DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

ldappasswd(1)




LDAPPASSWD(1)            USER COMMANDS              LDAPPASSWD(1)


NAME

     ldappasswd - change the password of an LDAP entry


SYNOPSIS

     ldappasswd    [-A]     [-a oldPasswd]     [-t oldpasswdfile]
     [-D binddn]  [-d debuglevel] [-H ldapuri] [-h ldaphost] [-n]
     [-p ldapport] [-S]  [-s newPasswd]  [-T newpasswdfile]  [-v]
     [-W]  [-w passwd]  [-y passwdfile]  [-O security-properties]
     [-I]  [-Q]  [-U authcid]  [-R authcid]   [-x]   [-X authzid]
     [-R realm] [-Y mech] [-Z[Z]] [user]


DESCRIPTION

     ldappasswd is a tool to set the password of  an  LDAP  user.
     ldappasswd  uses  the  LDAPv3  Password  Modify  (RFC  3062)
     extended operation.

     ldappasswd sets the password of associated with the user [or
     an  optionally  specified user].  If the new password is not
     specified on the command line and the  user  doesn't  enable
     prompting,  the  server will be asked to generate a password
     for the user.

     ldappasswd is neither designed nor intended to be a replace-
     ment for passwd(1) and should not be installed as such.


OPTIONS

     -A   Prompt for old  password.   This  is  used  instead  of
          specifying the password on the command line.

     -a oldPasswd
          Set the old password to oldPasswd.

     -t oldPasswdFile
          Set the old password to the contents of oldPasswdFile.

     -x   Use simple authentication instead of SASL.

     -D binddn
          Use the Distinguished Name binddn to bind to  the  LDAP
          directory.

     -d debuglevel
          Set the LDAP debugging level to debuglevel.  ldappasswd
          must  be  compiled  with  LDAP_DEBUG  defined  for this
          option to have any effect.

     -H ldapuri
          Specify URI(s) referring to the ldap server(s).

     -h ldaphost
          Specify an alternate host on which the ldap  server  is
          running.  Deprecated in favor of -H.

OpenLDAP LDVERSION  Last change: RELEASEDATE                    1

LDAPPASSWD(1)            USER COMMANDS              LDAPPASSWD(1)

     -p ldapport
          Specify an alternate TCP port where the ldap server  is
          listening.  Deprecated in favor of -H.

     -n   Do not set password. (Can be useful when used  in  con-
          junction with -v or -d)

     -S   Prompt for new  password.   This  is  used  instead  of
          specifying the password on the command line.

     -s newPasswd
          Set the new password to newPasswd.

     -T newPasswdFile
          Set the new password to the contents of newPasswdFile.

     -v   Increase the verbosity of  output.   Can  be  specified
          multiple times.

     -W   Prompt for bind password.   This  is  used  instead  of
          specifying the password on the command line.

     -w passwd
          Use passwd as the password to bind with.

     -y passwdfile
          Use complete contents of passwdfile as the password for
          simple authentication.

     -O security-properties
          Specify SASL security properties.

     -I   Enable SASL Interactive mode.  Always prompt.   Default
          is to prompt only as needed.

     -Q   Enable SASL Quiet mode.  Never prompt.

     -U authcid
          Specify the authentication ID for SASL bind.  The  form
          of the ID depends on the actual SASL mechanism used.

     -R realm
          Specify the realm of authentication ID for  SASL  bind.
          The  form  of  the  realm  depends  on  the actual SASL
          mechanism used.

     -X authzid
          Specify the requested authorization ID for  SASL  bind.
          authzid   must   be   one  of  the  following  formats:
          dn:<distinguishedname> or u:<username>.

     -Y mech

OpenLDAP LDVERSION  Last change: RELEASEDATE                    2

LDAPPASSWD(1)            USER COMMANDS              LDAPPASSWD(1)

          Specify the SASL mechanism to be used  for  authentica-
          tion.  If  it's  not specified, the program will choose
          the best mechanism the server knows.

     -Z[Z]
          Issue  StartTLS  (Transport  Layer  Security)  extended
          operation. If you use -ZZ, the command will require the
          operation to be successful


SEE ALSO

     ldap_sasl_bind(3),               ldap_extended_operation(3),
     ldap_start_tls_s(3)


AUTHOR

     The OpenLDAP Project <http://www.openldap.org/>


ACKNOWLEDGEMENTS

     OpenLDAP is developed and maintained by The OpenLDAP Project
     (http://www.openldap.org/).    OpenLDAP   is   derived  from
     University of Michigan LDAP 3.3 Release.

OpenLDAP LDVERSION  Last change: RELEASEDATE                    3


Man(1) output converted with man2html