A.3. Changing Passwords
The
ldappasswd
command can either set a new user-defined password or generate a new password for an account. Other settings (for bind information, connection information, or other command settings) may be required and are listed in the OpenLDAP manpages.
# ldappasswd -x -D bind_dn -W -p server_port -h server_hostname [-A | -a oldPassword] [-S | -s newPassword] [user]
Important
Password change operations must be run over a secure connection, such as TLS, STARTTLS, or SASL. For information on how to configure TLS for LDAP clients, see Section 9.9.4, “Authenticating Using a Certificate”.
Example A.3. Directory Manager Changing a User's Password Over TLS
The Directory Manager changes the password of the user
uid=tuser1,ou=People,dc=example,dc=com
to new_password over TLS.
# ldappasswd -D "cn=Directory Manager" -W -ZZ -p 389 -h server.example.com -x -s new_password "uid=tuser1,ou=People,dc=example,dc=com"
Example A.4. Directory Manager Generating a User's Password
The Directory Manager generates the password of the user
uid=tuser2,ou=People,dc=example,dc=com
over TLS.
# ldappasswd -D "cn=Directory Manager" -W -ZZ -p 389 -h server.example.com -x "uid=tuser2,ou=People,dc=example,dc=com"
Example A.5. User Changing His Own Password
A user,
tuser3
, changes the password from old_newpassword
to new_password
over TLS.
# ldappasswd -p 389 -h server.example.com -ZZ -x -D "uid=tuser3,ou=People,dc=example,dc=com" -W -a old_password -s new_password
Example A.6. User Authenticating with DIGEST_MD5 and Changing His Password
A user, jsmith, authenticates with GSS-API and changes the password to new_password.
# ldappasswd -p 389 -h server.example.com -O noplain,minssf=1,maxbufsize=512 -Y GSSAPI -U "dn:uid=jsmith,ou=people,dc=example,dc=com" -R EXAMPLE.COM -W -s new_password
Example A.7. User Already Authenticated by Kerberos Prompts for a New Password
A user, who has already authenticated by Kerberos, prompts for the new password. This is not performed over TLS.
# ldappasswd -p 389 -h server.example.com -O noplain,minssf=1,maxbufsize=512 -I