Today is was asked to cleanup an Oracle Internet Directory without removing the orcladmin and some other operational users.
As all accounts are housed under the same context root , being “cn=Users,dc=example,dc=com”. I was forced to use an ldapsearch instead of using bulkdelete to perform the operation.
First we exported all the users :
ldapsearch -h oid.example.com -p 389-L -D “cn=orcladmin” -w “xxx” -b “cn=Users,dc=example,dc=com” -s sub “objectclass=*” > users_oid.ldif
After this a ldif is created with all user and attributes which cannot be used directly by ldapdelete.
Second we filter out only the “dn:” lines :
cat users_oid.ldif | grep dn: > users_delete.ldif
Then we remove the lines
dn: cn=Users, dc=example,dc=com
dn: cn=orcladmin, cn=Users, dc=example,dc=com
…
..
After this we remove the “dn:” from all lines as this would result in an error when kept.
sed s/dn:// users_delete.ldif > new_users_delete.ldif
Now we have created a clean ldif file which can be used by ldapdelete !
ldapdelete -h oid.example.com -p 389 -D “cn=orcladmin” -w xxx -f new_users_delete.ldif
Depending on the number of users in your ldap directory, this could take a while :)
