After migrating our old LDAP Server to a new instance, we realized that the EntryUUID attribute had changed. One of our internal applications relies on that attribute so we had to modify it to not break things.
First, we created a ldif file
update.ldif containing all entries that need to be changed. The content of the file looks
dn: cn=Jon Doe,ou=people,dc=mycompany,dc=com
To apply the update, we ran the following command:
ldapmodify -h ldap.loc -p 389 -D cn=admin,dc=mycompany,dc=com -w somepwd -f update.ldif -Z
The LDAP server responded with:
modifying entry "cn=Jon Doe,ou=people,dc=mycompany,dc=com"
ldap_modify: Constraint violation (19)
additional info: entryUUID: no user modification allowed
Apparently, metadata like the
EntryUUID can't be changed by default. However, OpenLDAP offers a
relax mode which
allows you to make such a change. Pass the
-e relax parameter and the update will be applied:
ldapmodify -h ldap.loc -p 389 -D cn=admin,dc=mycompany,dc=com -w somepwd -f update.ldif -Z -e relax