Red Hat 8.1 Configuration And Command Reference page 202

202
Chapter 6. Command-Line Utilities
T able 6.21. SASL Options
Option
-o
See SASL Options for ldapsearch for information on how to use SASL options with ldappasswd.
Examples
T he following examples provide show how to perform various tasks using the ldappasswd command.
Example 6.1. Directory Manager Changing a User's Password Over SSL
T he Directory Manager changes the password of the user
uid=tuser1,ou=People,dc=exam ple,dc=com to new_password over SSL.
ldappasswd -Z -h myhost -P /etc/dirsrv/slapd-instance_name/cert8.db -D
"cn=Directory Manager" -w admpassword -s new_password
"uid=tuser1,ou=People,dc=example,dc=com"
Example 6.2. Directory Manager Generating a User's Password
T he Directory Manager generates the password of the user
uid=tuser2,ou=People,dc=exam ple,dc=com over SSL.
ldappasswd -Z -h myhost -P /etc/dirsrv/slapd-instance_name/cert8.db -D
"cn=Directory Manager" -w admpassword "uid=tuser2,ou=People,dc=example,dc=com"
NOTE
For more information on newly-generated passwords, see the "Managing the Password Policy"
section of the Directory Server Administrator's Guide.
Example 6.3. User Changing His Own Password
A user, tuser3, changes the password from old_newpassword to new_password over SSL.
ldappasswd -Z -h myhost -P /etc/dirsrv/slapd-instance_name/cert8.db -D
"uid=tuser3,ou=People,dc=example,dc=com"
-w old_password -a old_password -s new_password
Description
Specifies SASL options. T he format is -o
saslOption=value. saslOption can have one of six
values:
mech, the SASL authentication mechanism
authid, the user who is binding to the server
(Kerberos principal)
authzid, a proxy authorization (ignored by the
server since proxy authorization is not
supported)
secProp, the security properties
realm, the Kerberos realm
flags
T he expected values depend on the supported
mechanism. T he -o can be used multiple times to
pass all of the required SASL information for the
mechanism. For example:
-o "mech=DIGEST-MD5" -o
"authzid=test_user" -o
"authid=test_user"