The ldapdelete utility opens a connection to an LDAP server, then binds and deletes one or more entries. If one or more dn arguments are provided, entries with those distinguished names are deleted. If no dn arguments are provided, a list of DNs is read from file, if the -f option is specified, or from standard input.

The following options are supported:

-c

Continuous operation mode. Errors are reported, but ldapdelete will continue with deletions. The default is to exit after reporting an error.

-d debuglevel

Sets the LDAP debugging level. Useful levels of debugging for ldapdelete are:

1

Trace

2

Packets

4

Arguments

32

Filters

128

Access control

To request more than one category of debugging information, add the masks. For example, to request trace and filter information, specify a debuglevel of 33.

-D binddn

Uses the distinguished name binddn to bind to the directory.

-f file

Reads the entry deletion information from file instead of from standard input.

-h ldaphost

Specifies an alternate host on which the slapd server is running.

-M authentication

Specifies the authentication mechanism used to bind to the directory.

The default authentication method for ldapdelete is simple bind. simple bind sends the password to the server in the clear. The password is subject to snooping if the server is not local. You must use special care when you use this command with the default authentication method. If your server supports the challenge response method CRAM-MD5 authentication method, you can override the default authentication method by using the -M option with CRAM-MD5 as the value for authentication.

The bind DN and bind password are mandatory with this option.

-n

Shows what would be done, but does not actually delete entries. Useful in conjunction with options -v and -d for debugging.

-o

Specifies the security layer for the mechanism (none, integrity, privacy).

-p ldapport

Specifies an alternate TCP port where the slapd server is listening.

-v

Uses verbose mode, with diagnostics written to standard output.

-w passwd

Use passwd as the password for authentication to the directory. When you use -w passwd to specify the password to be used for authentication, the password is visible to other users of the system by means of the ps command, in script files or in shell history. If you use the ldapdelete command without this option, the command will prompt for the password and read it from standard in. When used without the -w option, the password will not be visible to other users.

The following operand is supported:

dn

Specifies one or several distinguished names of entries to delete.

See attributes(5) for a description of the following attributes:

The following exit values are returned:

0

Successful completion.

Non-zero

An error occurred. A diagnostic message is written to standard error.

ldapadd(1), ldapmodify(1), ldapmodrdn(1), ldapsearch(1), ldap_get_option(3LDAP), ldap_set_option(3LDAP), attributes(5)