1 .TH LDAPCOMPARE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
3 .\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
4 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 ldapcompare \- LDAP compare tool
18 .BI \-d \ debuglevel\fR]
26 .BI \-y \ passwdfile\fR]
30 .BI \-h \ ldaphost\fR]
32 .BI \-p \ ldapport\fR]
34 .BI \-P \ 2\fR\||\|\fI3\fR]
36 .BR \-O \ security-properties ]
55 .BR attr::b64value \ >
58 is a shell-accessible interface to the
59 .BR ldap_compare_ext (3)
63 opens a connection to an LDAP server, binds, and performs a compare
64 using specified parameters. The \fIDN\fP should be a distinguished
65 name in the directory. \fIAttr\fP should be a known attribute. If
66 followed by one colon, the assertion \fIvalue\fP should be provided
67 as a string. If followed by two colons, the base64 encoding of the
68 value is provided. The result code of the compare is provided as
69 the exit code and, unless ran with -z, the program prints
70 TRUE, FALSE, or UNDEFINED on standard output.
75 Show what would be done, but don't actually perform the compare. Useful for
76 debugging in conjunction with -v.
79 Run in verbose mode, with many diagnostics written to standard output.
82 Run in quiet mode, no output is written. You must check the return
83 status. Useful in shell scripts.
86 Enable manage DSA IT control.
88 makes control critical.
91 Set the LDAP debugging level to \fIdebuglevel\fP.
93 must be compiled with LDAP_DEBUG defined for this option to have any effect.
96 Use simple authentication instead of SASL.
99 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
102 Prompt for simple authentication.
103 This is used instead of specifying the password on the command line.
106 Use \fIpasswd\fP as the password for simple authentication.
109 Use complete contents of \fIpasswdfile\fP as the password for
110 simple authentication.
113 Specify URI(s) referring to the ldap server(s); only the protocol/host/port
114 fields are allowed; a list of URI, separated by whitespace or commas
118 Specify an alternate host on which the ldap server is running.
119 Deprecated in favor of -H.
122 Specify an alternate TCP port where the ldap server is listening.
123 Deprecated in favor of -H.
125 .BI \-P \ 2\fR\||\|\fI3
126 Specify the LDAP protocol version to use.
128 .BI \-O \ security-properties
129 Specify SASL security properties.
132 Enable SASL Interactive mode. Always prompt. Default is to prompt
136 Enable SASL Quiet mode. Never prompt.
139 Specify the authentication ID for SASL bind. The form of the ID
140 depends on the actual SASL mechanism used.
143 Specify the realm of authentication ID for SASL bind. The form of the realm
144 depends on the actual SASL mechanism used.
147 Specify the requested authorization ID for SASL bind.
149 must be one of the following formats:
151 .I <distinguished name>
157 Specify the SASL mechanism to be used for authentication. If it's not
158 specified, the program will choose the best mechanism the server knows.
161 Issue StartTLS (Transport Layer Security) extended operation. If you use
163 , the command will require the operation to be successful.
166 ldapcompare "uid=babs,dc=example,dc=com" sn:Jensen
167 ldapcompare "uid=babs,dc=example,dc=com" sn::SmVuc2Vu
171 Requiring the value be passed on the command line is limiting
172 and introduces some security concerns. The command should support
173 a mechanism to specify the location (file name or URL) to read
179 .BR ldap_compare_ext (3)
181 The OpenLDAP Project <http://www.openldap.org/>