hadoop:用户到组Map的openldap设置失败,dn无效

7y4bm7vi  于 2021-06-02  发布在  Hadoop
关注(0)|答案(1)|浏览(599)

我正在为hadoop2.7.1的用户到组Map设置openldap,我猜我定义组或应用过滤器的方式有问题。它可以连接到服务器,但抛出无效的dn,返回时没有组。
我的ldif导出->

  2. # Entry 1: ou=groups,dc=ubu,dc=com
  4. dn: ou=groups,dc=ubu,dc=com
  5. objectclass: organizationalUnit
  6. objectclass: top
  7. ou: groups
  9. # Entry 2: cn=admin,ou=groups,dc=ubu,dc=com
  11. dn: cn=admin,ou=groups,dc=ubu,dc=com
  12. cn: admin
  13. gidnumber: 500
  14. memberuid: meadmin
  15. objectclass: posixGroup
  16. objectclass: top
  18. # Entry 3: cn=operator,ou=groups,dc=ubu,dc=com
  20. dn: cn=operator,ou=groups,dc=ubu,dc=com
  21. cn: operator
  22. gidnumber: 501
  23. memberuid: meoperator
  24. objectclass: posixGroup
  25. objectclass: top
  27. # Entry 4: cn=user,ou=groups,dc=ubu,dc=com
  29. dn: cn=user,ou=groups,dc=ubu,dc=com
  30. cn: user
  31. gidnumber: 502
  32. memberuid: meuser
  33. memberuid: meuser2
  34. objectclass: posixGroup
  35. objectclass: top
  37. # Entry 5: ou=users,dc=ubu,dc=com
  39. dn: ou=users,dc=ubu,dc=com
  40. objectclass: organizationalUnit
  41. objectclass: top
  42. ou: users
  44. # Entry 6: cn=hadmin1,ou=users,dc=ubu,dc=com
  46. dn: cn=hadmin1,ou=users,dc=ubu,dc=com
  47. cn:  hadmin1
  48. gidnumber: 500
  49. objectclass: inetOrgPerson
  50. objectclass: posixAccount
  51. objectclass: top
  52. sn: meadmin
  53. uid: meadmin
  54. uidnumber: 1000
  56. # Entry 7: cn=hoperator1,ou=users,dc=ubu,dc=com
  58. dn: cn=hoperator1,ou=users,dc=ubu,dc=com
  59. cn: hoperator1
  60. gidnumber: 501
  61. objectclass: inetOrgPerson
  62. objectclass: posixAccount
  63. objectclass: top
  64. sn: meoperator
  65. uid: meoperator
  66. uidnumber: 1002
  68. # Entry 8: cn=huser1,ou=users,dc=ubu,dc=com
  70. dn: cn=huser1,ou=users,dc=ubu,dc=com
  71. cn:  huser1
  72. gidnumber: 502
  73. objectclass: inetOrgPerson
  74. objectclass: posixAccount
  75. objectclass: top
  76. sn: meuser
  77. uid: meuser
  78. uidnumber: 1001
  80. # Entry 9: cn=tester1,ou=users,dc=ubu,dc=com
  82. dn: cn=tester1,ou=users,dc=ubu,dc=com
  83. cn:  tester1
  84. gidnumber: 502
  85. objectclass: inetOrgPerson
  86. objectclass: posixAccount
  87. objectclass: top
  88. sn: meuser2
  89. uid: meuser2
  90. uidnumber: 1003

核心站点ldapMap->

  1. <property>
  2. <name>hadoop.security.group.mapping.ldap.search.filter.user</name>
  3. <value>(&amp;(objectClass=inetOrgPerson)(uid={0}))</value>
  4. </property>
  6. <property>
  7. <name>hadoop.security.group.mapping.ldap.search.filter.group</name>
  8. <value>(objectClass=groupOfNames)</value>
  9. </property>
  11. <property>
  12. <name>hadoop.security.group.mapping.ldap.search.attr.member</name>
  13. <value>member</value>
  14. </property>
  16. <property>
  17. <name>hadoop.security.group.mapping.ldap.search.attr.group.name</name>
  18. <value>cn</value>
  19. </property>

我错过了什么?

hadoopsecurityopenldap

1条答案

按热度按时间
dluptydi

dluptydi1#

请为filter.group和attr.member尝试以下选项。您对组使用了错误的objectclass,对成员使用了错误的属性。

  1. <property>
  2. <name>hadoop.security.group.mapping.ldap.search.filter.group</name>
  3. <value>(objectClass=posixGroup)</value>
  4. </property>
  6. <property>
  7. <name>hadoop.security.group.mapping.ldap.search.attr.member</name>
  8. <value>memberuid</value>
  9. </property>
赞(0)分享  回复(0)举报  2021-06-02
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com