这是我尝试向 OpenLDAP 2.4.44 添加第一个条目的第二天。
配置:
# {-1}frontend, config
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
# {0}config, config
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none
# {1}monitor, config
dn: olcDatabase={1}monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=admin,ou=kyc-sandbox,dc=domain,dc=eu" read by * none
# {2}hdb, config
dn: olcDatabase={2}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: ou=sandbox,dc=domain,dc=eu
olcRootDN: cn=admin,ou=sandbox,dc=domain,dc=eu
olcRootPW: {SSHA}qBaRencYaGnITygKWsFCuk2T8UkN
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=admin,ou=sandbox,dc=domain,dc=eu" write by * none
入口:
ldapadd -Y EXTERNAL -H ldapi:///
dn: ou=sandbox,dc=domain,dc=eu
dc: domain
objectClass: dcObject
objectclass: organizationalUnit
ou: sandbox
adding new entry "ou=sandbox,dc=domain,dc=eu"
ldap_add: Insufficient access (50)
additional info: no write access to parent
或者我收到这个错误:
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge
我如何添加根条目?
答案1
该-H ldapi:/// -Y EXTERNAL模式根据您的 Unix 用户 ID 对您进行身份验证。在上面的粘贴中,olcAccess您的仅授予读取权限,而不是写入权限olcDatabase={2}hdb,cn=config。gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
cn=admin,ou=sandbox,dc=domain,dc=eu是olcRootDN(并且还分配了写访问权限,这是多余的),因此您应该使用此 DN 及其密码进行简单身份验证:
ldapadd -x -D cn=admin,ou=sandbox,dc=domain,dc=eu -W