Chapter 7. Managing User Accounts and Passwords

Directory Server supports the password change extended operation as defined in RFC 3062, so users can change their passwords, using a suitable client, in a standards-compliant way. Directory Server does not include a client application for the password change extended operation. However, the ldappasswd utility can be used as follows:

ldappasswd -h hostname -p secure_port -Z -P /path/to/cert8.db -D bindDN -w

bindPassword

[-aoldPassword] -snewPassworduser

Parameter

-h

-p

-Z

-P

-D

-w

-a

-s

Description

Gives the hostname of the Directory Server.

Gives the port number of the Directory Server. Since SSL is required for password change operations, this is usually give the TLS/SSL port of the Directory Server. With the -ZZor -ZZZfor Start TLS, this can be the standard port.

Requires SSL for the connection. A secure connection is required for the password change operation.

NOTE

ldappasswd also supports Start TLS encryption (-ZZ[Z]).

Gives the full path to the certificate database which contains the CA certificate of the CA that issued the Directory Server client certificate. If the ldappasswd command is run on the same machine that the Directory Server is installed on, this can be

/etc/dirsrv/slapd-instance_name/cert8.db.

If this is not given, the default is the current directory.

Gives the bind DN.

Gives the password for the bind DN.

Optional. Gives the old password, which is being changed.

Sets the new password.

Table 7.2. ldappasswd Options

256

Page 276
Image 276
HP UX Red Hat Direry Server Software manual Ldappasswd Options, Parameter Description, 256