mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
158 lines
3.9 KiB
Groff
158 lines
3.9 KiB
Groff
.TH LDAPPASSWD 1 "20 April 2000" "LDAPPasswd"
|
|
.\" $OpenLDAP$
|
|
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
|
|
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
|
|
.SH NAME
|
|
ldappasswd \- change the password of an LDAP entry
|
|
.SH SYNOPSIS
|
|
.B ldappasswd
|
|
[\c
|
|
.BR \-A ]
|
|
[\c
|
|
.BI \-a \ oldPasswd\fR]
|
|
[\c
|
|
.BR \-C ]
|
|
[\c
|
|
.BI \-D \ binddn\fR
|
|
[\c
|
|
.BI \-d \ debuglevel\fR]
|
|
[\c
|
|
.BI \-h \ ldaphost\fR]
|
|
[\c
|
|
.BR \-n ]
|
|
[\c
|
|
.BI \-p \ ldapport\fR]
|
|
[\c
|
|
.BR \-S ]
|
|
[\c
|
|
.BI \-s \ newPasswd\fR]
|
|
[\c
|
|
.BR \-v ]
|
|
[\c
|
|
.BR \-W ]
|
|
[\c
|
|
.BI \-w \ passwd\fR]
|
|
[\c
|
|
.BR \-E[E] ]
|
|
[\c
|
|
.BR \-I[I] ]
|
|
[\c
|
|
.BI \-U \ username\fR]
|
|
[\c
|
|
.BI \-X \ authzid\fR]
|
|
[\c
|
|
.BI \-Y \ mech\fR]
|
|
[\c
|
|
.BR \-Z[Z] ]
|
|
.SH DESCRIPTION
|
|
.B ldappasswd
|
|
is a tool to set the password of an LDAP user.
|
|
It is neither designed nor intended to be a replacement for
|
|
.BR passwd (1)
|
|
and should not be installed as such.
|
|
.LP
|
|
.B ldappasswd
|
|
sets the password of associated with the user. If the new
|
|
password is not specified on the command line or the user
|
|
doesn't enable prompting, the server will be asked to generate
|
|
a password for the user.
|
|
.SH OPTIONS
|
|
.TP
|
|
.BI \-A
|
|
Prompt for old password.
|
|
This is used instead of specifying the password on the command line.
|
|
.TP
|
|
.BI \-a \ oldPasswd
|
|
Set the old password to \fIoldPasswd\fP.
|
|
.TP
|
|
.B \-C
|
|
Automatically chase referrals.
|
|
.TP
|
|
.BI \-D \ binddn
|
|
Use \fIbinddn\fP to bind to the LDAP directory. \fIbinddn\fP should
|
|
be a string-represented DN as defined in RFC 2253.
|
|
This flag is not optional. The user DN will be used if the
|
|
bind DN is not provided.
|
|
.TP
|
|
.BI \-d \ debuglevel
|
|
Set the LDAP debugging level to \fIdebuglevel\fP.
|
|
.B ldappasswd
|
|
must be compiled with LDAP_DEBUG defined for this option to have any effect.
|
|
.TP
|
|
.BI \-h \ ldaphost
|
|
Specify an alternate host on which the ldap server is running.
|
|
.TP
|
|
.B \-n
|
|
Do not set password. (Can be useful when used in conjunction with
|
|
.BR \-v \ or
|
|
.BR \-d )
|
|
.TP
|
|
.BI \-S
|
|
Prompt for new password.
|
|
This is used instead of specifying the password on the command line.
|
|
.TP
|
|
.BI \-s \ newPasswd
|
|
Set the new password to \fInewPasswd\fP.
|
|
.TP
|
|
.BI \-p \ ldapport
|
|
Specify an alternate port on which the ldap server is running.
|
|
.TP
|
|
.B \-v
|
|
Increase the verbosity of output. Can be specified multiple times.
|
|
.TP
|
|
.BI \-W
|
|
Prompt for bind password.
|
|
This is used instead of specifying the password on the command line.
|
|
.TP
|
|
.BI \-w \ passwd
|
|
Use \fIpasswd\fP as the password to bind with.
|
|
.TP
|
|
.B \-E[E]
|
|
Requset the use of SASL privacy (encryption). If the server allows it, data
|
|
sent between the client and the server will be encrypted. If the server
|
|
requires the use of encryption and this flag is not specified, the command
|
|
will fail. If you use
|
|
.B \-EE\c
|
|
, the command will fail if the server does not support encryption.
|
|
.B \-E[E]
|
|
implies
|
|
.B \-I[I]
|
|
.TP
|
|
.B \-I[I]
|
|
Request the use of SASL integrity checking. It protects data sent between the
|
|
client and the server from being modified along the way, but it does not
|
|
prevent sniffing. If the server requires the use of integrity checking and
|
|
this flag is not specified, the command will fail.If you use
|
|
.B \-II\c
|
|
, the command will fail if the server does not support this function.
|
|
.TP
|
|
.BI \-U \ username
|
|
Specify the username for SASL bind. The syntax of the username depends on the
|
|
actual SASL mechanism used.
|
|
.TP
|
|
.BI \-X \ authzid
|
|
Specify the requested authorization ID for SASL bind.
|
|
.I authzid
|
|
must be one of the following formats:
|
|
.B dn:\c
|
|
.I <distinguished name>
|
|
or
|
|
.B u:\c
|
|
.I <username>
|
|
.TP
|
|
.BI \-Y \ mech
|
|
Specify the SASL mechanism to be used for authentication. If it's not
|
|
specified, the program will choose the best mechanism the server knows.
|
|
.TP
|
|
.B \-Z[Z]
|
|
Issue StartTLS (Transport Layer Security) extended operation. If you use
|
|
.B \-ZZ\c
|
|
, the command will require the operation to be successful.
|
|
.SH SEE ALSO
|
|
.BR ldap_bind (3)
|
|
.SH ACKNOWLEDGEMENTS
|
|
.B OpenLDAP
|
|
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
|
|
.B OpenLDAP
|
|
is derived from University of Michigan LDAP 3.3 Release.
|