slapauth - Check a list of string-represented IDs for LDAP authc/authz

OpenLDAPSoftware  is  developed  and  maintained  by  The  OpenLDAP Project <http://www.openldap.org/>.
       OpenLDAPSoftware is derived from the University of Michigan LDAP 3.3 Release.

OpenLDAP 2.6.10+dfsg-1ubuntu1                      2025/05/22                                        SLAPAUTH(8)

Slapauth  is  used  to  check  the  behavior  of  the  slapd in mapping identities for authentication and
       authorization purposes, as specified in slapd.conf(5).  It opens the slapd.conf(5) configuration file  or
       the  slapd-config(5)  backend,  reads  in the authz-policy/olcAuthzPolicy and authz-regexp/olcAuthzRegexp
       directives, and then parses the ID list given on the command-line.

       The command

            /usr/sbin/slapauth -f //etc/ldap/slapd.conf -v \
                   -U bjorn -X u:bjensen

       tests whether the user bjorn can assume the identity of the user bjensen provided the directives

            authz-policy from
            authz-regexp "^uid=([^,]+).*,cn=auth$"
                 "ldap:///dc=example,dc=net??sub?uid=$1"

       are defined in slapd.conf(5).

       slapauth - Check a list of string-represented IDs for LDAP authc/authz

-ddebug-level
              enable debugging messages as defined by the specified debug-level; see slapd(8) for details.

       -fslapd.conf
              specify an alternative slapd.conf(5) file.

       -Fconfdir
              specify a config directory.  If both -f and -F are specified, the config file  will  be  read  and
              converted to config directory format and written to the specified directory.  If neither option is
              specified,  an  attempt to read the default config directory will be made before trying to use the
              default config file. If a valid config directory exists then the default config file is ignored.

       -Mmech
              specify a mechanism.

       -ooption[=value]
              Specify an option with a(n optional) value.  Possible generic options/values are:

                     syslog=<subsystems>  (see `-s' in slapd(8))
                     syslog-level=<level> (see `-S' in slapd(8))
                     syslog-user=<user>   (see `-l' in slapd(8))

       -Rrealm
              specify a realm.

       -UauthcID
              specify an ID to be used as authcID throughout the test session.  If present, and if no authzID is
              given, the IDs in the ID list are treated as authzID.

       -XauthzID
              specify an ID to be used as authzID throughout the test session.  If present, and if no authcID is
              given, the IDs in the ID list are treated as authcID.  If both authcID and authzID are  given  via
              command line switch, the ID list cannot be present.

       -v     enable verbose mode.

ldap(3), slapd(8), slaptest(8)

       "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)

/usr/sbin/slapauth [-ddebug-level] [-fslapd.conf] [-Fconfdir] [-Mmech] [-ooption[=value]] [-Rrealm]
       [-UauthcID] [-v] [-XauthzID] ID [...]