1

我在设置 Fabric-ca 以使用 OpenLdap 时遇到问题。我使用的命令是:

fabric-ca-client enroll -u http://admin:admin@localhost:7054

Fabric-CA 服务器端:

Error: [INFO] 127.0.0.1:36228 POST /enroll 401 23 "Failed to get user: LDAP search failure; search request: &{BaseDN:dc=example,dc=org Scope:2 DerefAliases:0 SizeLimit:0 TimeLimit:0 TypesOnly:false Filter:(cn=admin)  Attributes:[uid member] Controls:[]}: LDAP Result Code 201 "": ldap: finished compiling filter with extra at end:  "

OpenLDAP 端:

5c5abff7 conn=1052 fd=12 ACCEPT from IP=10.0.0.34:47132 (IP=0.0.0.0:389)
5c5abff7 conn=1052 op=0 BIND dn="cn=admin,dc=example,dc=org" method=128
5c5abff7 conn=1052 op=0 BIND dn="cn=admin,dc=example,dc=org" mech=SIMPLE ssf=0
5c5abff7 conn=1052 op=0 RESULT tag=97 err=0 text=
5c5abff7 conn=1052 fd=12 closed (connection lost)

我正在使用fabric-ca 服务器v1.4.0。我一直在尝试更改 userfilter 和我的 OpenLdap 架构,但似乎没有任何效果。

version: 1.4.0

# Server's listening port (default: 7054)
port: 7054

# Enables debug logging (default: false)
debug: true

# Size limit of an acceptable CRL in bytes (default: 512000)
crlsizelimit: 512000

#############################################################################
#  LDAP section
#  If LDAP is enabled, the fabric-ca-server calls LDAP to:
#  1) authenticate enrollment ID and secret (i.e. username and password)
#     for enrollment requests;
#  2) To retrieve identity attributes
#############################################################################

    ldap:
       # Enables or disables the LDAP client (default: false)
       enabled: true
       # The URL of the LDAP server
       url: ldap://cn=admin,dc=example,dc=org:admin@example.org:389/dc=example,dc=org
       userfilter: (cn=%s) 
       tls:
          certfiles:
          client:
             certfile:
             keyfile:   

       attribute:
          names: ['uid','member']
          converters:
           - name: hf.Revoker
             value: attr('uid') =~ "revoker"
          maps:
             groups:
                - name:
                  value:  

我想注册一个用户并获得证书,以便我可以执行链代码。

4

1 回答 1

0

使用以下示例更改行:

url: ldap://cn=admin,dc=mydomain,dc=example,dc=com:password@localhost:389/dc=mydomain,dc=example,dc=com
于 2019-07-28T21:06:47.507 回答