2011-2012ForgeRock AS ldappasswordmodify1 OpenDJ ldappasswordmodify perform LDAP password modifications ldappasswordmodify options This utility can be used to perform LDAP password modify operations in the directory. The following options are supported. -a, --authzID {authzID} Authorization ID for the user entry whose password should be changed The authorization ID is a string having either the prefix dn: followed by the user's distinguished name, or the prefix u: followed by a user identifier that depends on the identity mapping used to match the user identifier to an entry in the directory. Examples include dn:uid=bjensen,ou=People,dc=example,dc=com, and, if we assume that bjensen is mapped to Barbara Jensen's entry, u:bjensen. -A, --provideDNForAuthzID Use the bind DN as the authorization ID for the password modify operation -c, --currentPassword {currentPassword} Current password for the target user -C, --currentPasswordFile {file} Path to a file containing the current password for the target user -J, --control {controloid[:criticality[:value|::b64value|:<filePath]]} Use a request control with the provided information -n, --newPassword {newPassword} New password to provide for the target user -N, --newPasswordFile {file} Path to a file containing the new password to provide for the target user --certNickname {nickname} Nickname of certificate for SSL client authentication --connectTimeout {timeout} Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. Default: 30000 -D, --bindDN {bindDN} DN to use to bind to the server Default value: cn=Directory Manager -h, --hostname {host} Directory server hostname or IP address Default value: localhost.localdomain -j, --bindPasswordFile {bindPasswordFile} Bind password file -K, --keyStorePath {keyStorePath} Certificate key store path -p, --port {port} Directory server port number Default value: 389 -P, --trustStorePath {trustStorePath} Certificate trust store path -q, --useStartTLS Use StartTLS to secure communication with the server --trustStorePassword {trustStorePassword} Certificate trust store PIN -u, --keyStorePasswordFile {keyStorePasswordFile} Certificate key store PIN file -U, --trustStorePasswordFile {path} Certificate trust store PIN file -w, --bindPassword {bindPassword} Password to use to bind to the server -W, --keyStorePassword {keyStorePassword} Certificate key store PIN -X, --trustAll Trust all server SSL certificates -Z, --useSSL Use SSL for secure communication with the server --noPropertiesFile No properties file will be used to get default command line argument values --propertiesFilePath {propertiesFilePath} Path to the file containing default property values used for command line arguments -?, -H, --help Display usage information -V, --version Display directory server version information --version Display version information -?, -H, --help Display usage information 0 The command completed successfully. ldap-error An LDAP error occurred while processing the operation. LDAP result codes are described in RFC 4511. Also see the additional information for details. 89 An error occurred while parsing the command-line arguments. You can use ~/.opendj/tools.properties to set the defaults for bind DN, host name, and port number as in the following example. hostname=directory.example.com port=1389 bindDN=uid=kvaughan,ou=People,dc=example,dc=com ldapcompare.port=1389 ldapdelete.port=1389 ldapmodify.port=1389 ldappasswordmodify.port=1389 ldapsearch.port=1389 The following example demonstrates a user changing the password for her entry. $ cat /tmp/currpwd.txt /tmp/newpwd.txt bribery secret12 $ ldappasswordmodify -p 1389 -C /tmp/currpwd.txt -N /tmp/newpwd.txt -a "dn:uid=kvaughan,ou=people,dc=example,dc=com" -D uid=kvaughan,ou=people,dc=example,dc=com -w bribery The LDAP password modify operation was successful