DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

ldapcompare(1)




LDAPCOMPARE(1)           USER COMMANDS             LDAPCOMPARE(1)


NAME

     ldapcompare - LDAP compare tool


SYNOPSIS

     ldapcompare [-n] [-v] [-z] [-k] [-K] [-M[M]] [-d debuglevel]
     [-D binddn]  [-W]  [-w passwd]  [-y passwdfile] [-H ldapuri]
     [-h ldaphost]    [-p ldapport]    [-P 2|3]     [-O security-
     properties]   [-I]   [-Q]   [-U authcid]   [-R realm]   [-x]
     [-X authzid]    [-Y mech]    [-Z[Z]]    DN <    attr:value |
     attr::b64value >


DESCRIPTION

     ldapcompare  is  a   shell-accessible   interface   to   the
     ldap_compare(3) library call.

     ldapcompare opens a connection to an LDAP server, binds, and
     performs  a  compare  using  specified  parameters.   The DN
     should be a  distinguished  name  in  the  directory.   Attr
     should  be a known attribute.  If followed by one colon, the
     assertion value should be provided as a string.  If followed
     by two colons, the base64 encoding of the value is provided.
     The result code of the compare is provided as the exit  code
     and,  unless ran with -z, the program prints TRUE, FALSE, or
     UNDEFINED on standard output.


OPTIONS

     -n   Show what would be done, but don't actually perform the
          compare.  Useful for debugging in conjunction with -v.

     -v   Run in verbose mode, with many diagnostics  written  to
          standard output.

     -z   Run in quiet mode, no  output  is  written.   You  must
          check the return status.  Useful in shell scripts.

     -k   Use  Kerberos  IV  authentication  instead  of   simple
          authentication.   It is assumed that you already have a
          valid ticket granting ticket.  ldapcompare must be com-
          piled with Kerberos support for this option to have any
          effect.

     -K   Same as -k, but only does step 1  of  the  Kerberos  IV
          bind.   This  is  useful when connecting to a slapd and
          there is no x500dsa.hostname principal registered  with
          your Kerberos Domain Controller(s).

     -M[M]
          Enable manage DSA IT control.  -MM makes control criti-
          cal.

     -d debuglevel
          Set   the   LDAP   debugging   level   to   debuglevel.

OpenLDAP LDVERSION  Last change: RELEASEDATE                    1

LDAPCOMPARE(1)           USER COMMANDS             LDAPCOMPARE(1)

          ldapcompare  must  be  compiled with LDAP_DEBUG defined
          for this option to have any effect.

     -x   Use simple authentication instead of SASL.

     -D binddn
          Use the Distinguished Name binddn to bind to  the  LDAP
          directory.

     -W   Prompt for simple authentication.  This is used instead
          of specifying the password on the command line.

     -w passwd
          Use passwd as the password for simple authentication.

     -y passwdfile
          Use complete contents of passwdfile as the password for
          simple authentication.

     -H ldapuri
          Specify URI(s) referring to the ldap server(s).

     -h ldaphost
          Specify an alternate host on which the ldap  server  is
          running.  Deprecated in favor of -H.

     -p ldapport
          Specify an alternate TCP port where the ldap server  is
          listening.  Deprecated in favor of -H.

     -P 2|3
          Specify the LDAP protocol version to use.

     -O security-properties
          Specify SASL security properties.

     -I   Enable SASL Interactive mode.  Always prompt.   Default
          is to prompt only as needed.

     -Q   Enable SASL Quiet mode.  Never prompt.

     -U authcid
          Specify the authentication ID for SASL bind.  The  form
          of the ID depends on the actual SASL mechanism used.

     -R realm
          Specify the realm of authentication ID for  SASL  bind.
          The  form  of  the  realm  depends  on  the actual SASL
          mechanism used.

     -X authzid
          Specify the requested authorization ID for  SASL  bind.

OpenLDAP LDVERSION  Last change: RELEASEDATE                    2

LDAPCOMPARE(1)           USER COMMANDS             LDAPCOMPARE(1)

          authzid   must   be   one  of  the  following  formats:
          dn:<distinguished name> or u:<username>

     -Y mech
          Specify the SASL mechanism to be used  for  authentica-
          tion.  If  it's  not specified, the program will choose
          the best mechanism the server knows.

     -Z[Z]
          Issue  StartTLS  (Transport  Layer  Security)  extended
          operation. If you use -ZZ, the command will require the
          operation to be successful.


EXAMPLES

         ldapcompare "uid=babs,dc=example,dc=com"  sn:Jensen
         ldapcompare "uid=babs,dc=example,dc=com"  sn::SmVuc2Vu
     are all equivalent.


LIMITATIONS

     Requiring the value be passed on the command line is  limit-
     ing  and  introduces  some  security  concerns.  The command
     should support a mechanism to  specify  the  location  (file
     name or URL) to read the value from.


SEE ALSO

     ldap.conf(5), ldif(5), ldap(3), ldap_compare(3)


AUTHOR

     The OpenLDAP Project <http://www.openldap.org/>


ACKNOWLEDGEMENTS

     OpenLDAP is developed and maintained by The OpenLDAP Project
     (http://www.openldap.org/).    OpenLDAP   is   derived  from
     University of Michigan LDAP 3.3 Release.

OpenLDAP LDVERSION  Last change: RELEASEDATE                    3


Man(1) output converted with man2html