hadoop:用户到组Map的openldap设置失败,dn无效

7y4bm7vi  于 2021-06-02  发布在  Hadoop
关注(0)|答案(1)|浏览(587)

我正在为hadoop2.7.1的用户到组Map设置openldap,我猜我定义组或应用过滤器的方式有问题。它可以连接到服务器,但抛出无效的dn,返回时没有组。
我的ldif导出->

  1. # Entry 1: ou=groups,dc=ubu,dc=com
  2. dn: ou=groups,dc=ubu,dc=com
  3. objectclass: organizationalUnit
  4. objectclass: top
  5. ou: groups
  6. # Entry 2: cn=admin,ou=groups,dc=ubu,dc=com
  7. dn: cn=admin,ou=groups,dc=ubu,dc=com
  8. cn: admin
  9. gidnumber: 500
  10. memberuid: meadmin
  11. objectclass: posixGroup
  12. objectclass: top
  13. # Entry 3: cn=operator,ou=groups,dc=ubu,dc=com
  14. dn: cn=operator,ou=groups,dc=ubu,dc=com
  15. cn: operator
  16. gidnumber: 501
  17. memberuid: meoperator
  18. objectclass: posixGroup
  19. objectclass: top
  20. # Entry 4: cn=user,ou=groups,dc=ubu,dc=com
  21. dn: cn=user,ou=groups,dc=ubu,dc=com
  22. cn: user
  23. gidnumber: 502
  24. memberuid: meuser
  25. memberuid: meuser2
  26. objectclass: posixGroup
  27. objectclass: top
  28. # Entry 5: ou=users,dc=ubu,dc=com
  29. dn: ou=users,dc=ubu,dc=com
  30. objectclass: organizationalUnit
  31. objectclass: top
  32. ou: users
  33. # Entry 6: cn=hadmin1,ou=users,dc=ubu,dc=com
  34. dn: cn=hadmin1,ou=users,dc=ubu,dc=com
  35. cn: hadmin1
  36. gidnumber: 500
  37. objectclass: inetOrgPerson
  38. objectclass: posixAccount
  39. objectclass: top
  40. sn: meadmin
  41. uid: meadmin
  42. uidnumber: 1000
  43. # Entry 7: cn=hoperator1,ou=users,dc=ubu,dc=com
  44. dn: cn=hoperator1,ou=users,dc=ubu,dc=com
  45. cn: hoperator1
  46. gidnumber: 501
  47. objectclass: inetOrgPerson
  48. objectclass: posixAccount
  49. objectclass: top
  50. sn: meoperator
  51. uid: meoperator
  52. uidnumber: 1002
  53. # Entry 8: cn=huser1,ou=users,dc=ubu,dc=com
  54. dn: cn=huser1,ou=users,dc=ubu,dc=com
  55. cn: huser1
  56. gidnumber: 502
  57. objectclass: inetOrgPerson
  58. objectclass: posixAccount
  59. objectclass: top
  60. sn: meuser
  61. uid: meuser
  62. uidnumber: 1001
  63. # Entry 9: cn=tester1,ou=users,dc=ubu,dc=com
  64. dn: cn=tester1,ou=users,dc=ubu,dc=com
  65. cn: tester1
  66. gidnumber: 502
  67. objectclass: inetOrgPerson
  68. objectclass: posixAccount
  69. objectclass: top
  70. sn: meuser2
  71. uid: meuser2
  72. uidnumber: 1003

核心站点ldapMap->

  1. <property>
  2. <name>hadoop.security.group.mapping.ldap.search.filter.user</name>
  3. <value>(&amp;(objectClass=inetOrgPerson)(uid={0}))</value>
  4. </property>
  5. <property>
  6. <name>hadoop.security.group.mapping.ldap.search.filter.group</name>
  7. <value>(objectClass=groupOfNames)</value>
  8. </property>
  9. <property>
  10. <name>hadoop.security.group.mapping.ldap.search.attr.member</name>
  11. <value>member</value>
  12. </property>
  13. <property>
  14. <name>hadoop.security.group.mapping.ldap.search.attr.group.name</name>
  15. <value>cn</value>
  16. </property>

我错过了什么?

dluptydi

dluptydi1#

请为filter.group和attr.member尝试以下选项。您对组使用了错误的objectclass,对成员使用了错误的属性。

  1. <property>
  2. <name>hadoop.security.group.mapping.ldap.search.filter.group</name>
  3. <value>(objectClass=posixGroup)</value>
  4. </property>
  5. <property>
  6. <name>hadoop.security.group.mapping.ldap.search.attr.member</name>
  7. <value>memberuid</value>
  8. </property>

相关问题