Openldap

不同的ldapsearches,沒有輸出

  • September 29, 2015

當我使用

ldapsearch -LLLZZ -H ldap://centos7s.domen.lan -x

我把所有東西都拿出來:

dn: dc=domen,dc=lan
objectClass: domain
dc: domen
o: domen.lan organization
description: The Domen Company

dn: ou=users,dc=domen,dc=lan
ou: users
objectClass: top
objectClass: organizationalUnit

dn: ou=groups,dc=domen,dc=lan
ou: groups
objectClass: top
objectClass: organizationalUnit

dn: uid=ldapuser1,ou=users,dc=domen,dc=lan
uid: ldapuser1
cn: ldapuser1
sn: ldapuser1
mail: ldapuser1@domen.lan
objectClass: person
objectClass: organizationalPerson....

但與

ldapsearch  -ZZWD cn=manager,dc=domen,dc=lan -b cn=config -h centos7s.domen.lan

我什麼也沒得到:

Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 3
result: 32 No such object

# numResponses: 1

我做錯什麼了?這個搜尋有什麼區別?

在原來我有:

ldapsearch -LLLY EXTERNAL -H ldapi:/// -b cn=config '(olcAccess=*)' olcAccess olcSuffix

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: olcDatabase={0}config,cn=config
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth" manage by * none

dn: olcDatabase={1}monitor,cn=config
olcAccess: {0}to * by 

dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external
    ,cn=auth" read    by dn.base="cn=manager,dc=domen,dc=lan" read    by * none

現在,更改後:

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: olcDatabase={0}config,cn=config
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth" manage by * none

dn: olcDatabase={1}monitor,cn=config
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth" read    by dn.base="cn=manager,dc=domen,dc=lan" read    by * none

dn: olcDatabase={2}hdb,cn=config
olcSuffix: dc=domen,dc=lan
olcAccess: {0}to attrs=userPassword,shadowLastChange   by dn="cn=manager,dc=do
men,dc=lan" write   by anonymous auth   by self write   by * none
olcAccess: {1}to dn.base=""   by * read
olcAccess: {2}to * by dn="cn=manager,dc=domen,dc=lan" write   by * read

結果還是和上面一樣,第二個ldapsearch 什麼也不返回。

這兩個搜尋有不同的搜尋基礎。檢查您的 ACL 以獲取更多資訊。

我所知道的肯定是:

  1. anonymous可以訪問dc=domen,dc=lan子樹。
  2. cn=manager,dc=domen,dc=lan無權訪問cn=config子樹。

引用自:https://serverfault.com/questions/710991

相關問答

Linux

如何在 OpenLDAP 中創建名為“{2}accesslog”的訪問日誌

  • October 30, 2022
檢視問答
Apache-2.4

使用 ldap-user 的 Apache2 OpenLDAP 授權失敗

  • August 30, 2022
檢視問答
Openldap

OpenLDAP ACL 不合作

  • August 27, 2022
檢視問答
Ldap

無法在 LDAP 結構中創建 inetOrgPerson

  • August 9, 2022
檢視問答
Ldap

無法在 macOS 客戶端上驗證 OpenLDAP 使用者“找不到使用者:數據庫中沒有秘密”

  • May 5, 2022
檢視問答
Ldap

openLDAP ldap_modify: 嘗試刪除自定義模式時伺服器不願意執行 (53)

  • April 29, 2022
檢視問答