1.配置ldap
代码语言:javascript复制[dev] [root@dev-bigdata-haproxy memof]# cat memof.ldif
dn: cn=module,cn=config
cn: module
objectClass: olcModuleList
olcModuleLoad: memberof.la
olcModulePath: /usr/lib64/openldap
dn: olcOverlay={0}memberof,olcDatabase={2}hdb,cn=config
objectClass: olcConfig
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
[dev] [root@dev-bigdata-haproxy memof]# cat refint1.ldif
dn: cn=module{0},cn=config
add: olcmoduleload
olcmoduleload: refint
[dev] [root@dev-bigdata-haproxy memof]# cat refint2.ldif
dn: olcOverlay={1}refint,olcDatabase={2}hdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: {1}refint
olcRefintAttribute: memberof member manager owner2.执行:
代码语言:javascript复制[dev] [root@dev-bigdata-haproxy-2 myconf]# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memof.ldif
adding new entry "cn=module,cn=config"
adding new entry "olcOverlay={0}memberof,olcDatabase={2}hdb,cn=config"
[dev] [root@dev-bigdata-haproxy-2 myconf]# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f refint1.ldif
modifying entry "cn=module{0},cn=config"
[dev] [root@dev-bigdata-haproxy-2 myconf]# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f refint2.ldif
adding new entry "olcOverlay={1}refint,olcDatabase={2}hdb,cn=config"3.验证结果
代码语言:javascript复制[dev] [root@dev-bigdata-haproxy memof]# ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(uid=xuexianmao)" -b dc=kingxunlian,dc=com memberOf
SASL/EXTERNAL authentication started
SASL username: gidNumber=0 uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
version: 1
dn: uid=xuexianmao,ou=People,dc=kingxunlian,dc=com
memberOf: cn=Kylin_Admin_Group,ou=Group,dc=kingxunlian,dc=com
memberOf: cn=azkaban-ldap-group,ou=Group,dc=kingxunlian,dc=com
memberOf: cn=Admin,ou=Group,dc=kingxunlian,dc=com通过上面命令查到memberOf有显示说明配置成功。openldap支持memberof
