Option Description
The -D option cannot be used with the -N option.
For more information on access control, see
the "Managing Access Control" chapter in the
Directory Server Administrator's Guide.
-g Specifies that the password policy request
control not be sent with the bind request. By
default, the new LDAP password policy request
control is sent with bind requests.
The ldappasswd tool can parse and display
information from the response control if it is
returned by a server; that is, the tool will print
an appropriate error or warning message when
a server sends the password policy response
control with the appropriate value.
The criticality of the request control is set to
false to ensure that all LDAPv3 servers that
do not understand the control can ignore it. To
suppress sending of the request control with the
bind request, include -g on the command-line.
-h Specifies the name of the host on which the
server is running. For example:
-h cyclops
The default is localhost.
-I Specifies the SSL key password file that contains
the token:password pair.
-K Specifies the path, including the filename, of the
private key database of the client. This can be
the absolute or relative (to the server root) path.
The -K option must be used when the key
database is not called key3.db or when the
key database is not in the same directory as
the certificate database (that is, the cert8.db
file, the path for which is specified with the -P
-N Specifies the certificate name to use for
certificate-based client authentication. For
-N Server-Cert
If this option is specified, then the -Z and -W
options are required.