我在配置 openldap v2.4.46 + postgres (9.6.x) 时遇到了问题,我遇到了一个无法找到答案的问题。
安装步骤
yum install -y vim libacl-devel libblkid-devel gnutls-devel readline-devel python-devel autoconf gcc-c++ gcc glibc-devel glibc-headers kernel-headers libgomp libstdc++-devel openssl-devel e2fsprogs-devel keyutils-libs-devel krb5-devel libselinux-devel libsepol-devel libtool-ltdl-devel postgresql-odbc.x86_64 postgresql-client wget postgresql-devel librpcsecgss unixODBC-devel
export HISTCONTROL=erasedups:ignorespace
export HISTSIZE=""
wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.46.tgz
tar xvf openldap-2.4.46.tgz
cd openldap-2.4.46 && ./configure --prefix=/ --enable-sql --without-cyrus-sasl --disable-bdb --enable-crypt --disable-hdb && make depend && make && make install && cd -
psql -h postgres -U postgres -c 'DROP DATABASE ldap'
psql -h postgres -U postgres -c 'CREATE DATABASE ldap'
cat /openldap-2.4.46/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_create.sql | psql -h postgres -U postgres ldap
/etc/openldap/slap.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/ppolicy.schema
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
database sql
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
rootpw secret
dbname ldap
dbuser postgres
dbpasswd postgres
insentry_stmt "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from ldap_entries),?,?,?,?)"
upper_func "upper"
strcast_func "text"
concat_pattern "?||?"
has_ldapinfo_dn_ru no
lastmod off
/etc/odbc.ini
; odbc.ini
;
[ODBC Data Sources]
ldap=PostgreSQL
[ldap]
; WARNING: The old psql odbc driver psqlodbc.so is now renamed psqlodbcw.so
; in version 08.x. Note that the library can also be installed under an other
; path than /usr/local/lib/ following your installation.
Driver=/usr/lib64/psqlodbcw.so
Description=Connection to LDAP/POSTGRESQL
Servername=postgres
Port=5432
Protocol=6.4
FetchBufferSize=99
Username=postgres
Password=postgres
Database=ldap
ReadOnly=no
Debug=1
CommLog=1
[ODBC]
InstallDir=/usr/local/lib
运行应用程序
$ /usr/libexec/slapd -f /etc/openldap/slapd.conf -d 3
组目录
dn: dc=my-domain,dc=com
objectClass: domain
dc: my-domain
dn: ou=people,dc=my-domain,dc=com
ou: people
objectClass: organizationalUnit
dn: ou=groups,dc=my-domain,dc=com
ou: groups
objectClass: organizationalUnit
问题
$ ldapadd -f groups.ldif -h localhost -D "cn=Manager,dc=my-domain,dc=com" -w secret
adding new entry "dc=my-domain,dc=com"
ldap_add: Server is unwilling to perform (53)
additional info: operation not permitted within namingContext
从服务器调试
5afc9875 slap_listener_activate(6):
5afc9875 >>> slap_listener(ldap:///)
5afc9875 connection_get(10): got connid=1000
5afc9875 connection_read(10): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=8
0000: 30 30 02 01 01 60 2b 02 00...`+.
ldap_read: want=42, got=42
0000: 01 03 04 1e 63 6e 3d 4d 61 6e 61 67 65 72 2c 64 ....cn=Manager,d
0010: 63 3d 6d 79 2d 64 6f 6d 61 69 6e 2c 64 63 3d 63 c=my-domain,dc=c
0020: 6f 6d 80 06 73 65 63 72 65 74 om..secret
ber_get_next: tag 0x30 len 48 contents:
5afc9875 op tag 0x60, time 1526503541
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
5afc9875 conn=1000 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
5afc9875 >>> dnPrettyNormal: <cn=Manager,dc=my-domain,dc=com>
5afc9875 <<< dnPrettyNormal: <cn=Manager,dc=my-domain,dc=com>, <cn=manager,dc=my-domain,dc=com>
5afc9875 do_bind: version=3 dn="cn=Manager,dc=my-domain,dc=com" method=128
5afc9875 ==>backsql_bind()
5afc9875 conn=1000 op=0: rootdn="cn=Manager,dc=my-domain,dc=com" bind succeeded
5afc9875 <==backsql_bind(0)
5afc9875 do_bind: v3 bind: "cn=Manager,dc=my-domain,dc=com" to "cn=Manager,dc=my-domain,dc=com"
5afc9875 send_ldap_result: conn=1000 op=0 p=3
5afc9875 send_ldap_response: msgid=1 tag=97 err=0
ber_flush2: 14 bytes to sd 10
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
5afc9875 connection_get(10): got connid=1000
5afc9875 connection_read(10): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=8
0000: 30 49 02 01 02 68 44 04 0I...hD.
ldap_read: want=67, got=67
0000: 13 64 63 3d 6d 79 2d 64 6f 6d 61 69 6e 2c 64 63 .dc=my-domain,dc
0010: 3d 63 6f 6d 30 2d 30 17 04 0b 6f 62 6a 65 63 74 =com0-0...object
0020: 43 6c 61 73 73 31 08 04 06 64 6f 6d 61 69 6e 30 Class1...domain0
0030: 12 04 02 64 63 31 0c 04 0a 6d 79 2d 64 6f 6d 61 ...dc1...my-doma
0040: 69 6e 20 in
ber_get_next: tag 0x30 len 73 contents:
5afc9875 op tag 0x68, time 1526503541
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
5afc9875 conn=1000 op=1 do_add
ber_scanf fmt ({m) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt (}) ber:
5afc9875 >>> dnPrettyNormal: <dc=my-domain,dc=com>
5afc9875 <<< dnPrettyNormal: <dc=my-domain,dc=com>, <dc=my-domain,dc=com>
5afc9875 ==>backsql_add("dc=my-domain,dc=com")
5afc9875 oc_check_required entry (dc=my-domain,dc=com), objectClass "domain"
5afc9875 oc_check_allowed type "objectClass"
5afc9875 oc_check_allowed type "dc"
5afc9875 oc_check_allowed type "structuralObjectClass"
5afc9875 backsql_add("dc=my-domain,dc=com"): cannot map structuralObjectClass "domain" -- aborting
5afc9875 send_ldap_result: conn=1000 op=1 p=3
5afc9875 send_ldap_response: msgid=2 tag=105 err=53
ber_flush2: 58 bytes to sd 10
ldap_write: want=58, written=58
0000: 30 38 02 01 02 69 33 0a 01 35 04 00 04 2c 6f 70 08...i3..5...,op
0010: 65 72 61 74 69 6f 6e 20 6e 6f 74 20 70 65 72 6d eration not perm
0020: 69 74 74 65 64 20 77 69 74 68 69 6e 20 6e 61 6d itted within nam
0030: 69 6e 67 43 6f 6e 74 65 78 74 ingContext
5afc9875 <==backsql_add("dc=my-domain,dc=com"): 53 "operation not permitted within namingContext"
5afc9875 connection_get(10): got connid=1000
5afc9875 connection_read(10): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=7
0000: 30 05 02 01 03 42 00 0....B.
ber_get_next: tag 0x30 len 5 contents:
5afc9875 op tag 0x42, time 1526503541
ber_get_next
ldap_read: want=8, got=0
5afc9875 ber_get_next on fd 10 failed errno=0 (Success)
5afc9875 conn=1000 op=2 do_unbind
5afc9875 connection_close: conn=1000 sd=10
答案1
事实证明,我原本期望它的sql工作方式与此类似mdb,但事实并非如此。现在需要在数据库中定义每个关系;告别它import ....ldif,现在将它们添加到数据库中。
psql -h postgres -U postgres -c 'DROP DATABASE ldap'
psql -h postgres -U postgres -c 'CREATE DATABASE ldap'
psql -h postgres -U postgres ldap < /openldap-2.4.46/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_create.sql
psql -h postgres -U postgres ldap < /openldap-2.4.46/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_create.sql
psql -h postgres -U postgres ldap < /openldap-2.4.46/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_metadata.sql
psql -h postgres -U postgres ldap < /openldap-2.4.46/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_data.sql
对我来说,这比它本身带来的麻烦还要多,因此我放弃了这种方法,而选择了mdb。
如果有人有更好的方法,请告诉我!我洗耳恭听。