Quoting Jaap Winius jwinius@umrk.nl:
Even stranger, if I supply the account's DN and password (although this would seem a useless thing to do, since it's the very same info I'm asking for), I get this error:
~$ ldapwhoami -x -D "cn=testuser,dc=umrk,dc=nl" -w testpass ldap_bind: Invalid credentials (49) ~$ _
I've discovered that I was making a stupid mistake. I should have done:
~$ ldapwhoami -x -D "uid=testuser,dc=umrk,dc=nl" -w testpass dn:uid=testuser,dc=umrk,dc=nl ~$
Both of these DNs exist, but only the second one has a password (objectClass: posixAccount, objectClass: shadowAccount). The DN I used earlier is for the group entry (objectClass: posixGroup).
On the other hand, this does work if I supply the admin DN and password:
~$ ldapwhoami -x -D "cn=admin,dc=umrk,dc=nl" -w adminpass dn:cn=admin,dc=umrk,dc=nl ~$ _
It worked straight away for the LDAP administrator's DN, because it does have a password. It is "objectClass: organizationalRole" and there is no "uid=admin,dc=umrk,dc=nl".
I still don't understand why the utility of ldapwhoami is limited when using simple binds, but I guess that's just the way it is.
Thanks to Luca, Zdenek, Dieter, Quanah and Buchan.
Cheers,
Jaap