Am 05.12.23 um 14:32 schrieb Uwe Sauter: > Am 05.12.23 um 14:24 schrieb Stefan Kania: >> >> >> Am 05.12.23 um 13:50 schrieb Michael Wandel: >>> What options you are using with your ldapsearc command ? >> >> just a "ldapsearch -x" so everything else should be read from .ldaprc. > > You need to at least also use "-W" or else it will fallback to anonymous: > > > $ cat .ldaprc > BASE dc=example,dc=de > URI ldaps://ldap.example.de > TLS_CACERT /home/myuser/ca.crt > BINDDN uid=<myuser>,ou=users,dc=example,dc=de > TLS_REQCERT allow > > $ ldapwhoami -xW > Enter LDAP Password: > dn:uid=<myuser>,ou=Users,dc=example,dc=de > > $ ldapwhoami -x > anonymous
It also makes sense that you need to specify "-W", "-w passwd", or "-y passwdfile" because there is no option to tell ldap* tools to use anonymous bind (in the rare case where you then might need it). So everytime you want to make an "named" bind you will need communicate that to the tools by specifying one of above options.
