【发布时间】:2015-02-15 00:38:45
【问题描述】:
我不明白为什么 ldapmodify 不接受我的 grantuserall2.ldif 我想归档 ou=service,uid=dovecot 可以读取 userPassword。 不幸的是 ldapmodify 甚至不接受简单的 acl :D 我被错误困住了:
ldapmodify -h localhost -p 389 -D "cn=admin,dc=example,dc=com" -w ****** -f /etc/ldap/grantuserall2.ldif
modifying entry "olcDatabase{1}hdb,cn=config"
ldap_modify: Invalid DN syntax (34)
additional info: invalid DN
grantuserall2.ldif:
dn: olcDatabase{1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {3}to *
by self write
by users read
by * none
ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -w ****** olcDatabase={1}hdb
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=example,dc=com
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
s auth by dn="cn=admin,dc=example,dc=com" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com" write by * re
ad
olcLastMod: TRUE
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: {SSHA}***********************************
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
我的 DIT 是这样的:http://i.stack.imgur.com/GcAPL.png
我会提供任何帮助。 晚安^^
【问题讨论】: