-----------------------------------------

2024-5-31 • tag-icon

您能帮我解决这个 OpenLDAP 错误吗？

### ldif - To change ACL  ######

# userPassword may be written only by users themselves
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcAccess
# Allow access via localhost to add or modify keys.
# Allow authenticated PGP Users to update keys.
# Allow anyone else to read the keys.
olcAccess: {2} to dn.subtree="ou=PGP Keys,dc=example,dc=net"
 by peername.ip=127.0.0.1 write
 by peername.ip=:: write
 by dn.regex="^uid=([^,]+),ou=PGP Users,dc=example,dc=net" write by * read
# Allow any connection to localhost to update the PGP keys
# (including removing them!)  This is only needed if the anonymous
# updates from localhost are desired.
dn: cn=config
add: olcAllows
olcAllows: update_anon

-----------------------------------------

当我尝试修改/添加它时

ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/keyserver-acl.ldif

或者

ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/keyserver-acl.ldif

不通过，总是提示令人恼火的错误 Wrong attributeType

****** 错误

root@keyserver:/tmp# ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/keyserver-acl.ldif SASL/EXTERNAL 身份验证已启动 SASL 用户名：gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF：0 ldapadd：第 5 行的 attributeType 错误，条目“olcDatabase={1}hdb,cn=config”

答案1

我相信你需要在该行之前留一个空行dn: cn=config。

-----------------------------------------

答案1

相关内容