涛子 - 简单就是美

成单纯魁增,永继振国兴,克复宗清政,广开家必升
  博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理
openldap自定义schema

参考官方文档 13. Schema Specification
http://www.verydemo.com/demo_c161_i74426.html
https://oskb.wordpress.com/2008/08/13/openldap学习笔记转-openldap介绍/

ldapns.schema

attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService'
          DESC 'IANA GSS-API authorized service name'
          EQUALITY caseIgnoreMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

attributetype ( 1.3.6.1.4.1.5322.17.2.2 NAME 'loginStatus'
          DESC 'Currently logged in sessions for a user'
          EQUALITY caseIgnoreMatch
          SUBSTR caseIgnoreSubstringsMatch
          ORDERING caseIgnoreOrderingMatch
          SYNTAX OMsDirectoryString )

objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
          DESC 'Auxiliary object class for adding authorizedService attribute'
          SUP top
          AUXILIARY
          MAY authorizedService )

objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject'
          DESC 'Auxiliary object class for adding host attribute'
          SUP top
          AUXILIARY
          MAY host )

objectclass ( 1.3.6.1.4.1.5322.17.1.3 NAME 'loginStatusObject'
          DESC 'Auxiliary object class for login status attribute'
          SUP top
          AUXILIARY
          MAY loginStatus )

my.schema

attributetype ( 1.3.6.1.4.1.30000.500.1.1.1 NAME 'active'                                                                                                                                        
    DESC 'MANDATORY: Account active stauts 0-disable 1-enable'
    EQUALITY integerMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.30000.500.1.1.2 NAME 'access'
    DESC 'MANDATORY: Access Control'
    EQUALITY caseExactIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.30000.500.1.1.3 NAME 'gauthcode'
    DESC 'MANDATORY: Google authenticator'
    EQUALITY caseExactIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

objectclass ( 1.3.6.1.4.1.30000.500.1.2.0 NAME 'MyAccount'
    SUP top 
    AUXILIARY
    DESC 'MANDATORY: conf user account'
    MUST ( active )
    MAY ( access $ gauthcode $ sn $ givenName $ displayName $ mobile $ mail $ photo)
)

#1 oid使用1.3.6.1.4.1 - IANA-registered Private Enterprises,从http://www.alvestrand.no/objectid/1.3.6.1.4.1.html查询一个未经占用的。

#2 Commonly Used Syntaxes
boolean: 1.3.6.1.4.1.1466.115.121.1.7
directoryString(utf8): 1.3.6.1.4.1.1466.115.121.1.15
distinguishedName: 1.3.6.1.4.1.1466.115.121.1.15
integer: 1.3.6.1.4.1.1466.115.121.1.27
numericString: 1.3.6.1.4.1.1466.115.121.1.3
OID: 1.3.6.1.4.1.1466.115.121.1.38
octetString: 1.3.6.1.4.1.1466.115.121.1.40

#3 Commonly Used Matching Rules
booleanMatch 布尔比较
caseIgnoreMatch 忽略大小写,忽略空格
caseExactMatch 区分大小写,忽略空格
integerMatch 整型数值比较
numericStringMatch 字符型数值比较

cat > /etc/openldap/schema/my.schema << _EOF_
attributetype ( 1.3.6.1.4.1.30000.500.1.1.1 NAME 'active'
    DESC 'MANDATORY: Account active stauts 0-disable 1-enable' 
    EQUALITY integerMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
    SINGLE-VALUE
    )

attributetype ( 1.3.6.1.4.1.30000.500.1.1.2 NAME 'access'
    DESC 'Access Control: ssh vpn web ...' 
    EQUALITY caseExactMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
    )

attributetype ( 1.3.6.1.4.1.30000.500.1.1.3 NAME 'gauthcode'
    DESC 'Google authenticator'
    EQUALITY caseExactMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
    SINGLE-VALUE
    )

objectclass ( 1.3.6.1.4.1.30000.500.1.2.1 NAME 'myAccount'
    DESC 'my user account'
    SUP top
    AUXILIARY
    MUST ( active )
    MAY ( access $ gauthcode $ sn $ givenName $ displayName $ mobile $ mail $ photo)
    )

objectclass ( 1.3.6.1.4.1.30000.500.1.2.2 NAME 'hostObject'
    DESC 'adding host attribute'
    SUP top
    AUXILIARY
    MAY host
    )
_EOF_
posted on 2016-10-12 11:58  北京涛子  阅读(976)  评论(0编辑  收藏  举报