Ter*_*nce 7 debian openldap ldap access-control-list
这是 olcDatabase={1}hdb.ldif 的一部分
olcAccess: {0}to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by dn="cn=admin,dc=somesite,dc=com" write
by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to *
by self write
by dn="cn=admin,dc=somesite,dc=com" write
by * read
我想附加by dn="cn=anotheruser,ou=Users,dc=somesite,dc=com" write到{0}and{2}行。
在我销毁我的 LDAP 服务器之前,以下 LDIF 是否正确?
dn: olcDatabase{1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=somesite,dc=com" write
by dn="uid=anotheruser,ou=Users,dc=somesite,dc=com" write
by anonymous auth
by self write
by * none
olcAccess: {2}to *
by self write
by dn="cn=admin,dc=somesite,dc=com" write
by dn="cn=anotheruser,ou=Users,dc=somesite,dc=com" write
by * read
和: ldapmodify -Y EXTERNAL -H ldapi:/// -f ./changes.ldif
我的担忧是:
olcAccess:行,我没有包括 {1} 行,所以在提交 ldif 更改后它仍然存在replace: olcAccess线是否正确?这个 ldif 对我有用,以前的命令
dn: olcDatabase{1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=somesite,dc=com" write
by dn="uid=anotheruser,ou=Users,dc=somesite,dc=com" write
by anonymous auth
by self write
by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to *
by self write
by dn="cn=admin,dc=somesite,dc=com" write
by dn="cn=anotheruser,ou=Users,dc=somesite,dc=com" write
by * read
| 归档时间: |
|
| 查看次数: |
23391 次 |
| 最近记录: |