|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|
|
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | SEE ALSO | ACKNOWLEDGEMENTS | COLOPHON |
|
|
|
SLAPAUTH(8C) SLAPAUTH(8C)
slapauth - Check a list of string-represented IDs for LDAP
authc/authz
SBINDIR/slapauth [-d debug-level] [-f slapd.conf] [-F confdir]
[-M mech] [-o option[=value]] [-R realm] [-U authcID] [-v]
[-X authzID] ID [...]
Slapauth is used to check the behavior of the slapd in mapping
identities for authentication and authorization purposes, as
specified in slapd.conf(5). It opens the slapd.conf(5)
configuration file or the slapd-config(5) backend, reads in the
authz-policy/olcAuthzPolicy and authz-regexp/olcAuthzRegexp
directives, and then parses the ID list given on the command-line.
-d debug-level
enable debugging messages as defined by the specified
debug-level; see slapd(8) for details.
-f slapd.conf
specify an alternative slapd.conf(5) file.
-F confdir
specify a config directory. If both -f and -F are
specified, the config file will be read and converted to
config directory format and written to the specified
directory. If neither option is specified, an attempt to
read the default config directory will be made before
trying to use the default config file. If a valid config
directory exists then the default config file is ignored.
-M mech
specify a mechanism.
-o option[=value]
Specify an option with a(n optional) value. Possible
generic options/values are:
syslog=<subsystems> (see `-s' in slapd(8))
syslog-level=<level> (see `-S' in slapd(8))
syslog-user=<user> (see `-l' in slapd(8))
-R realm
specify a realm.
-U authcID
specify an ID to be used as authcID throughout the test
session. If present, and if no authzID is given, the IDs
in the ID list are treated as authzID.
-X authzID
specify an ID to be used as authzID throughout the test
session. If present, and if no authcID is given, the IDs
in the ID list are treated as authcID. If both authcID and
authzID are given via command line switch, the ID list
cannot be present.
-v enable verbose mode.
The command
SBINDIR/slapauth -f /ETCDIR/slapd.conf -v \
-U bjorn -X u:bjensen
tests whether the user bjorn can assume the identity of the user
bjensen provided the directives
authz-policy from
authz-regexp "^uid=([^,]+).*,cn=auth$"
"ldap:///dc=example,dc=net??sub?uid=$1"
are defined in slapd.conf(5).
ldap(3), slapd(8), slaptest(8)
"OpenLDAP Administrator's Guide"
(http://www.OpenLDAP.org/doc/admin/)
OpenLDAP Software is developed and maintained by The OpenLDAP
Project <http://www.openldap.org/>. OpenLDAP Software is derived
from the University of Michigan LDAP 3.3 Release.
This page is part of the OpenLDAP (an open source implementation
of the Lightweight Directory Access Protocol) project.
Information about the project can be found at
⟨http://www.openldap.org/⟩. If you have a bug report for this
manual page, see ⟨http://www.openldap.org/its/⟩. This page was
obtained from the project's upstream Git repository
⟨https://git.openldap.org/openldap/openldap.git⟩ on 2025-08-11.
(At that time, the date of the most recent commit that was found
in the repository was 2025-08-05.) If you discover any rendering
problems in this HTML version of the page, or you believe there is
a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
man-pages@man7.org
OpenLDAP LDVERSION RELEASEDATE SLAPAUTH(8C)
Pages that refer to this page: slapd.access(5), slapd.conf(5), slapd-config(5), slapacl(8), slapd(8)
|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|