1LDAPVC(1)                   General Commands Manual                  LDAPVC(1)
2
3
4

NAME

6       ldapvc - LDAP verify credentials tool
7

SYNOPSIS

9       ldapvc  [-V[V]]  [-d debuglevel]  [-a]  [-b] [-n] [-v] [-x] [-D binddn]
10       [-W] [-w passwd]  [-y passwdfile]  [-H ldapuri]  [-e [!]ext[=extparam]]
11       [-E [!]ext[=extparam]]   [-o opt[=optparam]]   [-O security-properties]
12       [-I] [-Q] [-N] [-U authcid] [-R realm] [-X authzid]  [-Y mech]  [-Z[Z]]
13       Distinguished Name [Credentials]
14

DESCRIPTION

16       ldapvc implements the LDAP "Verify Credentials" extended operation.
17
18       Verify  Credentials  operation behaves like LDAP Bind but has no impact
19       upon the underlying LDAP session.
20

OPTIONS

22       -V[V]  Print version info.  If -VV is given, only the version  informa‐
23              tion is printed.
24
25       -d debuglevel
26              Set the LDAP debugging level to debuglevel.  ldapvc must be com‐
27              piled with LDAP_DEBUG defined for this option to  have  any  ef‐
28              fect.
29
30       -a     Print  the  authzID  resulting from a successful verification of
31              credentials.
32
33       -b     Print the results from the ppolicy control after verification of
34              credentials.
35
36       -n     Show  what  would be done, but don't actually perform the opera‐
37              tion.  Useful for debugging in conjunction with -v.
38
39       -v     Run in verbose mode, with many diagnostics written  to  standard
40              output.
41
42       -x     Use simple authentication instead of SASL.
43
44       -D binddn
45              Use the Distinguished Name binddn to bind to the LDAP directory.
46              For SASL binds, the server is expected to ignore this value.
47
48       -W     Prompt for simple authentication.  This is used instead of spec‐
49              ifying the password on the command line.
50
51       -w passwd
52              Use passwd as the password for simple authentication.
53
54       -y passwdfile
55              Use  complete  contents of passwdfile as the password for simple
56              authentication.
57
58       -H ldapuri
59              Specify URI(s) referring to the ldap server(s); only the  proto‐
60              col/host/port  fields  are  allowed; a list of URI, separated by
61              whitespace or commas is expected.
62
63       -e [!]ext[=extparam]
64
65       -E [!]ext[=extparam]
66
67              Specify general extensions with -e and Verify Credentials exten‐
68              sions with -E.  ´!´ indicates criticality.
69
70              General extensions:
71                [!]assert=<filter>    (an RFC 4515 Filter)
72                [!]bauthzid           (RFC 3829 authzid control)
73                [!]chaining[=<resolve>[/<cont>]]
74                [!]manageDSAit
75                [!]noop
76                ppolicy
77                [!]postread[=<attrs>] (a comma-separated attribute list)
78                [!]preread[=<attrs>]  (a comma-separated attribute list)
79                [!]relax
80                sessiontracking[=<username>]
81                abandon,cancel,ignore (SIGINT sends abandon/cancel,
82                or ignores response; if critical, doesn't wait for SIGINT.
83                not really controls)
84
85              Verify Credentials extensions:
86
87              The  following options set SASL params on the Verify Credentials
88              request:
89                authcid=<authcid>    (SASL Authentication Identity "dn:<dn>" or "u:<user>")
90                authzid=<authzid>    (SASL Authorization Identity "dn:<dn>" or "u:<user>")
91                mech=<mech>          (SASL mechanism default e.g. Simple)
92                realm=<realm>        (SASL Realm, defaults to none)
93                sasl=a[utomatic]|i[nteractive]|q[uiet]  (SASL mode defaults to automatic if any other -E option provided, otherwise none)
94                secprops=<secprops>  (SASL Security Properties)
95
96       -o opt[=optparam]
97
98              Specify any ldap.conf(5) option or one of the following:
99                nettimeout=<timeout>  (in seconds, or "none" or "max")
100                ldif_wrap=<width>     (in columns, or "no" for no wrapping)
101
102              -o option that can be passed here, check  ldap.conf(5)  for  de‐
103              tails.
104
105       -O security-properties
106              Specify SASL security properties.
107
108       -I     Enable  SASL  Interactive  mode.   Always prompt.  Default is to
109              prompt only as needed.
110
111       -Q     Enable SASL Quiet mode.  Never prompt.
112
113       -N     Do not use reverse DNS to canonicalize SASL host name.
114
115       -U authcid
116              Specify the authentication ID for SASL bind. The form of the  ID
117              depends on the actual SASL mechanism used.
118
119       -R realm
120              Specify  the  realm of authentication ID for SASL bind. The form
121              of the realm depends on the actual SASL mechanism used.
122
123       -X authzid
124              Specify the requested authorization ID for SASL  bind.   authzid
125              must be one of the following formats: dn:<distinguished name> or
126              u:<username>
127
128       -Y mech
129              Specify the SASL mechanism to be  used  for  authentication.  If
130              it's  not  specified, the program will choose the best mechanism
131              the server knows.
132
133       -Z[Z]  Issue StartTLS (Transport Layer Security) extended operation. If
134              you  use  -ZZ, the command will require the operation to be suc‐
135              cessful.
136

EXAMPLE

138           ldapvc -x "uid=Alice,ou=People,dc=example,dc=com"
139

SEE ALSO

141       ldap.conf(5), ldap(3), ldap_extended_operation(3)
142

AUTHOR

144       The OpenLDAP Project <http://www.openldap.org/>
145

ACKNOWLEDGEMENTS

147       OpenLDAP Software is developed and maintained by The  OpenLDAP  Project
148       <http://www.openldap.org/>.  OpenLDAP Software is derived from the Uni‐
149       versity of Michigan LDAP 3.3 Release.
150
151
152
153OpenLDAP 2.6.6                    2023/07/31                         LDAPVC(1)
Impressum