Estou tentando executar um arquivo .ldif personalizado no início da inicialização do servidor OpenLDAP e consegui usando o seguinte comando:
ldapadd -x -D cn=admin,dc=vlad,dc=lan -w admin -H ldap:// -f ldap/ldap-test.ldif
Infelizmente, quero poder adicionar atributos personalizados e classes de objetos ao esquema usando o seguinte:
dn: cn=schema,cn=config
changetype: modify
add: olcObjectClasses
olcObjectClasses: ( 1.2.3.4.5.6.7.8.9.0 NAME 'myCustomObjectClass'
DESC 'My Custom Object Class'
AUXILIARY
MAY ( customAttribute1 $ customAttribute2 $ customAttribute3 $
customAttribute4 $ customAttribute5 $ customAttribute6 $
customAttribute7 $ customAttribute8 $ customAttribute9 $
customAttribute10 $ customAttribute11 $ customAttribute12 $
customAttribute13 $ customAttribute14 $ customAttribute15 ) )
Infelizmente, isso gera o erro de acesso insuficiente 50. Esta é a saída de slapcat -n0
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth manage by * break
olcRootDN: cn=admin,cn=config
structuralObjectClass: olcDatabaseConfig
entryUUID: 3e49b716-55fd-103e-8582-a14a85261557
creatorsName: cn=config
createTimestamp: 20240202095739Z
olcRootPW:: e1NTSEF9d3J4NGVYaUFvaGRmc2dDOXlqT0V0cEFmSWhZYklxWXo=
entryCSN: 20240202095739.321947Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20240202095739Z
dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=vlad,dc=lan
olcLastMod: TRUE
olcRootDN: cn=admin,dc=vlad,dc=lan
olcRootPW:: -----
olcDbCheckpoint: 512 30
olcDbMaxSize: 1073741824
structuralObjectClass: olcMdbConfig
entryUUID: 3e49fae6-55fd-103e-8589-a14a85261557
creatorsName: cn=admin,cn=config
createTimestamp: 20240202095739Z
olcDbIndex: uid eq
olcDbIndex: mail eq
olcDbIndex: memberOf eq
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: objectClass eq
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth manage by * break
olcAccess: {1}to attrs=userPassword,shadowLastChange by self write by dn="cn
=admin,dc=vlad,dc=lan" write by anonymous auth by * none
olcAccess: {2}to * by self read by dn="cn=admin,dc=vlad,dc=lan" wri
te by dn="cn=user-ro,dc=vlad,dc=lan" read by * none
entryCSN: 20240202095739.438344Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20240202095739Z
Como posso executar o comando acima usando ldapadd ou ldapmodify? Qual usuário é necessário para autenticação.
ATUALIZAR:
dn: cn=schema,cn=config changetype: modify add: olcObjectClasses olcObjectClasses: ( 1.2.3.4.5.6.7.8.9.0 NAME 'myCustomObjectClass' DESC 'My Custom Object Class' AUXILIARY MAY ( name ) )
Usado o código acima com o comando: ldapmodify -Y EXTERNAL -H ldapi:// -f ldap/ldap-modify.ldif
Tudo parece bem, deve ser adicionado.
Tentei usar a classe:
dn: OU=CustomOU,DC=vlad,DC=lan
ou: CustomOU
objectClass: top
objectClass: organizationalUnit
objectClass: myCustomObjectClass
Com o comando e diz:
ldapadd -x -D cn=admin,dc=vlad,dc=lan -w admin -H ldap:// -f ldap/ldap-test.ldif
additional info: objectClass: value #2 invalid per syntax
E ao verificar o slapcat -n0, não parece que o objeto personalizado foi adicionado.