方式(ldapsearch,getenv passwd,java API)无法搜索uidNumber,但已在Microsoft AD中进行了设置

时间:2018-08-18 13:06:17

标签: active-directory ldap pam

我做了很多尝试,几乎看到了使用nslcd通过纯LDAP(pam_ldap)针对MS Active Directory登录Linux(CENT OS 6)的希望。问题是标题。信息如下。

  1. 我以调试模式nslcd -d运行nslcd。然后,我以用户ricky登录,但失败了。 nslcd的错误是
nslcd: [334873] DEBUG:
ldap_simple_bind_s("CN=ricky,CN=Users,DC=kelamayi,DC=com","***")
(uri="ldap://192.168.0.82:3268")
nslcd: [334873] ***passwd entry CN=ricky,CN=Users,DC=kelamayi,DC=com 
does not contain uidNumber value***
nslcd: [334873] DEBUG: ldap_result(): end of result

当我使用命令 getent passwd 8888 / ldapsearch或java API(Apache Directory Studio)时,得到相同的错误/消息/结果,即 uidNumber /搜索。以下是目标Linux服务器中ldapsearch的输出。您可以看到结果没有返回uidNUmber和gidNumber。用户是posixAccount 

ldapsearch -x -H ldap://192.168.0.82:3268 -D "CN=ricky,CN=Users,DC=kelamayi,DC=com" -b "CN=Users,DC=kelamayi,DC=com" -W sAMAccountName=ricky

dn: CN=ricky,CN=Users,DC=kelamayi,DC=com
objectClass: top
**objectClass: posixAccount**
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: ricky
sn: ricky
distinguishedName: CN=ricky,CN=Users,DC=kelamayi,DC=com
instanceType: 4
whenCreated: 20180817065146.0Z
whenChanged: 20180818120211.0Z
displayName: ricky
uSNCreated: 12923
memberOf: CN=unixgrp,DC=kelamayi,DC=com
memberOf: CN=Domain Admins,CN=Users,DC=kelamayi,DC=com
uSNChanged: 20561
name: ricky
objectGUID:: 4LUI5gIJoUGi3E/FAOzCwg==
userAccountControl: 66048
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAkBu6Z6KeddWjPO/ceAQAAA==
sAMAccountName: ricky
sAMAccountType: 805306368
userPrincipalName: ricky@kelamayi.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=kelamayi,DC=com
dSCorePropagationData: 20180817082734.0Z
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 131789626301116683
  1. 我在Windows Server 2012 R2的AD中设置了uidNumber和gidNumber,可以通过Windows命令对其进行搜索。
PS C:\Users\Administrator> Get-ADUser –Identity ricky -Properties uidNumber, gidNumber
DistinguishedName : CN=ricky,CN=Users,DC=kelamayi,DC=com
Enabled           : True
gidNumber         : 9999
GivenName         :
Name              : ricky
ObjectClass       : user
ObjectGUID        : e608b5e0-0902-41a1-a2dc-4fc500ecc2c2
SamAccountName    : ricky
SID               : S-1-5-21-1740250000-3581255330-3706666147-1144
Surname           : ricky
uidNumber         : 8888
UserPrincipalName : ricky@kelamayi.com

这使我认为这可能是广告方面的问题...但是仍在寻找原因。

0 个答案:

没有答案
相关问题
最新问题