Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Apropos / Subsearch:
optional field

ldapmodrdn(1)                    User Commands                   ldapmodrdn(1)

       ldapmodrdn - ldap modify entry RDN tool

       ldapmodrdn  [-r]  [-n] [-v] [-c] [-E] [-H] [-?] [-M] [-R] [-Z] [-V ver-
       sion] [-d debuglevel] [-D bindDN] [-w passwd] [-h ldaphost] [-i locale]
       [-j filename]    [-J     [:criticality]]   [-k path]   [-N certificate]
       [-O hopLimit]  [-P path]  [-W password]  [-p ldapport]   [-o attribute-
       name=value] [-f file] [-Y proxyDN] [ dn rdn]

       ldapmodrdn  opens  a  connection to an LDAP server, binds, and modifies
       the RDN of entries. The entry information is read from standard  input,
       from  file  through  the use of the -f option, or from the command-line
       pair dn and rdn.


           Continuous operation mode. Errors are reported, but ldapmodify con-
           tinues  with  modifications. The default is to exit after reporting
           an error.

       -D bindDN

           Use the distinguished name binddn to bind to the directory.

       -d debuglevel

           Set the LDAP debugging level. Useful values of debuglevel for ldap-
           modrdn are:

           1        Trace

           2        Packets

           4        Arguments

           32       Filters

           128      Access control

           To request more than one category of debugging information, add the
           masks. For example, to request trace and filter information,  spec-
           ify a debuglevel of 33.


           Ask server to expose (report) bind identity by means of authentica-
           tion response control.

       -f file

           Read the entry modification information from file instead  of  from
           standard input or the command-line.


           Display the usage help text that briefly describes all options.


           Display the usage help text that briefly describes all options.

       -h  ldaphost

           Specify an alternate host on which the LDAP server is running.

       -i locale

           Specify  the  character  set to use for the -f LDIFfile or standard
           input. The default is the character set specified in the LANG envi-
           ronment  variable.   You might choose to use this option to perform
           the conversion from the specified character set to UTF8, thus over-
           riding the LANG setting.

       -J [:criticality[:value|::b64value|b64value|:fileurl]]

           Criticality is a boolean value (default is false).

       -j filename

           Specify a file containing the password for the bind DN or the pass-
           word for the SSL client's key database. To  protect  the  password,
           use this option in scripts and place the password in a secure file.
           This option is mutually exclusive of the -w and -W options.

       -k path

           Specify the path to a  directory  containing  conversion  routines.
           These routines are used if you want to specify a locale that is not
           supported by default by your directory server. This is for NLS sup-


           Manage  smart referrals. When they are the target of the operation,
           modify the entry containing  the  referral  instead  of  the  entry
           obtained by following the referral.


           Previews  modifications, but makes no changes to entries. Useful in
           conjunction with -v and -d for debugging.

       -N certificate

           Specify the certificate name to use  for  certificate-based  client
           authentication. For example: -N "Directory-Cert".


           Show what would be done, but do not actually change entries. Useful
           in conjunction with -v for debugging.

       -o attributename=value

           For SASL mechanisms and other options such as security  properties,
           mode  of  operation,  authorization  ID,  authentication ID, and so

           The different attribute names and their values are as follows:


               For defining SASL security properties.


               Specifies SASL realm (default is realm=none).


               Specify the authorization ID name for SASL bind.


               Specify the authentication ID for SASL bind.


               Specifies the various SASL mechanisms.

       -O hopLimit

           Specify the maximum number of referral hops to follow while finding
           an entry to modify. By default, there is no limit.

       -P path

           Specify the path and filename of the client's certificate database.
           For example:

           -P /home/uid/.netscape/cert7.db

           When using the command on the same host as  the  directory  server,
           you can use the server's own certificate database. For example:

           -P installDir/lapd-serverID/alias/cert7.db

           Use the -P option alone to specify server authentication only.

       -p ldapport

           Specify  an alternate TCP port where the secure LAPD server is lis-


           Do not automatically follow referrals returned while searching.


           Remove old RDN values from the entry. By default,  old  values  are

       -V version

           Specify  the LDAP protocol version number to be used for the delete
           operation, either 2 or 3. LDAP v3 is the default. Specify  LDAP  v2
           when connecting to servers that do not support v3.


           Use verbose mode, with diagnostics written to standard output.

       -W password

           Specify  the password for the client's key database given in the -P
           option.  This  option  is  required  for  certificate-based  client
           authentication.  Specifying  password on the command line has secu-
           rity issues because the password can be seen by others on the  sys-
           tem  by  means of the ps command. Use the -j instead to specify the
           password from the file. This option is mutually exclusive of -j.

       -w passwd

           Use passwd as the password for  authentication  to  the  directory.
           When  you  use  -w  passwd  to  specify the password to be used for
           authentication, the password is visible to other users of the  sys-
           tem  by  means  of the ps command, in script files or in shell his-
           tory. If you use the ldapmodrdn command without  this  option,  the
           command  will prompt for the password and read it from standard in.
           When used without the -w option, the password will not  be  visible
           to other users.

       -Y proxyid

           Specify the proxy DN (proxied authorization id) to use for the mod-
           ify operation, usually in double quotes ("") for the shell.


           Specify that  SSL  be  used  to  provide  certificate-based  client
           authentication.  This  option  requires the -N and SSL password and
           any other of the SSL options needed to identify the certificate and
           the key database.

   Input Format
       If  the  command-line  arguments dn and rdn are given, rdn replaces the
       RDN of the entry specified by the DN, dn.

       Otherwise, the contents of file (or standard input if the - f option is
       not specified) must consist of one or more pair of lines:

           Distinguished Name (DN)
           Relative Distinguished Name (RDN)

       Use one or more blank lines to separate each DN/RDN pair.

       The file /tmp/entrymods contains:

       cn=Modify Me, o=XYZ, c=US
       cn=The New Me

       The command:

       example% ldapmodify -r -f /tmp/entrymods

       changes  the  RDN of the "Modify Me" entry from "Modify Me" to "The New
       Me" and the old cn, "Modify Me" is removed.

       See attributes(5) for a description of the following attributes:

       tab()    allbox;    cw(2.750000i)|     cw(2.750000i)     lw(2.750000i)|
       lw(2.750000i).   ATTRIBUTE TYPEATTRIBUTE VALUE AvailabilitySUNWcsu Sta-
       bility LevelEvolving

       ldapadd(1), ldapdelete(1), ldapmodify(1), ldapsearch(1), attributes(5)

       Exit status is 0 if no errors occur. Errors result in a  non-zero  exit
       status and a diagnostic message being written to standard error.

SunOS 5.10                        15 Jan 2004                    ldapmodrdn(1)