How to delete Entries in OID 11g in Bulk – Delete Failed : Ldap Error Code 66 Not allowed on Non-Leaf

Entries in LDAP Server (OID) are stored in tree like structure. You can delete an entry OID 11g using ODSM but if you try to delete an entry which contains sub-entry then you will get error message like “LDAP Error Code 66 Not allowed on Non-Leaf ” (11.1.1.4 and lower) . You should first delete lowest level of tree (leaf) and then go all the way up to delete entries via ODSM. What if you have approx. 10/15 levels for an entry or wish to delete entries in OID in Bulk (all users/groups or subset of users/groups) ?

Simple answer is bulkdelete which is LDAP command. In this post I am going to show how to delete entries OID 11g in bulk or recursively

1. Set Environment Variable ORACLE_HOME and ORACLE_INSTANCE for OID 11g

export ORACLE_HOME=/u01/oracle/fmw/Oracle_IDM1
export ORACLE_INSTANCE=/u01/oracle/fmw/asinst_1

2. Shutdown OID using OPMNCTL  (OID should be down during bulkdelete or entry caching should be disabled)

$ORACLE_INSTANCE/bin/opmnctl stopall

3. Run bulkdelete with entry which you want to delete in OID (command will delete all child entry under that)

$ORACLE_HOME/ldap/bin/bulkdelete connect=connect_string {[basedn=Base_DN] | [file=file_name]}

$ORACLE_HOME/ldap/bin/bulkdelete connect=oiddb basedn=”ou=service,cn=users,dc=mydomain,dc=co,dc=uk” (Here oiddb is TNS name defined by default in $ORACLE_INSTANCE/network )

Provide ODS schema password when prompted

You should see output like XXX Entries have been deleted

b) If you want to delete multiple entries (under different location in one go) then create a file delete.ldif with entry like

ou=user1,cn=users,dc=mydomain,dc=co,dc=uk
ou=user2,cn=users,dc=mydomain,dc=co,dc=uk
cn=group1,cn=groups,dc=mydomain,dc=co,dc=uk

Here “ou=user1,cn=users,dc=mydomain,dc=co,dc=uk” is Distinguished Name (DN) of entry which you wish to delete (Change DC as per your OID setup)

and run
$ORACLE_HOME/ldap/bin/bulkdelete connect=oiddb file=delete.ldif

Provide ODS schema password when prompted

You should see output like XXX Entries have been deleted

4. Start OID, $ORACLE_INSTANCE/bin/opmnctl startall

.

References

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

3 comments
vimal says April 18, 2012

Hi Guru,

I have multiple DN in my sample.ldif file.

I am using bulkdelete command to delete the entries.

after giving OID password, I am receiving error
“Error in opening file sample.ldif’

content of sample.ldif file is
ou=
ou=

Help appreciated.

Reply
    Atul Kumar says April 18, 2012

    @ Vimal,
    This means bulkdelete utility can’t see this file sample.ldif. Please use absolute path for sample.ldif with bulkdelete command.

    Reply
vimal says April 18, 2012

ou= contain full DN

Reply
Add Your Reply

Not found