.TH LDAPDELETE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2012 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapdelete \- LDAP delete entry tool
.SH SYNOPSIS
.B ldapdelete
[\c
+.BR \-V [ V ]]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
.BR \-n ]
[\c
.BR \-v ]
[\c
.BR \-c ]
[\c
-.BR \-M [ M ]]
+.BI \-f \ file\fR]
[\c
-.BI \-d \ debuglevel\fR]
+.BR \-r ]
[\c
-.BI \-f \ file\fR]
+.BI \-z \ sizelimit\fR]
+[\c
+.BR \-M [ M ]]
+[\c
+.BR \-x ]
[\c
.BI \-D \ binddn\fR]
[\c
[\c
.BI \-h \ ldaphost\fR]
[\c
+.BI \-p \ ldapport\fR]
+[\c
.BR \-P \ { 2 \||\| 3 }]
[\c
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
-.BI \-p \ ldapport\fR]
+.BI \-o \ opt \fR[= optparam \fR]]
[\c
.BI \-O \ security-properties\fR]
[\c
-.BI \-U \ authcid\fR]
-[\c
-.BI \-R \ realm\fR]
+.BR \-I ]
[\c
-.BR \-r ]
+.BR \-Q ]
[\c
-.BR \-x ]
+.BR \-N ]
[\c
-.BR \-I ]
+.BI \-U \ authcid\fR]
[\c
-.BR \-Q ]
+.BI \-R \ realm\fR]
[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
-.BI \-z \ sizelimit\fR]
-[\c
.BR \-Z [ Z ]]
[\c
.IR DN \ [ ... ]]
\fIfile\fP if the \fB\-f\fP flag is used).
.SH OPTIONS
.TP
+.BR \-V [ V ]
+Print version info.
+If \fB\-VV\fP is given, only the version information is printed.
+.TP
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldapdelete
+must be compiled with LDAP_DEBUG defined for this option to have any effect.
+.TP
.B \-n
Show what would be done, but don't actually delete entries. Useful for
debugging in conjunction with \fB\-v\fP.
will continue with deletions. The default is to exit after
reporting an error.
.TP
+.BI \-f \ file
+Read a series of DNs from \fIfile\fP, one per line, performing an
+LDAP delete for each.
+.TP
+.B \-r
+Do a recursive delete. If the DN specified isn't a leaf, its
+children, and all their children are deleted down the tree. No
+verification is done, so if you add this switch, ldapdelete will
+happily delete large portions of your tree. Use with care.
+.TP
+.BI \-z \ sizelimit
+Use \fIsizelimit\fP when searching for children DN to delete,
+to circumvent any server-side size limit. Only useful in conjunction
+with \fB\-r\fP.
+.TP
.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
-.BI \-d \ debuglevel
-Set the LDAP debugging level to \fIdebuglevel\fP.
-.B ldapdelete
-must be compiled with LDAP_DEBUG defined for this option to have any effect.
-.TP
-.BI \-f \ file
-Read a series of DNs from \fIfile\fP, one per line, performing an
-LDAP delete for each.
-.TP
.B \-x
Use simple authentication instead of SASL.
.TP
.TP
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
-Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
+Specify general extensions with \fB\-e\fP and delete extensions with \fB\-E\fP.
\'\fB!\fP\' indicates criticality.
General extensions:
.nf
- [!]assert=<filter> (an RFC 4515 Filter)
- [!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
+ [!]assert=<filter> (an RFC 4515 Filter)
+ !authzid=<authzid> ("dn:<dn>" or "u:<user>")
+ [!]bauthzid (RFC 3829 authzid control)
+ [!]chaining[=<resolve>[/<cont>]]
[!]manageDSAit
[!]noop
ppolicy
- [!]postread[=<attrs>] (a comma-separated attribute list)
- [!]preread[=<attrs>] (a comma-separated attribute list)
- abandon, cancel (SIGINT sends abandon/cancel; not really controls)
+ [!]postread[=<attrs>] (a comma-separated attribute list)
+ [!]preread[=<attrs>] (a comma-separated attribute list)
+ [!]relax
+ sessiontracking
+ abandon,cancel,ignore (SIGINT sends abandon/cancel,
+ or ignores response; if critical, doesn't wait for SIGINT.
+ not really controls)
.fi
-Search extensions:
+Delete extensions:
.nf
- [!]domainScope (domain scope)
- [!]mv=<filter> (matched values filter)
- [!]pr=<size>[/prompt|noprompt] (paged results/prompt)
- [!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...] (server side sorting)
- [!]subentries[=true|false] (subentries)
- [!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
- rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)
+ (none)
.fi
.TP
-.B \-r
-Do a recursive delete. If the DN specified isn't a leaf, its
-children, and all their children are deleted down the tree. No
-verification is done, so if you add this switch, ldapdelete will
-happily delete large portions of your tree. Use with care.
-.TP
-.BI \-z \ sizelimit
-Use \fIsizelimit\fP when searching for children DN to delete,
-to circumvent any server-side size limit. Only useful in conjunction
-with \fB\-r\fP.
+.BI \-o \ opt \fR[= optparam \fR]
+
+Specify general options.
+
+General options:
+.nf
+ nettimeout=<timeout> (in seconds, or "none" or "max")
+ ldif-wrap=<width> (in columns, or "no" for no wrapping)
+.fi
.TP
.BI \-O \ security-properties
Specify SASL security properties.
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
+.B \-N
+Do not use reverse DNS to canonicalize SASL host name.
+.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the identity depends on the
actual SASL mechanism used.