HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
3.4.4 Deleting an entry using LDIF
changetype: delete is the change type that deletes an entire entry from the directory.
NOTE:
You can only delete leaf entries. Therefore, when you delete an entry, make sure that no other
entries exist under that entry in the directory tree. That is, you cannot delete an organizational unit
entry unless you have first deleted all the entries that belong to the organizational unit.
For example, of the following three entries, only the last two entries can be deleted:
ou=People,dc=example,dc=com
cn=Paula Simon,ou=People,dc=example,dc=com
cn=Jerry O'Connor,ou=People,dc=example,dc=com
The entry that identifies the People subtree can be deleted only if no other entries exist below it.
The following LDIF update statements can be used to delete person entries:
dn: cn=Pete Minsky,ou=People,dc=example,dc=com
changetype: delete
dn: cn=Sue Jacobs,ou=People,dc=example,dc=com
changetype: delete
CAUTION:
Do not delete the suffix o=NetscapeRoot. The Administration Server uses this suffix to store
information about installed Directory Servers. Deleting this suffix could force you to reinstall the
Directory Server.
3.4.5 Modifying an entry in an internationalized directory
If the attribute values in the directory are associated with languages other than English, the attribute
values are associated with language tags. When using the ldapmodify command line utility to
modify an attribute that has an associated language tag, you must match the value and language
tag exactly or the modify operation will fail.
For example, to modify an attribute value that has a language tag of lang-fr, include lang-fr
in the modify operation, as follows:
dn: bjensen,dc=example,dc=com
changetype: modify
replace: homePostalAddress;lang-fr
homePostalAddress;lang-fr: 34 rue de Seine
3.5 Maintaining Referential Integrity
Referential integrity is a database mechanism that ensures relationships between related entries
are maintained. In the Directory Server, the referential integrity can be used to ensure that an
update to one entry in the directory is correctly reflected in any other entries that may refer to the
updated entry.
For example, if a user's entry is removed from the directory and referential integrity is enabled,
the server also removes the user from any groups of which the user is a member. If referential
integrity is not enabled, the user remains a member of the group until manually removed by the
administrator. This is an important feature if you are integrating the Directory Server with other
products that rely on the directory for user and group management.
3.5.1 How referential integrity works
When the Referential Integrity Plug-in is enabled, it performs integrity updates on specified attributes
immediately after a delete or rename operation. By default, the Referential Integrity Plug-in is
disabled.
126 Creating Directory Entries