问题:
OpenLDAP 2.4 设置权限备忘
解决:
|
|
ldapmodify -x -W -D 'cn=admin,cn=config' -f LDAP-acl.ldif -H ldap://192.168.1.11:389 ldapsearch -x -W -D 'cn=admin,cn=config' -H ldap://192.168.1.11:389 -d0 -b 'cn=config' |
LDAP-acl.ldif:
|
|
dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcAccess #origin olcAccess: to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,dc=thelook,dc=cn" write by dn.children="ou=groups,dc=thelook,dc=cn" read by anonymous auth by * none olcAccess: to dn.subtree="ou=staff,dc=thelook,dc=cn" by dn.children="ou=groups,dc=thelook,dc=cn" read by anonymous auth by * none olcAccess: to dn.subtree="ou=groups,dc=thelook,dc=cn" by dn.children="ou=groups,dc=thelook,dc=cn" read by anonymous auth by * none olcAccess: to * by self read by dn="cn=admin,dc=thelook,dc=cn" write by * none |
***!!! 测试发现 openldap 复制模式测试是不会复制这些
参考:
http://www.openldap.org/doc/admin24/access-control.html#Access%20Control%20via%20Dynamic%20Configuration