The CFLDAP tag can modify the distinguished name (DN) for a given entry by setting the ACTION attribute to ModifyDN. Our example LDAP directory uses a distinguished name (DN) consisting of three parts:

uid=x, ou=people, o=arius.com

The uid portion of the dn is known as the leaf relative distinguished name (RDN). The LDAP protocol specifies that when modifying the dn, only the leaf RDN may be modified. This means that you can only change the value of uid using the CFLDAP tag with the action set to ModifyDN. If you need to change any of the non-leaf RDN values (effectively moving the location of the entry in the directory), you have to delete the entry and recreate it under the correct branch.

To better understand how this works, consider the Example 15-10 where we modify the distinguished name by changing each entry’s current user id (uid) to a unique one created with ColdFusion’s CreateUUID( ) function. This method of generating a uid guarantees a unique identifier (unlike concatenating strings like the user’s given name and surname).

<!--- Query the LDAP directory for all of the user entries ---> <CFLDAP ACTION="QUERY" NAME="GetUsers" ATTRIBUTES="dn,cn" START="o=airius.com" SCOPE="SUBTREE" FILTER="sn>=a" SERVER="localhost" TIMEOUT="90"> <!--- Output before changing the DN ---> <H3>Original list of user entries</H3> <CFOUTPUT QUERY="GetUsers"> #cn#: #dn#<BR> </CFOUTPUT> <!--- loop over ...