Pete <pl...@oz...> wrote:
> Hi everyone,
>
> Every now and then I have a need to delete all entries from a
> directory. The problem is though that the directory server is set to
> a maximum number of entries to return. Setting the server to a
> larger number isn't the answer.
>
> What I need to do is search on sn=*, which returns an error,
> something like too many entries to return, I need this to do this to
> get the DN value to delete all the entries
>
> Reading through the doco it doesn't appear there is an inbuilt
> capability to do this. I'm sure this could be another exercise in
> programing to do the task, but not re-inventing the wheel is prefered
> lately.
>
> Thanks in advance,
>
>
> Pete.
When you get an error of LDAP_SIZELIMIT_EXCEEDED, you *also* get back some
of the entries that the directory could return. This probably isn't obvious
from the documentation. (The LDAP_TIMELIMIT_EXCEEDED error has the same
feature, which is similarly not obvious from the documentation.)
So what you could try is a loop which repeatedly did a search of (sn=*) (or
whatever matched your entries) and removed any it did found. Terminate the
loop when 0 entries are returned.
For efficiency in your searches, don't instruct the server to return all
user attributes (which is the default), ask it for a single attribute
instead. This will make the results come back just that little bit quicker,
as less data needs to be transferred across the network.
Cheers,
Chris
|
