.TH SLAPAUTH 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2012 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
.SH NAME
-slapauth \- Check a list of string-represented IDs for authc/authz.
+slapauth \- Check a list of string-represented IDs for LDAP authc/authz
.SH SYNOPSIS
.B SBINDIR/slapauth
-.B [\-v]
-.B [\-d level]
-.B [\-f slapd.conf]
-.B [\-M mech]
-.B [\-R realm]
-.B [\-U authcID]
-.B [\-X authzID]
-.B ID [...]
+[\c
+.BI \-d \ debug-level\fR]
+[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
+.BI \-M \ mech\fR]
+[\c
+.BI \-o \ option\fR[ = value\fR]]
+[\c
+.BI \-R \ realm\fR]
+[\c
+.BI \-U \ authcID\fR]
+[\c
+.BR \-v ]
+[\c
+.BI \-X \ authzID\fR]
+.IR ID \ [ ... ]
.LP
.SH DESCRIPTION
.LP
.BR slapd.conf (5).
It opens the
.BR slapd.conf (5)
-configuration file, reads in the
-.B authz-policy
+configuration file or the
+.BR slapd\-config (5)
+backend, reads in the
+.BR authz\-policy / olcAuthzPolicy
and
-.B authz-regexp
+.BR authz\-regexp / olcAuthzRegexp
directives, and then parses the
-.B ID
+.I ID
list given on the command-line.
.LP
.SH OPTIONS
.TP
-.B \-v
-enable verbose mode.
-.TP
-.BI \-d " level"
+.BI \-d \ debug-level
enable debugging messages as defined by the specified
-.IR level .
+.IR debug-level ;
+see
+.BR slapd (8)
+for details.
.TP
-.BI \-f " slapd.conf"
+.BI \-f \ slapd.conf
specify an alternative
.BR slapd.conf (5)
file.
.TP
-.BI \-M " mech"
+.BI \-F \ confdir
+specify a config directory.
+If both
+.B \-f
+and
+.B \-F
+are specified, the config file will be read and converted to
+config directory format and written to the specified directory.
+If neither option is specified, an attempt to read the
+default config directory will be made before trying to use the default
+config file. If a valid config directory exists then the
+default config file is ignored.
+.TP
+.BI \-M \ mech
specify a mechanism.
.TP
-.BI \-R " realm"
+.BI \-o \ option\fR[ = value\fR]
+Specify an
+.I option
+with a(n optional)
+.IR value .
+Possible generic options/values are:
+.LP
+.nf
+ syslog=<subsystems> (see `\-s' in slapd(8))
+ syslog\-level=<level> (see `\-S' in slapd(8))
+ syslog\-user=<user> (see `\-l' in slapd(8))
+
+.fi
+.TP
+.BI \-R \ realm
specify a realm.
.TP
-.BI \-U " authcID"
+.BI \-U \ authcID
specify an ID to be used as
.I authcID
throughout the test session.
If present, and if no
-.B authzID
+.I authzID
is given, the IDs in the ID list are treated as
-.BR authzID .
+.IR authzID .
.TP
-.BI \-X " authzID"
+.BI \-X \ authzID
specify an ID to be used as
.I authzID
throughout the test session.
If present, and if no
-.B authcID
+.I authcID
is given, the IDs in the ID list are treated as
-.BR authcID .
+.IR authcID .
If both
.I authcID
and
.I authzID
are given via command line switch, the ID list cannot be present.
+.TP
+.B \-v
+enable verbose mode.
.SH EXAMPLES
The command
.LP
.nf
.ft tt
- SBINDIR/slapauth -f /ETCDIR/slapd.conf -v \\
- -U bjorn -X u:bjensen
+ SBINDIR/slapauth \-f /ETCDIR/slapd.conf \-v \\
+ \-U bjorn \-X u:bjensen
.ft
.fi
.LP
.nf
.ft tt
- authz-policy from
- authz-regexp "^uid=([^,]+).*,cn=auth$"
+ authz\-policy from
+ authz\-regexp "^uid=([^,]+).*,cn=auth$"
"ldap:///dc=example,dc=net??sub?uid=$1"
.ft
.BR slapd.conf (5).
.SH "SEE ALSO"
.BR ldap (3),
-.BR slapd (8)
+.BR slapd (8),
.BR slaptest (8)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project