Openldap
OpenLDAP cn=config 數據庫訪問被阻止
我將 OpenLDAP 2.4.54 與 Alpine 一起使用。這是我的 ldap 配置
$ sudo slapcat -n0 dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend structuralObjectClass: olcDatabaseConfig entryUUID: afb8286a-68e7-426d-8a9f-91f52935c4af creatorsName: cn=config createTimestamp: 20200807074746Z entryCSN: 20200807074746.355242Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20200807074746Z dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by * none olcAddContentAcl: TRUE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=config olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig entryUUID: 570fed11-408d-42a2-bf96-3e063cc8276e creatorsName: cn=config createTimestamp: 20200807074746Z entryCSN: 20200807074746.355548Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20200807074746Z dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcDbDirectory: /var/lib/openldap/openldap-data olcSuffix: dc=mydomain,dc=tld olcRootDN: cn=admin,dc=mydomain,dc=tld olcRootPW:: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx olcDbIndex: objectClass eq structuralObjectClass: olcMdbConfig entryUUID: 5e4e308d-3243-4dd0-aa45-d289eb5575ab creatorsName: cn=config createTimestamp: 20200807074746Z entryCSN: 20200807074746.355490Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20200807074746Z
我無法使用 SASL 身份驗證編輯 cn=config 數據庫:
ldapmodify -Y EXTERNAL -H ldapi:/// -f anything.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config" ldap_modify: Insufficient access (50)
我無法使用根 dn
cn=config
進行身份驗證:ldapmodify -H ldapi:/// -D cn=config -f anything.ldif ldap_bind: Server is unwilling to perform (53) additional info: unauthenticated bind (DN with no password) disallowed
現在。既然我似乎對此沒有任何權限,我該如何編輯此數據庫中的任何內容?我可以嘗試使用
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
witholcAccess
或添加olcRootPW
for訪問權限,cn=config
但我無權執行此操作。我該如何解決這是一個先有雞還是先有蛋的問題?
我不確定這是否是一個好習慣,但我可以通過手動添加一個來解決這個
olcRootPW
問題/etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif