Modify a User ID (part of RDN) in an IDM Environment.
search cancel

Modify a User ID (part of RDN) in an IDM Environment.


Article ID: 15754


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On


In CA IDM a user id is created in the format of <firstname>.<lastname>

We have a user who's last name has been changed and we need the User ID also to reflect the changed last name.

We cannot modify the USER ObjectType by changing the uid which is a part of the RDN.

Please suggest us on how to proceed with this.


Tested with IM r12.6.SP8.CR1 and a user store on DXserver 12.0.15.?


You're right from IM User Console, you cannot modify the USER Object-type by changing the uid which is a part of the RDN as the whole DN deals with a unique name. 

Some mechanisms prevent you to do this from the web UI as the WRITEONCE permission in the directory definition and the READ ONLY permission in the role and task settings. 

Modifying the user object RDN will fail with: [LDAP: error code 67 - Not Allowed On RDN] This is not supported. 


You can do it manually to work around this issue using a ldapmodrdn command against your user object. 

See my following script sample: 



SET ETAHOME="C:\Program Files (x86)\CA\Identity Manager\Provisioning Server" 

:: Host name of CA LDAP server: 

SET HOST=<Your_Hostname>

:: Host name of CA LDAP server: 

SET PORT=<your_Portnumber> 

:: Provisioning Server administrator: 

SET USERDN="uid=<PS admin username>,ou=People,ou=Employee,ou=<ou>,dc=security,dc=com" 

:: Provisioning Server administrator password: 

SET PASSWD=<secret> 


%ETAHOME%\bin\ldapmodrdn -h %HOST% -p %PORT% -D %USERDN% -w %PASSWD% uid=<username>,ou=people,ou=<ou>,dc=security,dc=com uid=<username2>


Note: The usage is: ldapmodrdn [options] [dn rdn]

rdn will replace the RDN of the entry specified by DN.