1 .TH LDAPDELETE 1 "20 April 2000" "OpenLDAP LDVERSION"
3 .\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
4 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 ldapdelete \- LDAP delete entry tool
24 .BI \-d \ debuglevel\fR]
34 .BI \-h \ ldaphost\fR]
36 .BI \-P \ 2\fR\||\|\fI3\fR]
38 .BI \-p \ ldapport\fR]
44 .BI \-U \ username\fR]
55 is a shell-accessible interface to the
60 opens a connection to an LDAP server, binds, and deletes one or more
61 entries. If one or more \fIdn\fP arguments are provided, entries with
62 those Distinguished Names are deleted. Each \fIdn\fP should be a
63 string-represented DN as defined in RFC 1779. If no \fIdn\fP arguments
64 are provided, a list of DNs is read from standard input (or from
65 \fIfile\fP if the -f flag is used).
69 Show what would be done, but don't actually delete entries. Useful for
70 debugging in conjunction with -v.
73 Use verbose mode, with many diagnostics written to standard output.
76 Use Kerberos authentication instead of simple authentication. It is
77 assumed that you already have a valid ticket granting ticket. This option
80 is compiled with KERBEROS defined.
83 Same as \-k, but only does step 1 of the kerberos bind. This is useful
84 when connecting to a slapd and there is no x500dsa.hostname principal
85 registered with your kerberos servers.
88 Automatically chase referrals.
91 Continuous operation mode. Errors are reported, but
93 will continue with deletions. The default is to exit after
97 Enable manage DSA IT control.
99 makes control critical.
102 Set the LDAP debugging level to \fIdebuglevel\fP.
104 must be compiled with LDAP_DEBUG defined for this option to have any effect.
107 Read a series of lines from \fIfile\fP, performing one LDAP search for
108 each line. In this case, the \fIfilter\fP given on the command line
109 is treated as a pattern where the first occurrence of \fB%s\fP is
110 replaced with a line from \fIfile\fP.
113 Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should be
114 a string-represented DN as defined in RFC 1779.
117 Prompt for simple authentication.
118 This is used instead of specifying the password on the command line.
121 Use \fIpasswd\fP as the password for simple authentication.
124 Specify an alternate host on which the ldap server is running.
127 Specify an alternate TCP port where the ldap server is listening.
129 .BI \-P \ 2\fR\||\|\fI3
130 Specify the LDAP protocol version to use.
133 Do a recursive delete. If the DN specified isn't a leaf, its
134 children, and all their children are deleted down the tree. No
135 verification is done, so if you add this switch, ldapdelete will
136 happily delete large portions of your tree. Use with care.
139 Requset the use of SASL privacy (encryption). If the server allows it, data
140 sent between the client and the server will be encrypted. If the server
141 requires the use of encryption and this flag is not specified, the command
142 will fail. If you use
144 , the command will fail if the server does not support encryption.
150 Request the use of SASL integrity checking. It protects data sent between the
151 client and the server from being modified along the way, but it does not
152 prevent sniffing. If the server requires the use of integrity checking and
153 this flag is not specified, the command will fail.If you use
155 , the command will fail if the server does not support this function.
158 Specify the username for SASL bind. The syntax of the username depends on the
159 actual SASL mechanism used.
162 Specify the requested authorization ID for SASL bind.
164 must be one of the following formats:
166 .I <distinguished name>
172 Specify the SASL mechanism to be used for authentication. If it's not
173 specified, the program will choose the best mechanism the server knows.
176 Issue StartTLS (Transport Layer Security) extended operation. If you use
178 , the command will require the operation to be successful.
180 The following command:
183 ldapdelete "cn=Delete Me, dc=OpenLDAP, dc=org"
186 will attempt to delete the entry named with commonName "Delete Me"
187 directly below the "dc=OpenLDAP, dc=org" entry. Of
188 course it would probably be necessary to supply a \fIbinddn\fP and
189 \fIpasswd\fP for deletion to be allowed (see the -D and -w options).
191 Exit status is 0 if no errors occur. Errors result in a non-zero exit
192 status and a diagnostic message being written to standard error.
203 .IR "A String Representation of Distinguished Names",
206 ISODE Consortium, March 1995.
208 There is no interactive mode, but there probably should be.
211 is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
213 is derived from University of Michigan LDAP 3.3 Release.