Checking a users password using “dscl”
If you’re running an OS X server as an Open Directory master you can use this tip to check users passwords against a known password. For example, if you give all your users a default password and want to check if they’ve changed their password you can check with this technique. I know most people would say “Just check the box saying they have to change their password on login”. But, your users are Windows users that can cause a lot of headaches.
In Terminal enter the following:
/usr/bin/dscl /LDAPv3/127.0.0.1 auth matt knownpasswd
You either have to be logged into the server or have the server in your Directory Access authentication path for this to work. If you are logged into the server use “/LDAPv3/127.0.0.1” as the server path. If you are on a client machine and have it in your authentication path use the servers address. For example, “/LDAPv3/192.168.1.2”
This tests the password “knownpasswd” for the user matt in the LDAP directory. If the password is correct you’ll get no feedback. If the password is incorrect you’ll get a “-14090, eDSAuthFailed” error.
Look at man dscl for more information if needed.