1LDAPPASSWD(1) General Commands Manual LDAPPASSWD(1)
2
6 ldappasswd - change the password of an LDAP entry
7
9 ldappasswd [-A] [-a oldPasswd] [-t oldpasswdfile] [-D binddn] [-d debu‐
10 glevel] [-H ldapuri] [-h ldaphost] [-n] [-p ldapport] [-S] [-s new‐
11 Passwd] [-T newpasswdfile] [-v] [-W] [-w passwd] [-y passwdfile]
12 [-O security-properties] [-I] [-Q] [-U authcid] [-R authcid] [-x]
13 [-X authzid] [-R realm] [-Y mech] [-Z[Z]] [user]
14
16 ldappasswd is a tool to set the password of an LDAP user. ldappasswd
17 uses the LDAPv3 Password Modify (RFC 3062) extended operation.
18 ldappasswd sets the password of associated with the user [or an option‐
20 ally specified user]. If the new password is not specified on the com‐
21 mand line and the user doesn't enable prompting, the server will be
22 asked to generate a password for the user.
23 ldappasswd is neither designed nor intended to be a replacement for
25 passwd(1) and should not be installed as such.
26
28 -A Prompt for old password. This is used instead of specifying the
29 password on the command line.
30 -a oldPasswd
32 Set the old password to oldPasswd.
33 -t oldPasswdFile
35 Set the old password to the contents of oldPasswdFile.
36 -x Use simple authentication instead of SASL.
38 -D binddn
40 Use the Distinguished Name binddn to bind to the LDAP directory.
41 -d debuglevel
43 Set the LDAP debugging level to debuglevel. ldappasswd must be
44 compiled with LDAP_DEBUG defined for this option to have any
45 effect.
46 -H ldapuri
48 Specify URI(s) referring to the ldap server(s); only the proto‐
49 col/host/port fields are allowed; a list of URI, separated by
50 whitespace or commas is expected.
51 -h ldaphost
53 Specify an alternate host on which the ldap server is running.
54 Deprecated in favor of -H.
55 -p ldapport
57 Specify an alternate TCP port where the ldap server is listen‐
58 ing. Deprecated in favor of -H.
59 -n Do not set password. (Can be useful when used in conjunction
61 with -v or -d)
62 -S Prompt for new password. This is used instead of specifying the
64 password on the command line.
65 -s newPasswd
67 Set the new password to newPasswd.
68 -T newPasswdFile
70 Set the new password to the contents of newPasswdFile.
71 -v Increase the verbosity of output. Can be specified multiple
73 times.
74 -W Prompt for bind password. This is used instead of specifying
76 the password on the command line.
77 -w passwd
79 Use passwd as the password to bind with.
80 -y passwdfile
82 Use complete contents of passwdfile as the password for simple
83 authentication.
84 -O security-properties
86 Specify SASL security properties.
87 -I Enable SASL Interactive mode. Always prompt. Default is to
89 prompt only as needed.
90 -Q Enable SASL Quiet mode. Never prompt.
92 -U authcid
94 Specify the authentication ID for SASL bind. The form of the ID
95 depends on the actual SASL mechanism used.
96 -R realm
98 Specify the realm of authentication ID for SASL bind. The form
99 of the realm depends on the actual SASL mechanism used.
100 -X authzid
102 Specify the requested authorization ID for SASL bind. authzid
103 must be one of the following formats: dn:<distinguishedname> or
104 u:<username>.
105 -Y mech
107 Specify the SASL mechanism to be used for authentication. If
108 it's not specified, the program will choose the best mechanism
109 the server knows.
110 -Z[Z] Issue StartTLS (Transport Layer Security) extended operation. If
112 you use -ZZ, the command will require the operation to be suc‐
113 cessful
114
116 ldap_sasl_bind(3), ldap_extended_operation(3), ldap_start_tls_s(3)
117
119 The OpenLDAP Project <http://www.openldap.org/>
120
122 OpenLDAP is developed and maintained by The OpenLDAP Project
123 (http://www.openldap.org/). OpenLDAP is derived from University of
124 Michigan LDAP 3.3 Release.
125OpenLDAP 2.3.34 2007/2/16 LDAPPASSWD(1)