1SLAPAUTH(8C) SLAPAUTH(8C)
2
3
4
6 slapauth - Check a list of string-represented IDs for LDAP authc/authz
7
9 /usr/sbin/slapauth [-d debug-level] [-f slapd.conf] [-F confdir]
10 [-M mech] [-o option[=value]] [-R realm] [-U authcID] [-v] [-X authzID]
11 ID [...]
12
14 Slapauth is used to check the behavior of the slapd in mapping identi‐
15 ties for authentication and authorization purposes, as specified in
16 slapd.conf(5). It opens the slapd.conf(5) configuration file or the
17 slapd-config(5) backend, reads in the authz-policy/olcAuthzPolicy and
18 authz-regexp/olcAuthzRegexp directives, and then parses the ID list
19 given on the command-line.
20
22 -d debug-level
23 enable debugging messages as defined by the specified debug-
24 level; see slapd(8) for details.
25
26 -f slapd.conf
27 specify an alternative slapd.conf(5) file.
28
29 -F confdir
30 specify a config directory. If both -f and -F are specified,
31 the config file will be read and converted to config directory
32 format and written to the specified directory. If neither op‐
33 tion is specified, an attempt to read the default config direc‐
34 tory will be made before trying to use the default config file.
35 If a valid config directory exists then the default config file
36 is ignored.
37
38 -M mech
39 specify a mechanism.
40
41 -o option[=value]
42 Specify an option with a(n optional) value. Possible generic
43 options/values are:
44
45 syslog=<subsystems> (see `-s' in slapd(8))
46 syslog-level=<level> (see `-S' in slapd(8))
47 syslog-user=<user> (see `-l' in slapd(8))
48
49
50 -R realm
51 specify a realm.
52
53 -U authcID
54 specify an ID to be used as authcID throughout the test session.
55 If present, and if no authzID is given, the IDs in the ID list
56 are treated as authzID.
57
58 -X authzID
59 specify an ID to be used as authzID throughout the test session.
60 If present, and if no authcID is given, the IDs in the ID list
61 are treated as authcID. If both authcID and authzID are given
62 via command line switch, the ID list cannot be present.
63
64 -v enable verbose mode.
65
67 The command
68
69 /usr/sbin/slapauth -f //etc/openldap/slapd.conf -v \
70 -U bjorn -X u:bjensen
71
72 tests whether the user bjorn can assume the identity of the user
73 bjensen provided the directives
74
75 authz-policy from
76 authz-regexp "^uid=([^,]+).*,cn=auth$"
77 "ldap:///dc=example,dc=net??sub?uid=$1"
78
79 are defined in slapd.conf(5).
80
82 ldap(3), slapd(8), slaptest(8)
83
84 "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
85
87 OpenLDAP Software is developed and maintained by The OpenLDAP Project
88 <http://www.openldap.org/>. OpenLDAP Software is derived from the Uni‐
89 versity of Michigan LDAP 3.3 Release.
90
91
92
93OpenLDAP 2.6.6 2023/07/31 SLAPAUTH(8C)