我将OpenLDAP设置迁移到较新版本(2.4),现在只能使用“root”帐户绑定到它 - cn=admin,dc=mydomain,dc=com
。任何其他用户的身份验证失败,错误49(凭据无效)。即使在与root帐户相同的级别创建新用户(例如cn = user2,dc = mydomain,dc = com),并使用ldappasswd为其新设置密码,我仍然无法使用该新帐户绑定。
/etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif中的相关(?)配置如下所示:
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth manage by * break
olcAccess: {1}to dn.exact="" by * read
olcAccess: {2}to dn.base="cn=Subschema" by * read
当我尝试与非管理员帐户绑定时,Slapd会提供以下消息:
5ab4a590 => access_allowed: result not in cache (userPassword)
5ab4a590 => access_allowed: auth access to "cn=user2,dc=mydomain,dc=com" "userPassword" requested
5ab4a590 => acl_get: [1] attr userPassword
5ab4a590 => acl_mask: access to entry "cn=user2,dc=mydomain,dc=com", attr "userPassword" requested
5ab4a590 => acl_mask: to value by "", (=0)
5ab4a590 <= check a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
5ab4a590 <= check a_dn_pat: *
5ab4a590 <= acl_mask: [2] applying none(=0) (stop)
5ab4a590 <= acl_mask: [2] mask: none(=0)
5ab4a590 => slap_access_allowed: auth access denied by none(=0)
5ab4a590 => access_allowed: no more rules
我错过了什么?
答案 0 :(得分:0)
我必须在另一个配置文件中添加身份验证访问权限(匿名身份验证) - olcDatabase={1}mdb.ldif
修改前的条目:
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth" write by * none
修改后的条目:
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth" write by anonymous auth by * none
AARGH