zoukankan      html  css  js  c++  java
  • ldap/sldap

    给新建的账户赋权限也是通过修改配置文件/etc/openldap/slapd.conf来实现,具体的增加的内容如下:

    如上面示例中就定义了两个用户,一个是只读用户cn=bbs,dc=361way,dc=com和一个可写用户cn=bbsadmin,dc=361way,dc=com 以及这两个用户对所列的字段、正则匹配的用户有相应的权限 。

    # Personal LDAP address book.
    access to dn.regex="cn=[^,]+,mail=([^,]+)@([^,]+),ou=Users,domainName=([^,]+),o=domains,dc=361way,dc=com$"
        by anonymous                    none
        by self                         none
        by dn.exact="cn=bbs,dc=361way,dc=com"   read
        by dn.exact="cn=bbsadmin,dc=361way,dc=com"  write
        by dn.regex="mail=$1@$2,ou=Users,domainName=$3,o=domains,dc=361way,dc=com$" write
        by users                        none
    # Allow users to change their own passwords and mail forwarding addresses.
    access to attrs="userPassword,mailForwardingAddress"
        by anonymous    auth
        by self         write
        by dn.exact="cn=bbs,dc=361way,dc=com"   read
        by dn.exact="cn=bbsadmin,dc=361way,dc=com"  write
        by users        none
    # Allow to read others public info.
    access to attrs="cn,sn,gn,givenName,telephoneNumber"
        by anonymous    auth
        by self         write
        by dn.exact="cn=bbs,dc=361way,dc=com"   read
        by dn.exact="cn=bbsadmin,dc=361way,dc=com"  write
        by users        read

  • 相关阅读:
    Python基础之基本数据类型
    Python基础之变量
    mysql数据库
    进程与线程
    并发编程
    网络编程
    内置函数(魔法方法)
    组合,封装,访问限制机制,property装饰器
    面向对象之继承
    Web开发中最致命的8个小错误
  • 原文地址:https://www.cnblogs.com/SZLLQ2000/p/10766298.html
Copyright © 2011-2022 走看看