Table 6.16. ldapdelete ssl options, Sasl options – Red Hat 8.1 User Manual

Table 6.16. ldapdelete SSL Options

Option

Description

-3

Specifies that hostnames should be checked in SSL
certificates.

-I

Specifies the SSL key password file that contains
the token:password pair.

-K

Specifies the path, including the filename, of the
private key database of the client. Either the
absolute or relative (to the server root) path can be
used. The -K option must be used when the key
database has a different name than key3.db or
when the key database is not under the same
directory as the certificate database, the cert8.db
file (the path for which is specified with the -P
option).

-N

Specifies the certificate name to use for certificate-
based client authentication. For example:

-N Server-Cert

If this option is specified, then the -Z and -W
options are required. Also, if this option is specified,
then the -D and -w options must not be specified,
or certificate-based authentication will not occur,
and the bind operation will use the authentication
credentials specified on -D and -w.

-P

Specifies the absolute path, including the filename,
of the certificate database of the client. This option
is used only with the -Z option.
When used on a machine where an SSL-enabled
web browser is configured, the path specified on
this option can be pointed to the certificate
database for the web browser. For example:

-P /security/cert.db

The client security files can be stored on the
Directory Server in the
/etc/dirsrv/slapd-instance_name directory.
In this case, the -P option calls out a path and
filename similar to the following:

-P
/etc/dirsrv/slapd-instance_name/client-
cert.db

-Q

Specifies the token and certificate name, which is
separated by a semicolon (:) for PKCS11.

-W

Specifies the password for the certificate database
identified on the -P option. For example:

-W serverpassword

-Z

Specifies that SSL is to be used for the delete
request.

-ZZ

Specifies the Start TLS request. Use this option to
make a cleartext connection into a secure one. If the
server does not support Start TLS, the command
does not need to be aborted; it will continue in plain
text.

-ZZZ

Enforces the Start TLS request. The server must
respond that the request was successful. If the
server does not support Start TLS, such as Start
TLS is not enabled or the certificate information is
incorrect, the command is aborted immediately.

SASL Options

SASL mechanisms can be used to authenticate a user, using the -o the required SASL information.

196

Chapter 6. Command-Line Utilities