slapauth - represented IDs for LDAP authc/authz
/usr/sbin/slapauth [-d debug-level] [-f slapd.conf] [-F confdir] [-M mech] [-o option[=value]] [-R realm] [-U authcID] [-v] [-X authzID] ID [...]
SLAPAUTH(8oldap) SLAPAUTH(8oldap)
NAME
slapauth - Check a list of string-represented IDs for LDAP authc/authz
SYNOPSIS
/usr/sbin/slapauth [-d debug-level] [-f slapd.conf] [-F confdir]
[-M mech] [-o option[=value]] [-R realm] [-U authcID] [-v] [-X authzID]
ID [...]
DESCRIPTION
Slapauth is used to check the behavior of the slapd in mapping identi-
ties for authentication and authorization purposes, as specified in
slapd.conf(5). It opens the slapd.conf(5) configuration file or the
slapd-config(5) backend, reads in the authz-policy/olcAuthzPolicy and
authz-regexp/olcAuthzRegexp directives, and then parses the ID list
given on the command-line.
OPTIONS
-d debug-level
enable debugging messages as defined by the specified debug-
level; see slapd(8) for details.
-f slapd.conf
specify an alternative slapd.conf(5) file.
-F confdir
specify a config directory. If both -f and -F are specified,
the config file will be read and converted to config directory
format and written to the specified directory. If neither
option is specified, an attempt to read the default config
directory will be made before trying to use the default config
file. If a valid config directory exists then the default config
file is ignored.
-M mech
specify a mechanism.
-o option[=value]
Specify an option with a(n optional) value. Possible generic
options/values are:
syslog=<subsystems> (see `-s' in slapd(8))
syslog-level=<level> (see `-S' in slapd(8))
syslog-user=<user> (see `-l' in slapd(8))
-R realm
specify a realm.
-U authcID
specify an ID to be used as authcID throughout the test session.
If present, and if no authzID is given, the IDs in the ID list
are treated as authzID.
-X authzID
specify an ID to be used as authzID throughout the test session.
If present, and if no authcID is given, the IDs in the ID list
are treated as authcID. If both authcID and authzID are given
via command line switch, the ID list cannot be present.
-v enable verbose mode.
EXAMPLES
The command
/usr/sbin/slapauth -f //etc/openldap/slapd.conf -v \
-U bjorn -X u:bjensen
tests whether the user bjorn can assume the identity of the user
bjensen provided the directives
authz-policy from
authz-regexp "^uid=([^,]+).*,cn=auth$"
"ldap:///dc=example,dc=net??sub?uid=$1"
are defined in slapd.conf(5).
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+-------------------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-------------------------------+
|Availability | service/network/ldap/openldap |
+---------------+-------------------------------+
|Stability | Pass-through uncommitted |
+---------------+-------------------------------+
SEE ALSO
ldap(3), slapd(8), slaptest(8)
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
ACKNOWLEDGEMENTS
OpenLDAP Software is developed and maintained by The OpenLDAP Project
<http://www.openldap.org/>. OpenLDAP Software is derived from the Uni-
versity of Michigan LDAP 3.3 Release.
NOTES
Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from ftp://ftp.openldap.org/pub/OpenLDAP/openl-
dap-release/openldap-2.4.59.tgz.
Further information about this software can be found on the open source
community website at http://www.openldap.org/.
OpenLDAP 2.4.59 2021/06/03 SLAPAUTH(8oldap)