Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   31559 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

LDAPPASSWD(1)					    LDAPPASSWD(1)

NAME
       ldappasswd - change the password of an LDAP entry

SYNOPSIS
       ldappasswd    [-A]    [-a oldPasswd]    [-t oldpasswdfile]
       [-D binddn]  [-d debuglevel]  [-H ldapuri]   [-h ldaphost]
       [-n]  [-p ldapport] [-S] [-s newPasswd] [-T newpasswdfile]
       [-v] [-W] [-w passwd] [-y passwdfile] [-O security-proper-
       ties]	[-I]	[-Q]   [-U authcid]   [-R authcid]   [-x]
       [-X authzid] [-R realm] [-Y mech] [-Z[Z]] [user]

DESCRIPTION
       ldappasswd is a tool to set the password of an LDAP  user.
       ldappasswd  uses	 the  LDAPv3  Password	Modify (RFC 3062)
       extended operation.

       ldappasswd sets the password of associated with	the  user
       [or an optionally specified user].  If the new password is
       not specified on the command line  and  the  user  doesn't
       enable  prompting,  the server will be asked to generate a
       password for the user.

       ldappasswd is  neither  designed	 nor  intended	to  be	a
       replacement  for	 passwd(1) and should not be installed as
       such.

OPTIONS
       -A     Prompt for old password.	This is used  instead  of
	      specifying the password on the command line.

       -a oldPasswd
	      Set the old password to oldPasswd.

       -t oldPasswdFile
	      Set  the old password to the contents of oldPasswd-
	      File.

       -x     Use simple authentication instead of SASL.

       -D binddn
	      Use the Distinguished Name binddn to  bind  to  the
	      LDAP directory.

       -d debuglevel
	      Set  the LDAP debugging level to debuglevel.  ldap-
	      passwd must be compiled with LDAP_DEBUG defined for
	      this option to have any effect.

       -H ldapuri
	      Specify URI(s) referring to the ldap server(s).

       -h ldaphost
	      Specify  an alternate host on which the ldap server
	      is running.  Deprecated in favor of -H.

       -p ldapport
	      Specify an alternate TCP port where the ldap server
	      is listening.  Deprecated in favor of -H.

       -n     Do  not  set  password. (Can be useful when used in
	      conjunction with -v or -d)

       -S     Prompt for new password.	This is used  instead  of
	      specifying the password on the command line.

       -s newPasswd
	      Set the new password to newPasswd.

       -T newPasswdFile
	      Set  the new password to the contents of newPasswd-
	      File.

       -v     Increase the verbosity of output.	 Can be specified
	      multiple times.

       -W     Prompt  for bind password.  This is used instead of
	      specifying the password on the command line.

       -w passwd
	      Use passwd as the password to bind with.

       -y passwdfile
	      Use complete contents of passwdfile as the password
	      for simple authentication.

       -O security-properties
	      Specify SASL security properties.

       -I     Enable   SASL  Interactive  mode.	  Always  prompt.
	      Default is to prompt only as needed.

       -Q     Enable SASL Quiet mode.  Never prompt.

       -U authcid
	      Specify the authentication ID for	 SASL  bind.  The
	      form of the ID depends on the actual SASL mechanism
	      used.

       -R realm
	      Specify the realm of  authentication  ID	for  SASL
	      bind.  The  form of the realm depends on the actual
	      SASL mechanism used.

       -X authzid
	      Specify the proxy authorization ID for  SASL  bind.
	      authzid  must  be	 one  of  the  following formats:
	      dn:<distinguishedname> or u:<username>.

       -Y mech
	      Specify the SASL mechanism to be used for authenti-
	      cation.  If  it's	 not  specified, the program will
	      choose the best mechanism the server knows.

       -Z[Z]  Issue StartTLS (Transport Layer Security)	 extended
	      operation. If you use -ZZ, the command will require
	      the operation to be successful

SEE ALSO
       ldap_sasl_bind(3),	      ldap_extended_operation(3),
       ldap_start_tls_s(3)

AUTHOR
       The OpenLDAP Project <http://www.openldap.org/>

ACKNOWLEDGEMENTS
       OpenLDAP	 is developed and maintained by The OpenLDAP Pro-
       ject (http://www.openldap.org/).	 OpenLDAP is derived from
       University of Michigan LDAP 3.3 Release.

Vote for polarhome