1 .TH LDAPDELETE 1 "20 August 2000" "OpenLDAP LDVERSION"
3 .\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
4 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 ldapdelete \- LDAP delete entry tool
24 .BI \-d \ debuglevel\fR]
34 .BI \-h \ ldaphost\fR]
36 .BI \-P \ 2\fR\||\|\fI3\fR]
38 .BI \-p \ ldapport\fR]
40 .BR \-O \ security-properties ]
42 .BI \-U \ username\fR]
59 is a shell-accessible interface to the
64 opens a connection to an LDAP server, binds, and deletes one or more
65 entries. If one or more \fIDN\fP arguments are provided, entries with
66 those Distinguished Names are deleted. Each \fIDN\fP should be provided
67 using the LDAPv3 string representation as defined in RFC 2253.
68 If no \fIdn\fP arguments
69 are provided, a list of DNs is read from standard input (or from
70 \fIfile\fP if the -f flag is used).
74 Show what would be done, but don't actually delete entries. Useful for
75 debugging in conjunction with -v.
78 Use verbose mode, with many diagnostics written to standard output.
81 Use Kerberos authentication instead of simple authentication. It is
82 assumed that you already have a valid ticket granting ticket. This option
85 is compiled with KERBEROS defined.
88 Same as \-k, but only does step 1 of the kerberos bind. This is useful
89 when connecting to a slapd and there is no x500dsa.hostname principal
90 registered with your kerberos servers.
93 Automatically chase referrals.
96 Continuous operation mode. Errors are reported, but
98 will continue with deletions. The default is to exit after
102 Enable manage DSA IT control.
104 makes control critical.
107 Set the LDAP debugging level to \fIdebuglevel\fP.
109 must be compiled with LDAP_DEBUG defined for this option to have any effect.
112 Read a series of lines from \fIfile\fP, performing one LDAP search for
113 each line. In this case, the \fIfilter\fP given on the command line
114 is treated as a pattern where the first occurrence of \fB%s\fP is
115 replaced with a line from \fIfile\fP.
118 Use simple authentication instead of SASL.
121 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
124 Prompt for simple authentication.
125 This is used instead of specifying the password on the command line.
128 Use \fIpasswd\fP as the password for simple authentication.
131 Specify an alternate host on which the ldap server is running.
134 Specify an alternate TCP port where the ldap server is listening.
136 .BI \-P \ 2\fR\||\|\fI3
137 Specify the LDAP protocol version to use.
140 Do a recursive delete. If the DN specified isn't a leaf, its
141 children, and all their children are deleted down the tree. No
142 verification is done, so if you add this switch, ldapdelete will
143 happily delete large portions of your tree. Use with care.
145 .BI \-O \ security-properties
146 Specify SASL security properties.
149 Enable SASL Interactive mode. Always prompt. Default is to prompt
153 Enable SASL Quiet mode. Never prompt.
156 Specify the username for SASL bind. The syntax of the username depends on the
157 actual SASL mechanism used.
160 Specify the requested authorization ID for SASL bind.
162 must be one of the following formats:
164 .I <distinguished name>
170 Specify the SASL mechanism to be used for authentication. If it's not
171 specified, the program will choose the best mechanism the server knows.
174 Issue StartTLS (Transport Layer Security) extended operation. If you use
176 , the command will require the operation to be successful.
178 The following command:
181 ldapdelete "cn=Delete Me, dc=OpenLDAP, dc=org"
184 will attempt to delete the entry named with commonName "Delete Me"
185 directly below the "dc=OpenLDAP, dc=org" entry. Of
186 course it would probably be necessary to supply a \fIbinddn\fP and
187 \fIpasswd\fP for deletion to be allowed (see the -D and -w options).
189 Exit status is 0 if no errors occur. Errors result in a non-zero exit
190 status and a diagnostic message being written to standard error.
200 There is no interactive mode, but there probably should be.
202 The OpenLDAP Project <http://www.openldap.org/>
205 is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
207 is derived from University of Michigan LDAP 3.3 Release.