OpenLDAP sAMAccountName作为自定义属性 [英] OpenLDAP sAMAccountName as custom attribute

问题描述

我试图添加一个自定义属性对象类，因为我的一个应用程序只能与sAMAccountName一起使用.

I am trying to add a custom attributes object class, because one of my applications only works with sAMAccountName.

我发现，它需要以下架构才能将其添加到LDAP中.

I found out, that it needs the following schema to add it to LDAP.

olcAttributeTypes: ( 1.2.840.113556.1.4.221
NAME 'sAMAccountName'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
SINGLE-VALUE )

我用此内容创建了一个ldif文件，并且sAMAccountName出现在Apache Directory Studio中

I created a ldif file with this content and sAMAccountName appeared in Apache Directory Studio

dn: cn=custom-attributes,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: custom-attributes
olcAttributeTypes: ( 1.2.840.113556.1.4.221
    NAME 'sAMAccountName'
    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
    SINGLE-VALUE )

但是，如果我尝试向用户添加此属性，则会出现错误#65，因为我的对象类不允许使用此属性，因此我将其删除并尝试为自定义属性添加对象类:

But if I tried to add this attribute to my user I got an error #65, because it was not allowed by my object classes, so I removed it and tried to add a object class for custom attributes:

dn: cn=custom-attributes,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: custom-attributes
olcAttributeTypes: ( 1.2.840.113556.1.4.221
    NAME 'sAMAccountName'
    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
    SINGLE-VALUE )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.100.1
    NAME 'customAttributes'
    SUP top
    AUXILIARY
    DESC 'Custom attributes class'
    MAY (sAMAccountName)
)

现在我收到此错误

ldapadd:无效格式(第6行)条目:"cn = custom-attributes，cn = schema，cn = config"

ldapadd: invalid format (line 6) entry: "cn=custom-attributes,cn=schema,cn=config"

我正在通过终端添加ldif文件

I am adding the ldif file via terminal

ldapadd -H ldaps://ldap.mydomain.com/ -f samaccountname.ldif -D "cn=admin,cn=config" -w mypassword

错误消息指的是哪一行?语法有什么问题吗?

Which line is meant by the error message? And whats wrong with the syntax?

我还听说过将sAMAccountName代理到uid，但是我没有找到示例ldif文件，因此该解决方案对我来说更容易实现.

I also heard about proxy the sAMAccountName to uid, but I did not find a example ldif file, so this solution seamed more achievable to me.

推荐答案

我认为这是由于最后一个括号引起的. LDIF文件上的新行表示新的项目描述.尝试将最后一个括号放在MAY行的末尾.

I think it is due to the last parenthesis. A new line on a LDIF file means a new item description. Try to put the last parenthesis at the end of the MAY line.

这篇关于OpenLDAP sAMAccountName作为自定义属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！