Debian jessie:OpenLDAP 服务器如何添加新模式?

tag-icon tag-icon debian cisco ldap openldap schema
Debian jessie:OpenLDAP 服务器如何添加新模式?

以下项目是上下文的模式。我将添加

attributetype ( 1.3.6.1.4.1.9.500.1.3
  NAME 'CiscoDomain'
  DESC 'Domain for VPN users'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  ORDERING caseIgnoreOrderingMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128}
  SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.9.500.1.4
  NAME 'CiscoDNS'
  DESC 'DNS server for VPN users'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  ORDERING caseIgnoreOrderingMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128}
  SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.9.500.1.5
  NAME 'CiscoIPAddress'
  DESC 'Address for VPN user'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  ORDERING caseIgnoreOrderingMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128}
  SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.9.500.1.6
  NAME 'CiscoIPNetmask'
  DESC 'Address for VPN user'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  ORDERING caseIgnoreOrderingMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128}
  SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.9.500.1.7
  NAME 'CiscoSplitACL'
  DESC 'Split tunnel list for VPN users'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  ORDERING caseIgnoreOrderingMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128}
  SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.9.500.1.8
  NAME 'CiscoSplitTunnelPolicy'
  DESC 'Split tunnel policy for VPN users'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  ORDERING caseIgnoreOrderingMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128}
  SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.9.500.1.9
  NAME 'CiscoGroupPolicy'
  DESC 'Group policy for VPN users'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  ORDERING caseIgnoreOrderingMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128}
  SINGLE-VALUE )

objectclass ( 1.3.6.1.4.1.9.500.2.1 NAME 'CiscoPerson'
        DESC 'My cisco person'
        AUXILIARY
        MUST ( sn $ cn )
        MAY ( userPassword $ telephoneNumber $ seeAlso
            $ description $ CiscoBanner $ CiscoACLin $ CiscoDomain
            $ CiscoDNS $ CiscoIPAddress $ CiscoIPNetmask $ CiscoSplitACL
            $ CiscoSplitTunnelPolicy $ CiscoGroupPolicy ) )

~# vi /usr/share/slapd/slapd.conf命令产生以下输出:

# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions<br>
include /etc/ldap/schema/core.schema<br>
include /etc/ldap/schema/cosine.schema<br>
include /etc/ldap/schema/nis.schema<br>
include /etc/ldap/schema/inetorgperson.schema<br>
include /etc/ldap/schema/cisco.schema<br>

每个 schema 都有成对的 ldif 文件,对于你的 schema 文件生成你知道用什么方法吗?

答案1

如果您确定您的属性类型不存在于您现有的 OpenLDAP 安装或您将连接的任何安装中(查找冲突的 OID!),您可以添加自定义架构。这是一种比摆弄核心架构更干净的方法。

您可以通过向后端添加节点轻松完成此操作cn=config

dn: cn=<yourSchemaName>,cn=schema,cn=config objectClass: olcSchemaConfig cn: <yourSchemaName> olcAttributeTypes: ( 1.3.6.1.4.1.9.500.1.3 NAME 'CiscoDomain'...

当然您也可以使用旧的配置后端并重新启动 slapd。

相关内容