Fatal编程技术网
  • active-directory/
  • Active directory ways(ldapsearch、getenv passwd、java API)无法搜索uidNumber,但它已在Microsoft AD中设置

Active directory ways(ldapsearch、getenv passwd、java API)无法搜索uidNumber,但它已在Microsoft AD中设置

active-directory ldap

Active directory ways(ldapsearch、getenv passwd、java API)无法搜索uidNumber,但它已在Microsoft AD中设置,active-directory,ldap,pam,Active Directory,Ldap,Pam,我尝试了很多,几乎看到了使用纯LDAP(pam_LDAP)登录Linux(CENT OS 6)和MS Active Directory的希望。问题在于标题。资料如下 我使用调试模式运行nslcd:nslcd-d。然后我使用用户ricky登录,但失败了。nslcd的错误是 当我使用命令getent passwd 8888/ldapsearch或java API(Apache Directory Studio)时,我得到了相同的错误/消息/结果,即无法查看/搜索uidNumber。下面是目标Linu

我尝试了很多,几乎看到了使用纯LDAP(pam_LDAP)登录Linux(CENT OS 6)和MS Active Directory的希望。问题在于标题。资料如下

  • 我使用调试模式运行nslcd:
    nslcd-d
    。然后我使用用户ricky登录,但失败了。nslcd的错误是
    • 当我使用命令getent passwd 8888/ldapsearch或java API(Apache Directory Studio)时,我得到了相同的错误/消息/结果,即无法查看/搜索uidNumber。下面是目标Linux服务器中ldapsearch的输出。您可以看到结果没有返回uidNUmber和gidNumber。用户是一个POSIX帐户

    ldapsearch -x -H ldap://192.168.0.82:3268 -D "CN=ricky,CN=Users,DC=kelamayi,DC=com" -b "CN=Users,DC=kelamayi,DC=com" -W sAMAccountName=ricky
  • 我在Windows Server 2012 R2的AD中设置uidNumber和gidNumber,并可以通过Windows命令进行搜索
    • 这让我觉得这可能是广告方面的问题……但仍在寻找原因。

    uidNumber在全球目录中吗?@jwilleke,谢谢你的帮助。在我为uidNumber、gidNumber、unixHomeDirectory和refresh AD server“将此属性复制到全局目录”之后。我成功了。 
    ldapsearch -x -H ldap://192.168.0.82:3268 -D "CN=ricky,CN=Users,DC=kelamayi,DC=com" -b "CN=Users,DC=kelamayi,DC=com" -W sAMAccountName=ricky

    dn: CN=ricky,CN=Users,DC=kelamayi,DC=com
objectClass: top
**objectClass: posixAccount**
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: ricky
sn: ricky
distinguishedName: CN=ricky,CN=Users,DC=kelamayi,DC=com
instanceType: 4
whenCreated: 20180817065146.0Z
whenChanged: 20180818120211.0Z
displayName: ricky
uSNCreated: 12923
memberOf: CN=unixgrp,DC=kelamayi,DC=com
memberOf: CN=Domain Admins,CN=Users,DC=kelamayi,DC=com
uSNChanged: 20561
name: ricky
objectGUID:: 4LUI5gIJoUGi3E/FAOzCwg==
userAccountControl: 66048
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAkBu6Z6KeddWjPO/ceAQAAA==
sAMAccountName: ricky
sAMAccountType: 805306368
userPrincipalName: ricky@kelamayi.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=kelamayi,DC=com
dSCorePropagationData: 20180817082734.0Z
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 131789626301116683
    PS C:\Users\Administrator> Get-ADUser –Identity ricky -Properties uidNumber, gidNumber 
    DistinguishedName : CN=ricky,CN=Users,DC=kelamayi,DC=com
Enabled           : True
gidNumber         : 9999
GivenName         :
Name              : ricky
ObjectClass       : user
ObjectGUID        : e608b5e0-0902-41a1-a2dc-4fc500ecc2c2
SamAccountName    : ricky
SID               : S-1-5-21-1740250000-3581255330-3706666147-1144
Surname           : ricky
uidNumber         : 8888
UserPrincipalName : ricky@kelamayi.com