我正在尝试在Oracle Linux 7上安装slapd,并且正在遵循关于configurationLDAP服务器的Oracle®LinuxAdministrator Guide for Release 7一节 。 当我到第7步,导入configurationldif,我得到的错误:
SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "olcDatabase=hdb,cn=config" ldap_add: Other (eg, implementation specific) error (80) additional info: <olcAccess> handler exited with 1 当我在debugging模式下运行slapd:
/usr/sbin/slapd -u ldap -h "ldapi:/// ldap:/// ldaps:///" -d 255
我看到以下错误,指示attr shadowLastChange是未知的。
58daa3a6 <<< dnPrettyNormal: <dc=ams,dc=sim,dc=mil>, <dc=ams,dc=sim,dc=mil> 58daa3a6 slapd: line 0: unknown attr "shadowLastChange" in to clause 58daa3a6 <access clause> ::= access to <what> [ by <who> [ <access> ] [ <control> ] ]+ <what> ::= * | dn[.<dnstyle>=<DN>] [filter=<filter>] [attrs=<attrspec>] <attrspec> ::= <attrname> [val[/<matchingRule>][.<attrstyle>]=<value>] | <attrlist> <attrlist> ::= <attr> [ , <attrlist> ] <attr> ::= <attrname> | @<objectClass> | !<objectClass> | entry | children <who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ] [ realanonymous | realusers | realself | realdn[.<dnstyle>]=<DN> ] [dnattr=<attrname>] [realdnattr=<attrname>] [group[/<objectclass>[/<attrname>]][.<style>]=<group>] [peername[.<peernamestyle>]=<peer>] [sockname[.<style>]=<name>] [domain[.<domainstyle>]=<domain>] [sockurl[.<style>]=<url>] [dynacl/<name>[/<options>][.<dynstyle>][=<pattern>]] [ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>] <style> ::= exact | regex | base(Object) <dnstyle> ::= base(Object) | one(level) | sub(tree) | children | exact | regex <attrstyle> ::= exact | regex | base(Object) | one(level) | sub(tree) | children <peernamestyle> ::= exact | regex | ip | ipv6 | path <domainstyle> ::= exact | regex | base(Object) | sub(tree) <access> ::= [[real]self]{<level>|<priv>} <level> ::= none|disclose|auth|compare|search|read|{write|add|delete}|manage <priv> ::= {=|+|-}{0|d|x|c|s|r|{w|a|z}|m}+ <control> ::= [ stop | continue | break ] dynacl: <name>=ACI <pattern>=<attrname> 58daa3a6 olcAccess: value #0: <olcAccess> handler exited with 1!
如果我采取行:
olcAccess: to attrs=shadowLastChange by self write by * read
它可以工作,但我想知道系统是否坏了。 当我在/etc/openldap查找shadowLastChange时,我发现它存在于nis.ldif和nis.schema 。
$ grep -rn shadowLastChange /etc/openldap/ /etc/openldap/schema/nis.ldif:36:olcAttributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ /etc/openldap/schema/nis.ldif:89: $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive /etc/openldap/schema/nis.schema:65:attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' /etc/openldap/schema/nis.schema:171: MAY ( userPassword $ shadowLastChange $ shadowMin $
为什么shadowLastChange未知? 在configurationslapd以validation用户身份的path上,我需要做些什么来解决这个问题?
看起来像shadowLastChange还不是你的服务器模式的一部分,因为它不会显示在/etc/openldap/slapd.d/cn=config/cn=schema/cn={x}nis.ldif 。
你忘了添加build议的行到你的ldif?
include file:///etc/openldap/schema/cosine.ldif include file:///etc/openldap/schema/nis.ldif include file:///etc/openldap/schema/inetorgperson.ldif
有关configurationLDAP服务器的第7版的Oracle®LinuxAdministrator指南,用户可以在步骤7中创build一个LDIF文件。
# Load the schema files required for accounts include file:///etc/openldap/schema/cosine.ldif include file:///etc/openldap/schema/nis.ldif include file:///etc/openldap/schema/inetorgperson.ldif # Load the HDB (hierarchical database) backend modules dn: cn=module,cn=config objectClass: olcModuleList
如LDIF的OpenLDAP手册页所示, include的语法要求后跟一个冒号。 添加冒号产生以下内容,当在第8步中执行时,shadowLastChange将作为属性存在。
# Load the schema files required for accounts include: file:///etc/openldap/schema/cosine.ldif include: file:///etc/openldap/schema/nis.ldif include: file:///etc/openldap/schema/inetorgperson.ldif # Load the HDB (hierarchical database) backend modules dn: cn=module,cn=config objectClass: olcModuleList