OpenLDAP’s set of LDAP client tools can be used to communicate with any LDAPv3 server (see Table B-6).
Option |
Description |
-d integer |
Specifies what debugging information to log. See the
|
-D binddn |
Specifies the DN to use for binding to the LDAP server. |
-e [!]ctrl[=ctrlparam] |
Defines an LDAP control to be used on the current operation. See also the -M option for the manageDSAit control. |
-f filename |
Specifies the file containing the LDIF entries to be used in the operations. |
-H URI |
Defines the LDAP URI to be used in the connection request. |
-I |
Enables the SASL “interactive” mode. By default, the client prompts for information only when necessary. |
-k |
Enables Kerberos 4 authentication. |
-K |
Enables only the first step of the Kerberos 4 bind for authentication. |
-M-MM |
Enable the Manager DSA IT control. This option is necessary when modifying an entry that is a referral or an alias. -MM requires that the Manager DSA IT control be supported by the server. |
-n |
Does not perform the search; just displays what would be done. |
-O security_properties |
Defines the SASL security properties for authentication. See previous
information on the |
-P [2|3] |
Defines which protocol version to use in the connection (Version 2 or 3). The default is LDAP v3. |
-Q |
Suppresses SASL-related messages such as how the authentication mechanism is used, username, and realm. |
-R sasl_realm |
Defines the realm to be used by the SASL authentication mechanism. |
-U username |
Defines the username to be used by the SASL authentication mechanism. |
-v |
Enables verbose mode. |
-w password |
Specifies the password to be used for authentication. |
-W |
Instructs the client to prompt for the password. |
-x |
Enables simple authentication. The default is to use SASL authentication. |
-X id |
Defines the SASL authorization identity. The identity has the form
|
-y passwdfile |
Instructs the ldap tool to read the password for a simple bind from the given filename. |
-Y sasl_mechanism |
Tells the client which SASL mechanism should be used. The bind request will fail if the server does not support the chosen mechanism. |
-Z-ZZ |
Issue a StartTLS request. Use of -ZZ makes the support of this request mandatory for a successful connection. |
These tools send updates to directory servers (see Table B-7).
This tool asks a directory server to compare two values:
ldapcompare [options
] DN <attr:value|attr::b64value>.
There are no additional command-line flags for this tool.
This tool deletes entries from an LDAP directory (see Table B-8).
This tool changes the RDN of an entry in an LDAP directory (see Table B-9).
Option |
Description |
-c |
Instructs ldapmodrdn to continue if errors occur. By default, it terminates if there is an error. |
-r |
Removes the old RDN value. The default behavior is to add another value of the RDN and leave the old value intact. The default behavior makes it easier to modify a directory without leaving orphaned entries. |
-s new_superior_node |
Defines the new superior, or parent, entry under which the renamed entry should be located. |
This tool changes the password stored in a directory entry (see Table B-10).
This tool issues LDAP search queries to directory servers (see Table B-11).
Option |
Description |
-a [never|always|search|find] |
Specifies how to handle aliases when they are located during a
search. Possible values include |
-A |
For any entries found, returns the attribute names, but not their values. |
-b basedn |
Defines the base DN for the directory search. |
-F prefix |
Defines the URL prefix for filenames. The default is to use the value
stored in |
-l limit |
Defines a time limit (in seconds) for the server in the search. |
-L-LL-LLL |
Print the resulting output in LDIF v1 format. -LL causes the result to be printed in LDIF format without comments. -LLL prints the resulting output in LDIF format without comments and without version information. |
-s [sub|base|one] |
Defines the scope of the search to be |
-S attribute |
Causes the ldapsearch client to sort the results by the value of attribute. |
-t-tt |
Write binary values to files in a temporary directory defined by the -T option. -tt specifies that all values should be written to files in a temporary directory defined by the -T option. |
-T directory |
Defines the directory used to store the resulting output files. The
default is the directory specified by
|
-u |
Includes user-friendly entry names in the output. |
-z limit |