Symas OpenLDAP Knowledge Base

Using slappasswd

slappasswd

slappasswd Man Page

Online Use: ✅

Syntax: slappasswd [-h <scheme>] [-s <secret> | -T <file>]

The slappasswd command is used to hash password values for storage in an OpenLDAP database or slapd configuration
Most commonly it is used to hash the rootpw|olcRootPw attribute in the slapd configuration
Password updates for regular directory entries should be performed using the ldappasswd command to ensure any password policy in place is respected
If the ‘-s’ or ‘-T’ option is not specified, the user is prompted for a password

Option	Description
-h <scheme>	The password hashing scheme. {SSHA} is the default
-s <secret>	The password to hash. Caution: Using “-s” will store the clear text password in the command shell history
-T <file>	A file containing the password to hash

Examples:

Hash a password with the default scheme, reading from a file:

slappasswd -T passfile.txt
Hash a password using the SSHA512 scheme

slappasswd -h "{SSHA512}"