1LDAPEXOP(1) General Commands Manual LDAPEXOP(1)
3
7 ldapexop - issue LDAP extended operations
8
11 ldapexop [-d level] [-D binddn] [-e [!]ext[=extparam]] [-f file]
12 [-h host] [-H URI] [-I] [-n] [-N] [-O security-properties]
13 [-o opt[=optparam]] [-p port] [-Q] [-R realm] [-U authcid] [-v] [-V]
14 [-w passwd] [-W] [-x] [-X authzid] [-y file] [-Y mech] [-Z[Z]] {oid |
15 oid:data | oid::b64data | whoami | cancel cancel-id | refresh DN [ttl]}
16
19 ldapexop issues the LDAP extended operation specified by oid or one of
20 the special keywords whoami, cancel, or refresh.
21 Additional data for the extended operation can be passed to the server
23 using data or base-64 encoded as b64data in the case of oid, or using
24 the additional parameters in the case of the specially named extended
25 operations above.
26 Please note that ldapexop behaves differently for the same extended
28 operation when it was given as an OID or as a specialliy named opera‐
29 tion:
30 Calling ldapexop with the OID of the whoami (RFC 4532) extended opera‐
32 tion
33 ldapexop [<options>] 1.3.6.1.4.1.4203.1.11.3
35 yields
37 # extended operation response
39 data:: <base64 encoded response data>
40 while calling it with the keyword whoami
42 ldapexop [<options>] whoami
44 results in
46 dn:<client's identity>
48
53 -d level
54 Set the LDAP debugging level to level.
55 -D binddn
57 Use the Distinguished Name binddn to bind to the LDAP directory.
58 -e [!]ext[=extparam]
60 Specify general extensions. ´!´ indicates criticality.
61 [!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
62 [!]authzid=<authzid> (RFC 4370; "dn:<dn>" or "u:<user>")
63 [!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
64 one of "chainingPreferred", "chainingRequired",
65 "referralsPreferred", "referralsRequired"
66 [!]manageDSAit (RFC 3296)
67 [!]noop
68 ppolicy
69 [!]postread[=<attrs>] (RFC 4527; comma-separated attr list)
70 [!]preread[=<attrs>] (RFC 4527; comma-separated attr list)
71 [!]relax
72 abandon, cancel, ignore (SIGINT sends abandon/cancel,
73 or ignores response; if critical, doesn't wait for SIGINT.
74 not really controls)
75 -f file
77 Read operations from file.
78 -h host
80 Specify the host on which the ldap server is running. Depre‐
81 cated in favor of -H.
82 -H URI Specify URI(s) referring to the ldap server(s); only the proto‐
84 col/host/port fields are allowed; a list of URI, separated by
85 whitespace or commas is expected.
86 -I Enable SASL Interactive mode. Always prompt. Default is to
88 prompt only as needed.
89 -n Show what would be done but don't actually do it. Useful for
91 debugging in conjunction with -v.
92 -N Do not use reverse DNS to canonicalize SASL host name.
94 -O security-properties
96 Specify SASL security properties.
97 -o opt[=optparam]
99 Specify general options:
100 nettimeout=<timeout> (in seconds, or "none" or "max")
101 -p port
103 Specify the TCP port where the ldap server is listening. Depre‐
104 cated in favor of -H.
105 -Q Enable SASL Quiet mode. Never prompt.
107 -R realm
109 Specify the realm of authentication ID for SASL bind. The form
110 of the realm depends on the actual SASL mechanism used.
111 -U authcid
113 Specify the authentication ID for SASL bind. The form of the ID
114 depends on the actual SASL mechanism used.
115 -v Run in verbose mode, with many diagnostics written to standard
117 output.
118 -V Print version info and usage message. If-VV is given, only the
120 version information is printed.
121 -w passwd
123 Use passwd as the password for simple authentication.
124 -W Prompt for simple authentication. This is used instead of spec‐
126 ifying the password on the command line.
127 -x Use simple authentication instead of SASL.
129 -X authzid
131 Specify the requested authorization ID for SASL bind. authzid
132 must be one of the following formats: dn:<distinguished name> or
133 u:<username>
134 -y file
136 Use complete contents of file as the password for simple authen‐
137 tication.
138 -Y mech
140 Specify the SASL mechanism to be used for authentication. With‐
141 out this option, the program will choose the best mechanism the
142 server knows.
143 -Z[Z] Issue StartTLS (Transport Layer Security) extended operation.
145 Giving it twice (-ZZ) will require the operation to be success‐
146 ful.
147
150 Exit status is zero if no errors occur. Errors result in a non-zero
151 exit status and a diagnostic message being written to standard error.
152
155 ldap_extended_operation_s(3)
156
159 This manual page was written by Peter Marschall based on ldapexop's
160 usage message and a few tests with ldapexop. Do not expect it to be
161 complete or absolutely correct.
162
165 OpenLDAP Software is developed and maintained by The OpenLDAP Project
166 <http://www.openldap.org/>. OpenLDAP Software is derived from Univer‐
167 sity of Michigan LDAP 3.3 Release.
168 LDAPEXOP(1)