Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Apropos / Subsearch:
optional field

ldapdelete(1)                    User Commands                   ldapdelete(1)

       ldapdelete - ldap delete entry tool

       ldapdelete   [-n]   [-v]  [-c]  [-d debuglevel]  [-f file]  [-D bindDN]
       [-w passwd | -j file]  [-J   [:criticality]]  [-?]  [-H]  [-h ldaphost]
       [-V version] [-i locale] [-k path] [-P path] [-N certificate] [-y prox-
       yid] [-p ldapport] [-O hoplimit] [-o attributename=value] [-W password]

       The ldapdelete utility opens a connection to an LDAP server, then binds
       and deletes one or more entries. If one or more dn arguments  are  pro-
       vided,  entries  with  those  distinguished names are deleted. If no dn
       arguments are provided, a list of DNs is read  from  file,  if  the  -f
       option is specified, or from standard input.

       The following options are supported:


           Bypass confirmation question when deleting a branch.


           Continuous operation mode. Errors are reported, but ldapdelete will
           continue with deletions. The default is to exit after reporting  an

       -d debuglevel

           Sets  the  LDAP  debugging  level.  Useful  levels of debugging for
           ldapdelete are:

           1        Trace

           2        Packets

           4        Arguments

           32       Filters

           128      Access control

           To request more than one category of debugging information, add the
           masks.  For example, to request trace and filter information, spec-
           ify a debuglevel of 33.

       -D bindDN

           Uses the distinguished name bindDN to bind to the directory.


           Ask server to expose (report) bind identity by means of authentica-
           tion response control.

       -f file

           Reads  the  entry  deletion  information  from file instead of from
           standard input.


           Display the usage help text that briefly describes all options.


           Display the usage help text that briefly describes all options.

       -h ldaphost

           Specifies an alternate host on which the LDAP server is running.

       -i locale

           Specify the character  set  to  use  for  command-line  input.  The
           default  is  the  character  set  specified in the LANG environment
           variable. You might want to use this option to perform the  conver-
           sion  from the specified character set to UTF8, thus overriding the
           LANG setting.

           Using this argument, you can input the bind DN and the  target  DNs
           in  the  specified  character set. The ldapdelete tool converts the
           input from these arguments before it processes the search  request.
           For  example,  -i  no indicates that the bind DN and target DNs are
           provided in Norwegian.

           This option affects only the command-line input. That  is,  if  you
           specify a file containing DNs (with the -f option), ldapdelete will
           not convert the data in the file.

       -j filename

           Specify a file containing the password for the bind DN or the pass-
           word  for  the  SSL client's key database. To protect the password,
           use this option in scripts and place the password in a secure file.
           This  option is mutually exclusive of the -w and -W options. The -j
           option is the more secure alternative between -j and -w/-W.

       -J [:criticality[:value|::b64value|b64value|:fileurl]]

           Criticality is a boolean value (default is false).

       -k path

           Specify the path to a  directory  containing  conversion  routines.
           These routines are used if you want to specify a locale that is not
           supported by default by your directory server. This is for NLS sup-


           Manage  smart referrals. When they are the target of the operation,
           delete the actual entry containing  the  referral  instead  of  the
           entry obtained by following the referral.


           Shows  what  would  be  done, but does not actually delete entries.
           Useful in conjunction with options -v and -d for debugging.

       -N certificate

           Specify the certificate name to use  for  certificate-based  client
           authentication. For example: -N "Directory-Cert".

       -o attributename=value

           For  SASL mechanisms and other options such as security properties,
           mode of operation, authorization  ID,  authentication  ID,  and  so

           The different attribute names and their values are as follows:


               For defining SASL security properties.


               Specifies SASL realm (default is realm=none).


               Specify the authorization ID name for SASL bind.


               Specify the authentication ID for SASL bind.


               Specifies the various SASL mechanisms.

       -O hopLimit

           Specify the maximum number of referral hops to follow while finding
           an entry to delete. By default, there is no limit.

       -p ldapport

           Specifies an alternate TCP port where the LDAP server is listening.

       -P path

           Specify the path and filename of the client's certificate database.
           For example:

           -P /home/uid/.netscape/cert7.db

           When  using  the  command on the same host as the directory server,
           you can use the server's own certificate database. For example:

           -P installDir/lapd-serverID/alias/cert7.db

           Use the -P option alone to specify server authentication only.


           Uses verbose mode, with diagnostics written to standard output.

       -V version

           Specify the LDAP protocol version number to be used for the  delete
           operation,  either  2 or 3. LDAP v3 is the default. Specify LDAP v2
           when connecting to servers that do not support v3.

       -W password

           Specify the password for the client's key database given in the  -P
           option.  This  option  is  required  for  certificate-based  client
           authentication. Specifying password on the command line  has  secu-
           rity  issues because the password can be seen by others on the sys-
           tem by means of the ps command. Use the -j instead to  specify  the
           password from the file. This option is mutually exclusive of -j.

       -w passwd

           Use  passwd  as  the  password for authentication to the directory.
           When you use -w passwd to specify  the  password  to  be  used  for
           authentication,  the password is visible to other users of the sys-
           tem by means of the ps command, in script files or  in  shell  his-
           tory.  If  you  use the ldapdelete command without this option, the
           command will prompt for the password and read it from standard  in.
           When  used  without the -w option, the password will not be visible
           to other users.

       -Y proxyid

           Specify the proxy DN (proxied authorization  id)  to  use  for  the
           delete operation, usually in double quotes ("") for the shell.


           Specify  that  SSL  be  used  to  provide  certificate-based client
           authentication. This option requires the -N and  SSL  password  and
           any other of the SSL options needed to identify the certificate and
           the key database.

       The following operand is supported:

       dn       Specifies one or several distinguished  names  of  entries  to

       Example 1: Deleting an Entry

       To  delete the entry named with commonName Delete Me directly below the
       XYZ Corporation organizational entry, use the following command:

       example% ldapdelete -D "cn=Administrator, o=XYZ, c=US" \
         "cn=Delete Me, o=XYZ, c=US"

       Example 2: Deleting an Entry Using SASL Authentication

       To delete the entry named with commonName "Delete  Me"  directly  below
       the XYZ Corporation organizational entry, use the following command:

       example% ldapdelete -o mech=DIGEST-MD5 -o secProp=noanonymous \
       -o realm=none -o authid="dn:uid=foo,o=XYZ, c=US"  \
       "cn=Delete Me, o=XYZ, c=US"

       See attributes(5) for a description of the following attributes:

       tab()     allbox;     cw(2.750000i)|    cw(2.750000i)    lw(2.750000i)|
       lw(2.750000i).  ATTRIBUTE TYPEATTRIBUTE VALUE AvailabilitySUNWcsu  Sta-
       bility LevelEvolving

       The following exit values are returned:

       0               Successful completion.

       Non-zero        An  error  occurred. A diagnostic message is written to
                       standard error.

       ldapadd(1),      ldapmodify(1),      ldapmodrdn(1),      ldapsearch(1),
       ldap_get_option(3LDAP), ldap_set_option(3LDAP), attributes(5)

       The -M authentication option is obsolete.

SunOS 5.10                        15 Jan 2004                    ldapdelete(1)