.TH LDAPPASSWD 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2011 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2012 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldappasswd \- change the password of an LDAP entry
.SH SYNOPSIS
.B ldappasswd
[\c
-.BR \-A ]
-[\c
-.BI \-a \ oldPasswd\fR]
-[\c
-.BI \-t \ oldpasswdfile\fR]
-[\c
-.BI \-D \ binddn\fR]
+.BR \-V [ V ]]
[\c
.BI \-d \ debuglevel\fR]
[\c
-.BI \-H \ ldapuri\fR]
+.BR \-n ]
[\c
-.BI \-h \ ldaphost\fR]
+.BR \-v ]
[\c
-.BR \-n ]
+.BR \-A ]
[\c
-.BI \-p \ ldapport\fR]
+.BI \-a \ oldPasswd\fR]
+[\c
+.BI \-t \ oldpasswdfile\fR]
[\c
.BR \-S ]
[\c
[\c
.BI \-T \ newpasswdfile\fR]
[\c
-.BR \-v ]
+.BR \-x ]
+[\c
+.BI \-D \ binddn\fR]
[\c
.BR \-W ]
[\c
[\c
.BI \-y \ passwdfile\fR]
[\c
+.BI \-H \ ldapuri\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
+[\c
+.BI \-o \ opt \fR[= optparam \fR]]
+[\c
.BI \-O \ security-properties\fR]
[\c
.BR \-I ]
[\c
.BR \-Q ]
[\c
+.BR \-N ]
+[\c
.BI \-U \ authcid\fR]
[\c
.BI \-R \ realm\fR]
[\c
-.BR \-x ]
-[\c
.BI \-X \ authzid\fR]
[\c
.BI \-Y \ mech\fR]
and should not be installed as such.
.SH OPTIONS
.TP
-.BI \-A
-Prompt for old password.
-This is used instead of specifying the password on the command line.
-.TP
-.BI \-a \ oldPasswd
-Set the old password to \fIoldPasswd\fP.
-.TP
-.BI \-t \ oldPasswdFile
-Set the old password to the contents of \fIoldPasswdFile\fP.
-.TP
-.B \-x
-Use simple authentication instead of SASL.
-.TP
-.BI \-D \ binddn
-Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
-For SASL binds, the server is expected to ignore this value.
+.BR \-V [ V ]
+Print version info.
+If \fB\-VV\fP is given, only the version information is printed.
.TP
.BI \-d \ debuglevel
Set the LDAP debugging level to \fIdebuglevel\fP.
.B ldappasswd
must be compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
-.BI \-H \ ldapuri
-Specify URI(s) referring to the ldap server(s); only the protocol/host/port
-fields are allowed; a list of URI, separated by whitespace or commas
-is expected.
-.TP
-.BI \-h \ ldaphost
-Specify an alternate host on which the ldap server is running.
-Deprecated in favor of \fB\-H\fP.
-.TP
-.BI \-p \ ldapport
-Specify an alternate TCP port where the ldap server is listening.
-Deprecated in favor of \fB\-H\fP.
-.TP
.B \-n
Do not set password. (Can be useful when used in conjunction with
\fB\-v\fP or \fB\-d\fP)
.TP
+.B \-v
+Increase the verbosity of output. Can be specified multiple times.
+.TP
+.BI \-A
+Prompt for old password.
+This is used instead of specifying the password on the command line.
+.TP
+.BI \-a \ oldPasswd
+Set the old password to \fIoldPasswd\fP.
+.TP
+.BI \-t \ oldPasswdFile
+Set the old password to the contents of \fIoldPasswdFile\fP.
+.TP
.BI \-S
Prompt for new password.
This is used instead of specifying the password on the command line.
.BI \-T \ newPasswdFile
Set the new password to the contents of \fInewPasswdFile\fP.
.TP
-.B \-v
-Increase the verbosity of output. Can be specified multiple times.
+.B \-x
+Use simple authentication instead of SASL.
+.TP
+.BI \-D \ binddn
+Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+For SASL binds, the server is expected to ignore this value.
.TP
.BI \-W
Prompt for bind password.
Use complete contents of \fIpasswdfile\fP as the password for
simple authentication.
.TP
-.BI \-O \ security-properties
-Specify SASL security properties.
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s); only the protocol/host/port
+fields are allowed; a list of URI, separated by whitespace or commas
+is expected.
+.TP
+.BI \-h \ ldaphost
+Specify an alternate host on which the ldap server is running.
+Deprecated in favor of \fB\-H\fP.
+.TP
+.BI \-p \ ldapport
+Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of \fB\-H\fP.
.TP
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
.TP
(none)
.fi
.TP
+.BI \-o \ opt \fR[= optparam \fR]]
+
+Specify general options.
+
+General options:
+.nf
+ nettimeout=<timeout> (in seconds, or "none" or "max")
+ ldif-wrap=<width> (in columns, or "no" for no wrapping)
+.fi
+.TP
+.BI \-O \ security-properties
+Specify SASL security properties.
+.TP
.B \-I
Enable SASL Interactive mode. Always prompt. Default is to prompt
only as needed.
.B \-Q
Enable SASL Quiet mode. Never prompt.
.TP
+.B \-N
+Do not use reverse DNS to canonicalize SASL host name.
+.TP
.BI \-U \ authcid
Specify the authentication ID for SASL bind. The form of the ID
depends on the actual SASL mechanism used.