1.lf 1 stdin 2.TH LDAPWHOAMI 1 "2020/04/28" "OpenLDAP 2.4.50" 3.\" $OpenLDAP$ 4.\" Copyright 1998-2020 The OpenLDAP Foundation All Rights Reserved. 5.\" Copying restrictions apply. See COPYRIGHT/LICENSE. 6.SH NAME 7ldapwhoami \- LDAP who am i? tool 8.SH SYNOPSIS 9.B ldapwhoami 10[\c 11.BR \-V [ V ]] 12[\c 13.BI \-d \ debuglevel\fR] 14[\c 15.BR \-n ] 16[\c 17.BR \-v ] 18[\c 19.BR \-x ] 20[\c 21.BI \-D \ binddn\fR] 22[\c 23.BR \-W ] 24[\c 25.BI \-w \ passwd\fR] 26[\c 27.BI \-y \ passwdfile\fR] 28[\c 29.BI \-H \ ldapuri\fR] 30[\c 31.BI \-h \ ldaphost\fR] 32[\c 33.BI \-p \ ldapport\fR] 34[\c 35.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] 36[\c 37.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]] 38[\c 39.BI \-o \ opt \fR[= optparam \fR]] 40[\c 41.BI \-O \ security-properties\fR] 42[\c 43.BR \-I ] 44[\c 45.BR \-Q ] 46[\c 47.BR \-N ] 48[\c 49.BI \-U \ authcid\fR] 50[\c 51.BI \-R \ realm\fR] 52[\c 53.BI \-X \ authzid\fR] 54[\c 55.BI \-Y \ mech\fR] 56[\c 57.BR \-Z [ Z ]] 58.SH DESCRIPTION 59.I ldapwhoami 60implements the LDAP "Who Am I?" extended operation. 61.LP 62.B ldapwhoami 63opens a connection to an LDAP server, binds, and performs a whoami 64operation. 65.SH OPTIONS 66.TP 67.BR \-V [ V ] 68Print version info. 69If \fB\-VV\fP is given, only the version information is printed. 70.TP 71.BI \-d \ debuglevel 72Set the LDAP debugging level to \fIdebuglevel\fP. 73.B ldapwhoami 74must be compiled with LDAP_DEBUG defined for this option to have any effect. 75.TP 76.B \-n 77Show what would be done, but don't actually perform the whoami operation. 78Useful for 79debugging in conjunction with \fB\-v\fP. 80.TP 81.B \-v 82Run in verbose mode, with many diagnostics written to standard output. 83.TP 84.B \-x 85Use simple authentication instead of SASL. 86.TP 87.BI \-D \ binddn 88Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory. 89For SASL binds, the server is expected to ignore this value. 90.TP 91.B \-W 92Prompt for simple authentication. 93This is used instead of specifying the password on the command line. 94.TP 95.BI \-w \ passwd 96Use \fIpasswd\fP as the password for simple authentication. 97.TP 98.BI \-y \ passwdfile 99Use complete contents of \fIpasswdfile\fP as the password for 100simple authentication. 101.TP 102.BI \-H \ ldapuri 103Specify URI(s) referring to the ldap server(s); only the protocol/host/port 104fields are allowed; a list of URI, separated by whitespace or commas 105is expected. 106.TP 107.BI \-h \ ldaphost 108Specify an alternate host on which the ldap server is running. 109Deprecated in favor of \fB\-H\fP. 110.TP 111.BI \-p \ ldapport 112Specify an alternate TCP port where the ldap server is listening. 113Deprecated in favor of \fB\-H\fP. 114.TP 115.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ] 116.TP 117.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ] 118 119Specify general extensions with \fB\-e\fP and whoami extensions with \fB\-E\fP. 120\'\fB!\fP\' indicates criticality. 121 122General extensions: 123.nf 124 [!]assert=<filter> (an RFC 4515 Filter) 125 !authzid=<authzid> ("dn:<dn>" or "u:<user>") 126 [!]bauthzid (RFC 3829 authzid control) 127 [!]chaining[=<resolve>[/<cont>]] 128 [!]manageDSAit 129 [!]noop 130 ppolicy 131 [!]postread[=<attrs>] (a comma-separated attribute list) 132 [!]preread[=<attrs>] (a comma-separated attribute list) 133 [!]relax 134 sessiontracking 135 abandon,cancel,ignore (SIGINT sends abandon/cancel, 136 or ignores response; if critical, doesn't wait for SIGINT. 137 not really controls) 138.fi 139 140WhoAmI extensions: 141.nf 142 (none) 143.fi 144.TP 145.BI \-o \ opt \fR[= optparam \fR] 146 147Specify general options. 148 149General options: 150.nf 151 nettimeout=<timeout> (in seconds, or "none" or "max") 152 ldif-wrap=<width> (in columns, or "no" for no wrapping) 153.fi 154.TP 155.BI \-O \ security-properties 156Specify SASL security properties. 157.TP 158.B \-I 159Enable SASL Interactive mode. Always prompt. Default is to prompt 160only as needed. 161.TP 162.B \-Q 163Enable SASL Quiet mode. Never prompt. 164.TP 165.B \-N 166Do not use reverse DNS to canonicalize SASL host name. 167.TP 168.BI \-U \ authcid 169Specify the authentication ID for SASL bind. The form of the ID 170depends on the actual SASL mechanism used. 171.TP 172.BI \-R \ realm 173Specify the realm of authentication ID for SASL bind. The form of the realm 174depends on the actual SASL mechanism used. 175.TP 176.BI \-X \ authzid 177Specify the requested authorization ID for SASL bind. 178.I authzid 179must be one of the following formats: 180.BI dn: "<distinguished name>" 181or 182.BI u: <username> 183.TP 184.BI \-Y \ mech 185Specify the SASL mechanism to be used for authentication. If it's not 186specified, the program will choose the best mechanism the server knows. 187.TP 188.BR \-Z [ Z ] 189Issue StartTLS (Transport Layer Security) extended operation. If you use 190\fB\-ZZ\fP, the command will require the operation to be successful. 191.SH EXAMPLE 192.nf 193 ldapwhoami \-x \-D "cn=Manager,dc=example,dc=com" \-W 194.fi 195.SH "SEE ALSO" 196.BR ldap.conf (5), 197.BR ldap (3), 198.BR ldap_extended_operation (3) 199.SH AUTHOR 200The OpenLDAP Project <http://www.openldap.org/> 201.SH ACKNOWLEDGEMENTS 202.lf 1 ./../Project 203.\" Shared Project Acknowledgement Text 204.B "OpenLDAP Software" 205is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>. 206.B "OpenLDAP Software" 207is derived from the University of Michigan LDAP 3.3 Release. 208.lf 202 stdin 209