1 .TH LDAPCOMPARE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
3 .\" Copyright 1998-2002 The OpenLDAP Foundation All Rights Reserved.
4 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 ldapcompare \- LDAP compare tool
22 .BI \-d \ debuglevel\fR]
28 .BI \-w \ bindpasswd\fR]
32 .BI \-h \ ldaphost\fR]
34 .BI \-p \ ldapport\fR]
36 .BI \-P \ 2\fR\||\|\fI3\fR]
38 .BR \-O \ security-properties ]
55 .BR attr::b64value \ >
58 is a shell-accessible interface to the
63 opens a connection to an LDAP server, binds, and performs a compare
64 using specified parameters. The \fIDN\fP should be a distinguished
65 name in the directory. \fIAttr\fP should be a known attribute. If
66 followed by one colon, the assertion \fIvalue\fP should be provided
67 as a string. If followed by two colons, the base64 encoding of the
73 Show what would be done, but don't actually perform the compare. Useful for
74 debugging in conjunction with -v.
77 Run in verbose mode, with many diagnostics written to standard output.
80 Run in quiet mode, no output is written. You must check the return
81 status. Useful in shell scripts.
84 Use Kerberos IV authentication instead of simple authentication. It is
85 assumed that you already have a valid ticket granting ticket.
87 must be compiled with Kerberos support for this option to have any effect.
90 Same as \-k, but only does step 1 of the Kerberos IV bind. This is useful
91 when connecting to a slapd and there is no x500dsa.hostname principal
92 registered with your Kerberos Domain Controller(s).
95 Enable manage DSA IT control.
97 makes control critical.
100 Set the LDAP debugging level to \fIdebuglevel\fP.
102 must be compiled with LDAP_DEBUG defined for this option to have any effect.
105 Use simple authentication instead of SASL.
108 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
111 Prompt for simple authentication.
112 This is used instead of specifying the password on the command line.
115 Use \fIbindpasswd\fP as the password for simple authentication.
118 Specify URI(s) referring to the ldap server(s).
121 Specify an alternate host on which the ldap server is running.
122 Deprecated in favor of -H.
125 Specify an alternate TCP port where the ldap server is listening.
126 Deprecated in favor of -H.
128 .BI \-P \ 2\fR\||\|\fI3
129 Specify the LDAP protocol version to use.
131 .BI \-O \ security-properties
132 Specify SASL security properties.
135 Enable SASL Interactive mode. Always prompt. Default is to prompt
139 Enable SASL Quiet mode. Never prompt.
142 Specify the authentication ID for SASL bind. The form of the ID
143 depends on the actual SASL mechanism used.
146 Specify the requested authorization ID for SASL bind.
148 must be one of the following formats:
150 .I <distinguished name>
156 Specify the SASL mechanism to be used for authentication. If it's not
157 specified, the program will choose the best mechanism the server knows.
160 Issue StartTLS (Transport Layer Security) extended operation. If you use
162 , the command will require the operation to be successful.
165 ldapcompare "uid=babs,dc=example,dc=com" sn Jensen
166 ldapcompare "uid=babs,dc=example,dc=com" sn:Jensen
167 ldapcompare "uid=babs,dc=example,dc=com" sn::SmVuc2Vu
171 When -z is used, exit status is either 5 if the compare is false, or 6
172 when the compare is true. Errors result in other non-zero values.
174 When -z is not used, exit status is zero if no errors occur.
175 Errors result in a non-zero exit status and
176 a diagnostic message being written to standard error.
178 Should have a way to specify a url for options or for large binary
186 The OpenLDAP Project <http://www.openldap.org/>
189 is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
191 is derived from University of Michigan LDAP 3.3 Release.