GNU/Linux man pages
Livre :
Expressions régulières,
Syntaxe et mise en oeuvre :
GNU/Linux |
RedHat 6.2(Zoot) |
|
 |
ldappasswd(1) |
 |
ldappasswd − change the password of an LDAP entry
ldappasswd [−a passwdattribute] [−b searchbase] [−D binddn] [−d debuglevel] [−E] [−e passwd] [−g pwlen] [−H none|crypt|md5|smd5|sha|ssha] [−h ldaphost] [−K] [−k] [−l searchtime] [−n] [−p ldapport] [−s base|one|sub] [−t targetdn] [−v] [−W] [−w passwd] [−z searchsize] [filter]
ldappasswd is a tool to modify the password of one or more LDAP entries. Multiple entries can be specified using a search filter. It is neither designed nor intended to be a replacement for passwd(1) and should not be installed as such.
ldappasswd works by specifying a single target dn or by using a search filter. Matching entries will be modified with the new password. If the new password is not specified on the command line, the user will be prompted to enter it. The new password will be hashed using crypt or any other supported hashing algorithm. For hashing algorithms other than crypt or none, the stored password will be base64 encoded. Salts are only generated for crypt and are based on the least significant bits of the current time and other psuedo randomness.
−a passwdattribute
Specify the LDAP attribute to change. The default is "userPassword".
−b searchbase
Use searchbase as the starting point for the search instead of the default.
−D binddn
Use binddn to bind to the X.500 directory. binddn should be a string-represented DN as defined in RFC 1779.
−d debuglevel
Set the LDAP debugging level to debuglevel. ldappasswd must be compiled with LDAP_DEBUG defined for this option to have any effect.
−g pwlen
Auto-generate passwords of length pwlen. Passwords will be displayed when using verbose, -vvv.
−H none|crypt|md5|smd5|sha|ssha
Specify the hashing algorithm used to store the password. The default is crypt.
−h ldaphost
Specify an alternate host on which the ldap server is running.
|
−K |
Same as -k, but only does step 1 of the kerberos bind. This is useful when connecting to a slapd and there is no x500dsa.hostname principal registered with your kerberos servers. | ||
|
−k |
Use Kerberos authentication instead of simple authentication. It is assumed that you already have a valid ticket granting ticket. ldappasswd must be compiled with KERBEROS defined for this option to have any effect. |
−l searchtime
Specify a maximum query time in seconds.
|
−n |
Make no modifications. (Can be useful when used in conjunction with −v or −d) |
−p ldapport
Specify an alternate port on which the ldap server is running.
−s base|one|sub
Specify the scope of the search. The default is base.
−t [targetdn]
Specify the target dn to modify. If an argument is not given, the target dn will be the binddn.
|
−v |
The more v’s the more verbose. | ||
|
−W |
Prompt for simple authentication. This is used instead of specifying the password on the command line. |
−w passwd
Use passwd as the password for simple authentication.
−z searchsize
Specify a maximum query size.
David E. Storey <dave@tamos.net>
ldapadd(1), ldapdelete(1), ldapmodrdn(1), ldapsearch(1)
|
ldappasswd(1) | |