19.3. Changing Passwords Stored Externally
ldapmodifyoperation, there are some passwords that cannot be changed through regular LDAP operations. These passwords may be stored outside the Directory Server, such as passwords stored in a SASL application. These passwords can be modified through the password change extended operation.
ldappasswdutility passes the changes for the password for the specified user:
# ldappasswd -x -D bind_dn -W -p server_port -h server_hostname [-a oldPassword] [-s newPassword] [user]
Table 19.1. ldappasswd Options
|-h||Gives the host name of the Directory Server.|
|-p|| Gives the port number of the Directory Server. Since TLS is required for password change operations, this is usually give the TLS port of the Directory Server. With the |
|-D||Gives the bind DN.|
|-w||Gives the password for the bind DN.|
|-x||Disables SASL to allow a simple bind over an TLS connection.|
|-a||Optional. Gives the old password, which is being changed.|
|-s||Optional. Sets the new password.|
|user||Optional. Gives the DN of the user entry for which to change the password.|
-ZZoption and the standard LDAP port number. The password extended change operation has the following format:
# ldappasswd -x -D bind_dn -W -p server_port -h server_hostname
-Z[-a oldPassword] [-s newPassword] [user]
-ZZoption to force the connection to be successful.
ldappasswdlike any other LDAP operation. It is not necessary to specify a user if the account is the same as that given in the bind DN. For example:
# ldappasswd -x -h ldap.example.com -p 389 -ZZ -D "uid=jsmith,ou=People,dc=example,dc=com" -W -s newpassword
ldappasswdas shown below, adding the user DN to the operation and providing separate credentials, as follows:
# ldappasswd -D "cn=Directory Manager" -W -p 389 -h server.example.com -x -ZZ -s newpassword "uid=jsmith,ou=People,dc=example,dc=com"