How to modify DN of an LDAP entry?

I have a requirement to change the CN of a LDAP group (cn=mahendra).

I have constructed the ldif file as shown below.

dn: cn=mahendra,cn=groups,dc=oracle,dc=com
changetype: modify
replace: cn
cn: mahendrak

When I ran the ldapmodify command to change DN, it resulted in error as shown below.

$ ./ldapmodify -h testmac.oracle.com -p 389 -D cn=orcladmin -w Admin123 -v -f mahendra.ldif
replace cn:
mahendrak
modifying entry cn=mahendra,cn=groups,dc=oracle,dc=com
ldap_modify: Operation not allowed on RDN
ldap_modify: additional info: Modifying the naming attribute for the entry without modifying the dn

So here is the workaround. The DN value has to be changed in a different manner, look at the ldif file constructed for it.

dn: cn=mahendra,cn=groups,dc=oracle,dc=com
changetype: moddn
newrdn: cn=mahendrak
deleteoldrdn: 1

When I ran the ldapmodify it is succesful.

$ ./ldapmodify -h testmac.oracle.com -p 389 -D cn=orcladmin -w Admin123 -v -f mahendra.ldif
new RDN: cn=mahendrak (do not keep existing values)
modifying rdn of entry cn=mahendra,cn=groups,dc=oracle,dc=com
modrdn completed

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

How to modify DN of an LDAP entry?

About the Author Mahendra

Leave a Comment:

2 comments