ldapdelete(1ldap)


ldapdelete -- LDAP delete entry tool

Synopsis

ldapdelete [-c] [-d debuglevel] [-f file] [-D binddn] [-w passwd] [-W] [-h ldaphost] [-p ldapport] [dn]...

Description

ldapdelete is a shell-accessible interface to the ldap_delete(3ldap) library function.

It opens a connection to an LDAP server, binds, and deletes one or more entries. If one or more dn arguments are provided, entries with those Distinguished Names are deleted. Each dn should be a string-represented DN as defined in RFC 1779. If no dn arguments are provided, a list of DNs is read from standard input (or from file if the -f option is used).

Options

-c
Continuous operation mode. Errors are reported, but ldapdelete will continue with deletions. The default is to exit after reporting an error.

-d debuglevel
Set the LDAP debugging level to debuglevel. See the loglevel option in slapd.conf(4ldap).

-f file
Read a series of Distinguished Names (one per line) from file, deleting each entry in turn.

-D binddn
Specify the Distinguished Name to be used in binding to the directory.

binddn should be a string-represented DN, as defined in RFC 1779 or its successor.

If a -D binddn option is not supplied, the command will take the binddn value from the LDAP_BINDDN_CHANGE environmental variable, if set. If LDAP_BINDDN_CHANGE specifies a null string, it is assumed that an anonymous bind is required.

If a -D option is not supplied, and LDAP_BINDDN_CHANGE is not used to specify the bind DN, the configuration file /etc/ldap/ldap_defaults will be examined for a default value to be used. If no default is supplied, a value of "" will be assumed.

-w passwd
Use passwd as the password for simple authentication.

-W
Read the password from the terminal. This is an alternative to supplying a password via the -w passwd option.

The password is prompted for in a non-echoing input mode. If ldapdelete has no controlling terminal, the password will be read from standard input.

-h ldaphost
Specify the LDAP server to connect to.

The server can be specified either as a hostname or as a dotted string giving an IP address.

A server port may be specified along with the server name or addresse by using the notation servername:portnumber or serverIPaddr:portnumber. If a port number is not explicitly specified for the particular server, a default port (as described for the -p option) is used.

If a null string is supplied, the local host is assumed. See the -p option for how the local port is selected.

If no -h option is supplied, the command will take the ldaphost value from the LDAP_HOST environmental variable, if this is present.

If no -h option is supplied, and LDAP_HOST is not set, then the configuration file /etc/ldap/ldap_defaults will be examined for a default value to be used.

If no default is supplied, a value of "", implying the local host, will be assumed.

-p ldapport
Specify the TCP port number to connect to (using the notation server:portnumber), if not specified via the -h option.

If no port number is explicitly supplied, the default LDAP port, 389, is assumed.

Exit codes

Exit status is 0 if no errors occur. Errors result in a non-zero exit status and a diagnostic message being written to standard error.

Examples

The following command attempts to delete the entry named with commonName ``Delete Me'' directly below the University of Michigan organizational entry:

ldapdelete "cn=Delete Me, o=University of Michigan, c=US"

It is usually necessary to supply a binddn and passwd for deletion to be allowed (see the -D and -w or -W options).

References

Intro(3ldap), ldapadd(1ldap), ldapmodify(1ldap), ldapmodrdn(1ldap), ldapsearch(1ldap), ldap_delete(3ldap)

Kille, S., A String Representation of Distinguished Names, RFC 1779, ISODE Consortium, March 1995.


30 January 1998
© 1998 The Santa Cruz Operation, Inc. All rights reserved.