Delete
Examples in this documentation depend on features activated in the For details, refer to Learn about the evaluation setup profile. |
To delete a resource, perform an HTTP DELETE on the resource URL. The operation returns the resource you deleted:
$ curl \
--request DELETE \
--cacert ca-cert.pem \
--user kvaughan:bribery \
--silent \
https://localhost:8443/api/users/newuser?_prettyPrint=true
{
"_id" : "newuser",
"_rev" : "<revision>",
"_schema" : "frapi:opendj:rest2ldap:user:1.0",
"_meta" : {
"created" : "<datestamp>"
},
"userName" : "newuser@example.com",
"displayName" : [ "New User" ],
"name" : {
"givenName" : "User",
"familyName" : "New"
},
"contactInformation" : {
"telephoneNumber" : "+1 408 555 1212",
"emailAddress" : "newuser@example.com"
},
"manager" : {
"_id" : "kvaughan",
"_rev" : "<revision>"
}
}
To delete a resource only if the resource matches a particular version,
use an If-Match: revision
header:
$ export REVISION=$(cut -d \" -f 8 <(curl --silent \
--user kvaughan:bribery \
--cacert ca-cert.pem \
https://localhost:8443/api/users/newuser?_fields=_rev))
$ curl \
--request DELETE \
--cacert ca-cert.pem \
--user kvaughan:bribery \
--header "If-Match: $REVISION" \
--silent \
https://localhost:8443/api/users/newuser?_prettyPrint=true
{
"_id" : "newuser",
"_rev" : "<revision>",
"_schema" : "frapi:opendj:rest2ldap:user:1.0",
"_meta" : {
"created" : "<datestamp>"
},
"userName" : "newuser@example.com",
"displayName" : [ "New User" ],
"name" : {
"givenName" : "User",
"familyName" : "New"
},
"contactInformation" : {
"telephoneNumber" : "+1 408 555 1212",
"emailAddress" : "newuser@example.com"
},
"manager" : {
"_id" : "kvaughan",
"_rev" : "<revision>"
}
}
To delete a resource and all of its children, follow these high-level steps:
-
Make sure that the REST to LDAP configuration does map the resources to delete to LDAP entries.
For an example, refer to Nested resources.
-
If you are using the gateway, this requires the default setting of true for
useSubtreeDelete
inWEB-INF/classes/rest2ldap/rest2ldap.json
.Only users who have access to request a tree delete can delete resources with children. -
Allow the REST user to use the subtree delete control:
$ dsconfig \ set-access-control-handler-prop \ --hostname localhost \ --port 4444 \ --bindDN uid=admin \ --bindPassword password \ --add global-aci:"(targetcontrol=\"SubtreeDelete\")\ (version 3.0; acl \"Allow Subtree Delete\"; allow(read) \ userdn=\"ldap:///uid=kvaughan,ou=People,dc=example,dc=com\";)" \ --usePkcs12TrustStore /path/to/opendj/config/keystore \ --trustStorePassword:file /path/to/opendj/config/keystore.pin \ --no-prompt
-
Request the delete as a user who has rights to perform a subtree delete on the resource.
This can be a resource-intensive operation. The resources required to remove a branch depend on the number of LDAP entries to delete.