Red Hat Directory Server 8.0 Administrator's Guide
Directory Server supports the password change extended operation as defined in RFC 3062, so
users can change their passwords, using a suitable client, in a standards-compliant way.
Directory Server does not include a client application for the password change extended
operation. However, the ldappasswd utility can be used as follows:
ldappasswd -h hostname -p secure_port -Z -P /path/to/cert8.db -D bindDN -w
bindPassword
[-a oldPassword] -s newPassworduser
Parameter Description
-h Gives the hostname of the Directory Server.
-p Gives the port number of the Directory Server.
Since SSL is required for password change
operations, this is usually give the TLS/SSL
port of the Directory Server. With the -ZZ or
-ZZZ for Start TLS, this can be the standard
port.
-Z Requires SSL for the connection. A secure
connection is required for the password
change operation.
NOTE
ldappasswd also supports
Start TLS encryption (-ZZ[Z]).
-P Gives the full path to the certificate database
which contains the CA certificate of the CA
that issued the Directory Server client
certificate. If the ldappasswd command is run
on the same machine that the Directory
Server is installed on, this can be
/etc/dirsrv/slapd-instance_name/cert8.db.
If this is not given, the default is the current
directory.
-D Gives the bind DN.
-w Gives the password for the bind DN.
-a Optional. Gives the old password, which is
being changed.
-s Sets the new password.
Table 7.2. ldappasswd Options
Chapter 7. Managing User Accounts and Passwords
256