打开LDAP - changetype:属性类型undefined

时间:2016-11-16 14:10:02

标签: openldap

我正在尝试使用OpenLDAP建立用户帐户锁定方案但我在运行ldapmodify命令时看到以下错误:

C:\OpenLDAP\ClientTools>ldapmodify.exe -a -x -D dc=maxcrc,dc=com -w secret -f c:\OpenLDAP\ldifdata\usersNames.ldif
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 628
ldap_prepare_socket: 628
ldap_connect_to_host: Trying ::1 389
ldap_pvt_connect: fd: 628 tm: -1 async: 0
attempting to connect:
connect success
adding new entry "uid=LDAPadmin5,ou=users,dc=maxcrc,dc=com"
ldap_add: Undefined attribute type (17)
        additional info: changetype: attribute type undefined

以下是policy,slapd.conf和usersNames.ldif文件的内容

Policies3.ldif:

dn: ou=Policies3,dc=maxcrc,dc=com
ou: Policies1
objectClass: organizationalUnit

dn: cn=passwordDefault,ou=Policies3,dc=maxcrc,dc=com
objectClass: pwdPolicy
objectClass: person
objectClass: top
cn: passwordDefault
sn: passwordDefault
pwdAttribute: userPassword
pwdCheckQuality: 0
pwdMinAge: 0
pwdMaxAge: 0
pwdMinLength: 8
pwdInHistory: 5
pwdMaxFailure: 3
pwdFailureCountInterval: 0
pwdLockout: TRUE
pwdLockoutDuration: 0
pwdAllowUserChange: TRUE
pwdExpireWarning: 0
pwdGraceAuthNLimit: 0
pwdMustChange: FALSE
pwdSafeModify: FALSE

dn: cn=passwordDefault,ou=Policies3,dc=maxcrc,dc=com
objectClass: pwdPolicy
objectClass: person
objectClass: top
cn: default
pwdMaxAge: 2592000
pwdExpireWarning: 3600
#pwdInHistory: 0
#pwdCheckQuality: 0
pwdMaxFailure: 5
pwdLockout: TRUE
#pwdLockoutDuration: 0
#pwdGraceAuthNLimit: 0
#pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdMinLength: 6
#pwdAllowUserChange: TRUE
pwdSafeModify: FALSE

与此政策相关的slapd.conf条目:

include ./schema/ppolicy.schema
moduleload ppolicy.la

#-- Load overlay
overlay ppolicy
ppolicy_default "cn=passwordDefault,ou=Policies3,dc=maxcrc,dc=com"

usersNames.ldif:

dn:uid=LDAPadmin5,ou=users,dc=maxcrc,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: LDAPadmin5
ou: LDAPadmin5
sn: LDAPadmin5
uid: LDAPadmin5    
userPassword:LDAPadmin5
changetype: modify
add: pwdPolicySubentry
pwdPolicySubentry: "cn=passwordDefault,ou=Policies2,dc=maxcrc,dc=com"
memberOf:cn=group7,ou=groups,dc=maxcrc,dc=com
memberOf:cn=group8,ou=groups,dc=maxcrc,dc=com

在openldap资源管理器中可以看到Policies3条目,但无法看到属性" pwdLockout"在它下面。并且LDAPadmin5用户已存在于系统中。

1 个答案:

答案 0 :(得分:0)

    pwdPolicySubentry: "cn=passwordDefault,ou=Policies2,dc=maxcrc,dc=com"

错字。您有Policies2:肯定是Policies3

但是,您无需将pwdPolicySubentry设置为默认值。这已经是默认值了。 : - |

注意,习惯使用device作为objectClass的{​​{1}},而非pwdPolicy。它不是一个人。

不清楚为什么person在LDIF中出现两次。

相关问题
最新问题