用openldap自学。我认为olcRootDN默认情况下具有管理员权限,但事实并非如此。必须为olcRootDN设置olcAccess规则是否正常?
谢谢。
dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /usr/local/var/openldap-data
olcSuffix: dc=EXAMPLE,dc=COM
olcRootDN: cn=Manager,dc=EXAMPLE,dc=COM
olcRootPW:: c2VjcmV0
olcDbIndex: objectClass eq
structuralObjectClass: olcMdbConfig
entryUUID: 3b3e5552-c11d-4e20-a61a-ad82d9f18e22
creatorsName: cn=config
createTimestamp: 20190221042051Z
entryCSN: 20190221042051.752732Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20190221042051Z
bash-4.4#
bash-4.4#
bash-4.4# ldapwhoami -D cn=Manager,dc=EXAMPLE,dc=COM -W -H ldaps://ldap.EXAMPLE.COM
Enter LDAP Password:
dn:cn=Manager,dc=EXAMPLE,dc=COM
bash-4.4#
bash-4.4#
bash-4.4#
bash-4.4#
bash-4.4# ldapmodify -D cn=Manager,dc=EXAMPLE,dc=COM -H ldaps://ldap.EXAMPLE.COM -f /etc/openldap/kerberos_index.ldif -W
Enter LDAP Password:
modifying entry "olcDatabase={1}mdb,cn=config"
ldap_modify: Insufficient access (50)