Open Source Software

slapauth(8)



NAME

   slapauth - Check a list of string-represented IDs for LDAP authc/authz

SYNOPSIS

   /usr/sbin/slapauth    [-d debug-level]   [-f slapd.conf]   [-F confdir]
   [-M mech] [-o option[=value]] [-R realm] [-U authcID] [-v] [-X authzID]
   ID [...]

DESCRIPTION

   Slapauth  is  used  to  check  the  behavior  of  the  slapd in mapping
   identities for authentication and authorization purposes, as  specified
   in slapd.conf(5).  It opens the slapd.conf(5) configuration file or the
   slapd-config(5) backend, reads in the  authz-policy/olcAuthzPolicy  and
   authz-regexp/olcAuthzRegexp  directives,  and  then  parses the ID list
   given on the command-line.

OPTIONS

   -d debug-level
          enable debugging messages as defined  by  the  specified  debug-
          level; see slapd(8) for details.

   -f slapd.conf
          specify an alternative slapd.conf(5) file.

   -F confdir
          specify  a  config  directory.  If both -f and -F are specified,
          the config file will be read and converted to  config  directory
          format  and  written  to  the  specified  directory.  If neither
          option is specified, an  attempt  to  read  the  default  config
          directory  will  be made before trying to use the default config
          file. If a valid config directory exists then the default config
          file is ignored.

   -M mech
          specify a mechanism.

   -o option[=value]
          Specify  an  option  with a(n optional) value.  Possible generic
          options/values are:

                 syslog=<subsystems>  (see `-s' in slapd(8))
                 syslog-level=<level> (see `-S' in slapd(8))
                 syslog-user=<user>   (see `-l' in slapd(8))

   -R realm
          specify a realm.

   -U authcID
          specify an ID to be used as authcID throughout the test session.
          If  present,  and if no authzID is given, the IDs in the ID list
          are treated as authzID.

   -X authzID
          specify an ID to be used as authzID throughout the test session.
          If  present,  and if no authcID is given, the IDs in the ID list
          are treated as authcID.  If both authcID and authzID  are  given
          via command line switch, the ID list cannot be present.

   -v     enable verbose mode.

EXAMPLES

   The command

        /usr/sbin/slapauth -f //etc/ldap/slapd.conf -v \
               -U bjorn -X u:bjensen

   tests  whether  the  user  bjorn  can  assume  the identity of the user
   bjensen provided the directives

        authz-policy from
        authz-regexp "^uid=([^,]+).*,cn=auth$"
             "ldap:///dc=example,dc=net??sub?uid=$1"

   are defined in slapd.conf(5).

SEE ALSO

   ldap(3), slapd(8), slaptest(8)

   "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)

ACKNOWLEDGEMENTS

   OpenLDAP Software is developed and maintained by The  OpenLDAP  Project
   <http://www.openldap.org/>.    OpenLDAP   Software   is   derived  from
   University of Michigan LDAP 3.3 Release.



Free and Open Source Software


Free Software Video

Useful Programs

Free Online Courses

Open Opportunity

Open Business