[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Useless ldapwhoami behavior?

To: openldap-technical@openldap.org
Subject: Re: Useless ldapwhoami behavior?
From: Jaap Winius <jwinius@umrk.nl>
Date: Tue, 15 Dec 2009 11:35:14 +0100
Content-disposition: inline
In-reply-to: <20091214020423.db9isp17sf4kgkko@www.umrk.nl>
References: <20091214020423.db9isp17sf4kgkko@www.umrk.nl>
User-agent: Internet Messaging Program (IMP) H3 (4.1.5)

Quoting Jaap Winius <jwinius@umrk.nl>:

Even stranger, if I supply the account's DN and password (although this
would seem a useless thing to do, since it's the very same info I'm
asking for), I get this error:

   ~$ ldapwhoami -x -D "cn=testuser,dc=umrk,dc=nl" -w testpass
   ldap_bind: Invalid credentials (49)
   ~$ _

I've discovered that I was making a stupid mistake. I should have done:

   ~$ ldapwhoami -x -D "uid=testuser,dc=umrk,dc=nl" -w testpass
   dn:uid=testuser,dc=umrk,dc=nl
   ~$

Both of these DNs exist, but only the second one has a password(objectClass: posixAccount, objectClass: shadowAccount). The DN I usedearlier is for the group entry (objectClass: posixGroup).

On the other hand, this does work if I supply the admin DN and password:

   ~$ ldapwhoami -x -D "cn=admin,dc=umrk,dc=nl" -w adminpass
   dn:cn=admin,dc=umrk,dc=nl
   ~$ _

It worked straight away for the LDAP administrator's DN, because itdoes have a password. It is "objectClass: organizationalRole" andthere is no "uid=admin,dc=umrk,dc=nl".

I still don't understand why the utility of ldapwhoami is limited whenusing simple binds, but I guess that's just the way it is.

Thanks to Luca, Zdenek, Dieter, Quanah and Buchan.

Cheers,

Jaap

References:
- Useless ldapwhoami behavior?
  - From: Jaap Winius <jwinius@umrk.nl>

Prev by Date: Re: changing userPassword from custom application
Next by Date: slapd socket file name and location
Index(es):
- Chronological
- Thread