.TH LDAPDELETE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2012 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapdelete \- LDAP delete entry tool
.SH SYNOPSIS
.B ldapdelete
[\c
+.BR \-V [ V ]]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
.BR \-n ]
[\c
.BR \-v ]
[\c
.BR \-c ]
[\c
-.BR \-M [ M ]]
+.BI \-f \ file\fR]
[\c
-.BI \-d \ debuglevel\fR]
+.BR \-r ]
[\c
-.BI \-f \ file\fR]
+.BI \-z \ sizelimit\fR]
+[\c
+.BR \-M [ M ]]
+[\c
+.BR \-x ]
[\c
.BI \-D \ binddn\fR]
[\c
[\c
.BI \-h \ ldaphost\fR]
[\c
-.BR \-P \ { 2 \||\| 3 }]
-[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-O \ security-properties\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BI \-U \ authcid\fR]
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
-.BI \-R \ realm\fR]
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
-.BR \-r ]
+.BI \-o \ opt \fR[= optparam \fR]]
[\c
-.BR \-x ]
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
.BR \-Q ]
[\c
+.BR \-N ]
+[\c
+.BI \-U \ authcid\fR]
+[\c
+.BI \-R \ realm\fR]
+[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
-.BI \-z \ sizelimit\fR]
-[\c
.BR \-Z [ Z ]]
[\c
.IR DN \ [ ... ]]
\fIfile\fP if the \fB\-f\fP flag is used).
.SH OPTIONS
.TP
+.BR \-V [ V ]
+Print version info.
+If \fB\-VV\fP is given, only the version information is printed.
+.TP
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldapdelete
+must be compiled with LDAP_DEBUG defined for this option to have any effect.
+.TP
.B \-n
Show what would be done, but don't actually delete entries. Useful for
debugging in conjunction with \fB\-v\fP.
will continue with deletions. The default is to exit after
reporting an error.
.TP
+.BI \-f \ file
+Read a series of DNs from \fIfile\fP, one per line, performing an
+LDAP delete for each.
+.TP
+.B \-r
+Do a recursive delete. If the DN specified isn't a leaf, its
+children, and all their children are deleted down the tree. No
+verification is done, so if you add this switch, ldapdelete will
+happily delete large portions of your tree. Use with care.
+.TP
+.BI \-z \ sizelimit
+Use \fIsizelimit\fP when searching for children DN to delete,
+to circumvent any server-side size limit. Only useful in conjunction
+with \fB\-r\fP.
+.TP
.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
-.BI \-d \ debuglevel
-Set the LDAP debugging level to \fIdebuglevel\fP.
-.B ldapdelete
-must be compiled with LDAP_DEBUG defined for this option to have any effect.
-.TP
-.BI \-f \ file
-Read a series of DNs from \fIfile\fP, one per line, performing an
-LDAP delete for each.
-.TP
.B \-x
Use simple authentication instead of SASL.
.TP
.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
-.B \-r
-Do a recursive delete. If the DN specified isn't a leaf, its
-children, and all their children are deleted down the tree. No
-verification is done, so if you add this switch, ldapdelete will
-happily delete large portions of your tree. Use with care.
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
.TP
-.BI \-z \ sizelimit
-Use \fIsizelimit\fP when searching for children DN to delete,
-to circumvent any server-side size limit. Only useful in conjunction
-with \fB\-r\fP.
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+
+Specify general extensions with \fB\-e\fP and delete extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
+
+General extensions:
+.nf
+ [!]assert=<filter> (an RFC 4515 Filter)
+ !authzid=<authzid> ("dn:<dn>" or "u:<user>")
+ [!]bauthzid (RFC 3829 authzid control)
+ [!]chaining[=<resolve>[/<cont>]]
+ [!]manageDSAit
+ [!]noop
+ ppolicy
+ [!]postread[=<attrs>] (a comma-separated attribute list)
+ [!]preread[=<attrs>] (a comma-separated attribute list)
+ [!]relax
+ sessiontracking
+ abandon,cancel,ignore (SIGINT sends abandon/cancel,
+ or ignores response; if critical, doesn't wait for SIGINT.
+ not really controls)
+.fi
+
+Delete extensions:
+.nf
+ (none)
+.fi
+.TP
+.BI \-o \ opt \fR[= optparam \fR]
+
+Specify general options.
+
+General options:
+.nf
+ nettimeout=<timeout> (in seconds, or "none" or "max")
+ ldif-wrap=<width> (in columns, or "no" for no wrapping)
+.fi
.TP
.BI \-O \ security-properties
Specify SASL security properties.
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
+.B \-N
+Do not use reverse DNS to canonicalize SASL host name.
+.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the identity depends on the
actual SASL mechanism used.