您能帮助我获得 OpenLdap 2.4 组的权限吗?
我的slapd.conf
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
#Basic rights for authentication
access to attrs=userPassword
by self write
by anonymous auth
by * none
#Rights for groups GR_READ and GR_WRITE
access to *
by self write
by group.exact="cn=GR_READ,ou=groups,ou=BGA,o=Company,c=com" read
by group.exact="cn=GR_WRITE,ou=groups,ou=BGA,o=Company,c=com" write
by * none
此配置工作正常。我的群组名为 GR_READ 和 GR_WRITE
但我的问题是在两个 Openldap DB 之间同步 DIT。同步不起作用!我在 slapd.log 中收到错误 findbase failed! 32,
我有多主配置。
如果我将配置 slapd.conf 更改为如下形式:
#Basic rights for authentication
access to attrs=userPassword
by self write
by anonymous auth
by * none
#Rights for groups GR_READ and GR_WRITE
access to *
by * read
同步成功!slapd.log 中没有错误。但我没有权限访问我的组,匿名用户可以绑定 LDAP。
然后我遇到了禁用匿名的另一个问题。如果我更改
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
到
disallow bind_anon
同步不起作用!我在 slapd.log 中收到错误 findbase failed! 32
感谢帮助。