2019年1月18日 | Leave a comment 问题: OpenLDAP 2.4 设置权限备忘 解决: ldapmodify -x -W -D 'cn=admin,cn=config' -f LDAP-acl.ldif -H ldap://192.168.1.11:389 ldapsearch -x -W -D 'cn=admin,cn=config' -H ldap://192.168.1.11:389 -d0 -b 'cn=config' 123 ldapmodify -x -W -D 'cn=admin,cn=config' -f LDAP-acl.ldif -H ldap://192.168.1.11:389 ldapsearch -x -W -D 'cn=admin,cn=config' -H ldap://192.168.1.11:389 -d0 -b 'cn=config' LDAP-acl.ldif: dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcAccess #origin olcAccess: to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,dc=thelook,dc=cn" write by dn.children="ou=groups,dc=thelook,dc=cn" read by anonymous auth by * none olcAccess: to dn.subtree="ou=staff,dc=thelook,dc=cn" by dn.children="ou=groups,dc=thelook,dc=cn" read by anonymous auth by * none olcAccess: to dn.subtree="ou=groups,dc=thelook,dc=cn" by dn.children="ou=groups,dc=thelook,dc=cn" read by anonymous auth by * none olcAccess: to * by self read by dn="cn=admin,dc=thelook,dc=cn" write by * none 12345678 dn: olcDatabase={1}mdb,cn=configchangetype: modifyreplace: olcAccess#originolcAccess: to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,dc=thelook,dc=cn" write by dn.children="ou=groups,dc=thelook,dc=cn" read by anonymous auth by * noneolcAccess: to dn.subtree="ou=staff,dc=thelook,dc=cn" by dn.children="ou=groups,dc=thelook,dc=cn" read by anonymous auth by * noneolcAccess: to dn.subtree="ou=groups,dc=thelook,dc=cn" by dn.children="ou=groups,dc=thelook,dc=cn" read by anonymous auth by * noneolcAccess: to * by self read by dn="cn=admin,dc=thelook,dc=cn" write by * none ***!!! 测试发现 openldap 复制模式测试是不会复制这些 参考: http://www.openldap.org/doc/admin24/access-control.html#Access%20Control%20via%20Dynamic%20Configuration