--- /dev/null
+.TH LDAPCOMPARE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP$
+.\" Copyright 1998-2002 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldapcompare \- LDAP compare tool
+.SH SYNOPSIS
+.B ldapcompare
+[\c
+.BR \-n ]
+[\c
+.BR \-v ]
+[\c
+.BR \-z ]
+[\c
+.BR \-k ]
+[\c
+.BR \-K ]
+[\c
+.BR \-M[M] ]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
+.BI \-D \ binddn\fR]
+[\c
+.BR \-W ]
+[\c
+.BI \-w \ bindpasswd\fR]
+[\c
+.BI \-H \ ldapuri\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BI \-P \ 2\fR\||\|\fI3\fR]
+[\c
+.BR \-O \ security-properties ]
+[\c
+.BR \-I ]
+[\c
+.BR \-Q ]
+[\c
+.BI \-U \ authcid\fR]
+[\c
+.BR \-x ]
+[\c
+.BI \-X \ authzid\fR]
+[\c
+.BI \-Y \ mech\fR]
+[\c
+.BR \-Z[Z] ]
+.IR DN \ <
+.BR attr:value \ |
+.BR attr::b64value \ >
+.SH DESCRIPTION
+.I ldapcompare
+is a shell-accessible interface to the
+.BR ldap_compare (3)
+library call.
+.LP
+.B ldapcompare
+opens a connection to an LDAP server, binds, and performs a compare
+using specified parameters. The \fIDN\fP should be a distinguished
+name in the directory. \fIAttr\fP should be a known attribute. If
+followed by one colon, the assertion \fIvalue\fP should be provided
+as a string. If followed by two colons, the base64 encoding of the
+value is provided.
+.LP
+.SH OPTIONS
+.TP
+.B \-n
+Show what would be done, but don't actually perform the compare. Useful for
+debugging in conjunction with -v.
+.TP
+.B \-v
+Run in verbose mode, with many diagnostics written to standard output.
+.TP
+.B \-z
+Run in quiet mode, no output is written. You must check the return
+status. Useful in shell scripts.
+.TP
+.B \-k
+Use Kerberos IV authentication instead of simple authentication. It is
+assumed that you already have a valid ticket granting ticket.
+.B ldapcompare
+must be compiled with Kerberos support for this option to have any effect.
+.TP
+.B \-K
+Same as \-k, but only does step 1 of the Kerberos IV bind. This is useful
+when connecting to a slapd and there is no x500dsa.hostname principal
+registered with your Kerberos Domain Controller(s).
+.TP
+.B \-M[M]
+Enable manage DSA IT control.
+.B \-MM
+makes control critical.
+.TP
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldapcompare
+must be compiled with LDAP_DEBUG defined for this option to have any effect.
+.TP
+.B \-x
+Use simple authentication instead of SASL.
+.TP
+.BI \-D \ binddn
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+.TP
+.B \-W
+Prompt for simple authentication.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-w \ bindpasswd
+Use \fIbindpasswd\fP as the password for simple authentication.
+.TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s).
+.TP
+.BI \-h \ ldaphost
+Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
+.TP
+.BI \-p \ ldapport
+Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
+.TP
+.BI \-P \ 2\fR\||\|\fI3
+Specify the LDAP protocol version to use.
+.TP
+.BI \-O \ security-properties
+Specify SASL security properties.
+.TP
+.B \-I
+Enable SASL Interactive mode. Always prompt. Default is to prompt
+only as needed.
+.TP
+.B \-Q
+Enable SASL Quiet mode. Never prompt.
+.TP
+.BI \-U \ authcid
+Specify the authentication ID for SASL bind. The form of the ID
+depends on the actual SASL mechanism used.
+.TP
+.BI \-X \ authzid
+Specify the requested authorization ID for SASL bind.
+.I authzid
+must be one of the following formats:
+.B dn:\c
+.I <distinguished name>
+or
+.B u:\c
+.I <username>
+.TP
+.BI \-Y \ mech
+Specify the SASL mechanism to be used for authentication. If it's not
+specified, the program will choose the best mechanism the server knows.
+.TP
+.B \-Z[Z]
+Issue StartTLS (Transport Layer Security) extended operation. If you use
+.B \-ZZ\c
+, the command will require the operation to be successful.
+.SH EXAMPLE
+.nf
+ ldapcompare "uid=babs,dc=example,dc=com" sn Jensen
+ ldapcompare "uid=babs,dc=example,dc=com" sn:Jensen
+ ldapcompare "uid=babs,dc=example,dc=com" sn::SmVuc2Vu
+.fi
+are all equivalent.
+.SH DIAGNOSTICS
+When -z is used, exit status is either 5 if the compare is false, or 6
+when the compare is true. Errors result in other non-zero values.
+.br
+When -z is not used, exit status is zero if no errors occur.
+Errors result in a non-zero exit status and
+a diagnostic message being written to standard error.
+.SH BUGS
+Should have a way to specify a url for options or for large binary
+file compares.
+.SH "SEE ALSO"
+.BR ldap.conf (5),
+.BR ldif (5),
+.BR ldap (3),
+.BR ldap_compare (3)
+.SH AUTHOR
+The OpenLDAP Project <http://www.openldap.org/>
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
projects / openldap / commitdiff