1SLAPAUTH(8C)                                                      SLAPAUTH(8C)
2
3
4

NAME

6       slapauth - Check a list of string-represented IDs for LDAP authc/authz
7

SYNOPSIS

9       /usr/sbin/slapauth    [-d debug-level]   [-f slapd.conf]   [-F confdir]
10       [-M mech] [-o option[=value]] [-R realm] [-U authcID] [-v] [-X authzID]
11       ID [...]
12

DESCRIPTION

14       Slapauth  is used to check the behavior of the slapd in mapping identi‐
15       ties for authentication and authorization  purposes,  as  specified  in
16       slapd.conf(5).   It  opens  the slapd.conf(5) configuration file or the
17       slapd-config(5) backend, reads in the  authz-policy/olcAuthzPolicy  and
18       authz-regexp/olcAuthzRegexp  directives,  and  then  parses the ID list
19       given on the command-line.
20

OPTIONS

22       -d debug-level
23              enable debugging messages as defined  by  the  specified  debug-
24              level; see slapd(8) for details.
25
26       -f slapd.conf
27              specify an alternative slapd.conf(5) file.
28
29       -F confdir
30              specify  a  config  directory.  If both -f and -F are specified,
31              the config file will be read and converted to  config  directory
32              format  and  written to the specified directory.  If neither op‐
33              tion is specified, an attempt to read the default config  direc‐
34              tory  will be made before trying to use the default config file.
35              If a valid config directory exists then the default config  file
36              is ignored.
37
38       -M mech
39              specify a mechanism.
40
41       -o option[=value]
42              Specify  an  option  with a(n optional) value.  Possible generic
43              options/values are:
44
45                     syslog=<subsystems>  (see `-s' in slapd(8))
46                     syslog-level=<level> (see `-S' in slapd(8))
47                     syslog-user=<user>   (see `-l' in slapd(8))
48
49
50       -R realm
51              specify a realm.
52
53       -U authcID
54              specify an ID to be used as authcID throughout the test session.
55              If  present,  and if no authzID is given, the IDs in the ID list
56              are treated as authzID.
57
58       -X authzID
59              specify an ID to be used as authzID throughout the test session.
60              If  present,  and if no authcID is given, the IDs in the ID list
61              are treated as authcID.  If both authcID and authzID  are  given
62              via command line switch, the ID list cannot be present.
63
64       -v     enable verbose mode.
65

EXAMPLES

67       The command
68
69            /usr/sbin/slapauth -f //etc/openldap/slapd.conf -v \
70                   -U bjorn -X u:bjensen
71
72       tests  whether  the  user  bjorn  can  assume  the identity of the user
73       bjensen provided the directives
74
75            authz-policy from
76            authz-regexp "^uid=([^,]+).*,cn=auth$"
77                 "ldap:///dc=example,dc=net??sub?uid=$1"
78
79       are defined in slapd.conf(5).
80

SEE ALSO

82       ldap(3), slapd(8), slaptest(8)
83
84       "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
85

ACKNOWLEDGEMENTS

87       OpenLDAP Software is developed and maintained by The  OpenLDAP  Project
88       <http://www.openldap.org/>.  OpenLDAP Software is derived from the Uni‐
89       versity of Michigan LDAP 3.3 Release.
90
91
92
93OpenLDAP                          2021/06/03                      SLAPAUTH(8C)
Impressum