Red Hat DIRECTORY SERVER 8.1 Command Reference Manual page 283

Option
-ZZZ
Table 6.20. General ldappasswd Options
SASL Options
SASL mechanisms can be used to authenticate a user, using the -o the required SASL information.
To learn which SASL mechanisms are supported, search the root DSE. See the -b option in
"Commonly-Used ldapsearch
Option
-o
Table 6.21. SASL Options
SASL Options
See for ldapsearch for information on how to use SASL options with ldappasswd.
Examples
The following examples provide show how to perform various tasks using the ldappasswd command.
The Directory Manager changes the password of the user
uid=tuser1,ou=People,dc=example,dc=com to new_password over SSL.
Description
Enforces the Start TLS request. The server
must respond that the request was successful.
If the server does not support Start TLS, such
as Start TLS is not enabled or the certificate
information is incorrect, the command is aborted
immediately.
Options".
Description
Specifies SASL options. The format is -o
saslOption=value. saslOption can have one of
six values:
• mech, the SASL authentication mechanism
• authid, the user who is binding to the server
• authzid, a proxy authorization (ignored by
• secProp, the security properties
• realm, the Kerberos realm
• flags
The expected values depend on the supported
mechanism. The -o can be used multiple times
to pass all of the required SASL information for
the mechanism. For example:
-o "mech=DIGEST-MD5" -o "authzid=test_user" -
o "authid=test_user"
(Kerberos principal)
the server since proxy authorization is not
supported)
ldappasswd
Table 6.3,
269