ldapcompare — perform LDAP compare operations
ldapcompare
attribute:value DN
The ldapcompare command takes the following options:
Command options:
--assertionFilter {filter}
Use the LDAP assertion control with the provided filter.
--connectTimeout {timeout}
Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out.
Default: 30000
-J | --control {controloid[:criticality[:value|::b64value|:<filePath]]}
Use a request control with the provided information.
For some controloid
values,
you can replace object identifiers with user-friendly strings.
The strings are listed here in lower case, but the case is not important.
You can use camelCase if you prefer, for example.
accountusable
accountusability
Account Usability Control, Object Identifier: 1.3.6.1.4.1.42.2.27.9.5.8
authzid
authorizationidentity
Authorization Identity Request Control, Object Identifier: 2.16.840.1.113730.3.4.16
effectiverights
geteffectiverights
Get Effective Rights Request Control, Object Identifier: 1.3.6.1.4.1.42.2.27.9.5.2
managedsait
Manage DSAIT Request Control, Object Identifier: 2.16.840.1.113730.3.4.2
noop
no-op
No-Op Control, Object Identifier: 1.3.6.1.4.1.4203.1.10.2
pwpolicy
passwordpolicy
Password Policy Control, Object Identifier: 1.3.6.1.4.1.42.2.27.8.5.1
realattrsonly
realattributesonly
Real Attributes Only Request Control, Object Identifier: 2.16.840.1.113730.3.4.17
subtreedelete
treedelete
Subtree Delete Request Control, Object Identifier: 1.2.840.113556.1.4.805
virtualattrsonly
virtualattributesonly
Virtual Attributes Only Request Control, Object Identifier: 2.16.840.1.113730.3.4.19
-m | --useCompareResultCode
Use the LDAP compare result as an exit code for the LDAP compare operations.
Default: false
-n | --dry-run
Show what would be done but do not perform any operation.
Default: false
-S | --scriptFriendly
Use script-friendly mode.
Default: false
-Y | --proxyAs {authzID}
Use the proxied authorization control with the given authorization ID.
LDAP connection options:
-D | --bindDN {bindDN}
DN to use to bind to the server.
Default:
-E | --reportAuthzID
Use the authorization identity control.
Default: false
-h | --hostname {host}
The fully-qualified directory server host name that will be used when generating self-signed certificates for LDAP SSL/StartTLS, the administration connector, and replication.
Default: localhost.localdomain
-j | --bindPasswordFile {bindPasswordFile}
Bind password file.
-K | --keyStorePath {keyStorePath}
Certificate key store path.
-N | --certNickname {nickname}
Nickname of the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation.
-o | --saslOption {name=value}
SASL bind options.
-p | --port {port}
Directory server port number.
Default: 389
-P | --trustStorePath {trustStorePath}
Certificate trust store path.
-q | --useStartTLS
Use StartTLS to secure communication with the server.
Default: false
-T | --trustStorePassword {trustStorePassword}
Certificate trust store PIN.
-u | --keyStorePasswordFile {keyStorePasswordFile}
Certificate key store PIN file. A PIN is required when you specify to use an existing certificate as server certificate.
-U | --trustStorePasswordFile {path}
Certificate trust store PIN file.
--usePasswordPolicyControl
Use the password policy request control.
Default: false
-w | --bindPassword {bindPassword}
Password to use to bind to the server. Use -w - to ensure that the command prompts for the password, rather than entering the password as a command argument.
-W | --keyStorePassword {keyStorePassword}
Certificate key store PIN. A PIN is required when you specify to use an existing certificate as server certificate.
-X | --trustAll
Trust all server SSL certificates.
Default: false
-Z | --useSSL
Use SSL for secure communication with the server.
Default: false
Utility input/output options:
--noPropertiesFile
No properties file will be used to get default command line argument values.
Default: false
--propertiesFilePath {propertiesFilePath}
Path to the file containing default property values used for command line arguments.
-v | --verbose
Use verbose mode.
Default: false
General options:
-V | --version
Display Directory Server version information.
Default: false
-H | --help
Display this usage information.
Default: false
The command completed successfully.
The LDAP compare operation did not match.
The -m
option was used,
and the LDAP compare operation did match.
ldap-error
An LDAP error occurred while processing the operation.
LDAP result codes are described in RFC 4511. Also see the additional information for details.
An error occurred while parsing the command-line arguments.
You can use ~/.opendj/tools.properties
to set the defaults for bind DN, host name, and port number
as in the following example.
hostname=directory.example.com port=1389 bindDN=uid=kvaughan,ou=People,dc=example,dc=com ldapcompare.port=1389 ldapdelete.port=1389 ldapmodify.port=1389 ldappasswordmodify.port=1389 ldapsearch.port=1389
The following examples demonstrate comparing Babs Jensen's UID.
The following example uses a matching UID value.
$ldapcompare -p 1389 uid:bjensen uid=bjensen,ou=people,dc=example,dc=com
Comparing type uid with value bjensen in entry uid=bjensen,ou=people,dc=example,dc=com Compare operation returned true for entry uid=bjensen,ou=people,dc=example,dc=com
The following example uses a UID value that does not match.
$ldapcompare -p 1389 uid:beavis uid=bjensen,ou=people,dc=example,dc=com
Comparing type uid with value beavis in entry uid=bjensen,ou=people,dc=example,dc=com Compare operation returned false for entry uid=bjensen,ou=people,dc=example,dc=com