3.6. Renaming and Moving an Entry
ldapmodifyutility to send the LDIF statements to Directory Server when you rename an entry. For example, in interactive mode:
# ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x
ldapmodifycommands, see the ldapmodify(1) man page.
moddnAccess Control List (ACL) to grant permissions to move entries. For details, see Section 188.8.131.52, “Targeting Source and Destination DNs”.
3.6.1. Types of Rename Operations
- Renaming an Entry
- If you rename a entry, the
modrdnoperation changes the Relative Distinguished Name (RDN) of the entry:
- Renaming a Subentry
- For subtree entries, the
modrdnoperation renames the subtree and also the DN components of child entries:Note that for large subtrees, this process can take a lot of time and resources.
- Moving an Entry to a New Parent
- A similar action to renaming a subtree is moving an entry from one subtree to another. This is an expanded type of the
modrdnoperation, which simultaneously renames the entry and sets a
newSuperiorattribute which moves the entry from one parent to another:
3.6.2. Considerations for Renaming Entries
- You cannot rename the root suffix.
- Subtree rename operations have minimal effect on replication. Replication agreements are applied to an entire database, not a subtree within the database. Therefore, a subtree rename operation does not require reconfiguring a replication agreement. All name changes after a subtree rename operation are replicated as normal.
- Renaming a subtree might require any synchronization agreements to be reconfigured. Synchronization agreements are set at the suffix or subtree level. Therefore, renaming a subtree might break synchronization.
- Renaming a subtree requires that any subtree-level Access Control Instructions (ACI) set for the subtree be reconfigured manually, as well as any entry-level ACIs set for child entries of the subtree.
- Trying to change the component of a subtree, such as moving from
dc, might fail with a schema violation. For example, the
organizationalUnitobject class requires the
ouattribute. If that attribute is removed as part of renaming the subtree, the operation fails.
- If you move a group, the MemberOf plug-in automatically updates the
memberOfattributes. However, if you move a subtree that contain groups, you must manually create a task in the
cn=memberof taskentry or use the
fixup-memberof.plto update the related
memberOfattributes.For details about cleaning up
memberOfattribute references, see Section 184.108.40.206, “Regenerating
deleteOldRDNparameter controls whether the old RDN will be deleted or retained.
- The existing RDN is retained as a value in the new entry. The resulting entry contains two
cnattributes: one with the old and one with the new common name (CN).For example, the following attributes belong to a group that was renamed from
deleteOldRDN: 0parameter set.
dn: cn=new_group,ou=Groups,dc=example,dc=com objectClass: top objectClass: groupOfUniqueNames cn: old_group cn: new_group
- Directory Server deletes the old entry and creates a new entry using the new RDN. The new entry only contains the
cnattribute of the new entry.For example, the following group was renamed to
deleteOldRDN: 1parameter set:
dn: cn=new_group,ou=Groups,dc=example,dc=com objectClass: top objectClass: groupofuniquenames cn: new_group
3.6.4. Renaming an Entry or Subtree
changetype: modrdnoperation and set the new RDN in the
# ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x dn: cn=old_group,ou=Groups,dc=example,dc=com changetype: modrdn newrdn: cn=new_group deleteOldRDN: 1
deleteOldRDN, see Section 3.6.3, “The
3.6.5. Moving an Entry to a New Parent
changetype: modrdnoperation and set the following to attributes:
- Sets the RDN of the moved entry. You must set this entry, even if the RDN remains the same.
- Sets the DN of the new parent entry.
# ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x dn: uid=user,ou=Engineering,ou=People,dc=example,dc=com changetype: modrdn newrdn: uid=user newSuperior= ou=Marketing,ou=People,dc=example,dc=com deleteOldRDN: 1
deleteOldRDN, see Section 3.6.3, “The