On Fri, 25 Sep 2009, Rich Megginson wrote: > Kimmo Koivisto wrote: > > Hello > > > > This was what I needed to search entries: > > > > ldapsearch -x -b xx -D xxx -w xxx > > "(&(cn=*)(modifytimestamp<=2009092513000000Z)(objectclass=person))" > > > > But then, how to pipe ldapsearch and ldapdelete to delete the result > > dn's of ldapsearch? > > > specify "dn" as the attribute to return - just add it to the end of the > command line - also add -LLL to the ldapsearch command line to make it > less verbose > you will then have output like > dn: somedn > blank line > repeat..... > > You will have to use sed/awk/perl to strip the "dn: " from the DNs, and > ignore the blank lines > > Regards, > > Kimmo > > > > 2009/9/25 Kimmo Koivisto <koippa@xxxxxxxxx>: > > > >> Hello > >> > >> Thanks for your answer. > >> > >> I know about those timestamps, but I don't know if I can compare > >> timestamps with ldapsearch. > >> > >> So, is it possible to compare or search entries older that defined > >> timestamp, for example: > >> > >> ldapsearch "(objectClass=*)" * modifyTimestamp>20090801000000Z > >> > >> or how I could do this? > >> > >> Regards, > >> Kimmo > >> > >> > >> 2009/9/25 Juan Asensio Sánchez <okelet@xxxxxxxxx>: > >> > >>> Hi > >>> > >>> All entries in the directory have some operational attributes called > >>> createTimestamp, modifiTimestamp, creatorsName and modifiersName. With > >>> them, you can check when an entry has been created or modified, and > >>> who did it. I think this is what you are looking for. > >>> > >>> Those attributes, thar are operational, are not returned when you ask > >>> for all attributes, you must specify their names manually: > >>> > >>> ldapsearch ...... "(objectClass=*)" * createTimestamp > >>> > >>> Regards > >>> > >>> 2009/9/25 Kimmo Koivisto <koippa@xxxxxxxxx>: > >>> > >>>> Hello > >>>> > >>>> I'm using fedora-ds-1.0.4-1.RHEL4 and I have an application that > >>>> creates and modifies entries located in FDS. > >>>> Application does not remote old entries, and I cannot change how > >>>> application works. > >>>> > >>>> I would like to delete entries that are not modified recently with > >>>> either plain ldapsearch+ldapdelete or using some FDS tools, perl scipt > >>>> etc. > >>>> > >>>> So, my question is, what is the easiest way to delete entries, for > >>>> example older that 3 months? If I may make a suggestion (and apologies for the last mail being way behind -- mail's running behind for me today)... Before doing anything like this, I'd recommend doing a little reading up on ldapsearch, ldapmodiify, ldapdelete and the like, and getting a really firm grip on how they work and how to use them. What you're trying to do is potentially very dangerous if you don't have a really good understanding of what you're doing, and very likely to wipe a lot of data out of your LDAP directory that you don't want wiped out. I'm not trying to sound disrespectful here, but it sounds like you don't yet have a firm grip on how the basic LDAP tools work yet, and if I were in your position I'd steer far clear of a mass-delete script until I was sure I knew what I was doing. -- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
