ldapdelete - ldap delete entry tool
ldapdelete [-n] [-v] [-c] [-d debuglevel] [-f file] [-
D binddn] [-w passwd] [-h ldaphost] [-M authentication] [-
p ldapport] [dn...]
The ldapdelete utility opens a connection to an LDAP server,
then binds and deletes one or more entries. If one or more
dn arguments are provided, entries with those distinguished
names are deleted. If no dn arguments are provided, a list
of DNs is read from file, if the -f option is specified, or
from standard input.
The following options are supported:
-c Continuous operation mode. Errors are reported, but
ldapdelete will continue with deletions. The default
is to exit after reporting an error.
Sets the LDAP debugging level. Useful levels of debug-
ging for ldapdelete are:
128 Access control
To request more than one category of debugging infor-
mation, add the masks. For example, to request trace
and filter information, specify a debuglevel of 33.
Uses the distinguished name binddn to bind to the
Reads the entry deletion information from file instead
of from standard input.
Specifies an alternate host on which the slapd server
Specifies the authentication mechanism used to bind to
The default authentication method for ldapdelete is
simple bind. simple bind sends the password to the
server in the clear. The password is subject to snoop-
ing if the server is not local. You must use special
care when you use this command with the default
authentication method. If your server supports the
challenge response method CRAM-MD5 authentication
method, you can override the default authentication
method by using the -M option with CRAM-MD5 as the
value for authentication.
The bind DN and bind password are mandatory with this
-n Shows what would be done, but does not actually delete
entries. Useful in conjunction with options -v and -d
Specifies an alternate TCP port where the slapd server
-v Uses verbose mode, with diagnostics written to stan-
Use passwd as the password for authentication to the
directory. When you use -w passwd to specify the pass-
word to be used for authentication, the password is
visible to other users of the system by means of the
ps command, in script files or in shell history. If
you use the ldapdelete command without this option,
the command will prompt for the password and read it
from standard in. When used without the -w option, the
password will not be visible to other users.
The following operand is supported:
dn Specifies one or several distinguished names of
entries to delete.
Example 1: Deleting an entry
To delete the entry named with commonName Delete Me directly
below the XYZ Corporation organizational entry, use the fol-
example% ldapdelete -D "cn=Administrator, o=XYZ, c=US" \
"cn=Delete Me, o=XYZ, c=US"
See attributes(5) for a description of the following attri-
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
| Availability | SUNWcsu |
| Stability Level | Evolving |
The following exit values are returned:
0 Successful completion.
An error occurred. A diagnostic message is written to
ldapadd(1), ldapmodify(1), ldapmodrdn(1), ldapsearch(1),
ldap_get_option(3LDAP), ldap_set_option(3LDAP), attri-
Man(1) output converted with