How to remove all records from LDAP?

Question

Is it possible to remove all entries from LDAP by one-line commend?

I tried:

ldapdelete -r 'cn=*,dc=domain,dc=com' -w

but it's not working. I have no better ideas;/

Answer 1

With the HDB backend

You can try this approach: go to the /var/lib/ldap directory and run this command:

sudo rm __db.* *.bdb log.*

The slapd server should preferably be shutdown before running this command.

Make sure you have a backup of the files before executing this

With the MDB backend

Similar as the above, but the file names are different:

sudo rm *.mdb

Answer 2

ldapdelete is to remove specific DN, you can't use a wilcard.

There is no native "oneliner". You can execute a ldapsearch and provide the list of DN resulting from this search to the ldapdelete

Something like :

ldapsearch -LLL -s one -b "dc=domain,dc=com" "(cn=*)" dn | awk -F": " '$1~/^\s*dn/{print $2}' > listOfDNtoRemove.txt && ldapdelete -r -f listOfDNtoRemove.txt

• -s one : this option on the ldapsearch is to retrieve only the first level child under the branch dc=domain,dc=com
• -LLL : this option is to have LDIF format output
• -r : this option is to recursively delete the previously first level branch found and their childs
• awk -F": " '$1~/^\s*dn/{print $2}' : this awk is to print only the line starting by dn: and printing the value of the dn

NOTE : ldapdelete also reads the list of DN from the standard input, so you can pipe the ldapsearch results directly to the ldapdelete if you want to avoid the temporary file