LDAP 限制用户对特定 OU 的搜索
[英]LDAP limit user search on specific OUs
问题描述
I have been wondering whether it is possible to limit OUs in search base.
我一直想知道是否可以在搜索库中限制 OU。 This is how my hierarchy looks like:这就是我的层次结构的样子:
Now, my search base is: dc=prod,dc=prod,dc=co现在,我的搜索库是:dc=prod,dc=prod,dc=co
Is there possibility to limit user search only to these:是否有可能将用户搜索仅限于这些:
- OU=PROD,OU=SYS OU=产品,OU=SYS
- OU=PROD,OU=Int OU=PROD,OU=Int
- OU=UNIX OU=UNIX
I'm a noob in this area, would be really welcome if someone could help.我是这方面的菜鸟,如果有人可以提供帮助,我会非常欢迎。
Not sure if it is possible to use userSearchBase for multiple OUs (so far I understood that it is not possible, although for sssd I saw example which works) I think some user search filter might do it but wasn't really successful unfortunately不确定是否可以将 userSearchBase 用于多个 OU(到目前为止,我知道这是不可能的,尽管对于 sssd 我看到了可行的示例)我认为某些用户搜索过滤器可能会这样做,但不幸的是并没有真正成功
1 个解决方案
解决方案1
1 已采纳 2021-03-25 09:01:26
Yes, you can limit the search base to multiple or single OU's.是的,您可以将搜索库限制为多个或单个 OU。
Ranger does accept multiple search bases, for example:- Ranger 接受多个搜索库,例如:-
OU=PROD,OU=SYS,dc=prod,dc=prod,dc=co;OU=PROD,OU=Int,dc=prod,dc=prod,dc;OU=UNIX,dc=prod,dc=prod,dc=co
Few thing to note, it has to be separated by ";"需要注意的一点,它必须用“;”分隔and it needs full path including "dc" values.它需要包含“dc”值的完整路径。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.