不允许属性“privateEmail”的等式索引

时间:2017-03-07 14:38:16

标签: openldap

我已将OpenLDAP 2.4安装到CentOS 6服务器上。 添加了自定义属性和架构'myUser':

dn: cn=my,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: my
objectClass: top
olcAttributeTypes: ( 331.332.333.1 NAME 'firstName' DESC 'First name of a person' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
olcAttributeTypes: ( 331.332.333.2 NAME 'privateEmail' DESC 'Private email of a person' SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 X-ORIGIN 'user defined' )
olcAttributeTypes: ( 331.332.333.3 NAME 'userOid' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
olcAttributeTypes: ( 331.332.339.4 NAME 'isTrusted' DESC 'Determines if user is trusted' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
olcAttributeTypes: ( 331.332.333.6 NAME 'gender' DESC 'Person gender (M,F or U)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
olcAttributeTypes: ( 331.332.333.8 NAME 'privatePhone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
olcAttributeTypes: ( 331.332.333.9 NAME 'otpContact' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
olcAttributeTypes: ( 331.332.333.10 NAME 'otpAuthnFlag' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
olcAttributeTypes: ( 331.332.333.11 NAME 'lastName' DESC 'Last name of a person' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.610 NAME 'nsAccountLock' DESC 'Operational attribute for Account Inactivation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcObjectClasses: ( 331.332.333.12 NAME 'myUser' DESC 'user for my entity' SUP top STRUCTURAL MUST ( uid $ isTrusted $ nsAccountLock $ firstName ) MAY ( lastName $ userPassword $ privateEmail $ otpContact $ otpAuthnFlag $ privatePhone $ userOid ) X-ORIGIN 'user defined' )

尝试添加索引并获取错误:

# ldapadd -x -W -D cn=config -f /opt/index.ldif
Enter LDAP Password:
modifying entry "olcDatabase={2}bdb, cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
        additional info: equality index of attribute "privateEmail" disallowed

我的index.ldif:

dn: olcDatabase={2}bdb, cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: privateEmail eq
olcDbIndex: privatePhone eq

1 个答案:

答案 0 :(得分:0)

您使用privateEmail的错误语法OID。您正在使用的是邮政地址,它不支持索引。 See RFC 4517

您应该按照RFC 2798使用1.3.6.1.4.1.1466.115.121.1.26。检查其他人是否理智。

相关问题
最新问题