-.TH LDAPDELETE 1 "12 July 2000" "OpenLDAP LDVERSION"
+.TH LDAPDELETE 1 "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.LP
.B ldapdelete
opens a connection to an LDAP server, binds, and deletes one or more
-entries. If one or more \fIdn\fP arguments are provided, entries with
-those Distinguished Names are deleted. Each \fIdn\fP should be a
-string-represented DN as defined in RFC 1779. If no \fIdn\fP arguments
+entries. If one or more \fIDN\fP arguments are provided, entries with
+those Distinguished Names are deleted. Each \fIDN\fP should be provided
+using the LDAPv3 string representation as defined in RFC 2253.
+If no \fIdn\fP arguments
are provided, a list of DNs is read from standard input (or from
\fIfile\fP if the -f flag is used).
.SH OPTIONS
Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
-Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should be
-a string-represented DN as defined in RFC 1779.
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
.TP
.B \-W
Prompt for simple authentication.
.BR ldapsearch (1),
.BR ldap (3),
.BR ldap_delete (3)
-.LP
-Kille, S.,
-.IR "A String Representation of Distinguished Names",
-.SM RFC
-1779,
-ISODE Consortium, March 1995.
.SH BUGS
There is no interactive mode, but there probably should be.
.SH AUTHOR
-.TH LDAPMODIFY 1 "12 July 2000" "OpenLDAP LDVERSION"
+.TH LDAPMODIFY 1 "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
-Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should be
-a string-represented DN as defined in RFC 1779.
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
.TP
.B \-W
Prompt for simple authentication.
.BR ldap_modify (3),
.BR ldap_modrdn (3),
.BR slapd.replog (5)
-.LP
-Kille, S.,
-.IR "A String Representation of Distinguished Names",
-.SM RFC
-1779,
-ISODE Consortium, March 1995.
.SH BUGS
There is no interactive mode, but there probably should be.
.SH AUTHOR
-.TH LDAPMODRDN 1 "12 July 2000" "OpenLDAP LDVERSION"
+.TH LDAPMODRDN 1 "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
Use simple authentication instead of SASL.
.TP
.B \-D binddn
-Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should be
-a string-represented DN as defined in RFC 1779.
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
.TP
.B \-W
Prompt for simple authentication.
.BR ldap.conf (5),
.BR ldap (3),
.BR ldap_modrdn2 (3)
-.LP
-Kille, S.,
-.IR "A String Representation of Distinguished Names",
-.SM RFC
-1779,
-ISODE Consortium, March 1995.
.SH BUGS
There is no interactive mode, but there probably should be.
.SH AUTHOR
-.TH LDAPPASSWD 1 "12 July 2000" "LDAPPasswd"
+.TH LDAPPASSWD 1 "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
-Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should
-be a string-represented DN as defined in RFC 2253.
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
This flag is not optional. The user DN will be used if the
bind DN is not provided.
.TP
-.TH LDAPSEARCH 1 "12 July 2000" "OpenLDAP LDVERSION"
+.TH LDAPSEARCH 1 "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.B ldapsearch
opens a connection to an LDAP server, binds, and performs a search
using the filter \fIfilter\fP. The \fIfilter\fP should conform to
-the string representation for LDAP filters as defined in RFC 1558.
+the string representation for search filters as defined in RFC 2254.
.LP
If
.B ldapsearch
debugging in conjunction with -v.
.TP
.B \-u
-Include the User Friendly form of the Distinguished Name (DN) in the output
+Include the User Friendly Name form of the Distinguished Name (DN)
+in the output.
.TP
.B \-v
-Run in verbose mode, with many diagnostics written to standard output
+Run in verbose mode, with many diagnostics written to standard output.
.TP
.B \-k
Use Kerberos authentication instead of simple authentication. It is
assumed that you already have a valid ticket granting ticket.
.B ldapsearch
-must be compiled with KERBEROS defined for this option to have any effect.
+must be compiled with Kerberos for this option to have any effect.
.TP
.B \-K
-Same as \-k, but only does step 1 of the kerberos bind. This is useful
+Same as \-k, but only does step 1 of the Kerberos bind. This is useful
when connecting to a slapd and there is no x500dsa.hostname principal
-registered with your kerberos servers.
+registered with your Kerberos servers.
.TP
.B \-t
Write retrieved values to a set of temporary files. This is useful for
specific values.
.TP
.B \-L
-Display search results in
-.BR ldif (5)
-format. A second -L disables comments. A third -L disables
-printing of the LDIF version.
-The default is -L.
+Search results are display in LDAP Data Interchange Format detailed in
+.BR ldif (5).
+A single -L restricts the output to LDIFv1.
+A second -L disables comments.
+A third -L disables printing of the LDIF version.
+The default is to use an extended version of LDIF.
.TP
.B \-M[M]
Enable manage DSA IT control.
Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
-Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should be
-a string-represented DN as defined in RFC 1779.
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
.TP
.B \-W
Prompt for simple authentication.
.B \-ZZ\c
, the command will require the operation to be successful.
.SH OUTPUT FORMAT
-If one or more entries are found, each entry is written to standard output
-in the form:
+If one or more entries are found, each entry is written to standard
+output in LDAP Data Interchange Format or
+.BR ldif (5):
.LP
.nf
- Distinguished Name (DN)
- User Friendly Name (this line present only if the -u option is used)
- attributename=value
- attributename=value
- attributename=value
+ version: 1
+
+ # bjensen, example, net
+ dn: uid=bjensen, dc=example, dc=net
+ objectClass: person
+ objectClass: dcObject
+ uid: bjensen
+ cn: Barbara Jensen
+ sn: Jensen
...
.fi
.LP
-Multiple entries are separated with a single blank line.
-If the -t option is used, the name of a temporary file
+If the -t option is used, the URI of a temporary file
is used in place of the actual value. If the -A option
is given, only the "attributename" part is written.
.SH EXAMPLE
ldapsearch -LLL "(sn=smith)" cn sn telephoneNumber
.fi
.LP
-will perform a subtree search (using the default search base) for
-entries with a surname (sn) of smith. The common name (cn), surname
+will perform a subtree search (using the default search base defined
+in
+.BR ldap.conf (5))
+for entries with a surname (sn) of smith. The common name (cn), surname
(sn) and telephoneNumber values will be retrieved and printed to
standard output.
The output might look something like this if two entries are found:
.LP
.nf
-dn: uid=jts, ou=Volunteers, ou=People, dc=OpenLDAP, dc=org
-cn: John Smith
-cn: John T. Smith
-sn: Smith
-sn;lang-en: Smith
-sn;lang-de: Schmidt
-telephoneNumber: 1 555 123-4567
+ dn: uid=jts, dc=example, dc=com
+ cn: John Smith
+ cn: John T. Smith
+ sn: Smith
+ sn;lang-en: Smith
+ sn;lang-de: Schmidt
+ telephoneNumber: 1 555 123-4567
-dn: uid=sss, ou=Staff, ou=People, dc=OpenLDAP, dc=org
-cn: Steve Smith
-cn: Steve S. Smith
-sn: Smith
-sn;lang-en: Smith
-sn;lang-de: Schmidt
-telephoneNumber: 1 555 765-4321
+ dn: uid=sss, dc=example, dc=com
+ cn: Steve Smith
+ cn: Steve S. Smith
+ sn: Smith
+ sn;lang-en: Smith
+ sn;lang-de: Schmidt
+ telephoneNumber: 1 555 765-4321
.fi
.LP
The command:
requested attributes is found:
.LP
.nf
-dn: uid=xyz, ou=Staff, ou=People, dc=OpenLDAP, dc=org
-ufn: xyz, Staff, People, OpenLDAP, org
-audio:< file::/tmp/ldapsearch-audio-a19924
-jpegPhoto:< file::=/tmp/ldapsearch-jpegPhoto-a19924
+ dn: uid=xyz, dc=example, dc=com
+ ufn: xyz, example, com
+ audio:< file::/tmp/ldapsearch-audio-a19924
+ jpegPhoto:< file::=/tmp/ldapsearch-jpegPhoto-a19924
.fi
.LP
This command:
.fi
.LP
will perform a one-level search at the c=US level for all entries
-whose organizationName (o) begins begins with \fBUniversity\fP.
-The organizationName and description attribute values will be retrieved
+whose organization name (o) begins begins with \fBUniversity\fP.
+The organization name and description attribute values will be retrieved
and printed to standard output, resulting in output similar to this:
.LP
.nf
-dn: o=University of Alaska Fairbanks, c=US
-o: University of Alaska Fairbanks
-description: Preparing Alaska for a brave new yesterday
-description: leaf node only
+ dn: o=University of Alaska Fairbanks, c=US
+ o: University of Alaska Fairbanks
+ description: Preparing Alaska for a brave new yesterday
+ description: leaf node only
-dn: o=University of Colorado at Boulder, c=US
-o: University of Colorado at Boulder
-description: No personnel information
-description: Institution of education and research
+ dn: o=University of Colorado at Boulder, c=US
+ o: University of Colorado at Boulder
+ description: No personnel information
+ description: Institution of education and research
-dn: o=University of Colorado at Denver, c=US
-o: University of Colorado at Denver
-o: UCD
-o: CU/Denver
-o: CU-Denver
-description: Institute for Higher Learning and Research
+ dn: o=University of Colorado at Denver, c=US
+ o: University of Colorado at Denver
+ o: UCD
+ o: CU/Denver
+ o: CU-Denver
+ description: Institute for Higher Learning and Research
-dn: o=University of Florida, c=US
-o: University of Florida
-o: UFl
-description: Warper of young minds
+ dn: o=University of Florida, c=US
+ o: University of Florida
+ o: UFl
+ description: Warper of young minds
-etc....
+ etc....
.fi
.SH DIAGNOSTICS
-Exit status is 0 if no errors occur. Errors result in a non-zero exit
-status and a diagnostic message being written to standard error.
+Exit status is zero if no errors occur.
+Errors result in a non-zero exit status and
+a diagnostic message being written to standard error.
.SH "SEE ALSO"
.BR ldapadd (1),
.BR ldapdelete (1),
.BR ldapmodify (1),
.BR ldapmodrdn (1),
.BR ldap.conf (5),
+.BR ldif (5),
.BR ldap (3),
.BR ldap_search (3)
-.LP
-Kille, S.,
-.IR "A String Representation of Distinguished Names",
-.SM RFC
-1779,
-ISODE Consortium, March 1995.
-.LP
-Howes, T.,
-.IR "A String Representation of LDAP Search Filters",
-.SM RFC
-1558,
-University of Michigan, December 1993.
.SH AUTHOR
The OpenLDAP Project <http://www.openldap.org/>
.SH ACKNOWLEDGEMENTS
-.TH UD 1 "12 September 1999" "OpenLDAP LDVERSION"
+.TH UD 1 "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH LDAP.CONF 5 "29 November 1998" "OpenLDAP LDVERSION"
+.TH LDAP.CONF 5 "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH LDAPFILTER.CONF 5 "22 September 1998" "OpenLDAP LDVERSION"
+.TH LDAPFILTER.CONF 5 "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH LDAPFRIENDLY 5 "22 September 1998" "OpenLDAP LDVERSION"
+.TH LDAPFRIENDLY 5 "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH LDAPSEARCHPREFS.CONF 5 "22 September 1998" "OpenLDAP LDVERSION"
+.TH LDAPSEARCHPREFS.CONF 5 "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH LDAPTEMPLATES.CONF 5 "22 September 1998" "OpenLDAP LDVERSION"
+.TH LDAPTEMPLATES.CONF 5 "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH LDIF 5 "22 September 1998" "OpenLDAP LDVERSION"
+.TH LDIF 5 "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH SLAPD.CONF 5 "13 August 2000" "OpenLDAP LDVERSION"
+.TH SLAPD.CONF 5 "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
Grant access (specified by <access>) to a set of entries and/or
attributes (specified by <what>) by one or more requestors (specified
by <who>).
-See Developer's FAQ (http://www.openldap.org/faq/) for details.
+See the "OpenLDAP's Administrator's Guide" for details.
+.TP
+.B argsfile <filename>
+The ( absolute ) name of a file that will hold the
+.B slapd
+server's command line options
+if started without the debugging command line option.
.HP
.hy 0
.B attributetype (\ <oid> [NAME\ <name>] [OBSOLETE]\
Read additional configuration information from the given file before
continuing with the next line of the current file.
.TP
-.B pidfile <filename>
-The ( absolute ) name of a file that will hold the
-.B slapd
-server's process ID ( see
-.BR getpid (2)
-) if started without the debugging command line option.
-.TP
-.B argsfile <filename>
-The ( absolute ) name of a file that will hold the
-.B slapd
-server's command line options
-if started without the debugging command line option.
-.TP
.B loglevel <integer>
Specify the level at which debugging statements and operation
statistics should be syslogged (currently logged to the
name can also be used with a suffix of the form ":xx" in which case the
value "oid.xx" will be used.
.TP
+.B pidfile <filename>
+The ( absolute ) name of a file that will hold the
+.B slapd
+server's process ID ( see
+.BR getpid (2)
+) if started without the debugging command line option.
+.TP
+.B password-hash <hash>
+The <hash> to use for userPassword generation. One of
+.BR {SSHA} ,
+.BR {SHA} ,
+.BR {SMD5} ,
+.BR {MD5} ,
+.BR {CRYPT} ,
+.BR {KERBEROS} ,
+.BR {SASL} ,
+and
+.BR {UNIX} .
+The default is
+.BR {SSHA} .
+.TP
.B referral <url>
Specify the referral to pass back when
.BR slapd (8)
cannot find a local database to handle a request.
If specified multiple times, each url is provided.
.TP
+.B sasl-realm <string>
+Used to specify Cyrus SASL realm.
+.TP
+.B sasl-secprops <string>
+Used to specify Cyrus SASL security properties.
+.TP
.B schemacheck { on | off }
Turn schema checking on or off. The default is on.
.TP
for more information.
.TP
.B rootdn <dn>
-Specify the DN of an entry that is not subject to access control
+Specify the distinguished name that is not subject to access control
or administrative limit restrictions for operations on this database.
+This DN may or may not be associated with an entry. An empty root
+DN, the default, specifies no root access is to be granted.
.TP
.B rootpw <password>
Specify a password (or hash of the password) for the rootdn.
This option accepts all RFC 2307 userPassword formats known to
-the server including \fB{SSHA}\fP, \fB{SHA}\fP, \fB{SMD5}\fP,
-\fB{MD5}\fP, \fB{CRYPT}\fP, and cleartext schemes.
+the server (see
+.B password-hash
+desription) as well as cleartext.
.BR slappasswd (8)
may be used to generate a hash of a password. Cleartext
-and \fB{CRYPT}\fP passwords are not recommended.
+and \fB{CRYPT}\fP passwords are not recommended. The default
+is empty imply authentication of the root DN is by other means
+(e.g. SASL). Use of SASL is encouraged.
.TP
.B suffix <dn suffix>
Specify the DN suffix of queries that will be passed to this
-.TH SLAPD.REPLOG 5 "22 September 1998" "OpenLDAP LDVERSION"
+.TH SLAPD.REPLOG 5 "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH UD.CONF 5 "22 September 1998" "OpenLDAP LDVERSION"
+.TH UD.CONF 5 "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH GO500 8C "22 September 1998" "OpenLDAP LDVERSION"
+.TH GO500 8C "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH GO500GW 8C "22 September 1998" "OpenLDAP LDVERSION"
+.TH GO500GW 8C "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH IN.XFINGERD 8C "16 August 200" "OpenLDAP LDVERSION"
+.TH IN.XFINGERD 8C "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH MAIL500 8C "22 September 1998" "OpenLDAP LDVERSION"
+.TH MAIL500 8C "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH RCPT500 8C "22 September 1998" "OpenLDAP LDVERSION"
+.TH RCPT500 8C "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH SLAPADD 8C "13 August 2000" "OpenLDAP LDVERSION"
+.TH SLAPADD 8C "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH SLAPCAT 8C "13 August 2000" "OpenLDAP LDVERSION"
+.TH SLAPCAT 8C "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH SLAPD 8C "13 August 2000" "OpenLDAP LDVERSION"
+.TH SLAPD 8C "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH SLAPINDEX 8C "13 August 2000" "OpenLDAP LDVERSION"
+.TH SLAPINDEX 8C "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH SLAPPASSWD 8C "13 August 2000" "OpenLDAP LDVERSION"
+.TH SLAPPASSWD 8C "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.TH SLURPD 8C "13 August 2000" "OpenLDAP LDVERSION"
+.TH SLURPD 8C "20 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
projects / openldap / commitdiff