Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   31559 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

LDAPCOMPARE(1)					   LDAPCOMPARE(1)

NAME
       ldapcompare - LDAP compare tool

SYNOPSIS
       ldapcompare  [-n]  [-v]	[-z]  [-k] [-K] [-M[M]] [-d debu-
       glevel]	[-D binddn]  [-W]   [-w passwd]	  [-y passwdfile]
       [-H ldapuri]    [-h ldaphost]	[-p ldapport]	 [-P 2|3]
       [-O security-properties] [-I] [-Q] [-U authcid] [-R realm]
       [-x]  [-X authzid]  [-Y mech]  [-Z[Z]]  DN <  attr:value |
       attr::b64value >

DESCRIPTION
       ldapcompare  is	a  shell-accessible  interface	 to   the
       ldap_compare(3) library call.

       ldapcompare  opens  a connection to an LDAP server, binds,
       and performs a compare using specified  parameters.    The
       DN  should be a distinguished name in the directory.  Attr
       should be a known attribute.  If followed  by  one  colon,
       the  assertion  value  should be provided as a string.  If
       followed by two colons, the base64 encoding of  the  value
       is provided.

OPTIONS
       -n     Show what would be done, but don't actually perform
	      the compare.  Useful for debugging  in  conjunction
	      with -v.

       -v     Run  in verbose mode, with many diagnostics written
	      to standard output.

       -z     Run in quiet mode, no output is written.	You  must
	      check  the return status.	 Useful in shell scripts.

       -k     Use Kerberos IV authentication  instead  of  simple
	      authentication.	It  is	assumed	 that you already
	      have a valid ticket granting  ticket.   ldapcompare
	      must  be	compiled  with	Kerberos support for this
	      option to have any effect.

       -K     Same as -k, but only does step 1 of the Kerberos IV
	      bind.   This  is	useful when connecting to a slapd
	      and there is no x500dsa.hostname	principal  regis-
	      tered with your Kerberos Domain Controller(s).

       -M[M]  Enable  manage  DSA  IT control.	-MM makes control
	      critical.

       -d debuglevel
	      Set the LDAP debugging level to debuglevel.   ldap-
	      compare  must  be	 compiled with LDAP_DEBUG defined
	      for this option to have any effect.

       -x     Use simple authentication instead of SASL.

       -D binddn
	      Use the Distinguished Name binddn to  bind  to  the
	      LDAP directory.

       -W     Prompt  for  simple  authentication.   This is used
	      instead of specifying the password on  the  command
	      line.

       -w passwd
	      Use  passwd  as the password for simple authentica-
	      tion.

       -y passwdfile
	      Use complete contents of passwdfile as the password
	      for simple authentication.

       -H ldapuri
	      Specify URI(s) referring to the ldap server(s).

       -h ldaphost
	      Specify  an alternate host on which the ldap server
	      is running.  Deprecated in favor of -H.

       -p ldapport
	      Specify an alternate TCP port where the ldap server
	      is listening.  Deprecated in favor of -H.

       -P 2|3 Specify the LDAP protocol version to use.

       -O security-properties
	      Specify SASL security properties.

       -I     Enable   SASL  Interactive  mode.	  Always  prompt.
	      Default is to prompt only as needed.

       -Q     Enable SASL Quiet mode.  Never prompt.

       -U authcid
	      Specify the authentication ID for	 SASL  bind.  The
	      form of the ID depends on the actual SASL mechanism
	      used.

       -R realm
	      Specify the realm of  authentication  ID	for  SASL
	      bind.  The  form of the realm depends on the actual
	      SASL mechanism used.

       -X authzid
	      Specify the proxy authorization ID for  SASL  bind.
	      authzid  must  be	 one  of  the  following formats:
	      dn:<distinguished name> or u:<username>

       -Y mech
	      Specify the SASL mechanism to be used for authenti-
	      cation.  If  it's	 not  specified, the program will
	      choose the best mechanism the server knows.

       -Z[Z]  Issue StartTLS (Transport Layer Security)	 extended
	      operation. If you use -ZZ, the command will require
	      the operation to be successful.

EXAMPLE
	   ldapcompare "uid=babs,dc=example,dc=com"  sn Jensen
	   ldapcompare "uid=babs,dc=example,dc=com"  sn:Jensen
	   ldapcompare "uid=babs,dc=example,dc=com"  sn::SmVuc2Vu
       are all equivalent.

DIAGNOSTICS
       When -z is used, exit status is either 5 if the compare is
       false,  or  6  when the compare is true.	 Errors result in
       other non-zero values.
       When -z is not used, exit status	 is  zero  if  no  errors
       occur.	Errors	result	in  a  non-zero exit status and a
       diagnostic message being written to standard error.

BUGS
       Should have a way to specify a  url  for	 options  or  for
       large binary file compares.

SEE ALSO
       ldap.conf(5), ldif(5), ldap(3), ldap_compare(3)

AUTHOR
       The OpenLDAP Project <http://www.openldap.org/>

ACKNOWLEDGEMENTS
       OpenLDAP	 is developed and maintained by The OpenLDAP Pro-
       ject (http://www.openldap.org/).	 OpenLDAP is derived from
       University of Michigan LDAP 3.3 Release.

OpenLDAP LDVERSION	   RELEASEDATE		   LDAPCOMPARE(1)

Vote for polarhome