#compdef ldapadd ldapcompare ldapdelete ldapexop ldapmodify ldapmodrdn ldappasswd ldapsearch ldapurl ldapwhoami
local curcontext="$curcontext" nm="$compstate[nmatches]"
local -a args auth state line expl
args=( '*-e[general extensions]:extension:->general-extensions' )
case $service in
ldapadd|ldapcompare|ldapdelete|ldapexop|ldapmodify|ldapmodrdn|ldappasswd|ldapsearch|ldapwhoami)
if (( $words[(I)-[^Z]#Z[^Z]#] )); then
args+=( '*-Z[require success for start TLS request]' )
elif (( ! $words[(I)-[^Z]#Z] )); then
args+=( '-Z[start TLS request]' )
fi
args+=(
'!(-)-VV' '-V[display version information]'
'*-d+[set LDAP debugging level]:level:((1\:trace 2\:packets 4\:args 8\:conns 10\:ber 2048\:parse -1\:all))'
"-n[show what would be done but don't actually do it]"
'-v[verbose output]'
"-N[don't use reverse DNS to canonicalize SASL host name]"
'*-o+[specify any ldap.conf options]: : _values option
"ldif_wrap[specify width]\:width"
"nettimeout[specify timeout]\:timeout (seconds)"'
)
auth=(
'-D[specify bind DN]:binddn'
'-H[specify LDAP URIs]:uri'
'-P[specify protocol version]:version [3]:(2 3)'
+ simple
'(sasl)-x[use simple authentication]'
'(sasl -W -y)-w+[specify bind password]:bind password'
'(sasl -w -y)-W[prompt for bind password]'
'(sasl -w -W)-y+[read password from file]:file:_files'
+ sasl
'(simple)-O+[specify SASL security properties]: : _values -s , property
none noplain noactive nodict noanonymous forwardsec passcred
minssf\:factor maxssf\:factor maxbufsize\:factor'
'(simple)-X+[specify SASL authorization identity]:authzid:->authzids'
'(simple)-Y+[specify SASL mechanism]:mechanism:compadd -M "m:{a-zA-Z}={A-Za-z}" EXTERNAL GSSAPI' # iana has a full list but cyrus support seems limited
'(simple)-R+[specify SASL realm]:realm'
'(simple)-U+[specify SASL authentication identity]:authcid'
'(simple)-I[use SASL Interactive mode]'
'(simple)-Q[use SASL Quiet mode]'
)
;|
ldapadd|ldapcompare|ldapdelete|ldapmodify|ldapmodrdn|ldapsearch)
if (( $words[(I)-[^M]#M[^M]#] )); then
args+=( '*-M[enable Manage DSA IT control critical]' )
elif (( ! $words[(I)-[^M]#M] )); then
args+=( '-M[enable Manage DSA IT control]' )
fi
;|
ldapadd|ldapdelete|ldapmodify|ldapmodrdn|ldapsearch)
# ldapexop documents but doesn't implement this
args+=( '(1 2 *)-f+[read operations from file]:file:_files' )
;|
ldapadd|ldapdelete|ldapmodify|ldapmodrdn|ldapsearch)
args+=( "-c[continuous operation mode (don't stop on errors)]" )
;|
ldapdelete|ldapsearch)
args+=( '-z+[specify size limit]:size limit (entries)' )
;|
ldapadd|ldapmodify)
args+=(
'-S+[write records that are skipped due to an error to file]:file:_files'
'*-E+[modify extensions]:extension:->modify-extensions'
)
;|
ldapurl|ldapsearch)
args+=(
'(decompose)-s+[specify search scope]:search scope [sub]:(base one sub children)'
)
;|
ldapdelete|ldapmodrdn|ldapurl|ldapwhoami) args+=( '!*-E+:extension' ) ;|
ldapadd) args+=( '!-a' ) ;;
ldapmodify) args+=( '-a[add new entries]' ) ;;
ldapcompare)
args+=(
'-z[quiet mode - no output aside return status]'
'*-E+[compare extensions]:extension:->compare-extensions'
)
;;
ldapdelete)
args+=(
'-r[do a recursive delete]'
'*: :_guard "^-*" "distinguished name"'
)
;;
ldapexop) args+=( '*:: :->extended-operations' ) ;;
ldapmodrdn)
args+=(
'-r[remove old RDN values from the entry]'
'-s[specify new superior entry to move target to]:entry'
'1:distinguished name'
'2:relative distinguished name'
)
;;
ldappasswd)
args+=(
'(-a -t)-A[prompt for old password]'
'(-A -t)-a+[specify old password]:password'
'(-A -a)-t+[read old password from file]:file:_files'
'(-s -T)-S[prompt for new password]'
'(-S -T)-s+[specify new password]:password'
'(-S -s)-T+[read new password from file]:file:_files'
)
;;
ldapsearch)
if (( $words[(I)-[^L]#L[^L]#L[^L]#] )); then
args+=( '*-L[LDIF format without comments and version]' )
elif (( $words[(I)-[^L]#L[^L]#] )); then
args+=( '*-L[LDIF format without comments]' )
elif ! (( $words[(I)-[^L]#L[^L]#L[^L]#L] )); then
args+=( '-L[LDIFv1 format]' )
else
args+=( '!*-L' )
fi
if (( $words[(I)-[^t]#t[^t]#] )); then
args+=( '*-t[write all retrieved values to files in temporary directory]' )
elif (( ! $words[(I)-[^t]#t] )); then
args+=( '-t[write binary values to files in temporary directory]' )
fi
args+=(
'-a+[specify how aliases dereferencing is done]:deref [never]:(never always search find)'
'-A[retrieve attributes only (no values)]'
'-b+[specify base dn for search]:basedn'
'*-E+[search extensions]:extension:->search-extensions'
'-F+[specify URL prefix for temporary files]:prefix [file:///tmp//]'
'-l+[specify time limit for search]:time limit (seconds)'
'-S+[sort results by specified attribute]:attribute:_ldap_attributes'
'-T[write files to specified directory]:path [/tmp]:_directories'
'-u[include User Friendly entry names in the output]'
'1: :_ldap_filters'
'2: : _alternative
"attributes:attribute:_ldap_attributes"
"attributes:attribute:((1.1\:no\ attributes \*\:all\ user\ attributes \+\:all\ operational\ attributes))"'
'*:attribute:_ldap_attributes -F line'
)
;;
ldapurl)
args+=(
- compose
'-a+[set a list of attribute selectors]:attribute selectors (comma separated)'
'-b+[set the searchbase]:search base'
'-f+[set the URL filter]:filter:_ldap_filters'
'-h+[set the host]:host:_hosts'
'-p+[set the tcp port]:port:(389 636)'
'-S+[set the URL scheme]:scheme:(ldap ldaps)'
- decompose
'(-s)-H+[specify URI to be exploded]:uri'
)
;;
esac
_arguments -C -S -s $args $auth
case $state in
extended-operations)
case $CURRENT:$words[1] in
1:*)
if compset -P '*::'; then
_message -e data 'base64 data'
elif compset -P '*:'; then
_message -e data data
else
_alternative \
'oids::_guard "(<->(|.))#" oid' \
'operations:operation:(whoami cancel refresh)'
fi
;;
2:cancel) _message -e ids 'cancel id' ;;
2:refresh) _message -e names 'distinguished name' ;;
3:refresh) _message -e times 'ttl' ;;
*) _message 'no more arguments' ;;
esac
;;
*-extensions)
if ! compset -P \!; then
_description criticality expl critical
compadd -S "" "$expl[@]" \!
fi
;|
modify-extensions) _values extension 'txn:txn:(abort commit)' ;;
compare-extensions) _values extension dontUseCopy ;;
search-extensions)
_values extension \
'mv[matched values filter]:filter:_ldap_filters' \
'pr[paged results/prompt]:size[/prompt|noprompt]' \
'sss[server side sorting]: :_sequence -s / _ldap_attributes' \
'subentries: :(true false)' \
'sync:sync[/cookie][/slimit]:((ro\:refreshOnly rp\:refreshAndPersist))' \
'vlv[virtual list view]:before/after(/offset/count|\:value' \
'deref:derefAttr:_sequence _ldap_attributes' \
dontUseCopy domainScope
;;
general-extensions)
_values extension \
'assert:filter:_ldap_filters' \
'authzid:authzid:->authzids' \
{post,pre}'read: :_sequence _ldap_attributes' \
'sessiontracking:username:_users' \
'chaining:behavior:(chainingPreferred chainingRequired referralsPreferred referralsRequired)' \
bauthzid manageDSAit noop ppolicy relax abandon cancel ignore
;&
authzids)
if [[ $state != authzids ]]; then
: # fall-through from above without the authzids state
elif compset -P 'u:'; then
_description users expl authzid
_users "$expl[@]"
elif compset -P 'dn:'; then
_message -e ids 'distinguished name'
else
_description prefixes expl prefix
compadd -S: "$expl[@]" u dn
fi
;;
esac
[[ nm -ne "$compstate[nmatches]" ]]