What is the command used to generate password hashes suitable for slapd.conf?

The command that generates password hashes suitable for use in the slapd.conf file is slappasswd. This command provides a secure way to create hashed passwords that can be used for access control in OpenLDAP configurations.

When using slappasswd, it generates a cryptographic hash of a plain-text password using supported hashing algorithms such as SHA, SSHA, or MD5. This is critical for maintaining security because it means that the actual password is never stored in plain text, protecting sensitive information from potential unauthorized access. The output from slappasswd can then be directly placed into the slapd.conf file or used in an LDAP entry to manage and authenticate users securely.

The other options listed serve different purposes within the LDAP ecosystem. For instance, slapindex is used for indexing LDAP databases, sindexd is not a standard command associated with OpenLDAP, and ldapsearch is primarily for querying and retrieving information from an LDAP directory rather than for managing user passwords. Thus, slappasswd is the appropriate choice for generating password hashes for slapd.conf.