Table 6.20. general ldappasswd options – Red Hat 8.1 User Manual

Page 200

Advertising
background image

Table 6.20. General ldappasswd Options

Option

Description

-3

Specifies that hostnames should be checked in SSL
certificates.

-D

Specifies the distinguished name with which to
authenticate to the server. This value must be a DN
recognized by the Directory Server, and it must also
have the authority to delete the entries. For
example:

-D "uid=bjensen, dc=example,dc=com"

The -D option cannot be used with the -N option.

For more information on access control, see the
"Managing Access Control" chapter in the Directory
Server Administrator's Guide.

-g

Specifies that the password policy request control
not be sent with the bind request. By default, the
new LDAP password policy request control is sent
with bind requests.
The ldappasswd tool can parse and display
information from the response control if it is
returned by a server; that is, the tool will print an
appropriate error or warning message when a
server sends the password policy response control
with the appropriate value.

The criticality of the request control is set to false
to ensure that all LDAPv3 servers that do not
understand the control can ignore it. To suppress
sending of the request control with the bind
request, include -g on the command-line.

-h

Specifies the name of the host on which the server
is running. For example:

-h cyclops

The default is localhost.

-I

Specifies the SSL key password file that contains
the token:password pair.

-K

Specifies the path, including the filename, of the
private key database of the client. This can be the
absolute or relative (to the server root) path.
The -K option must be used when the key
database is not called key3.db or when the key
database is not in the same directory as the
certificate database (that is, the cert8.db file, the
path for which is specified with the -P option).

-N

Specifies the certificate name to use for certificate-
based client authentication. For example:

-N Server-Cert

If this option is specified, then the -Z and -W
options are required.

If this option is specified, then the -D and -w
options must not be specified, or certificate-based
authentication will not occur, and the bind operation
will use the authentication credentials specified by -
D and -w.

-P

Specifies the absolute path, including the filename,
of the certificate database of the client. This option
is used only with the -Z option.
When used on a machine where an SSL-enabled
web browser is configured, the path specified on
this option can be that of the certificate database

200

Chapter 6. Command-Line Utilities

Advertising
Popular Brands
Popular manuals