我试图在centOS 6.6上配置OPENLDAP,我已经通过yum安装程序安装了它,并下载了OPENLDAP服务器OPENLDAP客户端OPENLDAP的2.4.39-8版本。
我在
http://www.thegeekstuff.com/2015/01/openldap-linux/
http://dopensource.com/openldapforlinuxauth/
我继续输入slappasswd添加了一个密码,它给了我一个olcRootPW:{SSHA},我在/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif下添加了这个密码
我也改变了
olcsuffix:dc=my domain,dc=com到olcsuffix:dc=mycompanyname,dc=com
olcRootDN:cn=Manager,dc=my domain,dc=com到olcRootDN:cn=Manager,dc=mycompanyname,dc=com
我运行ldaptest-u来测试连接,但它给出了以下错误:
5577050f ldif_read_file:“/etc/openldap/slapd.d/cn=config.ldif”上的校验和错误
5577050f str2条目:条目-1没有dn
slaptest:配置文件错误!
我在谷歌上搜索了上述错误,但运气不佳。
Below are my cn=config.ldif and my olcDatabase={2}bdb.ldif
/etc/openldap/slapd.d/cn=cconfig.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 3db96e4e
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: /usr/share/openldap-servers/slapd.conf.obsolete
olcConfigDir: /etc/openldap/slapd.d
olcAllows: bind_v2
olcArgsFile: /var/run/openldap/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcIndexIntLen: 4
olcListenerThreads: 1
olcLocalSSF: 71
olcLogLevel: 0
olcPidFile: /var/run/openldap/slapd.pid
olcReadOnly: FALSE
olcReverseLookup: FALSE
olcSaslSecProps: noplain,noanonymous
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTLSCACertificatePath: /etc/openldap/certs
olcTLSCertificateFile: "OpenLDAP Server"
olcTLSCertificateKeyFile: /etc/openldap/certs/password
olcTLSVerifyClient: never
olcTLSProtocolMin: 0.0
olcToolThreads: 1
olcWriteTimeout: 0
structuralObjectClass: olcGlobal
entryUUID: 9b0553c8-9ffb-1034-96cd-7ddcc9b7a61f
creatorsName: cn=config
createTimestamp: 20150605182245Z
entryCSN: 20150605182245.037496Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150605182245Z
and my /etc/openldap/slapd/cn=config/olcDatabase={2}bdb.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 b7acf931
dn: olcDatabase={2}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {2}bdb
olcSuffix: dc=mycompany,dc=com
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=Manager,dc=mycompany,dc=com
olcRootPW: {SSHA}XIThNMsDcLUdHPBsVQcr6P6Qn8lDr+9B
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap
olcDbCacheSize: 1000
olcDbCheckpoint: 1024 15
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass pres,eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq,sub
olcDbIndex: uidNumber pres,eq
olcDbIndex: gidNumber pres,eq
olcDbIndex: ou pres,eq,sub
olcDbIndex: mail pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbIndex: memberUid pres,eq,sub
olcDbIndex: loginShell pres,eq
olcDbIndex: nisMapName pres,eq,sub
olcDbIndex: nisMapEntry pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: 9b06a840-9ffb-1034-96de-7ddcc9b7a61f
creatorsName: cn=config
createTimestamp: 20150605182245Z
entryCSN: 20150605182245.037496Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150605182245Z
olcAccess: {0}to attrs=userPassword by self write by dn.base="cn=Manager,dc=mycompany,dc=com" write by anonymous auth by * none
olcAccess: {1}to * by dn.base="cn=Manager,dc=mycompany,dc=com" write by self write by * read
最佳答案
如果您发现以下说明要求您手动修改以开头的文件:
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
考虑到你可能正在寻找一条不太理想的路径。
CentOS 6上的默认openldap安装包含以下ACL,定义见
slapd.d/cn=config/olcDatabase={0}config.ldif:olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,
cn=auth" manage by * none
olcAddContentAcl: TRUE
这允许您使用外部身份验证访问
cn=config,而不使用UID 0(“root”)作为密码。看起来像是:ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config"
通过这种访问,您可以做几乎所有需要做的事情,包括修改目录树的后缀和根dn。在
access.ldif中输入以下内容:dn: olcDatabase={2}bdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=mycompanyname,dc=com
-
replace: olcRootDN
olcRootDN: cn=manager,dc=mycompanyname,dc=com
-
replace: olcRootPW
olcRootPW: {SSHA}ZvsONlpgNnLlAqKDRQBFup/W+0/LXm5q
然后使用它修改配置:
# ldapmodify -Y EXTERNAL -H ldapi:/// -f access.ldif
现在您已经修改了目录后缀和密码,可以在
toplevel.ldif中输入以下内容:dn: dc=mycompanyname,dc=com
objectclass: dcObject
objectclass: organization
dc: mycompanyname
o: my company name
然后添加:
# ldapadd -D cn=manager,dc=mycompanyname,dc=com -w admin -f toplevel.ldif
adding new entry "dc=mycompanyname,dc=com"
现在你可以搜索它:
# ldapsearch -x -b dc=mycompanyname,dc=com
# extended LDIF
#
# LDAPv3
# base <dc=mycompanyname,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# mycompanyname.com
dn: dc=mycompanyname,dc=com
objectClass: dcObject
objectClass: organization
dc: mycompanyname
o: my company name
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
关于linux - OpenLDAP错误:条目-1没有dn Slaptest将不起作用,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/30741095/