openldap 组成员 ACL

Question 1

您指的是下面这样的东西吗？

olcAccess: to dn.regex="cn=[^,]+,ou=groups,dc=example,dc=com" attrs=entry by users read
olcAccess: to dn.regex="cn=[^,]+,ou=groups,dc=example,dc=com" attrs=member by dnattr=member selfread

Answer

您指的是下面这样的东西吗？

olcAccess: to dn.regex="cn=[^,]+,ou=groups,dc=example,dc=com" attrs=entry by users read
olcAccess: to dn.regex="cn=[^,]+,ou=groups,dc=example,dc=com" attrs=member by dnattr=member selfread

Question 2

这应该有效：

olcAccess: to dn.regex="cn=[^,]+,ou=groups,dc=example,dc=com" attrs=entry,objectClass
  by users read
  by * none
olcAccess: to dn.regex="cn=[^,]+,ou=groups,dc=example,dc=com" attrs=member
  by dnattr=member selfread
  by * none

Answer

这应该有效：

olcAccess: to dn.regex="cn=[^,]+,ou=groups,dc=example,dc=com" attrs=entry,objectClass
  by users read
  by * none
olcAccess: to dn.regex="cn=[^,]+,ou=groups,dc=example,dc=com" attrs=member
  by dnattr=member selfread
  by * none

openldap 组成员 ACL

答案1

答案2

相关内容