What is the correct way to delete a non-leaf node

[aesoper101]

Hi, I have a non-leaf node in OpenLDAP directory. I want to delete the node. One approach is to delete all the children from the bottom most level in the tree and then finally delete the non-leaf node. Is there any other approach to solve this issue?

When I try to delete the non-leaf node, sends me the following exception:

LDAP Result Code 66 "Not Allowed On Non Leaf": subordinate objects must be deleted first

[cpuschma]

You'll have to empty the container first before you can delete it. You can also use the Subtree Delete Control within your delete request to delete all child elements.

ldap/control.go

Lines 533 to 535 in 7d3b8d4

	func NewControlSubtreeDelete() *ControlSubtreeDelete {
	return &ControlSubtreeDelete{}
	}

[aesoper101]

@cpuschma Hi , I had use the Subtree Delete Control like this

func TestDeleteNonLeafNode(t *testing.T) {
	conn, err := ldap.DialURL("ldap://localhost:389")
	assert.Nil(t, err)
	assert.NotNil(t, conn)

	defer conn.Close()

	control := make([]ldap.Control, 0)
	control = append(control, ldap.NewControlSubtreeDelete())

	simpleBindRequest := ldap.NewSimpleBindRequest("cn=admin,dc=example,dc=org", "admin", control)

	_, err = conn.SimpleBind(simpleBindRequest)
	assert.Nil(t, err)

	delReq := ldap.NewDelRequest("o=test,dc=example,dc=org", control)
	err = conn.Del(delReq)
	t.Log(err)
	assert.Nil(t, err)
}

but not working

[james-d-elliott]

Can you show the ldap.Error field values?

[kumo-rn5s]

Hi, i got same error.
I just discovered that my LDAP server did not have the SubtreeDelete Control enabled.

[JesseCoretta]

Just chiming in -- I was able to make the above function work without issues on my test system - subtree deleted 107 entries (not including the parent) on the first try.

Before:

$ ldapsearch -LLLxb ou=Terminated,ou=People,dc=example,dc=com -s one dn

... 107 fake entries omitted ...

For simplicity, I just added the above function to control_test.go. I only had to replace the "assert" checkers with explicit manual checks (e.g: if err != nil { ... }), no other changes.

Delete:

$ go test -run TestDeleteNonLeafNode .
ok  	github.com/go-ldap/ldap	0.034s

After:

$ ldapsearch -LLLxb ou=Terminated,ou=People,dc=example,dc=com -s one dn
No such object (32)

[james-d-elliott]

Hi, i got same error. I just discovered that my LDAP server did not have the SubtreeDelete Control enabled.

Which control OID is that? 1.2.840.113556.1.4.805?

[JesseCoretta]

Hi, i got same error. I just discovered that my LDAP server did not have the SubtreeDelete Control enabled.

Which control OID is that? 1.2.840.113556.1.4.805?

Yes that seems to be correct. I can trace that OID to a const in control.go.

$ ldapsearch -LLLb '' -s base -x supportedControl=1.2.840.113556.1.4.805 supportedControl

dn:
supportedControl: 1.2.826.0.1.3344810.2.3
supportedControl: 1.2.840.113556.1.4.1413
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.840.113556.1.4.473
supportedControl: 1.2.840.113556.1.4.805  <--- here
supportedControl: 1.3.6.1.1.12
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.4.1.26027.1.5.2
supportedControl: 1.3.6.1.4.1.42.2.27.8.5.1
supportedControl: 1.3.6.1.4.1.42.2.27.9.5.2
supportedControl: 1.3.6.1.4.1.42.2.27.9.5.8
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.3.6.1.4.1.4203.1.10.2
supportedControl: 1.3.6.1.4.1.7628.5.101.1
supportedControl: 2.16.840.1.113730.3.4.12
supportedControl: 2.16.840.1.113730.3.4.16
supportedControl: 2.16.840.1.113730.3.4.17
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.19
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 2.16.840.1.113730.3.4.3
supportedControl: 2.16.840.1.113730.3.4.4
supportedControl: 2.16.840.1.113730.3.4.5
supportedControl: 2.16.840.1.113730.3.4.9

... which indicates my server supports it.