When you rename an entry with child entries, the directory has to move all the entries underneath.
![[Note]](common/images/admon/note.png) |
Note |
|---|---|
|
The modify DN operation only works when moving entries in the same backend, under the same suffix. Also, depending on the number of entries you move, this can be a resource-intensive operation. |
With the ldapmodify command, authorized users can move entries in the directory.
Example 6.17. Move: Merging Customer and Employees Under
ou=People
The following example moves
ou=Customers,dc=example,dc=com to
ou=People,dc=example,dc=com, and then moves each
employee under ou=Employees,dc=example,dc=com
under ou=People,dc=example,dc=com as well, finally
removing the empty ou=Employees,dc=example,dc=com
container. Here, deleteoldrdn: 1 indicates that the
old RDN, ou: Customers, should be removed from the
entry. For employees, deleteoldrdn: 0 indicates that
old RDNs, in this case uid attribute values, should
be preserved.
$ cat move-customers.ldif
dn: ou=Customers,dc=example,dc=com
changetype: modrdn
newrdn: ou=People
deleteoldrdn: 1
newsuperior: dc=example,dc=com
$ ldapmodify
--port 1389
--bindDN "cn=Directory Manager"
--bindPassword password
--filename move-customers.ldif
Processing MODIFY DN request for ou=Customers,dc=example,dc=com
MODIFY DN operation successful for DN ou=Customers,dc=example,dc=com
$ cat move-employees.pl
#!/usr/bin/perl -w
# For each employee, construct a spec to move under ou=People.
while (<>)
{
# Next line folded for readability only. Should not be split.
$_ =~ s/dn: (.*?)(,.*)/dn: $1$2\nchangetype: moddn\nnewrdn: $1\n
deleteoldrdn: 0\nnewsuperior: ou=People,dc=example,dc=com/;
print;
}
$ ldapsearch --port 1389 --baseDN ou=Employees,dc=example,dc=com uid=* - |
move-employees.pl > /tmp/move-employees.ldif
$ head -n 6 /tmp/move-employees.ldif
dn: uid=abarnes,ou=Employees,dc=example,dc=com
changetype: moddn
newrdn: uid=abarnes
deleteoldrdn: 0
newsuperior: ou=People,dc=example,dc=com
$ ldapmodify
--port 1389
--bindDN "cn=Directory Manager"
--bindPassword password
--filename /tmp/move-employees.ldif
Processing MODIFY DN request for uid=abarnes,ou=Employees,dc=example,dc=com
MODIFY DN operation successful for DN uid=abarnes,ou=Employees,dc=example,dc=com
Processing MODIFY DN request for uid=abergin,ou=Employees,dc=example,dc=com
MODIFY DN operation successful for DN uid=abergin,ou=Employees,dc=example,dc=com
...
Processing MODIFY DN request for uid=wlutz,ou=Employees,dc=example,dc=com
MODIFY DN operation successful for DN uid=wlutz,ou=Employees,dc=example,dc=com
$ ldapdelete
--port 1389
--bindDN "cn=Directory Manager"
--bindPassword password
ou=Employees,dc=example,dc=com
Processing DELETE request for ou=Employees,dc=example,dc=com
DELETE operation successful for DN ou=Employees,dc=example,dc=com