我已经部署了以下容器(docker-compose.yaml):
LDAP_CONFIG_ADMIN_ENABLED=true 默认设置配置管理用户 admin/configpassword,如文档中所述:链接到 bitnami 文档
version: '2'
#https://hub.docker.com/r/bitnami/openldap/#!
services:
openldap:
image: bitnami/openldap:2
ports:
- '1389:1389'
- '1636:1636'
environment:
- LDAP_ADMIN_USERNAME=AdminCPS
- LDAP_ADMIN_PASSWORD=passwordCPS
- LDAP_USERS=user01,user02
- LDAP_PASSWORDS=password1,password2
- LDAP_ROOT=dc=ldap_admin
- LDAP_USER_DC=CPS
- LDAP_CONFIG_ADMIN_ENABLED=true
volumes:
- './openldap_data:/bitnami/openldap'
当我尝试添加此 ldif 架构 (/schema/custom.ldif) 时:
version: 1
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.37505.1.2
NAME 'gender'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributeTypes: ( 1.3.6.1.4.1.37505.1.3
NAME 'country'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributeTypes: ( 1.3.6.1.4.1.37505.1.4
NAME 'nickName'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributeTypes: ( 1.3.6.1.4.1.37505.1.5
NAME 'timeZone'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributeTypes: ( 1.3.6.1.4.1.37505.1.6
NAME 'dateOfBirth'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributeTypes: ( 1.3.6.1.4.1.37505.1.7
NAME 'role'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributeTypes: ( 1.3.6.1.4.1.37505.1.8
NAME 'im'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributeTypes: ( 1.3.6.1.4.1.37505.1.9
NAME 'url'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributeTypes: ( 1.3.6.1.4.1.37505.1.10
NAME 'otherPhone'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributeTypes: ( 1.3.6.1.4.1.37505.1.11
NAME 'privatePersonalIdentifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributeTypes: ( 1.3.6.1.4.1.37505.1.12
NAME 'profileconfiguration'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributeTypes: ( 1.3.6.1.4.1.37505.1.13
NAME 'prefferedLanguage'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
-
add: objectClasses
objectClasses: ( 1.3.6.1.4.1.37505.1.1
NAME 'inetCpsPerson'
DESC 'inetCpsPerson'
SUP inetOrgPerson
STRUCTURAL
MAY ( gender $ country $ nickName $ timeZone $ dateOfBirth $ role $ im $ url $ otherPhone $ privatePersonalIdentifier $ profileconfiguration $ prefferedLanguage)
)
-
我在容器内启动它:
ldapmodify -h localhost -p 1389 -D "cn=admin,cn=config" -w configpassword -f /schema/custom.ldif
但我明白了:
ldap_bind: Invalid credentials (49)
凭据正确,也许 dn 不正确?
顺便说一句,如果我也尝试使用“Apache Directory Studio”访问配置,例如我无法使用 admin/configpassword 凭据进入“cn=config”域......同样的错误:无效凭据(49)
解决了。这些凭据不再在版本 2 中使用。我已更改为图像的 2.6 版本并且工作完美。