Using ldappasswd
- The
ldappasswdcommand is used for updating the userPassword on person-type entries. ldappassword sends a Password Modify control so that the password is hashed before storing and also triggers password policy checks if policies are in place and enforced - Because ldappasswod forces password hashing, it is safer than simply updating a password using the ldapmodify command
ldappasswd Examples
Update a user’s password using simple bind as admin and prompting for the old and new password
| ldappasswd Options | Description |
|---|---|
| -W | Prompt for admin’s old password |
| -A | Prompt for user’s old password |
| -S | Prompt for new password |
ldappasswd -xH ldap:/// -D <adminDN> -WAS "<userDN>"Self-serve password update
A user can change their own password using simple bind as themself and prompting for the old and new password
| ldappasswd Options | Description |
|---|---|
| -x | Use simple bind (not SASL) |
| -H | Specify the LDAP protocol and server |
| -W | Prompt for admin’s old password |
| -A | Prompt for user’s old password |
| -S | Prompt for new password |
ldappasswd -xH ldap:/// -D "<userDN>" -WAS "<userDN>"For more information please see the ldappasswd
Man Page.