slapauth - Check a list of string-represented IDs for LDAP authc/authz
SBINDIR/slapauth [-d debug-level] [-f slapd.conf] [-F confdir] [-M mech] [-o option[=value]] [-R realm] [-U authcID] [-v] [-X authzID] ID [...]
Slapauth is used to check the behavior of the slapd in mapping identities for authentication and authorization purposes, as specified in slapd.conf(5). It opens the slapd.conf(5) configuration file or the slapd-config(5) backend, reads in the authz-policy/olcAuthzPolicy and authz-regexp/olcAuthzRegexp directives, and then parses the ID list given on the command- line.
-d debug-level enable debugging messages as defined by the specified debug-level; see slapd(8) for details. -f slapd.conf specify an alternative slapd.conf(5) file. -F confdir specify a config directory. If both -f and -F are specified, the config file will be read and converted to config directory format and written to the specified directory. If neither option is specified, an attempt to read the default config directory will be made before trying to use the default config file. If a valid config directory exists then the default config file is ignored. -M mech specify a mechanism. -o option[=value] Specify an option with a(n optional) value. Possible generic options/values are: syslog=<subsystems> (see `-s' in slapd(8)) syslog-level=<level> (see `-S' in slapd(8)) syslog-user=<user> (see `-l' in slapd(8)) -R realm specify a realm. -U authcID specify an ID to be used as authcID throughout the test session. If present, and if no authzID is given, the IDs in the ID list are treated as authzID. -X authzID specify an ID to be used as authzID throughout the test session. If present, and if no authcID is given, the IDs in the ID list are treated as authcID. If both authcID and authzID are given via command line switch, the ID list cannot be present. -v enable verbose mode.
The command SBINDIR/slapauth -f /ETCDIR/slapd.conf -v \ -U bjorn -X u:bjensen tests whether the user bjorn can assume the identity of the user bjensen provided the directives authz-policy from authz-regexp "^uid=([^,]+).*,cn=auth$" "ldap:///dc=example,dc=net??sub?uid=$1" are defined in slapd.conf(5).
ldap(3), slapd(8), slaptest(8) "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
OpenLDAP Software is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>. OpenLDAP Software is derived from the University of Michigan LDAP 3.3 Release.
This page is part of the OpenLDAP (an open source implementation of the Lightweight Directory Access Protocol) project. Information about the project can be found at ⟨http://www.openldap.org/⟩. If you have a bug report for this manual page, see ⟨http://www.openldap.org/its/⟩. This page was obtained from the project's upstream Git repository ⟨https://git.openldap.org/openldap/openldap.git⟩ on 2021-08-27. (At that time, the date of the most recent commit that was found in the repository was 2021-08-26.) If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up-to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which is not part of the original manual page), send a mail to firstname.lastname@example.org OpenLDAP LDVERSION RELEASEDATE SLAPAUTH(8C)
Pages that refer to this page: slapd.access(5), slapd.conf(5), slapd-config(5), slapacl(8), slapd(8)