1LDAPWHOAMI(1)               General Commands Manual              LDAPWHOAMI(1)
2
3
4

NAME

6       ldapwhoami - LDAP who am i? tool
7

SYNOPSIS

9       ldapwhoami  [-V[V]]  [-d debuglevel]  [-n]  [-v]  [-x] [-D binddn] [-W]
10       [-w passwd] [-y passwdfile]  [-H ldapuri]  [-h ldaphost]  [-p ldapport]
11       [-e [!]ext[=extparam]]    [-E [!]ext[=extparam]]    [-o opt[=optparam]]
12       [-O security-properties]  [-I]  [-Q]   [-N]   [-U authcid]   [-R realm]
13       [-X authzid] [-Y mech] [-Z[Z]]
14

DESCRIPTION

16       ldapwhoami implements the LDAP "Who Am I?" extended operation.
17
18       ldapwhoami  opens a connection to an LDAP server, binds, and performs a
19       whoami operation.
20

OPTIONS

22       -V[V]  Print version info.  If -VV is given, only the version  informa‐
23              tion is printed.
24
25       -d debuglevel
26              Set  the LDAP debugging level to debuglevel.  ldapwhoami must be
27              compiled with LDAP_DEBUG defined for this  option  to  have  any
28              effect.
29
30       -n     Show  what  would be done, but don't actually perform the whoami
31              operation.  Useful for debugging in conjunction with -v.
32
33       -v     Run in verbose mode, with many diagnostics written  to  standard
34              output.
35
36       -x     Use simple authentication instead of SASL.
37
38       -D binddn
39              Use the Distinguished Name binddn to bind to the LDAP directory.
40              For SASL binds, the server is expected to ignore this value.
41
42       -W     Prompt for simple authentication.  This is used instead of spec‐
43              ifying the password on the command line.
44
45       -w passwd
46              Use passwd as the password for simple authentication.
47
48       -y passwdfile
49              Use  complete  contents of passwdfile as the password for simple
50              authentication.
51
52       -H ldapuri
53              Specify URI(s) referring to the ldap server(s); only the  proto‐
54              col/host/port  fields  are  allowed; a list of URI, separated by
55              whitespace or commas is expected.
56
57       -h ldaphost
58              Specify an alternate host on which the ldap server  is  running.
59              Deprecated in favor of -H.
60
61       -p ldapport
62              Specify  an  alternate TCP port where the ldap server is listen‐
63              ing.  Deprecated in favor of -H.
64
65       -e [!]ext[=extparam]
66
67       -E [!]ext[=extparam]
68
69              Specify general extensions with -e and  whoami  extensions  with
70              -E.  ´!´ indicates criticality.
71
72              General extensions:
73                [!]assert=<filter>    (an RFC 4515 Filter)
74                !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
75                [!]bauthzid           (RFC 3829 authzid control)
76                [!]chaining[=<resolve>[/<cont>]]
77                [!]manageDSAit
78                [!]noop
79                ppolicy
80                [!]postread[=<attrs>] (a comma-separated attribute list)
81                [!]preread[=<attrs>]  (a comma-separated attribute list)
82                [!]relax
83                sessiontracking
84                abandon,cancel,ignore (SIGINT sends abandon/cancel,
85                or ignores response; if critical, doesn't wait for SIGINT.
86                not really controls)
87
88              WhoAmI extensions:
89                (none)
90
91       -o opt[=optparam]
92
93              Specify general options.
94
95              General options:
96                nettimeout=<timeout>  (in seconds, or "none" or "max")
97                ldif-wrap=<width>     (in columns, or "no" for no wrapping)
98
99       -O security-properties
100              Specify SASL security properties.
101
102       -I     Enable  SASL  Interactive  mode.   Always prompt.  Default is to
103              prompt only as needed.
104
105       -Q     Enable SASL Quiet mode.  Never prompt.
106
107       -N     Do not use reverse DNS to canonicalize SASL host name.
108
109       -U authcid
110              Specify the authentication ID for SASL bind. The form of the  ID
111              depends on the actual SASL mechanism used.
112
113       -R realm
114              Specify  the  realm of authentication ID for SASL bind. The form
115              of the realm depends on the actual SASL mechanism used.
116
117       -X authzid
118              Specify the requested authorization ID for SASL  bind.   authzid
119              must be one of the following formats: dn:<distinguished name> or
120              u:<username>
121
122       -Y mech
123              Specify the SASL mechanism to be  used  for  authentication.  If
124              it's  not  specified, the program will choose the best mechanism
125              the server knows.
126
127       -Z[Z]  Issue StartTLS (Transport Layer Security) extended operation. If
128              you  use  -ZZ, the command will require the operation to be suc‐
129              cessful.
130

EXAMPLE

132           ldapwhoami -x -D "cn=Manager,dc=example,dc=com" -W
133

SEE ALSO

135       ldap.conf(5), ldap(3), ldap_extended_operation(3)
136

AUTHOR

138       The OpenLDAP Project <http://www.openldap.org/>
139

ACKNOWLEDGEMENTS

141       OpenLDAP Software is developed and maintained by The  OpenLDAP  Project
142       <http://www.openldap.org/>.  OpenLDAP Software is derived from the Uni‐
143       versity of Michigan LDAP 3.3 Release.
144
145
146
147OpenLDAP 2.4.50                   2020/04/28                     LDAPWHOAMI(1)
Impressum