Three Views on Deleting Multiple Users

Novell Cool Solutions: Tip

Digg This - Slashdot This

Posted: 21 Oct 2004

A Forum reader recently asked: "Using 'Details on Mutiple Users', I want to remove all value(s) from the property 'Title' found on the Identification tab. It's easy to add them to multiple users, but I want to remove them."

Here are three solutions to the problem, contributed by some of our Forums experts:

LDAP/LDIF, Approach #1

In cases where you want to delete or modify a large number of objects, it's often a best practice to use the power of LDAP and LDIF to do so. Below are some syntax examples for modifying objects with either an Add of an attribute or Delete of an attribute.

Deleting all attribute values for a specific attribute:

  dn: cn=user,ou=container,o=organization
  changetype: modify
  delete: title

Deleting specific values of a multi-valued attribute for users:

  dn: cn=user,ou=container,o=organization
  changetype: modify
  delete: title
  title: Vice President

The main difference to focus on here is that you specify the specific value of the attribute to be deleted. If you do not specify a specific value then all values of the attribute "title" will be deleted.

Adding an attribute to a user:

  dn: cn=user,ou=container,o=oranization
  changetype: modify
  add: title
  title: Techie

A shortcut you can use for making multiple modifications to the same user object is the "-" charachter. This tells the server that the modification is for the same dn.

  dn: cn=user,ou=container,o=oranization
  changetype: modify
  add: facsimileTelephoneNumber
  facsimileTelephoneNumber: 555-1212
  add: InternetEMailAddress
  InternetEMailAddress: user@novell.com

LDAP/LDIF, Approach #2

I'd probably do it using OpenLDAP's ldapsearch to get all DNs via the LDAP interface in to an LDIF file:

ldapsearch -x -H ldaps://ip.of.your.server -D cn=admin,o=acme -W -b ou=sales,o=acme cn* dn

Then I'd use something like awk to modify the LDIF file so that each record looked something like this:

  dn: cn=bob,ou=sales,o=acme
  changetype: modify
  delete: title

The awk command would look something like this:

awk "{ printf \"%s\nchangetype: modify\ndelete: title\n\n\",$0 }" < source.ldif > dome.ldif

And then I'd use ldapmodify to import this LDIF file in to the LDAP interface:

ldapmodify -x -H ldaps://ip.of.your.server -D cn=admin,o=acme -W -c -f dome.ldif

Novell has the ICE utility, which is essentially their version of ldapsearch and ldapmodify and a few other things all rolled in to one package. You can use that, too.