在当前设置下,我具有在其上手动添加了eduPerson模式的OpenLDAP服务器,并且可以从其中检索任何属性,如eduPersonPrincipalName,eduPersonPrimaryAffiliation等,而没有任何问题。>
现在,我想用389 Directory Server进行测试,据我所知,它已经预添加了eduPerson模式。问题在于,即使在创建具有eduPerson属性(例如eduPersonPrincipalName等)的用户后,我也无法检索eduPerson架构的任何属性值。我需要它,因为我们使用了SimpleSAMLphp SSO。以下是具有多个eduPerson属性的用户的搜索示例,没有显示任何属性:
ldapsearch -x -b "cn=John Doe,ou=people,dc=domain,dc=com" -H ldap://127.0.0.1:389 # extended LDIF # # LDAPv3 # base <cn=John Doe,ou=people,dc=domain,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # John Doe, people, domain.com dn: cn=John Doe,ou=people,dc=domain,dc=com objectClass: eduPerson objectClass: inetOrgPerson objectClass: organizationcomPerson objectClass: person objectClass: posixAccount objectClass: top cn: John Doe gidNumber: 10000 homeDirectory: /home/[email protected] uid: [email protected] uidNumber: 10055 description: Authenticated at 2020-04-28 12:27:08.657033 loginShell: /bin/bash mail: [email protected] # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
谢谢,
编辑:
另一个示例可能会有所帮助。以下是用户的ldif文件:version: 1 dn: cn=John Doe,ou=people,dc=domain,dc=com objectClass: eduPerson objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: posixAccount objectClass: top cn: John Doe gidNumber: 10000 homeDirectory: /home/[email protected] sn: Doe uid: [email protected] uidNumber: 10057 carLicense: AA123BB departmentNumber: IT eduPersonPrimaryAffiliation: employee eduPersonPrincipalName: [email protected] eduPersonScopedAffiliation: [email protected] employeeNumber: 1234567890 givenName: John initials: JD loginShell: /bin/bash mail: [email protected] title: Software Developer userPassword:: e0NSWVBUfSQ2JG1LcDlHUmRUcENBRVZ1ZkUkc0djRkNsalcyWEVoby9FRlNGS jhLRXRYR1dmTGFUNXNYUk9BbHFRSHhoWXN4TWlZWEl6SEFCa0U1UzN3cm5uSktMSVAyTlg1d0V5 YXN1U1laNXJocDA=
[当我尝试搜索此用户时,我仅获得以下属性:
ldapsearch -x -b "cn=John Doe,ou=people,dc=rash,dc=al" -H ldap://127.0.0.1:389
# extended LDIF
#
# LDAPv3
# base <cn=John Doe,ou=people,dc=rash,dc=al> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# John Doe, people, rash.al
dn: cn=John Doe,ou=people,dc=rash,dc=al
objectClass: eduPerson
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
loginShell: /bin/bash
homeDirectory: /home/[email protected]
uid: [email protected]
cn: John Doe
uidNumber: 10057
gidNumber: 10000
mail: [email protected]
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
在当前设置下,我具有在其上手动添加了eduPerson模式的OpenLDAP服务器,我可以从中检索它而没有任何问题属性,例如eduPersonPrincipalName,...
非常感谢Ludovic。你在哪里正确。我需要添加一个新的ACI才能检索所有cn属性。