我有一个Web应用程序需要能够在LDAP上创build用户。 我创build了一个cn=intranet,dc=example,dc=com ,我需要它可以添加用户unside ou=People,dc=example,dc=com 。
所以我试图添加用户作为cn=intranet使用属性如:
dn = "uid=something,ou=People,dc=telecom-etude,dc=com" attrs = { cn: 'something', givenName: 'something', sn: 'something', uid: 'something', displayName: 'something', objectClass: ["inetOrgPerson", 'top', 'Person' ], } ldap = Devise::LDAP::Connection.admin # returns a Net::LDAP binding with `cn=intranet` ldap.add(dn: dn, attributes: attrs)
无论我做什么,我似乎都被困住了
(Net::LDAP) LDAP Creation ERROR : #<OpenStruct code=50, error_message="no write access to parent", matched_dn="", message="Insufficient Access Rights"> (phpmyldap) 0x32 (LDAP_INSUFFICIENT_ACCESS)
我有TRIED(意思是非最优但肯定工作?)如下:
第一个条目用于备份,忽略它(除非它真的有关?)
olcAccess: {0}to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPa ssword,sambaPwdLastSet by self write by anonymous auth by dn="cn=admin,dc=example,dc=com" write by dn="cn=jarvisrepl,dc=example,dc=com" write by * none olcAccess: {1}to dn.base="" by * read oclAccess: {2}to * by dn="intranet,dc=example,dc=com" write olcAccess: {3}to * by self write by dn="cn=admin,dc=example,dc=com" writ e by * read oclAccess: {4}to * by dn="intranet,dc=example,dc=com" write
我尝试使用通配符*访问cn =“intranet”,oclAccess AFTER和之前的默认访问({3}),但即使这不起作用,我不明白为什么。
否则,从我读的,我想要的最好的工作configuration应该是这样的:
olcAccess: {1}to dn.base="" by * read oclAccess: {2}to dn.base="ou=People,dc=example,dc=com" attributes=children by dn="intranet,dc=example,dc=com" write oclAccess: {3}to dn.onelevel="ou=People,dc=example,dc=com" by dn="intranet,dc=example,dc=com" write olcAccess: {4}to * by self write by dn="cn=admin,dc=example,dc=com" writ e by * read