-.TH LDAPMODRDN 1 "10 November 1998" "OpenLDAP LDVERSION"
+.TH LDAPMODRDN 1 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP$
+.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
-ldapmodrdn \- ldap modify entry RDN tool
+ldapmodrdn \- LDAP rename entry tool
.SH SYNOPSIS
.B ldapmodrdn
[\c
[\c
.BR \-c ]
[\c
+.BR \-M[M] ]
+[\c
.BI \-d \ debuglevel\fR]
[\c
.BI \-D \ binddn\fR]
[\c
.BI \-w \ passwd\fR]
[\c
+.BI \-y \ passwdfile\fR]
+[\c
+.BI \-H \ ldapuri\fR]
+[\c
.BI \-h \ ldaphost\fR]
[\c
.BI \-p \ ldapport\fR]
[\c
+.BI \-P \ 2\fR\||\|\fI3\fR]
+[\c
+.BR \-O \ security-properties ]
+[\c
+.BR \-I ]
+[\c
+.BR \-Q ]
+[\c
+.BI \-U \ authcid\fR]
+[\c
+.BI \-R \ realm\fR]
+[\c
+.BR \-x ]
+[\c
+.BI \-X \ authzid\fR]
+[\c
+.BI \-Y \ mech\fR]
+[\c
+.BR \-Z[Z] ]
+[\c
.BI \-f \ file\fR]
[\c
.I dn rdn\fR]
Use verbose mode, with many diagnostics written to standard output.
.TP
.B \-k
-Use Kerberos authentication instead of simple authentication. It is
+Use Kerberos IV authentication instead of simple authentication. It is
assumed that you already have a valid ticket granting ticket.
.B ldapmodrdn
-must be compiled with KERBEROS defined for this option to have effect.
+must be compiled with Kerberos support for this option to have effect.
.TP
.B \-K
-Same as \-k, but only does step 1 of the kerberos bind. This is useful
+Same as \-k, but only does step 1 of the Kerberos IV bind. This is useful
when connecting to a slapd and there is no x500dsa.hostname principal
-registered with your kerberos servers.
+registered with your Kerberos Domain Controller(s).
.TP
.B \-c
-Continuous operation mode. Errors are reported, but ldapmodify
+Continuous operation mode. Errors are reported, but ldapmodrdn
will continue with modifications. The default is to exit after
reporting an error.
.TP
+.B \-M[M]
+Enable manage DSA IT control.
+.B \-MM
+makes control critical.
+.TP
.B \-d debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldapmodrdn
Read the entry modification information from \fIfile\fP instead of from
standard input or the command-line.
.TP
+.B \-x
+Use simple authentication instead of SASL.
+.TP
.B \-D binddn
-Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should be
-a string-represented DN as defined in RFC 1779.
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
.TP
.B \-W
Prompt for simple authentication.
.B \-w passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
-.B \-h ldaphost
+.BI \-y \ passwdfile
+Use complete contents of \fIpasswdfile\fP as the password for
+simple authentication.
+.TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s).
+.TP
+.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
.TP
-.B \-p ldapport
+.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
+.TP
+.BI \-P \ 2\fR\||\|\fI3
+Specify the LDAP protocol version to use.
+.TP
+.BI \-O \ security-properties
+Specify SASL security properties.
+.TP
+.B \-I
+Enable SASL Interactive mode. Always prompt. Default is to prompt
+only as needed.
+.TP
+.B \-Q
+Enable SASL Quiet mode. Never prompt.
+.TP
+.BI \-U \ authcid
+Specify the authentication ID for SASL bind. The form of the ID
+depends on the actual SASL mechanism used.
+.TP
+.BI \-R \ realm
+Specify the realm of authentication ID for SASL bind. The form of the realm
+depends on the actual SASL mechanism used.
+.TP
+.BI \-X \ authzid
+Specify the requested authorization ID for SASL bind.
+.I authzid
+must be one of the following formats:
+.B dn:\c
+.I <distinguished name>
+or
+.B u:\c
+.I <username>
+.TP
+.BI \-Y \ mech
+Specify the SASL mechanism to be used for authentication. If it's not
+specified, the program will choose the best mechanism the server knows.
+.TP
+.B \-Z[Z]
+Issue StartTLS (Transport Layer Security) extended operation. If you use
+.B \-ZZ\c
+, the command will require the operation to be successful.
.SH INPUT FORMAT
If the command-line arguments \fIdn\fP and \fIrdn\fP are given, \fIrdn\fP
will replace the RDN of the entry specified by the DN, \fIdn\fP.
exists and has the contents:
.LP
.nf
- cn=Modify Me, o=University of Michigan, c=US
+ cn=Modify Me,dc=example,dc=com
cn=The New Me
.fi
.LP
the command:
.LP
.nf
- ldapmodify -r -f /tmp/entrymods
+ ldapmodrdn -r -f /tmp/entrymods
.fi
.LP
will change the RDN of the "Modify Me" entry from "Modify Me" to
.BR ldap.conf (5),
.BR ldap (3),
.BR ldap_modrdn2 (3)
-.LP
-Kille, S.,
-.IR "A String Representation of Distinguished Names",
-.SM RFC
-1779,
-ISODE Consortium, March 1995.
-.SH BUGS
-There is no interactive mode, but there probably should be.
+.SH AUTHOR
+The OpenLDAP Project <http://www.openldap.org/>
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
+.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
+.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
projects / openldap / blobdiff