Renaming an LDAP entry
The modrdn LDAP operation allows an authorized user to rename an LDAP entry’s RDN (that is, modifying the RDN of that entry).
Optionally, the modrdn operation can keep the old attributes that form the pristine RDN. This can be accomplished by specifiying deleteOldRDN:0 at the end of the modrdn data. If deleteOldRND:1 is specified at the end of the modrdn operation, or it is not specified at all, the modrdn operation will keep the attributes (and its values) that formed the pristine RDN.
For example, let’s add a sample entry:
$ ldapmodify ... dn:cn=John Smith,ou=People,dc=sample,dc=com changeType:add objectClass:top objectClass:person cn:John Smith sn:Smith
The attributes for the newly added entry are:
$ ldapsearch -x \ -b"cn=John Smith,ou=People,dc=sample,dc=com" \ -s base dn: cn=John Smith,ou=People,dc=sample,dc=com objectClass: top objectClass: person cn: John Smith sn: Smith
Now, using the ldapmodify command, let’s invoke the modrdn operation onto the sample entry:
$ ldapmodify ... dn:cn=John Smith,ou=People,dc=sample,dc=com changeType:modrdn newrdn:cn=John A. Smith deleteOldRDN:1
Since deleteOldRND:1 has been specified, the old cn attribiute (commonName), which was part of the RDN, is removed and then replaced by the new cn attribute and it’s new value.
$ ldapsearch -x \ -b"cn=John A. Smith,ou=People,dc=sample,dc=com" \ -s base dn: cn=John A. Smith,ou=People,dc=sample,dc=com objectClass: top objectClass: person sn: Smith cn: John A. Smith
Should have we specified deleteOldRND:0, then the entry would have looked as follows:
$ ldapsearch -x \ -b"cn=John A. Smith,ou=People,dc=sample,dc=com" \ -s base dn: cn=John A. Smith,ou=People,dc=sample,dc=com objectClass: top objectClass: person cn: John Smith cn: John A. Smith sn: Smith
Leave a Reply