1LDAPPASSWD(1) General Commands Manual LDAPPASSWD(1)
2
3
4
6 ldappasswd - change the password of an LDAP entry
7
9 ldappasswd [-A] [-a oldPasswd] [-t oldpasswdfile] [-D binddn] [-d debu‐
10 glevel] [-H ldapuri] [-h ldaphost] [-n] [-p ldapport] [-S] [-s new‐
11 Passwd] [-T newpasswdfile] [-v] [-W] [-w passwd] [-y passwdfile]
12 [-O security-properties] [-I] [-Q] [-U authcid] [-R authcid] [-x]
13 [-X authzid] [-R realm] [-Y mech] [-Z[Z]] [user]
14
16 ldappasswd is a tool to set the password of an LDAP user. ldappasswd
17 uses the LDAPv3 Password Modify (RFC 3062) extended operation.
18
19 ldappasswd sets the password of associated with the user [or an option‐
20 ally specified user]. If the new password is not specified on the com‐
21 mand line and the user doesn't enable prompting, the server will be
22 asked to generate a password for the user.
23
24 ldappasswd is neither designed nor intended to be a replacement for
25 passwd(1) and should not be installed as such.
26
28 -A Prompt for old password. This is used instead of specifying the
29 password on the command line.
30
31 -a oldPasswd
32 Set the old password to oldPasswd.
33
34 -t oldPasswdFile
35 Set the old password to the contents of oldPasswdFile.
36
37 -x Use simple authentication instead of SASL.
38
39 -D binddn
40 Use the Distinguished Name binddn to bind to the LDAP directory.
41
42 -d debuglevel
43 Set the LDAP debugging level to debuglevel. ldappasswd must be
44 compiled with LDAP_DEBUG defined for this option to have any
45 effect.
46
47 -H ldapuri
48 Specify URI(s) referring to the ldap server(s); only the proto‐
49 col/host/port fields are allowed; a list of URI, separated by
50 whitespace or commas is expected.
51
52 -h ldaphost
53 Specify an alternate host on which the ldap server is running.
54 Deprecated in favor of -H.
55
56 -p ldapport
57 Specify an alternate TCP port where the ldap server is listen‐
58 ing. Deprecated in favor of -H.
59
60 -n Do not set password. (Can be useful when used in conjunction
61 with -v or -d)
62
63 -S Prompt for new password. This is used instead of specifying the
64 password on the command line.
65
66 -s newPasswd
67 Set the new password to newPasswd.
68
69 -T newPasswdFile
70 Set the new password to the contents of newPasswdFile.
71
72 -v Increase the verbosity of output. Can be specified multiple
73 times.
74
75 -W Prompt for bind password. This is used instead of specifying
76 the password on the command line.
77
78 -w passwd
79 Use passwd as the password to bind with.
80
81 -y passwdfile
82 Use complete contents of passwdfile as the password for simple
83 authentication.
84
85 -O security-properties
86 Specify SASL security properties.
87
88 -I Enable SASL Interactive mode. Always prompt. Default is to
89 prompt only as needed.
90
91 -Q Enable SASL Quiet mode. Never prompt.
92
93 -U authcid
94 Specify the authentication ID for SASL bind. The form of the ID
95 depends on the actual SASL mechanism used.
96
97 -R realm
98 Specify the realm of authentication ID for SASL bind. The form
99 of the realm depends on the actual SASL mechanism used.
100
101 -X authzid
102 Specify the requested authorization ID for SASL bind. authzid
103 must be one of the following formats: dn:<distinguishedname> or
104 u:<username>.
105
106 -Y mech
107 Specify the SASL mechanism to be used for authentication. If
108 it's not specified, the program will choose the best mechanism
109 the server knows.
110
111 -Z[Z] Issue StartTLS (Transport Layer Security) extended operation. If
112 you use -ZZ, the command will require the operation to be suc‐
113 cessful
114
116 ldap_sasl_bind(3), ldap_extended_operation(3), ldap_start_tls_s(3)
117
119 The OpenLDAP Project <http://www.openldap.org/>
120
122 OpenLDAP is developed and maintained by The OpenLDAP Project
123 (http://www.openldap.org/). OpenLDAP is derived from University of
124 Michigan LDAP 3.3 Release.
125
126
127
128OpenLDAP 2.3.34 2007/2/16 LDAPPASSWD(1)