How to Use Command Line LDAP Tools to Change a User's Password
Dave Aiello wrote, "A little while ago, I was troubleshooting a glitch on one of the systems that I administer. I needed to reset an expired user's password, but the GUI front end to the LDAP server wouldn't work for some reason."
"In order to be able to go to bed, I had to figure out how to change the user's password with the LDAP command line tools. The system I am using has an ldapmodify, but no ldappasswd. Read on to see how I did it...."
Dave Aiello continued:
This might not be the only way this can be done, and I may be leaving out command line parameters that are required in other configurations. But, this sequence worked on one of my LDAP servers when I was logged into the machine it is running on.
In this example, the LDAP superuser is known by the common name "Directory Manager", the user whose password needs to be changed has the user ID "cornelius", and the organization is "foobar.com".
The words in italics are meant to be replaced by the relevant values for your installation. (So, you would replace "directory_manager_password" with the actual password.) The bold text is the responses of the server.$ ldapmodify -D "cn=Directory Manager" -w directory_manager_passwordIn case it isn't clear, ldapmodify will silently wait for input after you invoke it with parameters that are valid to bind to the LDAP server being accessed. The program is waiting for valid LDIF statements.
modifying entry uid=cornelius,o=foobar.com
As you can see, I typed a valid LDIF modify statement and then typed Control-Z and pressed the Return/Enter key. In my installation, ldapmodify sat there after it printed the message that begins "modifying entry". I might have been able to issue another Control-Z key sequence to be sent back to the command line. To be honest, I didn't have to do another another LDAP entry modification. If I find that doing another Control-Z would work, I will update this story.
I wrote this article because I couldn't find an example that would work with my server configuration. So, I spent some time trying to figure out the right syntax to use within ldapmodify, and this is what worked for me.
Update: Yes, hitting Control-Z twice does get you out of ldapmodify cleanly. In case it wasn't obvious, Control-Z is the proper End of File marker on Windows. Control-D would be the EOF marker if you are using UNIX.