.SH SYNOPSIS
ldapexop
[\c
-.BI \-d \ level\fR]
+.BR \-V [ V ]]
[\c
-.BI \-D \ binddn\fR]
+.BI \-d \ debuglevel\fR]
+[\c
+.BR \-n ]
[\c
-.BI \-e \ [!]ext[=extparam]\fR]
+.BR \-v ]
[\c
.BI \-f \ file\fR]
[\c
-.BI \-h \ host\fR]
+.BR \-x ]
[\c
-.BI \-H \ URI\fR]
+.BI \-D \ binddn\fR]
[\c
-.BR \-I ]
+.BR \-W ]
[\c
-.BR \-n ]
+.BI \-w \ passwd\fR]
[\c
-.BR \-N ]
+.BI \-y \ passwdfile\fR]
[\c
-.BI \-O \ security-properties\fR]
+.BI \-H \ URI\fR]
[\c
-.BI \-o \ [!]ext[=extparam]\fR]
+.BI \-h \ ldaphost\fR]
[\c
-.BI \-p \ port\fR]
+.BI \-p \ ldapport\fR]
[\c
-.BR \-Q ]
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
-.BI \-R \ realm\fR]
+.BI \-o \ opt \fR[= optparam \fR]]
[\c
-.BI \-U \ authcid\fR]
+.BI \-O \ security-properties\fR]
[\c
-.BR \-v ]
+.BR \-I ]
[\c
-.BR \-V ]
+.BR \-Q ]
[\c
-.BI \-w \ passwd\fR]
+.BR \-N ]
[\c
-.BR \-W ]
+.BI \-U \ authcid\fR]
[\c
-.BR \-x ]
+.BI \-R \ realm\fR]
[\c
.BI \-X \ authzid\fR]
[\c
-.BI \-y \ file\fR]
-[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
-\ {
+.BR \-Z [ Z ]]
+{\c
.I oid
|
.BI oid: data
|
.BI cancel \ cancel-id
|
-.BI refresh \ DN \ \fR[\fIttl\fR]
-}
+.BI refresh \ DN \ \fR[\fIttl\fR]}
.SH DESCRIPTION
ldapexop issues the LDAP extended operation specified by \fBoid\fP
.SH OPTIONS
.TP
-.BI \-d \ level
-Set the LDAP debugging level to \fIlevel\fP.
+.BI \-V [ V ]
+Print version info.
+If\fB\-VV\fP is given, only the version information is printed.
.TP
-.BI \-D \ binddn
-Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
.TP
-.BI \-e \ [!]ext[=extparam]
-Specify general extensions. \'!\' indicates criticality.
-.nf
- [!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
- [!]authzid=<authzid> (RFC 4370; "dn:<dn>" or "u:<user>")
- [!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
- one of "chainingPreferred", "chainingRequired",
- "referralsPreferred", "referralsRequired"
- [!]manageDSAit (RFC 3296)
- [!]noop
- ppolicy
- [!]postread[=<attrs>] (RFC 4527; comma-separated attr list)
- [!]preread[=<attrs>] (RFC 4527; comma-separated attr list)
- [!]relax
- abandon, cancel, ignore (SIGINT sends abandon/cancel,
- or ignores response; if critical, doesn't wait for SIGINT.
- not really controls)
-.fi
+.BI \-n
+Show what would be done but don't actually do it.
+Useful for debugging in conjunction with \fB\-v\fP.
+.TP
+.BI \-v
+Run in verbose mode, with many diagnostics written to standard output.
.TP
.BI \-f \ file
Read operations from \fIfile\fP.
.TP
-.BI \-h \ host
-Specify the host on which the ldap server is running.
-Deprecated in favor of \fB-H\fP.
+.BI \-x
+Use simple authentication instead of SASL.
+.TP
+.BI \-D \ binddn
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+.TP
+.BI \-W
+Prompt for simple authentication.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-w \ passwd
+Use \fIpasswd\fP as the password for simple authentication.
+.TP
+.BI \-y \ passwdfile
+Use complete contents of \fIpasswdfile\fP as the password for
+simple authentication.
.TP
.BI \-H \ URI
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
fields are allowed; a list of URI, separated by whitespace or commas
is expected.
.TP
-.BI \-I
-Enable SASL Interactive mode. Always prompt. Default is to prompt
-only as needed.
-.TP
-.BI \-n
-Show what would be done but don't actually do it.
-Useful for debugging in conjunction with \fB-v\fP.
+.BI \-h \ ldaphost
+Specify the host on which the ldap server is running.
+Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-N
-Do not use reverse DNS to canonicalize SASL host name.
+.BI \-p \ ldapport
+Specify the TCP port where the ldap server is listening.
+Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-O \ security-properties
-Specify SASL security properties.
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+Specify general extensions. \'!\' indicates criticality.
+.nf
+ [!]assert=<filter> (an RFC 4515 Filter)
+ !authzid=<authzid> ("dn:<dn>" or "u:<user>")
+ [!]bauthzid (RFC 3829 authzid control)
+ [!]chaining[=<resolve>[/<cont>]]
+ [!]manageDSAit
+ [!]noop
+ ppolicy
+ [!]postread[=<attrs>] (a comma-separated attribute list)
+ [!]preread[=<attrs>] (a comma-separated attribute list)
+ [!]relax
+ sessiontracking[=<username>]
+ abandon,cancel,ignore (SIGINT sends abandon/cancel,
+ or ignores response; if critical, doesn't wait for SIGINT.
+ not really controls)
+.fi
.TP
-.BI \-o \ opt[=optparam]
-Specify general options:
+.BI \-o \ opt \fR[= optparam \fR]
+
+Specify general options.
+
+General options:
.nf
- nettimeout=<timeout> (in seconds, or "none" or "max")
+ nettimeout=<timeout> (in seconds, or "none" or "max")
+ ldif-wrap=<width> (in columns, or "no" for no wrapping)
.fi
.TP
-.BI \-p \ port
-Specify the TCP port where the ldap server is listening.
-Deprecated in favor of \fB-H\fP.
+.BI \-O \ security-properties
+Specify SASL security properties.
+.TP
+.BI \-I
+Enable SASL Interactive mode. Always prompt. Default is to prompt
+only as needed.
.TP
.BI \-Q
Enable SASL Quiet mode. Never prompt.
.TP
-.BI \-R \ realm
-Specify the realm of authentication ID for SASL bind. The form of the realm
-depends on the actual SASL mechanism used.
+.B \-N
+Do not use reverse DNS to canonicalize SASL host name.
.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
.TP
-.BI \-v
-Run in verbose mode, with many diagnostics written to standard output.
-.TP
-.BI \-V
-Print version info and usage message.
-If\fB-VV\fP is given, only the version information is printed.
-.TP
-.BI \-w \ passwd
-Use \fIpasswd\fP as the password for simple authentication.
-.TP
-.BI \-W
-Prompt for simple authentication.
-This is used instead of specifying the password on the command line.
-.TP
-.BI \-x
-Use simple authentication instead of SASL.
+.BI \-R \ realm
+Specify the realm of authentication ID for SASL bind. The form of the realm
+depends on the actual SASL mechanism used.
.TP
.BI \-X \ authzid
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
-.TP
-.BI \-y \ file
-Use complete contents of \fIfile\fP as the password for
-simple authentication.
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication.
Without this option, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation.
-Giving it twice (\fB-ZZ\fP) will require the operation to be successful.
+Giving it twice (\fB\-ZZ\fP) will require the operation to be successful.
.SH DIAGNOSTICS
Exit status is zero if no errors occur.
Do not expect it to be complete or absolutely correct.
.SH ACKNOWLEDGEMENTS
-The OpenLDAP Project <http://www.openldap.org/>
+.so ../Project