我首先在debian上重新安装openldap 2.4.28。 他们是debian软件包的一些问题,并与gnuTLS,所以我编译与opennSSL库的版本。
官方文档很难理解如何使用openLDAP的新的cn = configpipe理从头开始安装。 所以,我使用以下命令首次启动openLDAP时,从slapd.conf转换为cn = config:
/usr/local/libexec/slapd -u openldap -g openldap -f slapd.conf.seb -F /usr/local/etc/openldap/slapd.d/ -d -1 我的slapd.conf.seb等于:
include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/openldap.schema include /usr/local/etc/openldap/schema/misc.schema include /usr/local/etc/openldap/schema/ppolicy.schema include /usr/local/etc/openldap/schema/gosa/samba3.schema include /usr/local/etc/openldap/schema/gosa/trust.schema include /usr/local/etc/openldap/schema/gosa/gofax.schema include /usr/local/etc/openldap/schema/gosa/gofon.schema include /usr/local/etc/openldap/schema/gosa/gosystem.schema include /usr/local/etc/openldap/schema/gosa/goto-mime.schema include /usr/local/etc/openldap/schema/gosa/goto.schema include /usr/local/etc/openldap/schema/gosa/goserver.schema include /usr/local/etc/openldap/schema/gosa/gosa-samba3.schema include /usr/local/etc/openldap/schema/gosa/openssh-lpk.schema include /usr/local/etc/openldap/schema/gosa/dnszone.schema include /usr/local/etc/openldap/schema/gosa/nagios.schema include /usr/local/etc/openldap/schema/gosa/dhcp.schema include /usr/local/etc/openldap/schema/gosa/sudo.schema pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args database bdb suffix "dc=parisgeo,dc=cnrs,dc=fr" rootdn "cn=admin,cn=config,dc=parisgeo,dc=cnrs,dc=fr" rootpw {SSHA} secret directory /srv/openldap-data index objectClass eq
我对这个简单的转换没有任何问题,但在此之后,使用此命令ldapadd或ldapmodify导入数据是不可能的。
我不明白默认权限的读/写openLDAP,我尝试与ldapmodify,绑定和密码,我有同样的问题:
root@xxxx:/usr/local/etc/openldap# ldapadd -x -D "cn=admin,cn=config,dc=parisgeo,dc=cnrs,dc=fr" -W -f sauvegarde.ldif Enter LDAP Password: xxx adding new entry "cn=admin,dc=parisgeo,dc=cnrs,dc=fr" ldap_add: Constraint violation (19) additional info: structuralObjectClass: no user modification allowed
我尝试修改这个示例的cn = config的权利:
dn: olcDatabase={-1}frontend,cn=config changetype: modify delete: olcAccess dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootDN olcRootDN: cn=admin,cn=config dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: {SSHA} secret dn: olcDatabase={0}config,cn=config changetype: modify delete: olcAccess ldapadd -Y EXTERNAL -H ldapi:/// -f slapd.modify.root.ldif
同样的问题,我没有权限,有或没有选项密码input-W或绑定选项-D“cn =configuration,cn =pipe理员,dc =巴黎,dc = cnrs,dc = fr”
root@xxxx:/usr/local/etc/openldap# ldapadd -Y EXTERNAL -H ldapi:/// -f slapd.modify.root.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "olcDatabase={-1}frontend,cn=config" ldap_modify: Insufficient access (50) root@xxxx:/usr/local/etc/openldap# ldapadd -x -W -H ldapi:/// -f slapd.modify.root.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) root@xxxxx:/usr/local/etc/openldap# ldapadd -D "cn=config,cn=admin,dc=parisgeo,dc=cnrs,dc=fr" -W -Y EXTERNAL -H ldapi:/// -f slapd.modify.root.ldif Enter LDAP Password: SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "olcDatabase={-1}frontend,cn=config" ldap_modify: Insufficient access (50)
你从头开始安装这个解决scheme的想法吗?
我明白我的错误,我们需要在转换之前将这三行添加到slapd.conf中:
database config rootdn "cn=admin,cn=config" rootpw {SSHA} secret
转换之后,我们可以testing一下:
ldapwhoami -x -D cn=config -W