OpenLDAPを新しいサーバーに移動する - olcBackendエラーが発生する

OpenLDAPを新しいサーバーに移動する - olcBackendエラーが発生する

いよいよRHEL 7から8に移行しました。新しい8.6をインストールし、OpenLDAP 2.5.13をコンパイルしてデフォルト設定を完了しました。既存のOpenLDAPインスタンスから移行すると、以前のサーバーのLDAP設定がエクスポートされました。この新しいOpenLDAPはhdbの代わりにmdbを使用するため、エクスポートしたldifファイルのすべてのインスタンスを変更しました。

/etc/openldap/slapd.d/の内容をすべて削除しました。私が走るとき、私 slapadd -n 0 -F /etc/openldap/slapd.d -l configbackup.conf -d 64 はこれを得ます。

config_back_db_open: No explicit ACL for back-config configured. Using hardcoded default
olcBackend: value #0: <olcBackend> failed init (mdb)!
slapadd: could not add entry dn="olcBackend={0}mdb,cn=config" (line=609): <olcBackend> failed init

configbackup.confの内容は次のとおりです。

dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/openldap/slapd.args
olcPidFile: /var/run/openldap/slapd.pid
olcTLSCACertificatePath: /etc/openldap/certs
olcTLSCertificateFile: /etc/openldap/certs/1d40117d24e9b169.pem
olcTLSCertificateKeyFile: /etc/openldap/certs/yln.key
olcToolThreads: 1
structuralObjectClass: olcGlobal
entryUUID: 940013a0-3521-1034-9ed9-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
olcLogLevel: 0
entryCSN: 20220824150941.487221Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20220824150941Z

dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
structuralObjectClass: olcSchemaConfig
entryUUID: 94003cfe-3521-1034-9edc-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.719049Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

dn: cn={0}core,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {0}core
olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: k
 nowledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.
 121.1.15{32768} )

<following olcAttributeTypes deleted to fit character limit>

olcObjectClasses: {0}( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP
 top STRUCTURAL MUST c MAY ( searchGuide $ description ) )
olcObjectClasses: {1}( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SU
 P top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ descriptio
 n ) )
olcObjectClasses: {2}( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an organiz
 ation' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso
  $ businessCategory $ x121Address $ registeredAddress $ destinationIndicato
 r $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ tel
 ephoneNumber $ internationaliSDNNumber $  facsimileTelephoneNumber $ street
  $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName
 $ st $ l $ description ) )
olcObjectClasses: {3}( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an o
 rganizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchG
 uide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ desti
 nationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalId
 entifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNu
 mber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDelive
 ryOfficeName $ st $ l $ description ) )
olcObjectClasses: {4}( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP to
 p STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAls
 o $ description ) )
olcObjectClasses: {5}( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an
  organizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ r
 egisteredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNu
 mber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumbe
 r $  facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ posta
 lAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
olcObjectClasses: {6}( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an o
 rganizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ register
 edAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
 teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ fac
 simileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $
 street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOffic
 eName $ ou $ st $ l $ description ) )
olcObjectClasses: {7}( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of
  names (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategor
 y $ seeAlso $ owner $ ou $ o $ description ) )
olcObjectClasses: {8}( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an r
 esidential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x1
 21Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMet
 hod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internati
 onaliSDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ stree
 t $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName
  $ st $ l ) )
olcObjectClasses: {9}( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an
 application process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ de
 scription ) )
olcObjectClasses: {10}( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an
 application entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MA
 Y ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) )
olcObjectClasses: {11}( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory syste
 m agent (a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformati
 on )
olcObjectClasses: {12}( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP
 top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $
 description ) )
olcObjectClasses: {13}( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC22
 56: a strong authentication user' SUP top AUXILIARY MUST userCertificate )
olcObjectClasses: {14}( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256
 : a certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList
  $ certificateRevocationList $ cACertificate ) MAY crossCertificatePair )
olcObjectClasses: {15}( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a
 group of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST (
  uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ de
 scription ) )
olcObjectClasses: {16}( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC225
 6: a user security information' SUP top AUXILIARY MAY ( supportedAlgorithms
  ) )
olcObjectClasses: {17}( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP cert
 ificationAuthority AUXILIARY MAY ( deltaRevocationList ) )
olcObjectClasses: {18}( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTU
 RAL MUST ( cn ) MAY ( certificateRevocationList $ authorityRevocationList $
  deltaRevocationList ) )
olcObjectClasses: {19}( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdNam
 e ) MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Add
 ress $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $
  telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationali
 SDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode
 $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
olcObjectClasses: {20}( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' S
 UP top AUXILIARY MAY userCertificate )
olcObjectClasses: {21}( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate
  authority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRe
 vocationList $ cACertificate $ crossCertificatePair ) )
olcObjectClasses: {22}( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SU
 P top AUXILIARY MAY deltaRevocationList )
olcObjectClasses: {23}( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'R
 FC2079: object that contains the URI attribute type' MAY ( labeledURI ) SUP
  top AUXILIARY )
olcObjectClasses: {24}( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObjec
 t' DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPasswo
 rd )
olcObjectClasses: {25}( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247:
 domain component object' SUP top AUXILIARY MUST dc )
olcObjectClasses: {26}( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid ob
 ject' SUP top AUXILIARY MUST uid )
structuralObjectClass: olcSchemaConfig
entryUUID: 94005928-3521-1034-9edd-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.719768Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

dn: cn={1}cosine,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {1}cosine
olcAttributeTypes: {0}( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress
 ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.
 4.1.1466.115.121.1.15{256} )

<following olcAttributeTypes deleted to fit character limit>

olcObjectClasses: {0}( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPi
 lotPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rf
 c822Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber
  $ homePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod
 $ businessCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $
 pagerTelephoneNumber $ organizationalStatus $ mailPreferenceOption $ person
 alSignature ) )
olcObjectClasses: {1}( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRU
 CTURAL MUST userid MAY ( description $ seeAlso $ localityName $ organizatio
 nName $ organizationalUnitName $ host ) )
olcObjectClasses: {2}( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STR
 UCTURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $
 localityName $ organizationName $ organizationalUnitName $ documentTitle $
 documentVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
olcObjectClasses: {3}( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTU
 RAL MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNum
 ber ) )
olcObjectClasses: {4}( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP t
 op STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber
  $ localityName $ organizationName $ organizationalUnitName ) )
olcObjectClasses: {5}( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRU
 CTURAL MUST domainComponent MAY ( associatedName $ organizationName $ descr
 iption $ businessCategory $ seeAlso $ searchGuide $ userPassword $ locality
 Name $ stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ p
 ostalAddress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTeleph
 oneNumber $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIden
 tifier $ telexNumber $ preferredDeliveryMethod $ destinationIndicator $ reg
 isteredAddress $ x121Address ) )
olcObjectClasses: {6}( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP
  domain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ tel
 ephoneNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ po
 stOfficeBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNN
 umber $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferr
 edDeliveryMethod $ destinationIndicator $ registeredAddress $ x121Address )
  )
olcObjectClasses: {7}( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domai
 n STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ C
 NAMERecord ) )
olcObjectClasses: {8}( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
  DESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST asso
 ciatedDomain )
olcObjectClasses: {9}( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP
  country STRUCTURAL MUST friendlyCountryName )
olcObjectClasses: {10}( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
 SUP ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
olcObjectClasses: {11}( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa S
 TRUCTURAL MAY dSAQuality )
olcObjectClasses: {12}( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData
 ' SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMa
 ximumQuality ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 9400b986-3521-1034-9ede-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.722234Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

dn: cn={2}nis,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {2}nis
olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field;
 the common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings
 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absol
 ute path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4
 .1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to
 the login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121
 .1.26 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY int
 egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMat
 ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMat
 ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY intege
 rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integ
 erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY intege
 rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerM
 atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExac
 tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
 1.1.26 )
olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY
 caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.146
 6.115.121.1.26 )
olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Net
 group triple' SYNTAX 1.3.6.1.1.1.0.0 )
olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY inte
 gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name
 )
olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY i
 ntegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integ
 erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP addre
 ss' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP ne
 twork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128
 } SINGLE-VALUE )
olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP ne
 tmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128
 } SINGLE-VALUE )
olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC addres
 s' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.boo
 tparamd parameter' SYNTAX 1.3.6.1.1.1.0.1 )
olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image n
 ame' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name )
olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseEx
 actIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.
 121.1.26{1024} SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction
  of an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ u
 idNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ ge
 cos $ description ) )
olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional
  attributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPass
 word $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowIna
 ctive $ shadowExpire $ shadowFlag $ description ) )
olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction o
 f a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( use
 rPassword $ memberUid $ description ) )
olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an
  Internet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $
 ipServiceProtocol ) MAY description )
olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction o
 f an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ descrip
 tion ) MAY description )
olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an
  ONC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description
  ) MAY description )
olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a
 host, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $
 description $ manager ) )
olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of
  an IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNe
 tmaskNumber $ l $ description $ manager ) )
olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction
 of a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberN
 isNetgroup $ description ) )
olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstrac
 tion of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in
 a NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY de
 scription )
olcObjectClasses: {11}( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device
  with a MAC address' SUP top AUXILIARY MAY macAddress )
olcObjectClasses: {12}( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A devic
 e with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter )
 )
structuralObjectClass: olcSchemaConfig
entryUUID: 9400f87e-3521-1034-9edf-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.723847Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

dn: cn={3}inetorgperson,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {3}inetorgperson
olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC2
 798: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR
  caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC
  'RFC2798: identifies a department within an organization' EQUALITY caseIgn
 oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
 .15 )
olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'R
 FC2798: preferred name to be used when displaying entries' EQUALITY caseIgn
 oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
 .15 SINGLE-VALUE )
olcAttributeTypes: {3}( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC '
 RFC2798: numerically identifies an employee within an organization' EQUALIT
 Y caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.
 115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {4}( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RF
 C2798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR cas
 eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RF
 C2798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
olcAttributeTypes: {6}( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DE
 SC 'RFC2798: preferred written or spoken language for a person' EQUALITY ca
 seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.
 121.1.15 SINGLE-VALUE )
olcAttributeTypes: {7}( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate'
  DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.
 1.1466.115.121.1.5 )
olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RF
 C2798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.14
 66.115.121.1.5 )
olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RF
 C2798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL
 MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayNam
 e $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddre
 ss $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ page
 r $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIden
 tifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 9401218c-3521-1034-9ee0-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.724897Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

dn: olcBackend={0}mdb,cn=config
objectClass: olcBackendConfig
olcBackend: {0}mdb
structuralObjectClass: olcBackendConfig
entryUUID: 940161ce-3521-1034-9ee2-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.726543Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
 al,cn=auth manage by * break
olcAccess: {1}to dn.exact="" by * read
olcAccess: {2}to dn.base="cn=Subschema" by * read
olcSizeLimit: 500
structuralObjectClass: olcDatabaseConfig
entryUUID: 940022fa-3521-1034-9eda-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.718381Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
 al,cn=auth manage by * break
structuralObjectClass: olcDatabaseConfig
entryUUID: 940033e4-3521-1034-9edb-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.718815Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=yln,dc=info
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonym
 ous auth by dn="cn=admin,dc=yln,dc=info" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=yln,dc=info" write by *
 read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=yln,dc=info
olcRootPW:: <password hash>
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
structuralObjectClass: olcMdbConfig
entryUUID: 94016bce-3521-1034-9ee3-875b6f3874a7
creatorsName: cn=config
createTimestamp: 20150120185459Z
entryCSN: 20150120185459.726800Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150120185459Z

もちろん、ほとんどの内容がギリシャ語になっており、問題を解決する方法がわかりません。次は何を試すことができますか?ご協力ありがとうございます!

ベストアンサー1

OpenLDAP 2.5.13の使用https://ltb-project.org/documentation/index.htmlCentOS 8ストリームでは、次の変更を適用してLDIFをロードできます。

  1. cn=config すべてのパス関連の設定は私のシステムには適用されず、証明書の設定を面倒にしたくなかったのでコメントしました。

    #olcArgsFile: /var/run/openldap/slapd.args
    #olcPidFile: /var/run/openldap/slapd.pid
    #olcTLSCACertificatePath: /etc/openldap/certs
    #olcTLSCertificateFile: /etc/openldap/certs/1d40117d24e9b169.pem
    #olcTLSCertificateKeyFile: /etc/openldap/certs/yln.key
    
  2. モジュールを明示的にロードする必要がありますback_mdb

    dn: cn=module,cn=config
    objectClass: olcModuleList
    cn: module
    olcModulePath: /usr/local/openldap/libexec/openldap/
    olcModuleLoad: back_mdb.so
    

    ローカルバージョンにコンパイルされている場合は必要ありません。

  3. すべてのスキーマをローカルディレクトリの適切なコンテンツに置き換えましたopenldap/schemas/

  4. あなたのolcAccessルールの1つで構文エラーを修正しました。あなたはしたことがあります:

    olcAccess: {2}to * by self write by dn="cn=admin,dc=yln,dc=info" write by *
     read
    

    作成したとおり、ある時点で末尾の空白()を削除したようです。これは次のように拡張されます。

    olcAccess: {2}to * by self write by dn="cn=admin,dc=yln,dc=info" write by *read
    

    *read最後は間違った構文です。後にスペースを追加したり、*読みやすく行形式を再指定したりできます。

    olcAccess: {2}to *
      by self write
      by dn="cn=admin,dc=yln,dc=info" write
      by * read
    

    各行はインデントされています。二つスペース。これにより、LDIFを折りたたむためのスペースが作成され、前の行の最後の単語と各行を区別する別のテキストスペースが作成されます。

  5. olcDbConfig私の環境で認識されていないすべての文をコメントアウトする必要がありました。

    #olcDbConfig: {0}set_cachesize 0 2097152 0
    #olcDbConfig: {1}set_lk_max_objects 1500
    #olcDbConfig: {2}set_lk_max_locks 1500
    #olcDbConfig: {3}set_lk_max_lockers 1500
    

この変更により、お客様のコンテンツを正常にインポートできましたslapadd ...

おすすめ記事