ldappasswd
271
Option Description
-Z Specifies that SSL is to be used for the search
request.
-ZZ Specifies the Start TLS request. Use this option
to make a cleartext connection into a secure
one. If the server does not support Start TLS,
the command does not need to be aborted; it will
continue in cleartext.
-ZZZ Enforces the Start TLS request. The server
must respond that the request was successful.
If the server does not support Start TLS, such
as Start TLS is not enabled or the certificate
information is incorrect, the command is aborted
immediately.
Table 6.20. General ldappasswd Options
SASL Options
SASL mechanisms can be used to authenticate a user, using the -o the required SASL information.
To learn which SASL mechanisms are supported, search the root DSE. See the -b option in Table 6.3,
“Commonly-Used ldapsearch Options”.
Option Description
-o Specifies SASL options. The format is -o
saslOption=value. saslOption can have one of
six values:
• mech, the SASL authentication mechanism
• authid, the user who is binding to the server
(Kerberos principal)
• authzid, a proxy authorization (ignored by
the server since proxy authorization is not
supported)
• secProp, the security properties
• realm, the Kerberos realm
• flags
The expected values depend on the supported
mechanism. The -o can be used multiple times
to pass all of the required SASL information for
the mechanism. For example:
-o "mech=DIGEST-MD5" -o "authzid=test_user" -
o "authid=test_user"
Table 6.21. SASL Options
See SASL Options for ldapsearch for information on how to use SASL options with ldappasswd.
