Fedora directory users - Sep 2009 - [389-users] Deleting entries that are not modified recently

Hello

I''m using fedora-ds-1.0.4-1.RHEL4 and I have an application that
creates and modifies entries located in FDS.
Application does not remote old entries, and I cannot change how
application works.

I would like to delete entries that are not modified recently with
either plain ldapsearch+ldapdelete or using some FDS tools, perl scipt
etc.

So, my question is, what is the easiest way to delete entries, for
example older that 3 months?

Regards,
Kimmo

Hi

All entries in the directory have some operational attributes called
createTimestamp, modifiTimestamp, creatorsName and modifiersName. With
them, you can check when an entry has been created or modified, and
who did it. I think this is what you are looking for.

Those attributes, thar are operational, are not returned when you ask
for all attributes, you must specify their names manually:

ldapsearch ...... "(objectClass=*)" * createTimestamp

Regards

2009/9/25 Kimmo Koivisto <koippa@gmail.com>:
> Hello
>
> I''m using fedora-ds-1.0.4-1.RHEL4 and I have an application that
> creates and modifies entries located in FDS.
> Application does not remote old entries, and I cannot change how
> application works.
>
> I would like to delete entries that are not modified recently with
> either plain ldapsearch+ldapdelete or using some FDS tools, perl scipt
> etc.
>
> So, my question is, what is the easiest way to delete entries, for
> example older that 3 months?
>
> Regards,
> Kimmo
>
> --
> 389 users mailing list
> 389-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Hello

Thanks for your answer.

I know about those timestamps, but I don''t know if I can compare
timestamps with ldapsearch.

So, is it possible to compare or search entries older that defined
timestamp, for example:

ldapsearch "(objectClass=*)" * modifyTimestamp>20090801000000Z

or how I could do this?

Regards,
Kimmo


2009/9/25 Juan Asensio Sánchez <okelet@gmail.com>:
> Hi
>
> All entries in the directory have some operational attributes called
> createTimestamp, modifiTimestamp, creatorsName and modifiersName. With
> them, you can check when an entry has been created or modified, and
> who did it. I think this is what you are looking for.
>
> Those attributes, thar are operational, are not returned when you ask
> for all attributes, you must specify their names manually:
>
> ldapsearch ...... "(objectClass=*)" * createTimestamp
>
> Regards
>
> 2009/9/25 Kimmo Koivisto <koippa@gmail.com>:
>> Hello
>>
>> I''m using fedora-ds-1.0.4-1.RHEL4 and I have an application
that
>> creates and modifies entries located in FDS.
>> Application does not remote old entries, and I cannot change how
>> application works.
>>
>> I would like to delete entries that are not modified recently with
>> either plain ldapsearch+ldapdelete or using some FDS tools, perl scipt
>> etc.
>>
>> So, my question is, what is the easiest way to delete entries, for
>> example older that 3 months?
>>
>> Regards,
>> Kimmo
>>
>> --
>> 389 users mailing list
>> 389-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>
> --
> 389 users mailing list
> 389-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Hello

This was what I needed to search entries:

ldapsearch -x -b xx -D xxx -w xxx
"(&(cn=*)(modifytimestamp<=2009092513000000Z)(objectclass=person))"

But then, how to pipe ldapsearch and ldapdelete to delete the result
dn''s of ldapsearch?

Regards,
Kimmo

2009/9/25 Kimmo Koivisto <koippa@gmail.com>:
> Hello
>
> Thanks for your answer.
>
> I know about those timestamps, but I don''t know if I can compare
> timestamps with ldapsearch.
>
> So, is it possible to compare or search entries older that defined
> timestamp, for example:
>
> ldapsearch "(objectClass=*)" * modifyTimestamp>20090801000000Z
>
> or how I could do this?
>
> Regards,
> Kimmo
>
>
> 2009/9/25 Juan Asensio Sánchez <okelet@gmail.com>:
>> Hi
>>
>> All entries in the directory have some operational attributes called
>> createTimestamp, modifiTimestamp, creatorsName and modifiersName. With
>> them, you can check when an entry has been created or modified, and
>> who did it. I think this is what you are looking for.
>>
>> Those attributes, thar are operational, are not returned when you ask
>> for all attributes, you must specify their names manually:
>>
>> ldapsearch ...... "(objectClass=*)" * createTimestamp
>>
>> Regards
>>
>> 2009/9/25 Kimmo Koivisto <koippa@gmail.com>:
>>> Hello
>>>
>>> I''m using fedora-ds-1.0.4-1.RHEL4 and I have an
application that
>>> creates and modifies entries located in FDS.
>>> Application does not remote old entries, and I cannot change how
>>> application works.
>>>
>>> I would like to delete entries that are not modified recently with
>>> either plain ldapsearch+ldapdelete or using some FDS tools, perl
scipt
>>> etc.
>>>
>>> So, my question is, what is the easiest way to delete entries, for
>>> example older that 3 months?
>>>
>>> Regards,
>>> Kimmo
>>>
>>> --
>>> 389 users mailing list
>>> 389-users@redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>
>> --
>> 389 users mailing list
>> 389-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>

Kimmo Koivisto wrote:
> Hello
>
> This was what I needed to search entries:
>
> ldapsearch -x -b xx -D xxx -w xxx
>
"(&(cn=*)(modifytimestamp<=2009092513000000Z)(objectclass=person))"
>
> But then, how to pipe ldapsearch and ldapdelete to delete the result
> dn''s of ldapsearch?
>   
specify "dn" as the attribute to return - just add it to the end of
the
command line - also add -LLL to the ldapsearch command line to make it 
less verbose
you will then have output like
dn: somedn
blank line
repeat.....

You will have to use sed/awk/perl to strip the "dn: " from the DNs,
and
ignore the blank lines
> Regards,
> Kimmo
>
> 2009/9/25 Kimmo Koivisto <koippa@gmail.com>:
>   
>> Hello
>>
>> Thanks for your answer.
>>
>> I know about those timestamps, but I don''t know if I can
compare
>> timestamps with ldapsearch.
>>
>> So, is it possible to compare or search entries older that defined
>> timestamp, for example:
>>
>> ldapsearch "(objectClass=*)" *
modifyTimestamp>20090801000000Z
>>
>> or how I could do this?
>>
>> Regards,
>> Kimmo
>>
>>
>> 2009/9/25 Juan Asensio Sánchez <okelet@gmail.com>:
>>     
>>> Hi
>>>
>>> All entries in the directory have some operational attributes
called
>>> createTimestamp, modifiTimestamp, creatorsName and modifiersName.
With
>>> them, you can check when an entry has been created or modified, and
>>> who did it. I think this is what you are looking for.
>>>
>>> Those attributes, thar are operational, are not returned when you
ask
>>> for all attributes, you must specify their names manually:
>>>
>>> ldapsearch ...... "(objectClass=*)" * createTimestamp
>>>
>>> Regards
>>>
>>> 2009/9/25 Kimmo Koivisto <koippa@gmail.com>:
>>>       
>>>> Hello
>>>>
>>>> I''m using fedora-ds-1.0.4-1.RHEL4 and I have an
application that
>>>> creates and modifies entries located in FDS.
>>>> Application does not remote old entries, and I cannot change
how
>>>> application works.
>>>>
>>>> I would like to delete entries that are not modified recently
with
>>>> either plain ldapsearch+ldapdelete or using some FDS tools,
perl scipt
>>>> etc.
>>>>
>>>> So, my question is, what is the easiest way to delete entries,
for
>>>> example older that 3 months?
>>>>
>>>> Regards,
>>>> Kimmo
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users@redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>>         
>>> --
>>> 389 users mailing list
>>> 389-users@redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>       
>
> --
> 389 users mailing list
> 389-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Each entry has a modifytimestamp attribute you can search on.

On Fri, 25 Sep 2009, Kimmo Koivisto wrote:
> Hello
> 
> I''m using fedora-ds-1.0.4-1.RHEL4 and I have an application that
> creates and modifies entries located in FDS.
> Application does not remote old entries, and I cannot change how
> application works.
> 
> I would like to delete entries that are not modified recently with
> either plain ldapsearch+ldapdelete or using some FDS tools, perl scipt
> etc.
> 
> So, my question is, what is the easiest way to delete entries, for
> example older that 3 months?
> 
> Regards,
> Kimmo
> 
> --
> 389 users mailing list
> 389-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

On Fri, 25 Sep 2009, Rich Megginson wrote:
> Kimmo Koivisto wrote:
> > Hello
> >
> > This was what I needed to search entries:
> >
> > ldapsearch -x -b xx -D xxx -w xxx
> >
"(&(cn=*)(modifytimestamp<=2009092513000000Z)(objectclass=person))"
> >
> > But then, how to pipe ldapsearch and ldapdelete to delete the result
> > dn''s of ldapsearch?
> >   
> specify "dn" as the attribute to return - just add it to the end
of the
> command line - also add -LLL to the ldapsearch command line to make it 
> less verbose
> you will then have output like
> dn: somedn
> blank line
> repeat.....
> 
> You will have to use sed/awk/perl to strip the "dn: " from the
DNs, and
> ignore the blank lines
> > Regards,
> > Kimmo
> >
> > 2009/9/25 Kimmo Koivisto <koippa@gmail.com>:
> >   
> >> Hello
> >>
> >> Thanks for your answer.
> >>
> >> I know about those timestamps, but I don''t know if I can
compare
> >> timestamps with ldapsearch.
> >>
> >> So, is it possible to compare or search entries older that defined
> >> timestamp, for example:
> >>
> >> ldapsearch "(objectClass=*)" *
modifyTimestamp>20090801000000Z
> >>
> >> or how I could do this?
> >>
> >> Regards,
> >> Kimmo
> >>
> >>
> >> 2009/9/25 Juan Asensio Sánchez <okelet@gmail.com>:
> >>     
> >>> Hi
> >>>
> >>> All entries in the directory have some operational attributes
called
> >>> createTimestamp, modifiTimestamp, creatorsName and
modifiersName. With
> >>> them, you can check when an entry has been created or
modified, and
> >>> who did it. I think this is what you are looking for.
> >>>
> >>> Those attributes, thar are operational, are not returned when
you ask
> >>> for all attributes, you must specify their names manually:
> >>>
> >>> ldapsearch ...... "(objectClass=*)" *
createTimestamp
> >>>
> >>> Regards
> >>>
> >>> 2009/9/25 Kimmo Koivisto <koippa@gmail.com>:
> >>>       
> >>>> Hello
> >>>>
> >>>> I''m using fedora-ds-1.0.4-1.RHEL4 and I have an
application that
> >>>> creates and modifies entries located in FDS.
> >>>> Application does not remote old entries, and I cannot
change how
> >>>> application works.
> >>>>
> >>>> I would like to delete entries that are not modified
recently with
> >>>> either plain ldapsearch+ldapdelete or using some FDS
tools, perl scipt
> >>>> etc.
> >>>>
> >>>> So, my question is, what is the easiest way to delete
entries, for
> >>>> example older that 3 months?
If I may make a suggestion (and apologies for the last mail being way
behind -- mail''s running behind for me today)...

Before doing anything like this, I''d recommend doing a little reading
up
on ldapsearch, ldapmodiify, ldapdelete and the like, and getting a really
firm grip on how they work and how to use them.

What you''re trying to do is potentially very dangerous if you
don''t have
a really good understanding of what you''re doing, and very likely to
wipe a lot of data out of your LDAP directory that you don''t want wiped
out.

I''m not trying to sound disrespectful here, but it sounds like you
don''t
yet have a firm grip on how the basic LDAP tools work yet, and if I were
in your position I''d steer far clear of a mass-delete script until I
was
sure I knew what I was doing.