当前时区为 UTC + 8 小时



发表新帖 回复这个主题  [ 4 篇帖子 ] 
作者 内容
1 楼 
 文章标题 : [求助]ubuntu 10.04 server下LDAP的问题
帖子发表于 : 2010-11-30 16:05 

注册: 2010-10-11 14:59
帖子: 5
送出感谢: 0 次
接收感谢: 0 次
ubuntu 10.04 server构建Mail server,使用iredmail 0.6.1搭建完成,用户管理使用的是LDAP。尝试在iredadmin中添加了两个用户test1和test2,加上初始www一共三个用户。在PhpLdapAdmin中也能看到。但是以root登录系统怎么查看LDAP用户?我用slapcat命令出现Available database(s) do not allow slapcat错误。使用ldapsearch -x -h localhost -b dc=example,dc=com命令出现如下结果:
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 50 Insufficient access

另外,我用getent shadow也是看不见这三个账户的。
不知如何解决?请求帮忙,非常感谢!


页首
 用户资料  
 
2 楼 
 文章标题 : Re: [求助]ubuntu 10.04 server下LDAP的问题
帖子发表于 : 2010-11-30 16:08 

注册: 2010-10-11 14:59
帖子: 5
送出感谢: 0 次
接收感谢: 0 次
我把自己的/etc/ldap/slapd.conf也贴出来,谢谢了!

# Schemas.
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema

# Integrate Amavisd-new.
include /etc/ldap/schema/amavis.schema
# Schema provided by iRedMail.
include /etc/ldap/schema/iredmail.schema

# Where the pid file is put. The init.d script will not stop the
# server if you change this.
pidfile /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args

# TLS files.
TLSCACertificateFile /etc/ssl/certs/iRedMail_CA.pem
TLSCertificateFile /etc/ssl/certs/iRedMail_CA.pem
TLSCertificateKeyFile /etc/ssl/private/iRedMail.key

# Modules.
modulepath /usr/lib/ldap
moduleload back_bdb

# Disallow bind as anonymous.
#disallow bind_anon

# Uncomment below line to allow binding as anonymouse.
#allow bind_anon_cred

#
# Specify LDAP protocol version.
#require LDAPv3
allow bind_v2

# Log level.
# -1: enable all debugging
# 0: no debugging
# 128: access control list processing
# 256: stats log connections/operations/results
loglevel 0

#
# Access Control List. Used for LDAP bind.
#
# NOTE: Every domain have a administrator. e.g.
# Domain Name: 'example.com'
#Admin Name: mail=postmaster@example.com, domainName=example.com, o=domains,dc=e$
#

#
# Set permission for LDAP attrs.
#
access to attrs="userPassword,mailForwardingAddress"
by anonymous auth
by self write
by dn.exact="cn=vmail,dc=example,dc=com" read
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by users none

access to attrs="cn,sn,telephoneNumber"
by anonymous auth
by self write
by dn.exact="cn=vmail,dc=example,dc=com" read
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by users read

# Domain attrs.
access to attrs="objectclass,domainName,mtaTransport,enabledService,domainSenderBcc$
by anonymous auth
by self read
by dn.exact="cn=vmail,dc=example,dc=com" read
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by users read

# User attrs.
access to attrs="employeeNumber,homeDirectory,mailMessageStore,mail,accountStatus,u$
by anonymous auth
by self read
by dn.exact="cn=vmail,dc=example,dc=com" read
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by users read
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by users read

#
# Set ACL for vmail/vmailadmin.
#
access to dn="cn=vmail,dc=example,dc=com"
by anonymous auth
by self write
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by users none
access to dn="cn=vmailadmin,dc=example,dc=com"
by anonymous auth
by self write
by users none

#
# Allow users to access their own domain subtree.
# Allow domain admin to modify accounts under same domain.
#
access to dn.regex="domainName=([^,]+),o=domains,dc=example,dc=com$"
by anonymous auth
by self write
by dn.exact="cn=vmail,dc=example,dc=com" read
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by dn.regex="mail=[^,]+@$1,o=domainAdmins,dc=example,dc=com$" write
by dn.regex="mail=[^,]+@$1,ou=Users,domainName=$1,o=domains,dc=example,dc=com$"$
by users none

#
# Enable vmail/vmailadmin.
#
access to dn.subtree="o=domains,dc=example,dc=com"
by anonymous auth
by self write
by dn.exact="cn=vmail,dc=example,dc=com" read
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by dn.regex="mail=[^,]+,ou=Users,domainName=$1,o=domains,dc=example,dc=com$" re$
by users read

access to dn.subtree="o=domainAdmins,dc=example,dc=com"
by anonymous auth
by self write
by dn.exact="cn=vmail,dc=example,dc=com" read
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by users none

#
#
# Set permission for "cn=*,dc=example,dc=com".
#
access to dn.regex="cn=[^,]+,dc=example,dc=com"
by anonymous auth
by self write
by users none
#
# Set default permission.
#
access to *
by anonymous auth
by self write
by users read

#######################################################################
# BDB database definitions
#######################################################################

database bdb
suffix dc=example,dc=com
directory /var/lib/ldap/example.com

rootdn cn=Manager,dc=example,dc=com
rootpw {SSHA}51k+NxnPL0PJTU4X2XNosT5/Wy0MYyG0

sizelimit 1000
cachesize 1000

#
# Set directory permission.
#
mode 0700

#
# Default index.
#
index objectClass eq,pres
index uidNumber,gidNumber,uid,memberUid,loginShell eq,pres
index homeDirectory,mailMessageStore eq,pres
index ou,cn,mail,surname,givenname,telephoneNumber eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub

#
# Index for mail attrs.
#
# ---- Domain related ----
index domainName,mtaTransport,accountStatus,enabledService eq,pres,sub
index domainAliasName eq,pres,sub
index domainMaxUserNumber eq,pres
index domainAdmin,domainGlobalAdmin,domainBackupMX eq,pres,sub
index domainSenderBccAddress,domainRecipientBccAddress eq,pres,sub
# ---- Group related ----
index accessPolicy,hasMember,listAllowedUser eq,pres,sub
# ---- User related ----
index mailForwardingAddress,shadowAddress eq,pres,sub
index backupMailAddress,memberOfGroup eq,pres,sub
index userRecipientBccAddress,userSenderBccAddress eq,pres,sub


页首
 用户资料  
 
3 楼 
 文章标题 : Re: [求助]ubuntu 10.04 server下LDAP的问题
帖子发表于 : 2010-12-02 10:06 

注册: 2006-11-25 14:56
帖子: 3
送出感谢: 0 次
接收感谢: 0 次
iRedMail 里的 OpenLDAP 默认不允许匿名访问,所以你必须指定 bind dn 和密码才行。例如:

代码:
$ ldapsearch -x -h localhost -b 'dc=example,dc=com' -D 'cn=vmail,dc=xxx,dc=xxx' -W

-D 后面的 cn=vmail,dc=xx 可以在 /etc/postfix/ldap_*.cf 文件里找到,密码也在里头。

另外,建议将 iRedMail 的问题直接发到它的官方技术支持论坛: http://www.iredmail.org/bbs/
这样他们能更及时地回复你的问题。


页首
 用户资料  
 
4 楼 
 文章标题 : Re: [求助]ubuntu 10.04 server下LDAP的问题
帖子发表于 : 2010-12-06 8:39 

注册: 2010-10-11 14:59
帖子: 5
送出感谢: 0 次
接收感谢: 0 次
非常感谢3楼的帮助 :em01
之前我的确想在iredmail的官方bbs提问,但是发现论坛关闭注册,所以只能到这里了,非常感谢。


页首
 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 4 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 3 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
本站点为公益性站点,用于推广开源自由软件,由 DiaHosting VPSBudgetVM VPS 提供服务。
我们认为:软件应可免费取得,软件工具在各种语言环境下皆可使用,且不会有任何功能上的差异;
人们应有定制和修改软件的自由,且方式不受限制,只要他们自认为合适。

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
简体中文语系由 王笑宇 翻译