1 .TH LDAPWHOAMI 1 "RELEASEDATE" "OpenLDAP LDVERSION"
3 .\" Copyright 1998-2011 The OpenLDAP Foundation All Rights Reserved.
4 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 ldapwhoami \- LDAP who am i? tool
16 .BI \-d \ debuglevel\fR]
24 .BI \-y \ passwdfile\fR]
28 .BI \-h \ ldaphost\fR]
30 .BI \-p \ ldapport\fR]
32 .BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
34 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
36 .BI \-O \ security-properties\fR]
55 implements the LDAP "Who Am I?" extended operation.
58 opens a connection to an LDAP server, binds, and performs a whoami
63 Show what would be done, but don't actually perform the whoami operation.
65 debugging in conjunction with \fB\-v\fP.
68 Run in verbose mode, with many diagnostics written to standard output.
71 Set the LDAP debugging level to \fIdebuglevel\fP.
73 must be compiled with LDAP_DEBUG defined for this option to have any effect.
76 Use simple authentication instead of SASL.
79 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
80 For SASL binds, the server is expected to ignore this value.
83 Prompt for simple authentication.
84 This is used instead of specifying the password on the command line.
87 Use \fIpasswd\fP as the password for simple authentication.
90 Use complete contents of \fIpasswdfile\fP as the password for
91 simple authentication.
94 Specify URI(s) referring to the ldap server(s); only the protocol/host/port
95 fields are allowed; a list of URI, separated by whitespace or commas
99 Specify an alternate host on which the ldap server is running.
100 Deprecated in favor of \fB\-H\fP.
103 Specify an alternate TCP port where the ldap server is listening.
104 Deprecated in favor of \fB\-H\fP.
106 .BI \-O \ security-properties
107 Specify SASL security properties.
109 .BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
111 .BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
113 Specify general extensions with \fB\-e\fP and whoami extensions with \fB\-E\fP.
114 \'\fB!\fP\' indicates criticality.
118 [!]assert=<filter> (an RFC 4515 Filter)
119 !authzid=<authzid> ("dn:<dn>" or "u:<user>")
120 [!]bauthzid (RFC 3829 authzid control)
121 [!]chaining[=<resolve>[/<cont>]]
125 [!]postread[=<attrs>] (a comma-separated attribute list)
126 [!]preread[=<attrs>] (a comma-separated attribute list)
128 sessiontracking[=<username>]
129 abandon,cancel,ignore (SIGINT sends abandon/cancel,
130 or ignores response; if critical, doesn't wait for SIGINT.
140 Enable SASL Interactive mode. Always prompt. Default is to prompt
144 Enable SASL Quiet mode. Never prompt.
147 Specify the authentication ID for SASL bind. The form of the ID
148 depends on the actual SASL mechanism used.
151 Specify the realm of authentication ID for SASL bind. The form of the realm
152 depends on the actual SASL mechanism used.
155 Specify the requested authorization ID for SASL bind.
157 must be one of the following formats:
158 .BI dn: "<distinguished name>"
163 Specify the SASL mechanism to be used for authentication. If it's not
164 specified, the program will choose the best mechanism the server knows.
167 Issue StartTLS (Transport Layer Security) extended operation. If you use
168 \fB\-ZZ\fP, the command will require the operation to be successful.
171 ldapwhoami \-x \-D "cn=Manager,dc=example,dc=com" \-W
176 .BR ldap_extended_operation (3)
178 The OpenLDAP Project <http://www.openldap.org/>