OpenLDAP에서 MemberOf 재정의를 구현하는 방법은 무엇입니까?

tag-icon tag-icon ldap openldap
OpenLDAP에서 MemberOf 재정의를 구현하는 방법은 무엇입니까?

구현 방법에 대해 처음부터 끝까지 단계별 가이드가 필요합니다.회원OpenLDAP의 오버레이(버전 2.5.13).

나는 공식 가이드를 포함하여 많은 가이드를 읽었습니다. 불행히도 그들 중 누구도 작동하지 않습니다. 이것회원속성이 전혀 존재하지 않습니다.

현재 상태는 다음과 같습니다.

dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_mdb
olcModuleLoad: {1}memberof.la
olcModuleLoad: {2}refint

dn: olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config
ObjectClass: olcMemberOfConfig
Object class: olcOverlayConfig
Object class: top
olcOverlay: {0}memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfUniqueNames

dn: olcOverlay={1}refint,olcDatabase={1}mdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: {1}refint
olcRefintAttribute: memberof member manager owner

참고로: 알아요회원속성은 명시적으로 요청되어야 합니다.

이를 위해 특정 모드를 활성화해야 합니까, 하나 이상의 객체 클래스를 할당해야 합니까, 아니면 이렇게 작동해야 합니까?

몇 주 동안 이 문제를 해결하려고 노력했지만 더 이상 해결할 수 없는 문제이므로 도움을 주시면 정말 감사하겠습니다.

업데이트 #1

난 ~를 지웠어국정원스키마, 추가됨RFC2307bis스키마를 수정하고 서비스를 다시 시작했지만 아무 것도 변경되지 않았습니다.

dn: cn={2}rfc2307bis,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {2}rfc2307bis
olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field;the
  common name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA
 X 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut
 e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1
 466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th
 e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2
 6 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ
 erMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SI
 NGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch
  ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VA
 LUE )
olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch
  ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VA
 LUE )
olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM
 atch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL
 E-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer
 Match ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING
 LE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM
 atch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL
 E-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat
 ch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-
 VALUE )
olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactM
 atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca
 seExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr
 oup triple' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' DESC 'Service p
 ort number' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.
 1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' DESC 'Servi
 ce protocol name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
 15 )
olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' DESC 'IP pro
 tocol number' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.
 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' DESC 'ONC RPC nu
 mber' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.
 1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IPv4 add r
 esses as a dotted decimal omitting leading zeros or IPv6 addresses as defined
  in RFC2373' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw
 ork omitting leading zeros, eg. 192.168' EQUALITY caseIgnoreIA5Match SYNTAX 1
 .3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm
 ask omitting leading zeros, eg. 255.255.255.0' EQUALITY caseIgnoreIA5Match SY
 NTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address 
 in maximal, colon separated hex notation, eg. 00:00:92:90:ee:e2' EQUALITY cas
 eIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp
 aramd parameter' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1
 .26 )
olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam
 e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC 'Name of a ge
 neric NIS map' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{
 64} )
olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' DESC 'A generic N
 IS entry' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} 
 SINGLE-VALUE )
olcAttributeTypes: {25}( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey' DESC 'NIS public
  key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-V
 ALUE )
olcAttributeTypes: {26}( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey' DESC 'NIS secret
  key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-V
 ALUE )
olcAttributeTypes: {27}( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain' E
 QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
olcAttributeTypes: {28}( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'auto m
 ount Map Name' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 S
 INGLE-VALUE )
olcAttributeTypes: {29}( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount 
 Key value' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL
 E-VALUE )
olcAttributeTypes: {30}( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Au
 tomount information' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
 1.15 SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o
 f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu
 mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ 
 description ) )
olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a
 ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword
  $ description $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ s
 hadowInactive $ shadowExpire $ shadowFlag ) )
olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of 
 a group of accounts' SUP top AUXILIARY MUST gidNumber MAY ( userPassword $ me
 mberUid $ description ) )
olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I
 nternet Protocol service. Maps an IP port and protocol (such as tcp or udp) t
 o one or more names; the distinguished value of the cn attribute denotes the 
 services canonical name' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSer
 viceProtocol ) MAY description )
olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of 
 an IP protocol. Maps a protocol number to one or more names. The distinguishe
 d value of the cn attribute denotes the protocol canonical name' SUP top STRU
 CTURAL MUST ( cn $ ipProtocolNumber ) MAY description )
olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O
 pen Network Computing (ONC) [RFC1057] Remote Procedure Call (RPC) binding. Th
 is class maps an ONC RPC number to a name. The distinguished value of the cn 
 attribute denotes the RPC service canonical name' SUP top STRUCTURAL MUST ( c
 n $ oncRpcNumber ) MAY description )
olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho
 st, an IP device. The distinguished value of the cn attribute denotes the hos
 ts canonical name. Device SHOULD be used as a structural class' SUP top AUXIL
 IARY MUST ( cn $ ipHostNumber ) MAY ( userPassword $ l $ description $ manage
 r ) )
olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a
  network. The distinguished value of the cn attribute denotes the network can
 onical name' SUP top STRUCTURAL MUST ipNetworkNumber MAY ( cn $ ipNetmaskNumb
 er $ l $ description $ manager ) )
olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of
  a netgroup. May refer to other netgroups' SUP top STRUCTURAL MUST cn MAY ( n
 isNetgroupTriple $ memberNisNetgroup $ description ) )
olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti
 on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a 
 NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) )
olcObjectClasses: {11}( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w
 ith a MAC address; device SHOULD be used as a structural class' SUP top AUXIL
 IARY MAY macAddress )
olcObjectClasses: {12}( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device 
 with boot parameters; device SHOULD be used as a structural class' SUP top AU
 XILIARY MAY ( bootFile $ bootParameter ) )
olcObjectClasses: {13}( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' DESC 'An object w
 ith a public and secret key' SUP top AUXILIARY MUST ( cn $ nisPublicKey $ nis
 SecretKey ) MAY ( uidNumber $ description ) )
olcObjectClasses: {14}( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' DESC 'Associat
 es a NIS domain with a naming context' SUP top AUXILIARY MUST nisDomain )
olcObjectClasses: {15}( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURA
 L MUST automountMapName MAY description )
olcObjectClasses: {16}( 1.3.6.1.1.1.2.17 NAME 'automount' DESC 'Automount info
 rmation' SUP top STRUCTURAL MUST ( automountKey $ automountInformation ) MAY 
 description )
olcObjectClasses: {17}( 1.3.6.1.1.1.2.18 NAME 'groupOfMembers' DESC 'A group w
 ith members (DNs)' SUP top STRUCTURAL MUST cn MAY ( businessCategory $ seeAls
 o $ owner $ ou $ o $ description $ member ) )

관련 정보