ldapmodrdn - ldap modify entry RDN tool


ldapmodrdn [-r] [-n] [-v] [-c] [-E] [-H] [-?] [-M] [-R]
[-Z] [-V version] [-d debuglevel] [-D bindDN]
[-w passwd] [-h ldaphost] [-i locale] [-j filename]
[-J [:criticality]] [-k path] [-N certificate]
[-O hopLimit] [-P path] [-W password] [-p ldapport]
[-o attributename=value] [-f file] [-Y proxyDN]
[dn rdn]


ldapmodrdn opens a connection to an LDAP server, binds, and modifies the
RDN of entries. The entry information is read from standard input, from
file through the use of the -f option, or from the command-line pair dn
and rdn.



Continuous operation mode. Errors are reported, but ldapmodify
continues with modifications. The default is to exit after reporting
an error.

-D bindDN

Use the distinguished name binddn to bind to the directory.

-d debuglevel

Set the LDAP debugging level. Useful values of debuglevel for
ldapmodrdn are:





Access control

To request more than one category of debugging information, add the
masks. For example, to request trace and filter information, specify
a debuglevel of 33.


Ask server to expose (report) bind identity by means of
authentication response control.

-f file

Read the entry modification information from file instead of from
standard input or the command-line.


Display the usage help text that briefly describes all options.


Display the usage help text that briefly describes all options.

-h ldaphost

Specify an alternate host on which the LDAP server is running.

-i locale

Specify the character set to use for the -f LDIFfile or standard
input. The default is the character set specified in the LANG
environment variable. You might choose to use this option to perform
the conversion from the specified character set to UTF8, thus
overriding the LANG setting.

-J [:criticality[:value|::b64value|b64value|:fileurl]]

Criticality is a boolean value (default is false).

-j filename

Specify a file containing the password for the bind DN or the
password for the SSL client's key database. To protect the password,
use this option in scripts and place the password in a secure file.
This option is mutually exclusive of the -w and -W options.

-k path

Specify the path to a directory containing conversion routines. These
routines are used if you want to specify a locale that is not
supported by default by your directory server. This is for NLS


Manage smart referrals. When they are the target of the operation,
modify the entry containing the referral instead of the entry
obtained by following the referral.


Previews modifications, but makes no changes to entries. Useful in
conjunction with -v and -d for debugging.

-N certificate

Specify the certificate name to use for certificate-based client
authentication. For example: -N "Directory-Cert".


Show what would be done, but do not actually change entries. Useful
in conjunction with -v for debugging.

-o attributename=value

For SASL mechanisms and other options such as security properties,
mode of operation, authorization ID, authentication ID, and so forth.

The different attribute names and their values are as follows:

For defining SASL security properties.

Specifies SASL realm (default is realm=none).

Specify the authorization ID name for SASL bind.

Specify the authentication ID for SASL bind.

Specifies the various SASL mechanisms.

-O hopLimit

Specify the maximum number of referral hops to follow while finding
an entry to modify. By default, there is no limit.

-P path

Specify the path and filename of the client's certificate database.
For example:

-P /home/uid/.netscape/cert7.db

When using the command on the same host as the directory server, you
can use the server's own certificate database. For example:

-P installDir/lapd-serverID/alias/cert7.db

Use the -P option alone to specify server authentication only.

-p ldapport

Specify an alternate TCP port where the secure LAPD server is


Do not automatically follow referrals returned while searching.


Remove old RDN values from the entry. By default, old values are

-V version

Specify the LDAP protocol version number to be used for the delete
operation, either 2 or 3. LDAP v3 is the default. Specify LDAP v2
when connecting to servers that do not support v3.


Use verbose mode, with diagnostics written to standard output.

-W password

Specify the password for the client's key database given in the -P
option. This option is required for certificate-based client
authentication. Specifying password on the command line has security
issues because the password can be seen by others on the system by
means of the ps command. Use the -j instead to specify the password
from the file. This option is mutually exclusive of -j.

-w passwd

Use passwd as the password for authentication to the directory. When
you use -w passwd to specify the password to be used for
authentication, the password is visible to other users of the system
by means of the ps command, in script files or in shell history. If
you use the ldapmodrdn command without this option, the command will
prompt for the password and read it from standard in. When used
without the -w option, the password will not be visible to other

-Y proxyid

Specify the proxy DN (proxied authorization id) to use for the modify
operation, usually in double quotes ("") for the shell.


Specify that SSL be used to provide certificate-based client
authentication. This option requires the -N and SSL password and any
other of the SSL options needed to identify the certificate and the
key database.

Input Format

If the command-line arguments dn and rdn are given, rdn replaces the RDN
of the entry specified by the DN, dn.

Otherwise, the contents of file (or standard input if the - f option is
not specified) must consist of one or more pair of lines:

Distinguished Name (DN)
Relative Distinguished Name (RDN)

Use one or more blank lines to separate each DN/RDN pair.


The file /tmp/entrymods contains:

cn=Modify Me, o=XYZ, c=US
cn=The New Me

The command:

example% ldapmodify -r -f /tmp/entrymods

changes the RDN of the "Modify Me" entry from "Modify Me" to "The New Me"
and the old cn, "Modify Me" is removed.


See attributes(7) for a description of the following attributes:

|Stability Level | Evolving |


ldapadd(1), ldapdelete(1), ldapmodify(1), ldapsearch(1), attributes(7)


Exit status is 0 if no errors occur. Errors result in a non-zero exit
status and a diagnostic message being written to standard error.

January 15, 2004 LDAPMODRDN(1)