7.8. Processing an LDAP Modify RDN Operation

When the Directory Server receives an LDAP modifyRDN request from a client, the frontend gets the original DN of the entry, the new RDN, and, if the entry is moving to a different location in the directory tree, the DN of the new parent of the entry.

The frontend makes this information available to pre-operation and post-operation plug-in functions in the form of parameters in a parameter block.

Table 7.7. Table of Information Processed during an LDAP ModifyRDN Operation

Parameter ID	Data Type	Description
`SLAPI_MODRDN_TARGET`	char *	DN of the entry that you want to rename.
`SLAPI_MODRDN_NEWRDN`	char *	New RDN to assign to the entry.
`SLAPI_MODRDN_DELOLDRDN`	int	Specifies whether to delete the old RDN. `0` - Do not delete the old RDN. `1` - Delete the old RDN
`SLAPI_MODRDN_NEWSUPERIOR`	char *	DN of the new parent of the entry, if the entry is being moved to a new location in the directory tree.

The modify RDN function should check the following:

If the operation has been abandoned, the function should return -1.
Note
You do not need to call slapi_send_ldap_result() to send an LDAP error code to the client. According to the LDAP protocol, the client does not expect a server response after an operation is abandoned.
If the entry is a referral entry (that is, an entry with the object class ref) and no manageDSAIT control is included with the request, the function should call slapi_send_ldap_referral() to send a referral and return -1.
To determine if a manageDSAIT control is present, call slapi_pblock_get() to get the value of the SLAPI_MANAGEDSAIT parameter. If the value is 1, the control is included in the request. If the value is 0, the control is not included in the request.
If the entry does not exist, check the following:
- If the closest matching entry is a referral entry, and if no manageDSAIT control is included in the request, the function should call slapi_send_ldap_referral() to send a referral and return -1.
- Otherwise, the function should call slapi_send_ldap_result() to send an LDAP error code LDAP_NO_SUCH_OBJECT and return -1.
If the entry is not schema-compliant (call slapi_entry_schema_check() to determine this), the function should call slapi_send_ldap_result() to send the LDAP error code LDAP_OBJECT_CLASS_VIOLATION and should return -1.
If the RDN of the entry contains attribute values that are not part of the entry (for example, if the RDN is uid=bjensen, but the entry has no uid value or has a different uid value), the function should call slapi_send_ldap_result() to send the LDAP error code LDAP_NOT_ALLOWED_ON_RDN and should return -1.
If the requester does not have permission to modify the entry (call slapi_access_allowed() to determine this), the function should call slapi_send_ldap_result() to send the LDAP error code LDAP_INSUFFICIENT_ACCESS and should return -1.

You should also verify that the ACI syntax for the entry is correct; call slapi_acl_check_mods() to determine this.

If the modifyRDN function is successful, the function should call slapi_send_ldap_result() to send an LDAP_SUCCESS code back to the client and should return 0.

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

7.8. Processing an LDAP Modify RDN Operation

Where did the comment section go?