我在设置 Fabric-ca 以使用 OpenLdap 时遇到问题。我使用的命令是:
fabric-ca-client enroll -u http://admin:admin@localhost:7054
Fabric-CA 服务器端:
Error: [INFO] 127.0.0.1:36228 POST /enroll 401 23 "Failed to get user: LDAP search failure; search request: &{BaseDN:dc=example,dc=org Scope:2 DerefAliases:0 SizeLimit:0 TimeLimit:0 TypesOnly:false Filter:(cn=admin) Attributes:[uid member] Controls:[]}: LDAP Result Code 201 "": ldap: finished compiling filter with extra at end: "
OpenLDAP 端:
5c5abff7 conn=1052 fd=12 ACCEPT from IP=10.0.0.34:47132 (IP=0.0.0.0:389)
5c5abff7 conn=1052 op=0 BIND dn="cn=admin,dc=example,dc=org" method=128
5c5abff7 conn=1052 op=0 BIND dn="cn=admin,dc=example,dc=org" mech=SIMPLE ssf=0
5c5abff7 conn=1052 op=0 RESULT tag=97 err=0 text=
5c5abff7 conn=1052 fd=12 closed (connection lost)
我正在使用fabric-ca 服务器v1.4.0。我一直在尝试更改 userfilter 和我的 OpenLdap 架构,但似乎没有任何效果。
version: 1.4.0
# Server's listening port (default: 7054)
port: 7054
# Enables debug logging (default: false)
debug: true
# Size limit of an acceptable CRL in bytes (default: 512000)
crlsizelimit: 512000
#############################################################################
# LDAP section
# If LDAP is enabled, the fabric-ca-server calls LDAP to:
# 1) authenticate enrollment ID and secret (i.e. username and password)
# for enrollment requests;
# 2) To retrieve identity attributes
#############################################################################
ldap:
# Enables or disables the LDAP client (default: false)
enabled: true
# The URL of the LDAP server
url: ldap://cn=admin,dc=example,dc=org:admin@example.org:389/dc=example,dc=org
userfilter: (cn=%s)
tls:
certfiles:
client:
certfile:
keyfile:
attribute:
names: ['uid','member']
converters:
- name: hf.Revoker
value: attr('uid') =~ "revoker"
maps:
groups:
- name:
value:
我想注册一个用户并获得证书,以便我可以执行链代码。