ldapmodrdn opens a connection to an LDAP server, binds, and modifies the RDN of entries. The entry information is read from standard input, from file through the use of the -f option, or from the command-line pair dn and rdn.

-c

Continuous operation mode. Errors are reported, but ldapmodify continues with modifications. The default is to exit after reporting an error.

-D binddn

Use the distinguished name binddn to bind to the directory.

-d debuglevel

Set the LDAP debugging level. Useful values of debuglevel for ldapmodrdn are:

1

Trace

2

Packets

4

Arguments

32

Filters

128

Access control

To request more than one category of debugging information, add the masks. For example, to request trace and filter information, specify a debuglevel of 33.

-f file

Read the entry modification information from file instead of from standard input or the command-line.

-h ldaphost

Specify an alternate host on which the slapd server is running.

-M authentication

Specifies the authentication mechanism used to bind to the directory.

The default authentication method for ldapmodrdn is simple bind. simple bind sends the password to the server in the clear. The password is subject to snooping if the server is not local. You must use special care when you use this command with the default authentication method. If your server supports the challenge response method CRAM-MD5 authentication method, you can override the default authentication method by using the -M option with CRAM-MD5 as the value for authentication.

The bind DN and bind password are mandatory with this option.

-n

Show what would be done, but don't actually change entries. Useful in conjunction with -v for debugging.

-p ldapport

Specify an alternate TCP port where the slapd server is listening.

-r

Remove old RDN values from the entry. By default, old values are kept.

-v

Use verbose mode, with diagnostics written to standard output.

-w passwd

Use passwd as the password for authentication to the directory. When you use -w passwd to specify the password to be used for authentication, the password is visible to other users of the system by means of the ps command, in script files or in shell history. If you use the ldapmodrdn command without this option, the command will prompt for the password and read it from standard in. When used without the -w option, the password will not be visible to other users.

Input Format

The file /tmp/entrymods contains:

cn=Modify Me, o=XYZ, c=US
cn=The New Me

The command:

example%  ldapmodify -r -f /tmp/entrymods

changes the RDN of the "Modify Me" entry from "Modify Me" to "The New Me" and the old cn, "Modify Me" is removed.

See attributes(5) for a description of the following attributes:

ldapadd(1), ldapdelete(1), ldapmodify(1), ldapsearch(1), attributes(5)

Exit status is 0 if no errors occur. Errors result in a non-zero exit status and a diagnostic message being written to standard error.