ldap/sldap

给新建的账户赋权限也是通过修改配置文件/etc/openldap/slapd.conf来实现，具体的增加的内容如下：

如上面示例中就定义了两个用户，一个是只读用户cn=bbs,dc=361way,dc=com和一个可写用户cn=bbsadmin,dc=361way,dc=com 以及这两个用户对所列的字段、正则匹配的用户有相应的权限 。

# Personal LDAP address book.
access to dn.regex="cn=[^,]+,mail=([^,]+)@([^,]+),ou=Users,domainName=([^,]+),o=domains,dc=361way,dc=com$"
    by anonymous                    none
    by self                         none
    by dn.exact="cn=bbs,dc=361way,dc=com"   read
    by dn.exact="cn=bbsadmin,dc=361way,dc=com"  write
    by dn.regex="mail=$1@$2,ou=Users,domainName=$3,o=domains,dc=361way,dc=com$" write
    by users                        none
# Allow users to change their own passwords and mail forwarding addresses.
access to attrs="userPassword,mailForwardingAddress"
    by anonymous    auth
    by self         write
    by dn.exact="cn=bbs,dc=361way,dc=com"   read
    by dn.exact="cn=bbsadmin,dc=361way,dc=com"  write
    by users        none
# Allow to read others public info.
access to attrs="cn,sn,gn,givenName,telephoneNumber"
    by anonymous    auth
    by self         write
    by dn.exact="cn=bbs,dc=361way,dc=com"   read
    by dn.exact="cn=bbsadmin,dc=361way,dc=com"  write
    by users        read