1 .TH SLAPACL 8C "RELEASEDATE" "OpenLDAP LDVERSION"
2 .\" Copyright 2004-2005 The OpenLDAP Foundation All Rights Reserved.
3 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
5 slapacl \- Check access to a list of attributes.
11 .B [\-D authcDN | \-U authcID]
14 .B [\-X authzID | \-o authzDN=DN]
15 .B [attr[/access][:value]] [...]
20 is used to check the behavior of the slapd in verifying access to data
21 according to ACLs, as specified in
25 configuration file, reads in the
29 directives, and then parses the
31 list given on the command-line; if none is given, access to the
33 pseudo-attribute is tested.
41 enable debugging messages as defined by the specified
45 specify an alternative
50 specify a DN to be used as identity through the test session
51 when selecting appropriate
53 clauses in access lists.
56 specify an ID to be mapped to a
64 for details); mutually exclusive with
68 specify an authorization ID to be mapped to a
76 for details); mutually exclusive with \fB\-o\fP \fIauthzDN=DN\fP.
78 .BI \-o " option[=value]"
83 Possible options/values are:
100 which access is requested to; the corresponding entry is fetched
101 from the database, and thus it must exist.
102 The DN is also used to determine what rules apply; thus, it must be
103 in the naming context of a configured database. See also
107 do not fetch the entry from the database.
108 In this case, if the entry does not exist, a fake entry with the DN
111 option is used, with no attributes.
112 As a consequence, those rules that depend on the contents
113 of the target object will not behave as with the real object.
114 The DN given with the
116 option is still used to select what rules apply; thus, it must be
117 in the naming context of a configured database.
125 SBINDIR/slapacl -f /ETCDIR/slapd.conf -v \\
126 -U bjorn -b "o=University of Michigan,c=US" \\
127 "o/read:University of Michigan"
131 tests whether the user
133 can access the attribute
136 .I o=University of Michigan,c=US
146 "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
149 is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
151 is derived from University of Michigan LDAP 3.3 Release.