Chapter 8 The LDAPSubtdel Tool

The LDAPSubtdel tool provides the means for removing a subtree from a Lightweight Directory Access Protocol (LDAP) directory server. This chapter provides instructions on how to use it. It contains the following sections:

Overview

The LDAPSubtdel tool enables an administrator to remove a subtree from an LDAP directory server. It opens a connection to an LDAP server, binds, performs a search using a predefined filter, and performs a subtree deletion. It is written in Java™ using the LDAP SDK for Java, therefore requiring a Java runtime environment to function properly. The LDAPSubtdel program was compiled with Java 1.2. The latest version of the tool can be found in the DSRK_base/java/LDAPSubtdel directory. More information on the program can be found in the README in this directory.

Running LDAPSubtdel

The LDAPSubtdel tool is delivered as either ldaplstd.jar or lstd.jar. The difference between how the two versions are executed depends on whether the LDAP SDK is installed. The ldaplstd.jar file includes the ldapjdk.jar. The lstd.jar requires that the LDAP SDK be installed.

With LDAP SDK Installed

To run the tool when the LDAP SDK for Java is installed in the proper directory, execute this command from the directory in which lstd.jar is stored:

Without LDAP SDK Installed

To run the tool when the LDAP SDK for Java is not installed, execute this command from the directory in which ldaplstd.jar is stored:


Note	The latest LDAP SDK for Java can be downloaded from Sun Microsystems’ Download Center.

Options

Table 8-1 Options for LDAPSubtdel
Option	Parameter	Purpose
-v		Verbose output mode: the tool will display additional information about the operations it performs.
-n		No-op mode: use with the -v option to show what the tool would do with the given input. Does not perform any operations.
-M		Manage smart referrals: when they are the target of the update, modify the actual entry containing the referral instead of the entry obtained by following the referral. For more information, see “Creating Smart Referrals” in Chapter 2 of the Sun ONE Directory Server Administration Guide.
-r		Removes the base DN entry. By default, this entry is kept.
-d		Set the LDAP debugging level.
-h	hostname	Specify the hostname of the directory server. When this option is omitted, the default is localhost.
-p	port	Specify the port number for accessing the directory server host. The default is 389 normally and 636 when the SSL options are used.
-D	bindDN	Specify a bind DN for accessing your directory, usually in double quotes ("") for the shell. If the bind DN and its password are omitted, the tool will use anonymous binding. The bind DN determines what entries and attributes may be modified, according to the DN’s access permissions.
-w	password	Specify the password for the bind DN. CAUTION: Specifying the password on the command-line is a possible security risk.
-V	version	Specify the LDAP protocol version number to be used for the modify operation, either 2 or 3. LDAP v3 is the default; only specify LDAP v2 when connecting to servers that do not support v3.
-w	-	Type the password for the bind DN when prompted. This is the most secure way of specifying the password.
-b	DN	Use the DN as the starting point for the search for the subtree to be deleted. It returns no attributes, only DNs.

Example

The example in this section demonstrates a common use of the LDAPSubtdel tool. It assumes the directory is on the localhost using the default LDAP port and the subtree ou=People, dc=example,dc=com will be deleted.

The exit status is 0 if no errors occur. Errors result in a non-zero exit status with a diagnostic message being written to standard output.

Previous Contents Index Next
Sun ONE Directory Server Resource Kit 5.2 Tools Reference


Note	Included with the distribution of the LDAPSubtdel program (in the DSRK_base/java/LDAPSubtdel directory) is test code, which enables you to test the basic functionality of this program.