Pegasus InfoCorp: Web site design and web software development company
Home About Us Services Solutions Clientele Contact Us

LDAPPASSWD (1)

change the password of an LDAP entry

SYNOPSIS

    ldappasswd [\c -a \ passwdattribute\fR] [\c -b \ searchbase\fR] [\c -D \ binddn\fR] [\c -d \ debuglevel\fR] [\c -E ] [\c -e \ passwd\fR] [\c -g \ pwlen\fR] [\c -H \ none\fR\||\|\fIcrypt\fR\||\|\fImd5\fR\||\|\fIsmd5\fR\||\|\fIsha\fR\||\|\fIssha] [\c -h \ ldaphost\fR] [\c -K ] [\c -k ] [\c -l \ searchtime\fR] [\c -n ] [\c -p \ ldapport\fR] [\c -s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR] [\c -t \ targetdn\fR] [\c -v ] [\c -W ] [\c -w \ passwd\fR] [\c -z \ searchsize\fR] [filter]

DESCRIPTION

    ldappasswd is a tool to modify the password of one or more LDAP entries. Multiple entries can be specified using a search filter. It is neither designed nor intended to be a replacement for passwd (1) and should not be installed as such.

    ldappasswd works by specifying a single target dn or by using a search filter. Matching entries will be modified with the new password. If the new password is not specified on the command line, the user will be prompted to enter it. The new password will be hashed using crypt or any other supported hashing algorithm. For hashing algorithms other than crypt or none , the stored password will be base64 encoded. Salts are only generated for crypt and are based on the least significant bits of the current time and other psuedo randomness.

OPTIONS

    -a \ passwdattribute

      Specify the LDAP attribute to change. The default is "userPassword".

    -b \ searchbase

      Use searchbase as the starting point for the search instead of the default.

    -c \fInone\fR\||\|\fIcrypt\fR\||\|\fImd5\fR\||\|\fIsmd5\fR\||\|\fIsha\fR\||\|\fIssha

      Specify the hashing algorithm used to store the password. The default is crypt .

    -D \ binddn

      Use binddn to bind to the X.500 directory. binddn should be a string-represented DN as defined in RFC 1779.

    -d \ debuglevel

      Set the LDAP debugging level to debuglevel. ldappasswd must be compiled with LDAP_DEBUG defined for this option to have any effect.

    -g \ pwlen

      Auto-generate passwords of length pwlen. Passwords will be displayed when using verbose, -vvv .

    -h \ ldaphost

      Specify an alternate host on which the ldap server is running.

    -K

      Same as -k, but only does step 1 of the kerberos bind. This is useful when connecting to a slapd and there is no x500dsa.hostname principal registered with your kerberos servers.

    -k

      Use Kerberos authentication instead of simple authentication. It is assumed that you already have a valid ticket granting ticket. ldappasswd must be compiled with KERBEROS defined for this option to have any effect.

    -l \ searchtime

      Specify a maximum query time in seconds.

    -n

      Make no modifications. (Can be useful when used in conjunction with -v \ or -d )

    -p \ ldapport

      Specify an alternate port on which the ldap server is running.

    -s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR

      Specify the scope of the search. The default is base .

    -t \fR[\fItargetdn\fR]

      Specify the target dn to modify. If an argument is not given, the target dn will be the binddn.

    -v

      The more v's the more verbose.

    -W

      Prompt for simple authentication. This is used instead of specifying the password on the command line.

    -w \ passwd

      Use passwd as the password for simple authentication.

    -z \ searchsize

      Specify a maximum query size.

AUTHOR

    David E. Storey <dave@tamos.net>

SEE ALSO

Linux Man Section 0 Linux Man Section 1 Linux Man Section 2 Linux Man Section 3 Linux Man Section 4
Linux Man Section 5 Linux Man Section 6 Linux Man Section 7 Linux Man Section 8 Section 9 Section N
Home About Us Services Solutions Clientele
Contact Us Directory Links Web Development Knowledgebase - Linux Manual Man Pages Web Development Knowledgebase - Linux Dictionary