Using Ldapdelete With a File

Master the ldapdelete command to efficiently remove entries from an LDAP directory, streamlining your directory management.

Updated at March 18th, 2026

+ More

Table of Contents

Basic Syntax Creating the Delete File Deleting Entries Using ldap Deleting Entries Using ldaps (Secure LDAP) Using Local Administrative Access (ldapi) Deleting Entries with Children Testing Before Deleting Continue if Errors Occur Recommended Workflow

ldapdelete can remove multiple LDAP entries by reading distinguished names (DNs) either from the command line or from a file. This article shows you how to use ldapdelete with a file. This method is commonly used for directory cleanup, migration tasks, and administrative maintenance.

Key points:

The file must contain one DN per line (ldapdelete does not process full LDIF input, so you can't use an LDIF input file format)
LDAP connections can use ldap://, ldaps://, or ldapi:///

Example command:

ldapdelete -x -H ldaps://ldap.example.com -D "cn=admin,dc=example,dc=com" -W -f delete_dns.txt

When deleting multiple entries, you can place the Distinguished Names (DNs) in a file and instruct ldapdelete to delete each entry listed.

Basic Syntax

ldapdelete [options] -f file

Example:

ldapdelete -x -H ldap://ldap.example.com -D "cn=admin,dc=example,dc=com" -W -f delete_dns.txt

Explanation:

Option	Meaning
`-x`	Use simple authentication
`-H`	LDAP server URI
`-D`	Bind DN
`-W`	Prompt for password
`-f`	File containing DNs to delete

Creating the Delete File

Create a file containing the DNs you want to remove.

Example filename:

delete_dns.txtContents of the file:
uid=user1,ou=people,dc=example,dc=com
uid=user2,ou=people,dc=example,dc=com
uid=user3,ou=people,dc=example,dc=com

Each line represents one entry to delete.

Deleting Entries Using `ldap`

Example using a standard ldap connection:

ldapdelete -x -H ldap://ldap.example.com -D "cn=admin,dc=example,dc=com" -W -f delete_dns.txt

Deleting Entries Using `ldaps` (Secure LDAP)

If your server requires TLS encryption, use ldaps.

ldaps typically uses port 636

ldapdelete -x -H ldaps://ldap.example.com -D "cn=admin,dc=example,dc=com" -W -f delete_dns.txt

Using Local Administrative Access (`ldapi`)

Administrators often perform ldap operations locally using the ldapi socket with SASL EXTERNAL authentication:

ldapdelete -Y EXTERNAL -H ldapi:/// -f delete_dns.txt

This method is commonly used for local administrative tasks and does not require a password.

Deleting Entries with Children

LDAP normally prevents deleting entries that contain other entries.

Example error:

ldap_delete: Operation not allowed on non-leaf (66)

To delete an entry and all of its children, use the -r option.

Recursively delete entries below a DN. Warning — use carefully!

ldapdelete -x -H ldaps://ldap.example.com -D "cn=admin,dc=example,dc=com" -W -r -f delete_dns.txt

Testing Before Deleting

You can perform a dry run before deleting entries, where you can see what the output would be, had the deletions been performed:

ldapdelete -n -v -x -H ldaps://ldap.example.com -D "cn=admin,dc=example,dc=com" -W -f delete_dns.txt

Options used:

Option	Purpose
`-n`	Do not execute deletes
`-v`	Verbose output

Example output:

deleting entry "uid=user1,ou=people,dc=example,dc=com"
deleting entry "uid=user2,ou=people,dc=example,dc=com"

Because the “-n” option was used, these entries will NOT be deleted.

Continue if Errors Occur

If deleting many entries, you may want the command to continue even if one delete fails:

ldapdelete -c -x -H ldaps://ldap.example.com -D "cn=admin,dc=example,dc=com" -W -f delete_dns.txt

The -c option tells ldapdelete to continue processing even if an error occurs.

Recommended Workflow

A safe workflow when deleting entries is:

Identify entries using ldapsearch.
Copy the DNs into a file.
Test with ldapdelete -n.
Run the delete command.

More information on ldapdelete can be found here.

directory deletion ldap removal