跪求高人指點ACL問題,困擾得我茶不思飯不想
openldap acl控制問題
我在phpLDAPADMIN中建了一些目錄,其中有一個DN為:name=iConfig1,dc=iConfig,dc=pudong,dc=SH,dc=Octon
同時我建了一個目錄cn=hrpeople,ou=groups,dc=Octon,在下面建了一個用戶。
然後我 寫ACL如下:
access to dn.subtree="name=iConfig1,dc=iConfig,dc=pudong,dc=SH,dc=Octon"
by self write
by * auth
by self read
by dn.children="cn=hrpeople,ou=groups,dc=Octon" write
為什麼SLAPD就啟動不了呢,而且不報錯,為什麼呢?哪位大哥大姐幫幫我,這個問題困擾我好幾天了!
《解決方案》
我改成access to *
by self write
by anonymous auth
by * read
這樣卻可以,為什麼啊
《解決方案》
access to dn.subtree="name=iConfig1,dc=iConfig,dc=pudong,dc=SH,dc=Octon"
by self write
by dn.children="cn=hrpeople,ou=groups,dc=Octon" write
by * auth
改成這樣,服務到是起來啦,但是PHPLDAPADMIN有問題,出現
Our attempts to find your SCHEMA for "attributetypes" has return UNEXPECTED results.
(We expected a "resource" in the $schema array but it wasnt there.)
Please contact the phpLDAPadmin developers and let them know:
Which LDAP server you are running, including which version
What OS it is running on
Which version of PHP
As well as a link to some documentation that describes how to obtain the SCHEMA information
We'll then add support for your LDAP server in an upcoming release.
Dump of $schema_search:
--------------------------------------------------------------------------------
a:1:{s:5:"count";i:0;}
《解決方案》
# ./slapd -d 256
@(#) $OpenLDAP: slapd 2.3.32 (Jul 3 2007 11:25:25) $
root@localhost.localdomain:/home/paul/openldap-2.3.32/servers/slapd
daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol)
bdb_db_open: Warning - No DB_CONFIG file found in directory /usr/local/openldap/var/openldap-data: (2)
Expect poor performance for suffix dc=Octon.
slapd starting
conn=0 fd=10 ACCEPT from IP=127.0.0.1:33324 (IP=0.0.0.0:389)
conn=0 op=0 BIND dn="cn=Manager,dc=Octon" method=128
conn=0 op=0 BIND dn="cn=Manager,dc=Octon" mech=SIMPLE ssf=0
conn=0 op=0 RESULT tag=97 err=0 text=
conn=0 op=1 SRCH base="dc=Octon" scope=0 deref=0 filter="(objectClass=*)"
conn=0 op=1 SRCH attr=dn
conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=0 op=2 SRCH base="dc=Octon" scope=0 deref=0 filter="(objectClass=*)"
conn=0 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=0 op=3 SRCH base="dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)"
conn=0 op=3 SRCH attr=subschemaSubentry
conn=0 op=3 SEARCH RESULT tag=101 err=32 nentries=0 text=
conn=0 op=4 SRCH base="dc=Octon" scope=0 deref=0 filter="(objectClass=*)"
conn=0 op=4 SRCH attr=subschemaSubentry
conn=0 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=0 op=5 SRCH base="cn=Subschema" scope=0 deref=3 filter="(objectClass=*)"
conn=0 op=5 SRCH attr=attributetypes
conn=0 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=0 op=6 UNBIND
conn=0 fd=10 closed ()
conn=1 fd=10 ACCEPT from IP=127.0.0.1:33325 (IP=0.0.0.0:389)
conn=1 op=0 BIND dn="cn=Manager,dc=Octon" method=128
conn=1 op=0 BIND dn="cn=Manager,dc=Octon" mech=SIMPLE ssf=0
conn=1 op=1 SRCH base="dc=Octon" scope=0 deref=0 filter="(objectClass=*)"
conn=1 op=1 SRCH attr=dn
conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=1 op=2 SRCH base="dc=Octon" scope=0 deref=0 filter="(objectClass=*)"
conn=1 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=1 op=3 SRCH base="dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)"
conn=1 op=3 SRCH attr=subschemaSubentry
conn=1 op=3 SEARCH RESULT tag=101 err=32 nentries=0 text=
conn=1 op=4 SRCH base="dc=Octon" scope=0 deref=0 filter="(objectClass=*)"
conn=1 op=4 SRCH attr=subschemaSubentry
conn=1 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=1 op=5 SRCH base="cn=Subschema" scope=0 deref=3 filter="(objectClass=*)"
conn=1 op=5 SRCH attr=attributetypes
conn=1 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=1 op=6 UNBIND
conn=1 op=0 RESULT tag=97 err=0 text=
conn=1 fd=10 closed ()
conn=2 fd=10 ACCEPT from IP=127.0.0.1:33326 (IP=0.0.0.0:389)
conn=2 op=0 BIND dn="cn=Manager,dc=Octon" method=128
conn=2 op=0 BIND dn="cn=Manager,dc=Octon" mech=SIMPLE ssf=0
conn=2 op=1 SRCH base="dc=Octon" scope=0 deref=0 filter="(objectClass=*)"
conn=2 op=1 SRCH attr=dn
conn=2 op=2 SRCH base="dc=Octon" scope=0 deref=0 filter="(objectClass=*)"
conn=2 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=2 op=3 SRCH base="dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)"
conn=2 op=3 SRCH attr=subschemaSubentry
conn=2 op=3 SEARCH RESULT tag=101 err=32 nentries=0 text=
conn=2 op=4 SRCH base="dc=Octon" scope=0 deref=0 filter="(objectClass=*)"
conn=2 op=4 SRCH attr=subschemaSubentry
conn=2 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=2 op=5 SRCH base="cn=Subschema" scope=0 deref=3 filter="(objectClass=*)"
conn=2 op=5 SRCH attr=attributetypes
conn=2 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=2 op=6 UNBIND
conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=2 op=0 RESULT tag=97 err=0 text=
conn=2 fd=10 closed ()
。。。。
《解決方案》
改成by anonymous auth
