ldapsetpasswd(1) General Commands Manual ldapsetpasswd(1)NAME
ldapsetpasswd - modifies a POSIX user account's password in LDAP.
SYNOPSIS
ldapsetpasswd <username|uid> [encodedpassword]
OPTIONS
<username | uid>
The name or uid of the user whose password has to be modified.
[encoded password]
If specified this way, the password will be copied verbatim into the LDAP directory. If not specified, you will be prompted for a
password that will be changed using the ldappasswd(1) command.
SEE ALSO ldapfinger(1), ldapid(1), ldapgid(1), ldapscripts(5).
AVAILABILITY
The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts
is available on : http://contribs.martymac.org
LIMITATIONS
When used interactively, passwords generated with this command are propagated with the ldappasswd(1) command. Thus, the resulting format
depends on the 'password-hash' option of your server's slapd.conf(5) file.
You can always force an encoded password (using the hash format of your choice) by specifying it on the command line.
BUGS
No bug known.
November 1, 2006 ldapsetpasswd(1)
Check Out this Related Man Page
ldapscripts(5) File Formats Manual ldapscripts(5)NAME
ldapscripts - Scripts to manage POSIX accounts in your LDAP directory.
DESCRIPTION
The ldapscripts are a set of shell (sh) scripts designed to manage POSIX accounts in an OpenLDAP directory. They can be used as standalone
tools or within Samba 3.x's smb.conf file.
REQUIREMENTS
The main requirements are the OpenLDAP client tools (ldapadd, ldapsearch, ldapdelete, ...). Other commands are called in the scripts but
should come with your OS (sed, grep, cut, ...).
CONFIGURATION
The main configuration of the ldapscripts is usually the file /etc/ldapscripts/ldapscripts.conf (or /usr/local/etc/ldapscripts/ldap-
scripts.conf, depending on your system). Modify it to fit your needs before using the scripts. Each script also uses a "runtime" file, usu-
ally /usr/lib/ldapscripts/runtime (or /usr/local/lib/ldapscripts/runtime). You don't need to modify this file.
TEMPLATES
Each script that adds information to the directory uses a template. Templates are directly embedded at the end of the scripts but it is
also possible to use external template files (see GTEMPLATE, UTEMPLATE and MTEMPLATE variables in the configuration file). Each template
consists of a preformatted LDIF file using special keywords that will be replaced on-the-fly. Sample files are provided for your conve-
nience : ldapaddgroup.template.sample, ldapadduser.template.sample and ldapaddmachine.template.sample. It is strongly advised to use those
files instead of modifying the embedded (default) templates in the scripts.
Sample templates include every keyword you can use. One special additional keyword is the <ask> keyword that will trigger user input to get
the attribute value interactively.
USING AS STANDALONE TOOLS
Each script can be used as a standard command-line tool. Check their man pages to get help.
USING WITH SAMBA 3.x
Each Samba 3.x smb.conf "xxx script" option has a matching script. Modify you smb.conf file this way to call them :
# [...]
add machine script = /usr/local/sbin/ldapaddmachine '%u' sambamachines
add user script = /usr/local/sbin/ldapadduser '%u' sambausers
add group script = /usr/local/sbin/ldapaddgroup '%g'
add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g'
delete user script = /usr/local/sbin/ldapdeleteuser '%u'
delete group script = /usr/local/sbin/ldapdeletegroup '%g'
delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g'
set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g'
rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew'
# [...]
SEE ALSO ldapdeletemachine(1), ldapmodifymachine(1), ldaprenamemachine(1), ldapadduser(1), ldapdeleteuserfromgroup(1), ldapfinger(1), ldapid(1),
ldapmodifyuser(1), lsldap(1), ldapaddusertogroup(1), ldaprenameuser(1), ldapinit(1), ldapsetpasswd(1), ldapaddgroup(1), ldapdeletegroup(1),
ldapsetprimarygroup(1), ldapmodifygroup(1), ldaprenamegroup(1), ldapaddmachine(1), ldapdeleteuser(1).
AVAILABILITY
The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts
is available on : http://contribs.martymac.org
BUGS
Sometimes, that kind of message may appear in the log file : Additional information: value does not conform to assertion syntax . Setting
slapd's debug level to 32 shows additional details : get_ava: illegal value for attributeType uidNumber . This is *not* a bug : the ldap-
scripts tend to use the power of LDAP filters to easily find users (or groups) using either a uidNumber (numerical value) or a uid (string
value). The following filter (used by ldapfinger(1)) will generate the above message if $_USER is a login : "(|(&(objectClass=posixAc-
count)(|(uid=$_USER)(uidNumber=$_USER))) (&(objectClass=posixGroup)(|(cn=$_USER)(gidNumber=$_USER))))" because filter part "(uidNum-
ber=$_USER)" requires an integer but gets a string. You can mostly ignore those warnings.
January 1, 2006 ldapscripts(5)