Setting User Passwords with esfadmin

If you edit a user's password (the microfocus-MFDS-User-Pwd attribute) directly in the LDAP repository, using a tool such as ADSIEdit, you can only set a literal password value. This is often not satisfactory because the password can be seen by anyone who can read the repository.

If you have enabled MFDS administration of the LDAP repository, you can use MFDS to change a user's password. To do this, go to the MFDS security options, view the list of Security Managers, select the MLDAP manager, click the Properties button, edit the user, and set a new password. See the MFDS documentation for more information.

Another alternative is to use the esfadmin utility.

To set a password using the esfadmin command, you will need a valid ES username and password (not necessarily the user whose password you're setting), and an LDAP username and password for an account with write access to the user's record in the repository. esfadmin has to sign on to ESF before it can perform an admin request, which is why you need an ES username / password.

You set a password using the setpassword option:

esfadmin [options] setpassword user=username password=new-password

esfadmin will prompt for the LDAP user ID and password. (The user ID is usually specified as an LDAP DN, eg CN=admin,CN=ADAM Users,CN=Micro Focus,CN=Program Data,DC=local; or as a Windows username with domain, eg domain\admin.) You can also specify these on the command line using the -U and -P options (note these must be uppercase-U and uppercase-P).

By default esfadmin uses "SYSAD", one of the default accounts created during setup, for the ES username and password it uses to sign on to ESF. You can supply a different username and password with the -u and -p (both lowercase) options.