0

我目前正在尝试为用户创建一个具有 memberOf 属性的 OpenLDAP 服务器。

使用cn=config,我加载了 memberof Module (lsof 说,它确实已加载)并将覆盖添加到我的数据库中。

零件ldapsearch -b cn=config -D 'cn=root,cn=config' -W

# module{0}, config
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/openldap
olcModuleLoad: {0}memberof
olcModuleLoad: {1}refint

# {1}bdb, config
dn: olcDatabase={1}bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {1}bdb
olcDbDirectory: /var/lib/openldap/openldap-data
olcSuffix: dc=mydomain,dc=com
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=root,dc=mydomain,dc=com
olcRootPW: ***
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbCacheSize: 1000
olcDbConfig: {0}# $OpenLDAP$
olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas
 es.
olcDbConfig: {2}#
olcDbConfig: {3}# See the Oracle Berkeley DB documentation
olcDbConfig: {4}#   <http://www.oracle.com/technology/documentation/berkeley-d
 b/db/ref/env/db_config.html>
olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics.
olcDbConfig: {6}#
olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ
olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl
 PTI+
olcDbConfig: {9}# in particular:
olcDbConfig: {10}#   <http://www.openldap.org/faq/index.cgi?file=1075>
olcDbConfig: {11}
olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon re
 building
olcDbConfig: {13}# the DB environment.
olcDbConfig: {14}
olcDbConfig: {15}# one 0.25 GB cache
olcDbConfig: {16}set_cachesize 0 268435456 1
olcDbConfig: {17}
olcDbConfig: {18}# Data Directory
olcDbConfig: {19}#set_data_dir db
olcDbConfig: {20}
olcDbConfig: {21}# Transaction Log settings
olcDbConfig: {22}set_lg_regionmax 262144
olcDbConfig: {23}set_lg_bsize 2097152
olcDbConfig: {24}#set_lg_dir logs
olcDbConfig: {25}
olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for "qui
 ck"
olcDbConfig:: ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl
 aXIgLXEgb3B0aW9uKS4g
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq
olcDbIndex: mail pres,eq,sub
olcDbIndex: dc eq
olcDbIndex: sn pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0

# {0}memberof, {1}bdb, config
dn: olcOverlay={0}memberof,olcDatabase={1}bdb,cn=config
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: {0}memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf

但即使我删除所有用户和组并重新创建它们,也不会生成 memberOf。

# mydomain.com
dn: dc=mydomain,dc=com
objectClass: dcObject
objectClass: organization
dc: mydomain
o: My sample LDAP

# users, mydomain.com
dn: ou=users,dc=mydomain,dc=com
ou: users
objectClass: organizationalUnit
objectClass: top

# groups, mydomain.com
dn: ou=groups,dc=mydomain,dc=com
ou: groups
objectClass: organizationalUnit
objectClass: top

# admin, users, mydomain.com
dn: cn=admin,ou=users,dc=mydomain,dc=com
sn: tester
cn: admin
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top

# users, groups, mydomain.com
dn: cn=users,ou=groups,dc=mydomain,dc=com
member: dc=com,dc=mydomain,ou=users,cn=admin
cn: users
objectClass: groupOfNames
objectClass: top

为了验证组中成员属性的 DN,我安装了 Atlassian Stash 并添加了 LDAP。它检测到用户属于该组。

是不是我做错了什么?

提前致谢

4

1 回答 1

1
member: dc=com,dc=mydomain,ou=users,cn=admin

那是从前到后。它应该是

member: cn=admin,ou-users,dc=mydomain,dc=com
于 2014-11-26T00:16:39.020 回答