ldapmodrdn(1)

1ldapmodrdn(1)                    User Commands                   ldapmodrdn(1)
2
3
4

NAME

6       ldapmodrdn - ldap modify entry RDN tool
7

SYNOPSIS

9       ldapmodrdn [-r] [-n] [-v] [-c] [-E] [-H] [-?] [-M] [-R]
10            [-Z] [-V version] [-d debuglevel] [-D bindDN]
11            [-w passwd] [-h ldaphost] [-i locale] [-j filename]
12            [-J [:criticality]] [-k path] [-N certificate]
13            [-O hopLimit] [-P path] [-W password] [-p ldapport]
14            [-o attributename=value] [-f file] [-Y proxyDN]
15            [dn rdn]
16
17

DESCRIPTION

19       ldapmodrdn  opens  a  connection to an LDAP server, binds, and modifies
20       the RDN of entries. The entry information is read from standard  input,
21       from  file  through  the use of the -f option, or from the command-line
22       pair dn and rdn.
23

OPTIONS

25       -c
26
27           Continuous operation mode. Errors are reported, but ldapmodify con‐
28           tinues  with  modifications. The default is to exit after reporting
29           an error.
30
31
32       -D bindDN
33
34           Use the distinguished name binddn to bind to the directory.
35
36
37       -d debuglevel
38
39           Set the LDAP debugging level. Useful values of debuglevel for ldap‐
40           modrdn are:
41
42           1       Trace
43
44
45           2       Packets
46
47
48           4       Arguments
49
50
51           32      Filters
52
53
54           128     Access control
55
56           To request more than one category of debugging information, add the
57           masks. For example, to request trace and filter information,  spec‐
58           ify a debuglevel of 33.
59
60
61       -E
62
63           Ask server to expose (report) bind identity by means of authentica‐
64           tion response control.
65
66
67       -f file
68
69           Read the entry modification information from file instead  of  from
70           standard input or the command-line.
71
72
73       -?
74
75           Display the usage help text that briefly describes all options.
76
77
78       -H
79
80           Display the usage help text that briefly describes all options.
81
82
83       -h  ldaphost
84
85           Specify an alternate host on which the LDAP server is running.
86
87
88       -i locale
89
90           Specify  the  character  set to use for the -f LDIFfile or standard
91           input. The default is the character set specified in the LANG envi‐
92           ronment  variable.  You  might choose to use this option to perform
93           the conversion from the specified character set to UTF8, thus over‐
94           riding the LANG setting.
95
96
97       -J [:criticality[:value|::b64value|b64value|:fileurl]]
98
99           Criticality is a boolean value (default is false).
100
101
102       -j filename
103
104           Specify a file containing the password for the bind DN or the pass‐
105           word for the SSL client's key database. To  protect  the  password,
106           use this option in scripts and place the password in a secure file.
107           This option is mutually exclusive of the -w and -W options.
108
109
110       -k path
111
112           Specify the path to a  directory  containing  conversion  routines.
113           These routines are used if you want to specify a locale that is not
114           supported by default by your directory server. This is for NLS sup‐
115           port.
116
117
118       -M
119
120           Manage  smart referrals. When they are the target of the operation,
121           modify the entry containing  the  referral  instead  of  the  entry
122           obtained by following the referral.
123
124
125       -n
126
127           Previews  modifications, but makes no changes to entries. Useful in
128           conjunction with -v and -d for debugging.
129
130
131       -N certificate
132
133           Specify the certificate name to use  for  certificate-based  client
134           authentication. For example: -N "Directory-Cert".
135
136
137       -n
138
139           Show what would be done, but do not actually change entries. Useful
140           in conjunction with -v for debugging.
141
142
143       -o attributename=value
144
145           For SASL mechanisms and other options such as security  properties,
146           mode  of  operation,  authorization  ID,  authentication ID, and so
147           forth.
148
149           The different attribute names and their values are as follows:
150
151           secProp="number"    For defining SASL security properties.
152
153
154           realm="value"       Specifies SASL realm (default is realm=none).
155
156
157           authzid="value"     Specify the  authorization  ID  name  for  SASL
158                               bind.
159
160
161           authid="value"      Specify the authentication ID for SASL bind.
162
163
164           mech="value"        Specifies the various SASL mechanisms.
165
166
167
168       -O hopLimit
169
170           Specify the maximum number of referral hops to follow while finding
171           an entry to modify. By default, there is no limit.
172
173
174       -P path
175
176           Specify the path and filename of the client's certificate database.
177           For example:
178
179             -P /home/uid/.netscape/cert7.db
180
181           When  using  the  command on the same host as the directory server,
182           you can use the server's own certificate database. For example:
183
184             -P installDir/lapd-serverID/alias/cert7.db
185
186           Use the -P option alone to specify server authentication only.
187
188
189       -p ldapport
190
191           Specify an alternate TCP port where the secure LAPD server is  lis‐
192           tening.
193
194
195       -R
196
197           Do not automatically follow referrals returned while searching.
198
199
200       -r
201
202           Remove  old  RDN  values from the entry. By default, old values are
203           kept.
204
205
206       -V version
207
208           Specify the LDAP protocol version number to be used for the  delete
209           operation,  either  2 or 3. LDAP v3 is the default. Specify LDAP v2
210           when connecting to servers that do not support v3.
211
212
213       -v
214
215           Use verbose mode, with diagnostics written to standard output.
216
217
218       -W password
219
220           Specify the password for the client's key database given in the  -P
221           option.  This  option  is  required  for  certificate-based  client
222           authentication. Specifying password on the command line  has  secu‐
223           rity  issues because the password can be seen by others on the sys‐
224           tem by means of the ps command. Use the -j instead to  specify  the
225           password from the file. This option is mutually exclusive of -j.
226
227
228       -w passwd
229
230           Use  passwd  as  the  password for authentication to the directory.
231           When you use -w passwd to specify  the  password  to  be  used  for
232           authentication,  the password is visible to other users of the sys‐
233           tem by means of the ps command, in script files or  in  shell  his‐
234           tory.  If  you  use the ldapmodrdn command without this option, the
235           command will prompt for the password and read it from standard  in.
236           When  used  without the -w option, the password will not be visible
237           to other users.
238
239
240       -Y proxyid
241
242           Specify the proxy DN (proxied authorization id) to use for the mod‐
243           ify operation, usually in double quotes ("") for the shell.
244
245
246       -Z
247
248           Specify  that  SSL  be  used  to  provide  certificate-based client
249           authentication. This option requires the -N and  SSL  password  and
250           any other of the SSL options needed to identify the certificate and
251           the key database.
252
253
254   Input Format
255       If the command-line arguments dn and rdn are given,  rdn  replaces  the
256       RDN of the entry specified by the DN, dn.
257
258
259       Otherwise, the contents of file (or standard input if the - f option is
260       not specified) must consist of one or more pair of lines:
261
262             Distinguished Name (DN)
263             Relative Distinguished Name (RDN)
264
265
266
267
268       Use one or more blank lines to separate each DN/RDN pair.
269

EXAMPLES

271       The file /tmp/entrymods contains:
272
273         cn=Modify Me, o=XYZ, c=US
274         cn=The New Me
275
276
277
278
279       The command:
280
281         example% ldapmodify -r -f /tmp/entrymods
282
283
284
285
286       changes the RDN of the "Modify Me" entry from "Modify Me" to  "The  New
287       Me" and the old cn, "Modify Me" is removed.
288

ATTRIBUTES

290       See attributes(5) for a description of the following attributes:
291
292
293
294
295       ┌─────────────────────────────┬─────────────────────────────┐
296       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
297       ├─────────────────────────────┼─────────────────────────────┤
298       │Availability                 │SUNWcsu                      │
299       │Stability Level              │Evolving                     │
300       └─────────────────────────────┴─────────────────────────────┘
301

DIAGNOSTICS

306       Exit  status  is 0 if no errors occur. Errors result in a non-zero exit
307       status and a diagnostic message being written to standard error.
308
309
310
311SunOS 5.11                        15 Jan 2004                    ldapmodrdn(1)