1 .TH LDAPCOMPARE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
3 .\" Copyright 1998-2003 The OpenLDAP Foundation All Rights Reserved.
4 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 ldapcompare \- LDAP compare tool
22 .BI \-d \ debuglevel\fR]
30 .BI \-y \ passwdfile\fR]
34 .BI \-h \ ldaphost\fR]
36 .BI \-p \ ldapport\fR]
38 .BI \-P \ 2\fR\||\|\fI3\fR]
40 .BR \-O \ security-properties ]
59 .BR attr::b64value \ >
62 is a shell-accessible interface to the
67 opens a connection to an LDAP server, binds, and performs a compare
68 using specified parameters. The \fIDN\fP should be a distinguished
69 name in the directory. \fIAttr\fP should be a known attribute. If
70 followed by one colon, the assertion \fIvalue\fP should be provided
71 as a string. If followed by two colons, the base64 encoding of the
77 Show what would be done, but don't actually perform the compare. Useful for
78 debugging in conjunction with -v.
81 Run in verbose mode, with many diagnostics written to standard output.
84 Run in quiet mode, no output is written. You must check the return
85 status. Useful in shell scripts.
88 Use Kerberos IV authentication instead of simple authentication. It is
89 assumed that you already have a valid ticket granting ticket.
91 must be compiled with Kerberos support for this option to have any effect.
94 Same as \-k, but only does step 1 of the Kerberos IV bind. This is useful
95 when connecting to a slapd and there is no x500dsa.hostname principal
96 registered with your Kerberos Domain Controller(s).
99 Enable manage DSA IT control.
101 makes control critical.
104 Set the LDAP debugging level to \fIdebuglevel\fP.
106 must be compiled with LDAP_DEBUG defined for this option to have any effect.
109 Use simple authentication instead of SASL.
112 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
115 Prompt for simple authentication.
116 This is used instead of specifying the password on the command line.
119 Use \fIpasswd\fP as the password for simple authentication.
122 Use complete contents of \fIpasswdfile\fP as the password for
123 simple authentication.
126 Specify URI(s) referring to the ldap server(s).
129 Specify an alternate host on which the ldap server is running.
130 Deprecated in favor of -H.
133 Specify an alternate TCP port where the ldap server is listening.
134 Deprecated in favor of -H.
136 .BI \-P \ 2\fR\||\|\fI3
137 Specify the LDAP protocol version to use.
139 .BI \-O \ security-properties
140 Specify SASL security properties.
143 Enable SASL Interactive mode. Always prompt. Default is to prompt
147 Enable SASL Quiet mode. Never prompt.
150 Specify the authentication ID for SASL bind. The form of the ID
151 depends on the actual SASL mechanism used.
154 Specify the realm of authentication ID for SASL bind. The form of the realm
155 depends on the actual SASL mechanism used.
158 Specify the requested authorization ID for SASL bind.
160 must be one of the following formats:
162 .I <distinguished name>
168 Specify the SASL mechanism to be used for authentication. If it's not
169 specified, the program will choose the best mechanism the server knows.
172 Issue StartTLS (Transport Layer Security) extended operation. If you use
174 , the command will require the operation to be successful.
177 ldapcompare "uid=babs,dc=example,dc=com" sn Jensen
178 ldapcompare "uid=babs,dc=example,dc=com" sn:Jensen
179 ldapcompare "uid=babs,dc=example,dc=com" sn::SmVuc2Vu
183 When -z is used, exit status is either 5 if the compare is false, or 6
184 when the compare is true. Errors result in other non-zero values.
186 When -z is not used, exit status is zero if no errors occur.
187 Errors result in a non-zero exit status and
188 a diagnostic message being written to standard error.
190 Should have a way to specify a url for options or for large binary
198 The OpenLDAP Project <http://www.openldap.org/>
201 is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
203 is derived from University of Michigan LDAP 3.3 Release.