How to make ldappasswd use {SHA} instead of {SSHA} for users passwords in openldap? Post: 302909175

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Changing Users Passwords Via Script?

I am the administrator for a large network of HP/UX servers, about 100, this will be growing to over 200 in the next 18 months, part of my duties are to change the root passwords on these machines once month... which is a pain. I have written a script that will generate random passwords for me and...

2. UNIX for Dummies Questions & Answers

su - user... how to find out the list of users and their passwords..

hi, to do a su - user, we need to know what are the users... so in unix 1) which file to see the list of users, passwords?

3. Solaris

Solaris 10 openldap authentication with md5 passwords

Hello to everyone, We are trying to enable ldap authentication with pam_ldap and md5 passwords on a Solaris 10 system to an openldap server. If passwords are stored using crypt, everything works correctly. But if the password in openldap is in md5, then authentication fails. We have installed...

4. Solaris

To restrict the users not to change the passwords for NIS users

Hi All, How to restrict the NIS users not to change their passwords in for NIS users?? and my NIS user is unable to login to at client location what could be the problem for this ? Any body can help me. Thanks in advance.

5. UNIX for Advanced & Expert Users

check for users blank passwords

Hello, I have an AIX 5.3 system. I want to check users to see whether there are users with blank passwords but i would prefer to do that without checking /etc/passwd or /etc/security/passwd files. Also while i was searching the web for a solution i noticed that many people refer to /etc/shadow...

6. UNIX for Dummies Questions & Answers

how to make programs available to all users

Hi all, where (path) usually the programs are installed in linux. How to make installed programs available to all users of the system ? Thanks in advance!

7. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the...

8. Shell Programming and Scripting

Create multiple users with individual passwords to users

hi, i am new to shell scripts i write a shell script to create multiple users but i need to give passwords to that users while creating users, command to write this script

9. Red Hat

Problem with Script to email Admin users with expired passwords writed byygemici

Hi, I have problem with a script, it was working for 6 month and suddenly I started getting strange expire times example: # chage -l wXXp Last password change : Oct 28, 2014 Password expires : Nov 27, 2014 Password...

LEARN ABOUT OSX

ldappasswd

LDAPPASSWD(1)						      General Commands Manual						     LDAPPASSWD(1)

NAME

       ldappasswd - change the password of an LDAP entry

SYNOPSIS

       ldappasswd  [-A]  [-a oldPasswd] [-t oldpasswdfile] [-D binddn] [-d debuglevel] [-H ldapuri] [-h ldaphost] [-n] [-p ldapport] [-S] [-s new-
       Passwd]	[-T newpasswdfile]  [-v]  [-W]	[-w passwd]  [-y passwdfile]  [-O security-properties]	[-I]  [-Q]  [-U authcid]  [-R realm]  [-x]
       [-X authzid] [-Y mech] [-Z[Z]] [user]

DESCRIPTION

       ldappasswd is a tool to set the password of an LDAP user.  ldappasswd uses the LDAPv3 Password Modify (RFC 3062) extended operation.

       ldappasswd  sets  the  password of associated with the user [or an optionally specified user].  If the new password is not specified on the
       command line and the user doesn't enable prompting, the server will be asked to generate a password for the user.

       ldappasswd is neither designed nor intended to be a replacement for passwd(1) and should not be installed as such.

OPTIONS

       -A     Prompt for old password.	This is used instead of specifying the password on the command line.

       -a oldPasswd
	      Set the old password to oldPasswd.

       -t oldPasswdFile
	      Set the old password to the contents of oldPasswdFile.

       -x     Use simple authentication instead of SASL.

       -D binddn
	      Use the Distinguished Name binddn to bind to the LDAP directory.	For SASL binds, the server is expected to ignore this value.

       -d debuglevel
	      Set the LDAP debugging level to debuglevel.  ldappasswd must be compiled with LDAP_DEBUG defined for this option to have any effect.

       -H ldapuri
	      Specify URI(s) referring to the ldap server(s); only the protocol/host/port fields are allowed; a list of URI, separated	by  white-
	      space or commas is expected.

       -h ldaphost
	      Specify an alternate host on which the ldap server is running.  Deprecated in favor of -H.

       -p ldapport
	      Specify an alternate TCP port where the ldap server is listening.  Deprecated in favor of -H.

       -n     Do not set password. (Can be useful when used in conjunction with -v or -d)

       -S     Prompt for new password.	This is used instead of specifying the password on the command line.

       -s newPasswd
	      Set the new password to newPasswd.

       -T newPasswdFile
	      Set the new password to the contents of newPasswdFile.

       -v     Increase the verbosity of output.  Can be specified multiple times.

       -W     Prompt for bind password.  This is used instead of specifying the password on the command line.

       -w passwd
	      Use passwd as the password to bind with.

       -y passwdfile
	      Use complete contents of passwdfile as the password for simple authentication.

       -O security-properties
	      Specify SASL security properties.

       -I     Enable SASL Interactive mode.  Always prompt.  Default is to prompt only as needed.

       -Q     Enable SASL Quiet mode.  Never prompt.

       -U authcid
	      Specify the authentication ID for SASL bind. The form of the ID depends on the actual SASL mechanism used.

       -R realm
	      Specify the realm of authentication ID for SASL bind. The form of the realm depends on the actual SASL mechanism used.

       -X authzid
	      Specify  the  requested  authorization  ID  for SASL bind.  authzid must be one of the following formats: dn:<distinguished name> or
	      u:<username>.

       -Y mech
	      Specify the SASL mechanism to be used for authentication. If it's not specified, the program will  choose  the  best  mechanism  the
	      server knows.

       -Z[Z]  Issue  StartTLS (Transport Layer Security) extended operation. If you use -ZZ, the command will require the operation to be success-
	      ful

SEE ALSO

       ldap_sasl_bind(3), ldap_extended_operation(3), ldap_start_tls_s(3)

AUTHOR

       The OpenLDAP Project <http://www.openldap.org/>

ACKNOWLEDGEMENTS

       OpenLDAP Software is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.  OpenLDAP Software is derived	from  Uni-
       versity of Michigan LDAP 3.3 Release.

OpenLDAP 2.4.28 						    2011/11/24							     LDAPPASSWD(1)