• Contact Us
  • Home
  • Reference

Using ldapcompare

Learn how to efficiently use ldapcompare for comparing LDAP directory attributes and values to manage user identities effectively.

Written by Maryanne Normann

Updated at October 21st, 2025

  • Quick Start
  • Installation
    Best Practices Configuration Troubleshooting Design Performance Platform
  • Maintenance
    Releases Upgrade
  • Reference
+ More

Table of Contents

Basic Syntax Common Options Example Commands Compare a user’s attribute Compare multiple attributes from file Troubleshooting

Date: 11-04-2022

The ldapcompare command-line tool lets you test whether a specific attribute in an LDAP entry matches a given value.
It’s ideal for verifying user attributes, group memberships, or password hashes without modifying data. 

The result code of the compare is provided as the exit code and, unless run with -z, the program prints TRUE, FALSE, or UNDEFINED on standard output.

Basic Syntax

ldapcompare [options] DN attribute:value

Or from a file of comparisons:

ldapcompare [options] -f comparisons.txt

Common Options

Option Description
-x Use simple bind instead of SASL
-H ldap://host LDAP URI
-D "cn=admin,dc=example,dc=com" Bind DN
-W Prompt for password
-w password Supply password directly (not recommended)
-ZZ Use StartTLS
-v Verbose output
-f file Read DN/attribute:value pairs from file

Example Commands

Compare a user’s attribute

ldapcompare -x -H ldap://localhost \
 -D "cn=admin,dc=example,dc=com" -W \
 "uid=jdoe,ou=People,dc=example,dc=com" mail:jdoe@example.com

Compare multiple attributes from file

File: compare-list.txt

uid=jdoe,ou=People,dc=example,dc=com mail:jdoe@example.com
uid=jdoe,ou=People,dc=example,dc=com sn:Doe
uid=jdoe,ou=People,dc=example,dc=com departmentNumber:IT

Command:

ldapcompare -x -H ldap://localhost -D "cn=admin,dc=example,dc=com" -W -f compare-list.txt

Troubleshooting

Error Meaning Fix
ldap_compare: No such object (32) DN doesn’t exist Check the full DN
ldap_compare: Insufficient access (50) ACL denies read/compare Update ACLs or bind as rootDN
ldap_compare: Invalid syntax (21) Attribute value doesn’t match schema Use correct syntax
ldap_compare: Constraint violation (19) Value fails schema or operational constraint Check attribute definition
ldap_compare: Server is unwilling to perform (53) Operation blocked (referral, policy) Check logs for more information

ldapcompare Man Page

LDAP Result Codes RFC

 
Copyright © 2020-2024 Symas Corporation. All rights reserved.
ldapcompare utility cli

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Chaining Overlay with Keep Alive Function
  • cn=monitor Reference
  • Common ldap Command Parameters
  • Common slapd Command Parameters
  • Convert Single-Master to Multi-Master Replication
  • Symas Blog RSS Feed
  • Symas on Facebook
  • Symas on Twitter
  • Symas Blog
  • Symas on LinkedIn
  • Symas YouTube Channel

Copyright © 2025, Symas Corporation. All rights reserved. Privacy Statement (updated July 31, 2023)

Phone:

Main Office: +1.650.963.7601
Fax: +1.650.390.6284

Email:

Sales: sales@symas.com
Support: support@symas.com

Office Hours:

8:00 AM - 5:00 PM ET

Office Location:

Symas Corporation
PO Box 391
Grand Junction, CO 81507 USA

Expand