Name
ldappasswordmodify — perform LDAP password modifications
Synopsis
ldappasswordmodify
{options}
Options
The following options are supported.
-a, --authzID {authzID}
-
Authorization ID for the user entry whose password should be changed
The authorization ID is a string having either the prefix
dn:
followed by the user's distinguished name, or the prefixu:
followed by a user identifier that depends on the identity mapping used to match the user identifier to an entry in the directory. Examples includedn:uid=bjensen,ou=People,dc=example,dc=com
, and, if we assume thatbjensen
is mapped to Barbara Jensen's entry,u:bjensen
. -A, --provideDNForAuthzID
-
Use the bind DN as the authorization ID for the password modify operation
-c, --currentPassword {currentPassword}
-
Current password for the target user
-C, --currentPasswordFile {file}
-
Path to a file containing the current password for the target user
-F, --newPasswordFile {file}
-
Path to a file containing the new password to provide for the target user
-J, --control {controloid[:criticality[:value|::b64value|:<filePath]]}
-
Use a request control with the provided information
-n, --newPassword {newPassword}
-
New password to provide for the target user
LDAP Connection Options
-D, --bindDN {bindDN}
-
DN to use to bind to the server
Default value: cn=Directory Manager
-E, --reportAuthzID
-
Use the authorization identity control
-h, --hostname {host}
-
Directory server hostname or IP address
Default value: localhost.localdomain
-j, --bindPasswordFile {bindPasswordFile}
-
Bind password file
-K, --keyStorePath {keyStorePath}
-
Certificate key store path
-N, --certNickname {nickname}
-
Nickname of certificate for SSL client authentication
-o, --saslOption {name=value}
-
SASL bind options
-p, --port {port}
-
Directory server port number
Default value: 389
-P, --trustStorePath {trustStorePath}
-
Certificate trust store path
-q, --useStartTLS
-
Use StartTLS to secure communication with the server
-T, --trustStorePassword {trustStorePassword}
-
Certificate trust store PIN
-u, --keyStorePasswordFile {keyStorePasswordFile}
-
Certificate key store PIN file
-U, --trustStorePasswordFile {path}
-
Certificate trust store PIN file
--usePasswordPolicyControl
-
Use the password policy request control
-V, --ldapVersion {version}
-
LDAP protocol version number
Default value: 3
-w, --bindPassword {bindPassword}
-
Password to use to bind to the server
-W, --keyStorePassword {keyStorePassword}
-
Certificate key store PIN
-X, --trustAll
-
Trust all server SSL certificates
-Z, --useSSL
-
Use SSL for secure communication with the server
Utility Input/Output Options
--noPropertiesFile
-
No properties file will be used to get default command line argument values
--propertiesFilePath {propertiesFilePath}
-
Path to the file containing default property values used for command line arguments
-?, -H, --help
-
Display usage information
-v, --verbose
-
Use verbose mode
Exit Codes
- 0
-
The command completed successfully.
ldap-error
-
An LDAP error occurred while processing the operation.
LDAP result codes are described in RFC 4511. Also see the additional information for details.
- 89
-
An error occurred while parsing the command-line arguments.
Files
You can use ~/.opendj/tools.properties
to set
the defaults for bind DN, host name, and port number as in the following
example.
hostname=directory.example.com port=1389 bindDN=uid=kvaughan,ou=People,dc=example,dc=com ldapcompare.port=1389 ldapdelete.port=1389 ldapmodify.port=1389 ldappasswordmodify.port=1389 ldapsearch.port=1389
Examples
The following example demonstrates a user changing the password for her entry.
$ cat /tmp/currpwd.txt /tmp/newpwd.txt bribery secret12 $ ldappasswordmodify -p 1389 -C /tmp/currpwd.txt -N /tmp/newpwd.txt -A -D uid=kvaughan,ou=people,dc=example,dc=com -w bribery The LDAP password modify operation was successful