1LDAPMODRDN(1)               General Commands Manual              LDAPMODRDN(1)
2
3
4

NAME

6       ldapmodrdn - LDAP rename entry tool
7

SYNOPSIS

9       ldapmodrdn  [-V[V]]  [-d debuglevel]  [-n]  [-v]  [-r] [-s newsup] [-c]
10       [-f file] [-M[M]] [-x]  [-D binddn]  [-W]  [-w passwd]  [-y passwdfile]
11       [-H ldapuri]  [-P {2|3}]  [-e [!]ext[=extparam]] [-E [!]ext[=extparam]]
12       [-o opt[=optparam]] [-O security-properties] [-I] [-Q]  [-N]  [-U auth‐
13       cid] [-R realm] [-X authzid] [-Y mech] [-Z[Z]] [dn rdn]
14

DESCRIPTION

16       ldapmodrdn  is  a  shell-accessible interface to the ldap_rename(3) li‐
17       brary call.
18
19       ldapmodrdn opens a connection to an LDAP server,  binds,  and  modifies
20       the RDN of entries.  The entry information is read from standard input,
21       from file through the use of the -f option, or  from  the  command-line
22       pair dn and rdn.
23

OPTIONS

25       -V[V]  Print  version info.  If -VV is given, only the version informa‐
26              tion is printed.
27
28       -d debuglevel
29              Set the LDAP debugging level to debuglevel.  ldapmodrdn must  be
30              compiled with LDAP_DEBUG defined for this option to have any ef‐
31              fect.
32
33       -n     Show what would be done,  but  don't  actually  change  entries.
34              Useful for debugging in conjunction with -v.
35
36       -v     Use verbose mode, with many diagnostics written to standard out‐
37              put.
38
39       -r     Remove old RDN values from the entry.  Default is  to  keep  old
40              values.
41
42       -s newsup
43              Specify  a  new superior entry. (I.e., move the target entry and
44              make it a child of the new superior.)  This option is  not  sup‐
45              ported in LDAPv2.
46
47       -c     Continuous operation mode.  Errors  are  reported,  but ldapmod‐
48              rdn will  continue  with  modifications.    The  default  is  to
49              exit after reporting an error.
50
51       -f file
52              Read  the  entry  modification  information from file instead of
53              from standard input or the command-line.
54
55       -M[M]  Enable manage DSA IT control.  -MM makes control critical.
56
57       -x     Use simple authentication instead of SASL.
58
59       -D binddn
60              Use the Distinguished Name binddn to bind to the LDAP directory.
61              For SASL binds, the server is expected to ignore this value.
62
63       -W     Prompt for simple authentication.  This is used instead of spec‐
64              ifying the password on the command line.
65
66       -w passwd
67              Use passwd as the password for simple authentication.
68
69       -y passwdfile
70              Use complete contents of passwdfile as the password  for  simple
71              authentication.
72
73       -H ldapuri
74              Specify  URI(s) referring to the ldap server(s); only the proto‐
75              col/host/port fields are allowed; a list of  URI,  separated  by
76              whitespace or commas is expected.
77
78       -P {2|3}
79              Specify the LDAP protocol version to use.
80
81       -e [!]ext[=extparam]
82
83       -E [!]ext[=extparam]
84
85              Specify  general  extensions  with -e and modrdn extensions with
86              -E.  ´!´ indicates criticality.
87
88              General extensions:
89                [!]assert=<filter>    (an RFC 4515 Filter)
90                !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
91                [!]bauthzid           (RFC 3829 authzid control)
92                [!]chaining[=<resolve>[/<cont>]]
93                [!]manageDSAit
94                [!]noop
95                ppolicy
96                [!]postread[=<attrs>] (a comma-separated attribute list)
97                [!]preread[=<attrs>]  (a comma-separated attribute list)
98                [!]relax
99                sessiontracking[=<username>]
100                abandon,cancel,ignore (SIGINT sends abandon/cancel,
101                or ignores response; if critical, doesn't wait for SIGINT.
102                not really controls)
103
104              Modrdn extensions:
105                (none)
106
107       -o opt[=optparam]
108
109              Specify any ldap.conf(5) option or one of the following:
110                nettimeout=<timeout>  (in seconds, or "none" or "max")
111                ldif_wrap=<width>     (in columns, or "no" for no wrapping)
112
113
114       -O security-properties
115              Specify SASL security properties.
116
117       -I     Enable SASL Interactive mode.  Always  prompt.   Default  is  to
118              prompt only as needed.
119
120       -Q     Enable SASL Quiet mode.  Never prompt.
121
122       -N     Do not use reverse DNS to canonicalize SASL host name.
123
124       -U authcid
125              Specify  the authentication ID for SASL bind. The form of the ID
126              depends on the actual SASL mechanism used.
127
128       -R realm
129              Specify the realm of authentication ID for SASL bind.  The  form
130              of the realm depends on the actual SASL mechanism used.
131
132       -X authzid
133              Specify  the  requested authorization ID for SASL bind.  authzid
134              must be one of the following formats: dn:<distinguished name> or
135              u:<username>
136
137       -Y mech
138              Specify  the  SASL  mechanism  to be used for authentication. If
139              it's not specified, the program will choose the  best  mechanism
140              the server knows.
141
142       -Z[Z]  Issue StartTLS (Transport Layer Security) extended operation. If
143              you use -ZZ, the command will require the operation to  be  suc‐
144              cessful.
145

INPUT FORMAT

147       If  the  command-line  arguments dn and rdn are given, rdn will replace
148       the RDN of the entry specified by the DN, dn.
149
150       Otherwise, the contents of file (or standard input if  no  -f  flag  is
151       given) should consist of one or more entries.
152
153           Distinguished Name (DN)
154           Relative Distinguished Name (RDN)
155
156       One or more blank lines may be used to separate each DN/RDN pair.
157

EXAMPLE

159       Assuming that the file /tmp/entrymods exists and has the contents:
160
161           cn=Modify Me,dc=example,dc=com
162           cn=The New Me
163
164       the command:
165
166           ldapmodrdn -r -f /tmp/entrymods
167
168       will  change  the RDN of the "Modify Me" entry from "Modify Me" to "The
169       New Me" and the old cn, "Modify Me" will be removed.
170

DIAGNOSTICS

172       Exit status is 0 if no errors occur.  Errors result in a non-zero  exit
173       status and a diagnostic message being written to standard error.
174

SEE ALSO

176       ldapadd(1),  ldapdelete(1), ldapmodify(1), ldapsearch(1), ldap.conf(5),
177       ldap(3), ldap_rename(3)
178

AUTHOR

180       The OpenLDAP Project <http://www.openldap.org/>
181

ACKNOWLEDGEMENTS

183       OpenLDAP Software is developed and maintained by The  OpenLDAP  Project
184       <http://www.openldap.org/>.  OpenLDAP Software is derived from the Uni‐
185       versity of Michigan LDAP 3.3 Release.
186
187
188
189OpenLDAP 2.6.2                    2022/05/04                     LDAPMODRDN(1)
Impressum