openldap/doc/man/man1/ldappasswd.1

188 lines
4.3 KiB
Groff
Raw Normal View History

2002-06-13 11:59:10 +08:00
.TH LDAPPASSWD 1 "RELEASEDATE" "OpenLDAP LDVERSION"
1999-09-12 12:41:47 +08:00
.\" $OpenLDAP$
2008-01-08 08:19:56 +08:00
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
1999-09-12 12:41:47 +08:00
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldappasswd \- change the password of an LDAP entry
.SH SYNOPSIS
.B ldappasswd
1999-12-10 12:59:28 +08:00
[\c
.BR \-A ]
[\c
.BI \-a \ oldPasswd\fR]
2000-06-26 04:29:20 +08:00
[\c
2003-03-31 14:29:59 +08:00
.BI \-t \ oldpasswdfile\fR]
[\c
.BI \-D \ binddn\fR]
[\c
.BI \-d \ debuglevel\fR]
[\c
2000-08-25 13:31:59 +08:00
.BI \-H \ ldapuri\fR]
[\c
.BI \-h \ ldaphost\fR]
[\c
.BR \-n ]
[\c
.BI \-p \ ldapport\fR]
[\c
1999-12-10 12:59:28 +08:00
.BR \-S ]
[\c
.BI \-s \ newPasswd\fR]
[\c
2003-03-31 14:29:59 +08:00
.BI \-T \ newpasswdfile\fR]
[\c
.BR \-v ]
[\c
.BR \-W ]
[\c
.BI \-w \ passwd\fR]
[\c
2003-03-31 14:29:59 +08:00
.BI \-y \ passwdfile\fR]
[\c
2000-07-14 06:54:45 +08:00
.BR \-O \ security-properties ]
[\c
2000-07-17 10:43:41 +08:00
.BR \-I ]
[\c
.BR \-Q ]
[\c
2001-01-18 16:04:56 +08:00
.BI \-U \ authcid\fR]
[\c
.BI \-R \ realm\fR]
2002-09-03 03:25:10 +08:00
[\c
2000-07-16 08:52:04 +08:00
.BR \-x ]
[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
[\c
.BR \-Z[Z] ]
2000-09-07 02:44:51 +08:00
[\c
.IR user ]
.SH DESCRIPTION
.B ldappasswd
is a tool to set the password of an LDAP user.
2001-07-07 13:24:19 +08:00
.B ldappasswd
uses the LDAPv3 Password Modify (RFC 3062) extended operation.
.LP
.B ldappasswd
2000-09-07 02:44:51 +08:00
sets the password of associated with the user [or an optionally
specified
.IR user ].
If the new
password is not specified on the command line and the user
1999-12-10 12:59:28 +08:00
doesn't enable prompting, the server will be asked to generate
a password for the user.
2000-07-18 05:54:20 +08:00
.LP
.B ldappasswd
is neither designed nor intended to be a replacement for
.BR passwd (1)
and should not be installed as such.
.SH OPTIONS
.TP
1999-12-10 12:59:28 +08:00
.BI \-A
Prompt for old password.
This is used instead of specifying the password on the command line.
.TP
.BI \-a \ oldPasswd
Set the old password to \fIoldPasswd\fP.
.TP
2003-03-31 14:29:59 +08:00
.BI \-t \ oldPasswdFile
Set the old password to the contents of \fIoldPasswdFile\fP.
.TP
2000-07-16 08:52:04 +08:00
.B \-x
Use simple authentication instead of SASL.
.TP
.BI \-D \ binddn
2000-08-20 14:21:38 +08:00
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
For SASL Binds, the server is expected to ignore this value.
.TP
.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldappasswd
must be compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
2000-08-25 13:31:59 +08:00
.BI \-H \ ldapuri
2005-04-08 03:57:38 +08:00
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
fields are allowed; a list of URI, separated by whitespace or commas
is expected.
2000-08-25 13:31:59 +08:00
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
2000-08-25 13:31:59 +08:00
Deprecated in favor of -H.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
Deprecated in favor of -H.
.TP
.B \-n
Do not set password. (Can be useful when used in conjunction with
.BR \-v \ or
.BR \-d )
.TP
1999-12-10 12:59:28 +08:00
.BI \-S
Prompt for new password.
This is used instead of specifying the password on the command line.
.TP
.BI \-s \ newPasswd
1999-12-10 12:59:28 +08:00
Set the new password to \fInewPasswd\fP.
1998-12-27 22:08:46 +08:00
.TP
2003-03-31 14:29:59 +08:00
.BI \-T \ newPasswdFile
Set the new password to the contents of \fInewPasswdFile\fP.
.TP
.B \-v
Increase the verbosity of output. Can be specified multiple times.
.TP
.BI \-W
Prompt for bind password.
This is used instead of specifying the password on the command line.
.TP
.BI \-w \ passwd
Use \fIpasswd\fP as the password to bind with.
.TP
2003-03-31 14:29:59 +08:00
.BI \-y \ passwdfile
Use complete contents of \fIpasswdfile\fP as the password for
simple authentication.
.TP
2000-07-14 06:54:45 +08:00
.BI \-O \ security-properties
Specify SASL security properties.
.TP
2000-07-17 10:43:41 +08:00
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
.TP
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
2001-01-18 16:04:56 +08:00
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.
.TP
2002-09-03 03:25:10 +08:00
.BI \-R \ realm
Specify the realm of authentication ID for SASL bind. The form of the realm
depends on the actual SASL mechanism used.
.TP
.BI \-X \ authzid
Specify the requested authorization ID for SASL bind.
.I authzid
must be one of the following formats:
2000-07-18 05:54:20 +08:00
.BI dn: <distinguished name>
or
2000-07-18 05:54:20 +08:00
.BI u: <username>\fP.
.TP
.BI \-Y \ mech
Specify the SASL mechanism to be used for authentication. If it's not
specified, the program will choose the best mechanism the server knows.
.TP
.B \-Z[Z]
Issue StartTLS (Transport Layer Security) extended operation. If you use
2000-07-18 05:54:20 +08:00
.BR \-ZZ ,
the command will require the operation to be successful
.SH SEE ALSO
.BR ldap_sasl_bind (3),
.BR ldap_extended_operation (3),
2001-07-07 13:24:19 +08:00
.BR ldap_start_tls_s (3)
2000-07-14 06:54:45 +08:00
.SH AUTHOR
The OpenLDAP Project <http://www.openldap.org/>
.SH ACKNOWLEDGEMENTS
2006-06-14 08:28:16 +08:00
.so ../Project