2004-04-16 09:50:29 +08:00
|
|
|
.TH SLAPAUTH 8C "RELEASEDATE" "OpenLDAP LDVERSION"
|
2011-01-05 08:42:37 +08:00
|
|
|
.\" Copyright 2004-2011 The OpenLDAP Foundation All Rights Reserved.
|
2004-04-14 01:18:03 +08:00
|
|
|
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
|
2009-01-31 04:27:52 +08:00
|
|
|
.\" $OpenLDAP$
|
2004-04-14 01:18:03 +08:00
|
|
|
.SH NAME
|
2007-07-25 03:11:39 +08:00
|
|
|
slapauth \- Check a list of string-represented IDs for LDAP authc/authz
|
2004-04-14 01:18:03 +08:00
|
|
|
.SH SYNOPSIS
|
2004-04-16 09:50:29 +08:00
|
|
|
.B SBINDIR/slapauth
|
2009-06-03 08:43:44 +08:00
|
|
|
[\c
|
|
|
|
.BI \-d \ debug-level\fR]
|
|
|
|
[\c
|
|
|
|
.BI \-f \ slapd.conf\fR]
|
|
|
|
[\c
|
|
|
|
.BI \-F \ confdir\fR]
|
|
|
|
[\c
|
|
|
|
.BI \-M \ mech\fR]
|
|
|
|
[\c
|
|
|
|
.BI \-o \ option\fR[ = value\fR]]
|
|
|
|
[\c
|
|
|
|
.BI \-R \ realm\fR]
|
|
|
|
[\c
|
|
|
|
.BI \-U \ authcID\fR]
|
|
|
|
[\c
|
|
|
|
.BR \-v ]
|
|
|
|
[\c
|
|
|
|
.BI \-X \ authzID\fR]
|
|
|
|
.IR ID \ [ ... ]
|
2004-04-14 01:18:03 +08:00
|
|
|
.LP
|
|
|
|
.SH DESCRIPTION
|
|
|
|
.LP
|
2004-04-16 09:50:29 +08:00
|
|
|
.B Slapauth
|
2004-04-14 01:18:03 +08:00
|
|
|
is used to check the behavior of the slapd in mapping identities
|
|
|
|
for authentication and authorization purposes, as specified in
|
|
|
|
.BR slapd.conf (5).
|
|
|
|
It opens the
|
|
|
|
.BR slapd.conf (5)
|
2009-01-29 07:02:04 +08:00
|
|
|
configuration file or the
|
2009-06-03 08:43:44 +08:00
|
|
|
.BR slapd\-config (5)
|
2009-01-29 07:02:04 +08:00
|
|
|
backend, reads in the
|
2009-06-03 08:43:44 +08:00
|
|
|
.BR authz\-policy / olcAuthzPolicy
|
2004-04-14 01:18:03 +08:00
|
|
|
and
|
2009-06-03 08:43:44 +08:00
|
|
|
.BR authz\-regexp / olcAuthzRegexp
|
2004-04-14 01:18:03 +08:00
|
|
|
directives, and then parses the
|
2009-06-03 08:43:44 +08:00
|
|
|
.I ID
|
2004-04-14 01:18:03 +08:00
|
|
|
list given on the command-line.
|
|
|
|
.LP
|
|
|
|
.SH OPTIONS
|
|
|
|
.TP
|
2009-06-03 08:43:44 +08:00
|
|
|
.BI \-d \ debug-level
|
2004-04-14 01:18:03 +08:00
|
|
|
enable debugging messages as defined by the specified
|
2009-06-03 08:43:44 +08:00
|
|
|
.IR debug-level ;
|
2006-09-09 02:26:57 +08:00
|
|
|
see
|
|
|
|
.BR slapd (8)
|
|
|
|
for details.
|
2004-04-14 01:18:03 +08:00
|
|
|
.TP
|
2009-06-03 08:43:44 +08:00
|
|
|
.BI \-f \ slapd.conf
|
2004-04-14 01:18:03 +08:00
|
|
|
specify an alternative
|
|
|
|
.BR slapd.conf (5)
|
|
|
|
file.
|
|
|
|
.TP
|
2009-06-03 08:43:44 +08:00
|
|
|
.BI \-F \ confdir
|
2005-09-23 08:01:54 +08:00
|
|
|
specify a config directory.
|
|
|
|
If both
|
2009-06-03 08:43:44 +08:00
|
|
|
.B \-f
|
2005-09-23 08:01:54 +08:00
|
|
|
and
|
2009-06-03 08:43:44 +08:00
|
|
|
.B \-F
|
2005-09-23 08:01:54 +08:00
|
|
|
are specified, the config file will be read and converted to
|
|
|
|
config directory format and written to the specified directory.
|
|
|
|
If neither option is specified, an attempt to read the
|
2005-11-11 19:17:46 +08:00
|
|
|
default config directory will be made before trying to use the default
|
2005-09-23 08:01:54 +08:00
|
|
|
config file. If a valid config directory exists then the
|
|
|
|
default config file is ignored.
|
|
|
|
.TP
|
2009-06-03 08:43:44 +08:00
|
|
|
.BI \-M \ mech
|
2004-12-06 23:17:23 +08:00
|
|
|
specify a mechanism.
|
|
|
|
.TP
|
2009-06-03 08:43:44 +08:00
|
|
|
.BI \-o \ option\fR[ = value\fR]
|
2006-05-25 01:57:13 +08:00
|
|
|
Specify an
|
2009-06-03 08:43:44 +08:00
|
|
|
.I option
|
2006-05-25 01:57:13 +08:00
|
|
|
with a(n optional)
|
2009-06-03 08:43:44 +08:00
|
|
|
.IR value .
|
2006-05-25 01:57:13 +08:00
|
|
|
Possible generic options/values are:
|
|
|
|
.LP
|
|
|
|
.nf
|
|
|
|
syslog=<subsystems> (see `\-s' in slapd(8))
|
2009-06-03 08:43:44 +08:00
|
|
|
syslog\-level=<level> (see `\-S' in slapd(8))
|
|
|
|
syslog\-user=<user> (see `\-l' in slapd(8))
|
2006-05-25 01:57:13 +08:00
|
|
|
|
|
|
|
.fi
|
|
|
|
.TP
|
2009-06-03 08:43:44 +08:00
|
|
|
.BI \-R \ realm
|
2004-12-06 23:17:23 +08:00
|
|
|
specify a realm.
|
|
|
|
.TP
|
2009-06-03 08:43:44 +08:00
|
|
|
.BI \-U \ authcID
|
2004-04-14 01:18:03 +08:00
|
|
|
specify an ID to be used as
|
|
|
|
.I authcID
|
|
|
|
throughout the test session.
|
|
|
|
If present, and if no
|
2009-06-03 08:43:44 +08:00
|
|
|
.I authzID
|
2004-04-14 01:18:03 +08:00
|
|
|
is given, the IDs in the ID list are treated as
|
2009-06-03 08:43:44 +08:00
|
|
|
.IR authzID .
|
2004-04-14 01:18:03 +08:00
|
|
|
.TP
|
2009-06-03 08:43:44 +08:00
|
|
|
.BI \-X \ authzID
|
2004-04-14 01:18:03 +08:00
|
|
|
specify an ID to be used as
|
|
|
|
.I authzID
|
|
|
|
throughout the test session.
|
|
|
|
If present, and if no
|
2009-06-03 08:43:44 +08:00
|
|
|
.I authcID
|
2004-04-14 01:18:03 +08:00
|
|
|
is given, the IDs in the ID list are treated as
|
2009-06-03 08:43:44 +08:00
|
|
|
.IR authcID .
|
2004-04-14 01:18:03 +08:00
|
|
|
If both
|
|
|
|
.I authcID
|
|
|
|
and
|
|
|
|
.I authzID
|
|
|
|
are given via command line switch, the ID list cannot be present.
|
2006-05-25 01:57:13 +08:00
|
|
|
.TP
|
|
|
|
.B \-v
|
|
|
|
enable verbose mode.
|
2004-04-14 01:18:03 +08:00
|
|
|
.SH EXAMPLES
|
|
|
|
The command
|
|
|
|
.LP
|
|
|
|
.nf
|
|
|
|
.ft tt
|
2009-06-03 08:43:44 +08:00
|
|
|
SBINDIR/slapauth \-f /ETCDIR/slapd.conf \-v \\
|
|
|
|
\-U bjorn \-X u:bjensen
|
2004-04-14 01:18:03 +08:00
|
|
|
|
|
|
|
.ft
|
|
|
|
.fi
|
|
|
|
tests whether the user
|
|
|
|
.I bjorn
|
|
|
|
can assume the identity of the user
|
|
|
|
.I bjensen
|
|
|
|
provided the directives
|
|
|
|
.LP
|
|
|
|
.nf
|
|
|
|
.ft tt
|
2009-06-03 08:43:44 +08:00
|
|
|
authz\-policy from
|
|
|
|
authz\-regexp "^uid=([^,]+).*,cn=auth$"
|
2004-04-16 09:50:29 +08:00
|
|
|
"ldap:///dc=example,dc=net??sub?uid=$1"
|
2004-04-14 01:18:03 +08:00
|
|
|
|
|
|
|
.ft
|
|
|
|
.fi
|
|
|
|
are defined in
|
|
|
|
.BR slapd.conf (5).
|
|
|
|
.SH "SEE ALSO"
|
|
|
|
.BR ldap (3),
|
2009-06-03 08:43:44 +08:00
|
|
|
.BR slapd (8),
|
2004-04-14 01:18:03 +08:00
|
|
|
.BR slaptest (8)
|
|
|
|
.LP
|
|
|
|
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
|
|
|
|
.SH ACKNOWLEDGEMENTS
|
2006-06-14 12:24:43 +08:00
|
|
|
.so ../Project
|