.TH LDAPMODRDN 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2011 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapmodrdn \- LDAP rename entry tool
[\c
.BR \-c ]
[\c
-.BR \-M[M] ]
+.BR \-M [ M ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
[\c
.BI \-p \ ldapport\fR]
[\c
-.BI \-P \ 2\fR\||\|\fI3\fR]
+.BR \-P \ { 2 \||\| 3 }]
[\c
-.BR \-O \ security-properties ]
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
[\c
.BI \-Y \ mech\fR]
[\c
-.BR \-Z[Z] ]
+.BR \-Z [ Z ]]
[\c
.BI \-f \ file\fR]
[\c
.TP
.B \-n
Show what would be done, but don't actually change entries. Useful for
-debugging in conjunction with -v.
+debugging in conjunction with \fB\-v\fP.
.TP
.B \-v
Use verbose mode, with many diagnostics written to standard output.
will continue with modifications. The default is to exit after
reporting an error.
.TP
-.B \-M[M]
+.BR \-M [ M ]
Enable manage DSA IT control.
.B \-MM
makes control critical.
.TP
-.B \-d debuglevel
+.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldapmodrdn
must be
compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
-.B \-f file
+.BI \-f \ file
Read the entry modification information from \fIfile\fP instead of from
standard input or the command-line.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
-.B \-D binddn
+.BI \-D \ binddn
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL Binds, the server is expected to ignore this value.
+For SASL binds, the server is expected to ignore this value.
.TP
.B \-W
Prompt for simple authentication.
This is used instead of specifying the password on the command line.
.TP
-.B \-w passwd
+.BI \-w \ passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
.BI \-y \ passwdfile
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of -H.
+Deprecated in favor of \fB\-H\fP.
.TP
-.BI \-P \ 2\fR\||\|\fI3
+.BR \-P \ { 2 \||\| 3 }
Specify the LDAP protocol version to use.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+.TP
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
+
+Specify general extensions with \fB\-e\fP and modrdn extensions with \fB\-E\fP.
+\'\fB!\fP\' indicates criticality.
+
+General extensions:
+.nf
+ [!]assert=<filter> (an RFC 4515 Filter)
+ !authzid=<authzid> ("dn:<dn>" or "u:<user>")
+ [!]bauthzid (RFC 3829 authzid control)
+ [!]chaining[=<resolve>[/<cont>]]
+ [!]manageDSAit
+ [!]noop
+ ppolicy
+ [!]postread[=<attrs>] (a comma-separated attribute list)
+ [!]preread[=<attrs>] (a comma-separated attribute list)
+ [!]relax
+ sessiontracking[=<username>]
+ abandon,cancel,ignore (SIGINT sends abandon/cancel,
+ or ignores response; if critical, doesn't wait for SIGINT.
+ not really controls)
+.fi
+
+Modrdn extensions:
+.nf
+ (none)
+.fi
+.TP
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
-.B dn:\c
-.I <distinguished name>
+.BI dn: "<distinguished name>"
or
-.B u:\c
-.I <username>
+.BI u: <username>
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
-.B \-Z[Z]
+.BR \-Z [ Z ]
Issue StartTLS (Transport Layer Security) extended operation. If you use
-.B \-ZZ\c
-, the command will require the operation to be successful.
+\fB\-ZZ\fP, the command will require the operation to be successful.
.SH INPUT FORMAT
If the command-line arguments \fIdn\fP and \fIrdn\fP are given, \fIrdn\fP
will replace the RDN of the entry specified by the DN, \fIdn\fP.
.LP
Otherwise, the contents of \fIfile\fP (or standard input if
-no
-.RI \- f
-flag is given) should consist of one or more entries.
+no \fB\-f\fP flag is given) should consist of one or more entries.
.LP
.nf
Distinguished Name (DN)
the command:
.LP
.nf
- ldapmodrdn -r -f /tmp/entrymods
+ ldapmodrdn \-r \-f /tmp/entrymods
.fi
.LP
will change the RDN of the "Modify Me" entry from "Modify Me" to
projects / openldap / blobdiff