1 .TH LDAPDELETE 1 "12 July 2000" "OpenLDAP LDVERSION"
3 .\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
4 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 ldapdelete \- LDAP delete entry tool
24 .BI \-d \ debuglevel\fR]
34 .BI \-h \ ldaphost\fR]
36 .BI \-P \ 2\fR\||\|\fI3\fR]
38 .BI \-p \ ldapport\fR]
40 .BR \-O \ security-properties ]
42 .BI \-U \ username\fR]
53 is a shell-accessible interface to the
58 opens a connection to an LDAP server, binds, and deletes one or more
59 entries. If one or more \fIdn\fP arguments are provided, entries with
60 those Distinguished Names are deleted. Each \fIdn\fP should be a
61 string-represented DN as defined in RFC 1779. If no \fIdn\fP arguments
62 are provided, a list of DNs is read from standard input (or from
63 \fIfile\fP if the -f flag is used).
67 Show what would be done, but don't actually delete entries. Useful for
68 debugging in conjunction with -v.
71 Use verbose mode, with many diagnostics written to standard output.
74 Use Kerberos authentication instead of simple authentication. It is
75 assumed that you already have a valid ticket granting ticket. This option
78 is compiled with KERBEROS defined.
81 Same as \-k, but only does step 1 of the kerberos bind. This is useful
82 when connecting to a slapd and there is no x500dsa.hostname principal
83 registered with your kerberos servers.
86 Automatically chase referrals.
89 Continuous operation mode. Errors are reported, but
91 will continue with deletions. The default is to exit after
95 Enable manage DSA IT control.
97 makes control critical.
100 Set the LDAP debugging level to \fIdebuglevel\fP.
102 must be compiled with LDAP_DEBUG defined for this option to have any effect.
105 Read a series of lines from \fIfile\fP, performing one LDAP search for
106 each line. In this case, the \fIfilter\fP given on the command line
107 is treated as a pattern where the first occurrence of \fB%s\fP is
108 replaced with a line from \fIfile\fP.
111 Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should be
112 a string-represented DN as defined in RFC 1779.
115 Prompt for simple authentication.
116 This is used instead of specifying the password on the command line.
119 Use \fIpasswd\fP as the password for simple authentication.
122 Specify an alternate host on which the ldap server is running.
125 Specify an alternate TCP port where the ldap server is listening.
127 .BI \-P \ 2\fR\||\|\fI3
128 Specify the LDAP protocol version to use.
131 Do a recursive delete. If the DN specified isn't a leaf, its
132 children, and all their children are deleted down the tree. No
133 verification is done, so if you add this switch, ldapdelete will
134 happily delete large portions of your tree. Use with care.
136 .BI \-O \ security-properties
137 Specify SASL security properties.
140 Specify the username for SASL bind. The syntax of the username depends on the
141 actual SASL mechanism used.
144 Specify the requested authorization ID for SASL bind.
146 must be one of the following formats:
148 .I <distinguished name>
154 Specify the SASL mechanism to be used for authentication. If it's not
155 specified, the program will choose the best mechanism the server knows.
158 Issue StartTLS (Transport Layer Security) extended operation. If you use
160 , the command will require the operation to be successful.
162 The following command:
165 ldapdelete "cn=Delete Me, dc=OpenLDAP, dc=org"
168 will attempt to delete the entry named with commonName "Delete Me"
169 directly below the "dc=OpenLDAP, dc=org" entry. Of
170 course it would probably be necessary to supply a \fIbinddn\fP and
171 \fIpasswd\fP for deletion to be allowed (see the -D and -w options).
173 Exit status is 0 if no errors occur. Errors result in a non-zero exit
174 status and a diagnostic message being written to standard error.
185 .IR "A String Representation of Distinguished Names",
188 ISODE Consortium, March 1995.
190 There is no interactive mode, but there probably should be.
192 The OpenLDAP Project <http://www.openldap.org/>
195 is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
197 is derived from University of Michigan LDAP 3.3 Release.