1LDAPPASSWD(1) General Commands Manual LDAPPASSWD(1)
2
6 ldappasswd - change the password of an LDAP entry
7
9 ldappasswd [-A] [-a oldPasswd] [-t oldpasswdfile] [-D binddn] [-d debu‐
10 glevel] [-H ldapuri] [-h ldaphost] [-n] [-p ldapport] [-S] [-s new‐
11 Passwd] [-T newpasswdfile] [-v] [-W] [-w passwd] [-y passwdfile]
12 [-O security-properties] [-I] [-Q] [-U authcid] [-R realm] [-x]
13 [-X authzid] [-Y mech] [-Z[Z]] [user]
14
16 ldappasswd is a tool to set the password of an LDAP user. ldappasswd
17 uses the LDAPv3 Password Modify (RFC 3062) extended operation.
18 ldappasswd sets the password of associated with the user [or an option‐
20 ally specified user]. If the new password is not specified on the com‐
21 mand line and the user doesn't enable prompting, the server will be
22 asked to generate a password for the user.
23 ldappasswd is neither designed nor intended to be a replacement for
25 passwd(1) and should not be installed as such.
26
28 -A Prompt for old password. This is used instead of specifying the
29 password on the command line.
30 -a oldPasswd
32 Set the old password to oldPasswd.
33 -t oldPasswdFile
35 Set the old password to the contents of oldPasswdFile.
36 -x Use simple authentication instead of SASL.
38 -D binddn
40 Use the Distinguished Name binddn to bind to the LDAP directory.
41 For SASL binds, the server is expected to ignore this value.
42 -d debuglevel
44 Set the LDAP debugging level to debuglevel. ldappasswd must be
45 compiled with LDAP_DEBUG defined for this option to have any
46 effect.
47 -H ldapuri
49 Specify URI(s) referring to the ldap server(s); only the proto‐
50 col/host/port fields are allowed; a list of URI, separated by
51 whitespace or commas is expected.
52 -h ldaphost
54 Specify an alternate host on which the ldap server is running.
55 Deprecated in favor of -H.
56 -p ldapport
58 Specify an alternate TCP port where the ldap server is listen‐
59 ing. Deprecated in favor of -H.
60 -n Do not set password. (Can be useful when used in conjunction
62 with -v or -d)
63 -S Prompt for new password. This is used instead of specifying the
65 password on the command line.
66 -s newPasswd
68 Set the new password to newPasswd.
69 -T newPasswdFile
71 Set the new password to the contents of newPasswdFile.
72 -v Increase the verbosity of output. Can be specified multiple
74 times.
75 -W Prompt for bind password. This is used instead of specifying
77 the password on the command line.
78 -w passwd
80 Use passwd as the password to bind with.
81 -y passwdfile
83 Use complete contents of passwdfile as the password for simple
84 authentication.
85 -O security-properties
87 Specify SASL security properties.
88 -I Enable SASL Interactive mode. Always prompt. Default is to
90 prompt only as needed.
91 -Q Enable SASL Quiet mode. Never prompt.
93 -U authcid
95 Specify the authentication ID for SASL bind. The form of the ID
96 depends on the actual SASL mechanism used.
97 -R realm
99 Specify the realm of authentication ID for SASL bind. The form
100 of the realm depends on the actual SASL mechanism used.
101 -X authzid
103 Specify the requested authorization ID for SASL bind. authzid
104 must be one of the following formats: dn:<distinguished name> or
105 u:<username>.
106 -Y mech
108 Specify the SASL mechanism to be used for authentication. If
109 it's not specified, the program will choose the best mechanism
110 the server knows.
111 -Z[Z] Issue StartTLS (Transport Layer Security) extended operation. If
113 you use -ZZ, the command will require the operation to be suc‐
114 cessful
115
117 ldap_sasl_bind(3), ldap_extended_operation(3), ldap_start_tls_s(3)
118
120 The OpenLDAP Project <http://www.openldap.org/>
121
123 OpenLDAP Software is developed and maintained by The OpenLDAP Project
124 <http://www.openldap.org/>. OpenLDAP Software is derived from Univer‐
125 sity of Michigan LDAP 3.3 Release.
126OpenLDAP 2.4.23 2010/06/30 LDAPPASSWD(1)