1LDAPWHOAMI(1)               General Commands Manual              LDAPWHOAMI(1)
2
3
4

NAME

6       ldapwhoami - LDAP who am i? tool
7

SYNOPSIS

9       ldapwhoami  [-V[V]]  [-d debuglevel]  [-n]  [-v]  [-x] [-D binddn] [-W]
10       [-w passwd]   [-y passwdfile]    [-H ldapuri]    [-e [!]ext[=extparam]]
11       [-E [!]ext[=extparam]]   [-o opt[=optparam]]   [-O security-properties]
12       [-I] [-Q] [-N] [-U authcid] [-R realm] [-X authzid] [-Y mech] [-Z[Z]]
13

DESCRIPTION

15       ldapwhoami implements the LDAP "Who Am I?" extended operation.
16
17       ldapwhoami opens a connection to an LDAP server, binds, and performs  a
18       whoami operation.
19

OPTIONS

21       -V[V]  Print  version info.  If -VV is given, only the version informa‐
22              tion is printed.
23
24       -d debuglevel
25              Set the LDAP debugging level to debuglevel.  ldapwhoami must  be
26              compiled with LDAP_DEBUG defined for this option to have any ef‐
27              fect.
28
29       -n     Show what would be done, but don't actually perform  the  whoami
30              operation.  Useful for debugging in conjunction with -v.
31
32       -v     Run  in  verbose mode, with many diagnostics written to standard
33              output.
34
35       -x     Use simple authentication instead of SASL.
36
37       -D binddn
38              Use the Distinguished Name binddn to bind to the LDAP directory.
39              For SASL binds, the server is expected to ignore this value.
40
41       -W     Prompt for simple authentication.  This is used instead of spec‐
42              ifying the password on the command line.
43
44       -w passwd
45              Use passwd as the password for simple authentication.
46
47       -y passwdfile
48              Use complete contents of passwdfile as the password  for  simple
49              authentication.
50
51       -H ldapuri
52              Specify  URI(s) referring to the ldap server(s); only the proto‐
53              col/host/port fields are allowed; a list of  URI,  separated  by
54              whitespace or commas is expected.
55
56       -e [!]ext[=extparam]
57
58       -E [!]ext[=extparam]
59
60              Specify  general  extensions  with -e and whoami extensions with
61              -E.  ´!´ indicates criticality.
62
63              General extensions:
64                [!]assert=<filter>    (an RFC 4515 Filter)
65                !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
66                [!]bauthzid           (RFC 3829 authzid control)
67                [!]chaining[=<resolve>[/<cont>]]
68                [!]manageDSAit
69                [!]noop
70                ppolicy
71                [!]postread[=<attrs>] (a comma-separated attribute list)
72                [!]preread[=<attrs>]  (a comma-separated attribute list)
73                [!]relax
74                sessiontracking[=<username>]
75                abandon,cancel,ignore (SIGINT sends abandon/cancel,
76                or ignores response; if critical, doesn't wait for SIGINT.
77                not really controls)
78
79              WhoAmI extensions:
80                (none)
81
82       -o opt[=optparam]
83
84              Specify any ldap.conf(5) option or one of the following:
85                nettimeout=<timeout>  (in seconds, or "none" or "max")
86                ldif_wrap=<width>     (in columns, or "no" for no wrapping)
87
88              -o option that can be passed here, check  ldap.conf(5)  for  de‐
89              tails.
90
91       -O security-properties
92              Specify SASL security properties.
93
94       -I     Enable  SASL  Interactive  mode.   Always prompt.  Default is to
95              prompt only as needed.
96
97       -Q     Enable SASL Quiet mode.  Never prompt.
98
99       -N     Do not use reverse DNS to canonicalize SASL host name.
100
101       -U authcid
102              Specify the authentication ID for SASL bind. The form of the  ID
103              depends on the actual SASL mechanism used.
104
105       -R realm
106              Specify  the  realm of authentication ID for SASL bind. The form
107              of the realm depends on the actual SASL mechanism used.
108
109       -X authzid
110              Specify the requested authorization ID for SASL  bind.   authzid
111              must be one of the following formats: dn:<distinguished name> or
112              u:<username>
113
114       -Y mech
115              Specify the SASL mechanism to be  used  for  authentication.  If
116              it's  not  specified, the program will choose the best mechanism
117              the server knows.
118
119       -Z[Z]  Issue StartTLS (Transport Layer Security) extended operation. If
120              you  use  -ZZ, the command will require the operation to be suc‐
121              cessful.
122

EXAMPLE

124           ldapwhoami -x -D "cn=Manager,dc=example,dc=com" -W
125

SEE ALSO

127       ldap.conf(5), ldap(3), ldap_extended_operation(3)
128

AUTHOR

130       The OpenLDAP Project <http://www.openldap.org/>
131

ACKNOWLEDGEMENTS

133       OpenLDAP Software is developed and maintained by The  OpenLDAP  Project
134       <http://www.openldap.org/>.  OpenLDAP Software is derived from the Uni‐
135       versity of Michigan LDAP 3.3 Release.
136
137
138
139OpenLDAP 2.6.6                    2023/07/31                     LDAPWHOAMI(1)
Impressum