Chinaunix首页 | 论坛 | 博客
  • 博客访问: 180533
  • 博文数量: 54
  • 博客积分: 3129
  • 博客等级: 中校
  • 技术积分: 618
  • 用 户 组: 普通用户
  • 注册时间: 2008-07-20 22:49
文章分类

全部博文(54)

文章存档

2012年(2)

2010年(1)

2009年(8)

2008年(43)

我的朋友

分类:

2008-07-20 22:57:42

下面都是好早以前学习LDAP的一些笔记,粘一下,让太阳晒晒,别潮了.

下面是一个添加的LDIF文件的例子

dn: dc=myhome,dc=com

objectClass: dcObject

objectClass: organization

o: myhome

dc: myhome

description: this is myhome domain

dn: cn=aaa,dc=myhome,dc=com

objectClass: Person

objectClass: inetOrgPerson

uid: aaa

sn: aaa

cn: aaa

userpassword: 123456

telephoneNumber: 111-111-111

mail: aaa@market.myhome.com

description: this is user is market domain

dn: cn=bbb,dc=myhome,dc=com

objectClass: Person

objectClass: inetOrgPerson

uid: bbb

sn: bbb

cn: bbb

userpassword: 123456

telephoneNumber: 222-222-222

mail: bbb@market.myhome.com

description: this is user is market domain

dn: cn=ddd,dc=myhome,dc=com

objectClass: Person

objectClass: inetOrgPerson

uid: ddd

sn: ddd

cn: ddd

userpassword: 123456

telephoneNumber: 111-111-111

mail: ddd@market.myhome.com

description: this is user is market domain

dn: cn=eee,dc=myhome,dc=com

objectClass: Person

objectClass: inetOrgPerson

uid: eee

sn: eee

cn: eee

userpassword: 123456

telephoneNumber: 222-222-222

mail: eee@market.myhome.com

description: this is user is market domain

1对一个DN添加一个属性

dn: cn=bbb,dc=myhome,dc=com

changetype: modify

add: homePhone

homePhone: 112-233

#bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x

add homePhone:

112-233

modifying entry "cn=bbb,dc=myhome,dc=com"

modify complete

2再对另一个DN进行操作

dn: cn=eee,dc=myhome,dc=com

changetype: modify

add: mobile

mobile: 323-113-223

# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x

modifying entry "cn=eee,dc=myhome,dc=com"

3数据cn=eee,dc=myhome,dc=com的进行查询

# bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "cn=eee,dc=myhome,dc=com" -w secret -x -s sub -LLL

dn: cn=eee,dc=myhome,dc=com

objectClass: person

objectClass: inetOrgPerson

uid: eee

sn: eee

cn: eee

userPassword:: MTIzNDU2

telephoneNumber: 222-222-222

mail: eee@market.myhome.com

mail: asdfaf223@163.com

description: this is user is market domain

mobile: 323-113-223

# bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL cn sn uid

dn: dc=myhome,dc=com

dn: cn=aaa,dc=myhome,dc=com

uid: aaa

sn: aaa

cn: aaa

dn: cn=bbb,dc=myhome,dc=com

uid: bbb

sn: bbb

cn: bbb

dn: cn=ddd,dc=myhome,dc=com

uid: ddd

sn: ddd

cn: ddd

dn: cn=eee,dc=myhome,dc=com

uid: eee

sn: eee

cn: eee

# bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL -s sub uid=aaa sn cn uid

上面的uid=aaa就查不出来什么,但下面uid=*aaa却可以

# bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL -s sub uid=*aaa sn cn uid

dn: cn=aaa,dc=myhome,dc=com

uid: aaa

sn: aaa

cn: aaa

下面是这两上查询的输出日志,为什么结果却不一样,不是很清楚.:(

Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 fd=7 ACCEPT from IP=127.0.0.1:32846 (IP=0.0.0.0:389)

Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128

Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0

Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 op=0 RESULT tag=97 err=0 text=

Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 op=1 SRCH base="dc=myhome,dc=com" scope=2 deref=0 filter="(uid=aaa)"

Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 op=1 SRCH attr=sn cn uid

Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=

Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 op=2 UNBIND

Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 fd=7 closed

Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 fd=7 ACCEPT from IP=127.0.0.1:32847 (IP=0.0.0.0:389)

Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128

Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0

Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 op=0 RESULT tag=97 err=0 text=

Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 op=1 SRCH base="dc=myhome,dc=com" scope=2 deref=0 filter="(uid=*aaa)"

Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 op=1 SRCH attr=sn cn uid

Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=

Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 op=2 UNBIND

Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 fd=7 closed

    4下面是一个例子,操作步骤比较多,右侧是对应的每次操作的输出的日志:

    [root@linuxas3 openldap2.2.18]# vi tt.ldif

    dn: cn=eee,dc=myhome,dc=com

    changetype: add

    cn: eeee1

    sn: eeee1

    ~

    ~

    ~

    ~

    "tt.ldif" 4L, 64C written

    [root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x

    adding new entry "cn=eee,dc=myhome,dc=com"

    ldap_add: Object class violation (65)

    additional info: entry has no objectClass attribute

    [root@linuxas3 openldap2.2.18]# vi tt.ldif

    dn: cn=eee,dc=myhome,dc=com

    changetype: add

    cn: eeee1

    sn: eeee1

    objectclass: inetOrgPerson

    ~

    ~

    "tt.ldif" 5L, 91C written

    [root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x

    adding new entry "cn=eee,dc=myhome,dc=com"

    ldap_add: Naming violation (64)

    additional info: value of naming attribute 'cn' is not present in entry

    [root@linuxas3 openldap2.2.18]# vi tt.ldif

    dn: cn=eee,dc=myhome,dc=com

    changetype: add

    cn: eeee1

    sn: eeee1

    objectclass: person

    objectclass: inetOrgPerson

    ~

    ~

    "tt.ldif" 6L, 111C written

    [root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x

    adding new entry "cn=eee,dc=myhome,dc=com"

    ldap_add: Naming violation (64)

    additional info: value of naming attribute 'cn' is not present in entry

    [root@linuxas3 openldap2.2.18]# vi tt.ldif

    dn: cn=eee,dc=myhome,dc=com

    objectclass: person

    objectclass: inetOrgPerson

    changetype: add

    cn: eeee1

    sn: eeee1

    ~

    ~

    ~

    "tt.ldif" 6L, 111C written

    [root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x

    modifying entry "cn=eee,dc=myhome,dc=com"

    ldap_modify: Undefined attribute type (17)

    additional info: changetype: attribute type undefined

    [root@linuxas3 openldap2.2.18]# vi tt.ldif

    dn: cn=eee,dc=myhome,dc=com

    objectclass: person

    objectclass: inetOrgPerson

    changetype: modify

    add: cn sn

    cn: eeee1

    sn: eeee1

    ~

    ~

    "tt.ldif" 7L, 125C written

    [root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x

    modifying entry "cn=eee,dc=myhome,dc=com"

    ldap_modify: Undefined attribute type (17)

    additional info: changetype: attribute type undefined

    [root@linuxas3 openldap2.2.18]# vi tt.ldif

    dn: cn=eee,dc=myhome,dc=com

    objectclass: person

    objectclass: inetOrgPerson

    changetype: modify

    add: cn,sn

    cn: eeee1

    sn: eeee1

    ~

    ~

    ~

    "tt.ldif" 7L, 125C written

    [root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x

    modifying entry "cn=eee,dc=myhome,dc=com"

    ldap_modify: Undefined attribute type (17)

    additional info: changetype: attribute type undefined

    [root@linuxas3 openldap2.2.18]# vi tt.ldif

    dn: cn=eee,dc=myhome,dc=com

    objectclass: person

    objectclass: inetOrgPerson

    changetype: modify

    add: sn

    sn: eeee1

    ~

    ~

    ~

    "tt.ldif" 6L, 112C written

    [root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x

    modifying entry "cn=eee,dc=myhome,dc=com"

    ldap_modify: Undefined attribute type (17)

    additional info: changetype: attribute type undefined

    [root@linuxas3 openldap2.2.18]# vi tt.ldif

    objectclass: person

    objectclass: inetOrgPerson

    dn: cn=eee,dc=myhome,dc=com

    changetype: modify

    add: sn

    sn: eeee1

    ~

    ~

    ~

    "tt.ldif" 4L, 65C written

    [root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x

    modifying entry "cn=eee,dc=myhome,dc=com"

    [root@linuxas3 openldap2.2.18]# vi tt.ldif

    dn: cn=eee,dc=myhome,dc=com

    changetype: modify

    add: sn,cn

    sn: eeee1

    cn: eee2

    ~

    ~

    "tt.ldif" 5L, 77C written

    [root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x

    modifying entry "cn=eee,dc=myhome,dc=com"

    ldap_modify: Type or value exists (20)

    additional info: modify/add: sn: value #0 already exists

    [root@linuxas3 openldap2.2.18]# vi tt.ldif

    dn: cn=eee,dc=myhome,dc=com

    changetype: modify

    add: sn,cn

    sn: eee1

    cn: eee2

    ~

    ~

    "tt.ldif" 5L, 76C written

    [root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x

    modifying entry "cn=eee,dc=myhome,dc=com"

    [root@linuxas3 openldap2.2.18]#

    下在是再次查询cn=eee这个entry的全部属性,得到的结果如下所示:

    # bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL -s sub uid=*eee

    dn: cn=eee,dc=myhome,dc=com

    objectClass: person

    objectClass: inetOrgPerson

    uid: eee

    sn: eee

    sn: eeee1

    sn: eee1

    cn: eee

    cn: eee2

    userPassword:: MTIzNDU2

    telephoneNumber: 222-222-222

    mail: eee@market.myhome.com

    mail: asdfaf223@163.com

    description: this is user is market domain

    mobile: 323-113-223

这一侧是对应的日志:

Mar 12 05:06:17 linuxas3 slapd[1763]: conn=72 fd=7 ACCEPT from IP=127.0.0.1:32848 (IP=0.0.0.0:389)

Mar 12 05:06:17 linuxas3 slapd[1763]: conn=72 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128

Mar 12 05:06:17 linuxas3 slapd[1763]: conn=72 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0

Mar 12 05:06:17 linuxas3 slapd[1763]: conn=72 op=0 RESULT tag=97 err=0 text=

Mar 12 05:06:17 linuxas3 slapd[1763]: conn=72 op=1 ADD dn="cn=eee,dc=myhome,dc=com"

Mar 12 05:06:17 linuxas3 slapd[1763]: conn=72 op=1 RESULT tag=105 err=65 text=entry has no objectClass attribute

Mar 12 05:06:17 linuxas3 slapd[1763]: conn=72 op=2 UNBIND

Mar 12 05:06:17 linuxas3 slapd[1763]: conn=72 fd=7 closed

Mar 12 05:06:32 linuxas3 slapd[1763]: conn=73 fd=7 ACCEPT from IP=127.0.0.1:32849 (IP=0.0.0.0:389)

Mar 12 05:06:32 linuxas3 slapd[1763]: conn=73 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128

Mar 12 05:06:32 linuxas3 slapd[1763]: conn=73 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0

Mar 12 05:06:32 linuxas3 slapd[1763]: conn=73 op=0 RESULT tag=97 err=0 text=

Mar 12 05:06:32 linuxas3 slapd[1763]: conn=73 op=1 ADD dn="cn=eee,dc=myhome,dc=com"

Mar 12 05:06:32 linuxas3 slapd[1763]: conn=73 op=1 RESULT tag=105 err=64 text=value of naming attribute 'cn' is not present in entry

Mar 12 05:06:32 linuxas3 slapd[1763]: conn=73 op=2 UNBIND

Mar 12 05:06:32 linuxas3 slapd[1763]: conn=73 fd=7 closed

Mar 12 05:07:04 linuxas3 slapd[1763]: conn=74 fd=7 ACCEPT from IP=127.0.0.1:32850 (IP=0.0.0.0:389)

Mar 12 05:07:04 linuxas3 slapd[1763]: conn=74 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128

Mar 12 05:07:04 linuxas3 slapd[1763]: conn=74 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0

Mar 12 05:07:04 linuxas3 slapd[1763]: conn=74 op=0 RESULT tag=97 err=0 text=

Mar 12 05:07:04 linuxas3 slapd[1763]: conn=74 op=1 ADD dn="cn=eee,dc=myhome,dc=com"

Mar 12 05:07:04 linuxas3 slapd[1763]: conn=74 op=1 RESULT tag=105 err=64 text=value of naming attribute 'cn' is not present in entry

Mar 12 05:07:04 linuxas3 slapd[1763]: conn=74 op=2 UNBIND

Mar 12 05:07:04 linuxas3 slapd[1763]: conn=74 fd=7 closed

Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 fd=7 ACCEPT from IP=127.0.0.1:32851 (IP=0.0.0.0:389)

Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128

Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0

Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 op=0 RESULT tag=97 err=0 text=

Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 op=1 MOD dn="cn=eee,dc=myhome,dc=com"

Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 op=1 MOD attr=objectclass changetype cn sn

Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 op=1 RESULT tag=103 err=17 text=changetype: attribute type undefined

Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 op=2 UNBIND

Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 fd=7 closed

Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 fd=7 ACCEPT from IP=127.0.0.1:32852 (IP=0.0.0.0:389)

Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128

Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0

Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 op=0 RESULT tag=97 err=0 text=

Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 op=1 MOD dn="cn=eee,dc=myhome,dc=com"

Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 op=1 MOD attr=objectclass changetype add cn sn

Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 op=1 RESULT tag=103 err=17 text=changetype: attribute type undefined

Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 op=2 UNBIND

Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 fd=7 closed

Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 fd=7 ACCEPT from IP=127.0.0.1:32853 (IP=0.0.0.0:389)

Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128

Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0

Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 op=0 RESULT tag=97 err=0 text=

Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 op=1 MOD dn="cn=eee,dc=myhome,dc=com"

Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 op=1 MOD attr=objectclass changetype add cn sn

Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 op=1 RESULT tag=103 err=17 text=changetype: attribute type undefined

Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 op=2 UNBIND

Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 fd=7 closed

Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 fd=7 ACCEPT from IP=127.0.0.1:32854 (IP=0.0.0.0:389)

Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128

Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0

Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 op=0 RESULT tag=97 err=0 text=

Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 op=1 MOD dn="cn=eee,dc=myhome,dc=com"

Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 op=1 MOD attr=objectclass changetype add sn

Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 op=1 RESULT tag=103 err=17 text=changetype: attribute type undefined

Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 op=2 UNBIND

Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 fd=7 closed

Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 fd=7 ACCEPT from IP=127.0.0.1:32855 (IP=0.0.0.0:389)

Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128

Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0

Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 op=0 RESULT tag=97 err=0 text=

Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 op=1 MOD dn="cn=eee,dc=myhome,dc=com"

Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 op=1 MOD attr=sn

Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 op=1 RESULT tag=103 err=0 text=

Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 op=2 UNBIND

Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 fd=7 closed

Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 fd=7 ACCEPT from IP=127.0.0.1:32856 (IP=0.0.0.0:389)

Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128

Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0

Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 op=0 RESULT tag=97 err=0 text=

Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 op=1 MOD dn="cn=eee,dc=myhome,dc=com"

Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 op=1 MOD attr=sn cn

Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 op=1 RESULT tag=103 err=20 text=modify/add: sn: value #0 already exists

Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 op=2 UNBIND

Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 fd=7 closed

Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 fd=7 ACCEPT from IP=127.0.0.1:32857 (IP=0.0.0.0:389)

Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128

Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0

Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 op=0 RESULT tag=97 err=0 text=

Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 op=1 MOD dn="cn=eee,dc=myhome,dc=com"

Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 op=1 MOD attr=sn cn

Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 op=1 RESULT tag=103 err=0 text=

Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 op=2 UNBIND

Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 fd=7 closed

    下面将要查询的是对cn=eee,dc=myhome,dc=com进行一些修改操作:

    下是在要操作的tt.ldif文件的内容:

    dn: cn=eee,dc=myhome,dc=com

    changetype: modify

    replace: telephoneNumber

    telephoneNumber: 999-999-999

    # bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x

    modifying entry "cn=eee,dc=myhome,dc=com"

    # bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL -s sub uid=*eee

    dn: cn=eee,dc=myhome,dc=com

    objectClass: person

    objectClass: inetOrgPerson

    uid: eee

    sn: eee

    sn: eeee1

    sn: eee1

    cn: eee

    cn: eee2

    userPassword:: MTIzNDU2

    mail: eee@market.myhome.com

    mail: asdfaf223@163.com

    description: this is user is market domain

    mobile: 323-113-223

    telephoneNumber: 999-999-999

    上面反红的地方说明已经修改成功

    要修改的ldif文件如下所示:

    dn: cn=eee,dc=myhome,dc=com

    changetype: modify

    replace: sn,cn

    sn: replace1

    cn: replace2

    # bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x

    modifying entry "cn=eee,dc=myhome,dc=com"

    ldap_modify: Undefined attribute type (17)

    additional info: sn,cn: AttributeDescription contains inappropriate characters

    这个操作

    修改ldif文件为

    dn: cn=eee,dc=myhome,dc=com

    changetype: modify

    replace: mail

    mail: asf3322@gmail.com

    # bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x

    modifying entry "cn=eee,dc=myhome,dc=com"

    # bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL -s sub uid=*eee

    dn: cn=eee,dc=myhome,dc=com

    objectClass: person

    objectClass: inetOrgPerson

    uid: eee

    sn: eee

    sn: eeee1

    sn: eee1

    cn: eee

    cn: eee2

    userPassword:: MTIzNDU2

    description: this is user is market domain

    mobile: 323-113-223

    telephoneNumber: 999-999-999

    mail: asf3322@gmail.com

    这里面发生了奇怪的事情,原来cn=eee有两个mail属性,从上一个例子的查询结果就知道了.分别是

    mail: eee@market.myhome.com

    mail: asdfaf223@163.com

    tt.ldif文件里面

    dn: cn=eee,dc=myhome,dc=com

    changetype: modify

    replace: mail

    mail: asf3322@gmail.com

    只替换了一个mail属性,侧从上面的查询结果来看,这个ldif文件的一个mail属性把原来的entry里面的两上mail属性都给覆盖成一个了.

    下面是对sn的属性进行替换的一个例子

    # bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL -s sub uid=*eee

    dn: cn=eee,dc=myhome,dc=com

    objectClass: person

    objectClass: inetOrgPerson

    uid: eee

    sn: eee

    sn: eeee1

    sn: eee1

    cn: eee

    cn: eee2

    userPassword:: MTIzNDU2

    description: this is user is market domain

    mobile: 323-113-223

    telephoneNumber: 999-999-999

    mail: asf3322@gmail.com

    # more tt.ldif

    dn: cn=eee,dc=myhome,dc=com

    changetype: modify

    replace: sn

    sn: test2

    [root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x

    modifying entry "cn=eee,dc=myhome,dc=com"

    [root@linuxas3 openldap2.2.18]# bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL -s sub uid=*eee

    dn: cn=eee,dc=myhome,dc=com

    objectClass: person

    objectClass: inetOrgPerson

    uid: eee

    cn: eee

    cn: eee2

    userPassword:: MTIzNDU2

    description: this is user is market domain

    mobile: 323-113-223

    telephoneNumber: 999-999-999

    mail: asf3322@gmail.com

    sn: test2

    这个替换也出现上一个mail同样的情况.替换一个sn的值,却把已经存在的两个属性都替换没了.

    [root@linuxas3 openldap2.2.18]# bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL -s sub uid=*eee

    dn: cn=eee,dc=myhome,dc=com

    objectClass: person

    objectClass: inetOrgPerson

    uid: eee

    cn: eee

    cn: eee2

    userPassword:: MTIzNDU2

阅读(11662) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~