0

在当前设置中,我有 OpenLDAP 服务器,在该服务器上我手动添加了 eduPerson 模式,我可以从中检索没有任何问题的属性,如 eduPersonPrincipalName、eduPersonPrimaryAffiliation 等。

现在我想用 389 Directory Server 进行测试,据我了解,它预先添加了 eduPerson 模式。问题是,即使我创建了一个具有 eduPerson 属性(如 eduPersonPrincipalName 等)的用户,我也无法检索 eduPerson 模式的任何属性值。因为我们使用 SimpleSAMLphp SSO,所以我需要它。以下是具有多个 eduPerson 属性的用户的搜索示例,但没有显示:

ldapsearch -x -b "cn=John Doe,ou=people,dc=domain,dc=com" -H ldap://127.0.0.1:389

# extended LDIF
#
# LDAPv3
# base <cn=John Doe,ou=people,dc=domain,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# John Doe, people, domain.com
dn: cn=John Doe,ou=people,dc=domain,dc=com
objectClass: eduPerson
objectClass: inetOrgPerson
objectClass: organizationcomPerson
objectClass: person
objectClass: posixAccount
objectClass: top
cn: John Doe
gidNumber: 10000
homeDirectory: /home/user@domain.com
uid: user@domain.com
uidNumber: 10055
description: Authenticated at 2020-04-28 12:27:08.657033
loginShell: /bin/bash
mail: user@domain.com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

谢谢,

编辑: 另一个可能有帮助的例子。下面是一个用户的 ldif 文件:

version: 1

dn: cn=John Doe,ou=people,dc=domain,dc=com
objectClass: eduPerson
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: posixAccount
objectClass: top
cn: John Doe
gidNumber: 10000
homeDirectory: /home/jdoe@domain.com
sn: Doe
uid: jdoe@domain.com
uidNumber: 10057
carLicense: AA123BB
departmentNumber: IT
eduPersonPrimaryAffiliation: employee
eduPersonPrincipalName: jdoe@domain.com
eduPersonScopedAffiliation: employee@domain.com
employeeNumber: 1234567890
givenName: John
initials: JD
loginShell: /bin/bash
mail: jdoe@domain.com
title: Software Developer
userPassword:: e0NSWVBUfSQ2JG1LcDlHUmRUcENBRVZ1ZkUkc0djRkNsalcyWEVoby9FRlNGS
 jhLRXRYR1dmTGFUNXNYUk9BbHFRSHhoWXN4TWlZWEl6SEFCa0U1UzN3cm5uSktMSVAyTlg1d0V5
 YXN1U1laNXJocDA=

当我尝试搜索此用户时,我只获得以下属性:

ldapsearch -x -b "cn=John Doe,ou=people,dc=rash,dc=al" -H ldap://127.0.0.1:389
# extended LDIF
#
# LDAPv3
# base <cn=John Doe,ou=people,dc=rash,dc=al> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# John Doe, people, rash.al
dn: cn=John Doe,ou=people,dc=rash,dc=al
objectClass: eduPerson
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
loginShell: /bin/bash
homeDirectory: /home/jdoe@domain.com
uid: jdoe@domain.com
cn: John Doe
uidNumber: 10057
gidNumber: 10000
mail: jdoe@domain.com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
4

0 回答 0