DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

slapauth(8)





NAME

       slapauth - Check a list of string-represented IDs for LDAP authc/authz


SYNOPSIS

       /usr/sbin/slapauth    [-d debug-level]   [-f slapd.conf]   [-F confdir]
       [-M mech] [-o option[=value]] [-R realm] [-U authcID] [-v] [-X authzID]
       ID [...]


DESCRIPTION

       Slapauth  is used to check the behavior of the slapd in mapping identi-
       ties for authentication and authorization  purposes,  as  specified  in
       slapd.conf(5).   It  opens  the slapd.conf(5) configuration file or the
       slapd-config(5) backend, reads in the  authz-policy/olcAuthzPolicy  and
       authz-regexp/olcAuthzRegexp  directives,  and  then  parses the ID list
       given on the command-line.


OPTIONS

       -d debug-level
              enable debugging messages as defined  by  the  specified  debug-
              level; see slapd(8) for details.

       -f slapd.conf
              specify an alternative slapd.conf(5) file.

       -F confdir
              specify  a  config  directory.  If both -f and -F are specified,
              the config file will be read and converted to  config  directory
              format  and  written  to  the  specified  directory.  If neither
              option is specified, an  attempt  to  read  the  default  config
              directory  will  be made before trying to use the default config
              file. If a valid config directory exists then the default config
              file is ignored.

       -M mech
              specify a mechanism.

       -o option[=value]
              Specify  an  option  with a(n optional) value.  Possible generic
              options/values are:

                     syslog=<subsystems>  (see `-s' in slapd(8))
                     syslog-level=<level> (see `-S' in slapd(8))
                     syslog-user=<user>   (see `-l' in slapd(8))

       -R realm
              specify a realm.

       -U authcID
              specify an ID to be used as authcID throughout the test session.
              If  present,  and if no authzID is given, the IDs in the ID list
              are treated as authzID.

       -X authzID
              specify an ID to be used as authzID throughout the test session.
              If  present,  and if no authcID is given, the IDs in the ID list
              are treated as authcID.  If both authcID and authzID  are  given
              via command line switch, the ID list cannot be present.

       -v     enable verbose mode.


EXAMPLES

       The command

            /usr/sbin/slapauth -f //etc/openldap/slapd.conf -v \
                   -U bjorn -X u:bjensen

       tests  whether  the  user  bjorn  can  assume  the identity of the user
       bjensen provided the directives

            authz-policy from
            authz-regexp "^uid=([^,]+).*,cn=auth$"
                 "ldap:///dc=example,dc=net??sub?uid=$1"

       are defined in slapd.conf(5).


SEE ALSO

       ldap(3), slapd(8), slaptest(8)

       "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)


ACKNOWLEDGEMENTS

       OpenLDAP Software is developed and maintained by The  OpenLDAP  Project
       <http://www.openldap.org/>.   OpenLDAP Software is derived from Univer-
       sity of Michigan LDAP 3.3 Release.

OpenLDAP 2.4.36                   2013/08/17                      SLAPAUTH(8C)

Man(1) output converted with man2html