slapauth(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | SEE ALSO | ACKNOWLEDGEMENTS | COLOPHON

SLAPAUTH(8C)                                                SLAPAUTH(8C)

NAME         top

       slapauth - Check a list of string-represented IDs for LDAP
       authc/authz

SYNOPSIS         top

       SBINDIR/slapauth [-d debug-level] [-f slapd.conf] [-F confdir]
       [-M mech] [-o option[=value]] [-R realm] [-U authcID] [-v]
       [-X authzID] ID [...]

DESCRIPTION         top

       Slapauth is used to check the behavior of the slapd in mapping
       identities for authentication and authorization purposes, as
       specified in slapd.conf(5).  It opens the slapd.conf(5)
       configuration file or the slapd-config(5) backend, reads in the
       authz-policy/olcAuthzPolicy and authz-regexp/olcAuthzRegexp
       directives, and then parses the ID list given on the command-
       line.

OPTIONS         top

       -d debug-level
              enable debugging messages as defined by the specified
              debug-level; see slapd(8) for details.

       -f slapd.conf
              specify an alternative slapd.conf(5) file.

       -F confdir
              specify a config directory.  If both -f and -F are
              specified, the config file will be read and converted to
              config directory format and written to the specified
              directory.  If neither option is specified, an attempt to
              read the default config directory will be made before
              trying to use the default config file. If a valid config
              directory exists then the default config file is ignored.

       -M mech
              specify a mechanism.

       -o option[=value]
              Specify an option with a(n optional) value.  Possible
              generic options/values are:

                     syslog=<subsystems>  (see `-s' in slapd(8))
                     syslog-level=<level> (see `-S' in slapd(8))
                     syslog-user=<user>   (see `-l' in slapd(8))

       -R realm
              specify a realm.

       -U authcID
              specify an ID to be used as authcID throughout the test
              session.  If present, and if no authzID is given, the IDs
              in the ID list are treated as authzID.

       -X authzID
              specify an ID to be used as authzID throughout the test
              session.  If present, and if no authcID is given, the IDs
              in the ID list are treated as authcID.  If both authcID
              and authzID are given via command line switch, the ID list
              cannot be present.

       -v     enable verbose mode.

EXAMPLES         top

       The command

            SBINDIR/slapauth -f /ETCDIR/slapd.conf -v \
                   -U bjorn -X u:bjensen

       tests whether the user bjorn can assume the identity of the user
       bjensen provided the directives

            authz-policy from
            authz-regexp "^uid=([^,]+).*,cn=auth$"
                 "ldap:///dc=example,dc=net??sub?uid=$1"

       are defined in slapd.conf(5).

SEE ALSO         top

       ldap(3), slapd(8), slaptest(8)

       "OpenLDAP Administrator's Guide"
       (http://www.OpenLDAP.org/doc/admin/)

ACKNOWLEDGEMENTS         top

       OpenLDAP Software is developed and maintained by The OpenLDAP
       Project <http://www.openldap.org/>.  OpenLDAP Software is derived
       from the University of Michigan LDAP 3.3 Release.

COLOPHON         top

       This page is part of the OpenLDAP (an open source implementation
       of the Lightweight Directory Access Protocol) project.
       Information about the project can be found at 
       ⟨http://www.openldap.org/⟩.  If you have a bug report for this
       manual page, see ⟨http://www.openldap.org/its/⟩.  This page was
       obtained from the project's upstream Git repository
       ⟨https://git.openldap.org/openldap/openldap.git⟩ on 2023-12-22.
       (At that time, the date of the most recent commit that was found
       in the repository was 2023-12-19.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

OpenLDAP LDVERSION             RELEASEDATE                  SLAPAUTH(8C)

Pages that refer to this page: slapd.access(5)slapd.conf(5)slapd-config(5)slapacl(8)slapd(8)