SLAPAUTH(8C)                                                    SLAPAUTH(8C)

NAME         top

       slapauth   -   Check  a  list  of  string-represented  IDs  for  LDAP

SYNOPSIS         top

       SBINDIR/slapauth [-d debug-level] [-f slapd.conf] [-F confdir]
       [-M mech] [-o option[=value]] [-R realm] [-U authcID] [-v]
       [-X authzID] ID [...]

DESCRIPTION         top

       Slapauth is used to check the behavior of the slapd in mapping
       identities for authentication and authorization purposes, as
       specified in slapd.conf(5).  It opens the slapd.conf(5) configuration
       file or the slapd-config(5) backend, reads in the
       authz-policy/olcAuthzPolicy and authz-regexp/olcAuthzRegexp
       directives, and then parses the ID list given on the command-line.

OPTIONS         top

       -d debug-level
              enable debugging messages as defined by the specified debug-
              level; see slapd(8) for details.

       -f slapd.conf
              specify an alternative slapd.conf(5) file.

       -F confdir
              specify a config directory.  If both -f and -F are specified,
              the config file will be read and converted to config directory
              format and written to the specified directory.  If neither
              option is specified, an attempt to read the default config
              directory will be made before trying to use the default config
              file. If a valid config directory exists then the default
              config file is ignored.

       -M mech
              specify a mechanism.

       -o option[=value]
              Specify an option with a(n optional) value.  Possible generic
              options/values are:

                     syslog=<subsystems>  (see `-s' in slapd(8))
                     syslog-level=<level> (see `-S' in slapd(8))
                     syslog-user=<user>   (see `-l' in slapd(8))

       -R realm
              specify a realm.

       -U authcID
              specify an ID to be used as authcID throughout the test
              session.  If present, and if no authzID is given, the IDs in
              the ID list are treated as authzID.

       -X authzID
              specify an ID to be used as authzID throughout the test
              session.  If present, and if no authcID is given, the IDs in
              the ID list are treated as authcID.  If both authcID and
              authzID are given via command line switch, the ID list cannot
              be present.

       -v     enable verbose mode.

EXAMPLES         top

       The command

            SBINDIR/slapauth -f /ETCDIR/slapd.conf -v \
                   -U bjorn -X u:bjensen

       tests whether the user bjorn can assume the identity of the user
       bjensen provided the directives

            authz-policy from
            authz-regexp "^uid=([^,]+).*,cn=auth$"

       are defined in slapd.conf(5).

SEE ALSO         top

       ldap(3), slapd(8), slaptest(8)

       "OpenLDAP Administrator's Guide" (


       OpenLDAP Software is developed and maintained by The OpenLDAP Project
       <>.  OpenLDAP Software is derived from the
       University of Michigan LDAP 3.3 Release.

COLOPHON         top

       This page is part of the OpenLDAP (an open source implementation of
       the Lightweight Directory Access Protocol) project.  Information
       about the project can be found at ⟨⟩.  If you
       have a bug report for this manual page, see 
       ⟨⟩.  This page was obtained from the
       project's upstream Git repository 
       ⟨git://⟩ on 2017-03-13.  If you discover
       any rendering problems in this HTML version of the page, or you
       believe there is a better or more up-to-date source for the page, or
       you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a mail

OpenLDAP LDVERSION               RELEASEDATE                    SLAPAUTH(8C)