1 .TH LDAPDELETE 1 "12 July 2000" "OpenLDAP LDVERSION"
3 .\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
4 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 ldapdelete \- LDAP delete entry tool
24 .BI \-d \ debuglevel\fR]
34 .BI \-h \ ldaphost\fR]
36 .BI \-P \ 2\fR\||\|\fI3\fR]
38 .BI \-p \ ldapport\fR]
40 .BR \-O \ security-properties ]
42 .BI \-U \ username\fR]
59 is a shell-accessible interface to the
64 opens a connection to an LDAP server, binds, and deletes one or more
65 entries. If one or more \fIdn\fP arguments are provided, entries with
66 those Distinguished Names are deleted. Each \fIdn\fP should be a
67 string-represented DN as defined in RFC 1779. If no \fIdn\fP arguments
68 are provided, a list of DNs is read from standard input (or from
69 \fIfile\fP if the -f flag is used).
73 Show what would be done, but don't actually delete entries. Useful for
74 debugging in conjunction with -v.
77 Use verbose mode, with many diagnostics written to standard output.
80 Use Kerberos authentication instead of simple authentication. It is
81 assumed that you already have a valid ticket granting ticket. This option
84 is compiled with KERBEROS defined.
87 Same as \-k, but only does step 1 of the kerberos bind. This is useful
88 when connecting to a slapd and there is no x500dsa.hostname principal
89 registered with your kerberos servers.
92 Automatically chase referrals.
95 Continuous operation mode. Errors are reported, but
97 will continue with deletions. The default is to exit after
101 Enable manage DSA IT control.
103 makes control critical.
106 Set the LDAP debugging level to \fIdebuglevel\fP.
108 must be compiled with LDAP_DEBUG defined for this option to have any effect.
111 Read a series of lines from \fIfile\fP, performing one LDAP search for
112 each line. In this case, the \fIfilter\fP given on the command line
113 is treated as a pattern where the first occurrence of \fB%s\fP is
114 replaced with a line from \fIfile\fP.
117 Use simple authentication instead of SASL.
120 Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should be
121 a string-represented DN as defined in RFC 1779.
124 Prompt for simple authentication.
125 This is used instead of specifying the password on the command line.
128 Use \fIpasswd\fP as the password for simple authentication.
131 Specify an alternate host on which the ldap server is running.
134 Specify an alternate TCP port where the ldap server is listening.
136 .BI \-P \ 2\fR\||\|\fI3
137 Specify the LDAP protocol version to use.
140 Do a recursive delete. If the DN specified isn't a leaf, its
141 children, and all their children are deleted down the tree. No
142 verification is done, so if you add this switch, ldapdelete will
143 happily delete large portions of your tree. Use with care.
145 .BI \-O \ security-properties
146 Specify SASL security properties.
149 Enable SASL Interactive mode. Always prompt. Default is to prompt
153 Enable SASL Quiet mode. Never prompt.
156 Specify the username for SASL bind. The syntax of the username depends on the
157 actual SASL mechanism used.
160 Specify the requested authorization ID for SASL bind.
162 must be one of the following formats:
164 .I <distinguished name>
170 Specify the SASL mechanism to be used for authentication. If it's not
171 specified, the program will choose the best mechanism the server knows.
174 Issue StartTLS (Transport Layer Security) extended operation. If you use
176 , the command will require the operation to be successful.
178 The following command:
181 ldapdelete "cn=Delete Me, dc=OpenLDAP, dc=org"
184 will attempt to delete the entry named with commonName "Delete Me"
185 directly below the "dc=OpenLDAP, dc=org" entry. Of
186 course it would probably be necessary to supply a \fIbinddn\fP and
187 \fIpasswd\fP for deletion to be allowed (see the -D and -w options).
189 Exit status is 0 if no errors occur. Errors result in a non-zero exit
190 status and a diagnostic message being written to standard error.
201 .IR "A String Representation of Distinguished Names",
204 ISODE Consortium, March 1995.
206 There is no interactive mode, but there probably should be.
208 The OpenLDAP Project <http://www.openldap.org/>
211 is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
213 is derived from University of Michigan LDAP 3.3 Release.