新增示例:
change_olcAccess.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: to *
by dn.exact="uid=gitlab,dc=example,dc=com" read
by dn.exact="uid=jenkins,dc=example,dc=com" read
by self read
by self write
by * auth
ldapmodify -Y EXTERNAL -H ldapi:/// -f change_olcAccess.ldif
更新示例:
dn: olcDatabase={2}hdb,cn=config
changetype: modify
delete: olcAccess
olcAccess: {0}
olcAccess: {1}
-
add: olcAccess
olcAccess: to * by dn.exact="uid=gitlab,dc=example,dc=com" read by * auth
-
add: olcAccess
olcAccess: xxxxxxxx
参考:
https://www.openldap.org/doc/admin24/access-control.html
http://www.361way.com/ldap-adduser-grants/2825.html
网友评论