DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

ldapdelete(1)




LDAPDELETE(1)            USER COMMANDS              LDAPDELETE(1)


NAME

     ldapdelete - LDAP delete entry tool


SYNOPSIS

     ldapdelete [-n] [-v] [-k] [-K] [-c] [-M[M]]  [-d debuglevel]
     [-f file]   [-D binddn]   [-W]  [-w passwd]  [-y passwdfile]
     [-H ldapuri]    [-h ldaphost]     [-P 2|3]     [-p ldapport]
     [-O security-properties]  [-U authcid]  [-R realm] [-x] [-I]
     [-Q] [-X authzid] [-Y mech] [-Z[Z]] [dn]...


DESCRIPTION

     ldapdelete  is   a   shell-accessible   interface   to   the
     ldap_delete(3) library call.

     ldapdelete opens a connection to an LDAP server, binds,  and
     deletes  one  or  more entries.  If one or more DN arguments
     are provided, entries with  those  Distinguished  Names  are
     deleted.  Each DN should be provided using the LDAPv3 string
     representation as defined in RFC 2253.  If no  dn  arguments
     are  provided, a list of DNs is read from standard input (or
     from file if the -f flag is used).


OPTIONS

     -n   Show what would be  done,  but  don't  actually  delete
          entries.  Useful for debugging in conjunction with -v.

     -v   Use verbose mode,  with  many  diagnostics  written  to
          standard output.

     -k   Use  Kerberos  IV  authentication  instead  of   simple
          authentication.   It is assumed that you already have a
          valid ticket granting  ticket.  This  option  only  has
          effect if ldapdelete is compiled with Kerberos support.

     -K   Same as -k, but only does step 1  of  the  Kerberos  IV
          bind.   This  is  useful when connecting to a slapd and
          there is no x500dsa.hostname principal registered  with
          your Kerberos Domain Controller(s).

     -c   Continuous operation mode.  Errors  are  reported,  but
          ldapdelete   will   continue   with   deletions.    The
          default is to exit after reporting an error.

     -M[M]
          Enable manage DSA IT control.  -MM makes control criti-
          cal.

     -d debuglevel
          Set the LDAP debugging level to debuglevel.  ldapdelete
          must  be  compiled  with  LDAP_DEBUG  defined  for this
          option to have any effect.

OpenLDAP LDVERSION  Last change: RELEASEDATE                    1

LDAPDELETE(1)            USER COMMANDS              LDAPDELETE(1)

     -f file
          Read a series of DNs from file, one per line,  perform-
          ing an LDAP delete for each.

     -x   Use simple authentication instead of SASL.

     -D binddn
          Use the Distinguished Name binddn to bind to  the  LDAP
          directory.

     -W   Prompt for simple authentication.  This is used instead
          of specifying the password on the command line.

     -w passwd
          Use passwd as the password for simple authentication.

     -y passwdfile
          Use complete contents of passwdfile as the password for
          simple authentication.

     -H ldapuri
          Specify URI(s) referring to the ldap server(s).

     -h ldaphost
          Specify an alternate host on which the ldap  server  is
          running.  Deprecated in favor of -H.

     -p ldapport
          Specify an alternate TCP port where the ldap server  is
          listening.  Deprecated in favor of -H.

     -P 2|3
          Specify the LDAP protocol version to use.

     -r   Do a recursive delete.  If the  DN  specified  isn't  a
          leaf,  its children, and all their children are deleted
          down the tree.  No verification is done, so if you  add
          this  switch, ldapdelete will happily delete large por-
          tions of your tree.  Use with care.

     -O security-properties
          Specify SASL security properties.

     -I   Enable SASL Interactive mode.  Always prompt.   Default
          is to prompt only as needed.

     -Q   Enable SASL Quiet mode.  Never prompt.

     -U authcid
          Specify the authentication ID for SASL bind.  The  form
          of  the  identity  depends on the actual SASL mechanism
          used.

OpenLDAP LDVERSION  Last change: RELEASEDATE                    2

LDAPDELETE(1)            USER COMMANDS              LDAPDELETE(1)

     -R realm
          Specify the realm of authentication ID for  SASL  bind.
          The  form  of  the  realm  depends  on  the actual SASL
          mechanism used.

     -X authzid
          Specify the requested authorization ID for  SASL  bind.
          authzid   must   be   one  of  the  following  formats:
          dn:<distinguished name> or u:<username>

     -Y mech
          Specify the SASL mechanism to be used  for  authentica-
          tion.  If  it's  not specified, the program will choose
          the best mechanism the server knows.

     -Z[Z]
          Issue  StartTLS  (Transport  Layer  Security)  extended
          operation. If you use -ZZ, the command will require the
          operation to be successful.


EXAMPLE

     The following command:

         ldapdelete "cn=Delete Me,dc=example,dc=com"

     will  attempt  to  delete   the   entry   named   "cn=Delete
     Me,dc=example,dc=com".   Of  course  it  would  probably  be
     necessary to supply authentication credentials.


DIAGNOSTICS

     Exit status is 0 if no errors occur.   Errors  result  in  a
     non-zero  exit status and a diagnostic message being written
     to standard error.


SEE ALSO

     ldap.conf(5),  ldapadd(1),   ldapmodify(1),   ldapmodrdn(1),
     ldapsearch(1), ldap(3), ldap_delete(3)


AUTHOR

     The OpenLDAP Project <http://www.openldap.org/>


ACKNOWLEDGEMENTS

     OpenLDAP is developed and maintained by The OpenLDAP Project
     (http://www.openldap.org/).    OpenLDAP   is   derived  from
     University of Michigan LDAP 3.3 Release.

OpenLDAP LDVERSION  Last change: RELEASEDATE                    3


Man(1) output converted with man2html