Open Directoryのパスワードを変更するコマンドは何ですか？

私が遭遇した最も便利な答えは、passwdコマンドをdsclと組み合わせて使用​​することです。対話型セッションからの出力は次のとおりです（パスワードがアスタリスクに置き換えられています）。

$ dscl -u diradmin -p ces 
Password: 
 > cd /LDAPv3/127.0.0.1/
/LDAPv3/127.0.0.1 > auth diradmin *****
/LDAPv3/127.0.0.1 > passwd Users/Atwo807 *****
/LDAPv3/127.0.0.1 > passwd Users/Atwo249 *****
/LDAPv3/127.0.0.1 > passwd Users/doesnotexist foobar
passwd: Invalid Path
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
/LDAPv3/127.0.0.1 > exit
Goodbye

これが変更を加えるためのpythonスクリプトです。pexpectモジュール（Sudo easy_install pexpectあなたのためにそれを取得する必要があります。開発ツールをインストールする必要はないと思います）。

#!/usr/bin/env python

import pexpect

def ChangePasswords(Host, path, diradmin, diradmin_password, user_passwords, record_type='Users'):
    """Changes passwords in a Open Directory or similar directory service.

    Host = the dns name or IP of the computer hosting the directory
    path = the pathname to the directory (ex. '/LDAPv3/127.0.0.1')
    diradmin = the directory administrator's shortname (ex. 'diradmin')
    diradmin_password = the directory administrator's password
    user_passwords = a dictionary mapping record names (typically, user's short
                     names) onto their new password
    record_type = the sort of records you are updating.  Typically 'Users'

    Returns a Tuple.  The first entry is a list of all records (users) who
        failed to update.  The second entry is a list of all records (users)
        who successfully updated.
    """

    failed_list = []
    succeeded_list = []
    Prompt = " > "

    child = pexpect.spawn("dscl -u %s -p %s" % (diradmin, Host))

    if not (ReplyOnGoodResult(child, "Password:", diradmin_password) and
       ReplyOnGoodResult(child, Prompt, "cd %s" % path) and
       ReplyOnGoodResult(child, Prompt,
                        "auth %s %s"  % (diradmin, diradmin_password)) and
       ReplyOnGoodResult(child, Prompt, None)):
        print "Failed to log in and authenticate"
        failed_list = user_passwords.keys()
        return (failed_list, succeeded_list)

    # We are now logged in, and have a Prompt waiting for us
    expected_list = [ pexpect.EOF, pexpect.TIMEOUT,
                     '(?i)error', 'Invalid Path', Prompt ]
    desired_index = len(expected_list) - 1
    for record_name in user_passwords:        
        #print "Updating password for %s" % record_name,

        child.sendline("passwd %s/%s %s" % (record_type, record_name,
                                            user_passwords[record_name]))
        if child.expect(expected_list) == desired_index:
            #print ": Succeeded"
            succeeded_list.append(record_name)
        else:
            #print ": Failed"
            failed_list.append(record_name)
            child.expect(Prompt)

    child.sendline("exit")
    child.expect(pexpect.EOF)

    return (failed_list, succeeded_list)


def ReplyOnGoodResult(child, desired, reply):
    """Helps analyze the results as we try to set passwords.

    child = a pexpect child process
    desired = The value we hope to see 
    reply = text to send if we get the desired result (or None for no reply)
    If we do get the desired result, we send the reply and return true.
    If not, we return false."""

    expectations = [ pexpect.EOF, pexpect.TIMEOUT, '(?i)error', desired ]
    desired_index = len(expectations) - 1

    index = child.expect(expectations)
    if index == desired_index:
        if reply:
            child.sendline(reply)
        return True
    else:
        return False

次のように使用できます。

# This example assumes that you have named the script given above 'pwchange.py'
# and that it is in the current working directory
import pwchange 

(failed, succeeded) = pwchange.ChangePasswords("ces", "/LDAPv3/127.0.0.1", 
     "diradmin", "******", 
     { 'Atwo807' : '*****', 'Atwo249' : '*****', 
       'Nonexist' : 'foobar', 'Bad' : 'bad' })

print failed, succeeded
['Bad', 'Nonexist'] ['Atwo249', 'Atwo807']