https://github.com/peppelinux/slapd_acl

slapd olcAccess (ACLs) utility
https://github.com/peppelinux/slapd_acl

openldap-client openldap-exporter slapd

Last synced: about 2 months ago
JSON representation

slapd olcAccess (ACLs) utility

• Host: GitHub
• URL: https://github.com/peppelinux/slapd_acl
• Owner: peppelinux
• License: apache-2.0
• Created: 2020-05-31T13:11:14.000Z (about 5 years ago)
• Default Branch: master
• Last Pushed: 2020-06-02T14:10:30.000Z (about 5 years ago)
• Last Synced: 2025-04-17T02:47:21.926Z (2 months ago)
• Topics: openldap-client, openldap-exporter, slapd
• Language: Python
• Size: 15.6 KB
• Stars: 2
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# slapd acl

slapd olcAccess (ACLs) utility, your olcAccess in a human readable way.

#### Requirements

ldapsearch

#### Setup

````

pip3 install slapd_acl

````

#### Usage

using ldapi and mdb (default behaviour)

````

slapd_acl -Y EXTERNAL

````

specifing a base

````

slapd_acl -Y EXTERNAL -b 'olcDatabase={0}config,cn=config'

````

remote connection

````

slapd_acl -H ldap://10.0.3.200 -D "cn=admin,dc=testunical,dc=it" -w slapdsecret -ldif

````

using different paramenters

````

usage: slapd_acl [-h] [-H H] [-Y Y] [-D D] [-w W] [-b B] [-ldif] [-enc ENC]

optional arguments:

  -h, --help  show this help message and exit

  -H H        LDAP URL

  -Y Y        SASL mechanism

  -D D        example cn:admin,dc=example,dc=org

  -w W        the user password

  -b B        Base LDAP Search

  -ldif       print a modify ldif

  -enc ENC    encoding

````

#### Modify ldif

`-ldif` option make the output in a ldif modify format. 

#### Example

````

root@ldapmaster:~# slapd_acl -ldif

Executing:

 ldapsearch -Y EXTERNAL -H ldapi:///  -b 'olcDatabase={1}mdb,cn=config' -s base 'olcAccess' -LLL

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

dn: olcDatabase={1}mdb,cn=config

changeType: modify

replace: olcAccess

olcAccess: to * 

 by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage 

 by dn.exact="cn=admin,dc=testunical,dc=it" manage 

 by * break 

olcAccess: to attrs=userPassword,shadowLastChange,mail 

 by self write 

 by anonymous auth 

 by * break 

olcAccess: to * 

 by dn.children="ou=repl,dc=testunical,dc=it" read 

 by * break 

olcAccess: to dn.subtree="ou=people,dc=testunical,dc=it" 

 by dn.children="ou=idp,dc=testunical,dc=it" read 

 by self read 

 by * break 

olcAccess: to * 

 by anonymous auth 

 by * break 

````

#### Authors

Giuseppe De Marco