Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/visual-studio-code/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
FreeIPA可以';无法查看LDAP自定义属性_Ldap_Freeipa - Fatal编程技术网
Fatal编程技术网
  • ldap/
  • FreeIPA可以';无法查看LDAP自定义属性

FreeIPA可以';无法查看LDAP自定义属性

ldap

FreeIPA可以';无法查看LDAP自定义属性,ldap,freeipa,Ldap,Freeipa,我正在尝试向FreeIPA添加新属性,我使用“ldapmodify”向LDAP添加了自定义属性和对象类 #color.ldif dn: cn=schema changetype: modify add: attributeTypes attributeTypes: ( 2.25.28639311321113238241701611583088740684.14.2.2 NAME 'favoriteColorName' EQUALITY caseIgnoreMatch SUBSTR cas

我正在尝试向FreeIPA添加新属性,我使用“ldapmodify”向LDAP添加了自定义属性和对象类

#color.ldif
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( 2.25.28639311321113238241701611583088740684.14.2.2
  NAME 'favoriteColorName'
  EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  X-ORIGIN 'Extending FreeIPA' )

dn: cn=schema
changetype: modify
add: objectclasses
objectclasses: ( 2.25.28639311321113238241701611583088740684.14.2.1
  NAME 'customPerson' SUP person
  STRUCTURAL
  MAY ( favoriteColorName )
  X-ORIGIN 'Extending FreeIPA' )
然后重新启动服务器并使用

ipa config-mod --addattr=ipaUserObjectClasses=customPerson
按照中的说明,一切顺利,最后我将插件添加到freeIPA

#color.py
from ipalib.plugins import user
from ipalib.parameters import Str
from ipalib import _
user.user.takes_params = user.user.takes_params + (
    Str('favoritecolorname?',
        cli_name='color',
        label=_('Favorite color'),
    ),
)
user.user.default_attributes.append('favoritecolorname')
当我尝试运行该命令时:

ipa user-mod admin --color=red
我得到一个错误:

ipa:错误:不允许属性“favoriteColorName”

我找到了问题的原因。看起来用户“admin”没有包含新创建的类“customPerson”

[root@domain ~]# ipa user-show admin --all
  dn: uid=admin,cn=users,cn=accounts,dc=sample,dc=com
  User login: admin
  Last name: Administrator
  Full name: Administrator
  Home directory: /home/admin
  GECOS: Administrator
  Login shell: /bin/bash
  Kerberos principal: admin@sample.com
  UID: 1236600000
  GID: 1236600000
  Account disabled: False
  Password: True
  Member of groups: admins, trust admins
  Kerberos keys available: True
  objectclass: top, person, posixaccount, krbprincipalaux, krbticketpolicyaux,
               inetuser, ipaobject, ipasshuser, ipaSshGroupOfPubKeys
因此,不允许尝试使用那些ObjectClass中未包含的属性。但允许修改其他用户的颜色值:

[root@domain ~]# ipa user-mod test --color=blue
--------------------
Modified user "test"
--------------------
  User login: test
  First name: test
  Last name: test
  Home directory: /home/test
  Login shell: /bin/bash
  Email address: test@sample.com
  UID: 1236600007
  GID: 1236600007
  Account disabled: False
  Favorite color: blue
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
是的,当新的对象类可用时,现有对象不会“自动”修改(将特定对象类中的“拍打”到特定条目中没有逻辑)。因此,您需要以这样的方式更改回调:如果ObjectClass没有这个类,它将在添加新属性时修改ObjectClass。