| slapauth(8) - phpMan
SLAPAUTH(8) System Manager's Manual SLAPAUTH(8)
NAME
slapauth - Check a list of string-represented IDs for LDAP authc/authz
SYNOPSIS
/usr/sbin/slapauth [-d debug-level] [-f slapd.conf] [-F confdir] [-M mech]
[-o option[=value]] [-R realm] [-U authcID] [-v] [-X authzID] ID [...]
DESCRIPTION
Slapauth is used to check the behavior of the slapd in mapping identities for authentica‐
tion and authorization purposes, as specified in slapd.conf(5). It opens the
slapd.conf(5) configuration file or the slapd-config(5) backend, reads in the authz-pol‐
icy/olcAuthzPolicy and authz-regexp/olcAuthzRegexp directives, and then parses the ID list
given on the command-line.
OPTIONS
-d debug-level
enable debugging messages as defined by the specified debug-level; see slapd(8) for
details.
-f slapd.conf
specify an alternative slapd.conf(5) file.
-F confdir
specify a config directory. If both -f and -F are specified, the config file will
be read and converted to config directory format and written to the specified
directory. If neither option is specified, an attempt to read the default config
directory will be made before trying to use the default config file. If a valid
config directory exists then the default config file is ignored.
-M mech
specify a mechanism.
-o option[=value]
Specify an option with a(n optional) value. Possible generic options/values are:
syslog=<subsystems> (see `-s' in slapd(8))
syslog-level=<level> (see `-S' in slapd(8))
syslog-user=<user> (see `-l' in slapd(8))
-R realm
specify a realm.
-U authcID
specify an ID to be used as authcID throughout the test session. If present, and
if no authzID is given, the IDs in the ID list are treated as authzID.
-X authzID
specify an ID to be used as authzID throughout the test session. If present, and
if no authcID is given, the IDs in the ID list are treated as authcID. If both
authcID and authzID are given via command line switch, the ID list cannot be
present.
-v enable verbose mode.
EXAMPLES
The command
/usr/sbin/slapauth -f //etc/ldap/slapd.conf -v \
-U bjorn -X u:bjensen
tests whether the user bjorn can assume the identity of the user bjensen provided the
directives
authz-policy from
authz-regexp "^uid=([^,]+).*,cn=auth$"
"ldap:///dc=example,dc=net??sub?uid=$1"
are defined in slapd.conf(5).
SEE ALSO
ldap(3), slapd(8), slaptest(8)
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
ACKNOWLEDGEMENTS
OpenLDAP Software is developed and maintained by The OpenLDAP Project <http://www.openl‐
dap.org/>. OpenLDAP Software is derived from University of Michigan LDAP 3.3 Release.
OpenLDAP 2014/09/20 SLAPAUTH(8)
|