2 .\" This contribution is derived from OpenLDAP Software.
3 .\" All of the modifications to OpenLDAP Software represented in this
4 .\" contribution were developed by Peter Marschall <peter@adpm.de>.
5 .\" I have not assigned rights and/or interest in this work to any party.
7 .\" Copyright 2009 Peter Marschall
8 .\" Redistribution and use in source and binary forms, with or without
9 .\" modification, are permitted only as authorized by the OpenLDAP Public License.
11 .\" A copy of this license is available in file LICENSE in the
12 .\" top-level directory of the distribution or, alternatively, at
13 .\" http://www.OpenLDAP.org/license.html.
18 ldapexop \- issue LDAP extended operations
27 .BI \-e \ [!]ext[=extparam]\fR]
41 .BI \-O \ security-properties\fR]
43 .BI \-o \ [!]ext[=extparam]\fR]
79 .BI cancel \ cancel-id
81 .BI refresh \ DN \ \fR[\fIttl\fR]
85 ldapexop issues the LDAP extended operation specified by \fBoid\fP
86 or one of the special keywords \fBwhoami\fP, \fBcancel\fP, or \fBrefresh\fP.
88 Additional data for the extended operation can be passed to the server using
89 \fIdata\fP or base-64 encoded as \fIb64data\fP in the case of \fBoid\fP,
90 or using the additional parameters in the case of the specially named extended
93 Please note that ldapexop behaves differently for the same extended operation
94 when it was given as an OID or as a specialliy named operation:
96 Calling ldapexop with the OID of the \fBwhoami\fP (RFC 4532) extended operation
99 ldapexop [<options>] 1.3.6.1.4.1.4203.1.11.3
105 # extended operation response
106 data:: <base64 encoded response data>
109 while calling it with the keyword \fBwhoami\fP
112 ldapexop [<options>] whoami
118 dn:<client's identity>
126 Set the LDAP debugging level to \fIlevel\fP.
129 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
131 .BI \-e \ [!]ext[=extparam]
132 Specify general extensions. \'!\' indicates criticality.
134 [!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
135 [!]authzid=<authzid> (RFC 4370; "dn:<dn>" or "u:<user>")
136 [!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
137 one of "chainingPreferred", "chainingRequired",
138 "referralsPreferred", "referralsRequired"
139 [!]manageDSAit (RFC 3296)
142 [!]postread[=<attrs>] (RFC 4527; comma-separated attr list)
143 [!]preread[=<attrs>] (RFC 4527; comma-separated attr list)
145 abandon, cancel, ignore (SIGINT sends abandon/cancel,
146 or ignores response; if critical, doesn't wait for SIGINT.
151 Read operations from \fIfile\fP.
154 Specify the host on which the ldap server is running.
155 Deprecated in favor of \fB-H\fP.
158 Specify URI(s) referring to the ldap server(s); only the protocol/host/port
159 fields are allowed; a list of URI, separated by whitespace or commas
163 Enable SASL Interactive mode. Always prompt. Default is to prompt
167 Show what would be done but don't actually do it.
168 Useful for debugging in conjunction with \fB-v\fP.
171 Do not use reverse DNS to canonicalize SASL host name.
173 .BI \-O \ security-properties
174 Specify SASL security properties.
176 .BI \-o \ opt[=optparam]
177 Specify general options:
179 nettimeout=<timeout> (in seconds, or "none" or "max")
183 Specify the TCP port where the ldap server is listening.
184 Deprecated in favor of \fB-H\fP.
187 Enable SASL Quiet mode. Never prompt.
190 Specify the realm of authentication ID for SASL bind. The form of the realm
191 depends on the actual SASL mechanism used.
194 Specify the authentication ID for SASL bind. The form of the ID
195 depends on the actual SASL mechanism used.
198 Run in verbose mode, with many diagnostics written to standard output.
201 Print version info and usage message.
202 If\fB-VV\fP is given, only the version information is printed.
205 Use \fIpasswd\fP as the password for simple authentication.
208 Prompt for simple authentication.
209 This is used instead of specifying the password on the command line.
212 Use simple authentication instead of SASL.
215 Specify the requested authorization ID for SASL bind.
217 must be one of the following formats:
219 .I <distinguished name>
225 Use complete contents of \fIfile\fP as the password for
226 simple authentication.
229 Specify the SASL mechanism to be used for authentication.
230 Without this option, the program will choose the best mechanism the server knows.
233 Issue StartTLS (Transport Layer Security) extended operation.
234 Giving it twice (\fB-ZZ\fP) will require the operation to be successful.
237 Exit status is zero if no errors occur.
238 Errors result in a non-zero exit status and
239 a diagnostic message being written to standard error.
242 .BR ldap_extended_operation_s (3)
245 This manual page was written by Peter Marschall
246 based on \fBldapexop\fP's usage message and a few tests
248 Do not expect it to be complete or absolutely correct.
251 The OpenLDAP Project <http://www.openldap.org/>