1LDAPCOMPARE(1) General Commands Manual LDAPCOMPARE(1)
2
6 ldapcompare - LDAP compare tool
7
9 ldapcompare [-n] [-v] [-z] [-M[M]] [-d debuglevel] [-D binddn] [-W]
10 [-w passwd] [-y passwdfile] [-H ldapuri] [-h ldaphost] [-p ldapport]
11 [-P 2|3] [-O security-properties] [-I] [-Q] [-U authcid] [-R realm]
12 [-x] [-X authzid] [-Y mech] [-Z[Z]] DN < attr:value | attr::b64value >
13
15 ldapcompare is a shell-accessible interface to the ldap_compare(3)
16 library call.
17 ldapcompare opens a connection to an LDAP server, binds, and performs a
19 compare using specified parameters. The DN should be a distinguished
20 name in the directory. Attr should be a known attribute. If followed
21 by one colon, the assertion value should be provided as a string. If
22 followed by two colons, the base64 encoding of the value is provided.
23 The result code of the compare is provided as the exit code and, unless
24 ran with -z, the program prints TRUE, FALSE, or UNDEFINED on standard
25 output.
26
28 -n Show what would be done, but don't actually perform the compare.
29 Useful for debugging in conjunction with -v.
30 -v Run in verbose mode, with many diagnostics written to standard
32 output.
33 -z Run in quiet mode, no output is written. You must check the
35 return status. Useful in shell scripts.
36 -M[M] Enable manage DSA IT control. -MM makes control critical.
38 -d debuglevel
40 Set the LDAP debugging level to debuglevel. ldapcompare must be
41 compiled with LDAP_DEBUG defined for this option to have any
42 effect.
43 -x Use simple authentication instead of SASL.
45 -D binddn
47 Use the Distinguished Name binddn to bind to the LDAP directory.
48 -W Prompt for simple authentication. This is used instead of spec‐
50 ifying the password on the command line.
51 -w passwd
53 Use passwd as the password for simple authentication.
54 -y passwdfile
56 Use complete contents of passwdfile as the password for simple
57 authentication.
58 -H ldapuri
60 Specify URI(s) referring to the ldap server(s); only the proto‐
61 col/host/port fields are allowed; a list of URI, separated by
62 whitespace or commas is expected.
63 -h ldaphost
65 Specify an alternate host on which the ldap server is running.
66 Deprecated in favor of -H.
67 -p ldapport
69 Specify an alternate TCP port where the ldap server is listen‐
70 ing. Deprecated in favor of -H.
71 -P 2|3 Specify the LDAP protocol version to use.
73 -O security-properties
75 Specify SASL security properties.
76 -I Enable SASL Interactive mode. Always prompt. Default is to
78 prompt only as needed.
79 -Q Enable SASL Quiet mode. Never prompt.
81 -U authcid
83 Specify the authentication ID for SASL bind. The form of the ID
84 depends on the actual SASL mechanism used.
85 -R realm
87 Specify the realm of authentication ID for SASL bind. The form
88 of the realm depends on the actual SASL mechanism used.
89 -X authzid
91 Specify the requested authorization ID for SASL bind. authzid
92 must be one of the following formats: dn:<distinguished name> or
93 u:<username>
94 -Y mech
96 Specify the SASL mechanism to be used for authentication. If
97 it's not specified, the program will choose the best mechanism
98 the server knows.
99 -Z[Z] Issue StartTLS (Transport Layer Security) extended operation. If
101 you use -ZZ, the command will require the operation to be suc‐
102 cessful.
103
105 ldapcompare "uid=babs,dc=example,dc=com" sn:Jensen
106 ldapcompare "uid=babs,dc=example,dc=com" sn::SmVuc2Vu
107 are all equivalent.
108
110 Requiring the value be passed on the command line is limiting and
111 introduces some security concerns. The command should support a mecha‐
112 nism to specify the location (file name or URL) to read the value from.
113
115 ldap.conf(5), ldif(5), ldap(3), ldap_compare(3)
116
118 The OpenLDAP Project <http://www.openldap.org/>
119
121 OpenLDAP is developed and maintained by The OpenLDAP Project
122 (http://www.openldap.org/). OpenLDAP is derived from University of
123 Michigan LDAP 3.3 Release.
124OpenLDAP 2.3.34 2007/2/16 LDAPCOMPARE(1)