Using ldappasswd
Learn how to securely manage and update user passwords in an LDAP directory using the ldappasswd command.
Updated at March 2nd, 2026
Table of Contents
Date: 11-04-2022
The ldappasswd command is used for updating the userPassword on person-type entries. ldappasswd sends a Password Modify control so that the password is hashed before storing and also triggers password policy checks if policies are in place and enforced.
Because ldappasswd forces password hashing, it is safer than simply updating a password using the ldapmodify command.
ldappasswd Examples
These examples use the “ldap:///” URI for the host (localhost, unencrypted). This should be changed to “ldaps://<uri>” to perform these functions to servers over the network.
Update User Password
Update a user's password using simple bind as admin and prompting for the old and new password:
| ldappasswd Options | Description |
|---|---|
| -W | Prompt for admin's old password |
| -A | Prompt for user's old password |
| -S | Prompt for new password |
ldappasswd -xH ldap:/// -D <adminDN> -WAS "<userDN>"Self-serve Password Update
A user can change their own password using simple bind as themself and prompting for the old and new password:
| ldappasswd Options | Description |
|---|---|
| -x | Use simple bind (not SASL) |
| -H | Specify the LDAP protocol and server |
| -W | Prompt for admin's old password |
| -A | Prompt for user's old password |
| -S | Prompt for new password |
ldappasswd -xH ldap:/// -D "<userDN>" -WAS "<userDN>"For more information please see the ldappasswd Man Page.