X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=doc%2Fman%2Fman8%2Fslapacl.8;h=0da30cb51ab0b474b914671bccbad3afec13f613;hb=6c3adabe648371750bfcc886fe707e49befc8452;hp=a1be578dcf0433ec1b045ac24f07d83f807baf1b;hpb=dc0eacd40b625258355eea866d62188e5aa7ce3b;p=openldap

diff --git a/doc/man/man8/slapacl.8 b/doc/man/man8/slapacl.8
index a1be578dcf..0da30cb51a 100644
--- a/doc/man/man8/slapacl.8
+++ b/doc/man/man8/slapacl.8
@@ -1,15 +1,19 @@
 .TH SLAPACL 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2005 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 slapacl \- Check access to a list of attributes.
 .SH SYNOPSIS
 .B SBINDIR/slapacl
-.B [\-v]
+.B \-b DN
 .B [\-d level]
-.B [\-f slapd.conf]
 .B [\-D authcDN | \-U authcID]
-.B \-b DN
+.B [\-f slapd.conf]
+.B [\-F confdir]
+.B [\-o name[=value]
+.B [\-u]
+.B [\-v]
+.B [\-X authzID | \-o authzDN=DN]
 .B [attr[/access][:value]] [...]
 .LP
 .SH DESCRIPTION
@@ -22,8 +26,6 @@ It opens the
 .BR slapd.conf (5)
 configuration file, reads in the 
 .B access
-and
-.B defaultaccess
 directives, and then parses the 
 .B attr
 list given on the command-line; if none is given, access to the
@@ -32,17 +34,21 @@ pseudo-attribute is tested.
 .LP
 .SH OPTIONS
 .TP
-.B \-v
-enable verbose mode.
+.BI \-b " DN"
+specify the 
+.B DN 
+which access is requested to; the corresponding entry is fetched 
+from the database, and thus it must exist.
+The DN is also used to determine what rules apply; thus, it must be
+in the naming context of a configured database.  See also
+.BR \-u .
 .TP
 .BI \-d " level"
 enable debugging messages as defined by the specified
-.IR level .
-.TP
-.BI \-f " slapd.conf"
-specify an alternative
-.BR slapd.conf (5)
-file.
+.IR level ;
+see
+.BR slapd (8)
+for details.
 .TP
 .BI \-D " authcDN"
 specify a DN to be used as identity through the test session
@@ -50,6 +56,76 @@ when selecting appropriate
 .B <by> 
 clauses in access lists.
 .TP
+.BI \-f " slapd.conf"
+specify an alternative
+.BR slapd.conf (5)
+file.
+.TP
+.BI \-F " confdir"
+specify a config directory.
+If both
+.B -f
+and
+.B -F
+are specified, the config file will be read and converted to
+config directory format and written to the specified directory.
+If neither option is specified, an attempt to read the
+default config directory will be made before trying to use the default
+config file. If a valid config directory exists then the
+default config file is ignored.
+.TP
+.BI \-o " option[=value]"
+Specify an
+.BR option
+with a(n optional)
+.BR value .
+Possible generic options/values are:
+.LP
+.nf
+              syslog=<subsystems>  (see `\-s' in slapd(8))
+              syslog-level=<level> (see `\-S' in slapd(8))
+              syslog-user=<user>   (see `\-l' in slapd(8))
+
+.fi
+.RS
+Possible options/values specific to
+.B slapacl
+are:
+.RE
+.nf
+
+              authzDN
+              domain
+              peername
+              sasl_ssf
+              sockname
+              sockurl
+              ssf
+              tls_ssf
+              transport_ssf
+
+.fi
+.RS
+See the related fields in
+.BR slapd.access (5)
+for details.
+.RE
+.TP
+.BI \-u
+do not fetch the entry from the database.
+In this case, if the entry does not exist, a fake entry with the DN
+given with the
+.B \-b
+option is used, with no attributes.
+As a consequence, those rules that depend on the contents 
+of the target object will not behave as with the real object.
+The DN given with the
+.B \-b
+option is still used to select what rules apply; thus, it must be
+in the naming context of a configured database.
+See also
+.BR \-b .
+.TP
 .BI \-U " authcID"
 specify an ID to be mapped to a 
 .B DN 
@@ -62,13 +138,19 @@ rules (see
 for details); mutually exclusive with
 .BR \-D .
 .TP
-.BI \-b " DN"
-specify the 
-.B DN 
-access to is requested; the corresponding entry is not fetched 
-from the database, and thus it must not exist.
-However, a database must be selected to determine what rules 
-apply; thus, it must be in the naming context of a configured database.
+.B \-v
+enable verbose mode.
+.TP
+.BI \-X " authzID"
+specify an authorization ID to be mapped to a
+.B DN
+as by means of
+.B authz-regexp
+or
+.B authz-rewrite
+rules (see
+.BR slapd.conf (5)
+for details); mutually exclusive with \fB\-o\fP \fIauthzDN=DN\fP.
 .SH EXAMPLES
 The command
 .LP
@@ -97,7 +179,4 @@ level.
 .LP
 "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
 .SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.  
+.so ../Project