LDAP System Administration [Electronic resources] نسخه متنی

-d integer

Specifies what debugging information to log. See the
loglevel slapd.conf parameter
for a listing of log levels.

-D binddn

Specifies the DN to use for binding to the LDAP server.

-e [!]ctrl[=ctrlparam]

Defines an LDAP control to be used on the current operation. See also
the -M option for the manageDSAit control.

-f filename

Specifies the file containing the LDIF entries to be used in the
operations.

-H URI

Defines the LDAP URI to be used in the connection request.

-I

Enables the SASL "interactive"
mode. By default, the client prompts for information only when
necessary.

-k

Enables Kerberos 4 authentication.

-K

Enables only the first step of the Kerberos 4 bind for authentication.

-M-MM

Enable the Manager DSA IT control. This option is necessary when
modifying an entry that is a referral or an alias.
-MM requires that the Manager DSA IT control be
supported by the server.

-n

Does not perform the search; just displays what would be done.

-O security_properties

Defines the SASL security properties for authentication. See previous
information on the sasl-secprops parameter in
slapd.conf.

-P [2|3]

Defines which protocol version to use in the connection (Version 2 or
3). The default is LDAP v3.

-Q

Suppresses SASL-related messages such as how the authentication
mechanism is used, username, and realm.

-R sasl_realm

Defines the realm to be used by the SASL authentication mechanism.

-U username

Defines the username to be used by the SASL authentication mechanism.

-v

Enables verbose mode.

-w password

Specifies the password to be used for authentication.

-W

Instructs the client to prompt for the password.

-x

Enables simple authentication. The default is to use SASL
authentication.

-X id

Defines the SASL authorization identity. The identity has the form
dn:dn
oru:user. The default
is to use the same authorization identity that the user
authenticated.

-y passwdfile

Instructs the ldap tool to read the password for
a simple bind from the given filename.

-Y sasl_mechanism

Tells the client which SASL mechanism should be used. The bind
request will fail if the server does not support the chosen
mechanism.

-Z-ZZ

Issue a StartTLS request. Use of -ZZ makes the
support of this request mandatory for a successful connection.

-a

Adds entries. This option is the default for
ldapadd.

-r

Replaces (or modifies) entries and values. This is the default for
ldapmodify.

-F

Forces all change records to be used from the input.

-r

Deletes the subtree whose root is designated by DN. The delete is not
performed atomically.

-c

Instructs ldapmodrdn to continue if errors
occur. By default, it terminates if there is an error.

-r

Removes the old RDN value. The default behavior is to add another
value of the RDN and leave the old value intact. The default behavior
makes it easier to modify a directory without leaving orphaned
entries.

-s new_superior_node

Defines the new superior, or parent, entry under which the renamed
entry should be located.

-a secret

The old password value

-A

Prompt for the old password

-s new_secret

The new password value

-S

Prompt for the new password

-a [never|always|search|find]

Specifies how to handle aliases when they are located during a
search. Possible values include never (default),
always, search, or
find.

-A

For any entries found, returns the attribute names, but not their
values.

-b basedn

Defines the base DN for the directory search.

-F prefix

Defines the URL prefix for filenames. The default is to use the value
stored in $LDAP_FILE_URI_PREFIX.

-l limit

Defines a time limit (in seconds) for the server in the search.

-L-LL-LLL

Print the resulting output in LDIF v1 format.
-LL causes the result to be printed in LDIF
format without comments. -LLL prints the
resulting output in LDIF format without comments and without version
information.

-s [sub|base|one]

Defines the scope of the search to be base,
one, or sub (the default).

-S attribute

Causes the ldapsearch client to sort the results
by the value of attribute.

-t-tt

Write binary values to files in a temporary directory defined by the
-T option. -tt specifies
that all values should be written to files in a temporary directory
defined by the -T option.

-T directory

Defines the directory used to store the resulting output files. The
default is the directory specified by
$LDAP_TMPDIR.

-u

Includes user-friendly entry names in the output.

-z limit

Specifies the maximum number of entries to return.