1LDAPMODRDN(1)               General Commands Manual              LDAPMODRDN(1)
2
3
4

NAME

6       ldapmodrdn - LDAP rename entry tool
7

SYNOPSIS

9       ldapmodrdn  [-V[V]]  [-d debuglevel]  [-n]  [-v]  [-r] [-s newsup] [-c]
10       [-f file] [-M[M]] [-x]  [-D binddn]  [-W]  [-w passwd]  [-y passwdfile]
11       [-H ldapuri]        [-h ldaphost]        [-p ldapport]       [-P {2|3}]
12       [-e [!]ext[=extparam]]    [-E [!]ext[=extparam]]    [-o opt[=optparam]]
13       [-O security-properties] [-I] [-Q] [-N] [-U authcid] [-R realm] [-X au‐
14       thzid] [-Y mech] [-Z[Z]] [dn rdn]
15

DESCRIPTION

17       ldapmodrdn is a shell-accessible interface to  the  ldap_rename(3)  li‐
18       brary call.
19
20       ldapmodrdn  opens  a  connection to an LDAP server, binds, and modifies
21       the RDN of entries.  The entry information is read from standard input,
22       from  file  through  the use of the -f option, or from the command-line
23       pair dn and rdn.
24

OPTIONS

26       -V[V]  Print version info.  If -VV is given, only the version  informa‐
27              tion is printed.
28
29       -d debuglevel
30              Set  the LDAP debugging level to debuglevel.  ldapmodrdn must be
31              compiled with LDAP_DEBUG defined for this option to have any ef‐
32              fect.
33
34       -n     Show  what  would  be  done,  but don't actually change entries.
35              Useful for debugging in conjunction with -v.
36
37       -v     Use verbose mode, with many diagnostics written to standard out‐
38              put.
39
40       -r     Remove  old  RDN  values from the entry.  Default is to keep old
41              values.
42
43       -s newsup
44              Specify a new superior entry. (I.e., move the target  entry  and
45              make  it  a child of the new superior.)  This option is not sup‐
46              ported in LDAPv2.
47
48       -c     Continuous operation mode.  Errors  are  reported,  but ldapmod‐
49              rdn  will   continue   with   modifications.   The default is to
50              exit after reporting an error.
51
52       -f file
53              Read the entry modification information  from  file  instead  of
54              from standard input or the command-line.
55
56       -M[M]  Enable manage DSA IT control.  -MM makes control critical.
57
58       -x     Use simple authentication instead of SASL.
59
60       -D binddn
61              Use the Distinguished Name binddn to bind to the LDAP directory.
62              For SASL binds, the server is expected to ignore this value.
63
64       -W     Prompt for simple authentication.  This is used instead of spec‐
65              ifying the password on the command line.
66
67       -w passwd
68              Use passwd as the password for simple authentication.
69
70       -y passwdfile
71              Use  complete  contents of passwdfile as the password for simple
72              authentication.
73
74       -H ldapuri
75              Specify URI(s) referring to the ldap server(s); only the  proto‐
76              col/host/port  fields  are  allowed; a list of URI, separated by
77              whitespace or commas is expected.
78
79       -h ldaphost
80              Specify an alternate host on which the ldap server  is  running.
81              Deprecated in favor of -H.
82
83       -p ldapport
84              Specify  an  alternate TCP port where the ldap server is listen‐
85              ing.  Deprecated in favor of -H.
86
87       -P {2|3}
88              Specify the LDAP protocol version to use.
89
90       -e [!]ext[=extparam]
91
92       -E [!]ext[=extparam]
93
94              Specify general extensions with -e and  modrdn  extensions  with
95              -E.  ´!´ indicates criticality.
96
97              General extensions:
98                [!]assert=<filter>    (an RFC 4515 Filter)
99                !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
100                [!]bauthzid           (RFC 3829 authzid control)
101                [!]chaining[=<resolve>[/<cont>]]
102                [!]manageDSAit
103                [!]noop
104                ppolicy
105                [!]postread[=<attrs>] (a comma-separated attribute list)
106                [!]preread[=<attrs>]  (a comma-separated attribute list)
107                [!]relax
108                sessiontracking
109                abandon,cancel,ignore (SIGINT sends abandon/cancel,
110                or ignores response; if critical, doesn't wait for SIGINT.
111                not really controls)
112
113              Modrdn extensions:
114                (none)
115
116       -o opt[=optparam]
117
118              Specify any ldap.conf(5) option or one of the following:
119                nettimeout=<timeout>  (in seconds, or "none" or "max")
120                ldif_wrap=<width>     (in columns, or "no" for no wrapping)
121
122
123       -O security-properties
124              Specify SASL security properties.
125
126       -I     Enable  SASL  Interactive  mode.   Always prompt.  Default is to
127              prompt only as needed.
128
129       -Q     Enable SASL Quiet mode.  Never prompt.
130
131       -N     Do not use reverse DNS to canonicalize SASL host name.
132
133       -U authcid
134              Specify the authentication ID for SASL bind. The form of the  ID
135              depends on the actual SASL mechanism used.
136
137       -R realm
138              Specify  the  realm of authentication ID for SASL bind. The form
139              of the realm depends on the actual SASL mechanism used.
140
141       -X authzid
142              Specify the requested authorization ID for SASL  bind.   authzid
143              must be one of the following formats: dn:<distinguished name> or
144              u:<username>
145
146       -Y mech
147              Specify the SASL mechanism to be  used  for  authentication.  If
148              it's  not  specified, the program will choose the best mechanism
149              the server knows.
150
151       -Z[Z]  Issue StartTLS (Transport Layer Security) extended operation. If
152              you  use  -ZZ, the command will require the operation to be suc‐
153              cessful.
154

INPUT FORMAT

156       If the command-line arguments dn and rdn are given,  rdn  will  replace
157       the RDN of the entry specified by the DN, dn.
158
159       Otherwise,  the  contents  of  file (or standard input if no -f flag is
160       given) should consist of one or more entries.
161
162           Distinguished Name (DN)
163           Relative Distinguished Name (RDN)
164
165       One or more blank lines may be used to separate each DN/RDN pair.
166

EXAMPLE

168       Assuming that the file /tmp/entrymods exists and has the contents:
169
170           cn=Modify Me,dc=example,dc=com
171           cn=The New Me
172
173       the command:
174
175           ldapmodrdn -r -f /tmp/entrymods
176
177       will change the RDN of the "Modify Me" entry from "Modify Me"  to  "The
178       New Me" and the old cn, "Modify Me" will be removed.
179

DIAGNOSTICS

181       Exit  status is 0 if no errors occur.  Errors result in a non-zero exit
182       status and a diagnostic message being written to standard error.
183

SEE ALSO

185       ldapadd(1), ldapdelete(1), ldapmodify(1), ldapsearch(1),  ldap.conf(5),
186       ldap(3), ldap_rename(3)
187

AUTHOR

189       The OpenLDAP Project <http://www.openldap.org/>
190

ACKNOWLEDGEMENTS

192       OpenLDAP  Software  is developed and maintained by The OpenLDAP Project
193       <http://www.openldap.org/>.  OpenLDAP Software is derived from the Uni‐
194       versity of Michigan LDAP 3.3 Release.
195
196
197
198OpenLDAP 2.4.57                   2021/01/18                     LDAPMODRDN(1)
Impressum