NAME
ldappasswd - change the password of an LDAP entry
SYNOPSIS
ldappasswd
[-A]
[-a oldPasswd]
[-t oldpasswdfile]
[-D binddn]
[-d debuglevel]
[-H ldapuri]
[-h ldaphost]
[-n]
[-p ldapport]
[-S]
[-s newPasswd]
[-T newpasswdfile]
[-v]
[-W]
[-w passwd]
[-y passwdfile]
[-O security-properties]
[-I]
[-Q]
[-U authcid]
[-R realm]
[-x]
[-X authzid]
[-Y mech]
[-Z[Z]]
[user]
DESCRIPTION
ldappasswd
is a tool to set the password of an LDAP user.
ldappasswd
uses the LDAPv3 Password Modify (RFC 3062) extended operation.
ldappasswd
sets the password of associated with the user [or an optionally
specified
user].
If the new
password is not specified on the command line and the user
doesn't enable prompting, the server will be asked to generate
a password for the user.
ldappasswd
is neither designed nor intended to be a replacement for
passwd(1)
and should not be installed as such.
OPTIONS
-
-A
-
Prompt for old password.
This is used instead of specifying the password on the command line.
-
-a oldPasswd
-
Set the old password to _o_l_d_P_a_s_s_w_d.
-
-t oldPasswdFile
-
Set the old password to the contents of _o_l_d_P_a_s_s_w_d_F_i_l_e.
-
-x
-
Use simple authentication instead of SASL.
-
-D binddn
-
Use the Distinguished Name _b_i_n_d_d_n to bind to the LDAP directory.
-
-d debuglevel
-
Set the LDAP debugging level to _d_e_b_u_g_l_e_v_e_l.
ldappasswd
must be compiled with LDAP_DEBUG defined for this option to have any effect.
-
-H ldapuri
-
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
fields are allowed; a list of URI, separated by whitespace or commas
is expected.
-
-h ldaphost
-
Specify an alternate host on which the ldap server is running.
Deprecated in favor of -H.
-
-p ldapport
-
Specify an alternate TCP port where the ldap server is listening.
Deprecated in favor of -H.
-
-n
-
Do not set password. (Can be useful when used in conjunction with
-v or
-d)
-
-S
-
Prompt for new password.
This is used instead of specifying the password on the command line.
-
-s newPasswd
-
Set the new password to _n_e_w_P_a_s_s_w_d.
-
-T newPasswdFile
-
Set the new password to the contents of _n_e_w_P_a_s_s_w_d_F_i_l_e.
-
-v
-
Increase the verbosity of output. Can be specified multiple times.
-
-W
-
Prompt for bind password.
This is used instead of specifying the password on the command line.
-
-w passwd
-
Use _p_a_s_s_w_d as the password to bind with.
-
-y passwdfile
-
Use complete contents of _p_a_s_s_w_d_f_i_l_e as the password for
simple authentication.
-
-O security-properties
-
Specify SASL security properties.
-
-I
-
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
-
-Q
-
Enable SASL Quiet mode. Never prompt.
-
-U authcid
-
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
-
-R realm
-
Specify the realm of authentication ID for SASL bind. The form of the realm
depends on the actual SASL mechanism used.
-
-X authzid
-
Specify the requested authorization ID for SASL bind.
authzid
must be one of the following formats:
dn:name>
or
_<_b_>_u_:_<_/_b_>_<_i_>_<_u_s_e_r_n_a_m_e_>.
-
-Y mech
-
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
-
-Z[Z]
-
Issue StartTLS (Transport Layer Security) extended operation. If you use
-ZZ,
the command will require the operation to be successful
SEE ALSO
ldap_sasl_bind(3)
ldap_extended_operation(3)
ldap_start_tls_s(3)
AUTHOR
The OpenLDAP Project
ACKNOWLEDGEMENTS
OpenLDAP Software
is developed and maintained by The OpenLDAP Project .
OpenLDAP Software
is derived from University of Michigan LDAP 3.3 Release.