|Linux & Unix Commands - Search Man Pages
ldappasswd - change the password of an LDAP entry
ldappasswd [-A] [-a oldPasswd] [-t oldpasswdfile] [-D binddn] [-d debuglevel] [-H ldapuri]
[-h ldaphost] [-n] [-p ldapport] [-S] [-s newPasswd] [-T newpasswdfile] [-v] [-W]
[-w passwd] [-y passwdfile] [-O security-properties] [-I] [-Q] [-U authcid] [-R authcid]
[-x] [-X authzid] [-R realm] [-Y mech] [-Z[Z]] [user]
ldappasswd is a tool to set the password of an LDAP user. ldappasswd uses the LDAPv3
Password Modify (RFC 3062) extended operation.
ldappasswd sets the password of associated with the user [or an optionally specified
user]. If the new password is not specified on the command line and the user doesn't
enable prompting, the server will be asked to generate a password for the user.
ldappasswd is neither designed nor intended to be a replacement for passwd(1) and should
not be installed as such.
-A Prompt for old password. This is used instead of specifying the password on the
Set the old password to oldPasswd.
Set the old password to the contents of oldPasswdFile.
-x Use simple authentication instead of SASL.
Use the Distinguished Name binddn to bind to the LDAP directory.
Set the LDAP debugging level to debuglevel. ldappasswd must be compiled with
LDAP_DEBUG defined for this option to have any effect.
Specify URI(s) referring to the ldap server(s).
Specify an alternate host on which the ldap server is running. Deprecated in favor
Specify an alternate TCP port where the ldap server is listening. Deprecated in
favor of -H.
-n Do not set password. (Can be useful when used in conjunction with -v or -d)
-S Prompt for new password. This is used instead of specifying the password on the
Set the new password to newPasswd.
Set the new password to the contents of newPasswdFile.
-v Increase the verbosity of output. Can be specified multiple times.
-W Prompt for bind password. This is used instead of specifying the password on the
Use passwd as the password to bind with.
Use complete contents of passwdfile as the password for simple authentication.
Specify SASL security properties.
-I Enable SASL Interactive mode. Always prompt. Default is to prompt only as needed.
-Q Enable SASL Quiet mode. Never prompt.
Specify the authentication ID for SASL bind. The form of the ID depends on the
actual SASL mechanism used.
Specify the realm of authentication ID for SASL bind. The form of the realm depends
on the actual SASL mechanism used.
Specify the proxy authorization ID for SASL bind. authzid must be one of the fol-
lowing formats: dn:<distinguishedname> or u:<username>.
Specify the SASL mechanism to be used for authentication. If it's not specified,
the program will choose the best mechanism the server knows.
-Z[Z] Issue StartTLS (Transport Layer Security) extended operation. If you use -ZZ, the
command will require the operation to be successful
ldap_sasl_bind(3), ldap_extended_operation(3), ldap_start_tls_s(3)
The OpenLDAP Project <http://www.openldap.org/>
OpenLDAP is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
OpenLDAP is derived from University of Michigan LDAP 3.3 Release.
OpenLDAP 2.1.X RELEASEDATE LDAPPASSWD(1)
All times are GMT -4. The time now is 02:37 PM.