1LDAPPASSWD(1) General Commands Manual LDAPPASSWD(1)
2
3
4
6 ldappasswd - change the password of an LDAP entry
7
9 ldappasswd [-A] [-a oldPasswd] [-t oldpasswdfile] [-D binddn] [-d debu‐
10 glevel] [-H ldapuri] [-h ldaphost] [-n] [-p ldapport] [-S] [-s new‐
11 Passwd] [-T newpasswdfile] [-v] [-W] [-w passwd] [-y passwdfile]
12 [-O security-properties] [-I] [-Q] [-U authcid] [-R realm] [-x]
13 [-X authzid] [-Y mech] [-Z[Z]] [user]
14
16 ldappasswd is a tool to set the password of an LDAP user. ldappasswd
17 uses the LDAPv3 Password Modify (RFC 3062) extended operation.
18
19 ldappasswd sets the password of associated with the user [or an option‐
20 ally specified user]. If the new password is not specified on the com‐
21 mand line and the user doesn't enable prompting, the server will be
22 asked to generate a password for the user.
23
24 ldappasswd is neither designed nor intended to be a replacement for
25 passwd(1) and should not be installed as such.
26
28 -A Prompt for old password. This is used instead of specifying the
29 password on the command line.
30
31 -a oldPasswd
32 Set the old password to oldPasswd.
33
34 -t oldPasswdFile
35 Set the old password to the contents of oldPasswdFile.
36
37 -x Use simple authentication instead of SASL.
38
39 -D binddn
40 Use the Distinguished Name binddn to bind to the LDAP directory.
41 For SASL binds, the server is expected to ignore this value.
42
43 -d debuglevel
44 Set the LDAP debugging level to debuglevel. ldappasswd must be
45 compiled with LDAP_DEBUG defined for this option to have any
46 effect.
47
48 -H ldapuri
49 Specify URI(s) referring to the ldap server(s); only the proto‐
50 col/host/port fields are allowed; a list of URI, separated by
51 whitespace or commas is expected.
52
53 -h ldaphost
54 Specify an alternate host on which the ldap server is running.
55 Deprecated in favor of -H.
56
57 -p ldapport
58 Specify an alternate TCP port where the ldap server is listen‐
59 ing. Deprecated in favor of -H.
60
61 -n Do not set password. (Can be useful when used in conjunction
62 with -v or -d)
63
64 -S Prompt for new password. This is used instead of specifying the
65 password on the command line.
66
67 -s newPasswd
68 Set the new password to newPasswd.
69
70 -T newPasswdFile
71 Set the new password to the contents of newPasswdFile.
72
73 -v Increase the verbosity of output. Can be specified multiple
74 times.
75
76 -W Prompt for bind password. This is used instead of specifying
77 the password on the command line.
78
79 -w passwd
80 Use passwd as the password to bind with.
81
82 -y passwdfile
83 Use complete contents of passwdfile as the password for simple
84 authentication.
85
86 -O security-properties
87 Specify SASL security properties.
88
89 -I Enable SASL Interactive mode. Always prompt. Default is to
90 prompt only as needed.
91
92 -Q Enable SASL Quiet mode. Never prompt.
93
94 -U authcid
95 Specify the authentication ID for SASL bind. The form of the ID
96 depends on the actual SASL mechanism used.
97
98 -R realm
99 Specify the realm of authentication ID for SASL bind. The form
100 of the realm depends on the actual SASL mechanism used.
101
102 -X authzid
103 Specify the requested authorization ID for SASL bind. authzid
104 must be one of the following formats: dn:<distinguished name> or
105 u:<username>.
106
107 -Y mech
108 Specify the SASL mechanism to be used for authentication. If
109 it's not specified, the program will choose the best mechanism
110 the server knows.
111
112 -Z[Z] Issue StartTLS (Transport Layer Security) extended operation. If
113 you use -ZZ, the command will require the operation to be suc‐
114 cessful
115
117 ldap_sasl_bind(3), ldap_extended_operation(3), ldap_start_tls_s(3)
118
120 The OpenLDAP Project <http://www.openldap.org/>
121
123 OpenLDAP Software is developed and maintained by The OpenLDAP Project
124 <http://www.openldap.org/>. OpenLDAP Software is derived from Univer‐
125 sity of Michigan LDAP 3.3 Release.
126
127
128
129OpenLDAP 2.4.23 2010/06/30 LDAPPASSWD(1)