--- title: ldapcompare description: ldapcompare — perform LDAP compare operations component: pingds version: 8.1 page_id: pingds:tools-reference:ldapcompare canonical_url: https://docs.pingidentity.com/pingds/8.1/tools-reference/ldapcompare.html section_ids: synopsis: Synopsis ldapcompare-description: Description ldapcompare-options: Options ldapcompare-exit-codes: Exit codes files: Files --- # ldapcompare `ldapcompare` — perform LDAP compare operations ## Synopsis `ldapcompare {options} attribute:value DN` ## Description This utility can be used to perform LDAP compare operations in the Directory Server. ## Options The `ldapcompare` command takes the following options: Command options: * `--assertionFilter {filter}` Use the LDAP assertion control with the provided filter. * `-J | --control {controloid[:criticality[:value|::b64value|:]). * `-N | --certNickname {nickname}` Nickname of the certificate that should be sent to the server for SSL client authentication. * `-o | --saslOption {name=value}` SASL bind options. * `-p | --port {port}` Directory server port number. * `-q | --useStartTls` Use StartTLS to secure communication with the server. Default: false * `-T | --trustStorePassword[:env|:file] {trustStorePassword}` Truststore password which will be used as the cleartext configuration value. * `--trustStorePath {trustStorePath}` Use this truststore for validating server certificate. * `--trustStoreProviderArg {argument}` Configuration argument for the trust store provider. * `--trustStoreProviderClass {class}` Full class name of the trust store provider. * `--trustStoreProviderName {name}` Name of the trust store provider. * `--trustStoreType {trustStoreType}` The type of the truststore (e.g. \[JKS|JCEKS|JVM|PKCS12|\]). * `--usePasswordPolicyControl` Use the password policy request control. Default: false * `-w | --bindPassword[:env|:file] {bindPassword}` Password to use to bind to the server. Omit this option while providing the bind DN to ensure that the command prompts for the password, rather than entering the password as a command argument. * `-W | --keyStorePassword[:env|:file] {keyStorePassword}` Keystore password which will be used as the cleartext configuration value. * `-X | --trustAll` Trust all server SSL certificates. Default: false * `-Z | --useSsl` Use SSL for secure communication with the server. Default: false Utility input/output options: * `--no-prompt` Use non-interactive mode. If data in the command is missing, the user is not prompted and the tool will fail. Default: false * `--noPropertiesFile` No properties file will be used to get default command line argument values. Default: false * `--propertiesFilePath {propertiesFilePath}` Path to the file containing default property values used for command line arguments. * `-v | --verbose` Use verbose mode. Default: false General options: * `-V | --version` Display Directory Server version information. Default: false * `-H | --help` Display this usage information. Default: false ## Exit codes * 0 The command completed successfully. * 5 The LDAP compare operation did not match. * 6 The `-m` option was used, and the LDAP compare operation did match. * ldap-error An LDAP error occurred while processing the operation. LDAP result codes are described in [RFC 4511](https://www.rfc-editor.org/rfc/rfc4511.html#appendix-A) . Also see the additional information for details. * 89 An error occurred while parsing the command-line arguments. ## Files You can use `~/.opendj/tools.properties` to set the defaults for bind DN, host name, and port number as in the following example: ``` hostname=directory.example.com port=1389 bindDN=uid=kvaughan,ou=People,dc=example,dc=com ldapcompare.port=1389 ldapdelete.port=1389 ldapmodify.port=1389 ldappasswordmodify.port=1389 ldapsearch.port=1389 ```