diff options
Diffstat (limited to 'doc/man/man1/ldappasswd.1')
-rw-r--r-- | doc/man/man1/ldappasswd.1 | 231 |
1 files changed, 231 insertions, 0 deletions
diff --git a/doc/man/man1/ldappasswd.1 b/doc/man/man1/ldappasswd.1 new file mode 100644 index 0000000..d1aea0c --- /dev/null +++ b/doc/man/man1/ldappasswd.1 @@ -0,0 +1,231 @@ +.TH LDAPPASSWD 1 "RELEASEDATE" "OpenLDAP LDVERSION" +.\" $OpenLDAP$ +.\" Copyright 1998-2022 The OpenLDAP Foundation All Rights Reserved. +.\" Copying restrictions apply. See COPYRIGHT/LICENSE. +.SH NAME +ldappasswd \- change the password of an LDAP entry +.SH SYNOPSIS +.B ldappasswd +[\c +.BR \-V [ V ]] +[\c +.BI \-d \ debuglevel\fR] +[\c +.BR \-n ] +[\c +.BR \-v ] +[\c +.BR \-A ] +[\c +.BI \-a \ oldPasswd\fR] +[\c +.BI \-t \ oldpasswdfile\fR] +[\c +.BR \-S ] +[\c +.BI \-s \ newPasswd\fR] +[\c +.BI \-T \ newpasswdfile\fR] +[\c +.BR \-x ] +[\c +.BI \-D \ binddn\fR] +[\c +.BR \-W ] +[\c +.BI \-w \ passwd\fR] +[\c +.BI \-y \ passwdfile\fR] +[\c +.BI \-H \ ldapuri\fR] +[\c +.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] +[\c +.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] +[\c +.BI \-o \ opt \fR[= optparam \fR]] +[\c +.BI \-O \ security-properties\fR] +[\c +.BR \-I ] +[\c +.BR \-Q ] +[\c +.BR \-N ] +[\c +.BI \-U \ authcid\fR] +[\c +.BI \-R \ realm\fR] +[\c +.BI \-X \ authzid\fR] +[\c +.BI \-Y \ mech\fR] +[\c +.BR \-Z [ Z ]] +[\c +.IR user ] +.SH DESCRIPTION +.B ldappasswd +is a tool to set the password of an LDAP user. +.B ldappasswd +uses the LDAPv3 Password Modify (RFC 3062) extended operation. +.LP +.B ldappasswd +sets the password of associated with the user [or an optionally +specified +.IR user ]. +If the new +password is not specified on the command line and the user +doesn't enable prompting, the server will be asked to generate +a password for the user. +.LP +.B ldappasswd +is neither designed nor intended to be a replacement for +.BR passwd (1) +and should not be installed as such. +.SH OPTIONS +.TP +.BR \-V [ V ] +Print version info. +If \fB\-VV\fP is given, only the version information is printed. +.TP +.BI \-d \ debuglevel +Set the LDAP debugging level to \fIdebuglevel\fP. +.B ldappasswd +must be compiled with LDAP_DEBUG defined for this option to have any effect. +.TP +.B \-n +Do not set password. (Can be useful when used in conjunction with +\fB\-v\fP or \fB\-d\fP) +.TP +.B \-v +Increase the verbosity of output. Can be specified multiple times. +.TP +.BI \-A +Prompt for old password. +This is used instead of specifying the password on the command line. +.TP +.BI \-a \ oldPasswd +Set the old password to \fIoldPasswd\fP. +.TP +.BI \-t \ oldPasswdFile +Set the old password to the contents of \fIoldPasswdFile\fP. +.TP +.BI \-S +Prompt for new password. +This is used instead of specifying the password on the command line. +.TP +.BI \-s \ newPasswd +Set the new password to \fInewPasswd\fP. +.TP +.BI \-T \ newPasswdFile +Set the new password to the contents of \fInewPasswdFile\fP. +.TP +.B \-x +Use simple authentication instead of SASL. +.TP +.BI \-D \ binddn +Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory. +For SASL binds, the server is expected to ignore this value. +.TP +.BI \-W +Prompt for bind password. +This is used instead of specifying the password on the command line. +.TP +.BI \-w \ passwd +Use \fIpasswd\fP as the password to bind with. +.TP +.BI \-y \ passwdfile +Use complete contents of \fIpasswdfile\fP as the password for +simple authentication. +.TP +.BI \-H \ ldapuri +Specify URI(s) referring to the ldap server(s); only the protocol/host/port +fields are allowed; a list of URI, separated by whitespace or commas +is expected. +.TP +.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ] +.TP +.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ] + +Specify general extensions with \fB\-e\fP and passwd modify extensions with \fB\-E\fP. +\'\fB!\fP\' indicates criticality. + +General extensions: +.nf + [!]assert=<filter> (an RFC 4515 Filter) + !authzid=<authzid> ("dn:<dn>" or "u:<user>") + [!]bauthzid (RFC 3829 authzid control) + [!]chaining[=<resolve>[/<cont>]] + [!]manageDSAit + [!]noop + ppolicy + [!]postread[=<attrs>] (a comma-separated attribute list) + [!]preread[=<attrs>] (a comma-separated attribute list) + [!]relax + sessiontracking[=<username>] + abandon,cancel,ignore (SIGINT sends abandon/cancel, + or ignores response; if critical, doesn't wait for SIGINT. + not really controls) +.fi + +Passwd Modify extensions: +.nf + (none) +.fi +.TP +.BI \-o \ opt \fR[= optparam \fR]] + +Specify any +.BR ldap.conf (5) +option or one of the following: +.nf + nettimeout=<timeout> (in seconds, or "none" or "max") + ldif_wrap=<width> (in columns, or "no" for no wrapping) +.fi + +.TP +.BI \-O \ security-properties +Specify SASL security properties. +.TP +.B \-I +Enable SASL Interactive mode. Always prompt. Default is to prompt +only as needed. +.TP +.B \-Q +Enable SASL Quiet mode. Never prompt. +.TP +.B \-N +Do not use reverse DNS to canonicalize SASL host name. +.TP +.BI \-U \ authcid +Specify the authentication ID for SASL bind. The form of the ID +depends on the actual SASL mechanism used. +.TP +.BI \-R \ realm +Specify the realm of authentication ID for SASL bind. The form of the realm +depends on the actual SASL mechanism used. +.TP +.BI \-X \ authzid +Specify the requested authorization ID for SASL bind. +.I authzid +must be one of the following formats: +.BI dn: "<distinguished name>" +or +.BI u: <username>\fP. +.TP +.BI \-Y \ mech +Specify the SASL mechanism to be used for authentication. If it's not +specified, the program will choose the best mechanism the server knows. +.TP +.BR \-Z [ Z ] +Issue StartTLS (Transport Layer Security) extended operation. If you use +\fB\-ZZ\fP, the command will require the operation to be successful +.SH SEE ALSO +.BR ldap_sasl_bind (3), +.BR ldap_extended_operation (3), +.BR ldap_start_tls_s (3) +.SH AUTHOR +The OpenLDAP Project <http://www.openldap.org/> +.SH ACKNOWLEDGEMENTS +.so ../Project |