1
我正在尝试使用ssh公钥对LDAP(389 DS)进行身份验证。向389目录服务器添加自定义架构
我已阅读https://github.com/AndriiGrytsenko/openssh-ldap-publickey(还有更多)
的第一步是将对象类添加到LDAP。
基于https://github.com/AndriiGrytsenko/openssh-ldap-publickey/blob/master/misc/openssh-lpk-openldap.schema(设计为openldap)。我为389 DS创建了自己的ldif文件。
貌似这个
# 60sshlpk.ldif
# ldapPublicKey
#
# LDAP Public Key Patch schema for use with openssh-ldappubkey
# useful with PKA-LDAP also
#
# Author: Eric AUGE <[email protected]>
#
# Based on the proposal of : Mark Ruijter
#
################################################################################
#
dn: cn=schema
#
################################################################################
#
attributetype: (
1.3.6.1.4.1.24552.500.1.1.1.13
NAME 'sshPublicKey'
DESC 'MANDATORY: OpenSSH Public key'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
)
#
################################################################################
#
objectclass: (
1.3.6.1.4.1.24552.500.1.1.2.0
NAME 'ldapPublicKey'
SUP top
AUXILIARY
DESC 'MANDATORY: OpenSSH LPK objectclass'
MUST (sshPublicKey $ uid)
)
#
################################################################################
#
我已经提出了新的方案在/ etc/dirsrv/slapd的-DIR /模式/并重新启动服务器。
文件是好的加载,但...
[25/Dec/2014:18:40:47 +0100] - Entry "cn=schema" has unknown object class "( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY DESC 'MANDATORY: OpenSSH LPK objectclass' MUST (sshPublicKey $ uid) )"
[25/Dec/2014:18:40:47 +0100] - Entry "cn=schema" has unknown object class "(1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY DESC 'MANDATORY: OpenSSH LPK objectclass' MUST (sshPublicKey $ uid) )"
[25/Dec/2014:18:40:47 +0100] - Entry "cn=schema" has unknown object class "(1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY DESC 'MANDATORY: OpenSSH LPK objectclass' MUST (sshPublicKey $ uid) )"
[25/Dec/2014:18:40:47 +0100] - Entry "cn=schema" has unknown object class "(1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY DESC 'MANDATORY: OpenSSH LPK objectclass' MUST (sshPublicKey $ uid) )"
[25/Dec/2014:18:40:47 +0100] - 389-Directory/1.2.10.4 B2013.059.1953 starting up
[25/Dec/2014:18:40:47 +0100] - slapd started. Listening on All Interfaces port 389 for LDAP requests
我需要389个DS权的新的OID?
如果答案是肯定的,有人知道如何进行?
感谢和圣诞快乐!
除了这个答案 - 因为这让我:你需要大写字母(T在attributeTypes和C在objectClasses中),但**也添加了一个's'字符结束)** – jmurphyau