一、生成密码
# slappasswd -s 123456
二、新建cn账户
# cat readonly.ldif
dn: cn=readonly,dc=ileiming,dc=com
cn: readonly
objectClass: simpleSecurityObject
objectClass: organizationalRole
description: LDAP read only user
userPassword: {SSHA}hWwCTfOP2+X377xz5NZUKHAviN09ydpD
ldapadd -x -D cn=admin,dc=ileiming,dc=com -W -f ./readonly.ldif
三、给CN账号(cn=admin,dc=ileiming,dc=com)配置只读权限
# vi /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif
在admin下添加
olcAccess: {0}to attrs=userPassword,shadowLastChange
by dn=”cn=admin,dc=ileiming,dc=com” write
by anonymous auth
by self write
by dn=”cn=readonly,dc=ileiming,dc=com” read
by * none
olcAccess: {1}to dn.base=”” by * read
olcAccess: {2}to * by dn=”cn=admin,dc=ileiming,dc=com” write by * read
转载请注明:LINUX服务器运维架构技术分享 » Ldap 创建只读cn账户