ldapdelete.1 6.37 KB
Newer Older
1
.TH LDAPDELETE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
Kurt Zeilenga's avatar
Kurt Zeilenga committed
2
.\" $OpenLDAP$
Kurt Zeilenga's avatar
Kurt Zeilenga committed
3
.\" Copyright 1998-2012 The OpenLDAP Foundation All Rights Reserved.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
5
.SH NAME
Kurt Zeilenga's avatar
Kurt Zeilenga committed
6
ldapdelete \- LDAP delete entry tool
Kurt Zeilenga's avatar
Kurt Zeilenga committed
7
8
.SH SYNOPSIS
.B ldapdelete
9
[\c
10
11
12
13
.BR \-V [ V ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
14
15
16
17
18
19
.BR \-n ]
[\c
.BR \-v ]
[\c
.BR \-c ]
[\c
20
.BI \-f \ file\fR]
21
[\c
22
.BR \-r ]
23
[\c
24
25
26
27
28
.BI \-z \ sizelimit\fR]
[\c
.BR \-M [ M ]]
[\c
.BR \-x ]
29
30
31
[\c
.BI \-D \ binddn\fR]
[\c
32
33
.BR \-W ]
[\c
34
35
.BI \-w \ passwd\fR]
[\c
Kurt Zeilenga's avatar
Add -y.    
Kurt Zeilenga committed
36
37
.BI \-y \ passwdfile\fR]
[\c
Kurt Zeilenga's avatar
Kurt Zeilenga committed
38
39
.BI \-H \ ldapuri\fR]
[\c
40
41
.BI \-h \ ldaphost\fR]
[\c
42
43
.BI \-p \ ldapport\fR]
[\c
44
.BR \-P \ { 2 \||\| 3 }]
45
[\c
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
46
47
48
49
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
[\c
50
.BI \-o \ opt \fR[= optparam \fR]]
51
[\c
52
.BI \-O \ security-properties\fR]
53
[\c
54
.BR \-I ]
Kurt Zeilenga's avatar
Kurt Zeilenga committed
55
[\c
56
.BR \-Q ]
57
[\c
58
.BR \-N ]
Kurt Zeilenga's avatar
Kurt Zeilenga committed
59
[\c
60
.BI \-U \ authcid\fR]
Kurt Zeilenga's avatar
Kurt Zeilenga committed
61
[\c
62
.BI \-R \ realm\fR]
Kurt Zeilenga's avatar
Kurt Zeilenga committed
63
[\c
64
65
66
67
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
68
.BR \-Z [ Z ]]
69
[\c
70
.IR DN \ [ ... ]]
Kurt Zeilenga's avatar
Kurt Zeilenga committed
71
72
73
.SH DESCRIPTION
.I ldapdelete
is a shell-accessible interface to the
74
.BR ldap_delete_ext (3)
Kurt Zeilenga's avatar
Kurt Zeilenga committed
75
76
77
78
library call.
.LP
.B ldapdelete
opens a connection to an LDAP server, binds, and deletes one or more
Kurt Zeilenga's avatar
Kurt Zeilenga committed
79
80
entries.  If one or more \fIDN\fP arguments are provided, entries with
those Distinguished Names are deleted.  Each \fIDN\fP should be provided
Kurt Zeilenga's avatar
Kurt Zeilenga committed
81
using the LDAPv3 string representation as defined in RFC 4514.
82
If no \fIDN\fP arguments
Kurt Zeilenga's avatar
Kurt Zeilenga committed
83
are provided, a list of DNs is read from standard input (or from
84
\fIfile\fP if the \fB\-f\fP flag is used).
Kurt Zeilenga's avatar
Kurt Zeilenga committed
85
86
.SH OPTIONS
.TP
87
88
89
90
91
92
93
94
95
.BR \-V [ V ]
Print version info.
If \fB\-VV\fP is given, only the version information is printed.
.TP
.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldapdelete
must be compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
Kurt Zeilenga's avatar
Kurt Zeilenga committed
96
97
.B \-n
Show what would be done, but don't actually delete entries.  Useful for
98
debugging in conjunction with \fB\-v\fP.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
99
100
101
102
103
104
105
106
107
108
.TP
.B \-v
Use verbose mode, with many diagnostics written to standard output.
.TP
.B \-c
Continuous operation mode.  Errors  are  reported,  but
.B ldapdelete
will  continue  with  deletions.   The default is to exit after
reporting an error.
.TP
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
.BI \-f \ file
Read a series of DNs from \fIfile\fP, one per line, performing an
LDAP delete for each.
.TP
.B \-r
Do a recursive delete.  If the DN specified isn't a leaf, its
children, and all their children are deleted down the tree.  No
verification is done, so if you add this switch, ldapdelete will
happily delete large portions of your tree.  Use with care.
.TP
.BI \-z \ sizelimit
Use \fIsizelimit\fP when searching for children DN to delete,
to circumvent any server-side size limit.  Only useful in conjunction
with \fB\-r\fP.
.TP
124
.BR \-M [ M ]
125
126
127
128
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
Kurt Zeilenga's avatar
Kurt Zeilenga committed
129
130
131
.B \-x 
Use simple authentication instead of SASL.
.TP
132
.BI \-D \ binddn
Kurt Zeilenga's avatar
Kurt Zeilenga committed
133
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
134
For SASL binds, the server is expected to ignore this value.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
135
.TP
136
137
138
139
.B \-W
Prompt for simple authentication.
This is used instead of specifying the password on the command line.
.TP
140
.BI \-w \ passwd
Kurt Zeilenga's avatar
Kurt Zeilenga committed
141
142
Use \fIpasswd\fP as the password for simple authentication.
.TP
Kurt Zeilenga's avatar
Add -y.    
Kurt Zeilenga committed
143
144
145
146
.BI \-y \ passwdfile
Use complete contents of \fIpasswdfile\fP as the password for
simple authentication.
.TP
Kurt Zeilenga's avatar
Kurt Zeilenga committed
147
.BI \-H \ ldapuri
148
149
150
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
fields are allowed; a list of URI, separated by whitespace or commas
is expected.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
151
.TP
152
.BI \-h \ ldaphost
Kurt Zeilenga's avatar
Kurt Zeilenga committed
153
Specify an alternate host on which the ldap server is running.
154
Deprecated in favor of \fB\-H\fP.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
155
.TP
156
.BI \-p \ ldapport
Kurt Zeilenga's avatar
Kurt Zeilenga committed
157
Specify an alternate TCP port where the ldap server is listening.
158
Deprecated in favor of \fB\-H\fP.
159
.TP
160
.BR \-P \ { 2 \||\| 3 }
161
Specify the LDAP protocol version to use.
Gary Williams's avatar
Gary Williams committed
162
.TP
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
163
164
165
166
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
.TP
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]

Pierangelo Masarati's avatar
Pierangelo Masarati committed
167
Specify general extensions with \fB\-e\fP and delete extensions with \fB\-E\fP.
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
168
169
170
171
\'\fB!\fP\' indicates criticality.

General extensions:
.nf
Pierangelo Masarati's avatar
Pierangelo Masarati committed
172
173
174
175
  [!]assert=<filter>    (an RFC 4515 Filter)
  !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
  [!]bauthzid           (RFC 3829 authzid control)
  [!]chaining[=<resolve>[/<cont>]]
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
176
177
178
  [!]manageDSAit
  [!]noop
  ppolicy
Pierangelo Masarati's avatar
Pierangelo Masarati committed
179
180
181
182
183
184
185
  [!]postread[=<attrs>] (a comma-separated attribute list)
  [!]preread[=<attrs>]  (a comma-separated attribute list)
  [!]relax
  sessiontracking
  abandon,cancel,ignore (SIGINT sends abandon/cancel,
  or ignores response; if critical, doesn't wait for SIGINT.
  not really controls)
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
186
187
.fi

Pierangelo Masarati's avatar
Pierangelo Masarati committed
188
Delete extensions:
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
189
.nf
Pierangelo Masarati's avatar
Pierangelo Masarati committed
190
  (none)
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
191
192
.fi
.TP
193
.BI \-o \ opt \fR[= optparam \fR]
194
195
196
197
198
199
200
201
202

Specify general options.

General options:
.nf
  nettimeout=<timeout>  (in seconds, or "none" or "max")
  ldif-wrap=<width>     (in columns, or "no" for no wrapping)
.fi
.TP
Kurt Zeilenga's avatar
Kurt Zeilenga committed
203
204
.BI \-O \ security-properties
Specify SASL security properties.
205
.TP
Kurt Zeilenga's avatar
Kurt Zeilenga committed
206
207
208
209
210
211
212
.B \-I
Enable SASL Interactive mode.  Always prompt.  Default is to prompt
only as needed.
.TP
.B \-Q
Enable SASL Quiet mode.  Never prompt.
.TP
213
214
215
.B \-N
Do not use reverse DNS to canonicalize SASL host name.
.TP
216
217
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the identity depends on the
218
219
actual SASL mechanism used.
.TP
Kurt Zeilenga's avatar
Kurt Zeilenga committed
220
221
222
223
.BI \-R \ realm
Specify the realm of authentication ID for SASL bind. The form of the realm
depends on the actual SASL mechanism used.
.TP
224
225
226
227
.BI \-X \ authzid
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
228
.BI dn: "<distinguished name>"
229
or
230
.BI u: <username>
231
232
233
234
235
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
236
.BR \-Z [ Z ]
237
Issue StartTLS (Transport Layer Security) extended operation. If you use
238
\fB\-ZZ\fP, the command will require the operation to be successful.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
239
240
241
242
.SH EXAMPLE
The following command:
.LP
.nf
Kurt Zeilenga's avatar
Kurt Zeilenga committed
243
    ldapdelete "cn=Delete Me,dc=example,dc=com"
Kurt Zeilenga's avatar
Kurt Zeilenga committed
244
245
.fi
.LP
Kurt Zeilenga's avatar
Kurt Zeilenga committed
246
will attempt to delete the entry named "cn=Delete Me,dc=example,dc=com".
Kurt Zeilenga's avatar
Kurt Zeilenga committed
247
248
Of course it would probably be necessary to supply authentication
credentials.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
249
250
251
252
.SH DIAGNOSTICS
Exit status is 0 if no errors occur.  Errors result in a non-zero exit
status and a diagnostic message being written to standard error.
.SH "SEE ALSO"
253
.BR ldap.conf (5),
Kurt Zeilenga's avatar
Kurt Zeilenga committed
254
255
256
257
258
.BR ldapadd (1),
.BR ldapmodify (1),
.BR ldapmodrdn (1),
.BR ldapsearch (1),
.BR ldap (3),
259
.BR ldap_delete_ext (3)
Kurt Zeilenga's avatar
Kurt Zeilenga committed
260
261
.SH AUTHOR
The OpenLDAP Project <http://www.openldap.org/>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
262
.SH ACKNOWLEDGEMENTS
263
.so ../Project