1LDAPMODRDN(1)               General Commands Manual              LDAPMODRDN(1)
2
3
4

NAME

6       ldapmodrdn - LDAP rename entry tool
7

SYNOPSIS

9       ldapmodrdn  [-V[V]]  [-d debuglevel]  [-n]  [-v]  [-r] [-s newsup] [-c]
10       [-f file] [-M[M]] [-x]  [-D binddn]  [-W]  [-w passwd]  [-y passwdfile]
11       [-H ldapuri]        [-h ldaphost]        [-p ldapport]       [-P {2|3}]
12       [-e [!]ext[=extparam]]    [-E [!]ext[=extparam]]    [-o opt[=optparam]]
13       [-O security-properties]   [-I]   [-Q]   [-N]  [-U authcid]  [-R realm]
14       [-X authzid] [-Y mech] [-Z[Z]] [dn rdn]
15

DESCRIPTION

17       ldapmodrdn  is  a  shell-accessible  interface  to  the  ldap_rename(3)
18       library call.
19
20       ldapmodrdn  opens  a  connection to an LDAP server, binds, and modifies
21       the RDN of entries.  The entry information is read from standard input,
22       from  file  through  the use of the -f option, or from the command-line
23       pair dn and rdn.
24

OPTIONS

26       -V[V]  Print version info.  If -VV is given, only the version  informa‐
27              tion is printed.
28
29       -d debuglevel
30              Set  the LDAP debugging level to debuglevel.  ldapmodrdn must be
31              compiled with LDAP_DEBUG defined for this  option  to  have  any
32              effect.
33
34       -n     Show  what  would  be  done,  but don't actually change entries.
35              Useful for debugging in conjunction with -v.
36
37       -v     Use verbose mode, with many diagnostics written to standard out‐
38              put.
39
40       -r     Remove  old  RDN  values from the entry.  Default is to keep old
41              values.
42
43       -s newsup
44              Specify a new superior entry. (I.e., move the target  entry  and
45              make  it  a child of the new superior.)  This option is not sup‐
46              ported in LDAPv2.
47
48       -c     Continuous operation mode.  Errors  are  reported,  but ldapmod‐
49              rdn  will   continue   with   modifications.   The default is to
50              exit after reporting an error.
51
52       -f file
53              Read the entry modification information  from  file  instead  of
54              from standard input or the command-line.
55
56       -M[M]  Enable manage DSA IT control.  -MM makes control critical.
57
58       -x     Use simple authentication instead of SASL.
59
60       -D binddn
61              Use the Distinguished Name binddn to bind to the LDAP directory.
62              For SASL binds, the server is expected to ignore this value.
63
64       -W     Prompt for simple authentication.  This is used instead of spec‐
65              ifying the password on the command line.
66
67       -w passwd
68              Use passwd as the password for simple authentication.
69
70       -y passwdfile
71              Use  complete  contents of passwdfile as the password for simple
72              authentication.
73
74       -H ldapuri
75              Specify URI(s) referring to the ldap server(s); only the  proto‐
76              col/host/port  fields  are  allowed; a list of URI, separated by
77              whitespace or commas is expected.
78
79       -h ldaphost
80              Specify an alternate host on which the ldap server  is  running.
81              Deprecated in favor of -H.
82
83       -p ldapport
84              Specify  an  alternate TCP port where the ldap server is listen‐
85              ing.  Deprecated in favor of -H.
86
87       -P {2|3}
88              Specify the LDAP protocol version to use.
89
90       -e [!]ext[=extparam]
91
92       -E [!]ext[=extparam]
93
94              Specify general extensions with -e and  modrdn  extensions  with
95              -E.  ´!´ indicates criticality.
96
97              General extensions:
98                [!]assert=<filter>    (an RFC 4515 Filter)
99                !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
100                [!]bauthzid           (RFC 3829 authzid control)
101                [!]chaining[=<resolve>[/<cont>]]
102                [!]manageDSAit
103                [!]noop
104                ppolicy
105                [!]postread[=<attrs>] (a comma-separated attribute list)
106                [!]preread[=<attrs>]  (a comma-separated attribute list)
107                [!]relax
108                sessiontracking
109                abandon,cancel,ignore (SIGINT sends abandon/cancel,
110                or ignores response; if critical, doesn't wait for SIGINT.
111                not really controls)
112
113              Modrdn extensions:
114                (none)
115
116       -o opt[=optparam]
117
118              Specify general options.
119
120              General options:
121                nettimeout=<timeout>  (in seconds, or "none" or "max")
122                ldif-wrap=<width>     (in columns, or "no" for no wrapping)
123
124       -O security-properties
125              Specify SASL security properties.
126
127       -I     Enable  SASL  Interactive  mode.   Always prompt.  Default is to
128              prompt only as needed.
129
130       -Q     Enable SASL Quiet mode.  Never prompt.
131
132       -N     Do not use reverse DNS to canonicalize SASL host name.
133
134       -U authcid
135              Specify the authentication ID for SASL bind. The form of the  ID
136              depends on the actual SASL mechanism used.
137
138       -R realm
139              Specify  the  realm of authentication ID for SASL bind. The form
140              of the realm depends on the actual SASL mechanism used.
141
142       -X authzid
143              Specify the requested authorization ID for SASL  bind.   authzid
144              must be one of the following formats: dn:<distinguished name> or
145              u:<username>
146
147       -Y mech
148              Specify the SASL mechanism to be  used  for  authentication.  If
149              it's  not  specified, the program will choose the best mechanism
150              the server knows.
151
152       -Z[Z]  Issue StartTLS (Transport Layer Security) extended operation. If
153              you  use  -ZZ, the command will require the operation to be suc‐
154              cessful.
155

INPUT FORMAT

157       If the command-line arguments dn and rdn are given,  rdn  will  replace
158       the RDN of the entry specified by the DN, dn.
159
160       Otherwise,  the  contents  of  file (or standard input if no -f flag is
161       given) should consist of one or more entries.
162
163           Distinguished Name (DN)
164           Relative Distinguished Name (RDN)
165
166       One or more blank lines may be used to separate each DN/RDN pair.
167

EXAMPLE

169       Assuming that the file /tmp/entrymods exists and has the contents:
170
171           cn=Modify Me,dc=example,dc=com
172           cn=The New Me
173
174       the command:
175
176           ldapmodrdn -r -f /tmp/entrymods
177
178       will change the RDN of the "Modify Me" entry from "Modify Me"  to  "The
179       New Me" and the old cn, "Modify Me" will be removed.
180

DIAGNOSTICS

182       Exit  status is 0 if no errors occur.  Errors result in a non-zero exit
183       status and a diagnostic message being written to standard error.
184

SEE ALSO

186       ldapadd(1), ldapdelete(1), ldapmodify(1), ldapsearch(1),  ldap.conf(5),
187       ldap(3), ldap_rename(3)
188

AUTHOR

190       The OpenLDAP Project <http://www.openldap.org/>
191

ACKNOWLEDGEMENTS

193       OpenLDAP  Software  is developed and maintained by The OpenLDAP Project
194       <http://www.openldap.org/>.  OpenLDAP Software is derived from the Uni‐
195       versity of Michigan LDAP 3.3 Release.
196
197
198
199OpenLDAP 2.4.47                   2018/12/19                     LDAPMODRDN(1)
Impressum