Show Table of Contents
A.7. Changing Passwords
The
ldappasswd command can either set a new user-defined password or generate a new password for an account. Table A.3, “Password Operation-Related Parameters for ldappasswd” lists the most important parameters for setting passwords through the command line. Other settings (for bind information, connection information, or other command settings) may be required and are listed in the OpenLDAP manpages.
ldappasswd -x -D bind_dn -w password -p server_port -h server_hostname [-A | -a oldPassword] [-S | -s newPassword] [user]
Important
Password change operations must be run over a secure connection, such as SSL/TLS, Start TLS, or SASL. For information on how to configure SSL/TLS for LDAP clients, see Section A.2, “Using SSL/TLS and Start TLS with LDAP Client Tools”.
Table A.3. Password Operation-Related Parameters for ldappasswd
| Option | Description |
|---|---|
| -A | Prompts for the original password, which is being changed. |
| -a | Gives the old password, which is being changed. |
| -n | Tells the server not to set a new password. This is mainly used with the -v option (which increases the verbosity of the output) or the -d option (which sets the debug level) by testing the output without actually performing a password change operation. |
| -S | Prompts for the new password. |
| -s | Sets the new password. |
| user | Gives the DN of the user entry for which to change the password. |
Example A.3. Directory Manager Changing a User's Password Over SSL
The Directory Manager changes the password of the user
uid=tuser1,ou=People,dc=example,dc=com to new_password over SSL.
ldappasswd -D "cn=directory manager" -w secret -p 389 -h server.example.com -x -s new_password "uid=tuser1,ou=People,dc=example,dc=com"
Example A.4. Directory Manager Generating a User's Password
The Directory Manager generates the password of the user
uid=tuser2,ou=People,dc=example,dc=com over SSL.
ldappasswd -D "cn=directory manager" -w secret -p 389 -h server.example.com -x "uid=tuser2,ou=People,dc=example,dc=com"
Example A.5. User Changing His Own Password
A user,
tuser3, changes the password from old_newpassword to new_password over SSL.
ldappasswd -p 389 -h server.example.com -x -D "uid=tuser3,ou=People,dc=example,dc=com" -W -a old_password -s new_password
Example A.6. User Authenticating with DIGEST_MD5 and Changing His Password
A user, jsmith, authenticates with GSS-API and changes the password to new_password.
ldappasswd -p 389 -h server.example.com -O noplain,minssf=1,maxbufsize=512 -Y GSSAPI -U "dn:uid=jsmith,ou=people,dc=example,dc=com" -R EXAMPLE.COM -W -s new_password
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.