1.lf 1 stdin 2.TH LDAPDELETE 1 "2020/04/28" "OpenLDAP 2.4.50" 3.\" $OpenLDAP$ 4.\" Copyright 1998-2020 The OpenLDAP Foundation All Rights Reserved. 5.\" Copying restrictions apply. See COPYRIGHT/LICENSE. 6.SH NAME 7ldapdelete \- LDAP delete entry tool 8.SH SYNOPSIS 9.B ldapdelete 10[\c 11.BR \-V [ V ]] 12[\c 13.BI \-d \ debuglevel\fR] 14[\c 15.BR \-n ] 16[\c 17.BR \-v ] 18[\c 19.BR \-c ] 20[\c 21.BI \-f \ file\fR] 22[\c 23.BR \-r ] 24[\c 25.BI \-z \ sizelimit\fR] 26[\c 27.BR \-M [ M ]] 28[\c 29.BR \-x ] 30[\c 31.BI \-D \ binddn\fR] 32[\c 33.BR \-W ] 34[\c 35.BI \-w \ passwd\fR] 36[\c 37.BI \-y \ passwdfile\fR] 38[\c 39.BI \-H \ ldapuri\fR] 40[\c 41.BI \-h \ ldaphost\fR] 42[\c 43.BI \-p \ ldapport\fR] 44[\c 45.BR \-P \ { 2 \||\| 3 }] 46[\c 47.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] 48[\c 49.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] 50[\c 51.BI \-o \ opt \fR[= optparam \fR]] 52[\c 53.BI \-O \ security-properties\fR] 54[\c 55.BR \-I ] 56[\c 57.BR \-Q ] 58[\c 59.BR \-N ] 60[\c 61.BI \-U \ authcid\fR] 62[\c 63.BI \-R \ realm\fR] 64[\c 65.BI \-X \ authzid\fR] 66[\c 67.BI \-Y \ mech\fR] 68[\c 69.BR \-Z [ Z ]] 70[\c 71.IR DN \ [ ... ]] 72.SH DESCRIPTION 73.I ldapdelete 74is a shell-accessible interface to the 75.BR ldap_delete_ext (3) 76library call. 77.LP 78.B ldapdelete 79opens a connection to an LDAP server, binds, and deletes one or more 80entries. If one or more \fIDN\fP arguments are provided, entries with 81those Distinguished Names are deleted. Each \fIDN\fP should be provided 82using the LDAPv3 string representation as defined in RFC 4514. 83If no \fIDN\fP arguments 84are provided, a list of DNs is read from standard input (or from 85\fIfile\fP if the \fB\-f\fP flag is used). 86.SH OPTIONS 87.TP 88.BR \-V [ V ] 89Print version info. 90If \fB\-VV\fP is given, only the version information is printed. 91.TP 92.BI \-d \ debuglevel 93Set the LDAP debugging level to \fIdebuglevel\fP. 94.B ldapdelete 95must be compiled with LDAP_DEBUG defined for this option to have any effect. 96.TP 97.B \-n 98Show what would be done, but don't actually delete entries. Useful for 99debugging in conjunction with \fB\-v\fP. 100.TP 101.B \-v 102Use verbose mode, with many diagnostics written to standard output. 103.TP 104.B \-c 105Continuous operation mode. Errors are reported, but 106.B ldapdelete 107will continue with deletions. The default is to exit after 108reporting an error. 109.TP 110.BI \-f \ file 111Read a series of DNs from \fIfile\fP, one per line, performing an 112LDAP delete for each. 113.TP 114.B \-r 115Do a recursive delete. If the DN specified isn't a leaf, its 116children, and all their children are deleted down the tree. No 117verification is done, so if you add this switch, ldapdelete will 118happily delete large portions of your tree. Use with care. 119.TP 120.BI \-z \ sizelimit 121Use \fIsizelimit\fP when searching for children DN to delete, 122to circumvent any server-side size limit. Only useful in conjunction 123with \fB\-r\fP. 124.TP 125.BR \-M [ M ] 126Enable manage DSA IT control. 127.B \-MM 128makes control critical. 129.TP 130.B \-x 131Use simple authentication instead of SASL. 132.TP 133.BI \-D \ binddn 134Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory. 135For SASL binds, the server is expected to ignore this value. 136.TP 137.B \-W 138Prompt for simple authentication. 139This is used instead of specifying the password on the command line. 140.TP 141.BI \-w \ passwd 142Use \fIpasswd\fP as the password for simple authentication. 143.TP 144.BI \-y \ passwdfile 145Use complete contents of \fIpasswdfile\fP as the password for 146simple authentication. 147.TP 148.BI \-H \ ldapuri 149Specify URI(s) referring to the ldap server(s); only the protocol/host/port 150fields are allowed; a list of URI, separated by whitespace or commas 151is expected. 152.TP 153.BI \-h \ ldaphost 154Specify an alternate host on which the ldap server is running. 155Deprecated in favor of \fB\-H\fP. 156.TP 157.BI \-p \ ldapport 158Specify an alternate TCP port where the ldap server is listening. 159Deprecated in favor of \fB\-H\fP. 160.TP 161.BR \-P \ { 2 \||\| 3 } 162Specify the LDAP protocol version to use. 163.TP 164.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ] 165.TP 166.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ] 167 168Specify general extensions with \fB\-e\fP and delete extensions with \fB\-E\fP. 169\'\fB!\fP\' indicates criticality. 170 171General extensions: 172.nf 173 [!]assert=<filter> (an RFC 4515 Filter) 174 !authzid=<authzid> ("dn:<dn>" or "u:<user>") 175 [!]bauthzid (RFC 3829 authzid control) 176 [!]chaining[=<resolve>[/<cont>]] 177 [!]manageDSAit 178 [!]noop 179 ppolicy 180 [!]postread[=<attrs>] (a comma-separated attribute list) 181 [!]preread[=<attrs>] (a comma-separated attribute list) 182 [!]relax 183 sessiontracking 184 abandon,cancel,ignore (SIGINT sends abandon/cancel, 185 or ignores response; if critical, doesn't wait for SIGINT. 186 not really controls) 187.fi 188 189Delete extensions: 190.nf 191 (none) 192.fi 193.TP 194.BI \-o \ opt \fR[= optparam \fR] 195 196Specify general options. 197 198General options: 199.nf 200 nettimeout=<timeout> (in seconds, or "none" or "max") 201 ldif-wrap=<width> (in columns, or "no" for no wrapping) 202.fi 203.TP 204.BI \-O \ security-properties 205Specify SASL security properties. 206.TP 207.B \-I 208Enable SASL Interactive mode. Always prompt. Default is to prompt 209only as needed. 210.TP 211.B \-Q 212Enable SASL Quiet mode. Never prompt. 213.TP 214.B \-N 215Do not use reverse DNS to canonicalize SASL host name. 216.TP 217.BI \-U \ authcid 218Specify the authentication ID for SASL bind. The form of the identity depends on the 219actual SASL mechanism used. 220.TP 221.BI \-R \ realm 222Specify the realm of authentication ID for SASL bind. The form of the realm 223depends on the actual SASL mechanism used. 224.TP 225.BI \-X \ authzid 226Specify the requested authorization ID for SASL bind. 227.I authzid 228must be one of the following formats: 229.BI dn: "<distinguished name>" 230or 231.BI u: <username> 232.TP 233.BI \-Y \ mech 234Specify the SASL mechanism to be used for authentication. If it's not 235specified, the program will choose the best mechanism the server knows. 236.TP 237.BR \-Z [ Z ] 238Issue StartTLS (Transport Layer Security) extended operation. If you use 239\fB\-ZZ\fP, the command will require the operation to be successful. 240.SH EXAMPLE 241The following command: 242.LP 243.nf 244 ldapdelete "cn=Delete Me,dc=example,dc=com" 245.fi 246.LP 247will attempt to delete the entry named "cn=Delete Me,dc=example,dc=com". 248Of course it would probably be necessary to supply authentication 249credentials. 250.SH DIAGNOSTICS 251Exit status is 0 if no errors occur. Errors result in a non-zero exit 252status and a diagnostic message being written to standard error. 253.SH "SEE ALSO" 254.BR ldap.conf (5), 255.BR ldapadd (1), 256.BR ldapmodify (1), 257.BR ldapmodrdn (1), 258.BR ldapsearch (1), 259.BR ldap (3), 260.BR ldap_delete_ext (3) 261.SH AUTHOR 262The OpenLDAP Project <http://www.openldap.org/> 263.SH ACKNOWLEDGEMENTS 264.lf 1 ./../Project 265.\" Shared Project Acknowledgement Text 266.B "OpenLDAP Software" 267is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>. 268.B "OpenLDAP Software" 269is derived from the University of Michigan LDAP 3.3 Release. 270.lf 264 stdin 271