|
|
|
Use the DXdelete tool to delete one or more directory entries. To delete a single entry, supply the target DN identification by a direct command-line entry. To delete multiple entries, use input from a file.
This command has the following format:
dxdelete [options] [dn]
Denotes one or more of the following options:
Runs in continuous mode. Errors are reported, but the process is not stopped.
Sets the LDAP debug levels.
Defines the level of debugging as follows:
-1 Enable all debugging
0 No debugging
1 Trace function
2 Debug packet handling
4 Heavy trace debugging
8 Connection management
16 Print out packages sent and received
32 Search filter processing
64 Configuration file processing
128 Access control list processing
256 Stats log connections/operations/results
512 Stats log entries sent
1024 Print communication with shell backends
2048 Print entry parsing debugging
You can add numbers together to specify multiple debug levels at the same time. For example, a debug level of 6 specifies the debugging levels of both 2 and 4.
Specifies the distinguished name of the user performing the bind.
Specifies a file to read from, rather than standard input.
Specifies the address or host name of the directory host. If you do not specify this, the tool uses localhost instead.
You can include OSI addressing for transport, session, and presentation SAPs by fully expanding dap-host:
hostname:port/tsel/ssel/psel
You can include binary and ASCII characters in the tsel, ssel, and psel selectors, using the % followed by the two hexadecimal digits that represent the ASCII code for the character, for example:
Specifies the time limit in seconds for each DAP operation.
Shows what would be done, but does not actually do it. Use with the -v option for debugging.
Specifies the port on directory host computer. If you do not specify this, the tool uses port 102, the OSI port, buy default
You can combine the -h and -p arguments into a single argument, and express them as a dotted IP address or hostname. For example, you can replace the options on the first line with those on the second:
-h 192.168.19.202 -p 19389
-h 192.168.19.202:19389
Runs in verbose mode.
Specifies the bind password, which is used for simple authentication.
Specifies that the tool should start a TLS request.
Use -ZZ to require a successful response from the DSA.
Specifies the name of the configuration file used by the -Z option. The default file is:
DXHOME/config/ssld/dxldap.conf
This configuration file is a text file. It must contain a line starting TLS_CACERT, and can optionally contain a second line starting TLS_REQCERT. Its format is as follows:
TLS_CACERT trusted_pem_file
[TLS_REQCERT {allow|demand|hard|never|try}]
In the configuration file, the lines have the following meaning:
Specifies the file that contains certificates for all of the Certificate Authorities the client will recognize.
trusted_pem_file
Species the trusted pem file.
This must be an absolute reference to a full path, without environment variables.
Do not enclose trusted_pem_file in quotes.
Specifies what checks to perform on server certificates in a TLS session, if any.
If this line is missing, the system uses TLS_REQCERT demand
The keywords have the following meaning:
Example: dxldap.conf file on a Windows System, Specifying the TLS_REQCERT Setting
TLS_CACERT c:\program files\CA\Directory\dxserver\config\ssld\trusted.pem TLS_REQCERT allow
Example: dxldap.conf file on a UNIX System, Using the Default TLS_REQECRT Setting
TLS_CACERT /opt/CA/Directory/dxserver/config/ssld/trusted.pem
Specifies the distinguished name of entry to delete.
Example: Delete an Entry
This example uses the Democorp sample directory supplied with CA Directory. You can repeat this example as a training exercise.
The following command deletes the entry Murray J Horsfall:
dxdelete -v -h hostname:19389 "cn=Murray J HORSFALL,ou=Repair, ou=Operations,o=Democorp,c=AU"
To test that the entry was deleted, use the DXsearch tool.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |