-c
Continuous operation mode. Errors are reported, but
ldapmodify continues with modifications. The default is to exit after
reporting an error.
-D bindDN
Use the distinguished name binddn to bind to the
directory.
-d debuglevel
Set the LDAP debugging level. Useful values of
debuglevel for
ldapmodrdn are:
1
Trace
2
Packets
4
Arguments
32
Filters
128
Access control
To request more than one category of debugging information, add
the masks. For example, to request trace and filter information, specify a
debuglevel of 33.
-E
Ask server to expose (report) bind identity by means of
authentication response control.
-f file
Read the entry modification information from file
instead of from standard input or the command-line.
-?
Display the usage help text that briefly describes all
options.
-H
Display the usage help text that briefly describes all
options.
-h ldaphost
Specify an alternate host on which the LDAP server is
running.
-i locale
Specify the character set to use for the -f
LDIFfile or standard input. The default is the character set specified
in the LANG environment variable. You might choose to use this option
to perform the conversion from the specified character set to UTF8, thus
overriding the LANG setting.
-J
[:criticality[:value|::b64value|b64value|:fileurl]]
Criticality is a boolean value (default is
false).
-j filename
Specify a file containing the password for the bind DN or
the password for the SSL client's key database. To protect the password, use
this option in scripts and place the password in a secure file. This option is
mutually exclusive of the -w and -W options.
-k path
Specify the path to a directory containing conversion
routines. These routines are used if you want to specify a locale that is not
supported by default by your directory server. This is for NLS support.
-M
Manage smart referrals. When they are the target of the
operation, modify the entry containing the referral instead of the entry
obtained by following the referral.
-n
Previews modifications, but makes no changes to entries.
Useful in conjunction with -v and -d for debugging.
-N certificate
Specify the certificate name to use for certificate-based
client authentication. For example: -N
"Directory-Cert".
-n
Show what would be done, but do not actually change
entries. Useful in conjunction with -v for debugging.
-o attributename=value
For SASL mechanisms and other options such as security
properties, mode of operation, authorization ID, authentication ID, and so
forth.
The different attribute names and their values are as follows:
secProp="number"
For defining SASL security properties.
realm="value"
Specifies SASL realm (default is
realm=none).
authzid="value"
Specify the authorization ID name for SASL bind.
authid="value"
Specify the authentication ID for SASL bind.
mech="value"
Specifies the various SASL mechanisms.
-O hopLimit
Specify the maximum number of referral hops to follow
while finding an entry to modify. By default, there is no limit.
-P path
Specify the path and filename of the client's certificate
database. For example:
-P /home/uid/.netscape/cert7.db
When using the command on the same host as the directory server,
you can use the server's own certificate database. For example:
-P installDir/lapd-serverID/alias/cert7.db
Use the -P option alone to specify server authentication
only.
-p ldapport
Specify an alternate TCP port where the secure LAPD
server is listening.
-R
Do not automatically follow referrals returned while
searching.
-r
Remove old RDN values from the entry. By default, old
values are kept.
-V version
Specify the LDAP protocol version number to be used for
the delete operation, either 2 or 3. LDAP v3 is the default. Specify LDAP v2
when connecting to servers that do not support v3.
-v
Use verbose mode, with diagnostics written to standard
output.
-W password
Specify the password for the client's key database given
in the -P option. This option is required for certificate-based client
authentication. Specifying password on the command line has security
issues because the password can be seen by others on the system by means of
the ps command. Use the -j instead to specify the password from
the file. This option is mutually exclusive of -j.
-w passwd
Use passwd as the password for authentication to
the directory. When you use -w passwd to specify the password to
be used for authentication, the password is visible to other users of the
system by means of the ps command, in script files or in shell history.
If you use the ldapmodrdn command without this option, the command will
prompt for the password and read it from standard in. When used without the
-w option, the password will not be visible to other users.
-Y proxyid
Specify the proxy DN (proxied authorization id) to use
for the modify operation, usually in double quotes ("") for the
shell.
-Z
Specify that SSL be used to provide certificate-based
client authentication. This option requires the -N and SSL password and
any other of the SSL options needed to identify the certificate and the key
database.
If the command-line arguments dn and rdn are given,
rdn replaces the RDN of the entry specified by the DN, dn.
Otherwise, the contents of file (or standard input if the
- f option is not specified) must consist of one or more pair
of lines:
Distinguished Name (DN)
Relative Distinguished Name (RDN)
Use one or more blank lines to separate each DN/RDN pair.