[Date Prev][Date Next]
Re: Useless ldapwhoami behavior?
Quoting Jaap Winius <email@example.com>:
Even stranger, if I supply the account's DN and password (although this
would seem a useless thing to do, since it's the very same info I'm
asking for), I get this error:
~$ ldapwhoami -x -D "cn=testuser,dc=umrk,dc=nl" -w testpass
ldap_bind: Invalid credentials (49)
I've discovered that I was making a stupid mistake. I should have done:
~$ ldapwhoami -x -D "uid=testuser,dc=umrk,dc=nl" -w testpass
Both of these DNs exist, but only the second one has a password
(objectClass: posixAccount, objectClass: shadowAccount). The DN I used
earlier is for the group entry (objectClass: posixGroup).
On the other hand, this does work if I supply the admin DN and password:
~$ ldapwhoami -x -D "cn=admin,dc=umrk,dc=nl" -w adminpass
It worked straight away for the LDAP administrator's DN, because it
does have a password. It is "objectClass: organizationalRole" and
there is no "uid=admin,dc=umrk,dc=nl".
I still don't understand why the utility of ldapwhoami is limited when
using simple binds, but I guess that's just the way it is.
Thanks to Luca, Zdenek, Dieter, Quanah and Buchan.