A.3. Changing Passwords

The ldappasswd command can either set a new user-defined password or generate a new password for an account. Table 19.1, “ldappasswd Options” lists the most important parameters for setting passwords through the command line. Other settings (for bind information, connection information, or other command settings) may be required and are listed in the OpenLDAP manpages.

# ldappasswd -x -D bind_dn -W -p server_port -h server_hostname [-A | -a oldPassword] [-S | -s newPassword] [user]

Important

Password change operations must be run over a secure connection, such as TLS, Start TLS, or SASL. For information on how to configure TLS for LDAP clients, see Section 9.8.4, “Authenticating Using a Certificate”.

For a list of password operation-related parameters for ldapasswd, see Table 19.1, “ldappasswd Options”.

Example A.3. Directory Manager Changing a User's Password Over TLS

The Directory Manager changes the password of the user uid=tuser1,ou=People,dc=example,dc=com to new_password over TLS.

# ldappasswd -D "cn=Directory Manager" -W -ZZ -p 389 -h server.example.com -x -s new_password "uid=tuser1,ou=People,dc=example,dc=com"

Example A.4. Directory Manager Generating a User's Password

The Directory Manager generates the password of the user uid=tuser2,ou=People,dc=example,dc=com over TLS.

# ldappasswd -D "cn=Directory Manager" -W -ZZ -p 389 -h server.example.com -x "uid=tuser2,ou=People,dc=example,dc=com"

Example A.5. User Changing His Own Password

A user, tuser3, changes the password from old_newpassword to new_password over TLS.

# ldappasswd -p 389 -h server.example.com -ZZ -x -D "uid=tuser3,ou=People,dc=example,dc=com" -W -a old_password -s new_password

Example A.6. User Authenticating with DIGEST_MD5 and Changing His Password

A user, jsmith, authenticates with GSS-API and changes the password to new_password.

# ldappasswd -p 389 -h server.example.com -O noplain,minssf=1,maxbufsize=512 -Y GSSAPI -U "dn:uid=jsmith,ou=people,dc=example,dc=com" -R EXAMPLE.COM -W -s new_password

Example A.7. User Already Authenticated by Kerberos Prompts for a New Password

A user, who has already authenticated by Kerberos, prompts for the new password. This is not performed over TLS.

# ldappasswd -p 389 -h server.example.com -O noplain,minssf=1,maxbufsize=512 -I

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

A.3. Changing Passwords

Where did the comment section go?