Version of CA Directory is r12.0 SP12
We are trying to delete an entry with its sub-entries, We are trying to run dxdelete tool from /CADirectory/dxserver/bin to delete entries with subentries, but we are getting below error -- -bash-4.1$ dxdelete -v -h ip:port "smSessionId=gNELP/Q4CG0bQH0M3skLZ/T3v/Q\=,ou=sessionstore,dc=smsession,dc=com" ldap_initialize( ldap://10.118.209.73:30404 ) deleting entry "smSessionId=gNELP/Q4CG0bQH0M3skLZ/T3v/Q\=,ou=sessionstore,dc=smsession,dc=com" Delete Result: Operation not allowed on non-leaf (66) After that, we even tried to run LDAPDelete command, but still no luck. we are Getting the below error with ldapdelete command -- [XXXXX@******1 ~]$ ldapdelete -v -D cn=smadmin,ou=admin,dc=smsession,dc=com -w password -h op:port "smSessionId=gNELP/Q4CG0bQH0M3skLZ/T3v/Q\=,ou=sessionstore,dc=smsession,dc=com" ldap_initialize( ldap://10.118.209.73:30404 ) deleting entry "smSessionId=gNELP/Q4CG0bQH0M3skLZ/T3v/Q\=,ou=sessionstore,dc=smsession,dc=com" ldap_delete: Operation not allowed on non-leaf (66)
Even, I have tried using –r in ldapdelete, but it says invalid option.
Though I can find in CA communities, -r stands for
Makes any delete operation recursive.
Can anyone please tell me the command to delete entries along with sub-entries from CA Directory?
Hi Debamalya. I moved your post to where you have a better chance of this ca directory question to being answered
Newbee to CA directory 14.0. Kinda struck during install /configure, need info on some good documentation.
Trying to configure an directory instance and i see following message.. please advise !
bash-4.2$ ./dxserver install /application/dxserver/inst1/application/dxserver/inst1 does not exist
It might be that the -r flag is not available in all builds of ldapdelete executable. Can you try using the -r flag with the dxdelete command? On my system running CA Directory "dxserver 12.6.00 (build 14043) Windows_NT 64-Bit" I can see that dxdelete command lists -r as a supported flag.
Thanks Kenny for the response. Actually we are looking for a command which can be executed from any location/server to delete entries along with subentries from CA Directory. Somewhat similar to ldapdelete.
PS- Yes I have tried -r flag in dxdelete command and it is working fine for me as well. but For this command to be executed, I have a dependency, that is, we have to log in as "dsa" user.
But, whereas, we need to execute the command from anywhere.
The only option available in R12.0 SP1 is dxdelete. Since the tool exists only on the DSA server, hence to launch the tool we have to login to the server. However ldapsearch may be freely available on client systems, hence it is easier to launch from those client system.
Have we tested with ldapdelete (with -r) against the dsa instance ? Although I'd be not so comfortable using ldap* tools against DXSERVER (evaluate on a case by case basis). However for a delete as long it does not create a repercussion and it is completely tested / works; it may be something that I'd look into.
Have we considered using a script that could be run from anywhere which would connect to the server and execute dxdelete command.
SSH tip: Send commands remotely - CNET
In R14.0 we could potentially use the SCIM API calls.
There was a support case opened (and now closed on this topic) while I just this thread.
If the problem is not having an access to become a 'dsa' user on Linux servers, other option would be to install (or use, if already installed) CA Directory on Windows. Here there will be no restrictions assuming you are able to reach out to Linux machine from this Windows machine on your network. This will definitely serve the purpose of 'from anywhere'.
e.g. from Windows machine where you have CA Directory installed, you can run:
dxdelete -r -h 10.118.209.73:30404 "smSessionId=gNELP/Q4CG0bQH0M3skLZ/T3v/Q\=,ou=sessionstore,dc=smsession,dc=com"
We are using CA Directory r12.0 sp12. Moreover, we are keen to use LDAPDelete command along with -r flag so that we can delete the entries+sub entries from even outside DSA server.
Is it possible? Because when I run LDAPDelete command with -r flag, it is saying Invalid Option.
If it becomes more and more of a dependency on the tool (e.g. OpenLDAP or any other LDAPTool), then I recommend doing what Hitesh suggested.
But more importantly, I'd really start considering executing DXDELETE securely from a remote server using SSH if we really want to eliminate any dependency on having to install any kind of tool anywhere.
even mentioned in the case, the OS in this case is Linux and not Windows.
So, please give suggestion based on Linux 6.x OS System.
Understood hence I mentioned "other option would be" as a suggestion. If you do not or cannot have CA Directory on windows machine anywhere on the same network, in that case as Dennis mentioned. It's one way or another.
You are correct, not all ldapdelete support "-r". So there is going to be a dependency on the tool (performing delete) one way OR another.
I think ldapdelete that ships with OpenLDAP does support.
BTW, here is the KB article that you were looking for to upgrade from this current EOS version of 12.0 SP12 to 12.6 that you were requesting in other support case. Actually I was about to create one while one of my peers pointed out he already did and it has been published for a while now. Hope this helps.
How to upgrade from CA Directory 12.0 SPx to 12.0 - CA Knowledge