Name
ldapcompare — perform LDAP compare operations
Synopsis
ldapcompare
{options} [[attribute] | [:] | [value]] [DN...]
Options
The following options are supported.
--assertionFilter {filter}
-
Use the LDAP assertion control with the provided filter
-c, --continueOnError
-
Continue processing even if there are errors
-f, --filename {file}
-
LDIF file containing one DN per line of entries to compare
-J, --control {controloid[:criticality[:value|::b64value|:<filePath]]}
-
Use a request control with the provided information
-n, --dry-run
-
Show what would be done but do not perform any operation
-Y, --proxyAs {authzID}
-
Use the proxied authorization control with the given authorization ID
LDAP Connection Options
-D, --bindDN {bindDN}
-
DN to use to bind to the server
Default value: cn=Directory Manager
-E, --reportAuthzID
-
Use the authorization identity control
-h, --hostname {host}
-
Directory server hostname or IP address
Default value: localhost.localdomain
-j, --bindPasswordFile {bindPasswordFile}
-
Bind password file
-K, --keyStorePath {keyStorePath}
-
Certificate key store path
-N, --certNickname {nickname}
-
Nickname of certificate for SSL client authentication
-o, --saslOption {name=value}
-
SASL bind options
-p, --port {port}
-
Directory server port number
Default value: 389
-P, --trustStorePath {trustStorePath}
-
Certificate trust store path
-q, --useStartTLS
-
Use StartTLS to secure communication with the server
-T, --trustStorePassword {trustStorePassword}
-
Certificate trust store PIN
-u, --keyStorePasswordFile {keyStorePasswordFile}
-
Certificate key store PIN file
-U, --trustStorePasswordFile {path}
-
Certificate trust store PIN file
--usePasswordPolicyControl
-
Use the password policy request control
-V, --ldapVersion {version}
-
LDAP protocol version number
Default value: 3
-w, --bindPassword {bindPassword}
-
Password to use to bind to the server
-W, --keyStorePassword {keyStorePassword}
-
Certificate key store PIN
-X, --trustAll
-
Trust all server SSL certificates
-Z, --useSSL
-
Use SSL for secure communication with the server
Utility Input/Output Options
-i, --encoding {encoding}
-
Use the specified character set for command-line input
--noPropertiesFile
-
No properties file will be used to get default command line argument values
--propertiesFilePath {propertiesFilePath}
-
Path to the file containing default property values used for command line arguments
-v, --verbose
-
Use verbose mode
Exit Codes
- 0
-
The command completed successfully.
ldap-error
-
An LDAP error occurred while processing the operation.
LDAP result codes are described in RFC 4511. Also see the additional information for details.
- 89
-
An error occurred while parsing the command-line arguments.
Files
You can use ~/.opendj/tools.properties
to set
the defaults for bind DN, host name, and port number as in the following
example.
hostname=directory.example.com port=1389 bindDN=uid=kvaughan,ou=People,dc=example,dc=com ldapcompare.port=1389 ldapdelete.port=1389 ldapmodify.port=1389 ldappasswordmodify.port=1389 ldapsearch.port=1389
Examples
The following examples demonstrate comparing Babs Jensen's UID.
The following example uses a matching UID value.
$ ldapcompare -p 1389 uid:bjensen uid=bjensen,ou=people,dc=example,dc=com Comparing type uid with value bjensen in entry uid=bjensen,ou=people,dc=example,dc=com Compare operation returned true for entry uid=bjensen,ou=people,dc=example,dc=com
The following example uses a UID value that does not match.
$ ldapcompare -p 1389 uid:beavis uid=bjensen,ou=people,dc=example,dc=com Comparing type uid with value beavis in entry uid=bjensen,ou=people,dc=example,dc=com Compare operation returned false for entry uid=bjensen,ou=people,dc=example,dc=com