X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=doc%2Fman%2Fman1%2Fldapdelete.1;h=3ead25b83b34909d0c932c7ef5569769de43bc69;hb=3f46f2e0bcc6b4eb3900c6686c26d7d3698a2255;hp=ec231f8a1ba49595fadaecdbc89bfc39f16c3f77;hpb=44b42ba9c0b0a7148ee596973793dab25bed79bc;p=openldap diff --git a/doc/man/man1/ldapdelete.1 b/doc/man/man1/ldapdelete.1 index ec231f8a1b..d9b2c1c7dc 100644 --- a/doc/man/man1/ldapdelete.1 +++ b/doc/man/man1/ldapdelete.1 @@ -1,29 +1,31 @@ -.TH LDAPDELETE 1 "12 July 2000" "OpenLDAP LDVERSION" +.TH LDAPDELETE 1 "RELEASEDATE" "OpenLDAP LDVERSION" .\" $OpenLDAP$ -.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved. +.\" Copyright 1998-2012 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldapdelete \- LDAP delete entry tool .SH SYNOPSIS .B ldapdelete [\c -.BR \-n ] +.BR \-V [ V ]] [\c -.BR \-v ] +.BI \-d \ debuglevel\fR] [\c -.BR \-k ] +.BR \-n ] [\c -.BR \-K ] +.BR \-v ] [\c .BR \-c ] [\c -.BR \-C ] +.BI \-f \ file\fR] [\c -.BR \-M[M] ] +.BR \-r ] [\c -.BI \-d \ debuglevel\fR] +.BI \-z \ sizelimit\fR] [\c -.BI \-f \ file\fR] +.BR \-M [ M ]] +[\c +.BR \-x ] [\c .BI \-D \ binddn\fR] [\c @@ -31,94 +33,105 @@ ldapdelete \- LDAP delete entry tool [\c .BI \-w \ passwd\fR] [\c -.BI \-h \ ldaphost\fR] +.BI \-y \ passwdfile\fR] +[\c +.BI \-H \ ldapuri\fR] [\c -.BI \-P \ 2\fR\||\|\fI3\fR] +.BI \-h \ ldaphost\fR] [\c .BI \-p \ ldapport\fR] [\c -.BR \-O \ security-properties ] +.BR \-P \ { 2 \||\| 3 }] [\c -.BI \-U \ username\fR] +.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] [\c -.BR \-x ] +.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] +[\c +.BI \-o \ opt \fR[= optparam \fR]] +[\c +.BI \-O \ security-properties\fR] [\c .BR \-I ] [\c .BR \-Q ] [\c +.BR \-N ] +[\c +.BI \-U \ authcid\fR] +[\c +.BI \-R \ realm\fR] +[\c .BI \-X \ authzid\fR] [\c .BI \-Y \ mech\fR] [\c -.BR \-Z[Z] ] +.BR \-Z [ Z ]] [\c -.IR dn ]... +.IR DN \ [ ... ]] .SH DESCRIPTION .I ldapdelete is a shell-accessible interface to the -.BR ldap_delete (3) +.BR ldap_delete_ext (3) library call. .LP .B ldapdelete opens a connection to an LDAP server, binds, and deletes one or more -entries. If one or more \fIdn\fP arguments are provided, entries with -those Distinguished Names are deleted. Each \fIdn\fP should be a -string-represented DN as defined in RFC 1779. If no \fIdn\fP arguments +entries. If one or more \fIDN\fP arguments are provided, entries with +those Distinguished Names are deleted. Each \fIDN\fP should be provided +using the LDAPv3 string representation as defined in RFC 4514. +If no \fIDN\fP arguments are provided, a list of DNs is read from standard input (or from -\fIfile\fP if the -f flag is used). +\fIfile\fP if the \fB\-f\fP flag is used). .SH OPTIONS .TP +.BR \-V [ V ] +Print version info. +If \fB\-VV\fP is given, only the version information is printed. +.TP +.BI \-d \ debuglevel +Set the LDAP debugging level to \fIdebuglevel\fP. +.B ldapdelete +must be compiled with LDAP_DEBUG defined for this option to have any effect. +.TP .B \-n Show what would be done, but don't actually delete entries. Useful for -debugging in conjunction with -v. +debugging in conjunction with \fB\-v\fP. .TP .B \-v Use verbose mode, with many diagnostics written to standard output. .TP -.B \-k -Use Kerberos authentication instead of simple authentication. It is -assumed that you already have a valid ticket granting ticket. This option -only has effect if -. B ldapdelete -is compiled with KERBEROS defined. -.TP -.B \-K -Same as \-k, but only does step 1 of the kerberos bind. This is useful -when connecting to a slapd and there is no x500dsa.hostname principal -registered with your kerberos servers. -.TP -.B \-C -Automatically chase referrals. -.TP .B \-c Continuous operation mode. Errors are reported, but .B ldapdelete will continue with deletions. The default is to exit after reporting an error. .TP -.B \-M[M] +.BI \-f \ file +Read a series of DNs from \fIfile\fP, one per line, performing an +LDAP delete for each. +.TP +.B \-r +Do a recursive delete. If the DN specified isn't a leaf, its +children, and all their children are deleted down the tree. No +verification is done, so if you add this switch, ldapdelete will +happily delete large portions of your tree. Use with care. +.TP +.BI \-z \ sizelimit +Use \fIsizelimit\fP when searching for children DN to delete, +to circumvent any server-side size limit. Only useful in conjunction +with \fB\-r\fP. +.TP +.BR \-M [ M ] Enable manage DSA IT control. .B \-MM makes control critical. .TP -.BI \-d \ debuglevel -Set the LDAP debugging level to \fIdebuglevel\fP. -.B ldapdelete -must be compiled with LDAP_DEBUG defined for this option to have any effect. -.TP -.BI \-f \ file -Read a series of lines from \fIfile\fP, performing one LDAP search for -each line. In this case, the \fIfilter\fP given on the command line -is treated as a pattern where the first occurrence of \fB%s\fP is -replaced with a line from \fIfile\fP. -.TP .B \-x Use simple authentication instead of SASL. .TP .BI \-D \ binddn -Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should be -a string-represented DN as defined in RFC 1779. +Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory. +For SASL binds, the server is expected to ignore this value. .TP .B \-W Prompt for simple authentication. @@ -127,20 +140,65 @@ This is used instead of specifying the password on the command line. .BI \-w \ passwd Use \fIpasswd\fP as the password for simple authentication. .TP +.BI \-y \ passwdfile +Use complete contents of \fIpasswdfile\fP as the password for +simple authentication. +.TP +.BI \-H \ ldapuri +Specify URI(s) referring to the ldap server(s); only the protocol/host/port +fields are allowed; a list of URI, separated by whitespace or commas +is expected. +.TP .BI \-h \ ldaphost Specify an alternate host on which the ldap server is running. +Deprecated in favor of \fB\-H\fP. .TP .BI \-p \ ldapport Specify an alternate TCP port where the ldap server is listening. +Deprecated in favor of \fB\-H\fP. .TP -.BI \-P \ 2\fR\||\|\fI3 +.BR \-P \ { 2 \||\| 3 } Specify the LDAP protocol version to use. .TP -.B \-r -Do a recursive delete. If the DN specified isn't a leaf, its -children, and all their children are deleted down the tree. No -verification is done, so if you add this switch, ldapdelete will -happily delete large portions of your tree. Use with care. +.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ] +.TP +.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ] + +Specify general extensions with \fB\-e\fP and delete extensions with \fB\-E\fP. +\'\fB!\fP\' indicates criticality. + +General extensions: +.nf + [!]assert= (an RFC 4515 Filter) + !authzid= ("dn:" or "u:") + [!]bauthzid (RFC 3829 authzid control) + [!]chaining[=[/]] + [!]manageDSAit + [!]noop + ppolicy + [!]postread[=] (a comma-separated attribute list) + [!]preread[=] (a comma-separated attribute list) + [!]relax + sessiontracking[=] + abandon,cancel,ignore (SIGINT sends abandon/cancel, + or ignores response; if critical, doesn't wait for SIGINT. + not really controls) +.fi + +Delete extensions: +.nf + (none) +.fi +.TP +.BI \-o \ opt \fR[= optparam \fR] + +Specify general options. + +General options: +.nf + nettimeout= (in seconds, or "none" or "max") + ldif-wrap= (in columns, or "no" for no wrapping) +.fi .TP .BI \-O \ security-properties Specify SASL security properties. @@ -152,39 +210,42 @@ only as needed. .B \-Q Enable SASL Quiet mode. Never prompt. .TP -.BI \-U \ username -Specify the username for SASL bind. The syntax of the username depends on the +.B \-N +Do not use reverse DNS to canonicalize SASL host name. +.TP +.BI \-U \ authcid +Specify the authentication ID for SASL bind. The form of the identity depends on the actual SASL mechanism used. .TP +.BI \-R \ realm +Specify the realm of authentication ID for SASL bind. The form of the realm +depends on the actual SASL mechanism used. +.TP .BI \-X \ authzid Specify the requested authorization ID for SASL bind. .I authzid must be one of the following formats: -.B dn:\c -.I +.BI dn: "" or -.B u:\c -.I +.BI u: .TP .BI \-Y \ mech Specify the SASL mechanism to be used for authentication. If it's not specified, the program will choose the best mechanism the server knows. .TP -.B \-Z[Z] +.BR \-Z [ Z ] Issue StartTLS (Transport Layer Security) extended operation. If you use -.B \-ZZ\c -, the command will require the operation to be successful. +\fB\-ZZ\fP, the command will require the operation to be successful. .SH EXAMPLE The following command: .LP .nf - ldapdelete "cn=Delete Me, dc=OpenLDAP, dc=org" + ldapdelete "cn=Delete Me,dc=example,dc=com" .fi .LP -will attempt to delete the entry named with commonName "Delete Me" -directly below the "dc=OpenLDAP, dc=org" entry. Of -course it would probably be necessary to supply a \fIbinddn\fP and -\fIpasswd\fP for deletion to be allowed (see the -D and -w options). +will attempt to delete the entry named "cn=Delete Me,dc=example,dc=com". +Of course it would probably be necessary to supply authentication +credentials. .SH DIAGNOSTICS Exit status is 0 if no errors occur. Errors result in a non-zero exit status and a diagnostic message being written to standard error. @@ -195,19 +256,8 @@ status and a diagnostic message being written to standard error. .BR ldapmodrdn (1), .BR ldapsearch (1), .BR ldap (3), -.BR ldap_delete (3) -.LP -Kille, S., -.IR "A String Representation of Distinguished Names", -.SM RFC -1779, -ISODE Consortium, March 1995. -.SH BUGS -There is no interactive mode, but there probably should be. +.BR ldap_delete_ext (3) .SH AUTHOR The OpenLDAP Project .SH ACKNOWLEDGEMENTS -.B OpenLDAP -is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). -.B OpenLDAP -is derived from University of Michigan LDAP 3.3 Release. +.so ../Project