LDAPDELETE(1) User Commands LDAPDELETE(1)

NAME


ldapdelete - ldap delete entry tool

SYNOPSIS


ldapdelete [-n] [-v] [-c] [-d debuglevel] [-f file]
[-D bindDN] [-w passwd | -j file] [-J [:criticality]]
[-?] [-H] [-h ldaphost] [-V version] [-i locale]
[-k path] [-P path] [-N certificate] [-y proxyid]
[-p ldapport] [-O hoplimit] [-o attributename=value]
[-W password] [dn]...


DESCRIPTION


The ldapdelete utility opens a connection to an LDAP server, then
binds and deletes one or more entries. If one or more dn arguments
are provided, entries with those distinguished names are deleted. If
no dn arguments are provided, a list of DNs is read from file, if the
-f option is specified, or from standard input.

OPTIONS


The following options are supported:

-a

Bypass confirmation question when deleting a branch.


-c

Continuous operation mode. Errors are reported, but ldapdelete
will continue with deletions. The default is to exit after
reporting an error.


-d debuglevel

Sets the LDAP debugging level. Useful levels of debugging for
ldapdelete are:

1
Trace


2
Packets


4
Arguments


32
Filters


128
Access control

To request more than one category of debugging information, add
the masks. For example, to request trace and filter information,
specify a debuglevel of 33.


-D bindDN

Uses the distinguished name bindDN to bind to the directory.


-E

Ask server to expose (report) bind identity by means of
authentication response control.


-f file

Reads the entry deletion information from file instead of from
standard input.


-?

Display the usage help text that briefly describes all options.


-H

Display the usage help text that briefly describes all options.


-h ldaphost

Specifies an alternate host on which the LDAP server is running.


-i locale

Specify the character set to use for command-line input. The
default is the character set specified in the LANG environment
variable. You might want to use this option to perform the
conversion from the specified character set to UTF8, thus
overriding the LANG setting.

Using this argument, you can input the bind DN and the target DNs
in the specified character set. The ldapdelete tool converts the
input from these arguments before it processes the search
request. For example, -i no indicates that the bind DN and target
DNs are provided in Norwegian.

This option affects only the command-line input. That is, if you
specify a file containing DNs (with the -f option), ldapdelete
will not convert the data in the file.


-j filename

Specify a file containing the password for the bind DN or the
password for the SSL client's key database. To protect the
password, use this option in scripts and place the password in a
secure file. This option is mutually exclusive of the -w and -W
options. The -j option is the more secure alternative between -j
and -w/-W.


-J [:criticality[:value|::b64value|b64value|:fileurl]]

Criticality is a boolean value (default is false).


-k path

Specify the path to a directory containing conversion routines.
These routines are used if you want to specify a locale that is
not supported by default by your directory server. This is for
NLS support.


-M

Manage smart referrals. When they are the target of the
operation, delete the actual entry containing the referral
instead of the entry obtained by following the referral.


-n

Shows what would be done, but does not actually delete entries.
Useful in conjunction with options -v and -d for debugging.


-N certificate

Specify the certificate name to use for certificate-based client
authentication. For example: -N "Directory-Cert".


-o attributename=value

For SASL mechanisms and other options such as security
properties, mode of operation, authorization ID, authentication
ID, and so forth.

The different attribute names and their values are as follows:

secProp="number"
For defining SASL security properties.


realm="value"
Specifies SASL realm (default is realm=none).


authzid="value"
Specify the authorization ID name for SASL
bind.


authid="value"
Specify the authentication ID for SASL bind.


mech="value"
Specifies the various SASL mechanisms.


-O hopLimit

Specify the maximum number of referral hops to follow while
finding an entry to delete. By default, there is no limit.


-p ldapport

Specifies an alternate TCP port where the LDAP server is
listening.


-P path

Specify the path and filename of the client's certificate
database. For example:

-P /home/uid/.netscape/cert7.db

When using the command on the same host as the directory server,
you can use the server's own certificate database. For example:

-P installDir/lapd-serverID/alias/cert7.db

Use the -P option alone to specify server authentication only.


-v

Uses verbose mode, with diagnostics written to standard output.


-V version

Specify the LDAP protocol version number to be used for the
delete operation, either 2 or 3. LDAP v3 is the default. Specify
LDAP v2 when connecting to servers that do not support v3.


-W password

Specify the password for the client's key database given in the
-P option. This option is required for certificate-based client
authentication. Specifying password on the command line has
security issues because the password can be seen by others on the
system by means of the ps command. Use the -j instead to specify
the password from the file. This option is mutually exclusive of
-j.


-w passwd

Use passwd as the password for authentication to the directory.
When you use -w passwd to specify the password to be used for
authentication, the password is visible to other users of the
system by means of the ps command, in script files or in shell
history. If you use the ldapdelete command without this option,
the command will prompt for the password and read it from
standard in. When used without the -w option, the password will
not be visible to other users.


-Y proxyid

Specify the proxy DN (proxied authorization id) to use for the
delete operation, usually in double quotes ("") for the shell.


-Z

Specify that SSL be used to provide certificate-based client
authentication. This option requires the -N and SSL password and
any other of the SSL options needed to identify the certificate
and the key database.


OPERANDS


The following operand is supported:

dn
Specifies one or several distinguished names of entries to
delete.


EXAMPLES


Example 1: Deleting an Entry




To delete the entry named with commonName Delete Me directly below
the XYZ Corporation organizational entry, use the following command:


example% ldapdelete -D "cn=Administrator, o=XYZ, c=US" \
"cn=Delete Me, o=XYZ, c=US"


Example 2: Deleting an Entry Using SASL Authentication




To delete the entry named with commonName "Delete Me" directly below
the XYZ Corporation organizational entry, use the following command:


example% ldapdelete -o mech=DIGEST-MD5 -o secProp=noanonymous \
-o realm=none -o authid="dn:uid=foo,o=XYZ, c=US" \
"cn=Delete Me, o=XYZ, c=US"


ATTRIBUTES


See attributes(7) for a description of the following attributes:


+----------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|Stability Level | Evolving |
+----------------+-----------------+

EXIT STATUS


The following exit values are returned:

0
Successful completion.


Non-zero
An error occurred. A diagnostic message is written to
standard error.


SEE ALSO


ldapadd(1), ldapmodify(1), ldapmodrdn(1), ldapsearch(1),
ldap_get_option(3LDAP), ldap_set_option(3LDAP), attributes(7)

NOTES


The -M authentication option is obsolete.

January 15, 2004 LDAPDELETE(1)
tribblix@gmail.com :: GitHub :: Privacy