Change RDN from one attribute to another

Tagged: 

This topic has 4 replies, 3 voices, and was last updated 5 years, 6 months ago by Ludo.

  • Author
    Posts
  • #16524

    Hi,

    Right now we have around 15Million records in production and UID is our RDN. But we want to change the RDN from UID to some other GUID attribute. And both of these(UID and GUID) attributes exist and are already populated with the values. So we need to just flip the RDN attribute without affecting any data.

    Current: DN: UID=john,ou=people,dc=xyz,dc=com

    Need to change it to: DN: GUID=3kjkejfkd,ou=people,dc=xyz,dc=com

    Any good solutions will be appreciated.

    Thanks,
    Anji.

    #16533
     Brad Tumy
    Participant

    Hey Anji,

    I don’t see a reference to it in the OpenDJ docs but here is a reference from the Sun days:
    Modifying Directory Entries (hint: scroll down to “change rdn”).

    You could quickly write a python (or bash) script (I have some examples if you need them) to knock this out. My only concern would be the amount of time it takes to update 15M records.

    Before you try this … check out bugster as I noticed that there are few old issues on this. They very well could all be closed but better safe than sorry.

    Brad Tumy
    TUMY | TECH

    • This reply was modified 5 years, 6 months ago by Brad Tumy.
    • This reply was modified 5 years, 6 months ago by Brad Tumy.
    • This reply was modified 5 years, 6 months ago by Brad Tumy.
    #16537

    Thanks Brad. The link that you have given explains how to change the value of the RDN and doesn’t show how to change the RDN attribute itself. Can you confirm please?

    Thanks,
    Anji.

    #16539
     Brad Tumy
    Participant

    Anji,

    Is this a follow on question to:

    RDN change for user creation

    It looks like you have the answer for how to change the value that OpenDJ is using on authentication as the RDN but OpenAM’s self-service module is populating the value that you are using for username into this attribute.

    Could you go into a little more detail about your use case? I don’t want to give you incorrect information.

    Thanks,
    Brad

    • This reply was modified 5 years, 6 months ago by Brad Tumy.
    #16547
     Ludo
    Moderator

    LDAP allows to rename an entry with the moddn operation, with the following LDIF statement.
    You can choose to keep or delete the old RDN.

    ldapmodify ...
    dn: uid=john,ou=people,dc=xyz,dc=com
    changetype: moddn
    newrdn: guid=xxxxxxx
    deleteoldrdn: 0
    -
    

    It will take a while to loop through all entries, but it’ll work.
    Alternately you could export all data to LDIF file, use a script to change all records, and then reimport everything.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?