ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahy_5.4.0.1/rzahyldapdel.htm

207 lines
12 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Directory Server (LDAP) - ldapdelete</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<a name="rzahyldapdel"></a>
<h3 id="rzahyldapdel">ldapdelete</h3>
<p>The LDAP delete-entry tool</p>
<p><span class="bold">Synopsis</span></p>
<pre class="xmp">ldapdelete [-c] [-C charset] [-d debuglevel][-D binddn] [-f file]
[-G realm] [-h ldaphost] [-i file] [-k] [-K keyfile] [-m mechanism]
[-M] [-n] [-N certificatename] [-O maxops] [-p ldapport]
[-P keyfilepw] [-R] [-s][-U username} [-v] [-V version]
[-w passwd | ?] [-y proxydn][-Y] [-Z] [dn]......
</pre>
<p><span class="bold">Description</span></p>
<p><span class="bold">ldapdelete</span> is a command-line interface
to the <a href="../apis/ldap_delete.htm">ldap_delete</a> application
programming interface (API).</p>
<p><span class="bold">ldapdelete</span> opens a connection to
an LDAP server, binds, and deletes one or more entries. If one or more Distinguished
Name (DN) arguments are provided, entries with those DNs are deleted. Each
DN is a string-represented DN. If no DN arguments are provided, a list of
DNs is read from standard input, or from a file if the <span class="bold">-i</span> flag is used.</p>
<p>To display syntax help for <span class="bold">ldapdelete</span>, type:</p>
<pre class="xmp">ldapdelete -?</pre>
<p><span class="bold">Options</span></p>
<dl>
<dt class="bold">-c</dt>
<dd>Continuous operation mode. Errors are reported, but <span class="bold">ldapdelete</span> continues with deletions. Otherwise the default action is
to exit after reporting an error.
</dd>
<dt class="bold">-C <span class="italic">charset</span> </dt>
<dd>Specifies that the DNs supplied as input to the <span class="bold">ldapdelete</span> utility are represented in a local character set, as specified
by charset. Use the <span class="bold">-C <span class="italic">charset</span></span> option if the input string codepage is different from the
job codepage value. Refer to the <a href="../apis/ldap_set_iconv_local_charset.htm">ldap_set_iconv_local_charset()</a> API to see supported charset values.
</dd>
<dt class="bold">-d <span class="italic">debuglevel</span> </dt>
<dd>Set the LDAP debugging level to debuglevel.
</dd>
<dt class="bold">-D <span class="italic">binddn</span></dt>
<dd>Use <span class="bold-italic">binddn</span> to bind to the LDAP directory. <span class="bold-italic">binddn</span> is a string-represented DN. When used with
-m DIGEST-MD5, it is used to specify the authorization ID. It can either be
a DN, or an authzId string starting with "u:" or "dn:".
</dd>
<dt class="bold">-f <span class="italic">file</span></dt>
<dd>Read a series of lines from file, performing one LDAP delete for each
line in the file. Each line in the file should contain a single distinguished
name (DN).
</dd>
<dt class="bold">-G <span class="italic">realm</span></dt>
<dd>Specify the realm. This parameter is optional. When used with
-m DIGEST-MD5, the value is passed to the server during the bind.
</dd>
<dt class="bold">-h <span class="italic">ldaphost</span></dt>
<dd>Specify an alternate host on which the LDAP server is running.
</dd>
<dt class="bold">-i <span class="italic">file</span></dt>
<dd>Read a series of lines from file, performing one LDAP delete
for each line in the file. Each line in the file should contain a single distinguished
name.
</dd>
<dt class="bold">-k </dt>
<dd>Specifies to use the server administration control.
</dd>
<dt class="bold">-K <span class="italic">keyfile</span></dt>
<dd>Specify the name of the SSL key database file. If the key database file
is not in the current directory, specify the fully-qualified key database
filename.
<p>If the utility cannot locate a key database, it will use a hard-coded
set of default trusted certificate authority roots. The key database file
typically contains one or more certificates of certification authorities (CAs)
that are trusted by the client. These types of X.509 certificates are also
known as trusted roots.</p>
<p>This parameter effectively enables the <span class="bold">-Z</span> switch. For Directory Server on i5/OS
if you use -Z and do not use -K or -N, the certificate associated with the
Directory Services Client application ID will be used.</p>
</dd>
<dt class="bold">-m <span class="italic">mechanism</span></dt>
<dd>Use <span class="bold-italic">mechanism</span> to specify the
SASL mechanism to be used to bind to the server. The <a href="../apis/ldap_sasl_bind_s.htm">ldap_sasl_bind_s()</a> API is used. The <span class="bold">-m</span> parameter is ignored if <span class="bold">-V 2</span> is
set. If <span class="bold">-m</span> is not specified, simple
authentication is used. Valid mechanisms are:
<ul>
<li>CRAM-MD5 - protects the password sent to the server.</li>
<li>EXTERNAL - uses the SSL certificate. Requires -Z.</li>
<li>GSSAPI - uses the user's Kerberos credentials</li>
<li><img src="delta.gif" alt="Start of change" />DIGEST-MD5 - requires that the client send a username value
to the server. Requires -U. The -D parameter (usually the bind DN) is used
to specify the authorization ID. It can be a DN, or an authzId string starting
with u: or dn:.<img src="deltaend.gif" alt="End of change" /></li>
<li><img src="delta.gif" alt="Start of change" />OS400_PRFTKN - authenticates to the local LDAP server as the
current i5/OS user using the DN of the user in the system projected backend.
The -D (bind DN) and -w (password) parameters should not be specified.<img src="deltaend.gif" alt="End of change" /></li></ul>
</dd>
<dt class="bold">-M</dt>
<dd>Manage referral objects as regular entries.
</dd>
<dt class="bold">-n</dt>
<dd>Show what would be done, but don't actually change entries. Useful for
debugging in conjunction with <span class="bold">-v</span>.
</dd>
<dt class="bold">-N <span class="italic">certificatename</span></dt>
<dd>Specify the label associated with the client certificate in the key
database file. If the LDAP server is configured to perform server authentication
only, a client certificate is not required. If the LDAP server is configured
to perform client and server authentication, a client certificate might be
required. <span class="bold-italic">certificatename</span> is not required
if a default certificate/private key pair has been designated as the default.
Similarly, <span class="bold-italic">certificatename</span> is not
required if there is a single certificate/private key pair in the designated
key database file. This parameter is ignored if neither <span class="bold">-Z</span> nor <span class="bold">-K</span> is specified. For Directory
Server on i5/OS if you use -Z and do not use -K or -N, the certificate associated
with the Directory Services Client application ID will be used.
</dd>
<dt class="bold">-O <span class="italic">maxhops</span></dt>
<dd>Specify <span class="bold-italic">maxhops</span> to
set the maximum number of hops that the client library takes when chasing
referrals. The default hopcount is 10.
</dd>
<dt class="bold">-p <span class="italic">ldapport </span></dt>
<dd>Specify an alternate TCP port where the LDAP server is listening.
The default LDAP port is 389. If <span class="bold">-p</span> is
not specified and <span class="bold">-Z</span> is specified, the
default LDAP SSL port 636 is used.
</dd>
<dt class="bold">-P <span class="italic">keyfilepw</span></dt>
<dd>Specify the key database password. This password is required to access
the encrypted information in the key database file, which can include one
or more private keys. If a password stash file is associated with the key
database file, the password is obtained from the password stash file,
and the <span class="bold">-P</span> parameter is not required.
This parameter is ignored if neither <span class="bold">-Z</span> nor <span class="bold">-K</span> is specified.
</dd>
<dt class="bold">-R</dt>
<dd>Specifies that referrals are not to be automatically followed.
</dd>
<dt class="bold">-s</dt>
<dd>Use this option to delete the subtree rooted at the specified
entry.
</dd>
<dt class="bold">-U <span class="italic">username</span></dt>
<dd>Specify the username. Required with -m DIGEST-MD5 and ignored
with any other mechanism.
</dd>
<dt class="bold">-v</dt>
<dd>Use verbose mode, with many diagnostics written to standard
output.
</dd>
<dt class="bold">-V <span class="italic">version</span></dt>
<dd>Specifies the LDAP version to be used by <span class="bold">ldapdelete</span> when it binds to the LDAP server. By default, an LDAP V3 connection
is established. To explicitly select LDAP V3, specify <span class="bold">-V 3</span>. Specify <span class="bold">-V 2</span> to run as an LDAP
V2 application.
</dd>
<dt class="bold">-w <span class="italic">passwd</span> | ?</dt>
<dd>Use <span class="bold-italic">passwd</span> as the password
for authentication. Use the ? to generate a password prompt.
</dd>
<dt class="bold">-y proxydn</dt>
<dd>Set proxied ID for proxied authorization operation.
</dd>
<dt class="bold">-Y</dt>
<dd>Use a secure LDAP connection (TLS).
</dd>
<dt class="bold">-Z</dt>
<dd>Use a secure SSL connection to communicate with the LDAP server. For
Directory Server on i5/OS if you use -Z and do not use -K or -N, the certificate
associated with the Directory Services Client application ID will be used.
</dd>
<dt class="bold">dn</dt>
<dd>Specifies one or more DN arguments. Each DN should be a string-represented
DN.
</dd>
</dl>
<p><span class="bold">Examples</span></p>
<p>The following command, </p>
<pre class="xmp">ldapdelete -D cn=administrator -w secret "cn=Delete Me, o=University of Life, c=US"</pre><p class="indatacontent">attempts to delete the entry named with commonName "Delete Me" directly
below the University of Life organizational entry.</p>
<p><span class="bold">Notes</span></p>
<p>If no DN arguments are provided, the <span class="bold">ldapdelete</span> command waits to read a list of DNs from standard input.</p>
<p><span class="bold">Diagnostics</span></p>
<p>Exit status is 0 if no errors occur. Errors result in a non-zero exit status
and a diagnostic message being written to standard error.</p>
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>