Some context might be useful. We have an openldap instance to manage users. We also have phpLDAPadmin, but that’s not the point. The point is that I want to add/edit an user from command line. Adding a user it not a problem.
ldapadduser john.doe users Warning : using command-line passwords, ldapscripts may not be safe Successfully added user john.doe to LDAP Successfully set password for user john.doe
However, changing the password was a little bit more problematic.
ldappasswd briana.bennett SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database
I also tried with:
ldappasswd -D "cn=admin,dc=domain,dc=net" -W -x john.doe Enter LDAP Password: Result: Invalid syntax (21) Additional info: Invalid DN
Hmm… have no fear, I solved the problem. For future reference if anyone happens across this post with the same issue, the user you are trying to change must also be a full DN:
ldappasswd -D 'cn=admin,dc=domain,dc=net' -W -S -x 'uid=john.doe,ou=users,dc=domain,dc=net' -s KZ1URpsdEhP1HOJG
Note: instead of using -s (which is used to specify the password on the command line) -S to instruct ldappasswd to prompt for new password.