问题
I am trying to add a custom attributes object class, because one of my applications only works with sAMAccountName.
I found out, that it needs the following schema to add it to LDAP.
olcAttributeTypes: ( 1.2.840.113556.1.4.221
NAME 'sAMAccountName'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
SINGLE-VALUE )
I created a ldif file with this content and sAMAccountName appeared in Apache Directory Studio
dn: cn=custom-attributes,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: custom-attributes
olcAttributeTypes: ( 1.2.840.113556.1.4.221
NAME 'sAMAccountName'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
SINGLE-VALUE )
But if I tried to add this attribute to my user I got an error #65, because it was not allowed by my object classes, so I removed it and tried to add a object class for custom attributes:
dn: cn=custom-attributes,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: custom-attributes
olcAttributeTypes: ( 1.2.840.113556.1.4.221
NAME 'sAMAccountName'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
SINGLE-VALUE )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.100.1
NAME 'customAttributes'
SUP top
AUXILIARY
DESC 'Custom attributes class'
MAY (sAMAccountName)
)
Now I am getting this error
ldapadd: invalid format (line 6) entry: "cn=custom-attributes,cn=schema,cn=config"
I am adding the ldif file via terminal
ldapadd -H ldaps://ldap.mydomain.com/ -f samaccountname.ldif -D "cn=admin,cn=config" -w mypassword
Which line is meant by the error message? And whats wrong with the syntax?
I also heard about proxy the sAMAccountName to uid, but I did not find a example ldif file, so this solution seamed more achievable to me.
回答1:
I think it is due to the last parenthesis. A new line on a LDIF file means a new item description. Try to put the last parenthesis at the end of the MAY line.
来源:https://stackoverflow.com/questions/45725124/openldap-samaccountname-as-custom-attribute