Quickstart:

ldapvi --discover --host HOSTNAME

Perform an LDAP search and update results using a text editor.

Other usage:

ldapvi --out [OPTION]... [FILTER] [AD]...

Print entries

ldapvi --in [OPTION]... [FILENAME]

Load change records

ldapvi --delete [OPTION]... DN...

Edit a delete record

ldapvi --rename [OPTION]... DN1 DN2

Edit a rename record

Connection options:

-h, --host URL

Server.

-D, --user USER

Search filter or DN: User to bind as. [1] Sets --bind simple.

-w, --password SECRET

Password (also valid for SASL).

--bind [simple,sasl]

Disable or enable SASL.

--bind-dialog [never,auto,always]

Interactive login dialog.

SASL options (these parameters set --bind sasl):

-I, --sasl-interactive Set --bind-dialog always.

-O, --sasl-secprops P

SASL security properties.

-Q, --sasl-quiet

Set --bind-dialog never.

-R, --sasl-realm

R SASL realm.

-U, --sasl-authcid AC

SASL authentication identity.

-X, --sasl-authzid AZ

SASL authorization identity.

-Y, --sasl-mech

MECH SASL mechanism.

Search parameters:

-b, --base DN

Search base.

-s, --scope SCOPE

Search scope. One of base|one|sub.

-S, --sort KEYS

Sort control (critical).

Miscellaneous options:

--add

(Only with --in, --ldapmodify:) Treat attrval records as new entries to add.

-o, --class OBJCLASS

Class to add. Can be repeated. Implies -A.

--config

Print parameters in ldap.conf syntax.

-c --continue

Ignore LDAP errors and continue processing.

--deleteoldrdn

(Only with --rename:) Delete the old RDN.

-a, --deref

never|searching|finding|always

-d, --discover

Auto-detect naming contexts. [2]

-A, --empty

Don't search, start with empty file. See -o.

--encoding [ASCII|UTF-8|binary]

The encoding to allow. Default is UTF-8.

-H, --help

This help.

--ldap-conf

Always read libldap configuration.

-m, --may

Show missing optional attributes as comments.

-M, --managedsait

manageDsaIT control (critical).

--noquestions

Commit without asking for confirmation.

-!, --noninteractive

Never ask any questions.

-q, --quiet

Disable progress output.

-R, --read DN

Same as -b DN -s base '(objectclass=*)' + *

-Z, --starttls

Require startTLS.

--tls [never|allow|try|strict]

Level of TLS strictess.

-v, --verbose

Note every update.

Shortcuts:

--ldapsearch

Short for --quiet --out

--ldapmodify

Short for --noninteractive --in

--ldapdelete

Short for --noninteractive --delete

--ldapmoddn

Short for --noninteractive --rename

Environment variables: VISUAL, EDITOR, PAGER.

[1] User names can be specified as distinguished names:

uid=foo,ou=bar,dc=acme,dc=com

or search filters:

(uid=foo)

Note the use of parenthesis, which can be omitted from search filters usually but are required here. For this searching bind to work, your client library must be configured with appropriate default search parameters.

[2] Repeat the search for each naming context found and present the

concatenation of all search results.

Conflicts with --base.

With --config, show a BASE configuration line for each context.

A special (offline) option is --diff, which compares two files and writes any changes to standard output in LDIF format.