Index Index for
Section 1
Index Alphabetical
listing for L
Bottom of page Bottom of
page		 

LDAPDELETE(1)


NAME

  ldapdelete - LDAP delete entry tool


SYNOPSIS

  ldapdelete [-n] [-v] [-k] [-K] [-c] [-M[M]] [-d debuglevel] [-f file]
  [-D binddn] [-W] [-w passwd] [-H ldapuri] [-h ldaphost] [-P 2|3]
  [-p ldapport] [-O security-properties] [-U authcid] [-x] [-I] [-Q]
  [-X authzid] [-Y mech] [-Z[Z]] [dn]...


DESCRIPTION

  ldapdelete is a shell-accessible interface to the ldap_delete(3) library
  call.

  ldapdelete opens a connection to an LDAP server, binds, and deletes one or
  more entries.	 If one or more DN arguments are provided, entries with those
  Distinguished Names are deleted.  Each DN should be provided using the
  LDAPv3 string representation as defined in RFC 2253.	If no dn arguments
  are provided, a list of DNs is read from standard input (or from file if
  the -f flag is used).


OPTIONS

  -n   Show what would be done, but don't actually delete entries.  Useful
       for debugging in conjunction with -v.

  -v   Use verbose mode, with many diagnostics written to standard output.

  -k   Use Kerberos IV authentication instead of simple authentication.	 It
       is assumed that you already have a valid ticket granting ticket. This
       option only has effect if ldapdelete is compiled with Kerberos
       support.

  -K   Same as -k, but only does step 1 of the Kerberos IV bind.  This is
       useful when connecting to a slapd and there is no x500dsa.hostname
       principal registered with your Kerberos Domain Controller(s).

  -c   Continuous operation mode.  Errors  are	reported,  but ldapdelete
       will  continue  with  deletions.	  The default is to exit after
       reporting an error.

  -M[M]
       Enable manage DSA IT control.  -MM makes control critical.

  -d debuglevel
       Set the LDAP debugging level to debuglevel.  ldapdelete must be
       compiled with LDAP_DEBUG defined for this option to have any effect.

  -f file
       Read a series of lines from file, performing one LDAP search for each
       line.  In this case, the filter given on the command line is treated
       as a pattern where the first occurrence of %s is replaced with a line
       from file.

  -x   Use simple authentication instead of SASL.

  -D binddn
       Use the Distinguished Name binddn to bind to the LDAP directory.

  -W   Prompt for simple authentication.  This is used instead of specifying
       the password on the command line.

  -w passwd
       Use passwd as the password for simple authentication.

  -H ldapuri
       Specify URI(s) referring to the ldap server(s).

  -h ldaphost
       Specify an alternate host on which the ldap server is running.
       Deprecated in favor of -H.

  -p ldapport
       Specify an alternate TCP port where the ldap server is listening.
       Deprecated in favor of -H.

  -P 2|3
       Specify the LDAP protocol version to use.

  -r   Do a recursive delete.  If the DN specified isn't a leaf, its
       children, and all their children are deleted down the tree.  No
       verification is done, so if you add this switch, ldapdelete will
       happily delete large portions of your tree.  Use with care.

  -O security-properties
       Specify SASL security properties.

  -I   Enable SASL Interactive mode.  Always prompt.  Default is to prompt
       only as needed.

  -Q   Enable SASL Quiet mode.	Never prompt.

  -U authcid
       Specify the authentication ID for SASL bind. The form of the identity
       depends on the actual SASL mechanism used.

  -X authzid
       Specify the requested authorization ID for SASL bind.  authzid must be
       one of the following formats: dn:<distinguished name> or u:<username>

  -Y mech
       Specify the SASL mechanism to be used for authentication. If it's not
       specified, the program will choose the best mechanism the server
       knows.

  -Z[Z]
       Issue StartTLS (Transport Layer Security) extended operation. If you
       use -ZZ, the command will require the operation to be successful.


EXAMPLE

  The following command:

      ldapdelete "cn=Delete Me, dc=example, dc=com"

  will attempt to delete the entry named with commonName "Delete Me" directly
  below the "dc=example, dc=com" entry.	 Of course it would probably be
  necessary to supply authentication credentials.


DIAGNOSTICS

  Exit status is 0 if no errors occur.	Errors result in a non-zero exit
  status and a diagnostic message being written to standard error.


SEE ALSO

  ldap.conf(5), ldapadd(1), ldapmodify(1), ldapmodrdn(1), ldapsearch(1),
  ldap(3), ldap_delete(3)


BUGS

  There is no interactive mode, but there probably should be.


AUTHOR

  The OpenLDAP Project <http://www.openldap.org/>


ACKNOWLEDGEMENTS

	OpenLDAP is developed and maintained by The OpenLDAP Project
  (http://www.openldap.org/).	     OpenLDAP is derived from University of
  Michigan LDAP 3.3 Release.

Index Index for
Section 1
Index Alphabetical
listing for L
Top of page Top of
page