1LDAPDELETE(1)               General Commands Manual              LDAPDELETE(1)
2
3
4

NAME

6       ldapdelete - LDAP delete entry tool
7

SYNOPSIS

9       ldapdelete [-n] [-v] [-c] [-M[M]] [-d debuglevel] [-f file] [-D binddn]
10       [-W] [-w passwd] [-y passwdfile]  [-H ldapuri]  [-h ldaphost]  [-P 2|3]
11       [-p ldapport]  [-O security-properties]  [-U authcid]  [-R realm]  [-r]
12       [-x] [-I] [-Q] [-X authzid] [-Y mech] [-Z[Z]] [dn]...
13

DESCRIPTION

15       ldapdelete  is  a  shell-accessible  interface  to  the  ldap_delete(3)
16       library call.
17
18       ldapdelete opens a connection to an LDAP server, binds, and deletes one
19       or more entries.  If one or more DN  arguments  are  provided,  entries
20       with those Distinguished Names are deleted.  Each DN should be provided
21       using the LDAPv3 string representation as defined in RFC 2253.   If  no
22       dn  arguments  are  provided, a list of DNs is read from standard input
23       (or from file if the -f flag is used).
24

OPTIONS

26       -n     Show what would be done,  but  don't  actually  delete  entries.
27              Useful for debugging in conjunction with -v.
28
29       -v     Use verbose mode, with many diagnostics written to standard out‐
30              put.
31
32       -c     Continuous  operation  mode.   Errors    are    reported,    but
33              ldapdelete  will  continue  with  deletions.   The default is to
34              exit after reporting an error.
35
36       -M[M]  Enable manage DSA IT control.  -MM makes control critical.
37
38       -d debuglevel
39              Set the LDAP debugging level to debuglevel.  ldapdelete must  be
40              compiled  with  LDAP_DEBUG  defined  for this option to have any
41              effect.
42
43       -f file
44              Read a series of DNs from file, one per line, performing an LDAP
45              delete for each.
46
47       -x     Use simple authentication instead of SASL.
48
49       -D binddn
50              Use the Distinguished Name binddn to bind to the LDAP directory.
51
52       -W     Prompt for simple authentication.  This is used instead of spec‐
53              ifying the password on the command line.
54
55       -w passwd
56              Use passwd as the password for simple authentication.
57
58       -y passwdfile
59              Use complete contents of passwdfile as the password  for  simple
60              authentication.
61
62       -H ldapuri
63              Specify  URI(s) referring to the ldap server(s); only the proto‐
64              col/host/port fields are allowed; a list of  URI,  separated  by
65              whitespace or commas is expected.
66
67       -h ldaphost
68              Specify  an  alternate host on which the ldap server is running.
69              Deprecated in favor of -H.
70
71       -p ldapport
72              Specify an alternate TCP port where the ldap server  is  listen‐
73              ing.  Deprecated in favor of -H.
74
75       -P 2|3 Specify the LDAP protocol version to use.
76
77       -r     Do  a  recursive  delete.  If the DN specified isn't a leaf, its
78              children, and all their children are deleted down the tree.   No
79              verification is done, so if you add this switch, ldapdelete will
80              happily delete large portions of your tree.  Use with care.
81
82       -O security-properties
83              Specify SASL security properties.
84
85       -I     Enable SASL Interactive mode.  Always  prompt.   Default  is  to
86              prompt only as needed.
87
88       -Q     Enable SASL Quiet mode.  Never prompt.
89
90       -U authcid
91              Specify  the  authentication  ID  for SASL bind. The form of the
92              identity depends on the actual SASL mechanism used.
93
94       -R realm
95              Specify the realm of authentication ID for SASL bind.  The  form
96              of the realm depends on the actual SASL mechanism used.
97
98       -X authzid
99              Specify  the  requested authorization ID for SASL bind.  authzid
100              must be one of the following formats: dn:<distinguished name> or
101              u:<username>
102
103       -Y mech
104              Specify  the  SASL  mechanism  to be used for authentication. If
105              it's not specified, the program will choose the  best  mechanism
106              the server knows.
107
108       -Z[Z]  Issue StartTLS (Transport Layer Security) extended operation. If
109              you use -ZZ, the command will require the operation to  be  suc‐
110              cessful.
111

EXAMPLE

113       The following command:
114
115           ldapdelete "cn=Delete Me,dc=example,dc=com"
116
117       will   attempt   to  delete  the  entry  named  "cn=Delete  Me,dc=exam‐
118       ple,dc=com".  Of course  it  would  probably  be  necessary  to  supply
119       authentication credentials.
120

DIAGNOSTICS

122       Exit  status is 0 if no errors occur.  Errors result in a non-zero exit
123       status and a diagnostic message being written to standard error.
124

SEE ALSO

126       ldap.conf(5), ldapadd(1), ldapmodify(1), ldapmodrdn(1),  ldapsearch(1),
127       ldap(3), ldap_delete(3)
128

AUTHOR

130       The OpenLDAP Project <http://www.openldap.org/>
131

ACKNOWLEDGEMENTS

133       OpenLDAP   is   developed   and  maintained  by  The  OpenLDAP  Project
134       (http://www.openldap.org/).  OpenLDAP is  derived  from  University  of
135       Michigan LDAP 3.3 Release.
136
137
138
139OpenLDAP 2.3.34                    2007/2/16                     LDAPDELETE(1)
Impressum