3
hi:
最近在搞ldap+sudo,現在遇到一個問題,就是我在導入sudo信息時會報錯,先看一下我的sudo.ldif
dn: ou=SUDOers,dc=hxc,dc=com
objectClass: top
objectClass: organizationalUnit
objectClass: sudoRole
description: SUDO Configuration Subtree
ou: SUDOers
dn: cn=defaults,dc=hxc,dc=com
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here
sudoOption: requiretty
sudoOption: !visiblepw
sudoOption: env_reset
dn: cn=tang,dc=hxc,dc=com
objectClass: top
objectClass: sudoRole
cn: tang
sudoUser: tang
sudoHost: ALL
sudoRunAsUser: ALL
sudoCommand: ALL
sudoOption: !authenticate
執行 ldapadd -v -c -x -D "cn=root,dc=hxc,dc=com" -w secret -f sudoer.ldif
ldap_initialize( <DEFAULT> )
add objectClass:
top
organizationalUnit
sudoRole
add description:
SUDO Configuration Subtree
add ou:
SUDOers
adding new entry "ou=SUDOers,dc=hxc,dc=com"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #2 invalid per syntax
add objectClass:
top
sudoRole
add cn:
defaults
add description:
Default sudoOption's go here
add sudoOption:
requiretty
!visiblepw
env_reset
adding new entry "cn=defaults,dc=hxc,dc=com"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #1 invalid per syntax
add objectClass:
top
sudoRole
add cn:
tang
add sudoUser:
tang
add sudoHost:
ALL
add sudoRunAsUser:
ALL
add sudoCommand:
ALL
add sudoOption:
!authenticate
adding new entry "cn=tang,dc=hxc,dc=com"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #1 invalid per syntax
似乎在說我sudoRole這個objectClass不對,但是在slapd.conf里已經包含了sudo.schema
[root@ftp-1-253 openldap]# vi slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
include /etc/openldap/schema/sudo.schema
再看sudo.schema
[root@ftp-1-253 openldap]# cat /etc/openldap/schema/sudo.schema
#
# OpenLDAP schema file for Sudo
# Save as /etc/openldap/schema/sudo.schema
#
attributetype ( 1.3.6.1.4.1.15953.9.1.1
NAME 'sudoUser'
DESC 'User(s) who may run sudo'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.2
NAME 'sudoHost'
DESC 'Host(s) who may run sudo'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.3
NAME 'sudoCommand'
DESC 'Command(s) to be executed by sudo'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.4
NAME 'sudoRunAs'
DESC 'User(s) impersonated by sudo (deprecated)'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.5
NAME 'sudoOption'
DESC 'Options(s) followed by sudo'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.6
NAME 'sudoRunAsUser'
DESC 'User(s) impersonated by sudo'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.7
NAME 'sudoRunAsGroup'
DESC 'Group(s) impersonated by sudo'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
DESC 'Sudoer Entries'
MUST ( cn )
MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $
description )
)
請大家幫我看看到底是什麽問題呢