Perform LDAP compare operations in the Directory Server.
Compare operations are useful in determining whether a server entry contains a particular attribute and value. The server will respond affirmatively if the entry contains the specified attribute.
When specifying arguments for this command, the first argument must be the assertion string, which consists of an attribute and value separated by a colon (:). The remaining arguments must be one or more DNs of entries to be used in the comparison operation.
ldapcompare --bindDN uid=admin,dc=example,dc=com --bindPassword password \ l:Austin uid=jdoe,ou=People,dc=example,dc=com \ uid=rroe,ou=People,dc=example,dc=com
ldapcompare --bindDN uid=admin,dc=example,dc=com --bindPassword password \ --filename /usr/local/entries.txt \ --assertionFilter "(departmentNumber=031502)" l:Austin
-H
--help
Description | Display general usage information |
--help-ldap
Description | Display help for using LDAP options |
--help-sasl
Description | Display help for using SASL options |
--help-debug
Description | Display help for using debug options |
Advanced | Yes |
--propertiesFilePath {propertiesFilePath}
Description | Path to the file that contains default property values used for command-line arguments |
Required | No |
Multi-Valued | No |
--noPropertiesFile
Description | Specify that no properties file will be used to get default command-line argument values |
--script-friendly
Description | Use script-friendly mode |
-h {host}
--hostname {host}
Description | Directory Server hostname or IP address |
Default Value | localhost |
Required | No |
Multi-Valued | No |
-p {port}
--port {port}
Description | Directory Server port number |
Default Value | 389 |
Required | No |
Multi-Valued | No |
-Z
--useSSL
Description | Use SSL for secure communication with the server |
-q
--useStartTLS
Description | Use StartTLS to secure communication with the server |
-D {bindDN}
--bindDN {bindDN}
Description | DN used to bind to the server |
Required | No |
Multi-Valued | No |
-w {bindPassword}
--bindPassword {bindPassword}
Description | Password used to bind to the server |
Required | No |
Multi-Valued | No |
-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}
Description | Bind password file |
Required | No |
Multi-Valued | No |
-f {file}
--filename {file}
Description | File containing the DNs of the entries to compare, with one DN per line |
Required | No |
Multi-Valued | No |
-r
--useSASLExternal
Description | Use the SASL EXTERNAL authentication mechanism |
-o {name=value}
--saslOption {name=value}
Description | SASL bind options |
Required | No |
Multi-Valued | Yes |
-X
--trustAll
Description | Trust all server SSL certificates |
-K {keystorePath}
--keyStorePath {keystorePath}
Description | Certificate keystore path |
Required | No |
Multi-Valued | No |
-W {keystorePassword}
--keyStorePassword {keystorePassword}
Description | Certificate keystore PIN |
Required | No |
Multi-Valued | No |
-u {keystorePasswordFile}
--keyStorePasswordFile {keystorePasswordFile}
Description | Certificate keystore PIN file |
Required | No |
Multi-Valued | No |
-N {nickname}
--certNickname {nickname}
Description | Nickname of the certificate for SSL client authentication |
Required | No |
Multi-Valued | No |
-P {truststorePath}
--trustStorePath {truststorePath}
Description | Certificate truststore path |
Required | No |
Multi-Valued | No |
--trustStorePassword {truststorePassword}
Description | Certificate truststore PIN |
Required | No |
Multi-Valued | No |
-U {path}
--trustStorePasswordFile {path}
Description | Certificate truststore PIN file |
Required | No |
Multi-Valued | No |
--assertionFilter {filter}
Description | Use the LDAP assertion control with the provided filter to specify a condition that must be true for the operation to be processed normally (see RFC 4528) |
Required | No |
Multi-Valued | No |
-J {controloid[:criticality[:value|::b64value|:
--control {controloid[:criticality[:value|::b64value|:
Description | Use a request control with the provided information. For certain controls that do not require a value, you may provide a user-friendly name instead of the numeric OID for the control. Supported names include: authorization-identity, get-effective-rights, hard-delete, ignore-no-user-modification, manage-dsa-it, no-op, password-policy, permissive-modify, purge-password, real-attributes-only, replication-repair, retire-password, return-conflict-entries, soft-delete, soft-deleted-entry-access, subtree-delete, undelete and virtual-attributes-only. Note that not all types of controls apply to all types of operations |
Required | No |
Multi-Valued | Yes |
--version
Description | Display Directory Server version information |
-V {version}
--ldapVersion {version}
Description | LDAP protocol version number |
Default Value | 3 |
Required | No |
Multi-Valued | No |
-i {encoding}
--encoding {encoding}
Description | Use the specified character set for command-line input |
Required | No |
Multi-Valued | No |
-c
--continueOnError
Description | Continue processing even if there are errors |
-n
--dry-run
Description | Show what would be done but do not perform any operation |
--useAdministrativeSession
Description | Attempt to use an administrative session to have operations processed on a dedicated pool of worker threads. This may be useful when trying to diagnose problems in a server that is unresponsive because all normal worker threads are busy processing other requests |
-v
--verbose
Description | Use verbose mode |