1 .TH LDAPPASSWD 1 "5 December 1998" "LDAPPasswd"
3 ldappasswd \- change the password of an LDAP entry
7 .BI \-a \ passwdattribute\fR]
9 .BI \-b \ searchbase\fR]
13 .BI \-d \ debuglevel\fR]
21 .BI \-H \ none\fR\||\|\fIcrypt\fR\||\|\fImd5\fR\||\|\fIsmd5\fR\||\|\fIsha\fR\||\|\fIssha]
23 .BI \-h \ ldaphost\fR]
29 .BI \-l \ searchtime\fR]
33 .BI \-P \ 2\fR\||\|\fI3\fR]
35 .BI \-p \ ldapport\fR]
37 .BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR]
39 .BI \-t \ targetdn\fR]
47 .BI \-z \ searchsize\fR]
51 is a tool to modify the password of one or more LDAP entries.
52 Multiple entries can be specified using a search filter.
53 It is neither designed nor intended to be a replacement for
55 and should not be installed as such.
58 works by specifying a single target dn or by using a search filter.
59 Matching entries will be modified with the new password.
60 If the new password is not specified on the command line, the user
61 will be prompted to enter it.
62 The new password will be hashed using
64 or any other supported hashing algorithm.
65 For hashing algorithms other than
69 the stored password will be base64 encoded.
70 Salts are only generated for crypt and are based on the least
71 significant bits of the current time and other psuedo randomness.
74 .BI \-a \ passwdattribute
75 Specify the LDAP attribute to change. The default is "userPassword".
78 Use \fIsearchbase\fP as the starting point for the search instead of
81 .B \-H \fInone\fR\||\|\fIcrypt\fR\||\|\fImd5\fR\||\|\fIsmd5\fR\||\|\fIsha\fR\||\|\fIssha
82 Specify the hashing algorithm used to store the password. The default is
86 Use \fIbinddn\fP to bind to the X.500 directory. \fIbinddn\fP should be
87 a string-represented DN as defined in RFC 1779.
90 Set the LDAP debugging level to \fIdebuglevel\fP.
92 must be compiled with LDAP_DEBUG defined for this option to have any effect.
95 Auto-generate passwords of length \fIpwlen\fR.
96 Passwords will be displayed when using verbose,
100 Specify an alternate host on which the ldap server is running.
103 Same as -k, but only does step 1 of the kerberos bind.
104 This is useful when connecting to a slapd and there is no x500dsa.hostname principal registered with your kerberos servers.
107 Use Kerberos authentication instead of simple authentication.
108 It is assumed that you already have a valid ticket granting ticket.
110 must be compiled with KERBEROS defined for this option to have any effect.
113 Specify a maximum query time in seconds.
116 Make no modifications. (Can be useful when used in conjunction with
120 .BI \-P \ 2\fR\||\|\fI3
121 Specify the LDAP protocol version to use.
124 Specify an alternate port on which the ldap server is running.
126 .BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR
127 Specify the scope of the search. The default is
130 .B \-t \fR[\fItargetdn\fR]
131 Specify the target dn to modify.
132 If an argument is not given, the target dn will be the binddn.
135 The more v's the more verbose.
138 Prompt for simple authentication.
139 This is used instead of specifying the password on the command line.
142 Use \fIpasswd\fP as the password for simple authentication.
145 Specify a maximum query size.
147 David E. Storey <dave@tamos.net>