标签:文档 btree read conf user password ever sel amp
官网文档:4.1. Setting Attributes Read-only
Several attributes in LDAP should be read-only. If left writable by the user, for example, a user could change his uidNumber attribute to 0 and get root access!
To begin with, the userPassword attribute should not be world-readable. By default, anyone who can connect to the LDAP server can read this attribute. To disable this, put the following in slapd.conf:
Example 8. Hide Passwords
access to dn.subtree="ou=people,dc=example,dc=org"
attrs=userPassword
by self write
by anonymous auth
by * none
access to
by self write
by read
标签:文档 btree read conf user password ever sel amp
原文地址:https://blog.51cto.com/13420391/2540309
