.TH SLAPACL 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2005 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapacl \- Check access to a list of attributes.
.SH SYNOPSIS
.B SBINDIR/slapacl
-.B [\-v]
+.B \-b DN
.B [\-d level]
+.B [\-D authcDN | \-U authcID]
.B [\-f slapd.conf]
.B [\-F confdir]
-.B [\-D authcDN | \-U authcID]
-.B \-b DN
+.B [\-o name[=value]
.B [\-u]
+.B [\-v]
.B [\-X authzID | \-o authzDN=DN]
.B [attr[/access][:value]] [...]
.LP
.BR slapd.conf (5)
configuration file, reads in the
.B access
-and
-.B defaultaccess
directives, and then parses the
.B attr
list given on the command-line; if none is given, access to the
.LP
.SH OPTIONS
.TP
-.B \-v
-enable verbose mode.
+.BI \-b " DN"
+specify the
+.B DN
+which access is requested to; the corresponding entry is fetched
+from the database, and thus it must exist.
+The DN is also used to determine what rules apply; thus, it must be
+in the naming context of a configured database. See also
+.BR \-u .
.TP
.BI \-d " level"
enable debugging messages as defined by the specified
-.IR level .
+.IR level ;
+see
+.BR slapd (8)
+for details.
+.TP
+.BI \-D " authcDN"
+specify a DN to be used as identity through the test session
+when selecting appropriate
+.B <by>
+clauses in access lists.
.TP
.BI \-f " slapd.conf"
specify an alternative
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
-default config directory wll be made before trying to use the default
+default config directory will be made before trying to use the default
config file. If a valid config directory exists then the
default config file is ignored.
.TP
-.BI \-D " authcDN"
-specify a DN to be used as identity through the test session
-when selecting appropriate
-.B <by>
-clauses in access lists.
-.TP
-.BI \-U " authcID"
-specify an ID to be mapped to a
-.B DN
-as by means of
-.B authz-regexp
-or
-.B authz-rewrite
-rules (see
-.BR slapd.conf (5)
-for details); mutually exclusive with
-.BR \-D .
-.TP
-.BI \-X " authzID"
-specify an authorization ID to be mapped to a
-.B DN
-as by means of
-.B authz-regexp
-or
-.B authz-rewrite
-rules (see
-.BR slapd.conf (5)
-for details); mutually exclusive with \fB\-o\fP \fIauthzDN=DN\fP.
-.TP
.BI \-o " option[=value]"
Specify an
.BR option
with a(n optional)
.BR value .
-Possible options/values are:
+Possible generic options/values are:
.LP
.nf
- sockurl
+ syslog=<subsystems> (see `\-s' in slapd(8))
+ syslog-level=<level> (see `\-S' in slapd(8))
+ syslog-user=<user> (see `\-l' in slapd(8))
+
+.fi
+.RS
+Possible options/values specific to
+.B slapacl
+are:
+.RE
+.nf
+
+ authzDN
domain
peername
+ sasl_ssf
sockname
+ sockurl
ssf
- transport_ssf
tls_ssf
- sasl_ssf
- authzDN
+ transport_ssf
+
.fi
-.TP
-.BI \-b " DN"
-specify the
-.B DN
-which access is requested to; the corresponding entry is fetched
-from the database, and thus it must exist.
-The DN is also used to determine what rules apply; thus, it must be
-in the naming context of a configured database. See also
-.BR \-u .
+.RS
+See the related fields in
+.BR slapd.access (5)
+for details.
+.RE
.TP
.BI \-u
do not fetch the entry from the database.
in the naming context of a configured database.
See also
.BR \-b .
+.TP
+.BI \-U " authcID"
+specify an ID to be mapped to a
+.B DN
+as by means of
+.B authz-regexp
+or
+.B authz-rewrite
+rules (see
+.BR slapd.conf (5)
+for details); mutually exclusive with
+.BR \-D .
+.TP
+.B \-v
+enable verbose mode.
+.TP
+.BI \-X " authzID"
+specify an authorization ID to be mapped to a
+.B DN
+as by means of
+.B authz-regexp
+or
+.B authz-rewrite
+rules (see
+.BR slapd.conf (5)
+for details); mutually exclusive with \fB\-o\fP \fIauthzDN=DN\fP.
.SH EXAMPLES
The command
.LP
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project