hadoop:用户到组Map的openldap设置失败,dn无效

7y4bm7vi  于 2021-06-02  发布在  Hadoop
关注(0)|答案(1)|浏览(539)

我正在为hadoop2.7.1的用户到组Map设置openldap,我猜我定义组或应用过滤器的方式有问题。它可以连接到服务器,但抛出无效的dn,返回时没有组。
我的ldif导出->


# Entry 1: ou=groups,dc=ubu,dc=com

dn: ou=groups,dc=ubu,dc=com
objectclass: organizationalUnit
objectclass: top
ou: groups

# Entry 2: cn=admin,ou=groups,dc=ubu,dc=com

dn: cn=admin,ou=groups,dc=ubu,dc=com
cn: admin
gidnumber: 500
memberuid: meadmin
objectclass: posixGroup
objectclass: top

# Entry 3: cn=operator,ou=groups,dc=ubu,dc=com

dn: cn=operator,ou=groups,dc=ubu,dc=com
cn: operator
gidnumber: 501
memberuid: meoperator
objectclass: posixGroup
objectclass: top

# Entry 4: cn=user,ou=groups,dc=ubu,dc=com

dn: cn=user,ou=groups,dc=ubu,dc=com
cn: user
gidnumber: 502
memberuid: meuser
memberuid: meuser2
objectclass: posixGroup
objectclass: top

# Entry 5: ou=users,dc=ubu,dc=com

dn: ou=users,dc=ubu,dc=com
objectclass: organizationalUnit
objectclass: top
ou: users

# Entry 6: cn=hadmin1,ou=users,dc=ubu,dc=com

dn: cn=hadmin1,ou=users,dc=ubu,dc=com
cn:  hadmin1
gidnumber: 500
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: meadmin
uid: meadmin
uidnumber: 1000

# Entry 7: cn=hoperator1,ou=users,dc=ubu,dc=com

dn: cn=hoperator1,ou=users,dc=ubu,dc=com
cn: hoperator1
gidnumber: 501
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: meoperator
uid: meoperator
uidnumber: 1002

# Entry 8: cn=huser1,ou=users,dc=ubu,dc=com

dn: cn=huser1,ou=users,dc=ubu,dc=com
cn:  huser1
gidnumber: 502
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: meuser
uid: meuser
uidnumber: 1001

# Entry 9: cn=tester1,ou=users,dc=ubu,dc=com

dn: cn=tester1,ou=users,dc=ubu,dc=com
cn:  tester1
gidnumber: 502
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: meuser2
uid: meuser2
uidnumber: 1003

核心站点ldapMap->

<property>
<name>hadoop.security.group.mapping.ldap.search.filter.user</name>
<value>(&amp;(objectClass=inetOrgPerson)(uid={0}))</value>
</property>

<property>
<name>hadoop.security.group.mapping.ldap.search.filter.group</name>
<value>(objectClass=groupOfNames)</value>
</property>

<property>
<name>hadoop.security.group.mapping.ldap.search.attr.member</name>
<value>member</value>
</property>

<property>
<name>hadoop.security.group.mapping.ldap.search.attr.group.name</name>
<value>cn</value>
</property>

我错过了什么?

dluptydi

dluptydi1#

请为filter.group和attr.member尝试以下选项。您对组使用了错误的objectclass,对成员使用了错误的属性。

<property>
<name>hadoop.security.group.mapping.ldap.search.filter.group</name>
<value>(objectClass=posixGroup)</value>
</property>

<property>
<name>hadoop.security.group.mapping.ldap.search.attr.member</name>
<value>memberuid</value>
</property>

相关问题