openldap AC权限配置

目标:
ou=apps,dc=example,dc=com目录下的cn=*有权只读ou=people,dc=example,dc=com下的信息列表

通过ldapadmin登陆cn=config,修改olcDatabase={1}hdb的olcAccess值

{0}to dn.subtree="ou=people,dc=example,dc=com" by self write by dn.children="ou=apps,dc=example,dc=com" read  by * none

参考
https://www.openldap.org/doc/admin24/access-control.html#Access Control Common Examples

Show Comments