Modify LDAP EntryUUID attribute
This blog post was published more than one year ago and might be outdated!
· One min read
After migrating our old LDAP Server to a new instance, we realized that the EntryUUID attribute had changed. One of our internal applications relies on that attribute so we had to modify it to not break things.
First, we created a ldif file update.ldif containing all entries that need to be changed. The content of the file looks
like this:
dn: cn=Jon Doe,ou=people,dc=mycompany,dc=com
changetype: modify
replace: entryUUID
entryUUID: f9db7632-ab33-103b-8bc7-1f4363035b71
To apply the update, we ran the following command:
ldapmodify -h ldap.loc -p 389 -D cn=admin,dc=mycompany,dc=com -w somepwd -f update.ldif -Z
The LDAP server responded with:
modifying entry "cn=Jon Doe,ou=people,dc=mycompany,dc=com"
ldap_modify: Constraint violation (19)
additional info: entryUUID: no user modification allowed
Apparently, metadata like the EntryUUID can't be changed by default. However, OpenLDAP offers a relax mode which
allows you to make such a change. Pass the -e relax parameter and the update will be applied:
ldapmodify -h ldap.loc -p 389 -D cn=admin,dc=mycompany,dc=com -w somepwd -f update.ldif -Z -e relax