Symas OpenLDAP Knowledge Base

Using slappasswd


slappasswd Man Page

Online Use: ✅

Syntax: slappasswd [-h <scheme>] [-s <secret> | -T <file>]

  • The slappasswd command is used to hash password values for storage in an OpenLDAP database or slapd configuration
  • Most commonly it is used to hash the rootpw|olcRootPw attribute in the slapd configuration
  • Password updates for regular directory entries should be performed using the ldappasswd command to ensure any password policy in place is respected
  • If the ‘-s’ or ‘-T’ option is not specified, the user is prompted for a password
Option Description
-h <scheme> The password hashing scheme. {SSHA} is the default
-s <secret> The password to hash. Caution: Using “-s” will store the clear text password in the command shell history
-T <file> A file containing the password to hash


  • Hash a password with the default scheme, reading from a file:

    slappasswd -T passfile.txt

  • Hash a password using the SSHA512 scheme

    slappasswd -h "{SSHA512}"