Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
SLAPACL(8C)							   SLAPACL(8C)

NAME
       slapacl - Check access to a list	of attributes.

SYNOPSIS
       /usr/local/sbin/slapacl	-b DN  [-d debug-level]	[-D authcDN | -U auth-
       cID] [-f	slapd.conf] [-F	confdir] [-o option[=value]] [-u] [-v] [-X au-
       thzID | -o  authzDN=DN] [attr[/access][:value]] [...]

DESCRIPTION
       slapacl	is  used to check the behavior of slapd(8) by verifying	access
       to directory data according to the access control list  directives  de-
       fined  in  its configuration.  It opens the slapd.conf(5) configuration
       file or the slapd-config(5) backend, reads in the access/olcAccess  di-
       rectives,  and  then parses the attr list given on the command-line; if
       none is given, access to	the entry pseudo-attribute is tested.

OPTIONS
       -b DN  specify the DN which access is requested to;  the	 corresponding
	      entry is fetched from the	database, and thus it must exist.  The
	      DN is also used to determine what	rules apply; thus, it must  be
	      in the naming context of a configured database.  See also	-u.

       -d debug-level
	      enable  debugging	 messages  as  defined by the specified	debug-
	      level; see slapd(8) for details.

       -D authcDN
	      specify a	DN to be used as identity  through  the	 test  session
	      when selecting appropriate <by> clauses in access	lists.

       -f slapd.conf
	      specify an alternative slapd.conf(5) file.

       -F confdir
	      specify  a  config  directory.  If both -f and -F	are specified,
	      the config file will be read and converted to  config  directory
	      format  and  written to the specified directory.	If neither op-
	      tion is specified, an attempt to read the	default	config	direc-
	      tory  will be made before	trying to use the default config file.
	      If a valid config	directory exists then the default config  file
	      is ignored.

       -o option[=value]
	      Specify  an  option  with	a(n optional) value.  Possible generic
	      options/values are:

		     syslog=<subsystems>  (see `-s' in slapd(8))
		     syslog-level=<level> (see `-S' in slapd(8))
		     syslog-user=<user>	  (see `-l' in slapd(8))

	      Possible options/values specific to slapacl are:

		     authzDN
		     domain
		     peername
		     sasl_ssf
		     sockname
		     sockurl
		     ssf
		     tls_ssf
		     transport_ssf

	      See the related fields in	slapd.access(5)	for details.

       -u     do not fetch the entry from the database.	 In this case, if  the
	      entry does not exist, a fake entry with the DN given with	the -b
	      option is	used, with no attributes.   As	a  consequence,	 those
	      rules  that depend on the	contents of the	target object will not
	      behave as	with the real object.  The DN given with the -b	option
	      is  still	 used  to select what rules apply; thus, it must be in
	      the naming context of a configured database.  See	also -b.

       -U authcID
	      specify an ID to be mapped to a DN as by means  of  authz-regexp
	      or authz-rewrite rules (see slapd.conf(5)	for details); mutually
	      exclusive	with -D.

       -v     enable verbose mode.

       -X authzID
	      specify an authorization ID to be	mapped to a DN as by means  of
	      authz-regexp  or	authz-rewrite rules (see slapd.conf(5) for de-
	      tails); mutually exclusive with -o authzDN=DN.

EXAMPLES
       The command

	    /usr/local/sbin/slapacl -f /usr/local/etc/openldap/slapd.conf -v \
		   -U bjorn -b "o=University of	Michigan,c=US" \
		"o/read:University of Michigan"

       tests whether the user bjorn can	access the attribute o	of  the	 entry
       o=University of Michigan,c=US at	read level.

SEE ALSO
       ldap(3),	slapd(8), slaptest(8), slapauth(8)

       "OpenLDAP Administrator's Guide"	(http://www.OpenLDAP.org/doc/admin/)

ACKNOWLEDGEMENTS
       OpenLDAP	 Software  is developed	and maintained by The OpenLDAP Project
       <http://www.openldap.org/>.  OpenLDAP Software is derived from the Uni-
       versity of Michigan LDAP	3.3 Release.

OpenLDAP 2.4.45			  2017/06/01			   SLAPACL(8C)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | SEE ALSO | ACKNOWLEDGEMENTS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=slapacl&sektion=8&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help