1LDAPWHOAMI(1)               General Commands Manual              LDAPWHOAMI(1)
2
3
4

NAME

6       ldapwhoami - LDAP who am i? tool
7

SYNOPSIS

9       ldapwhoami  [-V[V]]  [-d debuglevel]  [-n]  [-v]  [-x] [-D binddn] [-W]
10       [-w passwd] [-y passwdfile]  [-H ldapuri]  [-h ldaphost]  [-p ldapport]
11       [-e [!]ext[=extparam]]    [-E [!]ext[=extparam]]    [-o opt[=optparam]]
12       [-O security-properties] [-I] [-Q] [-N] [-U authcid] [-R realm] [-X au‐
13       thzid] [-Y mech] [-Z[Z]]
14

DESCRIPTION

16       ldapwhoami implements the LDAP "Who Am I?" extended operation.
17
18       ldapwhoami  opens a connection to an LDAP server, binds, and performs a
19       whoami operation.
20

OPTIONS

22       -V[V]  Print version info.  If -VV is given, only the version  informa‐
23              tion is printed.
24
25       -d debuglevel
26              Set  the LDAP debugging level to debuglevel.  ldapwhoami must be
27              compiled with LDAP_DEBUG defined for this option to have any ef‐
28              fect.
29
30       -n     Show  what  would be done, but don't actually perform the whoami
31              operation.  Useful for debugging in conjunction with -v.
32
33       -v     Run in verbose mode, with many diagnostics written  to  standard
34              output.
35
36       -x     Use simple authentication instead of SASL.
37
38       -D binddn
39              Use the Distinguished Name binddn to bind to the LDAP directory.
40              For SASL binds, the server is expected to ignore this value.
41
42       -W     Prompt for simple authentication.  This is used instead of spec‐
43              ifying the password on the command line.
44
45       -w passwd
46              Use passwd as the password for simple authentication.
47
48       -y passwdfile
49              Use  complete  contents of passwdfile as the password for simple
50              authentication.
51
52       -H ldapuri
53              Specify URI(s) referring to the ldap server(s); only the  proto‐
54              col/host/port  fields  are  allowed; a list of URI, separated by
55              whitespace or commas is expected.
56
57       -h ldaphost
58              Specify an alternate host on which the ldap server  is  running.
59              Deprecated in favor of -H.
60
61       -p ldapport
62              Specify  an  alternate TCP port where the ldap server is listen‐
63              ing.  Deprecated in favor of -H.
64
65       -e [!]ext[=extparam]
66
67       -E [!]ext[=extparam]
68
69              Specify general extensions with -e and  whoami  extensions  with
70              -E.  ´!´ indicates criticality.
71
72              General extensions:
73                [!]assert=<filter>    (an RFC 4515 Filter)
74                !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
75                [!]bauthzid           (RFC 3829 authzid control)
76                [!]chaining[=<resolve>[/<cont>]]
77                [!]manageDSAit
78                [!]noop
79                ppolicy
80                [!]postread[=<attrs>] (a comma-separated attribute list)
81                [!]preread[=<attrs>]  (a comma-separated attribute list)
82                [!]relax
83                sessiontracking
84                abandon,cancel,ignore (SIGINT sends abandon/cancel,
85                or ignores response; if critical, doesn't wait for SIGINT.
86                not really controls)
87
88              WhoAmI extensions:
89                (none)
90
91       -o opt[=optparam]
92
93              Specify any ldap.conf(5) option or one of the following:
94                nettimeout=<timeout>  (in seconds, or "none" or "max")
95                ldif_wrap=<width>     (in columns, or "no" for no wrapping)
96
97              -o  option  that  can be passed here, check ldap.conf(5) for de‐
98              tails.
99
100       -O security-properties
101              Specify SASL security properties.
102
103       -I     Enable SASL Interactive mode.  Always  prompt.   Default  is  to
104              prompt only as needed.
105
106       -Q     Enable SASL Quiet mode.  Never prompt.
107
108       -N     Do not use reverse DNS to canonicalize SASL host name.
109
110       -U authcid
111              Specify  the authentication ID for SASL bind. The form of the ID
112              depends on the actual SASL mechanism used.
113
114       -R realm
115              Specify the realm of authentication ID for SASL bind.  The  form
116              of the realm depends on the actual SASL mechanism used.
117
118       -X authzid
119              Specify  the  requested authorization ID for SASL bind.  authzid
120              must be one of the following formats: dn:<distinguished name> or
121              u:<username>
122
123       -Y mech
124              Specify  the  SASL  mechanism  to be used for authentication. If
125              it's not specified, the program will choose the  best  mechanism
126              the server knows.
127
128       -Z[Z]  Issue StartTLS (Transport Layer Security) extended operation. If
129              you use -ZZ, the command will require the operation to  be  suc‐
130              cessful.
131

EXAMPLE

133           ldapwhoami -x -D "cn=Manager,dc=example,dc=com" -W
134

SEE ALSO

136       ldap.conf(5), ldap(3), ldap_extended_operation(3)
137

AUTHOR

139       The OpenLDAP Project <http://www.openldap.org/>
140

ACKNOWLEDGEMENTS

142       OpenLDAP  Software  is developed and maintained by The OpenLDAP Project
143       <http://www.openldap.org/>.  OpenLDAP Software is derived from the Uni‐
144       versity of Michigan LDAP 3.3 Release.
145
146
147
148OpenLDAP                          2021/06/03                     LDAPWHOAMI(1)
Impressum