我已经创建了如下所示的新模式
attributetype ( 2.25.3236588
NAME 'x-candidateNumber'
DESC 'Candidate number'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 2.25.3536282
NAME 'x-candidateFullName'
DESC 'Candidate name'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 2.25.6587875
NAME 'x-candidateTitleBeforeName'
DESC 'Candidate title before name'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 2.25.6164147
NAME 'x-candidateTitleAfterName'
DESC 'Candidate title after name'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 2.25.1702122
NAME 'x-candidateBirthNumber'
DESC 'Candidate title after name'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 2.25.3134432
NAME 'x-candidateListedAt'
DESC 'Candidate listed at'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 2.25.3682754
NAME 'x-candidateErasedAt'
DESC 'Candidate erased at'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 2.25.5497561
NAME 'x-candidateNote'
DESC 'Candidate note'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 2.25.9736218
NAME 'x-candidateStatus'
DESC 'Candidate status'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
objectclass ( 2.25.1798306
NAME 'ekcrCandidate'
DESC 'RFC1274: simple security object'
SUP ( top $ person $ organizationalPerson $ inetOrgPerson )
STRUCTURAL
MUST (cn $ ou)
MAY ( x-candidateNumber $ x-candidateFullName $ x-candidateTitleBeforeName $
x-candidateBirthNumber $ x-candidateTitleAfterName $ x-candidateListedAt $
x-candidateErasedAt $ x-candidateNote $ x-candidateStatus
))
将此模式添加到 schema_convert.conf 文件中
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/collective.schema
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/pmi.schema
include /etc/ldap/schema/ekcrconcipient.schema
include /etc/ldap/schema/ekcrcandidate.schema
include /etc/ldap/schema/ekcrlegalofficer.schema
然后将架构转换为 ldif 文件
slaptest -f schema_convert.conf -F /tmp/ldif_output
它生成了我按照说明修改的文件这里在步骤 4 中。生成的 cn={14}ekcrlegalofficer.ldif 文件现在如下所示
dn: cn=ekcrlegalofficer
objectClass: olcSchemaConfig
cn: ekcrlegalofficer
olcAttributeTypes: {0}( 2.25.7702021 NAME 'x-legalOfficerNumber' DESC 'Legal o
fficer number' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{
32768} )
olcAttributeTypes: {1}( 2.25.960171 NAME 'x-legalOfficerFullName' DESC 'Legal
officer name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{3
2768} )
olcAttributeTypes: {2}( 2.25.196694 NAME 'x-legalOfficerTitleBeforeName' DESC
'Legal officer title before name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1
.1466.115.121.1.15{32768} )
olcAttributeTypes: {3}( 2.25.7643140 NAME 'x-legalOfficerTitleAfterName' DESC
'Legal officer title after name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.
1466.115.121.1.15{32768} )
olcAttributeTypes: {4}( 2.25.1064416 NAME 'x-legalOfficerListedAt' DESC 'Legal
officer listed at' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
1.15{32768} )
olcAttributeTypes: {5}( 2.25.1005975 NAME 'x-legalOfficerErasedAt' DESC 'Legal
Officer erased at' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
1.15{32768} )
olcAttributeTypes: {6}( 2.25.5513419 NAME 'x-legalOfficerNote' DESC 'Legal Off
icer note' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{3276
8} )
olcAttributeTypes: {7}( 2.25.4535859 NAME 'x-legalOfficerStatus' DESC 'Legal O
fficer status' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{
32768} )
olcObjectClasses: {0}( 2.25.6182638 NAME 'ekcrLegalOfficer' DESC 'RFC1274: sim
ple security object' SUP ( top $ person $ organizationalPerson $ inetOrgPerso
n ) STRUCTURAL MUST ( cn $ ou ) MAY ( x-legalOfficerNumber $ x-legalOfficerFu
llName $ x-legalOfficerTitleBeforeName $ x-legalOfficerTitleAfterName $ x-leg
alOfficerListedAt $ x-legalOfficerErasedAt $ x-legalOfficerNote $ x-legalOffi
cerStatus ) )
然后我尝试添加这个新的 objectClass
ldapadd -D "cn=admin,cn=config" -W -f cn={14}ekcrlegalofficer.ldif
这导致了
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge
我明白,当您尝试将新记录添加到错误的数据库时可能会发生此错误,但由于我正在尝试创建新的对象类,所以这不应该是我的情况。
它实际上在过去对我来说是有效的,但后来我使用重新配置了我的 openLDAP 服务器
dpkg-reconfigre slapd
从那时起我就面临这个问题。
现在已经第三天了,我被困在这个问题上,我真的很绝望,如果能得到任何帮助我将非常感激。
答案1
我认为问题在于您的新对象类的 dn 很简单:
cn=ekcrlegalofficer
因此它不在您的目录下的任何后缀下。它应该是这样的:
cn=ekcrlegalofficer,cn=schema,cn=config
我相信。