SAMBA login issues

I solved the issue by running following command:

smbpasswd -w <MyLiteralPassword>

Related Topic