我正在尝试为用户设置openLDAP以映射hadoop 2.7.1的组,在我定义组或应用过滤器的方式中猜错了。它能够连接到服务器但是抛出无效的DN并返回没有组。
我的LDIF导出 - >
# Entry 1: ou=groups,dc=ubu,dc=com
dn: ou=groups,dc=ubu,dc=com
objectclass: organizationalUnit
objectclass: top
ou: groups
# Entry 2: cn=admin,ou=groups,dc=ubu,dc=com
dn: cn=admin,ou=groups,dc=ubu,dc=com
cn: admin
gidnumber: 500
memberuid: meadmin
objectclass: posixGroup
objectclass: top
# Entry 3: cn=operator,ou=groups,dc=ubu,dc=com
dn: cn=operator,ou=groups,dc=ubu,dc=com
cn: operator
gidnumber: 501
memberuid: meoperator
objectclass: posixGroup
objectclass: top
# Entry 4: cn=user,ou=groups,dc=ubu,dc=com
dn: cn=user,ou=groups,dc=ubu,dc=com
cn: user
gidnumber: 502
memberuid: meuser
memberuid: meuser2
objectclass: posixGroup
objectclass: top
# Entry 5: ou=users,dc=ubu,dc=com
dn: ou=users,dc=ubu,dc=com
objectclass: organizationalUnit
objectclass: top
ou: users
# Entry 6: cn=hadmin1,ou=users,dc=ubu,dc=com
dn: cn=hadmin1,ou=users,dc=ubu,dc=com
cn: hadmin1
gidnumber: 500
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: meadmin
uid: meadmin
uidnumber: 1000
# Entry 7: cn=hoperator1,ou=users,dc=ubu,dc=com
dn: cn=hoperator1,ou=users,dc=ubu,dc=com
cn: hoperator1
gidnumber: 501
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: meoperator
uid: meoperator
uidnumber: 1002
# Entry 8: cn=huser1,ou=users,dc=ubu,dc=com
dn: cn=huser1,ou=users,dc=ubu,dc=com
cn: huser1
gidnumber: 502
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: meuser
uid: meuser
uidnumber: 1001
# Entry 9: cn=tester1,ou=users,dc=ubu,dc=com
dn: cn=tester1,ou=users,dc=ubu,dc=com
cn: tester1
gidnumber: 502
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: meuser2
uid: meuser2
uidnumber: 1003
核心站点ldap映射 - >
<property>
<name>hadoop.security.group.mapping.ldap.search.filter.user</name>
<value>(&(objectClass=inetOrgPerson)(uid={0}))</value>
</property>
<property>
<name>hadoop.security.group.mapping.ldap.search.filter.group</name>
<value>(objectClass=groupOfNames)</value>
</property>
<property>
<name>hadoop.security.group.mapping.ldap.search.attr.member</name>
<value>member</value>
</property>
<property>
<name>hadoop.security.group.mapping.ldap.search.attr.group.name</name>
<value>cn</value>
</property>
我缺少什么?
答案 0 :(得分:0)
请尝试使用filter.group和attr.member的以下替代方法。您对组使用了错误的objectClass,而对成员使用了错误的属性。
<property>
<name>hadoop.security.group.mapping.ldap.search.filter.group</name>
<value>(objectClass=posixGroup)</value>
</property>
<property>
<name>hadoop.security.group.mapping.ldap.search.attr.member</name>
<value>memberuid</value>
</property>