Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual page 291

For more information on how to use
documentation at
http://www.openldap.org
command-line for the
NOTE This operation supports Start TLS encryption (
must use a secure connection for the password change operation.
NOTE
If your certificates are either self-signed or are issued by a certificate
authority not trusted by the client application, then you may need to
create a configuration file which contains the option
, which suppresses certificate verification, or
never
/path/to/cacert.pem
certificate. Set the
To modify an entry's password, run
is not necessary to specify a
bindDN. For example:
./ldappasswd -H ldaps://server.example.com:636 -ZZ -P -K
/export/servers/alias/key3.db -D
"uid=jsmith,ou=People,dc=example,dc=com" -w oldpassword -a
oldpassword -s newpassword
To change the password on an entry other than the one specified in the bind
credentials, run
ldappasswd
and providing separate credentials, as follows:
ldappasswd -H ldaps://server.example.com:636 -ZZ -P -K
/export/servers/alias/key3.db -D "cn=Directory Manager" -w
rootpassword -a oldpassword -s newpassword
"uid=jsmith,ou=People,dc=example,dc=com"
Access control is enforced for the password change operation. If the bindDN does
not have rights to change the specified password, the operation will fail with an
"Insufficient rights" error.
ldappasswd
manpage.
ldappasswd
, which specifes the path to you CA
environment variable to this file.
LDAPConf
ldappasswd
if the account is the same as that given in the
user
as shown below, adding the
Managing the Password Policy
utility, see the OpenLDAP
, or type
man ldappasswd
), and you
-ZZ[Z]
TLS_REQCERT
TLS_CACERT
like any other LDAP operation. It
DN to the operation
user
Chapter 7 User Account Management
in the
291