[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Useless ldapwhoami behavior?

Quoting Jaap Winius <jwinius@umrk.nl>:

Even stranger, if I supply the account's DN and password (although this
would seem a useless thing to do, since it's the very same info I'm
asking for), I get this error:

   ~$ ldapwhoami -x -D "cn=testuser,dc=umrk,dc=nl" -w testpass
   ldap_bind: Invalid credentials (49)
   ~$ _

I've discovered that I was making a stupid mistake. I should have done:

   ~$ ldapwhoami -x -D "uid=testuser,dc=umrk,dc=nl" -w testpass

Both of these DNs exist, but only the second one has a password (objectClass: posixAccount, objectClass: shadowAccount). The DN I used earlier is for the group entry (objectClass: posixGroup).

On the other hand, this does work if I supply the admin DN and password:

   ~$ ldapwhoami -x -D "cn=admin,dc=umrk,dc=nl" -w adminpass
   ~$ _

It worked straight away for the LDAP administrator's DN, because it does have a password. It is "objectClass: organizationalRole" and there is no "uid=admin,dc=umrk,dc=nl".

I still don't understand why the utility of ldapwhoami is limited when using simple binds, but I guess that's just the way it is.

Thanks to Luca, Zdenek, Dieter, Quanah and Buchan.