Merge branch 'mdb.master' of ssh://git-master.openldap.org/~git/git/openldap

[openldap] / doc / man / man1 / ldapcompare.1

diff --git a/doc/man/man1/ldapcompare.1 b/doc/man/man1/ldapcompare.1
index df7b73173934d5604ce6b78b281c8d9d1335c92c..18b1ef13d0698700b15507f153bf3b2d6569c000 100644 (file)
--- a/doc/man/man1/ldapcompare.1
+++ b/doc/man/man1/ldapcompare.1
@@ -1,6 +1,6 @@
 .TH LDAPCOMPARE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
 .\" $OpenLDAP$
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2011 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldapcompare \- LDAP compare tool
@@ -13,7 +13,7 @@ ldapcompare \- LDAP compare tool
 [\c
 .BR \-z ]
 [\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
 [\c
 .BI \-d \ debuglevel\fR]
 [\c
@@ -31,9 +31,13 @@ ldapcompare \- LDAP compare tool
 [\c
 .BI \-p \ ldapport\fR]
 [\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
 [\c
-.BR \-O \ security-properties ]
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BI \-O \ security-properties\fR]
 [\c
 .BR \-I ]
 [\c
@@ -49,10 +53,12 @@ ldapcompare \- LDAP compare tool
 [\c
 .BI \-Y \ mech\fR]
 [\c
-.BR \-Z[Z] ]
-.IR DN \ <
-.BR attr:value \ |
-.BR attr::b64value \ >
+.BR \-Z [ Z ]]
+.IR DN
+{\c
+.BI attr: value
+|
+.BI attr:: b64value\fR}
 .SH DESCRIPTION
 .I ldapcompare
 is a shell-accessible interface to the
@@ -66,14 +72,14 @@ name in the directory.  \fIAttr\fP should be a known attribute.  If
 followed by one colon, the assertion \fIvalue\fP should be provided
 as a string.  If followed by two colons, the base64 encoding of the
 value is provided.  The result code of the compare is provided as
-the exit code and, unless ran with -z, the program prints
+the exit code and, unless ran with \fB\-z\fP, the program prints
 TRUE, FALSE, or UNDEFINED on standard output.
 .LP
 .SH OPTIONS
 .TP
 .B \-n
 Show what would be done, but don't actually perform the compare.  Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
 .TP
 .B \-v
 Run in verbose mode, with many diagnostics written to standard output.
@@ -82,7 +88,7 @@ Run in verbose mode, with many diagnostics written to standard output.
 Run in quiet mode, no output is written.  You must check the return
 status.  Useful in shell scripts.
 .TP
-.B \-M[M]
+.BR \-M [ M ]
 Enable manage DSA IT control.
 .B \-MM
 makes control critical.
@@ -97,7 +103,7 @@ Use simple authentication instead of SASL.
 .TP
 .BI \-D \ binddn
 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
 .TP
 .B \-W
 Prompt for simple authentication.
@@ -120,7 +126,7 @@ by default appends a trailing newline to the echoed string.
 The recommended portable way to store a cleartext password in a file
 for use with this option is to use
 .BR slappasswd (8)
-with \fI{CLEARTEXT}\fP as hash and the option \fI\-n\fP.
+with \fI{CLEARTEXT}\fP as hash and the option \fB\-n\fP.
 .TP
 .BI \-H \ ldapuri
 Specify URI(s) referring to the ldap server(s); only the protocol/host/port
@@ -129,15 +135,45 @@ is expected.
 .TP
 .BI \-h \ ldaphost
 Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
 .TP
 .BI \-p \ ldapport
 Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
 .TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
 Specify the LDAP protocol version to use.
 .TP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+.TP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+
+Specify general extensions with \fB\-e\fP and compare extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
+
+General extensions:
+.nf
+  [!]assert=<filter>    (an RFC 4515 Filter)
+  !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
+  [!]bauthzid           (RFC 3829 authzid control)
+  [!]chaining[=<resolve>[/<cont>]]
+  [!]manageDSAit
+  [!]noop
+  ppolicy
+  [!]postread[=<attrs>] (a comma-separated attribute list)
+  [!]preread[=<attrs>]  (a comma-separated attribute list)
+  [!]relax
+  sessiontracking[=<username>]
+  abandon,cancel,ignore (SIGINT sends abandon/cancel,
+  or ignores response; if critical, doesn't wait for SIGINT.
+  not really controls)
+.fi
+
+Compare extensions:
+.nf
+  !dontUseCopy
+.fi
+.TP
 .BI \-O \ security-properties
 Specify SASL security properties.
 .TP
@@ -160,20 +196,17 @@ depends on the actual SASL mechanism used.
 Specify the requested authorization ID for SASL bind.
 .I authzid
 must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
 or
-.B u:\c
-.I <username>
+.BI u: <username>
 .TP
 .BI \-Y \ mech
 Specify the SASL mechanism to be used for authentication. If it's not
 specified, the program will choose the best mechanism the server knows.
 .TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
 Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
 .SH EXAMPLES
 .nf
     ldapcompare "uid=babs,dc=example,dc=com"  sn:Jensen