Directory Server Documentation Index
Command-Line Tool Reference Home

ldapcompare

Description
Examples
Arguments

Description

Perform LDAP compare operations in the Directory Server.

Compare operations are useful in determining whether a server entry contains a particular attribute and value. The server will respond affirmatively if the entry contains the specified attribute.

When specifying arguments for this command, the first argument must be the assertion string, which consists of an attribute and value separated by a colon (:). The remaining arguments must be one or more DNs of entries to be used in the comparison operation.

Examples

Connect to the server and test two entries to determine whether the 'l' attribute of each user is present and has the value 'Austin'. Comparison information for each entry is printed to the screen:
ldapcompare --bindDN uid=admin,dc=example,dc=com --bindPassword password \
     l:Austin uid=jdoe,ou=People,dc=example,dc=com \
     uid=rroe,ou=People,dc=example,dc=com


Connect to the server and find entries whose DNs are present in the file /usr/local/entries.txt and have the departmentNumber attribute present with a value of 031502. Each of the resulting entries are tested to determine whether the l attribute of each entry has the value Austin. Comparison information for each entry is printed to the screen:
ldapcompare --bindDN uid=admin,dc=example,dc=com --bindPassword password \
     --filename /usr/local/entries.txt \
     --assertionFilter "(departmentNumber=031502)" l:Austin

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

Arguments

-H
--help

Description Display general usage information

--help-ldap

Description Display help for using LDAP options

--help-sasl

Description Display help for using SASL options

--help-debug

Description Display help for using debug options
Advanced Yes

--propertiesFilePath {propertiesFilePath}

Description Path to the file that contains default property values used for command-line arguments
Required No
Multi-Valued No

--noPropertiesFile

Description Specify that no properties file will be used to get default command-line argument values

--script-friendly

Description Use script-friendly mode

-h {host}
--hostname {host}

Description Directory Server hostname or IP address
Default Value localhost
Required No
Multi-Valued No

-p {port}
--port {port}

Description Directory Server port number
Default Value 389
Required No
Multi-Valued No

-Z
--useSSL

Description Use SSL for secure communication with the server

-q
--useStartTLS

Description Use StartTLS to secure communication with the server

-D {bindDN}
--bindDN {bindDN}

Description DN used to bind to the server
Required No
Multi-Valued No

-w {bindPassword}
--bindPassword {bindPassword}

Description Password used to bind to the server
Required No
Multi-Valued No

-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}

Description Bind password file
Required No
Multi-Valued No

-f {file}
--filename {file}

Description File containing the DNs of the entries to compare, with one DN per line
Required No
Multi-Valued No

-r
--useSASLExternal

Description Use the SASL EXTERNAL authentication mechanism

-o {name=value}
--saslOption {name=value}

Description SASL bind options
Required No
Multi-Valued Yes

-X
--trustAll

Description Trust all server SSL certificates

-K {keystorePath}
--keyStorePath {keystorePath}

Description Certificate keystore path
Required No
Multi-Valued No

-W {keystorePassword}
--keyStorePassword {keystorePassword}

Description Certificate keystore PIN
Required No
Multi-Valued No

-u {keystorePasswordFile}
--keyStorePasswordFile {keystorePasswordFile}

Description Certificate keystore PIN file
Required No
Multi-Valued No

-N {nickname}
--certNickname {nickname}

Description Nickname of the certificate for SSL client authentication
Required No
Multi-Valued No

-P {truststorePath}
--trustStorePath {truststorePath}

Description Certificate truststore path
Required No
Multi-Valued No

--trustStorePassword {truststorePassword}

Description Certificate truststore PIN
Required No
Multi-Valued No

-U {path}
--trustStorePasswordFile {path}

Description Certificate truststore PIN file
Required No
Multi-Valued No

--assertionFilter {filter}

Description Use the LDAP assertion control with the provided filter to specify a condition that must be true for the operation to be processed normally (see RFC 4528)
Required No
Multi-Valued No

-J {controloid[:criticality[:value|::b64value|:
--control {controloid[:criticality[:value|::b64value|:

Description Use a request control with the provided information. For certain controls that do not require a value, you may provide a user-friendly name instead of the numeric OID for the control. Supported names include: authorization-identity, get-effective-rights, hard-delete, ignore-no-user-modification, manage-dsa-it, no-op, password-policy, permissive-modify, purge-password, real-attributes-only, replication-repair, retire-password, return-conflict-entries, soft-delete, soft-deleted-entry-access, subtree-delete, undelete and virtual-attributes-only. Note that not all types of controls apply to all types of operations
Required No
Multi-Valued Yes

--version

Description Display Directory Server version information

-V {version}
--ldapVersion {version}

Description LDAP protocol version number
Default Value 3
Required No
Multi-Valued No

-i {encoding}
--encoding {encoding}

Description Use the specified character set for command-line input
Required No
Multi-Valued No

-c
--continueOnError

Description Continue processing even if there are errors

-n
--dry-run

Description Show what would be done but do not perform any operation

--useAdministrativeSession

Description Attempt to use an administrative session to have operations processed on a dedicated pool of worker threads. This may be useful when trying to diagnose problems in a server that is unresponsive because all normal worker threads are busy processing other requests

-v
--verbose

Description Use verbose mode