Use ldapmodify
with the moddn changetype
keyword to move or rename entries in an LDAP database. The moddn
request cannot be used to move entries between namingContexts
or between servers. This article provides an example of moving an entry uid=user.0,ou=people,dc=example,dc=com
to the branch ou=people2,dc=example,dc=com
.
Given the following entry:
ldapsearch --hostname localhost --port 1389 \
--searchScope base \
--baseDn uid=user.0,ou=people,dc=example,dc=com \
'(objectClass=*)' 1.1
dn: uid=user.0,ou=people,dc=example,dc=com
And the following two branches:
ldapsearch --hostname localhost --port 1389 \
--searchScope one --baseDn dc=example,dc=com \
'(objectClass=*)' 1.1
dn: ou=People,dc=example,dc=com
dn: ou=people2,dc=example,dc=com
Move the user.0
entry from the ou=People
branch to the ou=people2
branch. Create the following LDIF:
dn: uid=user.0,ou=people,dc=example,dc=com
changetype: moddn
newrdn: uid=user.0
deleteoldrdn: 1
newsuperior: ou=people2,dc=example,dc=com
The newrdn
and deleteoldrdn
fields are required when the changetype is specified as moddn
. The newsuperior
field is optional, and if present must contain the name of an object (which must exist) that will become the new parent of the specified entry. If newsuperior
is not present, then the object is renamed under the existing parent. The value used in the DN or the newsuperior
cannot be aliases. If the entry named by newrdn
under newsuperior
already exists, the operation will fail and the code for entry already exists (decimal 68) is returned to the client.
Use ldapmodify
to move the entry. Specify the post-read control for the uid attribute and use the older OpenLDAP version of ldapmodify
:
/usr/bin/ldapmodify -h localhost -p 1389 \
-D 'cn=directory manager' -W -c -a \
-f ~/ldif/rename.LDIF -e postread=uid
Enter LDAP Password:
modifying rdn of entry \
"uid=user.0,ou=people,dc=example,dc=com"
control: 1.3.6.1.1.13.2 false ...
# ==> postread
dn: uid=user.0,ou=people2,dc=example,dc=com
uid: user.0
# <== postread
import com.unboundid.ldap.sdk.Control;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPResult;
import com.unboundid.ldap.sdk.ModifyDNRequest;
import com.unboundid.ldap.sdk.controls.PostReadRequestControl;
import com.unboundid.ldap.sdk.controls.PreReadRequestControl;
class Example {
public LDAPResult modifyDn(String hostname,int port,
String existingDn,String newDn,
boolean deleteOldRdn,String newSuperiorDn,
String[] preReadAttributes,
String[] postReadAttributes) {
LDAPResult result;
try {
LDAPConnection ldapConnection = new LDAPConnection(hostname,port);
Control[] controls = new Control[] {
new PreReadRequestControl(preReadAttributes),
new PostReadRequestControl(postReadAttributes)
};
ModifyDNRequest r = new ModifyDNRequest(existingDn,
newDn,deleteOldRdn,
newSuperiorDn,controls);
result = ldapConnection.modifyDN(r);
ldapConnection.close();
} catch(LDAPException lex) {
System.err.println(lex.getLocalizedMessage());
result = null;
}
return result;
}
}
See Also: