In LDAP, how do you take an existing Top Secret ACID, change its password, and expire it at next logon?

Here is an example of an ldapmodify command and its ldif file to change the password and make it expire:

ldapmodify -c -h YourHostName -p 389 -D cn=Admin -w password -x -f Your.ldif

YourHostName is your TCPIP name of your Host.
389 is the default port, use yours.
Admin is the administrator acid.
Your.ldif is your ldif file which contains what follows between the Top and End boundaries.

*** Top Of Ldif ****
dn: tssacid=myacid,tssadmingrp=acids,host=usi252me,o=ca,c=us
changetype: modify
replace: userPassword
userPassword: USRPWD,,EXP
*** End Of Ldif ***

The dn: has to fit your host definition, see your slapd.conf suffix field.