将 OpenLDAP 移动到新服务器 - 出现 olcBackend 错误

将 OpenLDAP 移动到新服务器 - 出现 olcBackend 错误

我终于从 RHEL 7 迁移到 8。我安装了新的 8.6,并编译了 OpenLDAP 2.5.13 并完成了基本设置。当我从现有 OpenLDAP 实例迁移时,我在旧服务器上导出了 LDAP 设置。这个新的 OpenLDAP 使用 mdb 而不是 hdb,因此我更改了导出的 ldif 文件中的所有实例。

我已经删除了 /etc/openldap/slapd.d/ 中的所有内容。当我跑步时 slapadd -n 0 -F /etc/openldap/slapd.d -l configbackup.conf -d 64 我得到这个

config_back_db_open: No explicit ACL for back-config configured. Using hardcoded default
olcBackend: value #0: <olcBackend> failed init (mdb)!
slapadd: could not add entry dn="olcBackend={0}mdb,cn=config" (line=609): <olcBackend> failed init

以下是 configbackup.conf 的内容:

dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/openldap/slapd.args
olcPidFile: /var/run/openldap/slapd.pid
olcTLSCACertificatePath: /etc/openldap/certs
olcTLSCertificateFile: /etc/openldap/certs/1d40117d24e9b169.pem
olcTLSCertificateKeyFile: /etc/openldap/certs/yln.key
olcToolThreads: 1
structuralObjectClass: olcGlobal
entryUUID: 940013a0-3521-1034-9ed9-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
olcLogLevel: 0
entryCSN: 20220824150941.487221Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20220824150941Z

dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
structuralObjectClass: olcSchemaConfig
entryUUID: 94003cfe-3521-1034-9edc-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.719049Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

dn: cn={0}core,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {0}core
olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: k
 nowledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.
 121.1.15{32768} )

<following olcAttributeTypes deleted to fit character limit>

olcObjectClasses: {0}( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP
 top STRUCTURAL MUST c MAY ( searchGuide $ description ) )
olcObjectClasses: {1}( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SU
 P top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ descriptio
 n ) )
olcObjectClasses: {2}( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an organiz
 ation' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso
  $ businessCategory $ x121Address $ registeredAddress $ destinationIndicato
 r $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ tel
 ephoneNumber $ internationaliSDNNumber $  facsimileTelephoneNumber $ street
  $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName
 $ st $ l $ description ) )
olcObjectClasses: {3}( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an o
 rganizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchG
 uide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ desti
 nationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalId
 entifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNu
 mber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDelive
 ryOfficeName $ st $ l $ description ) )
olcObjectClasses: {4}( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP to
 p STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAls
 o $ description ) )
olcObjectClasses: {5}( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an
  organizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ r
 egisteredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNu
 mber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumbe
 r $  facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ posta
 lAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
olcObjectClasses: {6}( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an o
 rganizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ register
 edAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
 teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ fac
 simileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $
 street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOffic
 eName $ ou $ st $ l $ description ) )
olcObjectClasses: {7}( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of
  names (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategor
 y $ seeAlso $ owner $ ou $ o $ description ) )
olcObjectClasses: {8}( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an r
 esidential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x1
 21Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMet
 hod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internati
 onaliSDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ stree
 t $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName
  $ st $ l ) )
olcObjectClasses: {9}( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an
 application process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ de
 scription ) )
olcObjectClasses: {10}( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an
 application entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MA
 Y ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) )
olcObjectClasses: {11}( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory syste
 m agent (a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformati
 on )
olcObjectClasses: {12}( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP
 top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $
 description ) )
olcObjectClasses: {13}( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC22
 56: a strong authentication user' SUP top AUXILIARY MUST userCertificate )
olcObjectClasses: {14}( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256
 : a certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList
  $ certificateRevocationList $ cACertificate ) MAY crossCertificatePair )
olcObjectClasses: {15}( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a
 group of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST (
  uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ de
 scription ) )
olcObjectClasses: {16}( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC225
 6: a user security information' SUP top AUXILIARY MAY ( supportedAlgorithms
  ) )
olcObjectClasses: {17}( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP cert
 ificationAuthority AUXILIARY MAY ( deltaRevocationList ) )
olcObjectClasses: {18}( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTU
 RAL MUST ( cn ) MAY ( certificateRevocationList $ authorityRevocationList $
  deltaRevocationList ) )
olcObjectClasses: {19}( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdNam
 e ) MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Add
 ress $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $
  telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationali
 SDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode
 $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
olcObjectClasses: {20}( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' S
 UP top AUXILIARY MAY userCertificate )
olcObjectClasses: {21}( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate
  authority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRe
 vocationList $ cACertificate $ crossCertificatePair ) )
olcObjectClasses: {22}( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SU
 P top AUXILIARY MAY deltaRevocationList )
olcObjectClasses: {23}( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'R
 FC2079: object that contains the URI attribute type' MAY ( labeledURI ) SUP
  top AUXILIARY )
olcObjectClasses: {24}( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObjec
 t' DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPasswo
 rd )
olcObjectClasses: {25}( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247:
 domain component object' SUP top AUXILIARY MUST dc )
olcObjectClasses: {26}( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid ob
 ject' SUP top AUXILIARY MUST uid )
structuralObjectClass: olcSchemaConfig
entryUUID: 94005928-3521-1034-9edd-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.719768Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

dn: cn={1}cosine,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {1}cosine
olcAttributeTypes: {0}( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress
 ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.
 4.1.1466.115.121.1.15{256} )

<following olcAttributeTypes deleted to fit character limit>

olcObjectClasses: {0}( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPi
 lotPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rf
 c822Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber
  $ homePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod
 $ businessCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $
 pagerTelephoneNumber $ organizationalStatus $ mailPreferenceOption $ person
 alSignature ) )
olcObjectClasses: {1}( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRU
 CTURAL MUST userid MAY ( description $ seeAlso $ localityName $ organizatio
 nName $ organizationalUnitName $ host ) )
olcObjectClasses: {2}( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STR
 UCTURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $
 localityName $ organizationName $ organizationalUnitName $ documentTitle $
 documentVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
olcObjectClasses: {3}( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTU
 RAL MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNum
 ber ) )
olcObjectClasses: {4}( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP t
 op STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber
  $ localityName $ organizationName $ organizationalUnitName ) )
olcObjectClasses: {5}( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRU
 CTURAL MUST domainComponent MAY ( associatedName $ organizationName $ descr
 iption $ businessCategory $ seeAlso $ searchGuide $ userPassword $ locality
 Name $ stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ p
 ostalAddress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTeleph
 oneNumber $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIden
 tifier $ telexNumber $ preferredDeliveryMethod $ destinationIndicator $ reg
 isteredAddress $ x121Address ) )
olcObjectClasses: {6}( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP
  domain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ tel
 ephoneNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ po
 stOfficeBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNN
 umber $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferr
 edDeliveryMethod $ destinationIndicator $ registeredAddress $ x121Address )
  )
olcObjectClasses: {7}( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domai
 n STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ C
 NAMERecord ) )
olcObjectClasses: {8}( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
  DESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST asso
 ciatedDomain )
olcObjectClasses: {9}( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP
  country STRUCTURAL MUST friendlyCountryName )
olcObjectClasses: {10}( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
 SUP ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
olcObjectClasses: {11}( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa S
 TRUCTURAL MAY dSAQuality )
olcObjectClasses: {12}( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData
 ' SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMa
 ximumQuality ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 9400b986-3521-1034-9ede-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.722234Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

dn: cn={2}nis,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {2}nis
olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field;
 the common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings
 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absol
 ute path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4
 .1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to
 the login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121
 .1.26 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY int
 egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMat
 ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMat
 ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY intege
 rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integ
 erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY intege
 rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerM
 atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExac
 tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
 1.1.26 )
olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY
 caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.146
 6.115.121.1.26 )
olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Net
 group triple' SYNTAX 1.3.6.1.1.1.0.0 )
olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY inte
 gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name
 )
olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY i
 ntegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integ
 erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP addre
 ss' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP ne
 twork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128
 } SINGLE-VALUE )
olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP ne
 tmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128
 } SINGLE-VALUE )
olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC addres
 s' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.boo
 tparamd parameter' SYNTAX 1.3.6.1.1.1.0.1 )
olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image n
 ame' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name )
olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseEx
 actIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.
 121.1.26{1024} SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction
  of an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ u
 idNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ ge
 cos $ description ) )
olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional
  attributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPass
 word $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowIna
 ctive $ shadowExpire $ shadowFlag $ description ) )
olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction o
 f a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( use
 rPassword $ memberUid $ description ) )
olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an
  Internet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $
 ipServiceProtocol ) MAY description )
olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction o
 f an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ descrip
 tion ) MAY description )
olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an
  ONC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description
  ) MAY description )
olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a
 host, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $
 description $ manager ) )
olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of
  an IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNe
 tmaskNumber $ l $ description $ manager ) )
olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction
 of a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberN
 isNetgroup $ description ) )
olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstrac
 tion of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in
 a NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY de
 scription )
olcObjectClasses: {11}( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device
  with a MAC address' SUP top AUXILIARY MAY macAddress )
olcObjectClasses: {12}( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A devic
 e with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter )
 )
structuralObjectClass: olcSchemaConfig
entryUUID: 9400f87e-3521-1034-9edf-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.723847Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

dn: cn={3}inetorgperson,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {3}inetorgperson
olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC2
 798: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR
  caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC
  'RFC2798: identifies a department within an organization' EQUALITY caseIgn
 oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
 .15 )
olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'R
 FC2798: preferred name to be used when displaying entries' EQUALITY caseIgn
 oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
 .15 SINGLE-VALUE )
olcAttributeTypes: {3}( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC '
 RFC2798: numerically identifies an employee within an organization' EQUALIT
 Y caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.
 115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {4}( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RF
 C2798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR cas
 eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RF
 C2798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
olcAttributeTypes: {6}( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DE
 SC 'RFC2798: preferred written or spoken language for a person' EQUALITY ca
 seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.
 121.1.15 SINGLE-VALUE )
olcAttributeTypes: {7}( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate'
  DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.
 1.1466.115.121.1.5 )
olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RF
 C2798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.14
 66.115.121.1.5 )
olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RF
 C2798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL
 MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayNam
 e $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddre
 ss $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ page
 r $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIden
 tifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 9401218c-3521-1034-9ee0-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.724897Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

dn: olcBackend={0}mdb,cn=config
objectClass: olcBackendConfig
olcBackend: {0}mdb
structuralObjectClass: olcBackendConfig
entryUUID: 940161ce-3521-1034-9ee2-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.726543Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
 al,cn=auth manage by * break
olcAccess: {1}to dn.exact="" by * read
olcAccess: {2}to dn.base="cn=Subschema" by * read
olcSizeLimit: 500
structuralObjectClass: olcDatabaseConfig
entryUUID: 940022fa-3521-1034-9eda-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.718381Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
 al,cn=auth manage by * break
structuralObjectClass: olcDatabaseConfig
entryUUID: 940033e4-3521-1034-9edb-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.718815Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=yln,dc=info
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonym
 ous auth by dn="cn=admin,dc=yln,dc=info" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=yln,dc=info" write by *
 read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=yln,dc=info
olcRootPW:: <password hash>
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
structuralObjectClass: olcMdbConfig
entryUUID: 94016bce-3521-1034-9ee3-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.726800Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

诚然,其中大部分内容对我来说都是希腊语,所以我不知道如何排除故障。接下来我可以尝试什么?感谢您的帮助!

答案1

使用 OpenLDAP 2.5.13 从https://ltb-project.org/documentation/index.html在 CentOS 8 流上,我可以通过以下更改加载您的 LDIF:

  1. 我注释掉了所有与路径相关的配置,因为cn=config 它们不适用于我的系统,并且我不想费心设置证书:

    #olcArgsFile: /var/run/openldap/slapd.args
    #olcPidFile: /var/run/openldap/slapd.pid
    #olcTLSCACertificatePath: /etc/openldap/certs
    #olcTLSCertificateFile: /etc/openldap/certs/1d40117d24e9b169.pem
    #olcTLSCertificateKeyFile: /etc/openldap/certs/yln.key
    
  2. 我需要显式加载back_mdb模块:

    dn: cn=module,cn=config
    objectClass: olcModuleList
    cn: module
    olcModulePath: /usr/local/openldap/libexec/openldap/
    olcModuleLoad: back_mdb.so
    

    如果它已编译到您的本地版本中,则这可能不是必需的。

  3. 我用本地目录中的适当内容替换了所有架构openldap/schemas/

  4. 我修复了您的 olcAccess 规则之一中的语法错误。你有过:

    olcAccess: {2}to * by self write by dn="cn=admin,dc=yln,dc=info" write by *
     read
    

    看起来好像您在某个时刻删除了一个尾随空格 ( ) ;正如所写,这展开为:

    olcAccess: {2}to * by self write by dn="cn=admin,dc=yln,dc=info" write by *read
    

    *read最后的那个是无效语法。您可以在 后面添加一个尾随空格*,或者更好地重新格式化该行以使其更具可读性:

    olcAccess: {2}to *
      by self write
      by dn="cn=admin,dc=yln,dc=info" write
      by * read
    

    注意每一行都是缩进的空间。这为我们提供了一个用于 LDIF 折叠的空间,然后是另一个文字空间来将每一行与前一行的最后一个单词分隔开。

  5. 我必须注释掉所有olcDbConfig在我的环境中无法识别的语句:

    #olcDbConfig: {0}set_cachesize 0 2097152 0
    #olcDbConfig: {1}set_lk_max_objects 1500
    #olcDbConfig: {2}set_lk_max_locks 1500
    #olcDbConfig: {3}set_lk_max_lockers 1500
    

通过这些更改,我能够成功获取slapadd ...您的内容。

相关内容