1 .TH LDAPWHOAMI 1 "RELEASEDATE" "OpenLDAP LDVERSION"
3 .\" Copyright 1998-2013 The OpenLDAP Foundation All Rights Reserved.
4 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 ldapwhoami \- LDAP who am i? tool
12 .BI \-d \ debuglevel\fR]
26 .BI \-y \ passwdfile\fR]
30 .BI \-h \ ldaphost\fR]
32 .BI \-p \ ldapport\fR]
34 .BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
36 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
38 .BI \-o \ opt \fR[= optparam \fR]]
40 .BI \-O \ security-properties\fR]
59 implements the LDAP "Who Am I?" extended operation.
62 opens a connection to an LDAP server, binds, and performs a whoami
68 If \fB\-VV\fP is given, only the version information is printed.
71 Set the LDAP debugging level to \fIdebuglevel\fP.
73 must be compiled with LDAP_DEBUG defined for this option to have any effect.
76 Show what would be done, but don't actually perform the whoami operation.
78 debugging in conjunction with \fB\-v\fP.
81 Run in verbose mode, with many diagnostics written to standard output.
84 Use simple authentication instead of SASL.
87 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
88 For SASL binds, the server is expected to ignore this value.
91 Prompt for simple authentication.
92 This is used instead of specifying the password on the command line.
95 Use \fIpasswd\fP as the password for simple authentication.
98 Use complete contents of \fIpasswdfile\fP as the password for
99 simple authentication.
102 Specify URI(s) referring to the ldap server(s); only the protocol/host/port
103 fields are allowed; a list of URI, separated by whitespace or commas
107 Specify an alternate host on which the ldap server is running.
108 Deprecated in favor of \fB\-H\fP.
111 Specify an alternate TCP port where the ldap server is listening.
112 Deprecated in favor of \fB\-H\fP.
114 .BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
116 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
118 Specify general extensions with \fB\-e\fP and whoami extensions with \fB\-E\fP.
119 \'\fB!\fP\' indicates criticality.
123 [!]assert=<filter> (an RFC 4515 Filter)
124 !authzid=<authzid> ("dn:<dn>" or "u:<user>")
125 [!]bauthzid (RFC 3829 authzid control)
126 [!]chaining[=<resolve>[/<cont>]]
130 [!]postread[=<attrs>] (a comma-separated attribute list)
131 [!]preread[=<attrs>] (a comma-separated attribute list)
133 sessiontracking[=<username>]
134 abandon,cancel,ignore (SIGINT sends abandon/cancel,
135 or ignores response; if critical, doesn't wait for SIGINT.
144 .BI \-o \ opt \fR[= optparam \fR]
146 Specify general options.
150 nettimeout=<timeout> (in seconds, or "none" or "max")
151 ldif-wrap=<width> (in columns, or "no" for no wrapping)
154 .BI \-O \ security-properties
155 Specify SASL security properties.
158 Enable SASL Interactive mode. Always prompt. Default is to prompt
162 Enable SASL Quiet mode. Never prompt.
165 Do not use reverse DNS to canonicalize SASL host name.
168 Specify the authentication ID for SASL bind. The form of the ID
169 depends on the actual SASL mechanism used.
172 Specify the realm of authentication ID for SASL bind. The form of the realm
173 depends on the actual SASL mechanism used.
176 Specify the requested authorization ID for SASL bind.
178 must be one of the following formats:
179 .BI dn: "<distinguished name>"
184 Specify the SASL mechanism to be used for authentication. If it's not
185 specified, the program will choose the best mechanism the server knows.
188 Issue StartTLS (Transport Layer Security) extended operation. If you use
189 \fB\-ZZ\fP, the command will require the operation to be successful.
192 ldapwhoami \-x \-D "cn=Manager,dc=example,dc=com" \-W
197 .BR ldap_extended_operation (3)
199 The OpenLDAP Project <http://www.openldap.org/>