1.lf 1 stdin
2.TH LDAPDELETE 1 "2020/04/28" "OpenLDAP 2.4.50"
3.\" $OpenLDAP$
4.\" Copyright 1998-2020 The OpenLDAP Foundation All Rights Reserved.
5.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
6.SH NAME
7ldapdelete \- LDAP delete entry tool
8.SH SYNOPSIS
9.B ldapdelete
10[\c
11.BR \-V [ V ]]
12[\c
13.BI \-d \ debuglevel\fR]
14[\c
15.BR \-n ]
16[\c
17.BR \-v ]
18[\c
19.BR \-c ]
20[\c
21.BI \-f \ file\fR]
22[\c
23.BR \-r ]
24[\c
25.BI \-z \ sizelimit\fR]
26[\c
27.BR \-M [ M ]]
28[\c
29.BR \-x ]
30[\c
31.BI \-D \ binddn\fR]
32[\c
33.BR \-W ]
34[\c
35.BI \-w \ passwd\fR]
36[\c
37.BI \-y \ passwdfile\fR]
38[\c
39.BI \-H \ ldapuri\fR]
40[\c
41.BI \-h \ ldaphost\fR]
42[\c
43.BI \-p \ ldapport\fR]
44[\c
45.BR \-P \ { 2 \||\| 3 }]
46[\c
47.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
48[\c
49.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
50[\c
51.BI \-o \ opt \fR[= optparam \fR]]
52[\c
53.BI \-O \ security-properties\fR]
54[\c
55.BR \-I ]
56[\c
57.BR \-Q ]
58[\c
59.BR \-N ]
60[\c
61.BI \-U \ authcid\fR]
62[\c
63.BI \-R \ realm\fR]
64[\c
65.BI \-X \ authzid\fR]
66[\c
67.BI \-Y \ mech\fR]
68[\c
69.BR \-Z [ Z ]]
70[\c
71.IR DN \ [ ... ]]
72.SH DESCRIPTION
73.I ldapdelete
74is a shell-accessible interface to the
75.BR ldap_delete_ext (3)
76library call.
77.LP
78.B ldapdelete
79opens a connection to an LDAP server, binds, and deletes one or more
80entries.  If one or more \fIDN\fP arguments are provided, entries with
81those Distinguished Names are deleted.  Each \fIDN\fP should be provided
82using the LDAPv3 string representation as defined in RFC 4514.
83If no \fIDN\fP arguments
84are provided, a list of DNs is read from standard input (or from
85\fIfile\fP if the \fB\-f\fP flag is used).
86.SH OPTIONS
87.TP
88.BR \-V [ V ]
89Print version info.
90If \fB\-VV\fP is given, only the version information is printed.
91.TP
92.BI \-d \ debuglevel
93Set the LDAP debugging level to \fIdebuglevel\fP.
94.B ldapdelete
95must be compiled with LDAP_DEBUG defined for this option to have any effect.
96.TP
97.B \-n
98Show what would be done, but don't actually delete entries.  Useful for
99debugging in conjunction with \fB\-v\fP.
100.TP
101.B \-v
102Use verbose mode, with many diagnostics written to standard output.
103.TP
104.B \-c
105Continuous operation mode.  Errors  are  reported,  but
106.B ldapdelete
107will  continue  with  deletions.   The default is to exit after
108reporting an error.
109.TP
110.BI \-f \ file
111Read a series of DNs from \fIfile\fP, one per line, performing an
112LDAP delete for each.
113.TP
114.B \-r
115Do a recursive delete.  If the DN specified isn't a leaf, its
116children, and all their children are deleted down the tree.  No
117verification is done, so if you add this switch, ldapdelete will
118happily delete large portions of your tree.  Use with care.
119.TP
120.BI \-z \ sizelimit
121Use \fIsizelimit\fP when searching for children DN to delete,
122to circumvent any server-side size limit.  Only useful in conjunction
123with \fB\-r\fP.
124.TP
125.BR \-M [ M ]
126Enable manage DSA IT control.
127.B \-MM
128makes control critical.
129.TP
130.B \-x 
131Use simple authentication instead of SASL.
132.TP
133.BI \-D \ binddn
134Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
135For SASL binds, the server is expected to ignore this value.
136.TP
137.B \-W
138Prompt for simple authentication.
139This is used instead of specifying the password on the command line.
140.TP
141.BI \-w \ passwd
142Use \fIpasswd\fP as the password for simple authentication.
143.TP
144.BI \-y \ passwdfile
145Use complete contents of \fIpasswdfile\fP as the password for
146simple authentication.
147.TP
148.BI \-H \ ldapuri
149Specify URI(s) referring to the ldap server(s); only the protocol/host/port
150fields are allowed; a list of URI, separated by whitespace or commas
151is expected.
152.TP
153.BI \-h \ ldaphost
154Specify an alternate host on which the ldap server is running.
155Deprecated in favor of \fB\-H\fP.
156.TP
157.BI \-p \ ldapport
158Specify an alternate TCP port where the ldap server is listening.
159Deprecated in favor of \fB\-H\fP.
160.TP
161.BR \-P \ { 2 \||\| 3 }
162Specify the LDAP protocol version to use.
163.TP
164.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
165.TP
166.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
167
168Specify general extensions with \fB\-e\fP and delete extensions with \fB\-E\fP.
169\'\fB!\fP\' indicates criticality.
170
171General extensions:
172.nf
173  [!]assert=<filter>    (an RFC 4515 Filter)
174  !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
175  [!]bauthzid           (RFC 3829 authzid control)
176  [!]chaining[=<resolve>[/<cont>]]
177  [!]manageDSAit
178  [!]noop
179  ppolicy
180  [!]postread[=<attrs>] (a comma-separated attribute list)
181  [!]preread[=<attrs>]  (a comma-separated attribute list)
182  [!]relax
183  sessiontracking
184  abandon,cancel,ignore (SIGINT sends abandon/cancel,
185  or ignores response; if critical, doesn't wait for SIGINT.
186  not really controls)
187.fi
188
189Delete extensions:
190.nf
191  (none)
192.fi
193.TP
194.BI \-o \ opt \fR[= optparam \fR]
195
196Specify general options.
197
198General options:
199.nf
200  nettimeout=<timeout>  (in seconds, or "none" or "max")
201  ldif-wrap=<width>     (in columns, or "no" for no wrapping)
202.fi
203.TP
204.BI \-O \ security-properties
205Specify SASL security properties.
206.TP
207.B \-I
208Enable SASL Interactive mode.  Always prompt.  Default is to prompt
209only as needed.
210.TP
211.B \-Q
212Enable SASL Quiet mode.  Never prompt.
213.TP
214.B \-N
215Do not use reverse DNS to canonicalize SASL host name.
216.TP
217.BI \-U \ authcid
218Specify the authentication ID for SASL bind. The form of the identity depends on the
219actual SASL mechanism used.
220.TP
221.BI \-R \ realm
222Specify the realm of authentication ID for SASL bind. The form of the realm
223depends on the actual SASL mechanism used.
224.TP
225.BI \-X \ authzid
226Specify the requested authorization ID for SASL bind.
227.I authzid
228must be one of the following formats:
229.BI dn: "<distinguished name>"
230or
231.BI u: <username>
232.TP
233.BI \-Y \ mech
234Specify the SASL mechanism to be used for authentication. If it's not
235specified, the program will choose the best mechanism the server knows.
236.TP
237.BR \-Z [ Z ]
238Issue StartTLS (Transport Layer Security) extended operation. If you use
239\fB\-ZZ\fP, the command will require the operation to be successful.
240.SH EXAMPLE
241The following command:
242.LP
243.nf
244    ldapdelete "cn=Delete Me,dc=example,dc=com"
245.fi
246.LP
247will attempt to delete the entry named "cn=Delete Me,dc=example,dc=com".
248Of course it would probably be necessary to supply authentication
249credentials.
250.SH DIAGNOSTICS
251Exit status is 0 if no errors occur.  Errors result in a non-zero exit
252status and a diagnostic message being written to standard error.
253.SH "SEE ALSO"
254.BR ldap.conf (5),
255.BR ldapadd (1),
256.BR ldapmodify (1),
257.BR ldapmodrdn (1),
258.BR ldapsearch (1),
259.BR ldap (3),
260.BR ldap_delete_ext (3)
261.SH AUTHOR
262The OpenLDAP Project <http://www.openldap.org/>
263.SH ACKNOWLEDGEMENTS
264.lf 1 ./../Project
265.\" Shared Project Acknowledgement Text
266.B "OpenLDAP Software"
267is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
268.B "OpenLDAP Software"
269is derived from the University of Michigan LDAP 3.3 Release.  
270.lf 264 stdin
271