idsldapcompare

Use the idsldapcompare to compare an attribute value of an entry in an LDAP server with your compare criteria.

Description

The idsldapcompare utility sends a compare request to an LDAP server. The idsldapcompare utility compares the attribute value of an entry with a user provided value. The command returns true or false as output based on the result of the compare request.

Synopsis

idsldapcompare | idsldapcompare[-c] [-d level] [-D DN] [-f file] 
               [-G realm][-h host] [-m mechanism] [-n] [-p port] 
               [-P on|off] [-R] [-U username] [-v] [-V version] 
               [- w password|?] [-y proxyDN] [-1 sec:usec]

The syntax of the idsldapcompare command:

idsldapcompare [options] [dn attr=value]

where,

dn: The DN entry for compare.
attr: The attribute to use in the compare.
value: The value to use in the compare.

Options

The options to the idsldapcompare command.

-c

Specifies to run the operation in continuous mode. In this mode, even after an error is reported the compare operation is continued. The default action is to exit the operation on an error.

-d level

Sets the LDAP debugging level to level in the LDAP library. This option causes the utility to generate debug output to stdout. The level value is a bit mask that controls which output is generated with values from 1 to 65535. For more information about debug levels, see Debugging levels.

-D DN

Specifies the bind DN to bind to a Directory Server.

-f file

Specifies to run compare operation sequentially by using the values in the file.

-G realm

Specifies the realm name for use with -m DIGEST-MD5 bind mechanism.

-h host

Specifies the host name of the system on which an LDAP server is running.

-m mechanism

Specifies the SASL mechanism to use when you bind to the server.

-n

Specifies to demonstrate the action for the operation without actually doing it.

Tip: The -n parameter with the -v parameter is useful when you debug any related problem.

-p port

Specifies a port number for the LDAP server to listen.

-P on | off

Specifies whether to send password policy controls to the server. The argument to the -P parameter indicates:

on - send the password policy controls
off - do not send password policy controls

-R

Specifies not to chase referrals automatically.

-U username

Specifies the user name for the DIGEST-MD5 bind.

-v

Specifies to run the command in verbose mode.

-V version

Specifies the LDAP protocol version. The default version is 3.

-w passwd | ?

Specifies the bind password for authentication. Use the ? to generate a non-echoed password prompt.

-y proxydn

Specifies the DN to be used for proxied authorization.

-1 sec:usec

Specifies the timeout for the connect() function in seconds and microseconds. The values that are provided for seconds and microseconds must be positive integers.

Examples

Example 1:

To compare an attribute value with user provided value for an entry, run the idsldapcompare command of the following format:

idsldapcompare -D adminDN -w adminPWD -h host_name -p port \
"cn=Bob Campbell, ou=Austin, o=sample" postalcode=4502

In this example, the command compares the entry with an existing entry in the LDAP server. If the postal code for the cn=Bob Campbell entry is 4502 in the server, the command returns true, otherwise the command returns false.