Name
ldapcompare — perform LDAP compare operations
Synopsis
ldapcompare {options} [[attribute] | [:] | [value]] [DN...]
Options
The following options are supported.
--assertionFilter {filter}-
Use the LDAP assertion control with the provided filter
-c, --continueOnError-
Continue processing even if there are errors
-f, --filename {file}-
LDIF file containing one DN per line of entries to compare
-J, --control {controloid[:criticality[:value|::b64value|:<filePath]]}-
Use a request control with the provided information
-m, --useCompareResultCode-
Use the LDAP compare result as an exit code for the LDAP compare operations.
-n, --dry-run-
Show what would be done but do not perform any operation
LDAP Connection Options
--connectTimeout {timeout}-
Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out.
Default value: 30000
-D, --bindDN {bindDN}-
DN to use to bind to the server
Default value: cn=Directory Manager
-h, --hostname {host}-
Directory server hostname or IP address
Default value: localhost.localdomain
-j, --bindPasswordFile {bindPasswordFile}-
Bind password file
-K, --keyStorePath {keyStorePath}-
Certificate key store path
-N, --certNickname {nickname}-
Nickname of certificate for SSL client authentication
-o, --saslOption {name=value}-
SASL bind options
-p, --port {port}-
Directory server port number
Default value: 389
-P, --trustStorePath {trustStorePath}-
Certificate trust store path
-q, --useStartTLS-
Use StartTLS to secure communication with the server
-r, --useSASLExternal-
Use the SASL EXTERNAL authentication mechanism
--trustStorePassword {trustStorePassword}-
Certificate trust store PIN
-u, --keyStorePasswordFile {keyStorePasswordFile}-
Certificate key store PIN file
-U, --trustStorePasswordFile {path}-
Certificate trust store PIN file
-V, --ldapVersion {version}-
LDAP protocol version number
Default value: 3
-w, --bindPassword {bindPassword}-
Password to use to bind to the server
-W, --keyStorePassword {keyStorePassword}-
Certificate key store PIN
-X, --trustAll-
Trust all server SSL certificates
-Z, --useSSL-
Use SSL for secure communication with the server
Utility Input/Output Options
-i, --encoding {encoding}-
Use the specified character set for command-line input
--noPropertiesFile-
No properties file will be used to get default command line argument values
--propertiesFilePath {propertiesFilePath}-
Path to the file containing default property values used for command line arguments
-s, --script-friendly-
Use script-friendly mode
-v, --verbose-
Use verbose mode
Exit Codes
- 0
-
The command completed successfully.
- 5
-
The -m option was used, and at least one of the LDAP compare operations did not match.
- 6
-
The -m option was used, and all the LDAP compare operations did match.
ldap-error-
An LDAP error occurred while processing the operation.
LDAP result codes are described in RFC 4511. Also see the additional information for details.
- 89
-
An error occurred while parsing the command-line arguments.
Files
You can use ~/.opendj/tools.properties to set
the defaults for bind DN, host name, and port number as in the following
example.
hostname=directory.example.com port=1389 bindDN=uid=kvaughan,ou=People,dc=example,dc=com ldapcompare.port=1389 ldapdelete.port=1389 ldapmodify.port=1389 ldappasswordmodify.port=1389 ldapsearch.port=1389
Examples
The following examples demonstrate comparing Babs Jensen's UID.
The following example uses a matching UID value.
$ ldapcompare -p 1389 uid:bjensen uid=bjensen,ou=people,dc=example,dc=com Comparing type uid with value bjensen in entry uid=bjensen,ou=people,dc=example,dc=com Compare operation returned true for entry uid=bjensen,ou=people,dc=example,dc=com
The following example uses a UID value that does not match.
$ ldapcompare -p 1389 uid:beavis uid=bjensen,ou=people,dc=example,dc=com Comparing type uid with value beavis in entry uid=bjensen,ou=people,dc=example,dc=com Compare operation returned false for entry uid=bjensen,ou=people,dc=example,dc=com
