HP UX Identity Security Software 6.6.1ldapdelete syntax, 6.6.3 ldapdelete SSL options, 6.6.2 Commonly-usedldapdelete options

•“Additional ldapdelete options” (page 207)

6.6.1ldapdelete syntax

ldapdelete [optional_options]

6.6.2 Commonly-used ldapdelete options

Table 6-15 Commonly-used ldapdelete options

Option	Description
-D	Specifies the distinguished name with which to authenticate to the server. The value must be a DN
	recognized by the Directory Server, and it must also have the authority to delete the entries. For
	example:
	-D "uid=bjensen, dc=example,dc=com"
	For more information on access control, see the "Managing Access Control" chapter in the HP-UX
	Directory Server administrator guide. The -Doption cannot be used with the -Noption.

dn	Specifies the dn of the entry to delete.

-g	Specifies that the password policy request control not be sent with the bind request. By default, the
	new LDAP password policy request control is sent with bind requests. The ldapdelete tool can
	parse and display information from the response control if it is returned by a server; that is, the tool
	will print an appropriate error or warning message when a server sends the password policy response
	control with the appropriate value. The criticality of the request control is set to false to ensure
	that all LDAPv3 servers that do not understand the control can ignore it. To suppress sending of
	the request control with the bind request, include -gon the command-line.

-h	Specifies the name of the host on which the server is running. For example:
	-h cyclops
	The default is localhost.

-p	Specifies the port number that the server uses. The default is 389. If -Zis used, the default is 636.

-w	Specifies the password associated with the distinguished name specified in the -Doption. For
	example:
	-w mypassword
	The default is "", or anonymous. If a password is not sent on the command line and the server
	requires one, the command prompts for one. It is more secure not to provide a password on the
	command line so that it does not show up in clear text in a listing of commands.

6.6.3 ldapdelete SSL options

Use the following options to specify that the ldapdelete command use LDAPS when communicating with the Directory Server or to use certificate-based authentication. These options are valid only when LDAPS has been turned on and configured for the Directory Server. For more information on certificate-based authentication and how to create a certificate database for use with LDAP clients, see the "Managing SSL" and "Managing SASL" chapters in the HP-UX Directory Server administrator guide.

Ensure that the Directory Server's encrypted port is set when using these options.

Table 6-16 ldapdelete SSL options

Option	Description
-3	Specifies that host names should be checked in SSL certificates.

-I	Specifies the SSL key password file that contains the token:password pair.

6.6 ldapdelete 205