当前位置:网站首页>OpenLDAP自定义schema

OpenLDAP自定义schema

2022-07-17 04:09:00 shibushi114 

attributetype ( 1.3.6.1.4.1.7914.1.2.1.1
	NAME 'userName'
	DESC 'name of the user on the system'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
	SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7914.1.2.1.2
	NAME 'accountIsLocked'
	DESC 'accountIsLocked'
        EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7914.1.2.1.3
	NAME 'accountCreateDate'
	DESC 'accountCreateDate'
	EQUALITY generalizedTimeMatch
	ORDERING generalizedTimeOrderingMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
	SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.7914.1.2.1.4
	NAME 'accountDisabled'
	DESC 'accountDisabled'
        EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7914.1.2.1.5
	NAME 'accountExpireDate'
	DESC 'accountExpireDate'
	EQUALITY generalizedTimeMatch
	ORDERING generalizedTimeOrderingMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
	SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.7914.1.2.1.6
	NAME 'accountIsAdmin'
	DESC 'accountIsAdmin'
        EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7914.1.2.1.7
	NAME 'accountLastLoginDate'
	DESC 'Accountlastlogindate'
	EQUALITY generalizedTimeMatch
	ORDERING generalizedTimeOrderingMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
	SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7914.1.2.1.9
	NAME 'accountCreator'
	DESC 'Creator'
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
	SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7914.1.2.1.10
	NAME 'accountid'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
	SINGLE-VALUE )

objectclass ( 1.3.6.1.4.1.7914.1.2.2.1 NAME 'rbacUser'
	DESC 'rbac User'
	SUP top AUXILIARY
	MUST ( userName $ accountid )
	MAY ( accountExpireDate $ accountIsLocked $ accountCreateDate $ accountDisabled $ accountIsAdmin $ Accountlastlogindate $ accountCreator )
	)

在/etc/openldap/schema目录增加,然后 重新生成

slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/

ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f  refint1.ldif
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f  refint2.ldif


ldapadd -Q -Y EXTERNAL -H ldapi:/// -f add_module_group.ldif
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f add_group_objectClass.ldif


ldapsearch -x -LLL -H ldap:/// -b uid=yanfh,ou=people,dc=kindo,dc=com,dc=cn memberof


ldapadd -Q -Y EXTERNAL -H ldapi:/// -f test.ldif



ldapadd -D "cn=admin,dc=kindo,dc=com,dc=cn" -W -x -f jirauser.ldif


slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
chown -R ldap:ldap /etc/openldap/slapd.d && chmod -R 700 /etc/openldap/slapd.d

原网站

版权声明
本文为[shibushi114]所创,转载请带上原文链接,感谢
https://blog.csdn.net/shibushi114/article/details/125784433

边栏推荐

猜你喜欢

随机推荐