Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1‎ > ‎


     ldapdelete - ldap delete entry tool

     ldapdelete  [-n]  [-v]  [-c]  [-d debuglevel]  [-f file]  [-
     D bindDN]  [-w passwd  | -j file]  [-J  [:criticality]] [-?]
     [-H] [-h ldaphost]  [-V version]  [-i locale]  [-k path]  [-
     P path]   [-N certificate]   [-y proxyid]  [-p ldapport]  [-
     O hoplimit] [-o attributename=value] [-W password] [dn...]

     The ldapdelete utility opens a connection to an LDAP server,
     then  binds  and deletes one or more entries. If one or more
     dn arguments are provided, entries with those  distinguished
     names  are  deleted. If no dn arguments are provided, a list
     of DNs is read from file, if the -f option is specified,  or
     from standard input.

     The following options are supported:


         Bypass confirmation question when deleting a branch.


         Continuous operation  mode.  Errors  are  reported,  but
         ldapdelete  will continue with deletions. The default is
         to exit after reporting an error.

     -d debuglevel

         Sets the LDAP debugging level. Useful levels  of  debug-
         ging for ldapdelete are:

         1        Trace

         2        Packets

         4        Arguments

         32       Filters

         128      Access control

         To request more than one category of debugging  informa-
         tion,  add  the masks. For example, to request trace and
         filter information, specify a debuglevel of 33.

     -D bindDN

         Uses the distinguished name bindDN to bind to the direc-


         Ask server to expose (report) bind identity by means  of
         authentication response control.

     -f file

         Reads the entry deletion information from  file  instead
         of from standard input.


         Display the usage help text that briefly  describes  all


         Display the usage help text that briefly  describes  all

     -h ldaphost

         Specifies an alternate host on which the LDAP server  is

     -i locale

         Specify the character set to use for command-line input.
         The  default  is the character set specified in the LANG
         environment variable. You might want to use this  option
         to  perform  the conversion from the specified character
         set to UTF8, thus overriding the LANG setting.

         Using this argument, you can input the bind DN  and  the
         target  DNs  in  the  specified character set. The ldap-
         delete tool converts  the  input  from  these  arguments
         before  it processes the search request. For example, -i
         no indicates that the bind DN and target  DNs  are  pro-
         vided in Norwegian.

         This option affects only the  command-line  input.  That
         is,  if  you  specify a file containing DNs (with the -f
         option), ldapdelete will not convert  the  data  in  the

     -j filename

         Specify a file containing the password for the  bind  DN
         or  the  password  for the SSL client's key database. To
         protect the password, use this  option  in  scripts  and
         place  the  password  in  a  secure file. This option is
         mutually exclusive of the -w  and  -W  options.  The  -j
         option  is  the  more  secure alternative between -j and

     -J [:criticality[:value|::b64value|b64value|:fileurl]]

         Criticality is a boolean value (default is false).

     -k path

         Specify the path to a  directory  containing  conversion
         routines. These routines are used if you want to specify
         a locale that is not supported by default by your direc-
         tory server. This is for NLS support.


         Manage smart referrals. When they are the target of  the
         operation, delete the actual entry containing the refer-
         ral instead of  the  entry  obtained  by  following  the


         Shows what would be done, but does not  actually  delete
         entries.  Useful  in  conjunction with options -v and -d
         for debugging.

     -N certificate

         Specify the certificate name  to  use  for  certificate-
         based    client    authentication.   For   example:   -N

     -o attributename=value

         For SASL mechanisms and other options such  as  security
         properties, mode of operation, authorization ID, authen-
         tication ID, and so forth.

         The different attribute names and their  values  are  as


             For defining SASL security properties.


             Specifies SASL realm (default is realm=none).


             Specify the authorization ID name for SASL bind.


             Specify the authentication ID for SASL bind.


             Specifies the various SASL mechanisms.

     -O hopLimit

         Specify the maximum number of referral  hops  to  follow
         while  finding  an entry to delete. By default, there is
         no limit.

     -p ldapport

         Specifies an alternate TCP port where the LDAP server is

     -P path

         Specify the path and filename of the  client's  certifi-
         cate database. For example:

         -P /home/uid/.netscape/cert7.db

         When using the command on the same host as the directory
         server,  you  can use the server's own certificate data-
         base. For example:

         -P installDir/lapd-serverID/alias/cert7.db

         Use the -P option alone to specify server authentication


         Uses verbose mode, with diagnostics written to  standard

     -V version

         Specify the LDAP protocol version number to be used  for
         the  delete  operation,  either  2  or 3. LDAP v3 is the
         default. Specify LDAP v2 when connecting to servers that
         do not support v3.

     -W password

         Specify the password for the client's key database given
         in   the   -P   option.  This  option  is  required  for
         certificate-based  client   authentication.   Specifying
         password on the command line has security issues because
         the password can be seen by  others  on  the  system  by
         means  of  the ps command. Use the -j instead to specify
         the password from the  file.  This  option  is  mutually
         exclusive of -j.

     -w passwd

         Use passwd as the password  for  authentication  to  the
         directory.  When  you use -w passwd to specify the pass-
         word to be used  for  authentication,  the  password  is
         visible  to other users of the system by means of the ps
         command, in script files or in shell history. If you use
         the  ldapdelete command without this option, the command
         will prompt for the password and read it  from  standard
         in.  When  used without the -w option, the password will
         not be visible to other users.

     -Y proxyid

         Specify the proxy DN (proxied authorization id)  to  use
         for  the delete operation, usually in double quotes ("")
         for the shell.


         Specify that SSL be used  to  provide  certificate-based
         client  authentication.  This option requires the -N and
         SSL password and any other of the SSL options needed  to
         identify the certificate and the key database.

     The following operand is supported:

     dn       Specifies one or  several  distinguished  names  of
              entries to delete.

     Example 1: Deleting an Entry

     To delete the entry named with commonName Delete Me directly
     below the XYZ Corporation organizational entry, use the fol-
     lowing command:

     example% ldapdelete -D "cn=Administrator, o=XYZ, c=US" \
       "cn=Delete Me, o=XYZ, c=US"

     Example 2: Deleting an Entry Using SASL Authentication

     To delete  the  entry  named  with  commonName  "Delete  Me"
     directly below the XYZ Corporation organizational entry, use
     the following command:

     example% ldapdelete -o mech=DIGEST-MD5 -o secProp=noanonymous \
     -o realm=none -o authid="dn:uid=foo,o=XYZ, c=US"  \
     "cn=Delete Me, o=XYZ, c=US"

     See attributes(5) for a description of the following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWcsu                     |
    | Stability Level             | Evolving                    |

     The following exit values are returned:

     0               Successful completion.

     Non-zero        An error occurred. A diagnostic  message  is
                     written to standard error.

     ldapadd(1),  ldapmodify(1),  ldapmodrdn(1),   ldapsearch(1),
     ldap_get_option(3LDAP),    ldap_set_option(3LDAP),    attri-

     The -M authentication option is obsolete.

Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.