ldap命令初试

页面导航:首页 > 操作系统 > LINUX > ldap命令初试

ldap命令初试

来源: 作者: 时间:2016-08-18 10:29 【

ldap命令初试ldapsearch -h 192.168.1.10 -D uid=enlaizhou,ou=People,dc=example,dc=com -W -b ou=People,dc=example,dc=comldapmodify -a -f /tmp/c -h 192.168.1.10 -D uid=enlaizhou,ou=...
ldap命令初试
 
ldapsearch -h 192.168.1.10 -D "uid=enlaizhou,ou=People,dc=example,dc=com" -W -b "ou=People,dc=example,dc=com"
 
ldapmodify -a -f /tmp/c -h 192.168.1.10 -D "uid=enlaizhou,ou=People,dc=example,dc=com" -W 
 
另外libnss-ldap提供了示例的ldap配置文件:
 
/usr/share/doc/libnss-ldap/examples/groups.ldif
/usr/share/doc/libnss-ldap/examples/people.ldif
 
关于其中的权限配置我还是不大清楚。以下是acl.ldif:
 
# Allow LdapUserAdmin Group to change anyone's password
olcAccess: to attrs=userPassword
  by self write
  by anonymous auth
  by dn.base="uid=admin,ou=People,dc=example,dc=com" write
  by set="[cn=LdapUserAdmin,ou=Group,dc=example,dc=com]/memberUid & user/uid" write
  by * none
# Allow LdapGroupAdmin Group to change membership & main group
olcAccess: to attrs=memberUid,gidNumber
  by set="[cn=LdapGroupAdmin,ou=Group,dc=example,dc=com]/memberUid & user/uid" write
  by * read
# Allow LdapUserAdmin Group to create/delete user
olcAccess: to dn="ou=People,dc=example,dc=com" attrs=children
  by set="[cn=LdapUserAdmin,ou=Group,dc=example,dc=com]/memberUid & user/uid" write
  by * break
olcAccess: to dn.subtree="ou=People,dc=example,dc=com" attrs=entry
  by set="[cn=LdapUserAdmin,ou=Group,dc=example,dc=com]/memberUid & user/uid" write
  by * break
# Allow LdapGroupAdmin Group to create/delete group
olcAccess: to dn="ou=Group,dc=example,dc=com" attrs=children
  by set="[cn=LdapGroupAdmin,ou=Group,dc=example,dc=com]/memberUid & user/uid" write
  by * break
olcAccess: to dn.subtree="ou=Group,dc=example,dc=com" attrs=entry
  by set="[cn=LdapGroupAdmin,ou=Group,dc=example,dc=com]/memberUid & user/uid" write
  by * break
# Allow UserInfoMgmt Group to modify user info
# Allow users to change their own record
olcAccess: to attrs=sn,gn,mail,mobile,manager,title,telephoneNumber,homePhone,pager
  by set="[cn=UserInfoMgmt,ou=Group,dc=example,dc=com]/memberUid & user/uid" write
  by self write
  by * read
# Allow anyone to read directory
olcAccess: to *
  by self write
  by dn.base="uid=admin,ou=People,dc=example,dc=com" write
  by * read
 
Tags:

文章评论

最 近 更 新
热 点 排 行
Js与CSS工具
代码转换工具

<