Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $ cat module_monitor.ldif
- dn: cn=module{0},cn=config
- changetype: modify
- add: olcModuleLoad
- olcModuleLoad: {2}back_monitor
- $ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f module_monitor.ldif
- $ sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=module{0},cn=config"
- SASL/EXTERNAL authentication started
- SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
- SASL SSF: 0
- # extended LDIF
- #
- # LDAPv3
- # base <cn=module{0},cn=config> with scope subtree
- # filter: (objectclass=*)
- # requesting: ALL
- #
- # module{0}, config
- dn: cn=module{0},cn=config
- objectClass: olcModuleList
- cn: module{0}
- olcModulePath: /usr/lib64/openldap
- olcModuleLoad: {0}memberof
- olcModuleLoad: {1}refint
- olcModuleLoad: {2}back_monitor
- <...>
- $ cat cn_monitor.ldif
- dn: cn=monitor,dc=company,dc=de
- objectClass: simpleSecurityObject
- objectClass: organizationalRole
- cn: monitor
- description: LDAP monitor
- userPassword: {CRYPT}REDACTED
- $ ldapadd -x -D "cn=admin,dc=company,dc=de" -W -f cn_monitor.ldif -ZZ -H ldap://openldap.internal.company.de
- $ cat database_monitor.ldif
- dn: olcDatabase={1}monitor,cn=config
- changetype: modify
- replace: olcAccess
- olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=manager,dc=company,dc=de" read by * none
- $ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f database_monitor.ldif
- $ sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b "olcDatabase={1}monitor,cn=config"
- SASL/EXTERNAL authentication started
- SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
- SASL SSF: 0
- # extended LDIF
- #
- # LDAPv3
- # base <olcDatabase={1}monitor,cn=config> with scope subtree
- # filter: (objectclass=*)
- # requesting: ALL
- #
- # {1}monitor, config
- dn: olcDatabase={1}monitor,cn=config
- objectClass: olcDatabaseConfig
- olcDatabase: {1}monitor
- olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external
- ,cn=auth" read by dn.base="cn=manager,dc=company,dc=de" read by * none
- $ sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=monitor"
- <...>
- # numResponses: 67
- # numEntries: 66
- $ ldapsearch -D "cn=monitor,dc=company,dc=de" -H ldap://openldap.internal.company.de -W -ZZ -b "cn=monitor"
- Enter LDAP Password:
- # extended LDIF
- #
- # LDAPv3
- # base <cn=monitor> with scope subtree
- # filter: (objectclass=*)
- # requesting: ALL
- #
- # search result
- search: 3
- result: 32 No such object
- # numResponses: 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement