If I run ldapsearch -x -ZZ -b 'cn=sysadmin,ou=groups,dc=sub,dc=mydom,dc=com' I get a list of users in the sysadmin group (below). I'd like to remove user456 only from the sysadmin group but I want to do this from a shell script and not create an intermediate LDIF file to do it. What dn woudl I use to do this?
eg: ldapdelete -Y EXTERNAL -H ldapi:/// <some_dn_with_the_member_attribute>
# sysadmin, groups, sub.mydom.com
dn: cn=sysadmin,ou=groups,dc=sub,dc=mydom,dc=com
cn: sysadmin
objectClass: top
objectClass: groupOfNames
member: uid=user123,ou=people,dc=sub,dc=mydom,dc=com
member: uid=user456,ou=people,dc=sub,dc=mydom,dc=com
member: uid=user789,ou=people,dc=sub,dc=mydom,dc=com
Best Answer
Seems like this will do it although I can't believe the level of janky needed to get it done: