From 3dceb1f43c4824eacfe6dc91373516f02a9fb19e Mon Sep 17 00:00:00 2001
From: Mark Craig <mark.craig@forgerock.com>
Date: Mon, 06 Jun 2011 15:58:53 +0000
Subject: [PATCH] Draft chapter on performing LDAP operations. Some updates to other bits of doc reflecting things I found while writing the draft chapter.
---
opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-tuning.xml | 4
opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapmodify.xml | 11
opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapcompare.xml | 9
opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapsearch.xml | 15 +
opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapdelete.xml | 267 ++++++++++++++++++--
opendj-sdk/opendj3/src/main/docbkx/shared/man-ldappasswordmodify.xml | 9
opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-ldap-operations.xml | 439 +++++++++++++++++++++++++++++++++
opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-virtual-attrs-collective-attrs.xml | 25 +
8 files changed, 744 insertions(+), 35 deletions(-)
diff --git a/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-ldap-operations.xml b/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-ldap-operations.xml
index a3cc245..dd35866 100644
--- a/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-ldap-operations.xml
+++ b/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-ldap-operations.xml
@@ -32,12 +32,445 @@
<title>Performing LDAP Operations</title>
<para>OpenDJ comes with a Control Panel browser for managing entries and also
- command-line tools for performing LDAP operations. This chapter focuses on
- demonstrating how to use the command line tools to script LDAP
- operations.</para>
+ command-line tools for performing LDAP operations. This chapter demonstrates
+ how to use the command line tools to script LDAP operations.</para>
<!-- TODO: search, compare, add, modify, modifyDN, delete, but also authrate,
searchrate, modrate, and ldappasswordmodify, who am I?, cancel -->
+
+ <section>
+ <title>Searching the Directory</title>
+
+ <para>Searching the directory resembles searching for a phone number in
+ a paper phone book. You can look up a phone number because you know the
+ last name of a subscriber's entry. In other words, you use the value of
+ one attribute of the entry to find entries that have another attribute
+ you want.</para>
+
+ <para>Yet whereas a paper phone book has only one index (alphabetical order
+ by name), the directory has many indexes. For a search you therefore always
+ specify which index to use, by specifying which attribute(s) you are using
+ to lookup entries.</para>
+
+ <para>Your paper phone book might be divided into white pages for residential
+ subscribers, and yellow pages for businesses. If you are looking up an
+ individual's phone number, you limit your search to the white pages.
+ Directory services divide entries in various ways, often to separate
+ organizations, and to separate groups from user entries from printers for
+ example, but potentially in other ways. When searching you therefore also
+ specify where in the directory to search.</para>
+
+ <para>The <command>ldapsearch</command> command thus takes at minimum a
+ search base DN option and an LDAP filter. The search base DN identifies
+ where in the directory to search for entries that match the filter.
+ For example, if you are looking for printers, you might specify the base
+ DN as <literal>ou=Printers,dc=example,dc=com</literal>. Perhaps you are
+ visiting the <literal>GNB00</literal> office and are looking for a
+ printer.</para>
+
+ <screen width="80">$ ldapsearch -b ou=Printers,dc=example,dc=com "(printerLocation=GNB00)"</screen>
+
+ <para>In the example, the LDAP filter indicates to the directory that you
+ want to lookup printer entries where the <literal>printerLocation</literal>
+ attribute is equal to <literal>GNB00</literal>.</para>
+ <para>You also specify the host and port to access directory services,
+ what protocol to use (for example, LDAP/SSL, or StartTLS to protect
+ communication). If the directory service does not allow anonymous access
+ to the data you want to search, you also identify who is performing the
+ search and provide their credentials, such as a password or
+ certificate. Finally, you can specify a list of attributes to return.
+ If you do not specify attributes, then the search returns all user attributes
+ for the entry.</para>
+
+ <example>
+ <title>Search: Simple Filter</title>
+
+ <para>The following example searches for entries with UID containing
+ <literal>jensen</literal>, returning only DNs and uid values.</para>
+
+ <screen width="80">$ ldapsearch -p 1389 -b dc=example,dc=com "(uid=*jensen*)" uid
+dn: uid=ajensen,ou=People,dc=example,dc=com
+uid: ajensen
+
+dn: uid=bjensen,ou=People,dc=example,dc=com
+uid: bjensen
+
+dn: uid=gjensen,ou=People,dc=example,dc=com
+uid: gjensen
+
+dn: uid=jjensen,ou=People,dc=example,dc=com
+uid: jjensen
+
+dn: uid=kjensen,ou=People,dc=example,dc=com
+uid: kjensen
+
+dn: uid=rjensen,ou=People,dc=example,dc=com
+uid: rjensen
+
+dn: uid=tjensen,ou=People,dc=example,dc=com
+uid: tjensen
+
+
+Result Code: 0 (Success)</screen>
+ </example>
+
+ <example>
+ <title>Search: Complex Filter</title>
+
+ <para>The following example returns entries with <literal>uid</literal>
+ containing <literal>jensen</literal> for users located in Santa Clara. The
+ command returns the attributes associated with the <literal>person</literal>
+ object class.</para>
+
+ <screen width="80">$ ldapsearch -p 1389 -b ou=people,dc=example,dc=com \
+> "(&(uid=*jensen*)(l=Santa Clara))" @person
+dn: uid=ajensen,ou=People,dc=example,dc=com
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: top
+cn: Allison Jensen
+telephoneNumber: +1 408 555 7892
+sn: Jensen
+
+dn: uid=gjensen,ou=People,dc=example,dc=com
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: top
+cn: Gern Jensen
+telephoneNumber: +1 408 555 3299
+sn: Jensen
+
+dn: uid=kjensen,ou=People,dc=example,dc=com
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: top
+cn: Kurt Jensen
+telephoneNumber: +1 408 555 6127
+sn: Jensen
+
+dn: uid=tjensen,ou=People,dc=example,dc=com
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: top
+cn: Ted Jensen
+telephoneNumber: +1 408 555 8622
+sn: Jensen
+
+</screen>
+ </example>
+ </section>
+
+ <section>
+ <title>Comparing Attribute Values</title>
+
+ <para>The compare operation checks whether an attribute value you specify
+ matches the attribute value stored on one or more directory entries.</para>
+
+ <example>
+ <title>Compare: Checking <literal>authPassword</literal></title>
+
+ <para>In this example, Kirsten Vaughan checks whether the hashed password
+ value matches the stored value on <literal>authPassword</literal>.</para>
+
+ <screen width="80">$ ldapcompare -p 1389 -D "uid=kvaughan,ou=people,dc=example,dc=com" \
+ > -w bribery 'authPassword:MD5$dFHgpDxXUT8=$qlC4xMXvmVlusJLz9/WJ5Q==' \
+ > uid=kvaughan,ou=people,dc=example,dc=com
+ Comparing type authPassword with value
+ MD5$dFHgpDxXUT8=$qlC4xMXvmVlusJLz9/WJ5Q== in entry
+ uid=kvaughan,ou=people,dc=example,dc=com
+ Compare operation returned true for entry
+ uid=kvaughan,ou=people,dc=example,dc=com</screen>
+ </example>
+ </section>
+
+ <section>
+ <title>Updating the Directory</title>
+
+ <para>Authorized users can change directory data using the LDAP add, modify,
+ modify DN, and delete operations.</para>
+
+ <section>
+ <title>Adding Entries</title>
+
+ <para>With the <command>ldapmodify -a</command> command, authorized users
+ can add entire entries from the same sort of LDIF file used to import
+ and export data.</para>
+
+ <example>
+ <title>Add: Two New Users</title>
+
+ <screen width="80">$ cat new-users.ldif
+dn: cn=Arsene Lupin,ou=Special Users,dc=example,dc=com
+objectClass: person
+objectClass: top
+cn: Arsene Lupin
+telephoneNumber: +33 1 23 45 67 89
+sn: Lupin
+
+dn: cn=Horace Velmont,ou=Special Users,dc=example,dc=com
+objectClass: person
+objectClass: top
+cn: Horace Velmont
+telephoneNumber: +33 1 12 23 34 45
+sn: Velmont
+
+$ ldapmodify -a -p 1389 -D "uid=kvaughan,ou=people,dc=example,dc=com" \
+> -w bribery -f new-users.ldif
+Processing ADD request for cn=Arsene Lupin,ou=Special Users,dc=example,dc=com
+ADD operation successful for DN
+ cn=Arsene Lupin,ou=Special Users,dc=example,dc=com
+Processing ADD request for cn=Horace Velmont,ou=Special Users,dc=example,dc=com
+ADD operation successful for DN
+ cn=Horace Velmont,ou=Special Users,dc=example,dc=com</screen>
+ </example>
+ </section>
+
+ <section>
+ <title>Modifying Entry Attributes</title>
+
+ <para>With the <command>ldapmodify</command> command, authorized users
+ can change the values of attributes in the directory using LDIF as specified
+ in <link xlink:href='http://tools.ietf.org/html/rfc2849'>RFC 2849</link>.</para>
+
+ <example>
+ <title>Modify: Adding Attributes</title>
+
+ <para>The following example adds a description and JPEG photo to Sam
+ Carter's entry.</para>
+
+ <screen width="80">$ cat scarter-mods.ldif
+dn: uid=scarter,ou=people,dc=example,dc=com
+changetype: modify
+add: description
+description: Accounting Manager
+-
+add: jpegphoto
+jpegphoto: /tmp/Samantha-Carter.jpg
+
+$ ldapmodify -p 1389 -D "uid=kvaughan,ou=people,dc=example,dc=com" \
+> -w bribery -f scarter-mods.ldif
+Processing MODIFY request for uid=scarter,ou=people,dc=example,dc=com
+MODIFY operation successful for DN uid=scarter,ou=people,dc=example,dc=com</screen>
+ </example>
+
+ <example>
+ <title>Modify: Changing an Attribute Value</title>
+
+ <para>The following example replaces the description on Sam Carter's
+ entry.</para>
+
+ <screen width="80">$ cat scarter-newdesc.ldif
+dn: uid=scarter,ou=people,dc=example,dc=com
+changetype: modify
+replace: description
+description: Accounting Director
+
+$ ldapmodify -p 1389 -D "uid=kvaughan,ou=people,dc=example,dc=com" \
+> -w bribery -f scarter-newdesc.ldif
+Processing MODIFY request for uid=scarter,ou=people,dc=example,dc=com
+MODIFY operation successful for DN uid=scarter,ou=people,dc=example,dc=com</screen>
+ </example>
+
+ <example>
+ <title>Modify: Deleting an Attribute Value</title>
+
+ <para>The following example deletes the JPEG photo on Sam Carter's
+ entry.</para>
+
+ <screen width="80">$ cat /path/to/scarter-deljpeg.ldif
+dn: uid=scarter,ou=people,dc=example,dc=com
+changetype: modify
+delete: jpegphoto
+
+$ ldapmodify -p 1389 -D "uid=kvaughan,ou=people,dc=example,dc=com" \
+> -w bribery -f scarter-deljpeg.ldif
+Processing MODIFY request for uid=scarter,ou=people,dc=example,dc=com
+MODIFY operation successful for DN uid=scarter,ou=people,dc=example,dc=com</screen>
+ </example>
+ </section>
+
+ <section>
+ <title>Renaming Entries</title>
+
+ <para>The Relative Distinguished Name (RDN) refers to the part of an
+ entry's DN that distinguishes it from all other DNs at the same level
+ in the directory tree. For example <literal>uid=bjensen</literal> is
+ the RDN of the entry having DN
+ <literal>uid=bjensen,ou=People,dc=example,dc=com</literal>.</para>
+
+ <para>With the <command>ldapmodify</command> command, authorized users
+ can rename entries in the directory.</para>
+
+ <para>When you change the RDN of the entry, you are renaming the entry,
+ modifying the value of the naming attribute, but also modifying the entry's
+ DN.</para>
+
+ <example>
+ <title>Rename: Modifying the DN</title>
+
+ <para>Sam Carter is changing her last name to Jensen, and changing her
+ login from <literal>scarter</literal> to <literal>sjensen</literal>.
+ The following example renames and changes Sam Carter's entry
+ accordingly.</para>
+
+ <screen width="80">$ cat /path/to/scarter-sjensen.ldif
+dn: uid=scarter,ou=people,dc=example,dc=com
+changetype: modrdn
+newrdn: uid=sjensen
+deleteoldrdn: 1
+
+dn: uid=sjensen,ou=people,dc=example,dc=com
+changetype: modify
+replace: cn
+cn: Sam Jensen
+-
+replace: sn
+sn: Jensen
+-
+replace: homeDirectory
+homeDirectory: /home/sjensen
+-
+replace: mail
+mail: sjensen@example.com
+
+$ ldapmodify -p 1389 -D "uid=kvaughan,ou=people,dc=example,dc=com" \
+> -w bribery -f /path/to/scarter-sjensen.ldif
+Processing MODIFY DN request for uid=scarter,ou=people,dc=example,dc=com
+MODIFY DN operation successful for DN uid=scarter,ou=people,dc=example,dc=com
+Processing MODIFY request for uid=sjensen,ou=people,dc=example,dc=com
+MODIFY operation successful for DN uid=sjensen,ou=people,dc=example,dc=com</screen>
+ </example>
+ </section>
+
+ <section>
+ <title>Moving Entries</title>
+
+ <para>When you rename an entry with child entries, the directory has
+ to move all the entries underneath.</para>
+
+ <note>
+ <para>The modify DN operation only works when moving entries in the same
+ backend, under the same suffix. Also, depending on the number of entries
+ you move, this can be a resource-intensive operation.</para>
+ </note>
+
+ <para>With the <command>ldapmodify</command> command, authorized users
+ can move entries in the directory.</para>
+
+ <example>
+ <title>Move: Merging Customer and Employees Under
+ <literal>ou=People</literal></title>
+
+ <para>The following example moves
+ <literal>ou=Customers,dc=example,dc=com</literal> to
+ <literal>ou=People,dc=example,dc=com</literal>, and then moves each
+ employee under <literal>ou=Employees,dc=example,dc=com</literal>
+ under <literal>ou=People,dc=example,dc=com</literal> as well, finally
+ removing the empty <literal>ou=Employees,dc=example,dc=com</literal>
+ container.</para>
+
+ <screen width="80">$ cat move-customers.ldif
+dn: ou=Customers,dc=example,dc=com
+changetype: modrdn
+newrdn: ou=People
+deleteoldrdn: 1
+newsuperior: dc=example,dc=com
+
+$ ldapmodify -p 1389 -D "cn=Directory Manager" -w password \
+> -f move-customers.ldif
+Processing MODIFY DN request for ou=Customers,dc=example,dc=com
+MODIFY DN operation successful for DN ou=Customers,dc=example,dc=com
+$ cat move-employees.pl
+#!/usr/bin/perl -w
+
+# For each employee, construct a spec to move under ou=People.
+while (<>)
+{
+ # Next line folded for readability only. Should not be split.
+ $_ =~ s/dn: (.*?)(,.*)/dn: $1$2\nchangetype: moddn\nnewrdn: $1\n
+ deleteoldrdn: 0\nnewsuperior: ou=People,dc=example,dc=com/;
+ print;
+}
+$ ldapsearch -p 1389 -b ou=Employees,dc=example,dc=com uid=* - | \
+> move-employees.pl > /tmp/move-employees.ldif
+$ head -n 6 /tmp/move-employees.ldif
+dn: uid=abarnes,ou=Employees,dc=example,dc=com
+changetype: moddn
+newrdn: uid=abarnes
+deleteoldrdn: 0
+newsuperior: ou=People,dc=example,dc=com
+
+$ ldapmodify -p 1389 -D "cn=Directory Manager" -w password \
+> -f /tmp/move-employees.ldif
+Processing MODIFY DN request for uid=abarnes,ou=Employees,dc=example,dc=com
+MODIFY DN operation successful for DN uid=abarnes,ou=Employees,dc=example,dc=com
+Processing MODIFY DN request for uid=abergin,ou=Employees,dc=example,dc=com
+MODIFY DN operation successful for DN uid=abergin,ou=Employees,dc=example,dc=com
+...
+Processing MODIFY DN request for uid=wlutz,ou=Employees,dc=example,dc=com
+MODIFY DN operation successful for DN uid=wlutz,ou=Employees,dc=example,dc=com
+$ ldapdelete -p 1389 -D "cn=Directory Manager" -w password \
+> ou=Employees,dc=example,dc=com
+Processing DELETE request for ou=Employees,dc=example,dc=com
+DELETE operation successful for DN ou=Employees,dc=example,dc=com</screen>
+ </example>
+ </section>
+
+ <section>
+ <title>Deleting Entries</title>
+
+ <para>With the <command>ldapmodify</command> command, authorized users
+ can delete entries from the directory.</para>
+
+ <example>
+ <title>Delete: Removing a Subtree</title>
+
+ <para>The following example uses the subtree delete option to remove
+ all Special Users from the directory.</para>
+
+ <screen width="80">$ ldapdelete -p 1389 -D "cn=Directory Manager" -w password \
+> -x "ou=Special Users,dc=example,dc=com"
+Processing DELETE request for ou=Special Users,dc=example,dc=com
+DELETE operation successful for DN ou=Special Users,dc=example,dc=com</screen>
+ </example>
+ </section>
+ </section>
+
+ <section>
+ <title>Changing Passwords</title>
+
+ <para>With the <command>ldappasswordmodify</command> command, authorized
+ users can change and reset user passwords.</para>
+
+ <example>
+ <title>Password Reset</title>
+
+ <para>The following example shows Kirsten Vaughan resetting Sam Carter's
+ password. Kirsten has the appropriate privilege to reset Sam's
+ password. The <option>-q</option> option means the same thing as
+ <option>--useStartTLS</option>.</para>
+
+ <screen width="80">$ ldappasswordmodify -q -p 1389 -D "uid=kvaughan,ou=people,dc=example,dc=com" \
+> -w bribery -a "dn:uid=scarter,ou=people,dc=example,dc=com" -n ChangeMe
+The LDAP password modify operation was successful</screen>
+
+ <para>You could also accomplish password reset with the following command,
+ but <command>set-password-is-reset</command> is a hidden option, supported
+ only for testing.</para>
+
+ <screen width="80">$ manage-account -D "cn=Directory Manager" -w password \
+> set-password-is-reset -b uid=scarter,ou=people,dc=example,dc=com -O true
+Password Is Reset: true</screen>
+ </example>
+ </section>
</chapter>
diff --git a/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-tuning.xml b/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-tuning.xml
index e743ff4..a95b202 100644
--- a/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-tuning.xml
+++ b/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-tuning.xml
@@ -42,6 +42,8 @@
maximize performance for clients given the constraints of your deployment.
This chapter therefore aims to provide suggestions on how to measure and
to improve directory service performance for better trade offs.</para>
+
+ <!-- TODO: Demonstrate measuring directory service throughput and response
+ times using authrate, modrate, and searchrate. -->
</chapter>
-
diff --git a/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-virtual-attrs-collective-attrs.xml b/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-virtual-attrs-collective-attrs.xml
index d3d76aa..78ab41c 100644
--- a/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-virtual-attrs-collective-attrs.xml
+++ b/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-virtual-attrs-collective-attrs.xml
@@ -39,6 +39,31 @@
<para>This chapter demonstrates how to define virtual and collective
attributes, showing common solutions as examples of their use.</para>
+
+ <section>
+ <title>Virtual Attributes</title>
+
+ <para>TODO</para>
+ </section>
+ <section>
+ <title>Collective Attributes</title>
+
+ <para>Collective attributes provide a standard mechanism for defining
+ attributes that appear on all the entries in a subtree potentially filtered
+ by object class. Standard collective attribute type names have the prefix
+ <literal>c-</literal>.</para>
+
+ <para>OpenDJ extends collective attributes to make them easier to use.
+ You can define any OpenDJ attribute as collective using the
+ <literal>;collective</literal> attribute option. You can use LDAP filters
+ in your subtree specification for fine-grained control over which entries
+ have the collective attributes.</para>
+
+ <para>For example, you can define administrative privileges that
+ apply to all users who belong to an administrators group. Alternatively
+ you can define attributes that specify services available for a user
+ depending on that user's service level.</para>
+ </section>
</chapter>
diff --git a/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapcompare.xml b/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapcompare.xml
index c1d2bdd..85c7304 100644
--- a/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapcompare.xml
+++ b/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapcompare.xml
@@ -276,6 +276,15 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term><replaceable>ldap-error</replaceable></term>
+ <listitem>
+ <para>An LDAP error occurred while processing the operation.</para>
+ <para>LDAP result codes are described in <link
+ xlink:href="http://tools.ietf.org/html/rfc4511#appendix-A">RFC
+ 4511</link>. Also see the additional information for details.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term>89</term>
<listitem>
<para>An error occurred while parsing the command-line arguments.</para>
diff --git a/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapdelete.xml b/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapdelete.xml
index 3914c1d..fdb1d06 100644
--- a/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapdelete.xml
+++ b/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapdelete.xml
@@ -35,72 +35,277 @@
</refmeta>
<refnamediv>
<refname>ldapdelete</refname>
- <refpurpose>TODO one-line description</refpurpose>
+ <refpurpose>perform LDAP delete operations</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>ldapdelete</command>
- <command><replaceable>subcommand</replaceable></command>
- <arg choice="opt">--options</arg>
+ <arg choice="req">options</arg>
+ <arg><replaceable>DN</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
- <para>TODO description.</para>
+ <para>This utility can be used to perform LDAP delete operations in the
+ directory.</para>
</refsect1>
<refsect1>
- <title>Global Options</title>
- <para>The following global options are supported.</para>
+ <title>Options</title>
+ <para>The following options are supported.</para>
<variablelist>
<varlistentry>
- <term><option>TODO</option></term>
+ <term><option>--assertionFilter {filter}</option></term>
<listitem>
- <para>TODO Description.</para>
+ <para>Use the LDAP assertion control with the provided filter</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>-c, --continueOnError</option></term>
+ <listitem>
+ <para>Continue processing even if there are errors</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-f, --filename {file}</option></term>
+ <listitem>
+ <para>LDIF file containing the changes to apply</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-J, --control {controloid[:criticality[:value|::b64value|:<filePath]]}</option></term>
+ <listitem>
+ <para>Use a request control with the provided information</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-n, --dry-run</option></term>
+ <listitem>
+ <para>Show what would be done but do not perform any operation</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-x, --deleteSubtree</option></term>
+ <listitem>
+ <para>Delete the specified entry and all entries below it</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-Y, --proxyAs {authzID}</option></term>
+ <listitem>
+ <para>Use the proxied authorization control with the given authorization
+ ID</para>
+ </listitem>
+ </varlistentry>
</variablelist>
- </refsect1>
- <refsect1>
- <title>Subcommands</title>
- <para>The following subcommands are supported.</para>
<refsect2>
- <para>TODO Description.</para>
- <cmdsynopsis>
- <command>ldapdelete</command>
- <command>TODO</command>
- <arg choice="opt">--options</arg>
- </cmdsynopsis>
+ <title>LDAP Connection Options</title>
<variablelist>
<varlistentry>
- <term><option>TODO</option></term>
+ <term><option>-D, --bindDN {bindDN}</option></term>
<listitem>
- <para>TODO description.</para>
+ <para>DN to use to bind to the server</para>
+ <para>Default value: cn=Directory Manager</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-E, --reportAuthzID</option></term>
+ <listitem>
+ <para>Use the authorization identity control</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-h, --hostname {host}</option></term>
+ <listitem>
+ <para>Directory server hostname or IP address</para>
+ <para>Default value: localhost.localdomain</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-j, --bindPasswordFile {bindPasswordFile}</option></term>
+ <listitem>
+ <para>Bind password file</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-K, --keyStorePath {keyStorePath}</option></term>
+ <listitem>
+ <para> Certificate key store path</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-N, --certNickname {nickname}</option></term>
+ <listitem>
+ <para>Nickname of certificate for SSL client authentication</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-o, --saslOption {name=value}</option></term>
+ <listitem>
+ <para>SASL bind options</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-p, --port {port}</option></term>
+ <listitem>
+ <para>Directory server port number</para>
+ <para>Default value: 389</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-P, --trustStorePath {trustStorePath}</option></term>
+ <listitem>
+ <para>Certificate trust store path</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-q, --useStartTLS</option></term>
+ <listitem>
+ <para>Use StartTLS to secure communication with the server</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-T, --trustStorePassword {trustStorePassword}</option></term>
+ <listitem>
+ <para>Certificate trust store PIN</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-u, --keyStorePasswordFile {keyStorePasswordFile}</option></term>
+ <listitem>
+ <para>Certificate key store PIN file</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-U, --trustStorePasswordFile {path}</option></term>
+ <listitem>
+ <para>Certificate trust store PIN file</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>--usePasswordPolicyControl</option></term>
+ <listitem>
+ <para>Use the password policy request control</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-V, --ldapVersion {version}</option></term>
+ <listitem>
+ <para>LDAP protocol version number</para>
+ <para>Default value: 3</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-w, --bindPassword {bindPassword}</option></term>
+ <listitem>
+ <para>Password to use to bind to the server</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-W, --keyStorePassword {keyStorePassword}</option></term>
+ <listitem>
+ <para>Certificate key store PIN</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-X, --trustAll</option></term>
+ <listitem>
+ <para>Trust all server SSL certificates</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-Z, --useSSL</option></term>
+ <listitem>
+ <para>Use SSL for secure communication with the server</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect2>
+ <refsect2>
+ <title>Utility Input/Output Options</title>
+ <variablelist>
+ <varlistentry>
+ <term><option>-i, --encoding {encoding}</option></term>
+ <listitem>
+ <para>Use the specified character set for command-line input</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>--noPropertiesFile</option></term>
+ <listitem>
+ <para>No properties file will be used to get default command line
+ argument values</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>--propertiesFilePath {propertiesFilePath}</option></term>
+ <listitem>
+ <para>Path to the file containing default property values used for
+ command line arguments</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-v, --verbose</option></term>
+ <listitem>
+ <para>Use verbose mode</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect2>
+ <refsect2>
+ <title>General Options</title>
+ <variablelist>
+ <varlistentry>
+ <term><option>--version</option></term>
+ <listitem>
+ <para>Display version information</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-?, -H, --help</option></term>
+ <listitem>
+ <para>Display usage information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect2>
</refsect1>
<refsect1>
- <title>Files</title>
- <para>TODO if command has configuration file.</para>
- </refsect1>
- <refsect1>
- <title>Environment</title>
- <para>TODO if command reads environment variables.</para>
- </refsect1>
- <refsect1>
<title>Exit Codes</title>
<variablelist>
<varlistentry>
- <term>TODO exit code</term>
+ <term>0</term>
<listitem>
- <para>TODO description.</para>
+ <para>The command completed successfully.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><replaceable>ldap-error</replaceable></term>
+ <listitem>
+ <para>An LDAP error occurred while processing the operation.</para>
+ <para>LDAP result codes are described in <link
+ xlink:href="http://tools.ietf.org/html/rfc4511#appendix-A">RFC
+ 4511</link>. Also see the additional information for details.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>89</term>
+ <listitem>
+ <para>An error occurred while parsing the command-line arguments.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Examples</title>
- <para>TODO</para>
+ <para>The following command deletes a user entry from the directory.</para>
+ <screen width="80">$ ldapdelete -p 1389 -D "cn=Directory Manager" -w password \
+> uid=bjensen,ou=people,dc=example,dc=com
+Processing DELETE request for uid=bjensen,ou=people,dc=example,dc=com
+DELETE operation successful for DN uid=bjensen,ou=people,dc=example,dc=com</screen>
+ <para>The following command deletes the ou=Groups entry and all entries
+ underneath ou=Groups.</para>
+ <screen width="80">$ ldapdelete -p 1389 -D "cn=Directory Manager" -w password -x \
+> Processing DELETE request for ou=groups,dc=example,dc=com
+DELETE operation successful for DN ou=groups,dc=example,dc=com</screen>
</refsect1>
</refentry>
diff --git a/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapmodify.xml b/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapmodify.xml
index 7ab32db..ad2bd09 100644
--- a/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapmodify.xml
+++ b/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapmodify.xml
@@ -49,6 +49,8 @@
<title>Description</title>
<para>This utility can be used to perform LDAP modify, add, delete, and
modify DN operations in the directory.</para>
+ <para>When not using a file to specify modifications, end your input with
+ EOF (Ctrl+D on UNIX, Ctrl+Z on Windows).</para>
</refsect1>
<refsect1>
<title>Options</title>
@@ -292,6 +294,15 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term><replaceable>ldap-error</replaceable></term>
+ <listitem>
+ <para>An LDAP error occurred while processing the operation.</para>
+ <para>LDAP result codes are described in <link
+ xlink:href="http://tools.ietf.org/html/rfc4511#appendix-A">RFC
+ 4511</link>. Also see the additional information for details.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term>89</term>
<listitem>
<para>An error occurred while parsing the command-line arguments.</para>
diff --git a/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldappasswordmodify.xml b/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldappasswordmodify.xml
index 2274a2c..6bacc56 100644
--- a/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldappasswordmodify.xml
+++ b/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldappasswordmodify.xml
@@ -267,6 +267,15 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term><replaceable>ldap-error</replaceable></term>
+ <listitem>
+ <para>An LDAP error occurred while processing the operation.</para>
+ <para>LDAP result codes are described in <link
+ xlink:href="http://tools.ietf.org/html/rfc4511#appendix-A">RFC
+ 4511</link>. Also see the additional information for details.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term>89</term>
<listitem>
<para>An error occurred while parsing the command-line arguments.</para>
diff --git a/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapsearch.xml b/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapsearch.xml
index 3615a01..64f9207 100644
--- a/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapsearch.xml
+++ b/opendj-sdk/opendj3/src/main/docbkx/shared/man-ldapsearch.xml
@@ -51,6 +51,12 @@
<title>Description</title>
<para>This utility can be used to perform LDAP search operations in the
directory.</para>
+ <para>In the list of attributes to return, you can specify
+ <literal>*</literal> to return all user attributes, <literal>+</literal> to
+ return all operational attributes, and
+ <literal>@<replaceable>object-class</replaceable></literal> to return
+ all attributes associated with the <replaceable>object-class</replaceable>
+ such as <literal>@person</literal>.</para>
</refsect1>
<refsect1>
<title>Options</title>
@@ -369,6 +375,15 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term><replaceable>ldap-error</replaceable></term>
+ <listitem>
+ <para>An LDAP error occurred while processing the operation.</para>
+ <para>LDAP result codes are described in <link
+ xlink:href="http://tools.ietf.org/html/rfc4511#appendix-A">RFC
+ 4511</link>. Also see the additional information for details.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term>89</term>
<listitem>
<para>An error occurred while parsing the command-line arguments.</para>
--
Gitblit v1.10.0