Unix/Linux Go Back    

OpenSolaris 2009.06 - man page for ldapdelete (opensolaris section 1)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

ldapdelete(1)				  User Commands 			    ldapdelete(1)

       ldapdelete - ldap delete entry tool

       ldapdelete [-n] [-v] [-c] [-d debuglevel] [-f file]
	    [-D bindDN] [-w passwd | -j file] [-J [:criticality]]
	    [-?] [-H] [-h ldaphost] [-V version] [-i locale]
	    [-k path] [-P path] [-N certificate] [-y proxyid]
	    [-p ldapport] [-O hoplimit] [-o attributename=value]
	    [-W password] [dn]...

       The ldapdelete utility opens a connection to an LDAP server, then binds and deletes one or
       more entries. If one or more dn arguments are provided, entries with  those  distinguished
       names  are  deleted.  If no dn arguments are provided, a list of DNs is read from file, if
       the -f option is specified, or from standard input.

       The following options are supported:


	   Bypass confirmation question when deleting a branch.


	   Continuous operation mode. Errors are reported,  but  ldapdelete  will  continue  with
	   deletions. The default is to exit after reporting an error.

       -d debuglevel

	   Sets the LDAP debugging level. Useful levels of debugging for ldapdelete are:

	   1	  Trace

	   2	  Packets

	   4	  Arguments

	   32	  Filters

	   128	  Access control

	   To  request	more than one category of debugging information, add the masks. For exam-
	   ple, to request trace and filter information, specify a debuglevel of 33.

       -D bindDN

	   Uses the distinguished name bindDN to bind to the directory.


	   Ask server to expose (report) bind identity by means of authentication  response  con-

       -f file

	   Reads the entry deletion information from file instead of from standard input.


	   Display the usage help text that briefly describes all options.


	   Display the usage help text that briefly describes all options.

       -h ldaphost

	   Specifies an alternate host on which the LDAP server is running.

       -i locale

	   Specify  the character set to use for command-line input. The default is the character
	   set specified in the LANG environment variable. You might want to use this  option  to
	   perform  the  conversion from the specified character set to UTF8, thus overriding the
	   LANG setting.

	   Using this argument, you can input the bind DN and the target  DNs  in  the	specified
	   character  set.  The ldapdelete tool converts the input from these arguments before it
	   processes the search request. For example, -i no indicates that the bind DN and target
	   DNs are provided in Norwegian.

	   This  option  affects only the command-line input. That is, if you specify a file con-
	   taining DNs (with the -f option), ldapdelete will not convert the data in the file.

       -j filename

	   Specify a file containing the password for the bind DN or the  password  for  the  SSL
	   client's  key  database. To protect the password, use this option in scripts and place
	   the password in a secure file. This option is mutually exclusive  of  the  -w  and  -W
	   options. The -j option is the more secure alternative between -j and -w/-W.

       -J [:criticality[:value|::b64value|b64value|:fileurl]]

	   Criticality is a boolean value (default is false).

       -k path

	   Specify  the  path  to  a directory containing conversion routines. These routines are
	   used if you want to specify a locale that is not supported by default by  your  direc-
	   tory server. This is for NLS support.


	   Manage  smart  referrals. When they are the target of the operation, delete the actual
	   entry containing the referral instead of the entry obtained by following the referral.


	   Shows what would be done, but does not actually delete entries. Useful in  conjunction
	   with options -v and -d for debugging.

       -N certificate

	   Specify  the  certificate name to use for certificate-based client authentication. For
	   example: -N "Directory-Cert".

       -o attributename=value

	   For SASL mechanisms and other options such as security properties, mode of  operation,
	   authorization ID, authentication ID, and so forth.

	   The different attribute names and their values are as follows:

	   secProp="number"    For defining SASL security properties.

	   realm="value"       Specifies SASL realm (default is realm=none).

	   authzid="value"     Specify the authorization ID name for SASL bind.

	   authid="value"      Specify the authentication ID for SASL bind.

	   mech="value"        Specifies the various SASL mechanisms.

       -O hopLimit

	   Specify  the  maximum  number  of  referral	hops  to follow while finding an entry to
	   delete. By default, there is no limit.

       -p ldapport

	   Specifies an alternate TCP port where the LDAP server is listening.

       -P path

	   Specify the path and filename of the client's certificate database. For example:

	     -P /home/uid/.netscape/cert7.db

	   When using the command on the same host as the  directory  server,  you  can  use  the
	   server's own certificate database. For example:

	     -P installDir/lapd-serverID/alias/cert7.db

	   Use the -P option alone to specify server authentication only.


	   Uses verbose mode, with diagnostics written to standard output.

       -V version

	   Specify the LDAP protocol version number to be used for the delete operation, either 2
	   or 3. LDAP v3 is the default. Specify LDAP v2 when connecting to servers that  do  not
	   support v3.

       -W password

	   Specify the password for the client's key database given in the -P option. This option
	   is required for certificate-based client authentication. Specifying	password  on  the
	   command  line  has  security  issues because the password can be seen by others on the
	   system by means of the ps command. Use the -j instead to specify the password from the
	   file. This option is mutually exclusive of -j.

       -w passwd

	   Use passwd as the password for authentication to the directory. When you use -w passwd
	   to specify the password to be used for authentication,  the	password  is  visible  to
	   other users of the system by means of the ps command, in script files or in shell his-
	   tory. If you use the ldapdelete command without this option, the command  will  prompt
	   for	the  password  and read it from standard in. When used without the -w option, the
	   password will not be visible to other users.

       -Y proxyid

	   Specify the proxy DN (proxied authorization id) to use for the delete operation,  usu-
	   ally in double quotes ("") for the shell.


	   Specify  that  SSL  be  used  to provide certificate-based client authentication. This
	   option requires the -N and SSL password and any other of the  SSL  options  needed  to
	   identify the certificate and the key database.

       The following operand is supported:

       dn    Specifies one or several distinguished names of entries to delete.

       Example 1 Deleting an Entry

       To  delete  the	entry  named with commonName Delete Me directly below the XYZ Corporation
       organizational entry, use the following command:

	 example% ldapdelete -D "cn=Administrator, o=XYZ, c=US" \
	   "cn=Delete Me, o=XYZ, c=US"

       Example 2 Deleting an Entry Using SASL Authentication

       To delete the entry named with commonName "Delete Me" directly below the  XYZ  Corporation
       organizational entry, use the following command:

	 example% ldapdelete -o mech=DIGEST-MD5 -o secProp=noanonymous \
	 -o realm=none -o authid="dn:uid=foo,o=XYZ, c=US"  \
	 "cn=Delete Me, o=XYZ, c=US"

       See attributes(5) for a description of the following attributes:

       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWcsu			   |
       |Stability Level 	     |Evolving			   |

       The following exit values are returned:

       0	    Successful completion.

       Non-zero     An error occurred. A diagnostic message is written to standard error.

       ldapadd(1),    ldapmodify(1),	ldapmodrdn(1),	 ldapsearch(1),   ldap_get_option(3LDAP),
       ldap_set_option(3LDAP), attributes(5)

       The -M authentication option is obsolete.

SunOS 5.11				   15 Jan 2004				    ldapdelete(1)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 08:32 PM.