On Fri, 25 Sep 2009, Rich Megginson wrote:
Kimmo Koivisto wrote:
> This was what I needed to search entries:
> ldapsearch -x -b xx -D xxx -w xxx
> But then, how to pipe ldapsearch and ldapdelete to delete the result
> dn's of ldapsearch?
specify "dn" as the attribute to return - just add it to the end of the
command line - also add -LLL to the ldapsearch command line to make it
you will then have output like
You will have to use sed/awk/perl to strip the "dn: " from the DNs, and
ignore the blank lines
> 2009/9/25 Kimmo Koivisto <koippa(a)gmail.com>:
>> Thanks for your answer.
>> I know about those timestamps, but I don't know if I can compare
>> timestamps with ldapsearch.
>> So, is it possible to compare or search entries older that defined
>> timestamp, for example:
>> ldapsearch "(objectClass=*)" * modifyTimestamp>20090801000000Z
>> or how I could do this?
>> 2009/9/25 Juan Asensio Sánchez <okelet(a)gmail.com>:
>>> All entries in the directory have some operational attributes called
>>> createTimestamp, modifiTimestamp, creatorsName and modifiersName. With
>>> them, you can check when an entry has been created or modified, and
>>> who did it. I think this is what you are looking for.
>>> Those attributes, thar are operational, are not returned when you ask
>>> for all attributes, you must specify their names manually:
>>> ldapsearch ...... "(objectClass=*)" * createTimestamp
>>> 2009/9/25 Kimmo Koivisto <koippa(a)gmail.com>:
>>>> I'm using fedora-ds-1.0.4-1.RHEL4 and I have an application that
>>>> creates and modifies entries located in FDS.
>>>> Application does not remote old entries, and I cannot change how
>>>> application works.
>>>> I would like to delete entries that are not modified recently with
>>>> either plain ldapsearch+ldapdelete or using some FDS tools, perl scipt
>>>> So, my question is, what is the easiest way to delete entries, for
>>>> example older that 3 months?
If I may make a suggestion (and apologies for the last mail being way
behind -- mail's running behind for me today)...
Before doing anything like this, I'd recommend doing a little reading up
on ldapsearch, ldapmodiify, ldapdelete and the like, and getting a really
firm grip on how they work and how to use them.
What you're trying to do is potentially very dangerous if you don't have
a really good understanding of what you're doing, and very likely to
wipe a lot of data out of your LDAP directory that you don't want wiped
I'm not trying to sound disrespectful here, but it sounds like you don't
yet have a firm grip on how the basic LDAP tools work yet, and if I were
in your position I'd steer far clear of a mass-delete script until I was
sure I knew what I was doing.