.TH LDAPPASSWD 1 "5 December 1998" "LDAPPasswd"
.SH NAME
ldappasswd \- change the password of an LDAP entry
.SH SYNOPSIS
.B ldappasswd
[\c
.BI \-a \ passwdattribute\fR]
[\c
.BI \-b \ searchbase\fR]
[\c
.BI \-c \ none\fR\||\|\fIcrypt\fR\||\|\fImd5\fR\||\|\fIsha\fR]
[\c
.BI \-D \ binddn\fR]
[\c
.BI \-d \ debuglevel\fR]
[\c
.BI \-h \ ldaphost\fR]
[\c
.BI \-l \ searchtime\fR]
[\c
.B \-n\fR]
[\c
.BI \-p \ ldapport\fR]
[\c
.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR]
[\c
.BR \-t \ [\fItargetdn\fR]\ ]
[\c
.B \-v\fR]
[\c
.BI \-W \ newpasswd\fR]
[\c
.BI \-w \ passwd\fR]
[\c
.BI \-z \ searchsize\fR]
[\fIfilter\fR]
.SH DESCRIPTION
.B ldappasswd
is a tool to modify the password of one or more LDAP entries.
Multiple entries can be specified using a search filter.
It is neither designed nor intended to be a replacement for
.BR passwd (1)
and should not be installed as such.
.LP
.B ldappasswd
works by specifying a single target dn or by using a search filter.
Matching entries will be modified with the new password.
The new password will be hashed using
.I crypt
or any other supported hashing algorithm.
For hashing algorithms other than
.I crypt
or
.IR none ,
the stored password will be base64 encoded.
Salts are only generated for crypt and are based on the least
significant bits of the current time and other psuedo randomness.
.SH OPTIONS
.TP
.BI \-a \ passwdattribute
Specify the LDAP attribute to change. The default is "userPassword".
.TP
.BI \-b \ searchbase
Use \fIsearchbase\fP as the starting point for the search instead of
the default.
.TP
.B \-c \fInone\fR\||\|\fIcrypt\fR\||\|\fImd5\fR\||\|\fIsha\fR
Specify the hashing algorithm used to store the password. The default is
.IR crypt .
.TP
.BI \-D \ binddn
Use \fIbinddn\fP to bind to the X.500 directory. \fIbinddn\fP should be
a string-represented DN as defined in RFC 1779.
.TP
.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldappasswd
must be compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
.TP
.BI \-l \ searchtime
Specify a maximum query time in seconds.
.TP
.B \-n
Make no modifications. (Can be useful when used in conjunction with
.BR \-v \ or
.BR \-d )
.TP
.BI \-p \ ldapport
Specify an alternate port on which the ldap server is running.
.TP
.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR
Specify the scope of the search. The default is
.IR base .
.TP
.B \-t \fR[\fItargetdn\fR]
Specify the target dn to modify. If an argument is not given, the target dn will be the binddn.
.TP
.B \-v
The more v's the more verbose.
.TP
.BI \-W \ newpasswd
Specify the new password.
.TP
.BI \-w \ passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
.BI \-z \ searchsize
Specify a maximum query size.
.SH AUTHOR
David E. Storey <dave@tamos.net>
.SH "SEE ALSO"
.BR ldapadd (1),
.BR ldapdelete (1),
.BR ldapmodrdn (1),
.BR ldapsearch (1)