ldapcompare

Description

This is an LDAP utility that performs compare queries and prints a message whether the result returned a match or not. This utility opens a connection to an LDAP directory server, binds, and performs the comparison specified on the command line or from a specified file.

Syntax

[Expert@MGMT:0]# ldapcompare [-d <Debug Level>] [<Options>] <DN> {<Attribute> <Value> | <Attribute> <Base64 Value>}

Note - You must run this command from the Expert mode.

Parameters

Parameter	Description
`-d` <Debug Level>	Runs the command in debug mode with the specified TDERROR debug level. Valid values are from 0 (disabled) to 5 (maximal level, recommended).
`<`Options`>`	See the tables below.
`<`DN`>`	Specifies the Distinguished Name.
`<`Attribute`>`	Specifies the assertion attribute.
`<`Value`>`	Specifies the assertion value.
<Base64 Value>	Specifies the Base64 encoding of the assertion value.

Compare options:

Option	Description
`-E [!]<`Extension`>[=<`Extension Parameter`>]`	Specifies the compare extensions. Note - The exclamation sign "!" indicates criticality. For example: `!dontUseCopy` = Do not use Copy
`-M`	Enables the Manage DSA IT control. Use the `-MM` to make critical.
`-P <`LDAP Protocol Version`>`	Specifies the LDAP protocol version. Default version is 3.
`-z`	Enables the quiet mode. The command does not print anything. You can use the command return values.

Common options:

Option	Description
`-D <`Bind DN`>`	Specifies the LDAP Server administrator Distinguished Name.
`-e [!]<`Extension`>[=<`Extension Parameter`>]`	Specifies the general extensions:
	`[!]assert=<`Filter`>` RFC 4528; an RFC 4515 filter string
	`[!]authzid=<`Authorization ID`>` RFC 4370; either "`dn:<`DN`>`", or `"u:<`User`>`"
	`[!]chaining[=<`Resolve Behavior`>[/<`Continuation Behavior`>]]` One of these: `"chainingPreferred"` `"chainingRequired"` `"referralsPreferred"` `"referralsRequired"`
	`[!]manageDSAit` RFC 3296
	`[!]noop`
	`ppolicy`
	`[!]postread[=<`Attributes`>]` RFC 4527; a comma-separated list of attributes
	`[!]preread[=<`Attributes`>]` RFC 4527; a comma-separated list of attributes
	`[!]relax`
	`abandon` SIGINT sends the abandon signal; if critical, does not wait for SIGINT. Not really controls.
	`cancel` SIGINT sends the cancel signal; if critical, does not wait for SIGINT. Not really controls.
	`ignore` SIGINT ignores the response; if critical, does not wait for SIGINT. Not really controls.
	Note - The exclamation sign "!" indicates criticality.
`-h <`LDAP Server`>`	Specifies the LDAP Server computer by its IP address or resolvable hostname.
`-H <`LDAP URI>	Specifies the LDAP Server Uniform Resource Identifier(s).
`-I`	Specifies to use the SASL Interactive mode.
`-n`	Dry run - shows what would be done, but does not actually do it.
`-N`	Specifies not to use the reverse DNS to canonicalize SASL host name.
`-o <`Option`>[=<`Option Parameter`>]`	Specifies the general options: `nettimeout={<`Timeout in Sec`> \| none \| max}`
`-O <`Properties`>`	Specifies the SASL security properties.
`-p <`LDAP Server Port`>`	Specifies the LDAP Server port. Default is 389.
`-Q`	Specifies to use the SASL Quiet mode.
`-R <`Realm`>`	Specifies the SASL realm.
`-U <`Authentication Identity`>`	Specifies the SASL authentication identity.
`-v`	Runs in verbose mode (prints the diagnostics to stdout).
`-V`	Prints version information (use the `-VV` only).
`-w <`LDAP Admin Password`>`	Specifies the LDAP Server administrator password (for simple authentication).
`-W`	Specifies to prompt the user for the LDAP Server administrator password.
`-x`	Specifies to use simple authentication.
`-X <`Authorization Identity`>`	Specifies the SASL authorization identity (either "`dn:<`DN`>`", or "`u:<`User`>`").
`-y <`File`>`	Specifies to read the LDAP Server administrator password from the `<`File`>`.
`-Y <`SASL Mechanism`>`	Specifies the SASL mechanism.
`-Z`	Specifies to start the TLS request. Use the `-ZZ` to require successful response.