1ldapdelete(1) User Commands ldapdelete(1)
2
6 ldapdelete - ldap delete entry tool
7
9 ldapdelete [-n] [-v] [-c] [-d debuglevel] [-f file]
10 [-D bindDN] [-w passwd | -j file] [-J [:criticality]]
11 [-?] [-H] [-h ldaphost] [-V version] [-i locale]
12 [-k path] [-P path] [-N certificate] [-y proxyid]
13 [-p ldapport] [-O hoplimit] [-o attributename=value]
14 [-W password] [dn]...
15
18 The ldapdelete utility opens a connection to an LDAP server, then binds
19 and deletes one or more entries. If one or more dn arguments are pro‐
20 vided, entries with those distinguished names are deleted. If no dn
21 arguments are provided, a list of DNs is read from file, if the -f
22 option is specified, or from standard input.
23
25 The following options are supported:
26 -a
28 Bypass confirmation question when deleting a branch.
30 -c
33 Continuous operation mode. Errors are reported, but ldapdelete will
35 continue with deletions. The default is to exit after reporting an
36 error.
37 -d debuglevel
40 Sets the LDAP debugging level. Useful levels of debugging for
42 ldapdelete are:
43 1 Trace
45 2 Packets
48 4 Arguments
51 32 Filters
54 128 Access control
57 To request more than one category of debugging information, add the
59 masks. For example, to request trace and filter information, spec‐
60 ify a debuglevel of 33.
61 -D bindDN
64 Uses the distinguished name bindDN to bind to the directory.
66 -E
69 Ask server to expose (report) bind identity by means of authentica‐
71 tion response control.
72 -f file
75 Reads the entry deletion information from file instead of from
77 standard input.
78 -?
81 Display the usage help text that briefly describes all options.
83 -H
86 Display the usage help text that briefly describes all options.
88 -h ldaphost
91 Specifies an alternate host on which the LDAP server is running.
93 -i locale
96 Specify the character set to use for command-line input. The
98 default is the character set specified in the LANG environment
99 variable. You might want to use this option to perform the conver‐
100 sion from the specified character set to UTF8, thus overriding the
101 LANG setting.
102 Using this argument, you can input the bind DN and the target DNs
104 in the specified character set. The ldapdelete tool converts the
105 input from these arguments before it processes the search request.
106 For example, -i no indicates that the bind DN and target DNs are
107 provided in Norwegian.
108 This option affects only the command-line input. That is, if you
110 specify a file containing DNs (with the -f option), ldapdelete will
111 not convert the data in the file.
112 -j filename
115 Specify a file containing the password for the bind DN or the pass‐
117 word for the SSL client's key database. To protect the password,
118 use this option in scripts and place the password in a secure file.
119 This option is mutually exclusive of the -w and -W options. The -j
120 option is the more secure alternative between -j and -w/-W.
121 -J [:criticality[:value|::b64value|b64value|:fileurl]]
124 Criticality is a boolean value (default is false).
126 -k path
129 Specify the path to a directory containing conversion routines.
131 These routines are used if you want to specify a locale that is not
132 supported by default by your directory server. This is for NLS sup‐
133 port.
134 -M
137 Manage smart referrals. When they are the target of the operation,
139 delete the actual entry containing the referral instead of the
140 entry obtained by following the referral.
141 -n
144 Shows what would be done, but does not actually delete entries.
146 Useful in conjunction with options -v and -d for debugging.
147 -N certificate
150 Specify the certificate name to use for certificate-based client
152 authentication. For example: -N "Directory-Cert".
153 -o attributename=value
156 For SASL mechanisms and other options such as security properties,
158 mode of operation, authorization ID, authentication ID, and so
159 forth.
160 The different attribute names and their values are as follows:
162 secProp="number" For defining SASL security properties.
164 realm="value" Specifies SASL realm (default is realm=none).
167 authzid="value" Specify the authorization ID name for SASL
170 bind.
171 authid="value" Specify the authentication ID for SASL bind.
174 mech="value" Specifies the various SASL mechanisms.
177 -O hopLimit
181 Specify the maximum number of referral hops to follow while finding
183 an entry to delete. By default, there is no limit.
184 -p ldapport
187 Specifies an alternate TCP port where the LDAP server is listening.
189 -P path
192 Specify the path and filename of the client's certificate database.
194 For example:
195 -P /home/uid/.netscape/cert7.db
197 When using the command on the same host as the directory server,
199 you can use the server's own certificate database. For example:
200 -P installDir/lapd-serverID/alias/cert7.db
202 Use the -P option alone to specify server authentication only.
204 -v
207 Uses verbose mode, with diagnostics written to standard output.
209 -V version
212 Specify the LDAP protocol version number to be used for the delete
214 operation, either 2 or 3. LDAP v3 is the default. Specify LDAP v2
215 when connecting to servers that do not support v3.
216 -W password
219 Specify the password for the client's key database given in the -P
221 option. This option is required for certificate-based client
222 authentication. Specifying password on the command line has secu‐
223 rity issues because the password can be seen by others on the sys‐
224 tem by means of the ps command. Use the -j instead to specify the
225 password from the file. This option is mutually exclusive of -j.
226 -w passwd
229 Use passwd as the password for authentication to the directory.
231 When you use -w passwd to specify the password to be used for
232 authentication, the password is visible to other users of the sys‐
233 tem by means of the ps command, in script files or in shell his‐
234 tory. If you use the ldapdelete command without this option, the
235 command will prompt for the password and read it from standard in.
236 When used without the -w option, the password will not be visible
237 to other users.
238 -Y proxyid
241 Specify the proxy DN (proxied authorization id) to use for the
243 delete operation, usually in double quotes ("") for the shell.
244 -Z
247 Specify that SSL be used to provide certificate-based client
249 authentication. This option requires the -N and SSL password and
250 any other of the SSL options needed to identify the certificate and
251 the key database.
252
255 The following operand is supported:
256 dn Specifies one or several distinguished names of entries to
258 delete.
259
262 Example 1 Deleting an Entry
263 To delete the entry named with commonName Delete Me directly below the
266 XYZ Corporation organizational entry, use the following command:
267 example% ldapdelete -D "cn=Administrator, o=XYZ, c=US" \
270 "cn=Delete Me, o=XYZ, c=US"
271 Example 2 Deleting an Entry Using SASL Authentication
275 To delete the entry named with commonName "Delete Me" directly below
278 the XYZ Corporation organizational entry, use the following command:
279 example% ldapdelete -o mech=DIGEST-MD5 -o secProp=noanonymous \
282 -o realm=none -o authid="dn:uid=foo,o=XYZ, c=US" \
283 "cn=Delete Me, o=XYZ, c=US"
284
288 See attributes(5) for a description of the following attributes:
289 ┌─────────────────────────────┬─────────────────────────────┐
294 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
295 ├─────────────────────────────┼─────────────────────────────┤
296 │Availability │SUNWcsu │
297 │Stability Level │Evolving │
298 └─────────────────────────────┴─────────────────────────────┘
299
301 The following exit values are returned:
302 0 Successful completion.
304 Non-zero An error occurred. A diagnostic message is written to
307 standard error.
308
311 ldapadd(1), ldapmodify(1), ldapmodrdn(1), ldapsearch(1),
312 ldap_get_option(3LDAP), ldap_set_option(3LDAP), attributes(5)
313
315 The -M authentication option is obsolete.
316SunOS 5.11 15 Jan 2004 ldapdelete(1)