1
我正在嘗試使用ssh公鑰對LDAP(389 DS)進行身份驗證。向389目錄服務器添加自定義架構
我已閱讀https://github.com/AndriiGrytsenko/openssh-ldap-publickey(還有更多)
的第一步是將對象類添加到LDAP。
基於https://github.com/AndriiGrytsenko/openssh-ldap-publickey/blob/master/misc/openssh-lpk-openldap.schema(設計爲openldap)。我爲389 DS創建了自己的ldif文件。
貌似這個
# 60sshlpk.ldif
# ldapPublicKey
#
# LDAP Public Key Patch schema for use with openssh-ldappubkey
# useful with PKA-LDAP also
#
# Author: Eric AUGE <[email protected]>
#
# Based on the proposal of : Mark Ruijter
#
################################################################################
#
dn: cn=schema
#
################################################################################
#
attributetype: (
1.3.6.1.4.1.24552.500.1.1.1.13
NAME 'sshPublicKey'
DESC 'MANDATORY: OpenSSH Public key'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
)
#
################################################################################
#
objectclass: (
1.3.6.1.4.1.24552.500.1.1.2.0
NAME 'ldapPublicKey'
SUP top
AUXILIARY
DESC 'MANDATORY: OpenSSH LPK objectclass'
MUST (sshPublicKey $ uid)
)
#
################################################################################
#
我已經提出了新的方案在/ etc/dirsrv/slapd的-DIR /模式/並重新啓動服務器。
文件是好的加載,但...
[25/Dec/2014:18:40:47 +0100] - Entry "cn=schema" has unknown object class "( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY DESC 'MANDATORY: OpenSSH LPK objectclass' MUST (sshPublicKey $ uid) )"
[25/Dec/2014:18:40:47 +0100] - Entry "cn=schema" has unknown object class "(1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY DESC 'MANDATORY: OpenSSH LPK objectclass' MUST (sshPublicKey $ uid) )"
[25/Dec/2014:18:40:47 +0100] - Entry "cn=schema" has unknown object class "(1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY DESC 'MANDATORY: OpenSSH LPK objectclass' MUST (sshPublicKey $ uid) )"
[25/Dec/2014:18:40:47 +0100] - Entry "cn=schema" has unknown object class "(1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY DESC 'MANDATORY: OpenSSH LPK objectclass' MUST (sshPublicKey $ uid) )"
[25/Dec/2014:18:40:47 +0100] - 389-Directory/1.2.10.4 B2013.059.1953 starting up
[25/Dec/2014:18:40:47 +0100] - slapd started. Listening on All Interfaces port 389 for LDAP requests
我需要389個DS權的新的OID?
如果答案是肯定的,有人知道如何進行?
感謝和聖誕快樂!
除了這個答案 - 因爲這讓我:你需要大寫字母(T在attributeTypes和C在objectClasses中),但**也添加了一個's'字符結束)** – jmurphyau