openldap sudo.schema
2026-07-021、vi schema_convert_sudo_ssh.conf
include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/openssh-lpk-openldap.schema
2、
slaptest -f ./schema_convert_sudo_ssh.conf -F /tmp/ldif/
3、cp /tmp/ldif/cn=config/cn=schema/cn={0}sudo.ldif /etc/openldap/schema/sudo.ldif
4、vi /etc/openldap/schema/sudo.ldif
dn: cn={0}sudo
objectClass: olcSchemaConfig
cn: {0}sudo
改为
dn: cn=sudoers,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: sudoers
删除末尾这些行
structuralObjectClass: olcSchemaConfig
entryUUID: 7b33e4d8-0a48-1041-92f8-898a945d8350
creatorsName: cn=config
createTimestamp: 20260702095938Z
entryCSN: 20260702095938.210480Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20260702095938Z
5、ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/sudo.ldif
6、检查
ls -l /etc/openldap/slapd.d/cn=config/cn=schema/
ll /etc/openldap/slapd.d/cn\=config/cn\=schema
total 48
-rw------- 1 ldap ldap 15575 Jul 2 17:08 'cn={0}core.ldif'
-rw------- 1 ldap ldap 11453 Jul 2 17:10 'cn={1}cosine.ldif'
-rw------- 1 ldap ldap 6583 Jul 2 17:10 'cn={2}nis.ldif'
-rw------- 1 ldap ldap 2947 Jul 2 17:10 'cn={3}inetorgperson.ldif'
-rw------- 1 ldap ldap 1613 Jul 2 17:52 'cn={4}collective.ldif'
-rw------- 1 ldap ldap 2729 Jul 2 18:05 'cn={5}sudoers.ldif'
7、类似操作生成openssh-lpk-openldap.ldif
dn: cn={1}openssh-lpk-openldap
objectClass: olcSchemaConfig
cn: {1}openssh-lpk-openldap
改为
dn: cn=openssh-lpk,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: openssh-lpk
删除末尾这些行
structuralObjectClass: olcSchemaConfig
entryUUID: 7b33e4d8-0a48-1041-92f8-898a945d8350
creatorsName: cn=config
createTimestamp: 20260702095938Z
entryCSN: 20260702095938.210480Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20260702095938Z
执行
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/openssh-lpk-openldap.ldif
8、[root@VM-76-16-rockylinux 1schema]# ll /etc/openldap/slapd.d/cn\=config/cn\=schema
total 52
-rw------- 1 ldap ldap 15575 Jul 2 17:08 'cn={0}core.ldif'
-rw------- 1 ldap ldap 11453 Jul 2 17:10 'cn={1}cosine.ldif'
-rw------- 1 ldap ldap 6583 Jul 2 17:10 'cn={2}nis.ldif'
-rw------- 1 ldap ldap 2947 Jul 2 17:10 'cn={3}inetorgperson.ldif'
-rw------- 1 ldap ldap 1613 Jul 2 17:52 'cn={4}collective.ldif'
-rw------- 1 ldap ldap 2729 Jul 2 18:05 'cn={5}sudoers.ldif'
-rw------- 1 ldap ldap 835 Jul 2 18:24 'cn={6}openssh-lpk.ldif'