6.7.2 ldappasswd-specific options

Table 6-19 ldappasswd-specific options

Option

Description

-A

Specifies that the command should prompt for the user's existing password.

 

 

-a

Specifies the user's existing password. For example:

 

-aold_password

 

 

-S

Specifies that the command should prompt for a new password for the user.

 

 

-s

Specifies a new password for the user. For example:

 

-Snew_password

 

 

-T

Specifies a file from which to read the new password. For example:

 

-Tnew_password.txt

 

 

-t

Specifies a file from which to read the user's existing password. For example:

 

-told_password.txt

 

 

-w

Specifies the password associated with the distinguished name specified in the -Doption. For

 

example:

 

-wmypassword

 

 

6.7.3 General ldappasswd options

NOTE:

The ldappasswd utility requires confidentiality. If the messages are not encrypted with SSL, TLS, or an appropriate SASL mechanism, the server will not perform the request.

Table 6-20 General ldappasswd options

Option

Description

-3

Specifies that host names should be checked in SSL certificates.

 

 

-D

Specifies the distinguished name with which to authenticate to the server. This value must be a DN

 

recognized by the Directory Server, and it must also have the authority to delete the entries. For

 

example:

 

-D "uid=bjensen, dc=example,dc=com"

 

The -Doption cannot be used with the -Noption.

 

For more information on access control, see the "Managing Access Control" chapter in the HP-UX

 

Directory Server administrator guide.

 

 

-g

Specifies that the password policy request control not be sent with the bind request. By default, the

 

new LDAP password policy request control is sent with bind requests.

 

The ldappasswd tool can parse and display information from the response control if it is returned

 

by a server; that is, the tool will print an appropriate error or warning message when a server sends

 

the password policy response control with the appropriate value.

 

The criticality of the request control is set to false to ensure that all LDAPv3 servers that do not

 

understand the control can ignore it. To suppress sending of the request control with the bind

 

request, include -gon the command-line.

 

 

-h

Specifies the name of the host on which the server is running. For example:

 

-h cyclops

 

The default is localhost.

 

 

-I

Specifies the SSL key password file that contains the token:password pair.

 

 

208 Command-line utilities