.SH SYNOPSIS
.B ldapcompare
[\c
+.BR \-V [ V ]]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
.BR \-n ]
[\c
.BR \-v ]
[\c
.BR \-M [ M ]]
[\c
-.BI \-d \ debuglevel\fR]
+.BR \-x ]
[\c
.BI \-D \ binddn\fR]
[\c
[\c
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
-.BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]]
+.BI \-o \ opt \fR[= optparam \fR]]
[\c
.BI \-O \ security-properties\fR]
[\c
[\c
.BR \-Q ]
[\c
+.BR \-N ]
+[\c
.BI \-U \ authcid\fR]
[\c
.BI \-R \ realm\fR]
[\c
-.BR \-x ]
-[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
.LP
.SH OPTIONS
.TP
+.BR \-V [ V ]
+Print version info.
+If \fB\-VV\fP is given, only the version information is printed.
+.TP
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldapcompare
+must be compiled with LDAP_DEBUG defined for this option to have any effect.
+.TP
.B \-n
Show what would be done, but don't actually perform the compare. Useful for
debugging in conjunction with \fB\-v\fP.
.B \-MM
makes control critical.
.TP
-.BI \-d \ debuglevel
-Set the LDAP debugging level to \fIdebuglevel\fP.
-.B ldapcompare
-must be compiled with LDAP_DEBUG defined for this option to have any effect.
-.TP
.B \-x
Use simple authentication instead of SASL.
.TP
!dontUseCopy
.fi
.TP
-.BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]
+.BI \-o \ opt \fR[= optparam \fR]
Specify general options.
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
+.B \-N
+Do not use reverse DNS to canonicalize SASL host name.
+.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
.SH SYNOPSIS
.B ldapdelete
[\c
+.BR \-V [ V ]]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
.BR \-n ]
[\c
.BR \-v ]
[\c
.BR \-c ]
[\c
-.BR \-M [ M ]]
+.BI \-f \ file\fR]
[\c
-.BI \-d \ debuglevel\fR]
+.BR \-r ]
[\c
-.BI \-f \ file\fR]
+.BI \-z \ sizelimit\fR]
+[\c
+.BR \-M [ M ]]
+[\c
+.BR \-x ]
[\c
.BI \-D \ binddn\fR]
[\c
[\c
.BI \-h \ ldaphost\fR]
[\c
+.BI \-p \ ldapport\fR]
+[\c
.BR \-P \ { 2 \||\| 3 }]
[\c
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
-.BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]]
-[\c
-.BI \-p \ ldapport\fR]
+.BI \-o \ opt \fR[= optparam \fR]]
[\c
.BI \-O \ security-properties\fR]
[\c
-.BI \-U \ authcid\fR]
-[\c
-.BI \-R \ realm\fR]
+.BR \-I ]
[\c
-.BR \-r ]
+.BR \-Q ]
[\c
-.BR \-x ]
+.BR \-N ]
[\c
-.BR \-I ]
+.BI \-U \ authcid\fR]
[\c
-.BR \-Q ]
+.BI \-R \ realm\fR]
[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
-.BI \-z \ sizelimit\fR]
-[\c
.BR \-Z [ Z ]]
[\c
.IR DN \ [ ... ]]
\fIfile\fP if the \fB\-f\fP flag is used).
.SH OPTIONS
.TP
+.BR \-V [ V ]
+Print version info.
+If \fB\-VV\fP is given, only the version information is printed.
+.TP
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldapdelete
+must be compiled with LDAP_DEBUG defined for this option to have any effect.
+.TP
.B \-n
Show what would be done, but don't actually delete entries. Useful for
debugging in conjunction with \fB\-v\fP.
will continue with deletions. The default is to exit after
reporting an error.
.TP
+.BI \-f \ file
+Read a series of DNs from \fIfile\fP, one per line, performing an
+LDAP delete for each.
+.TP
+.B \-r
+Do a recursive delete. If the DN specified isn't a leaf, its
+children, and all their children are deleted down the tree. No
+verification is done, so if you add this switch, ldapdelete will
+happily delete large portions of your tree. Use with care.
+.TP
+.BI \-z \ sizelimit
+Use \fIsizelimit\fP when searching for children DN to delete,
+to circumvent any server-side size limit. Only useful in conjunction
+with \fB\-r\fP.
+.TP
.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
-.BI \-d \ debuglevel
-Set the LDAP debugging level to \fIdebuglevel\fP.
-.B ldapdelete
-must be compiled with LDAP_DEBUG defined for this option to have any effect.
-.TP
-.BI \-f \ file
-Read a series of DNs from \fIfile\fP, one per line, performing an
-LDAP delete for each.
-.TP
.B \-x
Use simple authentication instead of SASL.
.TP
(none)
.fi
.TP
-.BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]
+.BI \-o \ opt \fR[= optparam \fR]
Specify general options.
ldif-wrap=<width> (in columns, or "no" for no wrapping)
.fi
.TP
-.B \-r
-Do a recursive delete. If the DN specified isn't a leaf, its
-children, and all their children are deleted down the tree. No
-verification is done, so if you add this switch, ldapdelete will
-happily delete large portions of your tree. Use with care.
-.TP
-.BI \-z \ sizelimit
-Use \fIsizelimit\fP when searching for children DN to delete,
-to circumvent any server-side size limit. Only useful in conjunction
-with \fB\-r\fP.
-.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
+.B \-N
+Do not use reverse DNS to canonicalize SASL host name.
+.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the identity depends on the
actual SASL mechanism used.
.SH SYNOPSIS
ldapexop
[\c
-.BI \-d \ level\fR]
+.BR \-V [ V ]]
[\c
-.BI \-D \ binddn\fR]
+.BI \-d \ debuglevel\fR]
[\c
-.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+.BR \-n ]
[\c
-.BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]]
+.BR \-v ]
[\c
.BI \-f \ file\fR]
[\c
-.BI \-h \ host\fR]
+.BR \-x ]
[\c
-.BI \-H \ URI\fR]
+.BI \-D \ binddn\fR]
[\c
-.BR \-I ]
+.BR \-W ]
[\c
-.BR \-n ]
+.BI \-w \ passwd\fR]
[\c
-.BR \-N ]
+.BI \-y \ passwdfile\fR]
[\c
-.BI \-O \ security-properties\fR]
+.BI \-H \ URI\fR]
[\c
-.BI \-o \ opt\fR[\fP = optparam\fR]]
+.BI \-h \ ldaphost\fR]
[\c
-.BI \-p \ port\fR]
+.BI \-p \ ldapport\fR]
[\c
-.BR \-Q ]
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
-.BI \-R \ realm\fR]
+.BI \-o \ opt \fR[= optparam \fR]]
[\c
-.BI \-U \ authcid\fR]
+.BI \-O \ security-properties\fR]
[\c
-.BR \-v ]
+.BR \-I ]
[\c
-.BR \-V ]
+.BR \-Q ]
[\c
-.BI \-w \ passwd\fR]
+.BR \-N ]
[\c
-.BR \-W ]
+.BI \-U \ authcid\fR]
[\c
-.BR \-x ]
+.BI \-R \ realm\fR]
[\c
.BI \-X \ authzid\fR]
[\c
-.BI \-y \ file\fR]
-[\c
.BI \-Y \ mech\fR]
[\c
.BR \-Z [ Z ]]
.SH OPTIONS
.TP
-.BI \-d \ level
-Set the LDAP debugging level to \fIlevel\fP.
+.BI \-V [ V ]
+Print version info.
+If\fB\-VV\fP is given, only the version information is printed.
+.TP
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.TP
+.BI \-n
+Show what would be done but don't actually do it.
+Useful for debugging in conjunction with \fB\-v\fP.
+.TP
+.BI \-v
+Run in verbose mode, with many diagnostics written to standard output.
+.TP
+.BI \-f \ file
+Read operations from \fIfile\fP.
+.TP
+.BI \-x
+Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
.TP
+.BI \-W
+Prompt for simple authentication.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-w \ passwd
+Use \fIpasswd\fP as the password for simple authentication.
+.TP
+.BI \-y \ passwdfile
+Use complete contents of \fIpasswdfile\fP as the password for
+simple authentication.
+.TP
+.BI \-H \ URI
+Specify URI(s) referring to the ldap server(s); only the protocol/host/port
+fields are allowed; a list of URI, separated by whitespace or commas
+is expected.
+.TP
+.BI \-h \ ldaphost
+Specify the host on which the ldap server is running.
+Deprecated in favor of \fB\-H\fP.
+.TP
+.BI \-p \ ldapport
+Specify the TCP port where the ldap server is listening.
+Deprecated in favor of \fB\-H\fP.
+.TP
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
Specify general extensions. \'!\' indicates criticality.
.nf
not really controls)
.fi
.TP
-.BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]
+.BI \-o \ opt \fR[= optparam \fR]
Specify general options.
ldif-wrap=<width> (in columns, or "no" for no wrapping)
.fi
.TP
-.BI \-f \ file
-Read operations from \fIfile\fP.
-.TP
-.BI \-h \ host
-Specify the host on which the ldap server is running.
-Deprecated in favor of \fB\-H\fP.
-.TP
-.BI \-H \ URI
-Specify URI(s) referring to the ldap server(s); only the protocol/host/port
-fields are allowed; a list of URI, separated by whitespace or commas
-is expected.
+.BI \-O \ security-properties
+Specify SASL security properties.
.TP
.BI \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
.TP
-.BI \-n
-Show what would be done but don't actually do it.
-Useful for debugging in conjunction with \fB\-v\fP.
-.TP
-.BI \-N
-Do not use reverse DNS to canonicalize SASL host name.
-.TP
-.BI \-O \ security-properties
-Specify SASL security properties.
-.TP
-.BI \-o \ opt\fR[\fP = optparam\fR]
-Specify general options:
-.nf
- nettimeout=<timeout> (in seconds, or "none" or "max")
-.fi
-.TP
-.BI \-p \ port
-Specify the TCP port where the ldap server is listening.
-Deprecated in favor of \fB\-H\fP.
-.TP
.BI \-Q
Enable SASL Quiet mode. Never prompt.
.TP
-.BI \-R \ realm
-Specify the realm of authentication ID for SASL bind. The form of the realm
-depends on the actual SASL mechanism used.
+.B \-N
+Do not use reverse DNS to canonicalize SASL host name.
.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
.TP
-.BI \-v
-Run in verbose mode, with many diagnostics written to standard output.
-.TP
-.BI \-V
-Print version info and usage message.
-If\fB\-VV\fP is given, only the version information is printed.
-.TP
-.BI \-w \ passwd
-Use \fIpasswd\fP as the password for simple authentication.
-.TP
-.BI \-W
-Prompt for simple authentication.
-This is used instead of specifying the password on the command line.
-.TP
-.BI \-x
-Use simple authentication instead of SASL.
+.BI \-R \ realm
+Specify the realm of authentication ID for SASL bind. The form of the realm
+depends on the actual SASL mechanism used.
.TP
.BI \-X \ authzid
Specify the requested authorization ID for SASL bind.
or
.BI u: <username>
.TP
-.BI \-y \ file
-Use complete contents of \fIfile\fP as the password for
-simple authentication.
-.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication.
Without this option, the program will choose the best mechanism the server knows.
.SH SYNOPSIS
.B ldapmodify
[\c
-.BR \-a ]
-[\c
-.BR \-c ]
+.BR \-V [ V ]]
[\c
-.BI \-S \ file\fR]
+.BI \-d \ debuglevel\fR]
[\c
.BR \-n ]
[\c
.BR \-v ]
[\c
+.BR \-a ]
+[\c
+.BR \-c ]
+[\c
+.BI \-f \ file\fR]
+[\c
+.BI \-S \ file\fR]
+[\c
.BR \-M [ M ]]
[\c
-.BI \-d \ debuglevel\fR]
+.BR \-x ]
[\c
.BI \-D \ binddn\fR]
[\c
[\c
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
-.BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]]
+.BI \-o \ opt \fR[= optparam \fR]]
[\c
.BI \-O \ security-properties\fR]
[\c
[\c
.BR \-Q ]
[\c
+.BR \-N ]
+[\c
.BI \-U \ authcid\fR]
[\c
.BI \-R \ realm\fR]
[\c
-.BR \-x ]
-[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
.BR \-Z [ Z ]]
-[\c
-.BI \-f \ file\fR]
.LP
.B ldapadd
[\c
-.BR \-c ]
+.BR \-V [ V ]]
[\c
-.BI \-S \ file\fR]
+.BI \-d \ debuglevel\fR]
[\c
.BR \-n ]
[\c
.BR \-v ]
[\c
+.BR \-c ]
+[\c
+.BI \-f \ file\fR]
+[\c
+.BI \-S \ file\fR]
+[\c
.BR \-M [ M ]]
[\c
-.BI \-d \ debuglevel\fR]
+.BR \-x ]
[\c
.BI \-D \ binddn\fR]
[\c
[\c
.BR \-P \ { 2 \||\| 3 }]
[\c
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BI \-o \ opt \fR[= optparam \fR]]
+[\c
.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
.BR \-Q ]
[\c
+.BR \-N ]
+[\c
.BI \-U \ authcid\fR]
[\c
.BI \-R \ realm\fR]
[\c
-.BR \-x ]
-[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
.BR \-Z [ Z ]]
-[\c
-.BI \-f \ file\fR]
.SH DESCRIPTION
.B ldapmodify
is a shell-accessible interface to the
the use of the \fB\-f\fP option.
.SH OPTIONS
.TP
+.BR \-V [ V ]
+Print version info.
+If \fB\-VV\fP is given, only the version information is printed.
+.TP
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldapmodify
+must be compiled with LDAP_DEBUG defined for this option to have any effect.
+.TP
+.B \-n
+Show what would be done, but don't actually modify entries. Useful for
+debugging in conjunction with \fB\-v\fP.
+.TP
+.B \-v
+Use verbose mode, with many diagnostics written to standard output.
+.TP
.B \-a
Add new entries. The default for
.B ldapmodify
will continue with modifications. The default is to exit after
reporting an error.
.TP
+.BI \-f \ file
+Read the entry modification information from \fIfile\fP instead of from
+standard input.
+.TP
.BI \-S \ file
Add or change records which were skipped due to an error are written to \fIfile\fP
and the error message returned by the server is added as a comment. Most useful in
conjunction with \fB\-c\fP.
.TP
-.B \-n
-Show what would be done, but don't actually modify entries. Useful for
-debugging in conjunction with \fB\-v\fP.
-.TP
-.B \-v
-Use verbose mode, with many diagnostics written to standard output.
-.TP
.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
-.BI \-d \ debuglevel
-Set the LDAP debugging level to \fIdebuglevel\fP.
-.B ldapmodify
-must be compiled with LDAP_DEBUG defined for this option to have any effect.
-.TP
-.BI \-f \ file
-Read the entry modification information from \fIfile\fP instead of from
-standard input.
-.TP
.B \-x
Use simple authentication instead of SASL.
.TP
.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
-.BI \-O \ security-properties
-Specify SASL security properties.
-.TP
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
.TP
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
[!]txn[=abort|commit]
.fi
.TP
-.BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]
+.BI \-o \ opt \fR[= optparam \fR]]
Specify general options.
ldif-wrap=<width> (in columns, or "no" for no wrapping)
.fi
.TP
+.BI \-O \ security-properties
+Specify SASL security properties.
+.TP
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
+.B \-N
+Do not use reverse DNS to canonicalize SASL host name.
+.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
.SH SYNOPSIS
.B ldapmodrdn
[\c
-.BR \-r ]
+.BR \-V [ V ]]
[\c
-.BI \-s \ newsup\fR]
+.BI \-d \ debuglevel\fR]
[\c
.BR \-n ]
[\c
.BR \-v ]
[\c
+.BR \-r ]
+[\c
+.BI \-s \ newsup\fR]
+[\c
.BR \-c ]
[\c
+.BI \-f \ file\fR]
+[\c
.BR \-M [ M ]]
[\c
-.BI \-d \ debuglevel\fR]
+.BR \-x ]
[\c
.BI \-D \ binddn\fR]
[\c
[\c
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
-.BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]]
+.BI \-o \ opt \fR[= optparam \fR]]
[\c
.BI \-O \ security-properties\fR]
[\c
[\c
.BR \-Q ]
[\c
+.BR \-N ]
+[\c
.BI \-U \ authcid\fR]
[\c
.BI \-R \ realm\fR]
[\c
-.BR \-x ]
-[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
.BR \-Z [ Z ]]
[\c
-.BI \-f \ file\fR]
-[\c
.I dn rdn\fR]
.SH DESCRIPTION
.B ldapmodrdn
\fIrdn\fP.
.SH OPTIONS
.TP
-.B \-r
-Remove old RDN values from the entry. Default is to keep old values.
+.BR \-V [ V ]
+Print version info.
+If \fB\-VV\fP is given, only the version information is printed.
.TP
-.BI \-s \ newsup
-Specify a new superior entry. (I.e., move the target entry and make it a
-child of the new superior.) This option is not supported in LDAPv2.
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldapmodrdn
+must be compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
.B \-n
Show what would be done, but don't actually change entries. Useful for
.B \-v
Use verbose mode, with many diagnostics written to standard output.
.TP
+.B \-r
+Remove old RDN values from the entry. Default is to keep old values.
+.TP
+.BI \-s \ newsup
+Specify a new superior entry. (I.e., move the target entry and make it a
+child of the new superior.) This option is not supported in LDAPv2.
+.TP
.B \-c
Continuous operation mode. Errors are reported, but ldapmodrdn
will continue with modifications. The default is to exit after
reporting an error.
.TP
+.BI \-f \ file
+Read the entry modification information from \fIfile\fP instead of from
+standard input or the command-line.
+.TP
.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
-.BI \-d \ debuglevel
-Set the LDAP debugging level to \fIdebuglevel\fP.
-.B ldapmodrdn
-must be
-compiled with LDAP_DEBUG defined for this option to have any effect.
-.TP
-.BI \-f \ file
-Read the entry modification information from \fIfile\fP instead of from
-standard input or the command-line.
-.TP
.B \-x
Use simple authentication instead of SASL.
.TP
.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
-.BI \-O \ security-properties
-Specify SASL security properties.
-.TP
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
.TP
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
(none)
.fi
.TP
-.BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]
+.BI \-o \ opt \fR[= optparam \fR]
Specify general options.
ldif-wrap=<width> (in columns, or "no" for no wrapping)
.fi
.TP
+.BI \-O \ security-properties
+Specify SASL security properties.
+.TP
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
+.B \-N
+Do not use reverse DNS to canonicalize SASL host name.
+.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
.SH SYNOPSIS
.B ldappasswd
[\c
-.BR \-A ]
-[\c
-.BI \-a \ oldPasswd\fR]
-[\c
-.BI \-t \ oldpasswdfile\fR]
-[\c
-.BI \-D \ binddn\fR]
+.BR \-V [ V ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
-.BI \-H \ ldapuri\fR]
+.BR \-n ]
[\c
-.BI \-h \ ldaphost\fR]
+.BR \-v ]
[\c
-.BR \-n ]
+.BR \-A ]
[\c
-.BI \-p \ ldapport\fR]
+.BI \-a \ oldPasswd\fR]
[\c
-.BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]]
+.BI \-t \ oldpasswdfile\fR]
[\c
.BR \-S ]
[\c
[\c
.BI \-T \ newpasswdfile\fR]
[\c
-.BR \-v ]
+.BR \-x ]
+[\c
+.BI \-D \ binddn\fR]
[\c
.BR \-W ]
[\c
[\c
.BI \-y \ passwdfile\fR]
[\c
+.BI \-H \ ldapuri\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BI \-o \ opt \fR[= optparam \fR]]
+[\c
.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
.BR \-Q ]
[\c
+.BR \-N ]
+[\c
.BI \-U \ authcid\fR]
[\c
.BI \-R \ realm\fR]
[\c
-.BR \-x ]
-[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
and should not be installed as such.
.SH OPTIONS
.TP
-.BI \-A
-Prompt for old password.
-This is used instead of specifying the password on the command line.
-.TP
-.BI \-a \ oldPasswd
-Set the old password to \fIoldPasswd\fP.
-.TP
-.BI \-t \ oldPasswdFile
-Set the old password to the contents of \fIoldPasswdFile\fP.
-.TP
-.B \-x
-Use simple authentication instead of SASL.
-.TP
-.BI \-D \ binddn
-Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL binds, the server is expected to ignore this value.
+.BR \-V [ V ]
+Print version info.
+If \fB\-VV\fP is given, only the version information is printed.
.TP
.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldappasswd
must be compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
-.BI \-H \ ldapuri
-Specify URI(s) referring to the ldap server(s); only the protocol/host/port
-fields are allowed; a list of URI, separated by whitespace or commas
-is expected.
+.B \-n
+Do not set password. (Can be useful when used in conjunction with
+\fB\-v\fP or \fB\-d\fP)
.TP
-.BI \-h \ ldaphost
-Specify an alternate host on which the ldap server is running.
-Deprecated in favor of \fB\-H\fP.
+.B \-v
+Increase the verbosity of output. Can be specified multiple times.
.TP
-.BI \-p \ ldapport
-Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of \fB\-H\fP.
+.BI \-A
+Prompt for old password.
+This is used instead of specifying the password on the command line.
.TP
-.BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]
-
-Specify general options.
-
-General options:
-.nf
- nettimeout=<timeout> (in seconds, or "none" or "max")
- ldif-wrap=<width> (in columns, or "no" for no wrapping)
-.fi
+.BI \-a \ oldPasswd
+Set the old password to \fIoldPasswd\fP.
.TP
-.B \-n
-Do not set password. (Can be useful when used in conjunction with
-\fB\-v\fP or \fB\-d\fP)
+.BI \-t \ oldPasswdFile
+Set the old password to the contents of \fIoldPasswdFile\fP.
.TP
.BI \-S
Prompt for new password.
.BI \-T \ newPasswdFile
Set the new password to the contents of \fInewPasswdFile\fP.
.TP
-.B \-v
-Increase the verbosity of output. Can be specified multiple times.
+.B \-x
+Use simple authentication instead of SASL.
+.TP
+.BI \-D \ binddn
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+For SASL binds, the server is expected to ignore this value.
.TP
.BI \-W
Prompt for bind password.
Use complete contents of \fIpasswdfile\fP as the password for
simple authentication.
.TP
-.BI \-O \ security-properties
-Specify SASL security properties.
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s); only the protocol/host/port
+fields are allowed; a list of URI, separated by whitespace or commas
+is expected.
+.TP
+.BI \-h \ ldaphost
+Specify an alternate host on which the ldap server is running.
+Deprecated in favor of \fB\-H\fP.
+.TP
+.BI \-p \ ldapport
+Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of \fB\-H\fP.
.TP
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
.TP
(none)
.fi
.TP
+.BI \-o \ opt \fR[= optparam \fR]]
+
+Specify general options.
+
+General options:
+.nf
+ nettimeout=<timeout> (in seconds, or "none" or "max")
+ ldif-wrap=<width> (in columns, or "no" for no wrapping)
+.fi
+.TP
+.BI \-O \ security-properties
+Specify SASL security properties.
+.TP
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
+.B \-N
+Do not use reverse DNS to canonicalize SASL host name.
+.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
.SH SYNOPSIS
.B ldapsearch
[\c
+.BR \-V [ V ]]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
.BR \-n ]
[\c
+.BR \-v ]
+[\c
.BR \-c ]
[\c
.BR \-u ]
[\c
-.BR \-v ]
-[\c
.BR \-t [ t ]]
[\c
.BI \-T \ path\fR]
[\c
.BR \-L [ L [ L ]]]
[\c
-.BR \-M [ M ]]
-[\c
.BI \-S \ attribute\fR]
[\c
-.BI \-d \ debuglevel\fR]
+.BI \-b \ searchbase\fR]
+[\c
+.BR \-s \ { base \||\| one \||\| sub \||\| children }]
+[\c
+.BR \-a \ { never \||\| always \||\| search \||\| find }]
+[\c
+.BI \-l \ timelimit\fR]
+[\c
+.BI \-z \ sizelimit\fR]
[\c
.BI \-f \ file\fR]
[\c
+.BR \-M [ M ]]
+[\c
.BR \-x ]
[\c
.BI \-D \ binddn\fR]
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-b \ searchbase\fR]
-[\c
-.BR \-s \ { base \||\| one \||\| sub \||\| children }]
-[\c
-.BR \-a \ { never \||\| always \||\| search \||\| find }]
-[\c
.BR \-P \ { 2 \||\| 3 }]
[\c
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
-.BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]]
-[\c
-.BI \-l \ timelimit\fR]
-[\c
-.BI \-z \ sizelimit\fR]
+.BI \-o \ opt \fR[= optparam \fR]]
[\c
.BI \-O \ security-properties\fR]
[\c
[\c
.BR \-Q ]
[\c
+.BR \-N ]
+[\c
.BI \-U \ authcid\fR]
[\c
.BI \-R \ realm\fR]
Option \fI\-L\fP controls the format of the output.
.SH OPTIONS
.TP
+.BR \-V [ V ]
+Print version info.
+If \fB\-VV\fP is given, only the version information is printed.
+.TP
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldapsearch
+must be compiled with LDAP_DEBUG defined for this option to have any effect.
+.TP
.B \-n
Show what would be done, but don't actually perform the search. Useful for
debugging in conjunction with \fB\-v\fP.
.TP
+.B \-v
+Run in verbose mode, with many diagnostics written to standard output.
+.TP
.B \-c
Continuous operation mode. Errors are reported, but ldapsearch will continue
with searches. The default is to exit after reporting an error. Only useful
Include the User Friendly Name form of the Distinguished Name (DN)
in the output.
.TP
-.B \-v
-Run in verbose mode, with many diagnostics written to standard output.
-.TP
.BR \-t [ t ]
A single \fB\-t\fP writes retrieved non-printable values to a set of temporary
files. This is useful for dealing with values containing non-character
A third \fB\-L\fP disables printing of the LDIF version.
The default is to use an extended version of LDIF.
.TP
-.BR \-M [ M ]
-Enable manage DSA IT control.
-.B \-MM
-makes control critical.
-.TP
.BI \-S \ attribute
Sort the entries returned based on \fIattribute\fP. The default is not
to sort entries returned. If \fIattribute\fP is a zero-length string (""),
option defeats this behavior, causing all entries to be retrieved,
then sorted, then printed.
.TP
-.BI \-d \ debuglevel
-Set the LDAP debugging level to \fIdebuglevel\fP.
-.B ldapsearch
-must be compiled with LDAP_DEBUG defined for this option to have any effect.
+.BI \-b \ searchbase
+Use \fIsearchbase\fP as the starting point for the search instead of
+the default.
+.TP
+.BR \-s \ { base \||\| one \||\| sub \||\| children }
+Specify the scope of the search to be one of
+.BR base ,
+.BR one ,
+.BR sub ,
+or
+.B children
+to specify a base object, one-level, subtree, or children search.
+The default is
+.BR sub .
+Note:
+.I children
+scope requires LDAPv3 subordinate feature extension.
+.TP
+.BR \-a \ { never \||\| always \||\| search \||\| find }
+Specify how aliases dereferencing is done. Should be one of
+.BR never ,
+.BR always ,
+.BR search ,
+or
+.B find
+to specify that aliases are never dereferenced, always dereferenced,
+dereferenced when searching, or dereferenced only when locating the
+base object for the search. The default is to never dereference aliases.
+.TP
+.BI \-l \ timelimit
+wait at most \fItimelimit\fP seconds for a search to complete.
+A timelimit of
+.I 0
+(zero) or
+.I none
+means no limit.
+A timelimit of
+.I max
+means the maximum integer allowable by the protocol.
+A server may impose a maximal timelimit which only
+the root user may override.
+.TP
+.BI \-z \ sizelimit
+retrieve at most \fIsizelimit\fP entries for a search.
+A sizelimit of
+.I 0
+(zero) or
+.I none
+means no limit.
+A sizelimit of
+.I max
+means the maximum integer allowable by the protocol.
+A server may impose a maximal sizelimit which only
+the root user may override.
.TP
.BI \-f \ file
Read a series of lines from \fIfile\fP, performing one LDAP search for
will exit when the first non-successful search result is returned,
unless \fB\-c\fP is used.
.TP
+.BR \-M [ M ]
+Enable manage DSA IT control.
+.B \-MM
+makes control critical.
+.TP
.B \-x
Use simple authentication instead of SASL.
.TP
Specify an alternate TCP port where the ldap server is listening.
Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-b \ searchbase
-Use \fIsearchbase\fP as the starting point for the search instead of
-the default.
-.TP
-.BR \-s \ { base \||\| one \||\| sub \||\| children }
-Specify the scope of the search to be one of
-.BR base ,
-.BR one ,
-.BR sub ,
-or
-.B children
-to specify a base object, one-level, subtree, or children search.
-The default is
-.BR sub .
-Note:
-.I children
-scope requires LDAPv3 subordinate feature extension.
-.TP
-.BR \-a \ { never \||\| always \||\| search \||\| find }
-Specify how aliases dereferencing is done. Should be one of
-.BR never ,
-.BR always ,
-.BR search ,
-or
-.B find
-to specify that aliases are never dereferenced, always dereferenced,
-dereferenced when searching, or dereferenced only when locating the
-base object for the search. The default is to never dereference aliases.
-.TP
.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
[!]<oid>[=<value>]
.fi
.TP
-.BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]
+.BI \-o \ opt \fR[= optparam \fR]
Specify general options.
ldif-wrap=<width> (in columns, or "no" for no wrapping)
.fi
.TP
-.BI \-l \ timelimit
-wait at most \fItimelimit\fP seconds for a search to complete.
-A timelimit of
-.I 0
-(zero) or
-.I none
-means no limit.
-A timelimit of
-.I max
-means the maximum integer allowable by the protocol.
-A server may impose a maximal timelimit which only
-the root user may override.
-.TP
-.BI \-z \ sizelimit
-retrieve at most \fIsizelimit\fP entries for a search.
-A sizelimit of
-.I 0
-(zero) or
-.I none
-means no limit.
-A sizelimit of
-.I max
-means the maximum integer allowable by the protocol.
-A server may impose a maximal sizelimit which only
-the root user may override.
-.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
+.B \-N
+Do not use reverse DNS to canonicalize SASL host name.
+.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
.SH SYNOPSIS
.B ldapwhoami
[\c
+.BR \-V [ V ]]
+[\c
+.BI \-d \ debuglevel\fR]
+[\c
.BR \-n ]
[\c
.BR \-v ]
[\c
-.BR \-z ]
-[\c
-.BI \-d \ debuglevel\fR]
+.BR \-x ]
[\c
.BI \-D \ binddn\fR]
[\c
[\c
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
-.BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]]
+.BI \-o \ opt \fR[= optparam \fR]]
[\c
.BI \-O \ security-properties\fR]
[\c
[\c
.BR \-Q ]
[\c
+.BR \-N ]
+[\c
.BI \-U \ authcid\fR]
[\c
.BI \-R \ realm\fR]
[\c
-.BR \-x ]
-[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
operation.
.SH OPTIONS
.TP
+.BR \-V [ V ]
+Print version info.
+If \fB\-VV\fP is given, only the version information is printed.
+.TP
+.BI \-d \ debuglevel
+Set the LDAP debugging level to \fIdebuglevel\fP.
+.B ldapwhoami
+must be compiled with LDAP_DEBUG defined for this option to have any effect.
+.TP
.B \-n
Show what would be done, but don't actually perform the whoami operation.
Useful for
.B \-v
Run in verbose mode, with many diagnostics written to standard output.
.TP
-.BI \-d \ debuglevel
-Set the LDAP debugging level to \fIdebuglevel\fP.
-.B ldapwhoami
-must be compiled with LDAP_DEBUG defined for this option to have any effect.
-.TP
.B \-x
Use simple authentication instead of SASL.
.TP
Specify an alternate TCP port where the ldap server is listening.
Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-O \ security-properties
-Specify SASL security properties.
-.TP
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
.TP
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
(none)
.fi
.TP
-.BR \-o \ \fIopt\fP [ =\fIoptparam\fP ]
+.BI \-o \ opt \fR[= optparam \fR]
Specify general options.
ldif-wrap=<width> (in columns, or "no" for no wrapping)
.fi
.TP
+.BI \-O \ security-properties
+Specify SASL security properties.
+.TP
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
+.B \-N
+Do not use reverse DNS to canonicalize SASL host name.
+.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
projects / openldap / commitdiff