我正在尝试启用在 openldap (slapd) 服务器中的登录。所以我尝试执行:
$ ldapmodify -D cn=admin,dc=domain,dc=tld -W -H ldap:/// <<EOF
> dn: cn=config
> changetype:modify
> replace: olcLogLevel
> olcLogLevel: any
> EOF
modifying entry "cn=config"
ldap_modify: Insufficient access (50)
这是我的 slapcat -n0 输出:
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcLogLevel: none
olcPidFile: /var/run/slapd/slapd.pid
olcToolThreads: 1
structuralObjectClass: olcGlobal
entryUUID: f2abd5ee-adb8-103b-8c18-6da3f145a1c2
creatorsName: cn=config
createTimestamp: 20210919171535Z
entryCSN: 20210919171535.786316Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20210919171535Z
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_mdb
structuralObjectClass: olcModuleList
entryUUID: f2aca6cc-adb8-103b-8c20-6da3f145a1c2
creatorsName: cn=config
createTimestamp: 20210919171535Z
entryCSN: 20210919171535.791752Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20210919171535Z
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
structuralObjectClass: olcSchemaConfig
entryUUID: f2abf484-adb8-103b-8c1b-6da3f145a1c2
creatorsName: cn=config
createTimestamp: 20210919171535Z
entryCSN: 20210919171535.787189Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20210919171535Z
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth manage by * break
olcAccess: {1}to dn.exact="" by * read
olcAccess: {2}to dn.base="cn=Subschema" by * read
olcSizeLimit: 500
structuralObjectClass: olcDatabaseConfig
entryUUID: f2abdfee-adb8-103b-8c19-6da3f145a1c2
creatorsName: cn=config
createTimestamp: 20210919171535Z
entryCSN: 20210919171535.786661Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20210919171535Z
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth manage by * break
structuralObjectClass: olcDatabaseConfig
entryUUID: f2abede0-adb8-103b-8c1a-6da3f145a1c2
creatorsName: cn=config
createTimestamp: 20210919171535Z
entryCSN: 20210919171535.787019Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20210919171535Z
dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=domain,dc=tld
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * non
e
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to * by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=domain,dc=tld
olcRootPW:: SOME_HASH_VALUE
olcDbCheckpoint: 512 30
olcDbIndex: objectClass eq
olcDbIndex: cn,uid eq
olcDbIndex: uidNumber,gidNumber eq
olcDbIndex: member,memberUid eq
olcDbMaxSize: 1073741824
structuralObjectClass: olcMdbConfig
entryUUID: f2accdf0-adb8-103b-8c21-6da3f145a1c2
creatorsName: cn=config
createTimestamp: 20210919171535Z
entryCSN: 20210919171535.792748Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20210919171535Z
我不知道是什么问题。帐户“admin”定义为 olcRootDN cn=admin,dc=domain,dc=tld。为什么我不能更改配置?