Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Modify passwords in an LDIF file using ldapmodify command

Tags:

ldap

ldif

I have a LDIF file that consists of a set of test users and I would like to change the passwords for these users.

I used the ldapmodify command:

ldapmodify -c -a -f filename.ldif -h localhost -p <port> -D dn -w <pwd> << !

dn: uid=<userid>,dc=<branch>,DC=COM
changetype: modify
replace: userPassword
userPassword: <new pwd>
!

And I get the following error:

ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
  1. What does this mean?
  2. The syntax I have used can be used for only one user, I would like to modify the passwords of all the test users in my LDIF file. Is there a way to do so?
like image 452
user1428900 Avatar asked Jun 14 '12 15:06

user1428900

People also ask

How do I apply LDIF changes to a directory?

Apply a set of add, delete, modify, and/or modify DN operations to a directory server. Supply the changes to apply in LDIF format, either from standard input or from a file specified with the 'ldifFile' argument. Change records must be separated by at least one blank line.

How to modify ldapmodify data?

The sequence goes like this: 1 Issue the ldapmodify command (with appropriate options). 2 Inform ldapmodify what you are modifying. 3 Modify your data. 4 Escape with CTRL-d. 5 ldapmodify will make the changes.

How do I make changes to an LDAP file?

Using LDIF, LDAP changes are simple written within files with an arbitrary name and then fed into the LDAP system using one of the available management commands. LDIF works using a basic key-value system, with one statement per-line. The key is on the left-hand side of a line followed by a colon (:) and a space.

Why does LDAP fail to work with LDIF input files?

Unnecessary space characters in the LDIF input file, such as a space at the end of an attribute value, will cause the LDAP operations to fail. Line 1:Every change record has, as its first line, the literal dn:followed by the DN value for the entry, for example:

2 Answers

The given error is an indication that the server specified by the hostname and port could not be contacted, that is, a connection could not be established. Also, the legacy OpenLDAP ldapmodify client defaults to a SASL bind when the -x command line option is not specified.

The LDIF input can contain any number of entries to be modified, not just one:

dn: uid=abc,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: the-new-password

dn: uid=def,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: another-new-password

see also

  • LDAP: Mastering ldapmodify
like image 163
Terry Gardner Avatar answered Oct 09 '22 21:10

Terry Gardner

 
ldapmodify -p 389 -D "" -w -a -c v -f pwd.ldif

pwd.ldif has below 

dn: cn=config
changetype: modify
replace: root-dn-pwd
root-dn-pwd: xxxxxxx
like image 44
user3085471 Avatar answered Oct 09 '22 21:10

user3085471
Sign in to Comment

Related questions

What is the difference between OpenDS, OpenDJ and OpenAM?
Why use kerberos when you can do authentication and authorization through ldap? [closed]
Java API to query LDAP
Change Django Authentication Backend for Testing
What are the differences between LDAP and Active Directory authentication?
Finding all groups that a user manages
How can I extract the same employeeID attribute value that Outlook is displaying?
PHP connect via SSH tunnel to LDAP in other network
How to get groupname when I have the groupid
LDAP Query for Active-Directory Get-ADComputer in PowerShell
ActiveDirectoryMembershipProvider "The specified domain or server could not be contacted."
Creating an LDAP Server With PHP
Using one sign-in form with two Devise user models and different authentication methods
UserPrincipal.FindByIdentity() always returns null
PHP LDAP Get User Attributes, Including Associated Groups
Openldap: Is that possible to use "userPassword" instead of "2.5.4.35" for pwdAttribute?
How can I limit Jenkins LDAP access to users in a specific groupOfNames?
How to stop ldapsearch(1) from base64 encoding userPassword and other attributes?
ldap filter for distinguishedName

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!