我将 OpenLDAP 设置迁移到较新的版本(2.4),现在只能使用“root”帐户绑定到它 - cn=admin,dc=mydomain,dc=com。任何其他用户的身份验证都会失败,并出现错误 49(无效凭据)。即使从头开始创建与 root 帐户相同级别的新用户(例如 cn=user2,dc=mydomain,dc=com),并使用 ldappasswd 为其重新设置密码,我仍然无法与该新帐户绑定。
/etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif 中的相关 (?) 配置如下所示:
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth manage by * break
olcAccess: {1}to dn.exact="" by * read
olcAccess: {2}to dn.base="cn=Subschema" by * read
当我尝试与非管理员帐户绑定时,Slapd 会给出以下消息:
5ab4a590 => access_allowed: result not in cache (userPassword)
5ab4a590 => access_allowed: auth access to "cn=user2,dc=mydomain,dc=com" "userPassword" requested
5ab4a590 => acl_get: [1] attr userPassword
5ab4a590 => acl_mask: access to entry "cn=user2,dc=mydomain,dc=com", attr "userPassword" requested
5ab4a590 => acl_mask: to value by "", (=0)
5ab4a590 <= check a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
5ab4a590 <= check a_dn_pat: *
5ab4a590 <= acl_mask: [2] applying none(=0) (stop)
5ab4a590 <= acl_mask: [2] mask: none(=0)
5ab4a590 => slap_access_allowed: auth access denied by none(=0)
5ab4a590 => access_allowed: no more rules
我错过了什么?