X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=doc%2Fman%2Fman1%2Fldapdelete.1;h=cf5878a008b9d5f76d2622afe6652184cc052cb5;hb=dac408369b0812762b3e85f7e024ea472ce79abc;hp=7ec1c357b6822a456692b655b34a803a8efdd18b;hpb=9db922aa64cef15d0b44121789563d48723f3af9;p=openldap diff --git a/doc/man/man1/ldapdelete.1 b/doc/man/man1/ldapdelete.1 index 7ec1c357b6..cf5878a008 100644 --- a/doc/man/man1/ldapdelete.1 +++ b/doc/man/man1/ldapdelete.1 @@ -1,6 +1,9 @@ -.TH LDAPDELETE 1 "10 November 1998" "OpenLDAP LDVERSION" +.TH LDAPDELETE 1 "RELEASEDATE" "OpenLDAP LDVERSION" +.\" $OpenLDAP$ +.\" Copyright 1998-2011 The OpenLDAP Foundation All Rights Reserved. +.\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME -ldapdelete \- ldap delete entry tool +ldapdelete \- LDAP delete entry tool .SH SYNOPSIS .B ldapdelete [\c @@ -8,99 +11,218 @@ ldapdelete \- ldap delete entry tool [\c .BR \-v ] [\c -.BR \-k ] -[\c -.BR \-K ] -[\c .BR \-c ] [\c +.BR \-M [ M ]] +[\c .BI \-d \ debuglevel\fR] [\c .BI \-f \ file\fR] [\c .BI \-D \ binddn\fR] [\c +.BR \-W ] +[\c .BI \-w \ passwd\fR] [\c +.BI \-y \ passwdfile\fR] +[\c +.BI \-H \ ldapuri\fR] +[\c .BI \-h \ ldaphost\fR] [\c +.BR \-P \ { 2 \||\| 3 }] +[\c +.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] +[\c +.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] +[\c .BI \-p \ ldapport\fR] [\c -.IR dn ]... +.BI \-O \ security-properties\fR] +[\c +.BI \-U \ authcid\fR] +[\c +.BI \-R \ realm\fR] +[\c +.BR \-r ] +[\c +.BR \-x ] +[\c +.BR \-I ] +[\c +.BR \-Q ] +[\c +.BI \-X \ authzid\fR] +[\c +.BI \-Y \ mech\fR] +[\c +.BI \-z \ sizelimit\fR] +[\c +.BR \-Z [ Z ]] +[\c +.IR DN \ [ ... ]] .SH DESCRIPTION .I ldapdelete is a shell-accessible interface to the -.BR ldap_delete (3) +.BR ldap_delete_ext (3) library call. .LP .B ldapdelete opens a connection to an LDAP server, binds, and deletes one or more -entries. If one or more \fIdn\fP arguments are provided, entries with -those Distinguished Names are deleted. Each \fIdn\fP should be a -string-represented DN as defined in RFC 1779. If no \fIdn\fP arguments +entries. If one or more \fIDN\fP arguments are provided, entries with +those Distinguished Names are deleted. Each \fIDN\fP should be provided +using the LDAPv3 string representation as defined in RFC 4514. +If no \fIDN\fP arguments are provided, a list of DNs is read from standard input (or from -\fIfile\fP if the -f flag is used). +\fIfile\fP if the \fB\-f\fP flag is used). .SH OPTIONS .TP .B \-n Show what would be done, but don't actually delete entries. Useful for -debugging in conjunction with -v. +debugging in conjunction with \fB\-v\fP. .TP .B \-v Use verbose mode, with many diagnostics written to standard output. .TP -.B \-k -Use Kerberos authentication instead of simple authentication. It is -assumed that you already have a valid ticket granting ticket. This option -only has effect if -. B ldapdelete -is compiled with KERBEROS defined. -.TP -.B \-K -Same as \-k, but only does step 1 of the kerberos bind. This is useful -when connecting to a slapd and there is no x500dsa.hostname principal -registered with your kerberos servers. -.TP .B \-c Continuous operation mode. Errors are reported, but .B ldapdelete will continue with deletions. The default is to exit after reporting an error. .TP +.BR \-M [ M ] +Enable manage DSA IT control. +.B \-MM +makes control critical. +.TP .BI \-d \ debuglevel Set the LDAP debugging level to \fIdebuglevel\fP. .B ldapdelete must be compiled with LDAP_DEBUG defined for this option to have any effect. .TP .BI \-f \ file -Read a series of lines from \fIfile\fP, performing one LDAP search for -each line. In this case, the \fIfilter\fP given on the command line -is treated as a pattern where the first occurrence of \fB%s\fP is -replaced with a line from \fIfile\fP. +Read a series of DNs from \fIfile\fP, one per line, performing an +LDAP delete for each. +.TP +.B \-x +Use simple authentication instead of SASL. .TP .BI \-D \ binddn -Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should be -a string-represented DN as defined in RFC 1779. +Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory. +For SASL binds, the server is expected to ignore this value. +.TP +.B \-W +Prompt for simple authentication. +This is used instead of specifying the password on the command line. .TP .BI \-w \ passwd Use \fIpasswd\fP as the password for simple authentication. .TP +.BI \-y \ passwdfile +Use complete contents of \fIpasswdfile\fP as the password for +simple authentication. +.TP +.BI \-H \ ldapuri +Specify URI(s) referring to the ldap server(s); only the protocol/host/port +fields are allowed; a list of URI, separated by whitespace or commas +is expected. +.TP .BI \-h \ ldaphost Specify an alternate host on which the ldap server is running. +Deprecated in favor of \fB\-H\fP. .TP .BI \-p \ ldapport Specify an alternate TCP port where the ldap server is listening. +Deprecated in favor of \fB\-H\fP. +.TP +.BR \-P \ { 2 \||\| 3 } +Specify the LDAP protocol version to use. +.TP +.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ] +.TP +.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ] + +Specify general extensions with \fB\-e\fP and delete extensions with \fB\-E\fP. +\'\fB!\fP\' indicates criticality. + +General extensions: +.nf + [!]assert= (an RFC 4515 Filter) + !authzid= ("dn:" or "u:") + [!]bauthzid (RFC 3829 authzid control) + [!]chaining[=[/]] + [!]manageDSAit + [!]noop + ppolicy + [!]postread[=] (a comma-separated attribute list) + [!]preread[=] (a comma-separated attribute list) + [!]relax + sessiontracking[=] + abandon,cancel,ignore (SIGINT sends abandon/cancel, + or ignores response; if critical, doesn't wait for SIGINT. + not really controls) +.fi + +Delete extensions: +.nf + (none) +.fi +.TP +.B \-r +Do a recursive delete. If the DN specified isn't a leaf, its +children, and all their children are deleted down the tree. No +verification is done, so if you add this switch, ldapdelete will +happily delete large portions of your tree. Use with care. +.TP +.BI \-z \ sizelimit +Use \fIsizelimit\fP when searching for children DN to delete, +to circumvent any server-side size limit. Only useful in conjunction +with \fB\-r\fP. +.TP +.BI \-O \ security-properties +Specify SASL security properties. +.TP +.B \-I +Enable SASL Interactive mode. Always prompt. Default is to prompt +only as needed. +.TP +.B \-Q +Enable SASL Quiet mode. Never prompt. +.TP +.BI \-U \ authcid +Specify the authentication ID for SASL bind. The form of the identity depends on the +actual SASL mechanism used. +.TP +.BI \-R \ realm +Specify the realm of authentication ID for SASL bind. The form of the realm +depends on the actual SASL mechanism used. +.TP +.BI \-X \ authzid +Specify the requested authorization ID for SASL bind. +.I authzid +must be one of the following formats: +.BI dn: "" +or +.BI u: +.TP +.BI \-Y \ mech +Specify the SASL mechanism to be used for authentication. If it's not +specified, the program will choose the best mechanism the server knows. +.TP +.BR \-Z [ Z ] +Issue StartTLS (Transport Layer Security) extended operation. If you use +\fB\-ZZ\fP, the command will require the operation to be successful. .SH EXAMPLE The following command: .LP .nf - ldapdelete "cn=Delete Me, o=University of Michigan, c=US" + ldapdelete "cn=Delete Me,dc=example,dc=com" .fi .LP -will attempt to delete the entry named with commonName "Delete Me" -directly below the University of Michigan organizational entry. Of -course it would probably be necessary to supply a \fIbinddn\fP and -\fIpasswd\fP for deletion to be allowed (see the -D and -w options). +will attempt to delete the entry named "cn=Delete Me,dc=example,dc=com". +Of course it would probably be necessary to supply authentication +credentials. .SH DIAGNOSTICS Exit status is 0 if no errors occur. Errors result in a non-zero exit status and a diagnostic message being written to standard error. @@ -111,17 +233,8 @@ status and a diagnostic message being written to standard error. .BR ldapmodrdn (1), .BR ldapsearch (1), .BR ldap (3), -.BR ldap_delete (3) -.LP -Kille, S., -.IR "A String Representation of Distinguished Names", -.SM RFC -1779, -ISODE Consortium, March 1995. -.SH BUGS -There is no interactive mode, but there probably should be. +.BR ldap_delete_ext (3) +.SH AUTHOR +The OpenLDAP Project .SH ACKNOWLEDGEMENTS -.B OpenLDAP -is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). -.B OpenLDAP -is derived from University of Michigan LDAP 3.3 Release. +.so ../Project