Felipe Alfaro Solana

The modrdn LDAP operation allows an authorized user to rename an LDAP entry’s RDN (that is, modifying the RDN of that entry).

Optionally, the modrdn operation can keep the old attributes that form the pristine RDN. This can be accomplished by specifiying deleteOldRDN:0 at the end of the modrdn data. If deleteOldRND:1 is specified at the end of the modrdn operation, or it is not specified at all, the modrdn operation will keep the attributes (and its values) that formed the pristine RDN.

For example, let’s add a sample entry:

$ ldapmodify ...
dn:cn=John Smith,ou=People,dc=sample,dc=com
changeType:add
objectClass:top
objectClass:person
cn:John Smith
sn:Smith

The attributes for the newly added entry are:

$ ldapsearch -x \
  -b"cn=John Smith,ou=People,dc=sample,dc=com" \
  -s base
dn: cn=John Smith,ou=People,dc=sample,dc=com
objectClass: top
objectClass: person
cn: John Smith
sn: Smith

Now, using the ldapmodify command, let’s invoke the modrdn operation onto the sample entry:

$ ldapmodify ...
dn:cn=John Smith,ou=People,dc=sample,dc=com
changeType:modrdn
newrdn:cn=John A. Smith
deleteOldRDN:1

Since deleteOldRND:1 has been specified, the old cn attribiute (commonName), which was part of the RDN, is removed and then replaced by the new cn attribute and it’s new value.

$ ldapsearch -x \
  -b"cn=John A. Smith,ou=People,dc=sample,dc=com" \
  -s base
dn: cn=John A. Smith,ou=People,dc=sample,dc=com
objectClass: top
objectClass: person
sn: Smith
cn: John A. Smith

Should have we specified deleteOldRND:0, then the entry would have looked as follows:

$ ldapsearch -x \
  -b"cn=John A. Smith,ou=People,dc=sample,dc=com" \
  -s base
dn: cn=John A. Smith,ou=People,dc=sample,dc=com
objectClass: top
objectClass: person
cn: John Smith
cn: John A. Smith
sn: Smith