1LDAPPASSWD(1)               General Commands Manual              LDAPPASSWD(1)
2
3
4

NAME

6       ldappasswd - change the password of an LDAP entry
7

SYNOPSIS

9       ldappasswd   [-V[V]]  [-d debuglevel]  [-n]  [-v]  [-A]  [-a oldPasswd]
10       [-t oldpasswdfile]   [-S]   [-s newPasswd]   [-T newpasswdfile]    [-x]
11       [-D binddn] [-W] [-w passwd] [-y passwdfile] [-H ldapuri] [-h ldaphost]
12       [-p ldapport]       [-e [!]ext[=extparam]]       [-E [!]ext[=extparam]]
13       [-o opt[=optparam]]  [-O security-properties]  [-I] [-Q] [-N] [-U auth‐
14       cid] [-R realm] [-X authzid] [-Y mech] [-Z[Z]] [user]
15

DESCRIPTION

17       ldappasswd is a tool to set the password of an LDAP  user.   ldappasswd
18       uses the LDAPv3 Password Modify (RFC 3062) extended operation.
19
20       ldappasswd sets the password of associated with the user [or an option‐
21       ally specified user].  If the new password is not specified on the com‐
22       mand  line  and  the  user doesn't enable prompting, the server will be
23       asked to generate a password for the user.
24
25       ldappasswd is neither designed nor intended to  be  a  replacement  for
26       passwd(1) and should not be installed as such.
27

OPTIONS

29       -V[V]  Print  version info.  If -VV is given, only the version informa‐
30              tion is printed.
31
32       -d debuglevel
33              Set the LDAP debugging level to debuglevel.  ldappasswd must  be
34              compiled  with  LDAP_DEBUG  defined  for this option to have any
35              effect.
36
37       -n     Do not set password. (Can be useful  when  used  in  conjunction
38              with -v or -d)
39
40       -v     Increase  the  verbosity  of  output.  Can be specified multiple
41              times.
42
43       -A     Prompt for old password.  This is used instead of specifying the
44              password on the command line.
45
46       -a oldPasswd
47              Set the old password to oldPasswd.
48
49       -t oldPasswdFile
50              Set the old password to the contents of oldPasswdFile.
51
52       -S     Prompt for new password.  This is used instead of specifying the
53              password on the command line.
54
55       -s newPasswd
56              Set the new password to newPasswd.
57
58       -T newPasswdFile
59              Set the new password to the contents of newPasswdFile.
60
61       -x     Use simple authentication instead of SASL.
62
63       -D binddn
64              Use the Distinguished Name binddn to bind to the LDAP directory.
65              For SASL binds, the server is expected to ignore this value.
66
67       -W     Prompt  for  bind  password.  This is used instead of specifying
68              the password on the command line.
69
70       -w passwd
71              Use passwd as the password to bind with.
72
73       -y passwdfile
74              Use complete contents of passwdfile as the password  for  simple
75              authentication.
76
77       -H ldapuri
78              Specify  URI(s) referring to the ldap server(s); only the proto‐
79              col/host/port fields are allowed; a list of  URI,  separated  by
80              whitespace or commas is expected.
81
82       -h ldaphost
83              Specify  an  alternate host on which the ldap server is running.
84              Deprecated in favor of -H.
85
86       -p ldapport
87              Specify an alternate TCP port where the ldap server  is  listen‐
88              ing.  Deprecated in favor of -H.
89
90       -e [!]ext[=extparam]
91
92       -E [!]ext[=extparam]
93
94              Specify  general extensions with -e and passwd modify extensions
95              with -E.  ´!´ indicates criticality.
96
97              General extensions:
98                [!]assert=<filter>    (an RFC 4515 Filter)
99                !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
100                [!]bauthzid           (RFC 3829 authzid control)
101                [!]chaining[=<resolve>[/<cont>]]
102                [!]manageDSAit
103                [!]noop
104                ppolicy
105                [!]postread[=<attrs>] (a comma-separated attribute list)
106                [!]preread[=<attrs>]  (a comma-separated attribute list)
107                [!]relax
108                sessiontracking
109                abandon,cancel,ignore (SIGINT sends abandon/cancel,
110                or ignores response; if critical, doesn't wait for SIGINT.
111                not really controls)
112
113              Passwd Modify extensions:
114                (none)
115
116       -o opt[=optparam]]
117
118              Specify general options.
119
120              General options:
121                nettimeout=<timeout>  (in seconds, or "none" or "max")
122                ldif-wrap=<width>     (in columns, or "no" for no wrapping)
123
124       -O security-properties
125              Specify SASL security properties.
126
127       -I     Enable SASL Interactive mode.  Always  prompt.   Default  is  to
128              prompt only as needed.
129
130       -Q     Enable SASL Quiet mode.  Never prompt.
131
132       -N     Do not use reverse DNS to canonicalize SASL host name.
133
134       -U authcid
135              Specify  the authentication ID for SASL bind. The form of the ID
136              depends on the actual SASL mechanism used.
137
138       -R realm
139              Specify the realm of authentication ID for SASL bind.  The  form
140              of the realm depends on the actual SASL mechanism used.
141
142       -X authzid
143              Specify  the  requested authorization ID for SASL bind.  authzid
144              must be one of the following formats: dn:<distinguished name> or
145              u:<username>.
146
147       -Y mech
148              Specify  the  SASL  mechanism  to be used for authentication. If
149              it's not specified, the program will choose the  best  mechanism
150              the server knows.
151
152       -Z[Z]  Issue StartTLS (Transport Layer Security) extended operation. If
153              you use -ZZ, the command will require the operation to  be  suc‐
154              cessful
155

SEE ALSO

157       ldap_sasl_bind(3), ldap_extended_operation(3), ldap_start_tls_s(3)
158

AUTHOR

160       The OpenLDAP Project <http://www.openldap.org/>
161

ACKNOWLEDGEMENTS

163       OpenLDAP  Software  is developed and maintained by The OpenLDAP Project
164       <http://www.openldap.org/>.  OpenLDAP Software is derived from the Uni‐
165       versity of Michigan LDAP 3.3 Release.
166
167
168
169OpenLDAP 2.4.46                   2018/03/22                     LDAPPASSWD(1)
Impressum