获取OpenLDAP memberOf工作时出现问题 [英] Problems getting OpenLDAP memberOf working
问题描述
我对OpenLDAP不太熟悉,但是我正在尝试使本地实例正常运行,以便在开发中测试客户端,该客户端需要memberOf属性.
I'm not very familiar with OpenLDAP, but I'm trying to get a local instance working in order to test a client in development, which needs the memberOf attribute.
I've downloaded and installed OpenLDAP on a Centos 7 VM, per the instructions at http://www.openldap.org/doc/admin24/guide.html#A Quick-Start Guide. I did not use package management to install it. Since I'm using 2.4.45, it's using the cn=config OLC config and not the slapd.conf configuration scheme
在上面的第4步中,我对配置脚本使用了--enable-memberof和--enable-refint标志.当我运行预安装测试时,它确实运行了memberof测试,并且通过了测试,因此我知道可以以某种方式应用该覆盖.
At step 4 above, I used the --enable-memberof and --enable-refint flag to the configure script. When I ran the pre-install tests, it did run the memberof tests, and they passed, so I know the overlay can be applied somehow.
我已经尝试了以下说明中的说明: https://adimian.com/blog/2014/10/how-to-enable-memberof-using-openldap/,并且还有一些其他地方,但有一些变体.我遇到了以下问题...
I've tried the directions found at https://adimian.com/blog/2014/10/how-to-enable-memberof-using-openldap/ and, with slight variants, many other places. I've run into the following issues with this...
- 在ldapadd期间有关无效的objectClass oldModuleList的错误
- ldapadd期间访问错误不足
- 我没有与任何示例中找到的模块路径相对应的本地目录.我似乎在计算机上的任何地方都没有memberof.la文件.
这是否在正确的轨道上?还是因为我从源代码安装或使用了--enable-memberof标志,所以该过程会有所不同吗?
Is this even on the right track? Or will the process be different because I installed from source or used the --enable-memberof flag?
让我知道是否需要提供任何信息.
Let me know if there's any info I need to provide.
更新:
目前,我正在尝试添加带有dn dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config的条目,如上面的链接说明中所述.我懂了
# ldapadd -x -D "cn=Manager,dc=aaron,dc=com" -W -f member.ldif
Enter LDAP Password:
adding new entry "olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config"
ldap_add: Insufficient access (50)
Update:
Currently, I am trying to add the entry with dn dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config as found in the linked instructions above. I get
# ldapadd -x -D "cn=Manager,dc=aaron,dc=com" -W -f member.ldif
Enter LDAP Password:
adding new entry "olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config"
ldap_add: Insufficient access (50)
另一个更新: 进步!
我通过编辑将olcRootPW添加到cn = config数据库
etc/slapd.d/cn=config/olcDatabase={0}config.ldif
然后使用该dn运行ldapadd:
ldapadd -x -D "cn=config" -W -f member.ldif
我不得不放回{0}和{1}.
I added an olcRootPW to the cn=config database by editing
etc/slapd.d/cn=config/olcDatabase={0}config.ldif
then used that dn to run the ldapadd:
ldapadd -x -D "cn=config" -W -f member.ldif
I had to put the {0} and {1} back.
尝试添加第一个refint ldif失败,但是我认为不需要,因为这些不是模块,而是根据我的配置直接编译为slapd.
Trying to add the first refint ldif failed, but I think I don't need that since these aren't modules, but compiled directly into slapd based on how I configured it.
现在我正在尝试添加第二个refint条目并获取
Now I'm trying to add the second refint entry and getting
[root@openldap openldap]# ldapadd -x -D "cn=config" -W -f refint2.ldif
Enter LDAP Password:
adding new entry "olcOverlay={1}refint,olcDatabase={1}mdb,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
additional info: olcRefintAttribute <manager>: attribute type undefined
推荐答案
为可能需要其他信息的用户添加此注释. 这篇文章清楚解释如何启用memberOf覆盖以及参照完整性.实际上,它完全解释了openLDAP端到端实施.
Adding this comment for users who might need additional information on this. This article clearly explains on how to enable memberOf overlay along with referential integrity. In fact it completely explains the end to end openLDAP implementation.
这篇关于获取OpenLDAP memberOf工作时出现问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
