LDAP 错误:结构对象类链无效(organizationalUnit/referral)
我正在尝试从 Oracle 的 JNDI 教程 在我的 OpenLDAP 实例中使用命令:
ldapadd -x -D cn=admin,dc=example,dc=com -W -f refserver.ldif
where, refserver.ldif 看起来像这样:
dn: o=JNDITutorial,dc=example,dc=com
o: JNDITutorial
objectclass: top
objectclass: organization
dn: ou=All, o=JNDITutorial,dc=example,dc=com
ou: All
objectclass: top
objectclass: organizationalunit
dn: ou=People, o=JNDITutorial,dc=example,dc=com
ou: People
objectclass: top
objectclass: organizationalunit
objectclass: referral
ref: ldap://10.97.98.201:389/ou=People,o=JNDITutorial
dn: ou=People, ou=All, o=JNDITutorial,dc=example,dc=com
ou: People
objectclass: top
objectclass: organizationalunit
objectclass: referral
ref: ldap://10.97.98.201:389/ou=People,o=JNDITutorial
dn: ou=NewHires, ou=All, o=JNDITutorial,dc=example,dc=com
ou: NewHires
objectclass: top
objectclass: organizationalunit
objectclass: referral
ref: ldap://10.97.98.201:389/ou=NewHires,o=JNDITutorial
这会部分成功,报告以下内容:
adding new entry "o=JNDITutorial,dc=example,dc=com"
adding new entry "ou=All, o=JNDITutorial,dc=example,dc=com"
adding new entry "ou=People, o=JNDITutorial,dc=example,dc=com"
ldap_add: Object class violation (65)
additional info: invalid structural object class chain (organizationalUnit/referral)
我正在尝试从 此处。但是,原因和解决方案对我来说有点不清楚。有人可以阐明这一点并提出补救措施吗?
提前致谢!
I am trying to import the following sample from Oracle's JNDI tutorial in my OpenLDAP instance using command:
ldapadd -x -D cn=admin,dc=example,dc=com -W -f refserver.ldif
where, refserver.ldif looks like this:
dn: o=JNDITutorial,dc=example,dc=com
o: JNDITutorial
objectclass: top
objectclass: organization
dn: ou=All, o=JNDITutorial,dc=example,dc=com
ou: All
objectclass: top
objectclass: organizationalunit
dn: ou=People, o=JNDITutorial,dc=example,dc=com
ou: People
objectclass: top
objectclass: organizationalunit
objectclass: referral
ref: ldap://10.97.98.201:389/ou=People,o=JNDITutorial
dn: ou=People, ou=All, o=JNDITutorial,dc=example,dc=com
ou: People
objectclass: top
objectclass: organizationalunit
objectclass: referral
ref: ldap://10.97.98.201:389/ou=People,o=JNDITutorial
dn: ou=NewHires, ou=All, o=JNDITutorial,dc=example,dc=com
ou: NewHires
objectclass: top
objectclass: organizationalunit
objectclass: referral
ref: ldap://10.97.98.201:389/ou=NewHires,o=JNDITutorial
This runs into partial success, reporting the following:
adding new entry "o=JNDITutorial,dc=example,dc=com"
adding new entry "ou=All, o=JNDITutorial,dc=example,dc=com"
adding new entry "ou=People, o=JNDITutorial,dc=example,dc=com"
ldap_add: Object class violation (65)
additional info: invalid structural object class chain (organizationalUnit/referral)
I am trying to read up the cause from here. However, the cause and solution is a bit unclear to me. Can someone please shed some light on this and suggest remedy?
Thanks in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
解释很简单,当您在 LDAP 目录中创建对象时,该对象必须具有SINGLE结构类。在您的例子中,您提到了两个结构类
organizationalunit和referal。完成您想做的事情的正确方法是使用结构类和辅助类。
extensibleObject是一个辅助类,它允许您使用您想要的任何属性。这是一个示例
备注:在这里您可以看到 LDAP URL 是用 base64 编码的(由 :: 引入),最好采用 LDIF 格式。 Apache Directory Studio 是一个开源产品,允许您以图形方式测试 OpenLdap(您将在里面找到B64 转换器),该工具可以生成您的 LDIF 文件。
The explanation is very simple, when you create an object in a LDAP directory, this object MUST be with a SINGLE structural class. In your case you mention two structural classes
organizationalunitandreferal.A correct way to do what you want to do is to use a structural class and an auxiliary class.
extensibleObjectis an auxiliary class that allow you to use any attribute you want.Here is a sample
Remark : here you can see that the LDAP URL is coded in base64 (introduced by ::) it's better to do so in LDIF format. Apache Directory Studio is an open source product that allow you to test your OpenLdap graphicaly (you'll find inside a B64 converter), this tool can generate your LDIF files.