Openldap Acl更新錯誤

tag-icon tag-icon openldap
Openldap Acl更新錯誤

我試圖透過刪除當前規則並使用以下命令透過新的 acl.ldif 檔案用新規則更新它來修改 openldap 中的當前 ACL 規則。

ldapmodify -xWD cn=admin,cn=config -f acl.ldif

但我在執行時遇到以下錯誤。

modifying entry "olcDatabase={1}hdb,cn=config"
ldap_modify: Object class violation (65)
        additional info: attribute 'olcOverlay' not allowed

這是我目前的 olcdatabase 檔案。

dn: olcDatabase={1}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=test,dc=test1,dc=com
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
 s auth by dn="ou=admin,dc=test,dc=test1,dc=com" write by * read
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=test,dc=test1,dc=com" w
 rite by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=test,dc=test1,dc=com
olcRootPW:: e1Nb01QN3Mrckk=
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcDbIndex: entryCSN,entryUUID eq
structuralObjectClass: olcHdbConfig
entryUUID: 372c8246-a1b5-1031-9131-6b135443c1be
creatorsName: cn=admin,cn=config
createTimestamp: 20121003144902Z
entryCSN: 20121003144902.063840Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20121003144902Z
olcOverlay: syncprov
olcSpCheckPoint: 50 10
olcSpSessionlog: 100

下面提供的是我的 acl.ldif 檔案。

dn: olcDatabase={1}hdb,cn=config
changetype: modify
delete: olcAccess
olcAccess: {0}
-
# Then add a new ACL at position {0}.
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="ou=Users,dc=test,dc=test1,dc=com" write by * read

答案1

您目前的資料庫配置可能無效。除非您對架構做了一些非典型的操作,否則olcOverlay配置條目中的任何 objectClass 都不會提供該屬性的使用。錯誤訊息不是關於您正在嘗試執行的操作,而是關於您已經完成的操作。

這是一種更常見的結構:

$ ldapsearch -b olcDatabase={1}hdb,cn=config objectClass @olcSyncProvConfig
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig

dn: olcOverlay={0}syncprov,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpCheckpoint: 100 10
olcSpSessionlog: 100

dn: olcOverlay={1}memberof,olcDatabase={1}hdb,cn=config
objectClass: olcMemberOf
objectClass: olcOverlayConfig
olcOverlay: {1}memberof

# find /etc/openldap/slapd.d/
/etc/openldap/slapd.d/
/etc/openldap/slapd.d/cn=config
/etc/openldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif
/etc/openldap/slapd.d/cn=config/olcDatabase={0}config
/etc/openldap/slapd.d/cn=config/olcDatabase={0}config/olcOverlay={0}syncprov.ldif
/etc/openldap/slapd.d/cn=config/cn=schema.ldif
/etc/openldap/slapd.d/cn=config/cn=module{0}.ldif
/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb
/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb/olcOverlay={0}syncprov.ldif
/etc/openldap/slapd.d/cn=config/cn=schema
/etc/openldap/slapd.d/cn=config/cn=schema/cn={7}openssh-lpk.ldif
/etc/openldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif
/etc/openldap/slapd.d/cn=config/cn=schema/cn={3}rfc2307bis.ldif
/etc/openldap/slapd.d/cn=config/cn=schema/cn={8}sudo.ldif
/etc/openldap/slapd.d/cn=config/cn=schema/cn={2}inetorgperson.ldif
/etc/openldap/slapd.d/cn=config/cn=schema/cn={4}misc.ldif
/etc/openldap/slapd.d/cn=config/cn=schema/cn={6}kerberos.ldif
/etc/openldap/slapd.d/cn=config/cn=schema/cn={5}dhcp.ldif
/etc/openldap/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif
/etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif
/etc/openldap/slapd.d/cn=config/olcDatabase={1}hdb
/etc/openldap/slapd.d/cn=config/olcDatabase={1}hdb/olcOverlay={1}memberof.ldif
/etc/openldap/slapd.d/cn=config/olcDatabase={1}hdb/olcOverlay={0}syncprov.ldif
/etc/openldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif
/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif
/etc/openldap/slapd.d/cn=config.ldif

相關內容