今日天气:

Ldap 创建只读cn账户

Ldap 老子黑牵翻 476浏览 0评论

一、生成密码

# slappasswd -s 123456

二、新建cn账户

# cat readonly.ldif

dn: cn=readonly,dc=ileiming,dc=com
cn: readonly
objectClass: simpleSecurityObject
objectClass: organizationalRole
description: LDAP read only user
userPassword: {SSHA}hWwCTfOP2+X377xz5NZUKHAviN09ydpD

ldapadd -x -D cn=admin,dc=ileiming,dc=com -W -f ./readonly.ldif

三、给CN账号(cn=admin,dc=ileiming,dc=com)配置只读权限

# vi /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif

在admin下添加

olcAccess: {0}to attrs=userPassword,shadowLastChange
by dn=”cn=admin,dc=ileiming,dc=com” write
by anonymous auth
by self write
by dn=”cn=readonly,dc=ileiming,dc=com” read
by * none
olcAccess: {1}to dn.base=”” by * read
olcAccess: {2}to * by dn=”cn=admin,dc=ileiming,dc=com” write by * read

转载请注明:LINUX服务器运维架构技术分享 » Ldap 创建只读cn账户

发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址