Provided by: slapd_2.4.15-1ubuntu3_i386 bug


       slapauth - Check a list of string-represented IDs for LDAP authc/authz


       /usr/sbin/slapauth  [-d  level]  [-f slapd.conf] [-F confdir] [-M mech]
       [-o name[=value]] [-R realm] [-U authcID] [-v] [-X authzID] ID [...]


       Slapauth is used  to  check  the  behavior  of  the  slapd  in  mapping
       identities  for authentication and authorization purposes, as specified
       in slapd.conf(5).  It opens the slapd.conf(5) configuration file or the
       slapd-config(5)  backend,  reads in the authz-policy/olcAuthzPolicy and
       authz-regexp/olcAuthzRegexp directives, and then  parses  the  ID  list
       given on the command-line.


       -d level
              enable debugging messages as defined by the specified level; see
              slapd(8) for details.

       -f slapd.conf
              specify an alternative slapd.conf(5) file.

       -F confdir
              specify a config directory.  If both -f and  -F  are  specified,
              the  config  file will be read and converted to config directory
              format and written  to  the  specified  directory.   If  neither
              option  is  specified,  an  attempt  to  read the default config
              directory will be made before trying to use the  default  config
              file. If a valid config directory exists then the default config
              file is ignored.

       -M mech
              specify a mechanism.

       -o option[=value]
              Specify an option with a(n optional)  value.   Possible  generic
              options/values are:

                     syslog=<subsystems>  (see ‘-s’ in slapd(8))
                     syslog-level=<level> (see ‘-S’ in slapd(8))
                     syslog-user=<user>   (see ‘-l’ in slapd(8))

       -R realm
              specify a realm.

       -U authcID
              specify an ID to be used as authcID throughout the test session.
              If present, and if no authzID is given, the IDs in the  ID  list
              are treated as authzID.

       -X authzID
              specify an ID to be used as authzID throughout the test session.
              If present, and if no authcID is given, the IDs in the  ID  list
              are  treated  as authcID.  If both authcID and authzID are given
              via command line switch, the ID list cannot be present.

       -v     enable verbose mode.


       The command

            /usr/sbin/slapauth -f //etc/ldap/slapd.conf -v \
                   -U bjorn -X u:bjensen

       tests whether the user bjorn  can  assume  the  identity  of  the  user
       bjensen provided the directives

            authz-policy from
            authz-regexp "^uid=([^,]+).*,cn=auth$"

       are defined in slapd.conf(5).


       ldap(3), slapd(8) slaptest(8)

       "OpenLDAP Administrator’s Guide" (


       OpenLDAP  Software  is developed and maintained by The OpenLDAP Project
       <>.   OpenLDAP   Software   is   derived   from
       University of Michigan LDAP 3.3 Release.