ldapmodrdn — LDAP rename entry tool
ldapmodrdn [−r] [ −s newsup ] [−n] [−v] [−c] [−M[M]] [ −d debuglevel ] [ −D binddn ] [−W] [ −w passwd ] [ −y passwdfile ] [ −H ldapuri ] [ −h ldaphost ] [ −p ldapport ] [ −P 2 | 3 ] [ −O security−properties ]
[−I] [−Q] [ −U authcid ] [ −R realm ] [−x] [ −X authzid ] [ −Y mech ] [−Z[Z]] [ −f file ] [ dn rdn ]
ldapmodrdn is a shell-accessible interface to the ldap_rename(3) library call.
ldapmodrdn
opens a connection to an LDAP server, binds, and modifies the
RDN of entries. The entry information is read from standard
input, from file
through the use of the −f
option, or from the command-line pair dn and rdn.
−rRemove old RDN values from the entry. Default is to keep old values.
−s
newsupSpecify a new superior entry. (I.e., move the target entry and make it a child of the new superior.) This option is not supported in LDAPv2.
−nShow what would be done, but don't actually change entries. Useful for debugging in conjunction with -v.
−vUse verbose mode, with many diagnostics written to standard output.
−cContinuous operation mode. Errors are reported, but ldapmodrdn will continue with modifications. The default is to exit after reporting an error.
−M[M]Enable manage DSA IT control. −MM makes control critical.
−ddebuglevelSet the LDAP debugging level to debuglevel. ldapmodrdn must be
compiled with LDAP_DEBUG defined for this option to
have any effect.
−ffileRead the entry modification information from
file instead of
from standard input or the command-line.
−xUse simple authentication instead of SASL.
−DbinddnUse the Distinguished Name binddn to bind to the
LDAP directory.
−WPrompt for simple authentication. This is used instead of specifying the password on the command line.
−wpasswdUse passwd
as the password for simple authentication.
−y
passwdfileUse complete contents of passwdfile as the
password for simple authentication.
−H
ldapuriSpecify URI(s) referring to the ldap server(s); only the protocol/host/port fields are allowed; a list of URI, separated by whitespace or commas is expected.
−h
ldaphostSpecify an alternate host on which the ldap server is running. Deprecated in favor of -H.
−p
ldapportSpecify an alternate TCP port where the ldap server is listening. Deprecated in favor of -H.
−P
2|3Specify the LDAP protocol version to use.
−O
security−propertiesSpecify SASL security properties.
−IEnable SASL Interactive mode. Always prompt. Default is to prompt only as needed.
−QEnable SASL Quiet mode. Never prompt.
−U
authcidSpecify the authentication ID for SASL bind. The form of the ID depends on the actual SASL mechanism used.
−R
realmSpecify the realm of authentication ID for SASL bind. The form of the realm depends on the actual SASL mechanism used.
−X
authzidSpecify the requested authorization ID for SASL
bind. authzid
must be one of the following formats: dn: <distinguished name>
or u:<username>
−Y
mechSpecify the SASL mechanism to be used for authentication. If it's not specified, the program will choose the best mechanism the server knows.
−Z[Z]Issue StartTLS (Transport Layer Security) extended
operation. If you use −ZZ , the command will require
the operation to be successful.
If the command-line arguments dn and rdn are given, rdn will replace the RDN of the
entry specified by the DN, dn.
Otherwise, the contents of file (or standard input if no
−f flag is given) should
consist of one or more entries.
Distinguished Name (DN)
Relative Distinguished Name (RDN)
One or more blank lines may be used to separate each DN/RDN pair.
Assuming that the file /tmp/entrymods exists and has the
contents:
cn=Modify Me,dc=example,dc=com
cn=The New Me
the command:
ldapmodrdn -r -f /tmp/entrymods
will change the RDN of the "Modify Me" entry from "Modify Me" to "The New Me" and the old cn, "Modify Me" will be removed.
Exit status is 0 if no errors occur. Errors result in a non-zero exit status and a diagnostic message being written to standard error.
ldapadd(1), ldapdelete(1), ldapmodify(1), ldapsearch(1), ldap.conf(5), ldap(3), ldap_rename(3)
OpenLDAP Software is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>. OpenLDAP Software is derived from University of Michigan LDAP 3.3 Release.