Name

slapauth — Check a list of string-represented IDs for LDAP authc/authz

Synopsis

SBINDIR/slapauth [ −d level ] [ −f slapd.conf ] [ −F confdir ] [ −M mech ] [ −o name[=value] ] [ −R realm ] [ −U authcID ] [−v] [ −X authzID ] ID [ ... ]

DESCRIPTION

Slapauth is used to check the behavior of the slapd in mapping identities for authentication and authorization purposes, as specified in slapd.conf(5). It opens the slapd.conf(5) configuration file, reads in the authz-policy and authz-regexp directives, and then parses the ID list given on the command-line.

OPTIONS

−d level

enable debugging messages as defined by the specified level; see slapd(8) for details.

−f slapd.conf

specify an alternative slapd.conf(5) file.

−F confdir

specify a config directory. If both −f and −F are specified, the config file will be read and converted to config directory format and written to the specified directory. If neither option is specified, an attempt to read the default config directory will be made before trying to use the default config file. If a valid config directory exists then the default config file is ignored.

−M mech

specify a mechanism.

−o option[=value]

Specify an option with a(n optional) value. Possible generic options/values are:

              syslog=<subsystems>  (see `−s' in slapd(8))
              syslog-level=<level> (see `−S' in slapd(8))
              syslog-user=<user>   (see `−l' in slapd(8))
−R realm

specify a realm.

−U authcID

specify an ID to be used as authcID throughout the test session. If present, and if no authzID is given, the IDs in the ID list are treated as authzID.

−X authzID

specify an ID to be used as authzID throughout the test session. If present, and if no authcID is given, the IDs in the ID list are treated as authcID. If both authcID and authzID are given via command line switch, the ID list cannot be present.

−v

enable verbose mode.

EXAMPLES

The command

        SBINDIR/slapauth -f /ETCDIR/slapd.conf -v \
            -U bjorn -X u:bjensen

tests whether the user bjorn can assume the identity of the user bjensen provided the directives

        authz-policy from
        authz-regexp "^uid=([^,]+).*,cn=auth$"
                "ldap:///dc=example,dc=net??sub?uid=$1"

are defined in slapd.conf(5).

SEE ALSO

ldap(3), slapd(8) slaptest(8)

"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)

ACKNOWLEDGEMENTS

OpenLDAP Software is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>. OpenLDAP Software is derived from University of Michigan LDAP 3.3 Release.


See the following documents: COPYRIGHTLICENSE