Directory Server Documentation Index
Command-Line Tool Reference Home

ldappasswordmodify

Description
Examples
Arguments

Description

Perform LDAP password modify operations in the Directory Server.

Examples

Allow the user with username 'jdoe' to change his own password from 'oldpw' to 'newpw':
ldappasswordmodify --hostname server.example.com --port 389 --authzID u:jdoe \
     --currentPassword oldpw --newPassword newpw


Allow the administrator with DN 'uid=admin,dc=example,dc=com' to change the password for the user with DN 'uid=jdoe,ou=People,dc=example,dc=com' to 'newpw':
ldappasswordmodify --hostname server.example.com --port 389 \
     --bindDN uid=admin,dc=example,dc=com --bindPassword adminpw \
     --authzID dn:uid=jdoe,ou=People,dc=example,dc=com --newPassword newpw

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

Arguments

-V
--version

Description Display Directory Server version information

-H
--help

Description Display general usage information

--help-ldap

Description Display help for using LDAP options

--help-sasl

Description Display help for using SASL options

--help-debug

Description Display help for using debug options
Advanced Yes

--propertiesFilePath {propertiesFilePath}

Description Path to the file that contains default property values used for command-line arguments
Required No
Multi-Valued No

--noPropertiesFile

Description Specify that no properties file will be used to get default command-line argument values

--script-friendly

Description Use script-friendly mode

-h {host}
--hostname {host}

Description Address of the Directory Server system
Default Value 127.0.0.1
Required No
Multi-Valued No

-p {port}
--port {port}

Description Port on which the Directory Server listens for LDAP client connections
Lower Bound 1
Upper Bound 65535
Default Value 389
Required No
Multi-Valued No

-Z
--useSSL

Description Use SSL to secure the communication with the Directory Server

-q
--useStartTLS

Description Use StartTLS to secure the communication with the Directory Server

-D {bindDN}
--bindDN {bindDN}

Description DN used to bind to the server
Required No
Multi-Valued No

-w {bindPassword}
--bindPassword {bindPassword}

Description Password used to bind to the server
Required No
Multi-Valued No

-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}

Description Path to a file containing the password used to bind to the server
Required No
Multi-Valued No

-a {authzID}
--authzID {authzID}

Description Authorization ID for the user entry whose password should be changed
Required No
Multi-Valued No

-A
--provideDNForAuthzID

Description Use the bind DN as the authorization ID for the password modify operation

-n {newPassword}
--newPassword {newPassword}

Description New password to provide for the target user
Required No
Multi-Valued No

-N {file}
--newPasswordFile {file}

Description Path to a file containing the new password to provide for the target user
Required No
Multi-Valued No

-c {currentPassword}
--currentPassword {currentPassword}

Description Current password for the target user
Required No
Multi-Valued No

-C {file}
--currentPasswordFile {file}

Description Path to a file containing the current password for the target user
Required No
Multi-Valued No

-X
--trustAll

Description Blindly trust any SSL certificate presented by the server

-K {keystorePath}
--keyStorePath {keystorePath}

Description Path to the keystore to use when establishing SSL/TLS communication with the server
Required No
Multi-Valued No

-W {keystorePassword}
--keyStorePassword {keystorePassword}

Description The PIN needed to access the contents of the keystore
Required No
Multi-Valued No

-u {keystorePasswordFile}
--keyStorePasswordFile {keystorePasswordFile}

Description Path to a file containing the PIN needed to access the contents of the keystore
Required No
Multi-Valued No

--certNickname {nickname}

Description Nickname of the certificate for SSL client authentication
Required No
Multi-Valued No

-P {truststorePath}
--trustStorePath {truststorePath}

Description Path to the truststore to use when establishing SSL/TLS communication with the server
Required No
Multi-Valued No

--trustStorePassword {truststorePassword}

Description The PIN needed to access the contents of the truststore
Required No
Multi-Valued No

-U {path}
--trustStorePasswordFile {path}

Description Path to a file containing the PIN needed to access the contents of the truststore
Required No
Multi-Valued No

--useAdministrativeSession

Description Attempt to use an administrative session to have operations processed on a dedicated pool of worker threads. This may be useful when trying to diagnose problems in a server that is unresponsive because all normal worker threads are busy processing other requests

-J {controloid[:criticality[:value|::b64value|:
--control {controloid[:criticality[:value|::b64value|:

Description Use a request control with the provided information. For certain controls that do not require a value, you may provide a user-friendly name instead of the numeric OID for the control. Supported names include: authorization-identity, get-effective-rights, hard-delete, ignore-no-user-modification, manage-dsa-it, no-op, password-policy, permissive-modify, purge-password, real-attributes-only, replication-repair, retire-password, return-conflict-entries, soft-delete, soft-deleted-entry-access, subtree-delete, undelete and virtual-attributes-only. Note that not all types of controls apply to all types of operations
Required No
Multi-Valued Yes

--retireCurrentPassword

Description If the modify operation includes a password change, attempt to retire the user's current password so that it may continue to be used for a period of time

--purgeCurrentPassword

Description If the modify operation includes a password change, attempt to ensure that the user's current password is purged rather than retired so that it can no longer be used