LDAP whoami


This feature provides a mechanism for LDAP clients to obtain the authorization identity the server has associated with the user or application entity.

Use Cases

If the client specifies the binddn and password attributes with the ldapwhoami command, the appropriate client dn is returned otherwise the client receives ‘anonymous’. Use Case 1: INPUT: ldapwhoami -x -D “cn=Directory Manager” -w pwd -h ldaphost -p ldapport ; OUTPUT: dn: cn=directory manager. Use Case 2: INPUT: ldapwhoami -x -h ldaphost -p ldapport ; OUTPUT: anonymous


The feature works as an extended operation plugin. The whoami request sent by the client has a requestName field containing the whoami OID1.” and an absent requestValue field. The whoami response received from the server has the responseName field empty and the response field either empty or containing the authzId. The format used for the authzid is dn: distinguishedname. ‘ldapwhoami’ handles opening the connection to an LDAP server, binding, and performing the whoami operation. If the server is unwilling or unable to provide the authorization identity it associates with the client, the server returns a whoami Response with an appropriate non-success result code.


No additional requirements

Major configuration options and enablement

None required


No impact

Updates and Upgrades

No impact


The feature depends on the presence of whoami client library

External Impact

No external impact

Last modified on 7 August 2014