覆盖成员的Openldap成员 - 属性不起作用。为什么?

时间:2015-02-20 21:44:45

标签: openldap memberof

我使用的是CentOs 6.x 64位版本,我尝试在openldap中设置overlayof成员的memberof属性,但它似乎没有工作。我确定这是我正在做的事情,但我还没找到原因。

我的备份ldif的片段如下所示:

dn: dc=two,dc=example,dc=com
description: Example.Com, your trusted non-existent corporation.
dc: two
o: Two.Example.Com
objectClass: top
objectClass: dcObject
objectClass: organization
structuralObjectClass: organization
entryUUID: db07fc76-375c-1034-9316-31842acd382b
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150123150421Z
entryCSN: 20150123150421.520657Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150123150421Z

dn: ou=Users,dc=two,dc=example,dc=com
ou: Users
description: Two.Example.Com Users
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: db0fb5ba-375c-1034-9317-31842acd382b
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150123150421Z
entryCSN: 20150123150421.571271Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150123150421Z

dn: ou=Groups,dc=two,dc=example,dc=com
ou: Groups
description: Two.Example.Com Groups
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: db13850a-375c-1034-9318-31842acd382b
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150123150421Z
entryCSN: 20150123150421.596246Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150123150421Z

dn: ou=System,dc=two,dc=example,dc=com
ou: System
description: Special accounts usedd by software applications.
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: db161c5c-375c-1034-9319-31842acd382b
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150123150421Z
entryCSN: 20150123150421.613008Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150123150421Z

dn: uid=matt2,ou=Users,dc=two,dc=example,dc=com
ou: Users
cn: Matt2 Butcher
sn: Butcher
givenName: Matt2
givenName: Matthew2
displayName: Matt2 Butcher
title: Systems Integrator
description: Systems Integration and IT for Example.Com
employeeType: Employee
departmentNumber: 001
employeeNumber: 001-08-98
mail: mbutcher2@ two.example.com
mail: matt2@ two.example.com
roomNumber: 301
telephoneNumber: + 1 555 555 4321
mobile: + 1 555 555 6789
st: Illinois
l: Chicago
street: 1234 Cicero Ave.
homePhone: + 1 555 555 9876
homePostalAddress: 1234 home street $ Chicago, IL $ 60699-1234
preferredLanguage: en-us, en-gb
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
uid: matt2
entryUUID: db1758d8-375c-1034-931a-31842acd382b
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150123150421Z
userPassword:: c2VjcmV0Mg==
entryCSN: 20150212215925.305826Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150212215925Z

dn: uid=barbara2,ou=Users,dc=two,dc=example,dc=com
ou: Users
uid: barbara2
sn: Jensen
cn: Barbara2 Jensen
givenName: Barbara
displayName: Barbara2 Jensen
mail: barbara@ two.example.com
userPassword:: c2VjcmV0Mg==
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
entryUUID: db1b2904-375c-1034-931b-31842acd382b
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150123150421Z
entryCSN: 20150123150421.646304Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150123150421Z

dn: cn=LDAP Admins,ou=Groups,dc=two,dc=example,dc=com
cn: LDAP Admins
ou: Groups
description: Users who are LDAP administrators
uniqueMember: uid=barbara2,ou=Users,dc=two,dc=example,dc=com
uniqueMember: uid=matt2,ou=Users,dc=two,dc=example,dc=com
objectClass: groupOfUniqueNames
structuralObjectClass: groupOfUniqueNames
entryUUID: db1c6a26-375c-1034-931c-31842acd382b
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150123150421Z
entryCSN: 20150212205145.765939Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150212205145Z

dn: uid=authenticate,ou=System,dc=two,dc=example,dc=com
uid: authenticate
ou: System
description: Special account for authenticating users
userPassword:: c2VjcmV0Mg==
objectClass: account
objectClass: simpleSecurityObject
structuralObjectClass: account
entryUUID: db1dbbe2-375c-1034-931d-31842acd382b
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150123150421Z
entryCSN: 20150123150421.663007Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150123150421Z

dn: cn=PentahoAdmin,dc=two,dc=example,dc=com
cn: PentahoAdmin
description: PentahoAdmin Group
objectClass: groupOfUniqueNames
structuralObjectClass: groupOfUniqueNames
entryUUID: a2b8ea68-45aa-1034-9bad-9b580235c5b1
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150210195624Z
uniqueMember: uid=barbara2,ou=Users,dc=two,dc=example,dc=com
entryCSN: 20150212205241.018162Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150212205241Z

dn: cn=PentahoPowerUser,dc=two,dc=example,dc=com
cn: PentahoPowerUser
description: PentahoPowerUser Group
objectClass: groupOfUniqueNames
structuralObjectClass: groupOfUniqueNames
entryUUID: a2bd52f6-45aa-1034-9bae-9b580235c5b1
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150210195624Z
uniqueMember: uid=matt2,ou=Users,dc=two,dc=example,dc=com
entryCSN: 20150212205232.847745Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150212205232Z

dn: cn=PentahoUser,dc=two,dc=example,dc=com
cn: PentahoUser
uniqueMember: uid=barbara2,ou=Users,dc=two,dc=example,dc=com
uniqueMember: uid=matt2,ou=Users,dc=two,dc=example,dc=com
uniqueMember: uid=test1,ou=People,dc=two,dc=example,dc=com
description: PentahoUser Group
objectClass: groupOfUniqueNames
structuralObjectClass: groupOfUniqueNames
entryUUID: a2be5214-45aa-1034-9baf-9b580235c5b1
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150210195624Z
entryCSN: 20150220200228.971207Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150220200228Z

dn: ou=Group,dc=two,dc=example,dc=com
objectClass: organizationalUnit
ou: Group
structuralObjectClass: organizationalUnit
entryUUID: 5f75e188-480d-1034-84d8-d19f432d9181
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150213204813Z
entryCSN: 20150213204813.728965Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150213204813Z

dn: ou=People,dc=two,dc=example,dc=com
objectClass: organizationalUnit
ou: People
structuralObjectClass: organizationalUnit
entryUUID: 5f79f37c-480d-1034-84d9-d19f432d9181
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150213204813Z
entryCSN: 20150213204813.755642Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150213204813Z

dn: uid=test1,ou=People,dc=two,dc=example,dc=com
objectClass: account
uid: test1
structuralObjectClass: account
entryUUID: 5f7af9e8-480d-1034-84da-d19f432d9181
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150213204813Z
entryCSN: 20150213204813.762359Z#000000#000#000000
modifyTimestamp: 20150213204813Z
memberOf: cn=testgroup,ou=Group,dc=two,dc=example,dc=com
memberOf: cn=PentahoUser,dc=two,dc=example,dc=com
modifiersName: cn=Manager,dc=two,dc=example,dc=com

dn: cn=testgroup,ou=Group,dc=two,dc=example,dc=com
objectClass: groupOfNames
cn: testgroup
structuralObjectClass: groupOfNames
entryUUID: 5f7c3fce-480d-1034-84db-d19f432d9181
creatorsName: cn=Manager,dc=two,dc=example,dc=com
createTimestamp: 20150213204813Z
member: uid=test1,ou=People,dc=two,dc=example,dc=com
entryCSN: 20150213213917.067904Z#000000#000#000000
modifiersName: cn=Manager,dc=two,dc=example,dc=com
modifyTimestamp: 20150213213917Z

我的slapd.conf代码段如下所示:

##########################
# Database Configuration #
##########################
database hdb
suffix "dc=two,dc=example,dc=com"
rootdn "cn=Manager,dc=two,dc=example,dc=com"
rootpw secret2
directory /var/lib/ldap
# directory /usr/local/var/openldap-data
index objectClass,cn eq

overlay memberof

memberof-group-oc groupOfUniqueNames
memberof-member-ad uniqueMember
memberof-refint true

当我为uid = test1执行ldapsearch并请求memberOf属性时,它返回两个组。但是,当我对uid = barbara2执行相同的搜索时,却没有'什么都归还。

我做错了什么?为什么看起来我的slapd.conf中的memberof属性被忽略了?

1 个答案:

答案 0 :(得分:0)

仅为新条目或安装后执行的更新维护该属性。它对现有条目没有任何作用。如果你想要那些工作,你将不得不转储并重新加载DIT。