Do not use the modify DN operation to move an entry from one suffix to another suffix, or to rename or move the root suffix.
Ensure that you are running Directory Server 5.2 2005Q1 or later. The modify DN operation cannot be used on versions of Directory Server prior to Directory Server 5.2 2005Q1.
Do not use the entryid operational attribute in your application because it is reserved for internal use only. The entryid attribute of an entry can change when an entry is moved.
Enable the modify DN operation globally for all suffixes on a server, or individually on each suffix where you wish to run the operation. By default the modify DN operation is disabled.
Extend the ACI rights on each suffix where you wish to run the modify DN operation. The Import access right allows an entry to be imported to the specified DN. The Export access right allows an entry to be exported from the specified DN.
Before performing a modify DN operation, ensure that the operation would not break client authentication. If you move an entry that refers to a client certificate, client authentication will break. After moving an entry, validate your certificates.
Before performing a modify DN operation, ensure that the operation would not break your application. The rename or move of an entry can affect several suffixes, or can change the following characteristics of the entry:
The scope of a filtered role of an entry.
The nested role of an entry, where the nested role contains a filtered role.
The dynamic group membership of an entry.