�� 3 �� Ŀ¼��

Ŀ¼��е��Ŀ��ʶ�� (DN) ��ʶ��DN �Ĳ��Դ��֯��ݵķ�֧��Ҷ�ӡ�Ϊ�˹��Ŀ¼��պ�׺��Ӻ�׺��t�Ӻ�׺��֯��ʽ��ж��塣Directory Server Console �Դ��͹��ЩԪ�ؽ��п��ƣ��ʹ��й��ߡ�

�й��֯Ŀ¼��Լ��йغ�׺�ĸ��Ϣ��ġ�Directory Server Deployment Planning Guide��е� Chapter 4 "The Directory Information Tree"��

��׺

��t�ӵĺ�׺

��ü�jt��

��׺

ʹ�ÿ��̨��µĸ��׺

�� Directory Server Console �Ķ��á�ѡ��ϣ��Ҽ��ݡ��ڵ㣬��ӵ��˵��ѡ��½��׺��

��ߣ��ѡ��ݡ��ڵ㣬��ӡ��󡱲˵��ѡ��½��׺��

��ʾ��½��׺��Ի��

�ڡ��׺ DN��ֶ��Ψһ�ĺ�׺��ơ��Ʊ��ʹ��ɶ��ŷָ��һ��-ֵ��ɵı�ʶ��Ƹ�ʽ��

��Լ��׺ʹ�� (dc) ��ԡ��磬��Ϊ�º�׺ DN �� dc=example,dc=org��



ע	��Ȼ��׺��ư� DN ��ʽ��-ֵ�ԣ��ַ��ˣ��пո��壬��Ǻ�׺��Ƶ�һ��֡�

Ĭ��£��˺�׺��ݿ��ļ��λ��ɷ��Զ�ѡ��⣬Ĭ��£��˺�׺ֻά��ϵͳ��Խ��м��ܣ�Ҳ��Ը��ƽ��á�

Ҫ�޸��һĬ��ֵ��뵥��ѡ���ť��ʾ�º�׺ѡ�

��ݿ��Ҳ�ǰ��ݿ��ļ��Ŀ¼��ơ�Ĭ��ݿ��Ǻ�׺ DN �е�һ��Ե�ֵ��ܻ��Ψһ��֡�Ҫʹ��ƣ��ѡ��ʹ��Զ��嵥ѡ��ť��Ȼ��һ��µġ�Ψһ��ݿ��ơ�

��ݿ��ֻ�ܰ� ASCII��7 λ��ĸ��ַ�l�ַ�(-) ��»��(_)��磬��Խ��ݿ��Ϊ example_2��

��ѡ��ݿ��ļ��Ŀ¼��λ�á�Ĭ��£��λ��·��Ŀ¼��

ServerRoot/slapd-serverID/db

��·��򵥻��!��ݿ�Ŀ¼��λ�á��µ�·��Ŀ¼��Ϸ��ʡ�

Ҫ��º�׺��ѡ��еĺ�׺��ѡ�񡰸��ƺ�׺��á��-�˵��ѡ��Ҫ��Ƶĺ�׺��Ȼ��ѡ��һ��ý��и��ƣ�

��ã��º�׺��ͬ��ά��Ѹ��ƺ�׺��ͬ��

��Լ��ã��º�׺��Ѹ��ƺ�׺��ͬ��б�ͼ��ܷ��ü��ܡ�

��¡��ã��º�׺��Ѹ��ƺ�׺��ͬ�ĸ��ͣ��ǹ�Ӧ�̸��򽫸��и��Э�飬��ҽ��ø��ơ�

��º�׺��ѡ��󣬵��ȷ��½��׺��Ի��ʾ��ѡ��ѡ�

�ڡ��½��׺��Ի��е��ȷ��Դ��µĸ��׺��

��׺�Զ��ݷ�֧�¡��йؽ�һ��º�׺��Ϣ��׺��

�µĸ��׺��κ��Ŀ��r��׺ DN ��Ŀ��µ��Ӻ�׺�ڱ��ʼ��ʵ��ķ��Ȩ��ǰ��Ŀ¼��ǲ��ɷ��ʵģ��ڿ��̨�ġ�Ŀ¼��ѡ���Ҳ�ǲ��ɼ�ġ�

�� LDIF �ļ��ʼ��˺�׺��ಽ�衣��ǣ��ȷ�� LDIF �ļ��еĸ��Ŀ��ķ��ʿ��ָ�� (ACI)��

ѡ��̨�Ķ��Ŀ¼��ѡ���º�׺��Ŀ¼��Ȼ��ɼ�

ֻ��Ŀ¼��Ա��Ȩ��׺�Ķ��Ŀ��û��Ŀ¼��Ա��ݵ�¼��b��ͨ��ѡ�񡰿��̨��>��û��ݵ�¼��˵��е�¼��Ŀ¼��Ա�� DN �Ϳ��е�¼��Ĭ��£�Ŀ¼��Ա�� DN �� cn=DirectoryManager��

�Ҽ��Ŀ¼��ĸ�ڵ㣬�˸�ڵ��Ͷ˿ڡ��ӵ��˵��ѡ��½��Ȼ��ѡ��µĸ��׺�� DN��

��ߣ�ѡ��Ŀ¼��ĸ�ڵ㣬Ȼ��ӡ��󡱲˵��ѡ��½��

��ʾ�ġ��½��󡱶Ի��У�Ϊ�ø��ѡ�񵥸��ࡣ�˶��ཫȷ��ӵ��Ŀ�е��ԡ�

��Լ�� dc ��Եĺ�׺ DN �ĸ�� domain ��ࡣͨ��£��Ǽ򵥶��󣬰��ٵ��ݡ�

ѡ��˶��ڡ��½��󡱶Ի��е��ȷ��

��̨b��ʾ�µĸ��ͨ�ñ༭��Ĭ�ϵ� ACI ��ϱ��Զ��ӵ��¶��С��й��Ϣ��Ĭ�� ACI��Ӳ��༭��κ��ֵ��(�� ACI ��κ��޸ġ�

�༭��Ŀ��ڡ�ͨ�ñ༭��е��ȷ��Դ��º�׺�ĸ��

�º�׺b��Ŀ¼��У��԰�� ACI ��Ȩ��ͨ��̨��й��?

ʹ�ÿ��̨��µ��Ӻ�׺

�� Directory Server Console �Ķ��á�ѡ��ϣ�չ��ݡ��ڵ��κκ�׺�ڵ��ʾ��׺��

�Ҽ��׺�ڵ㣬�ӵ��˵��ѡ��½��Ӻ�׺��

��ߣ��ѡ�񸸺�׺�ڵ㣬��ӡ��󡱲˵��ѡ��½��Ӻ�׺��

��֡��½��Ӻ�׺��Ի��

�ڡ��Ӻ�׺ RDN��ֶ��Ψһ��ơ��Ʊ��ʹ��Ա�ʶ��Ƹ�ʽ��һ��ɶ��ŷָ��-ֵ��ɣ�� ou=Contractors��

�ı��µ�һ��ʾ��Ӻ�׺�� DN��ɸ��ӵ� RDN �ĸ��׺ DN ��ɡ�



ע	��Ȼ�Ӻ�׺��ư�� RDN ��ʽ��-ֵ�ԣ��ַ��ˣ��пո��壬��Ǻ�׺ DN ��һ��֡�

Ĭ��£��˺�׺��ݿ��ļ��λ��ɷ��Զ�ѡ��⣬Ĭ��£��˺�׺ֻά��ϵͳ��Խ��м��ܣ�Ҳ��Ը��ƽ��á�

Ҫ�޸��һĬ��ֵ��뵥��ѡ���ť��ʾ�º�׺ѡ�

��ݿ��Ҳ�ǰ��ݿ��ļ��Ŀ¼��ơ�Ĭ�ϵ��ݿ�� RDN �е�һ��Ե�ֵ��ܻ��Ψһ��֡�Ҫʹ��ƣ��ѡ��ʹ��Զ��嵥ѡ��ť��Ȼ��һ��µġ�Ψһ��ݿ��ơ�

��ݿ��ֻ�ܰ� ASCII��7 λ��ĸ��ַ�l�ַ�(-) ��»��(_)��磬��Խ��ݿ��Ϊ temps-US��

��ѡ��ݿ��ļ��Ŀ¼��λ�á�Ĭ��£��λ��·��Ŀ¼��

ServerRoot/slapd-serverID/db

��·��򵥻��!��ݿ�Ŀ¼��λ�á��µ�·��ͨ��Ŀ¼��Ӧ�ó��ʡ�

Ҫ��Ӻ�׺��ã��ѡ��еĺ�׺��Ӻ�׺�ĸ��׺��Ҳ��κ��׺��ѡ�񡰸��ƺ�׺��á��-�˵��ѡ��Ҫ��Ƶĺ�׺��Ȼ��ѡ��һ��ý��и��ƣ�

��á��º�׺��ͬ��ά��Ѹ��ƺ�׺��ͬ��

��Լ��á��º�׺��Ѹ��ƺ�׺��ͬ��б�ͼ��ܷ��ü��ܡ�

��¡��á��º�׺��Ѹ��ƺ�׺��ͬ�ĸ��ͣ��ǹ�Ӧ�̸��򽫸��и��Э�飬��ҽ��ø��ơ�

��º�׺��ѡ��󣬵��ȷ��½��Ӻ�׺��Ի��ʾ��ѡ��ѡ�

�ڡ��½��Ӻ�׺��Ի��е��ȷ��Դ��Ӻ�׺��

�ڡ��á�ѡ��У��Ӻ�׺�Զ��丸��׺�¡��йؽ�һ��º�׺��Ϣ��׺��

�µ��Ӻ�׺��κ��Ŀ��r�� RDN ��Ŀ��µ��Ӻ�׺�ڱ��ʼ��ʵ��ķ��Ȩ��ǰ��Ŀ¼��ǲ��ɷ��ʵģ��ڿ��̨��Ŀ¼ѡ���Ҳ�ǲ��ɼ�ġ�

�� LDIF �ļ��ʼ��˺�׺��ಽ�衣��ǣ��ȷ�� LDIF �ļ��еĸ��׺��Ŀ��ķ��ʿ��ָ�� (ACI)��

�ڿ��̨�Ķ��Ŀ¼��ѡ��У�չ��Ŀ¼��ʾ�Ӻ�׺�ĸ��׺��µ��Ӻ�׺��ǲ��ɼ�ġ�

ֻ��Ŀ¼��Ա��Ȩ��׺�Ķ��Ŀ��Ӻ�׺ (ACI)��û��Ŀ¼��Ա��ݵ�¼��b��ͨ��ѡ�񡰿��̨��>��û��ݵ�¼��˵��е�¼��Ŀ¼��Ա�� DN �Ϳ��е�¼��Ĭ��£�Ŀ¼��Ա�� DN �� cn=DirectoryManager��

�Ҽ��Ӻ�׺�ĸ��׺��Ȼ��ӵ��˵��ѡ��½����½��б��У�ѡ��Ӧ��Ӻ�׺�� RDN �Ķ��͡��磬�� ou=Contractors �Ӻ�׺��ѡ�� OrganizationalUnit ���δ�г��Ӻ�׺�Ķ��࣬��ѡ��Ȼ��ʾ�ġ��½��󡱶Ի��ѡ��˶��ࡣ��ߣ�ѡ��Ӻ�׺�ĸ��׺��Ȼ��ӡ��󡱲˵��ѡ��½��

��̨b��ʾ�¶��Զ��ͨ�ñ༭��Ӳ��༭��κ��ֵ��(�� ACI ��κ��޸ġ�

�༭��Ŀ��ڡ��༭��е��ȷ��Դ��µ��Ӻ�׺��Ŀ��

�µ��Ӻ�׺b��Ŀ¼��У��԰�� ACI ��Ȩ��ͨ��̨��й��?

��д��׺

��ʹ�� ldapmodify ��й��ó��Ŀ¼�д��׺��ڸ��׺��Ӻ�׺��ɷ��ͬ��ʽ��ڲ��й��?��Դ��д��׺��Ӻ�׺�Ĺ�̼��ͬ��

��Ȼ��ʾ��ʹ�� "cn=Directory Manager"��Ŀ��һ��û��׺�Ķ��Ŀ����Ŀ¼��Ա��

ʹ��Ϊ��׺�� cn=mapping tree,cn=config �´��׺��Ŀ��

ldapmodify -a -h host -p port -D "cn=Directory Manager" -w password
dn: cn="suffixDN",cn=mapping tree,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
cn: suffixDN
nsslapd-state: backend
nsslapd-backend: databaseName
^D

��Ӻ�׺��ʹ�ô��һ��Ե��ͬ��
nsslapd-parent-suffix: "parentSuffixDN"

suffixDN ��º�׺�� DN��ڸ��׺��Լ��ʹ�� (dc) ��ԣ��磬dc=example,dc=org��Ӻ�׺��suffixDN ��(�Ӻ�׺�� RDN ��丸��׺�� DN��磬ou=Contractors,dc=example,dc=com��

databaseName ��˺�׺��ص��ڲ��ݿ��ơ��к�׺�� databaseNames ��Ψһ�ģ��Լ�� suffixDN �ĵ�һ��ֵ��databaseName Ҳ�ǰ��׺��ݿ��ļ��Ŀ¼��ƣ��Ӧ�� ASCII��7 λ��ĸ��ַ�l�ַ�(-) ��»��(_)��

��Ӻ�׺��parentSuffixDN ��Ǹ��׺�� DN��

ʹ����ݿ��Ŀ��

ldapmodify -a -h host -p port -D "cn=Directory Manager" -w password
dn: cn=databaseName,cn=ldbm database,cn=plugins,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsBackendInstance
cn: databaseName
nsslapd-suffix: suffixDN
^D

��У�databaseName �� suffixDN ��ֵ��һ��ʹ�õ�ֵ��ͬ��

��Ŀ��ӵ�Ŀ¼��ʱ��ݿ�ģ�齫��Ŀ¼��Զ��ݿ��ļ��

ServerRoot/slapd-serverID/db/databaseName

Ҫʹ��һ��λ�ô��ݿ��ļ��ʹ��Դ��ݿ��Ŀ��

nsslapd-directory: path/databaseName

��Զ��ڸ��λ�ô��һ��Ϊ databaseName ��Ŀ¼�Դ��ݿ��ļ��

��׺��Ӻ�׺�Ļ��Ŀ��

��磬��ʹ���� dc=example,dc=org ��׺�Ļ��Ŀ��

ldapmodify -a -h host -p port -D "cn=Directory Manager" -w password
dn: dc=example,dc=org
objectclass: top
objectclass: domain
dc: example
^D

��( DN �ĵ�һ��Լ��ֵ��(��Ŀ�Ķ��ļܹ��ԡ��Լ��ʹ�� (dc) �ĸ��׺ DN �� domain ��࣬�˶��಻��Ҫ�κ��ԡ�

��Ӧ��׺��ӷ��ʿ��ָ�� (ACI) ��ԣ��ǿ��ִ��ķ��ʲ��ԡ��һЩ aci ��ֵ��Щ��ֵ��ȡ��ȷ��޸ĺ��ȫ�Ĺ��Ա��Ȩ��з��ʣ�

aci: (targetattr != "userPassword") (version 3.0; acl
"Anonymous access";
allow (read, search, compare)userdn = "ldap:///anyone";)
aci: (targetattr != "nsroledn || aci || nsLookThroughLimit ||
nsSizeLimit || nsTimeLimit || nsIdleTimeout ||
passwordPolicySubentry || passwordExpirationTime ||
passwordExpWarned || passwordRetryCount || retryCountResetTime
|| accountUnlockTime || passwordHistory ||
passwordAllowChangeTime")(version 3.0; acl "Allow self entry
modification except for nsroledn, aci, resource limit
attributes, passwordPolicySubentry and password policy state
attributes"; allow (write)userdn ="ldap:///self";)
aci: (targetattr = "*")(version 3.0; acl
"Configuration Administrator";
allow (all) userdn = "ldap:///uid=admin,ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot";)
aci: (targetattr ="*")(version 3.0;acl
"Configuration Administrators Group";
allow (all) (groupdn =
"ldap:///cn=Configuration Administrators, ou=Groups,
ou=TopologyManagement, o=NetscapeRoot");)

��Ϊ�Ӻ�׺��һ��ʾ��ʹ���� ou=Contractors,dc=example,dc=com �Ļ��Ŀ��

ldapmodify -a -h host -p port -D "cn=Directory Manager" -w password
dn: ou=Contractors,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
description: base of separate subsuffix for contractor identities
^D

��( DN ��Լ��ֵ��(��Ŀ�Ķ��ļܹ��ԣ��κ��ԡ��Ӻ�׺��丸��׺�ϵ� ACI ��ķ��ʿ��ƣ�ֻҪ��Щ ACI �ķ�Χ��(��µ��Ӻ�׺��ɡ�Ҫ��Ӻ�׺�϶��岻ͬ�ķ��ʲ��ԣ��ڴ��Ŀʱָ�� aci ��ԡ�

��׺

��׺��ȫ��ݡ��˵��ι��Ժ�׺�ķ��ʣ��(��в��ʹ��׺Ϊֻ�zʹ��׺��á�

��

Ϊ��ֵ��

��?��

��û��ú�׺

ĳЩʱ��ά��Ҫʹ��׺��ã��ڰ�ȫ��ʹ��ݲ��á��ú�׺ʹ��޷��Ӧ��Է��ʴ˺�׺��κοͻ��д�˺�׺��ݡ��Ĭ��ã��ڿͻ��Է��ѽ��õĺ�׺ʱ��ظ�Ĭ��á�

ʹ�ÿ��̨��û��ú�׺

�� Directory Server Console �Ķ��ѡ��ϣ�չ��ݽڵ㣬Ȼ��ѡ��Ҫ��õĺ�׺��

��Ҳ��ѡ��ѡ���Ĭ��£��к�׺�ڴ��ʱ��á�

��ô˺�׺�ĸ��Ʋ��һ��֪ͨ��֪��ѡ���ݿ��Զ��¡��ø��Ƶĺ�׺��ж϶Դ˺�׺�ĸ��ơ�ֻҪ�жϸ��Ƶ�ʱ�䲻�Ȼָ��õ�ʱ�䳤��ƻ��ƾͻ��ڴ˺�׺�ٴ��ʱ�ָ��Դ˸��ĸ��¡��ƻָ��ð�(��ʹ��߸��ӳټ��乩Ӧ�̸��־��С�ʹ��ڣ��߼�ʹ��á��

ȡ��ѡ�С��öԸú�׺�ķ��Ȩ�ޡ��ѡ��Խ��ô˺�׺��ѡ�д˸�ѡ��ô˺�׺��

��桱Ӧ�ø�Ĳ�b��û��ô˺�׺��

��ѡ�أ��ô˺�׺ʱ��Ҳ��Ϊ�Դ˺�׺ִ�е��в��ý��ص�ȫ��Ĭ��á��λ�ڶ��á�ѡ��ĸ�ڵ�ġ��硱ѡ��ϡ��й��ϸ��Ϣ��ʹ�ÿ��̨��Ĭ��á��

��н��û��ú�׺

ʹ��ں�׺��Ŀ�б༭ nsslapd-state ��ԣ�

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn: cn="suffixDN",cn=mapping tree,cn=config
changetype: modify
replace: nsslapd-state
nsslapd-state: disabled or backend
^D

��У�suffixDN �Ǻ�׺ DN ��ʱ��ַ��пո񡣽� nsslapd-state ��Ϊֵ disabled �ɽ��ú�׺��Ϊֵ backend ��ʵ��ȫ��ʡ�

�ɹ�ִ��󣬽�b��ú�׺��

��ѡ�أ��ô˺�׺ʱ��Ҳ��Ϊ�Դ˺�׺ִ�е��в��ý��ص�ȫ��Ĭ��á��й��ϸ��Ϣ��Ĭ��á��

��÷��Ȩ�޺��

��Ҫ��ƶԺ�׺�ķ��ʣ��ȫ��޸ķ��Ȩ��ֻ�w��ʡ��ڴ��£��붨��һ��ã��д��ͬʱ�ܾ��д��ʣ�Ϊ�Ժ�׺ִ�е��в��á�

��ʹ��ý��ͻ��Ӧ�ó��ʱָ��磬��Ӷ�ĳ��׺��ã��Ա��ڱ��ݴ˺�׺��ʱ��˺�׺ָ��

��ƻ��5дȨ�޺��4��ú�׺�Խ��и��ơ��ø��ơ��򽵼��޸��á�

ʹ�ÿ��̨��÷��Ȩ�޺��


��	��ƴ˺�׺��޸��ÿ��ܻ�Ӱ��˺�׺��Ѹ��Ƶ��Ϊ��

�� Directory Server Console �Ķ��á�ѡ��ϣ�չ��ݡ��ڵ㣬Ȼ��ѡ��Ҫ��õĺ�׺��

��Ҳ��ѡ��á�ѡ���t�ӵĺ�׺��ֻ��Ȩ�޺��á��ô˺�׺�ĸ��Ʋ��һ��֪ͨ��֪��ѡ���ݿ��Զ��¡�

ѡ��ĳһ��ѡ��ť��öԴ˺�׺��Ŀ��κ�д��ʱ��Ӧ��

��д��Ĭ��½�ѡ��˵�ѡ��ť��׺��Ϊ��Զ��ã��᷵��ǡ�

��󲢷��д��á��Ҫʹ��׺Ϊֻ�r��б��Ҫ��Ϊд��÷��ص�һ�� LDAP URL��ѡ��˵�ѡ��ť��

Ϊ��д��󷵻��á��Ҫͬʱ�ܾ��д��ʣ��ѡ��˵�ѡ��ť��Ϊ��ڽ��öԺ�׺�ķ��ʣ��ͬ��ǣ��Ϊ��Ϊ�˺�׺ר�Ŷ��ã��ʹ��ȫ��Ĭ��á�

ͨ��ӡ��͡�ɾ��ť�༭��б?��ӡ��ť��ʾһ��Ի��ڴ��õ� LDAP URL��Զ�̷��д��κη�֧�� DN ��á��й� LDAP URL �ṹ��ϸ��Ϣ��ġ�Directory Server Administration Reference��е� Chapter 6 "LDAP URL Reference"��

��á��Ŀ¼��ش��б��е��ã��Ӧ4�Կͻ��Ӧ�ó��

��桱Ӧ�ø�Ĳ�b��ʼִ��µ�Ȩ�޺��á�

��÷��Ȩ�޺��

��Ϊ URL ��ã�� LDAP URL��߿��ܸ��пո��ַ�ͱ�ǩ��ڿո��ַ��Ҫ��Ա��ʹ�� %20 ����õ� URL ��е��пո��ַ��ת�塣

��У�suffixDN �Ǻ�׺ DN ��ʱ��ַ��пո�LDAPURL ��Ч�� URL��˿ںź�Ŀ�� DN��磺

ʹ��༭��׺��Ŀ��

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn: cn="suffixDN",cn=mapping tree,cn=config
changetype: modify
replace: nsslapd-state
nsslapd-state: referral on update or referral
-
add: nsslapd-referral
nsslapd-referral: LDAPURL
^D

��ظ��һ��Խ�� LDAP URL ��ӵ� nsslapd-referral ��С�

�� nsslapd-state ��ֵ�� referral on update ʱ��˺�׺Ϊֻ�� LDAP URL ��Ϊд��÷��ء��ֵ�� referral ʱ��ϵͳ��ܾ��д��Ϊ��һ��󷵻��á�

�˺�׺��Ϊֻ�{򲻿ɷ��ʣ��׼��ڳɹ�ִ��b��á�

ɾ��׺

ɾ��׺��Ŀ¼��ɾ��֧��ɾ��׺��Ӻ�׺��Ϊ�µĸ��׺��Ŀ¼�С�

ʹ�ÿ��̨ɾ��׺


��	ɾ��׺ʱ��Ŀ¼��>�ɾ��˺�׺��Ŀ��ɾ��˺�׺��ã��(�临��ã��

�� Directory Server Console �ġ��á�ѡ��ϣ�չ��ݡ��ڵ㡣

�Ҽ��Ҫɾ��ĺ�׺��ӵ��˵��ѡ��ɾ��

��ߣ��ѡ��׺�ڵ㣬��ӡ��󡱲˵��ѡ��ɾ��

��ȷ�϶Ի��򣬸�֪��Ӹ�Ŀ¼��ɾ��к�׺��Ŀ��

��⣬��ڸ��׺��ѡ��õݹ鷽ʽɾ��Ӻ�׺��Ҫɾ��֧��ѡ��ɾ��˺�׺��Ӻ�׺��ֻ��ɾ��ض��׺��Ŀ¼�б��Ӻ�׺��ѡ��ֻɾ��˺�׺��

��ȷ��ɾ��˺�׺��

��ʾ��̶Ի��򣬸�֪��Щ��ɿ��̨��ɡ�

��ɾ��׺

��Ҫɾ��Ӻ�׺��֧��ҵ��ɾ��ĸ��׺��Ӻ�׺��ÿ��׺��ܵ��Ӻ�׺�ظ��˹�̡�

ʹ��ɾ��׺��Ŀ��

ldapdelete -h host -p port -D "cn=Directory Manager" -w password \
-v ’cn="suffixDN",cn=mapping tree,cn=config’

��ӷ��ɾ��׺�� suffixDN ��Ļ��Ŀ��ʼɾ��ڣ��˺�׺��Ŀ¼�мȲ��ɼ�Ҳ��ܷ��ʡ�-v ѡ��ָ��ϸ��ģʽ��ʾ�й�ɾ��Ϣ��

ɾ��λ�� cn=databaseName,cn=ldbm database,cn=plugins,cn=config �е��Ӧ��ݿ��Ŀ��µ��Ŀ��ʹ�� ilash ��ʵ�ִ˵ݹ�ɾ��

% ilash -call http://host:port/ -user cn=Directory Manager[...]Enter password for cn=Directory Manager: password[...][example,com]% dcd cn=config[config]% ddelete -subtree \cn=databaseName,cn=ldbm database,cn=plugins,cn=config

host

port

password

dbName

Removed cn=aci, cn=index, cn=databaseName, cn=ldbm database,cn=plugins, cn=config

Removed cn=entrydn, cn=index, cn=databaseName, cn=ldbm database,cn=plugins, cn=config

[...]

Removed cn=encrypted attributes, cn=databaseName, cn=ldbm database,cn=plugins, cn=config

Removed cn=index, cn=databaseName, cn=ldbm database, cn=plugins,cn=config

Removed cn=monitor, cn=databaseName, cn=ldbm database, cn=plugins,cn=config

Removed cn=databaseName,cn=ldbm database,cn=plugins,cn=config

��ʾ��ݿ��غ��Ҫɾ��Ŀ��ȫɾ��ݿ��ú󣬷��ɾ��˺�׺��ص��ݿ��ļ��Ŀ¼��

��t�ӵĺ�׺

��׺��Ӻ�׺��t�ӵ��һ̨��}��̶��ͨ��̨��4ִ�С�

��ǣ��ڴ��κ��t�ӵĺ�׺ǰ��Ӧ��Զ�̷��ϴ��ݡ��ط��ͨ��t�Ӻ�׺ת��ʱ��ʹ�ô��ݰ󶨵�Զ�̷��ϡ�

��õ��t�Ӻ�׺��ͬ��ӦΪ�µ��t�Ӻ�׺��t�Ӳ��Ĭ��ֵ��ڴ��t�Ӻ�׺ǰ��κ�ʱ�䣬��Ϊ LDAP �ؼ��ͷ��t�Ӳ��ԣ��t�Ӳ��ԡ��

��

��Ǳ��ط��ڰ󶨺�ת��t�Ӳ��Զ�̷��ϵ��û��ڰ�ȫ��ǣ��ô��ʱ��һ��Ҫʹ��Ŀ¼��Ա��û� (admin) ��ݡ�

ʹ�ÿ��̨��

�˹��l�ӵ�Զ�̷��Ϊ��t�Ӻ�׺��Ŀ�꣩�� Directory Server Console��

�� Directory Server Console �Ķ��Ŀ¼��ѡ��ϣ�չ��Ŀ¼��

�Ҽ�� cn=config ��Ŀ��ӵ��˵��ѡ��½��>��û����ߣ�ѡ�� cn=config ��Ŀ��ӡ��󡱲˵��ѡ��½��>��û��

�ڡ��û��Ի��ֶ��дֵ��ݣ��磺

First Name:       proxy
Last Name:       host1
Common Name:       host1 chaining proxy
User ID:       host1_proxy
Password:       password
Confirm Password:       password

��У�host1 �ǰ��t�Ӻ�׺�ķ��ơ��к�׺t�ӵ��ĸ��Ӧʹ�ò�ͬ�Ĵ��ݡ�

��ȷ��Ա��µĴ��ݡ�

��д��

�˹��ʹ�� host1 �� host2 �ֱ��ʾ��t�Ӻ�׺�ı��ط��Լ��Ϊ��t�Ӻ�׺Ŀ��Զ�̷��

ʹ�� host2 �ϴ��ݣ�

ldapmodify -a -h host2 -p port2 -D "cn=Directory Manager" -w password2
dn: uid=host1_proxy,cn=config
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetorgperson
uid: host1_proxy
cn: host1 chaining proxy
sn: host1
userpassword: password
description: proxy entry to be used for chaining from host1
^D



��	Ӧͨ��ܶ˿�ִ�� ldapmodify ��Ա��ⷢ��Ŀ��

��Ĭ��t�Ӳ��

t�Ӳ��ȷ��l�ӵ��t�ӵķ��ϣ��Լ��δ��Ը��t�Ӻ�׺ִ�еĲ��ÿ��t�Ӻ�׺��Щ��Directory Server �ṩÿ�δ��t�Ӻ�׺ʱʹ�õ�Ĭ��ֵ��µ��t�Ӻ�׺�ϱ༭��ЩĬ��ֵ��ָ��t�Ӳ��

�޸�Ĭ�ϲ��󴴽��ÿ��µ��t�Ӻ�׺��ָ��ֵ��ǣ�һ��˺�׺��ֻ��޸��t�ӵĺ�׺��Ĳ��

t�Ӳ��Ժ�Ĭ��ֵ��й��ֵ��ġ�Directory Server Administration Reference��Chapter 2 "Chained Suffix Plug-in Attributes"��

�ͻ��ز��

nsReferralOnScopedSearch��Ĭ��Ϊ on ʱ��ͻ��䷶Χ��ȫ��t�ӵĺ�׺�ڣ��ն�Զ�̷��á��ɱ��⽫��}�Ρ��Ϊ off ʱ��Ӧ��ô�С��ʱ��Ʋ��Ա��t�ӵĺ�׺��г�ʱ��

nsslapd-sizelimit��˲��ȷ��Ӧ��t�ӵ��ص��Ŀ��Ĭ��ֵ��С�� 2000 ��Ŀ��Ҫ��ƶ��漰��t�Ӻ�׺��д�Χ��뽫�˲��Ϊ�ϵ͵�ֵ��κ��£��Զ�̷��ϵ��κδ�С��ơ�

nsslapd-timelimit��˲��t�Ӳ��ʱ�䳤�ȡ�Ĭ��ʱ�� 3600 �루1 Сʱ��Ҫ��ƶ��t�Ӻ�׺ִ�в��ʱ�䣬�򽫴˲��Ϊ�ϵ͵�ֵ��κ��£��Զ�̷��ϵ��κ�ʱ��ơ�

��jt�Ӳ��

nsCheckLocalACI��ڵ��t��У��ط��t�ӵĺ�׺�ϰ��û��ķ��Ȩ�ޣ��Ϊ��Զ�̷��Ρ��ˣ�Ĭ��ֵΪ off��ǣ�Ϊ�˼��ת��t�Ӳ��ķ��ʹ�õĴ�� DN �ķ��Ȩ�ޣ��jt��е��м��뽫�˲��Ϊ on��

nsHopLimit��ѭ��5�˲��Զ��Ծ��ڼ�j��д��ѭ��򵽴��Ծ��κ��t�Ӳ��ת��Ƿ��

l�ӹ��

nsOperationConnectionsLimit��t�ӵĺ�׺ͨ��Զ�̷��Խ�b��ͬʱ�� LDAP ��l��Ĭ��ֵ�� 10��l�ӡ�

nsBindConnectionsLimit��t�ӵĺ�׺ͨ��Զ�̷��Խ�b��ͬʱ��İ�l��Ĭ��ֵ�� 3��l�ӡ�

nsConcurrentBindLimit��ÿ�� LDAP l��ͬʱ�󶨲��Ĭ��ֵ��ÿ��l�� 10��ͻ��󶨲��

nsBindRetryLimit��ʱ��t�ӵĺ�׺��°󶨵�Զ�̷��ϵĴ��ֵ 0 ��ʾ��t�ӵĺ�׺��԰�һ�Ρ�Ĭ��ֵ�ǳ�� 3�Ρ�

nsConcurrentOperationsLimit��ÿ�� LDAP l��ͬʱ��Ĭ��ֵ��ÿ��l�� 10��

nsBindTimeout��󶨳��t�ӵĺ�׺��ʱ֮ǰ��ʱ�䳤�ȣ��Ϊ��λ��Ĭ��ֵΪ 15�롣

nsAbandonedSearchCheckInterval��ڷ��Ƿ��ѷ��ĳ��ǰ��Ĭ��ֵΪ 2�롣

nsConnectionLife��t�ӵĺ�׺��Զ�̷��֮��l�ӱ��Ϊ��״̬�Ա��ʹ�õ�ʱ�䳤�ȡ��l�ӱ��Ϊ��״̬��Լӿ��ٶȣ��Ҫʹ�ø��Դ��磬��ʹ�ò��l�ӣ��ϣ��l��ʱ�䡣Ĭ��£�l�Ӳ��ƣ��ֵ0 ��塣

��

nsmaxresponsedelay��Զ�̷��Ӧ��t�Ӳ��ĳ�ʼ�� LDAP ��ѵ��ʱ�䡣��ڼ䰴��㡣�ڴ��ӳٺ󣬱��ط��l�ӡ�Ĭ��ӳ�� 60 �롣

nsmaxtestresponsedelay��Զ�̷��Ƿ��Ӧ�Ĳ��Եĳ��ʱ�䡣�˲��ǶԲ��ڵ��Ŀ��ִ�еļ��󡣴��ڼ䰴��㡣��ڲ��ӳ��ڼ�δ��Ӧ��t�ӵĺ�׺��ٶ�Զ�̷��ͣ��Ĭ�ϵĲ��Ӧ�ӳ�� 15 �롣

ʹ�ÿ��̨��Ĭ��t�Ӳ��

�� Directory Server Console �Ķ��Ŀ¼��ѡ��ϣ�չ��Ŀ¼��ѡ��Ŀ��cn=default instance config,cn=chaining database,cn=plugins,cn=config��

˫��Ŀ��ѡ�񡰶��>��ʹ��ͨ�ñ༭��༭��˵����б��и��Ҫ�޸��ֵ��

��ͨ�ñ༭��Ի��е��桱��ĸ�Ľ�b��Ч��

��Ĭ��t�Ӳ��

ʹ�� ldapmodify ��༭��Ŀ cn=default instance config,cn=chaining database,cn=plugins,cn=config��Ŀ��Գ�Ϊ�µ��t�Ӻ�׺�в��Ĭ��ֵ��

��磬��µ��t�Ӻ�׺�У��Ĭ�ϴ�С��ӵ� 5000 ��Ŀ��Ĭ��ʱ��Ƽ��ٵ� 10 ��ӡ�

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn: cn=default instance config,cn=chaining database,
cn=plugins,cn=config
changetype: modify
replace: nsslapd-sizelimit
nsslapd-sizelimit: 5000
-
replace: nsslapd-timelimit
nsslapd-timelimit: 600
^D

�Դ��Ŀ��޸Ľ�b��Ч��

ʹ�ÿ��̨��t�ӵĺ�׺

��й��봴��t�ӵĸ��׺��t�ӵ��Ӻ�׺�Ĺ�̼��ͬ��

ѡ�� Directory Server Console �ġ��á�ѡ���

��t�ӵĸ��׺��Ҽ��ݡ��ڵ㣬Ȼ��ӵ��˵��ѡ��½��t�ӵĺ�׺��ߣ��ѡ��ݡ��ڵ㣬��ӡ��󡱲˵��ѡ��½��t�ӵĺ�׺��

��t�ӵ��Ӻ�׺��չ��ݡ��ڵ��κκ�׺�ڵ��ʾ��׺��Ҽ��׺�ڵ㣬�ӵ��˵��ѡ��½��t�ӵ��Ӻ�׺��ߣ��ѡ�񸸺�׺�ڵ㣬��ӡ��󡱲˵��ѡ��½��t�ӵ��Ӻ�׺��

��ʾ��½��t�ӵģ��ӣ��׺��Ի��

��Ҫt�ӵ��Զ�̷��Ŀ�� DN��Զ��Ŀ��һ��Զ�̺�׺�Ļ��Ŀ��

��ڸ��׺��ڡ��׺ DN��ֶ��Զ��Ŀ�� DN��ΪԶ��Ŀ¼��һ��Ŀ��һ DN��Ŀ��t�ӵĸ��׺�Ļ��Ŀ�µ��ݶ��ͨ��t�ӵĺ�׺��á�

��Ӻ�׺��뽫Ҫt�ӵ��Ŀ��Ӻ�׺ RDN��Ŀ��t�ӵ��Ӻ�׺�Ļ��ı��ֶ��³��ֵ��Ӻ�׺��Ʊ��Ǵ��Զ�̷��е��Ŀ��

��׺��ݣ��б�Ҫ��Ҳ��(�򣩵�Զ�̷��

��ڷ��Զ�̷��Ķ˿ںţ��ö˿��ǰ�ȫ�˿ڣ��ѡ�иø�ѡ��ʹ�ð�ȫ�˿�ʱ��ͨ�� SSL ��t�Ӳ��м��ܡ��й��ϸ��Ϣ��ʹ�� SSL t�ӡ��

�Ի��ײ��ı��ʾԶ�̷�� URL��

��Զ�̷��ݵİ� DN �Ϳ����Զ�̷��Ϻ�׺��ʱ��ط�� DN ��?��磬ʹ��ݡ��ж�� uid=host1_proxy,cn=config DN��

��ʹ��Զ�̷��Ŀ¼��Ա�� DN��ͨ��t�Ӻ�׺ִ�еĲ�� creatorsName �� modifiersName ��ʹ�ô˴��ݡ��Ժ��Դ��DN��ڴ��£��ط��ڷ��Զ�̷��ʱ��а󶨡�

��ȷ��Դ��t�ӵĺ�׺��º�׺��У��t��ͼ�ꡣ

��µ��t�Ӻ�׺��ѡ��Ȼ��Ҳ��ѡ��Զ�̷��ѡ���

��ѡ�أ��Ϊ��t�ӵĺ�׺��һ��л��˷��޷��Զ�̷��jϵ��˳��ÿ��л��ֱ��һ��ӦΪֹ��л��t�ӵ��ͬ��׺��ʹ��ͬһ�� DN ִ�д��?

Ҫ��л��ڡ�Զ�̷�� URL��ֶ��ɿո�ָ��Ͷ˿ںŶԡ��ֶβ��и�ʽ��

ldap[s]://hostname[:port][ hostname[:port]].../

�ڡ�Զ�̷��ѡ��ײ��ı��ʾ��ͨ��t��ִ�д�� ACI��뽫�� ACI ��ӵ�� suffixDN λ��Զ�̷��ϵ��Ŀ�С��κι��л��Ӧ�� ACI ��ӵ��Щ��С�ʹ�á�� ACI��ť�� ACI �ı��Ƶ�ϵͳ�ļ��Ͻ��ճ��

һ�� ACI ��ӵ�Զ�̷��ϵĻ��Ŀ��t�ӵĺ�׺�ڱ��ط��Ŀ¼��н��ǿɼ�ġ�



��	��Ҫ��ͬһ��Ŀ�϶�� ACI ��ƶ�Ŀǰͨ��t�Ӷ��Զ�̷��з��ʡ��ͨ��t�ӵĺ�׺��еķ��ʿ��ơ��

��Ϊ��t�Ӳ��ԣ��򻹱��ӽ��Щ��Զ�̷�� ACI��磬��Բ��t�ӣ��뽫�� ACI ��ӵ�� 2 �� DN �Ļ��Ŀ�У�

aci: (targetattr "*")
(target="ldap:///suffixDN")
(version 3.0; acl "RefInt Access for chaining"; allow
(read,write,search,compare) userdn = "ldap:///cn=referential
integrity postoperation,cn=plugins,cn=config";)

��д��t�ӵĺ�׺

��ʹ�� ldapmodify ��й��ó��Ŀ¼�д��t�ӵĺ�׺��t�ӵĸ��׺��t�ӵ��Ӻ�׺��ɷ��ͬ��ʽ��ڲ��й��?��Դ��д��t�ӵĸ��׺��t�ӵ��Ӻ�׺�Ĺ�̼��ͬ��

ʹ��Ϊ��t�ӵĸ��׺�� cn=mapping tree,cn=config �´��t�ӵĺ�׺��Ŀ��

ldapmodify -a -h host -p port -D "cn=Directory Manager" -w password
dn: cn=suffixDN,cn=mapping tree,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
cn: suffixDN
nsslapd-state: backend
nsslapd-backend: databaseName
^D

��t�ӵ��Ӻ�׺��ʹ�ô��һ��Ե��ͬ��
nsslapd-parent-suffix: parentSuffixDN

��t�ӵ��Ӻ�׺��suffixDN ��Ӻ�׺�� RDN ��丸��׺�� DN��磬l=Europe,dc=example,dc=com��suffixDN ��ͨ��Զ�̷��õ��Ŀ�� DN��һ��Զ�̺�׺�Ļ��Ŀ��

��Ȼ��׺��Ʋ�� DN ��ʽ��ַ��ˣ��пո��壬��Ǻ�׺��Ƶ�һ��֡�Ϊ��ʹ��Զ��Ŀ��suffixDN �ַ��Զ�̺�׺��ʹ�õļ��

databaseName ��t�Ӳ��ڱ�ʶ��t�Ӻ�׺�ġ��к�׺�� databaseNames ��Ψһ�ģ��Լ�� suffixDN �ĵ�һ��ֵ��뱾�غ�׺��ͬ��t�ӵĺ�׺�ڱ��ط��û��κ��ݿ��ļ��

��Ӻ�׺��parentSuffixDN ��Ǹ��׺�� DN��׺��Ǳ��غ�׺��Ҳ��t�ӵĺ�׺��

ʹ����t��Ŀ��

ldapmodify -a -h host -p port -D "cn=Directory Manager" -w password
dn: cn=databaseName,cn=chaining database,cn=plugins,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsBackendInstance
cn: databaseName
nsslapd-suffix: suffixDN
nsfarmserverurl: LDAPURL
nsmultiplexorbinddn: proxyDN
nsmultiplexorcredentials: ProxyPassword
^D

��У�databaseName �� suffixDN ��ֵ��ϸ��ʹ�õ�ֵ��ͬ��LDAPURL ��Զ�̷�� URL��κκ�׺��Ϣ��URL ��԰��и�ʽ�г�Ĺ��л��

ldap[s]://hostname[:port][ hostname[:port]].../

�� LDAP URL ��г��Զ�̷�� suffixDN��й�ָ��ȫ�˿ڵ��Ϣ��ʹ�� SSL t�ӡ��

proxyDN ��Զ�̷��ϴ��ݵ� DN��Զ�̷��Ϻ�׺��ʱ��ط�� DN ��?ͨ��t�Ӻ�׺ִ�еĲ�� creatorsName �� modifiersName ��ʹ�ô˴��ݡ��δָ��DN��ط��ڷ��Զ�̷��ʱ��а󶨡�

ProxyPassword �Ǵ��DN ��δ��ܵĿ��ֵ��洢��ļ��У��򽫶Կ��м��ܡ��磺

nsmultiplexorbinddn: uid=host1_proxy,cn=config
nsmultiplexorcredentials: secret



��	Ӧͨ��ܶ˿�ִ�� ldapmodify ��Ա��ⷢ��Ŀ��

��Ŀ��Զ��(��t�Ӳ��Ĭ��ֵ�� cn=default instance config,cn=chaining database,cn=plugins,cn=config �ж��塣��t��Ŀʱ��ͨ��þ��в�ֵͬ��Ը��е��κ�ֵ��йؿɶ��ֵ��б?��Ĭ��t�Ӳ��

ʹ��Զ��Ŀ�ϴ�� ACI��Ҫ�� ACI ��ͨ��t��ִ�д��й� ACI ��ϸ��Ϣ�� 6 �¡��ʿ��ơ�

ldapmodify -h host2 -p port2 -D "cn=Directory Manager" -w password2
dn: suffixDN
changetype: modify
add: aci
aci: (targetattr=*)(target = "ldap:///suffixDN")(version 3.0;acl
"Allows use of admin for chaining"; allow (proxy)
(userdn="ldap:///proxyDN");)
^D



��	��Ҫ��ͬһ��Ŀ�϶�� ACI ��ƶ�Ŀǰͨ��˷��Զ�̷��з��ʡ��ͨ��t�ӵĺ�׺��еķ��ʿ��ơ��

��Ϊ��t�Ӳ��ԣ��򻹱��ӽ��Щ��Զ�̷�� ACI��磬��Բ��t�ӣ��뽫�� ACI ��ӵ��Ŀ��,��Ŀ�� suffixDN Ϊ��

��t�ӵ��Ӻ�׺��ʾ��ע�⣬ֻ�е��ų�� DN ��ʱ��suffixDN �еĶ��Ųű��÷�б�ܽ��ת�� (\)��

ldapmodify -a -h host1 -p port1 -D "cn=Directory Manager" -w password1
dn: cn=l=Europe\,dc=example\,dc=com,cn=mapping tree,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
cn: l=Europe,dc=example,dc=com
nsslapd-state: backend
nsslapd-backend: Europe
nsslapd-parent-suffix: dc=example,dc=com

dn: cn=Europe,cn=chaining database,cn=plugins,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsBackendInstance
cn: Europe
nsslapd-suffix: l=Europe,dc=example,dc=com
nsfarmserverurl: ldap://host2:port2/
nsmultiplexorbinddn: uid=host1_proxy,cn=config
nsmultiplexorcredentials: proxyPassword
^D

ldapmodify -h host2 -p port2 -D "cn=Directory Manager" -w password2
dn: l=Europe,dc=example,dc=com
changetype: modify
changetype: modify
aci: (targetattr=*)(target =
"ldap:///l=Europe,dc=example,dc=com")(version 3.0;acl
"Allows use of admin for chaining"; allow (proxy)
(userdn="ldap:///uid=host1_proxy,cn=config");)
^D

ͨ��t�ӵĺ�׺��еķ��ʿ��

��֤��û��t�Ӻ�׺ʱ��Ὣ��û��ݷ��͵�Զ�̷��ʿ��ʼ��Զ�̷��Ͻ��9!��Զ�̷��95�ÿ�� LDAP ��ʹ�ÿͻ��Ӧ�ó��ͨ��Ѵ��Ȩ�ؼ��д��ݣ��ԭʼ��ݡ�ֻ�е��û��Զ�̷��ϰ��ȷ�ķ��ʿ��ʱ��Զ�̷��ϻ�óɹ��ʾ��Ҫ��Զ�̷��ӽ��Ƶĳ��ʿ��ƣ�

��ʹ��͵ķ��ʿ��ơ�

��л��ڿͻ�� IP ��ַ�� DNS ��ķ��ʿ��ƿ��в�ͨ��Ϊ�ͻ��ԭʼ��t�ӹ��Ѷ�ʧ��

ACI ��ʹ�õ��λ��ͬһ��ϡ��Ϊ��̬��е��û�� ACI ��λ��ͬһλ�á��Ϊ��̬��ָԶ��û��

ACI ��ʹ�õ��κν�ɫ��Լ��κ��ӵ��Щ��ɫ��û�λ��ͬһ��

��Զ��û��û��Ŀֵ��磬userattr ��򣩵� ACI ��Ч��

��Ȼͨ��Զ�̷��97��ʿ��ƣ��Կ�ѡ��ڰ��t�Ӻ�׺�ķ��Զ�̷��϶��9!��һЩ��ƣ�

�ڷ��ʿ��99��У��û��Ŀ��ݲ��һ��ã��磬��ʿ��ڰ��t�Ӻ�׺�ķ��9#��Ŀλ��Զ�̷��ϣ��

��ԭ�򣬿ͻ��ɽ��Զ�̲�ѯ��97��ʿ��ơ�

��t�ӵĺ�׺��һ��ɿͻ��Ӧ�ó��޸ĵ��Ŀ��з��Ȩ��

��ִ��޸Ĳ��ʱ��t�ӵĺ�׺��жԴ洢��Զ�̷��ϵ�ȫ��Ŀ�ķ��Ȩ��ִ��ɾ��t�ӵĺ�׺ֻ֪��Ŀ�� DN��ʿ��ָ��ض��ԣ��ͨ��t�Ӻ�׺ִ��ɾ��ʱ��ɾ��ʧ�ܡ�

Ĭ��£��t�Ӻ�׺�ķ��õķ��ʿ��ƽ��9!�Ҫ��Ǵ�Ĭ��ã��ʹ�� cn=databaseName,cn=chaining database,cn=plugins,cn=config ��Ŀ�е� nsCheckLocalACI ��ԡ��ǣ��ʹ�ü�jt�ӣ��Ƽ��ڰ��t�Ӻ�׺�ķ��97��ʿ��ơ��й��ϸ��Ϣ��ü�jt�ӡ��

ʹ�� SSL t��

��t�ӵĺ�׺ִ�в��ʱ��÷��ʹ�� SSL ��Զ�̷��ͨѶ��ʹ�� SSL ��t�Ӱ�(��²��裺

��Զ�̷�� SSL��

�ڰ��t�Ӻ�׺�ķ�� SSL��

�й�� SSL ��ϸ��Ϣ�� 11 �¡��֤�ͼ��ܡ�

�ڴ��޸��t�Ӻ�׺�Ĺ��ָ�� SSL ��Զ�̷��İ�ȫ�˿ڡ�

��ʹ�ÿ��̨ʱ��t�Ӻ�׺�Ĵ��ù��ѡ�а�ȫ�˿ڸ�ѡ��ʹ�ÿ��̨��t�ӵĺ�׺��ʹ�ÿ��̨�޸�t�Ӳ��ԡ��

��ʹ��й��ʱ��ָ�� LDAPS URL ��Զ�̷��İ�ȫ�˿ڣ��磺ldaps://example.com:636/��д��t�ӵĺ�׺��޸�t�Ӳ��ԡ��

��t�ӵĺ�׺��Զ�̷��ʹ�� SSL ��ͨѶʱ��ʾ��в��Ŀͻ��Ӧ�ó��Ҳ��ʹ�� SSL ��ͨѶ��ͻ��ʹ�� LDAP Э�� DSML Э��}��˿�֮һ��

��t�ӵĺ�׺

��˵��θ��º�ɾ��t�ӵĺ�׺�Լ��ο��t�ӻ��ơ�

��t�Ӳ��

��t�Ӳ��ȷ��Щ LDAP �ؼ��չ��t�ӵķ��Լ��Щ��t�ӵĺ�׺��Ӧ�˽��Щ��ü��漰��t�Ӻ�׺�Ĳ��Ӱ�졣t�Ӳ��Խ��ڷ��ϵ��t�Ӻ�׺��

Ĭ��͸��һ��ǣ��漰 LDAP �ؼ��ʹ��Բ��֮��ķ��Ӧȷ��Ҫ��t�Ӳ��ԡ�

��ڴ��κ��t�Ӻ�׺֮ǰ��t�Ӳ��ԣ��Ա�һ��t�Ӻ�׺�Ϳ�Ӧ�ò��ԡ��Ҳ��Ժ��κ�ʱ��޸Ĳ��ԡ�

LDAP �ؼ��t�Ӳ��

LDAP �ؼ��ɿͻ��Ϊ��һ��ַ��ͣ��Ա��ĳ�ַ�ʽ�Բ��޸ġ��t�Ӳ��ȷ��Щ�ؼ��ת��t�ӵĺ�׺��Ĭ��£��¿ؼ��ת��t�Ӻ�׺��Զ�̷��

�� 3-1 Ĭ��t�ӵ� LDAP �ؼ�
�ؼ�� OID	�ؼ��ƺ�˵��
1.2.840.113556.1.4.473	��j�Ը��ֵ�Խ��Ŀ��1
1.3.6.1.4.1.1466.29539.12	t��ѭ��⡪��ٷ��һ��t�ӵĴ��t�Ӽ��ﵽ��õ��ʱ��֪ͨ�ͻ��Ӧ�ó��й��ϸ��Ϣ��ڼ�j�� LDAP �ؼ��
2.16.840.1.113730.3.4.2	��õ��ܹ� DSA��Ŀ��ã��ѭ��á��⽫��Ļ�ɾ��ñ��?
2.16.840.1.113730.3.4.9	��б��ͼ (VLV)��ṩ��Ĳ��ֽ��һ�η��н��Ŀ��1

1�� VLV �ؼ��ΧΪ��һ��׺ʱ�ſ�ͨ��t��֧�֡��ͻ��Ӧ�ó��Զ��׺��ʱ��t�ӵĺ�׺�޷�֧�� VLV �ؼ��

�� 3-2 ��t�ӵ� LDAP �ؼ�
�ؼ�� OID	�ؼ��ƺ�˵��
1.3.6.1.4.1.42.2.27.9.5.2	��Ч��Ȩ��Ҫ��ڽ��з��й��Ŀ��Եķ��Ȩ�޺� ACI ��Ϣ��
2.16.840.1.113730.3.4.12	�Ѵ��Ȩ��ɹ淶��ͻ��һ��ڼ��ڲ��һ��ݡ�1
2.16.840.1.113730.3.4.14	�ض��ݿ��ָ��ڿؼ��ݿ��ִ�С�
2.16.840.1.113730.3.4.16	��֤��ṩ��Ҫ��ڰ��Ӧ��ṩ��֤�顣
2.16.840.1.113730.3.4.17	��ʵ��󡪱��Ӧ��ʵ��ڷ��Ŀ�е��ԣ��Ҫ��ԡ�
2.16.840.1.113730.3.4.18	�Ѵ��Ȩ��¹淶��ͻ��һ��ڼ��ڲ��һ��ݡ�1
2.16.840.1.113730.3.4.19	��󡪱��Ӧ��ɽ�ɫ�ͷ��๦��ɵ��ԡ�

1Ӧ�ó��ʹ��κ�һ��Ѵ��Ȩ�ؼ��}�ֿؼ�� OID ��ԣ�Ӧ�þ��ͬ��t�Ӳ��ԡ��й��ϸ��Ϣ��ڼ�j�� LDAP �ؼ��

��t�Ӳ��

��Ƿ��ʹ��ڲ��κ��Ի��ܵ�Ԫ��磬��ͱ��Ϊ��ڴ��ԣ�Ҫִ��񣬱��Ŀ¼��ݣ��(��ݻ�洢��Ŀ¼�е��û��ݡ�

Ĭ��£��t��κη��Ҫ��t�ӵĺ�׺��ȷ��t�ӡ��ɷ��t��ݵ�� DN �г��¡�

��ʹ�ÿ��̨��t�ӵĺ�׺��Զ�̷��ϵ� ACI ��һ��Ȩ��t�ӡ��t�ӷ��ʱ��ڴ� ACI ��ȡ�ͱȽϣ��Ա��ִ��Щ��⣬ĳЩ��Ҫ��Զ�̷��ϵ�д��Ȩ�ޣ��б��

cn=ACLPlugin,cn=plugins,cn=config��ACL ��ʵ�ַ��ʿ��ƹ��ܡ��t��ڼ��͸�� ACI ��ԵĲ��Ϊ��ϱ��غ�Զ�� ACI ��Բ��ȫ��t��ڷ��û��Ŀ��й� ACI ��t�ӵ��ƵĽ�һ��Ϣ��ACI ��ơ��

cn=oldplugin,cn=plugins,cn=config��˲�� Directory Server 4.x ��Լ��Ƿ��t�ӡ�4.x ��ͬһt�Ӳ��ԡ��Ҫ��Զ�̷��ϸ�� 4.x ��ִ�еĲ�� ACI��

cn=resourcelimits,cn=components,cn=config��û�� DN ��Դʹ��ơ��t�Ӵ��ʱ��ɶ��ݴ洢��t�Ӻ�׺�е��û�ǿ��ִ��Դ��ơ�

cn=certificate-basedauthentication,cn=components,cn=config��ʹ�� SASL �ⲿ�󶨷��ʱʹ�ô��Զ�̷��û�֤�顣



��	��t�ӵĺ�׺��֤��֤��ɰ�ȫ©��׺t�ӵ��ε�Զ�̷��η��ϵ�֤��֤��

cn=referential integritypostoperation,cn=plugins,cn=config��ò��ȷ��һ��Ŀ��ɾ��ᴫ�� DN ��Ŀ��Ա�б?��Աλ��t�ӵĺ�׺��ʱ��t��ʹ�ô˲��ڼ򻯾�̬��Ĺ��?��˲��t�ӵĺ�׺ʱ��Ҫ��Զ�̷��ϵ�дȨ�ޡ�

cn=uiduniqueness,cn=plugins,cn=config��UID Ψһ�Բ��ȷ��ָ��Ե��ֵ�ڷ��϶��Ψһ�ġ��˲��t�ӽ�ȷ��Ŀ¼��е�Ψһ�ԡ�



ע	��ܱ�t�ӣ� ��ɫ�� �� ��Ʋ��

ʹ�ÿ��̨�޸�t�Ӳ��

�� Directory Server Console �ġ��á�ѡ��ϣ�ѡ��ݡ��ڵ㣬��Ҳ��ѡ��t�ӡ�ѡ���

��Ҳ��б��ѡ��һ�� LDAP �ؼ��Ȼ�󵥻��ӡ��t�ӡ�ʹ�á��ӡ��͡�ɾ��ť��t�ӵĿؼ��б?

�� OID �г� LDAP �ؼ��LDAP �ؼ��t�Ӳ��ԡ��Ի�ȡÿ��ؼ��ƺ�˵��

��t�ӵķ��ͬһѡ��ĵ׶ˡ��Ҳ��б��ѡ��һ��ƣ�Ȼ�󵥻��ӡ��t�ӡ�ʹ�á��ӡ��͡�ɾ��ť��t�ӵ��б?

��t�Ӳ��ԡ��Ի�ȡÿ��˵��

��桱�Ա��t�Ӳ��ԡ�

��ʹ��Ч��

��޸�t�Ӳ��

�� cn=config,cn=chaining database,cn=plugins,cn=config ��Ŀ��t�Ӳ��õ��ԡ�ʹ�� ldapmodify ��༭��Ŀ��

�޸� nsTransmittedControls ��ֵ��ԣ��ʹ��t�ӵ� LDAP �ؼ�� OID��LDAP �ؼ��t�Ӳ��ԡ��Ի�ȡ��пɱ�t�ӵĿؼ�� OID��

��磬����Ч��Ȩ�޿ؼ��ӵ��t�ӿؼ��б��У�

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn: cn=config,cn=chaining database,cn=plugins,cn=config
changetype: modify
add: nsTransmittedControls
nsTransmittedControls: 1.3.6.1.4.1.42.2.27.9.5.2
^D

��ͻ��Ӧ�ó��ʹ��Զ��ؼ��ϣ��t�ӣ��Ҳ�ɽ�� OID ��ӵ� nsTransmittedControls ��ԡ�

�޸� nsActiveChainingComponents ��ֵ��ԣ��ʹ��t�ӵķ�� DN��t�Ӳ��ԡ��Ի�ȡÿ��˵��

��磬����ӵ��t��б��У�

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn: cn=config,cn=chaining database,cn=plugins,cn=config
changetype: modify
add: nsActiveChainingComponents
nsActiveChainingComponents: cn=referential integrity
postoperation,cn=components,cn=config
^D

һ��޸��t�Ӳ��Ŀ��ͱ��ʹ��Ч��

��û��t�ӵĺ�׺

ĳЩʱ��ά��ȫԭ��Ҫʹ��t�ӵĺ�׺��á��ú�׺�ɷ�ֹ��Զ�̷��j��Ӧ�κ��ͼ��ʺ�׺�Ŀͻ��Ĭ��ã��ڿͻ��Է��ѽ��õĺ�׺ʱ��ظ�Ĭ��á�

ʹ�ÿ��̨��û��t�ӵĺ�׺

�� Directory Server Console �Ķ��á�ѡ��ϣ�չ��ݡ��ڵ㣬Ȼ��ѡ��Ҫ��õ��t�Ӻ�׺��

��Ҳ��ѡ��á�ѡ���Ĭ��£��t�ӵĺ�׺�ڴ��ʱ��á�

ȡ��ѡ�С��öԸú�׺�ķ��Ȩ�ޡ��ѡ��Խ��ô˺�׺��ѡ�д˸�ѡ��ô˺�׺��

��桱Ӧ�ø�Ĳ�b��û��ô˺�׺��

��н��û��ú�׺

��༭��t�ӵĺ�׺��Ŀ�е� nsslapd-state ��ԣ�

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn: cn=suffixDN,cn=mapping tree,cn=config
changetype: modify
replace: nsslapd-state
nsslapd-state: disabled or backend
^D

��У�suffixDN Ϊ��׺ DN ��ʱ��ַ��(�ո��б�� (\) �Ա��ֵ��ʹ�ö��š�� nsslapd-state ��Ϊֵ disabled �ɽ��ú�׺��Ϊֵ backend ��ʵ��ȫ��ʡ�

�ɹ�ִ��󣬽�b��ú�׺��

��ѡ�أ��ô˺�׺ʱ��Ҳ��Ϊ�Դ˺�׺ִ�е��в��ý��ص�ȫ��Ĭ��á��й��ϸ��Ϣ��Ĭ��á��

��÷��Ȩ�޺��

��Ҫ��ƶ��l�Ӻ�׺�ķ��ʶ��ȫ��޸ķ��Ȩ��ֻ�w��ʡ��ڴ��£��붨��һ��ã��д��ͬʱ�ܾ��д��ʣ�Ϊ�Ժ�׺ִ�е��в��á�

ʹ�ÿ��̨��÷��Ȩ�޺��

�� Directory Server Console �Ķ��á�ѡ��ϣ�չ��ݡ��ڵ㣬Ȼ��ѡ��Ҫ��õ��t�Ӻ�׺��

��Ҳ��ѡ��á�ѡ���t�ӵĺ�׺��ֻ��Ȩ�޺��á�

ѡ��ĳһ��ѡ��ť��öԴ˺�׺��Ŀ��κ�д��ʱ��Ӧ��

��д��Ĭ��½�ѡ��˵�ѡ��ť��Ϊ��ȡ��д��ת��Զ�̷��ؿͻ��Զ��ã��Ὣ��Ƿ��ص��ͻ��

��󲢷��д��á��ת��󲢽��ؿͻ��б��뽫��Ϊд��÷��ص�һ�� LDAP URL��

Ϊ��д��󷵻��á��б��뽫��Ϊ��в��÷��ص�һ�� LDAP URL��Ϊ��ڽ��öԺ�׺�ķ��ʣ��ͬ��ǣ��Ϊ��Ϊ�˺�׺ר�Ŷ��ã��ʹ��ȫ��Ĭ��á�

ͨ��ӡ��͡�ɾ��ť�༭��б?��ӡ��ť��ʾһ��Ի��ڴ��õ� LDAP URL��Զ�̷��д��κη�֧�� DN ��á��й� LDAP URL �ṹ��ϸ��Ϣ��ġ�Directory Server Administration Reference��е� Chapter 5 "LDAP URL Reference"��

��á��Ŀ¼��ش��б��е��ã��Ӧ4�Կͻ��Ӧ�ó��

��桱Ӧ�ø�Ĳ�b��ʼִ��µ�Ȩ�޺��á�

ʹ�ÿ��̨��÷��Ȩ�޺��

��У�suffixDN ��t�Ӻ�׺��ʱ��ַ��(��пո�LDAPURL ��Ч�� URL��˿ںź�Ŀ�� DN��磺

ʹ��༭��t�ӵĺ�׺��Ŀ��

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn: cn=suffixDN,cn=mapping tree,cn=config
changetype: modify
replace: nsslapd-state
nsslapd-state: referral on update or referral
-
add: nsslapd-referral
nsslapd-referral: LDAPURL
^D

��ظ��һ��Խ� LDAP URL ��κ��ӵ� nsslapd-referral ��С�

�˺�׺��Ϊֻ�{򲻿ɷ��ʣ��׼��ڳɹ�ִ��b��á�

�޸�t�Ӳ��

һ��t�ӵĺ�׺��Ϳ��޸Ŀ��t�ӵĲ��ָ��η��Զ�̷��θ��ڴ�� DN��θ��Զ�̷��޸��ܲ��Щ��Ʒ��ν�b��ά��t�ӷ��l�ӡ�

ʹ�ÿ��̨�޸�t�Ӳ��

�� Directory Server Console �Ķ��á�ѡ��ϣ�չ��ݡ��ڵ㣬Ȼ��ѡ��Ҫ�޸ĵ��t�Ӻ�׺��

��Ҳ��ѡ��Զ�̷��ѡ���

Ҫ��Զ�̷��ƻ�˿ڣ��޸ġ�Զ�̷�� URL��ֶΡ�� URL ��¸�ʽ��һ��Զ�̷��Ϳ�ѡ�˿ںţ�

ldap[s]://hostname[:port][ hostname[:port]].../

�� URL ��(�κκ�׺��Ϣ��й�ָ��ȫ�˿ڵ��Ϣ��ʹ�� SSL t�ӡ�� URL �еĵ�һ��Ӧt��ʧ��ʱ��г��˳�� URL �е��jϵ�� LDAP URL ��г��Զ�̷�� suffixDN��t�Ӻ�׺�Ļ��Ŀ��

Ҫ��Ĵ��û�� DN��ڡ�� DN��ֶ��һ��ֵ��ڡ���ֶ��벢ȷ�ϴ� DN ��Ӧ��

proxyDN ��Զ�̷��ϵ��û�� DN��Զ�̷��Ϻ�׺��ʱ��ط�� DN ��?ͨ��t�Ӻ�׺ִ�еĲ�� creatorsName �� modifiersName ��ʹ�ô˴��ݡ��δָ��DN��ط��ڷ��Զ�̷��ʱ��а󶨡�

ѡ��ײ��ı��ʾ��t�Ӵ˺�׺��Ҫ�� ACI��Զ�̷�� URL��뽫�� ACI ��ӵ�� suffixDN λ��µ�һ̨��̨Զ�̷��ϵ��Ŀ�С��޸��˴�� DN, ��Ӧ��t�ӷ��ϵ� ACI��ʹ�á�� ACI��ť�� ACI �ı��Ƶ�ϵͳ�ļ��Ͻ��ճ��

ѡ��ƺͿ��ơ�ѡ���t��Ĳ��ü�jt�ӡ��˼�jt�Ӳ��

��á��ƿͻ��ء��t�Ӳ��Ĵ�С��ʱ�䣺

��ط�Χ��á��Χ��ȫ��t�Ӻ�׺�е��Ч�ʵ͵��Ϊ��}�Ρ�Ĭ��£��ض��t�ӷ��ã�ǿ�ƿͻ��ֱ��t�ӷ��ִ��ȡ��ѡ��ѡ���Ӧ��²��ƽ��t�ӵĽ��Ĵ�С��

��С��ƻ��޴�С��ơ��˲��ȷ��Ϊ��Ӧ��t�ӵ��ص��Ŀ��Ĭ��ֵ��С�� 2000 ��Ŀ��Ҫ��ƶ��漰��t�Ӻ�׺��д�Χ��뽫�˲��Ϊ�ϵ͵�ֵ��κ��£��Զ�̷��ϵ��κδ�С��ơ�

ʱ��ƻ��ʱ��ơ��˲��t�Ӳ��ʱ�䳤�ȡ�Ĭ��ʱ�� 3600 �루1 Сʱ��Ҫ��ƶ��t�Ӻ�׺ִ�в��ʱ�䣬�򽫴˲��Ϊ�ϵ͵�ֵ��κ��£��Զ�̷��ϵ��κ�ʱ��ơ�

��á�l�ӹ��?��Կ��Ʒ��ι��l��Լ��Զ�̷��İ󶨣�

�� LDAP l��t�ӵĺ�׺ͨ��Զ�̷��Խ�b��ͬʱ�� LDAP ��l��Ĭ��ֵ�� 10 ��l�ӡ�

��İ�l��t�ӵĺ�׺ͨ��Զ�̷��Խ�b��ͬʱ��İ�l��Ĭ��ֵ�� 3 ��l�ӡ�

ÿ��l��İ��ÿ�� LDAP l��ͬʱ�󶨲��Ĭ��ֵ��ÿ��l�� 10 ��ͻ��󶨲��

��İ��Դ��ʱ��t�ӵĺ�׺��°󶨵�Զ�̷��ϵĴ��ֵ 0 ��ʾ��t�ӵĺ�׺��԰�һ�Ρ�Ĭ��ֵΪ�� 3 �Ρ�

ÿ��l��Ĳ��ÿ�� LDAP l��ͬʱ��Ĭ��ֵ��ÿ��l�� 10 ��

�󶨳�ʱ��ް󶨳�ʱ��t�ӷ��ϰ󶨳��Գ�ʱ֮ǰ��ʱ�䳤�ȣ��Ϊ��λ��Ĭ��ֵΪ 15 �롣

��ǰ�ĳ�ʱ��޳�ʱ��Ƿ��ѷ��ĳ��֮ǰ��Ĭ��ֵΪ 2 �롣

l��ڻ��ơ��t�ӵĺ�׺��Զ�̷��֮��l�ӱ��ִ�״̬�Ա��ʹ�õ�ʱ�䳤�ȡ��l�ӱ��Ϊ��״̬��Լӿ��ٶȣ��Ҫʹ�ø��Դ��磬��ʹ�ò��l�ӣ��ϣ��l��ʱ�䡣Ĭ��£�l�Ӳ��ơ�

��޷�ͨ��̨��ȡ��޸�t�Ӳ��

��t�Ӳ��ú��뵥��桱��

��޸�t�Ӳ��

ʹ��༭��Ӧ��Ҫ�޸ĵĺ�׺��t��Ŀ��

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn: cn=databaseName,cn=chaining database,cn=plugins,cn=config
changetype: modify
replace: attributeName
attributeName: attributeValue
-
replace: attributeName2
attributeName2: attributeValue2
...
^D

��²��˵��˿��ܵ��ֵ��а�(��䣬�Ա�һ�θ��

�޸� nsfarmserverURL ��Ը��Զ�̷��ƻ�˿ڡ��ֵΪ��¸�ʽ��һ��Զ�̷��Ϳ�ѡ�˿ںŵ� URL��

ldap[s]://hostname[:port][ hostname[:port]].../

�޸� nsmultiplexorBindDN �� nsmultiplexorCredentials ��Ը��ڴ��Զ�̷�� DN��

��Զ�̷��Ϻ�׺��ʱ��ط�� DN ��?ͨ��t�Ӻ�׺ִ�еĲ�� creatorsName �� modifiersName ��ʹ�ô˴��ݡ��δָ��DN��ط��ڷ��Զ�̷��ʱ��а󶨡�

��޸Ĵ�� DN ��ƾ֤��Զ�̷��ϴ��Ӧ�� ACI��Ҫ�� ACI ��ͨ��t��ִ�д��

��Ĭ��t�Ӳ��κ��ԣ��Կ��Զ�̷��ϵ�l�ӺͲ��?��ü�jt�ӡ��н�һ��˵��˼�j��

�Ż��߳�ʹ��

Ҳ��÷��ȫ��ʹ�õ��߳��Կ��t�ӵ��߳��Դ��t�ӵĲ��ܻ�ռ�úܳ�ʱ�䣬��Ϊ��뽫��ת��Զ�̷��Զ�̷��ʱ��ǵ��߳�Ϊ��״̬��t�ӵķ��ӳ٣��Ӧ��߳��Ա��и��Դ��ͬʱ��?�ز��

Ĭ��£��ʹ�õ��߳��Ϊ 30 ��ǣ��ʹ��t�ӵĺ�׺ʱ��ͨ��ӿ��ڴ��߳��4��ܡ��t�Ӻ�׺��ִ�еĲ��Ͳ��ͣ��Լ��Զ�̷��ϴ��Ҫ��ƽ��ʱ��4ȷ��Ҫ��߳��

ͨ��Ӧ��ÿ��t�Ӻ�׺��߳�� 5 �� 10 ��ٶ��t�ӵĺ�׺��뱾�غ�׺��ͬ��Ĳ��Ŀ�꣩��

ʹ�ÿ��̨��߳��Դ

�� Directory Server Console �Ķ��á�ѡ��ϣ��ܡ��ڵ㣬Ȼ��Ҳ��ѡ��ѡ���

�ڡ��߳��ֶ��ֵ��

��ȷ��Ա��ģ��ȷ��Ҫ��ʹ��Ч��Ϣ��

�� Directory Server ��ʹ��µ��߳��

��߳��Դ

ʹ��༭ȫ��Ŀ��޸��߳��

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn: cn=config
changetype: modify
replace: nsslapd-threadnumber
nsslapd-threadnumber: newThreadNumber
^D

�� Directory Server ��ʹ��µ��߳��

ɾ��t�ӵĺ�׺

ɾ��һ��t�ӵĺ�׺��ʹ�䲻��ͨ��Ŀ¼��ʣ��ɾ��t�ӷ��ϵ��Ŀ��׺��ɾ��׺��Ӻ�׺��Ϊ�µĸ��׺��Ŀ¼�С�

ʹ�ÿ��̨ɾ��t�ӵĺ�׺

�� Directory Server Console �ġ��á�ѡ��ϣ�չ��ݡ��ڵ㡣

�Ҽ��Ҫɾ��ĺ�׺��ӵ��˵��ѡ��ɾ��

��ߣ��ѡ��׺�ڵ㣬��ӡ��󡱲˵��ѡ��ɾ��

��ȷ�϶Ի��򣬸�֪��ͨ��t�Ӻ�׺��ʵ��Ŀ������Զ��Ŀ¼��ɾ��

��ȷ��ɾ��˺�׺��

��ʾ��̶Ի��򣬸�֪��Щ��ɿ��̨��ɡ�

��ɾ��׺

��Ҫɾ��Ӻ�׺��֧��ҵ��ɾ��ĸ��׺��Ӻ�׺��ÿ��׺��ܵ��Ӻ�׺�ظ��˹�̡�

ʹ��ɾ��׺��Ŀ��

ldapdelete -h host -p port -D "cn=Directory Manager" -w password
cn=suffixDN,cn=mapping tree,cn=config

��ʹ��t�Ӻ�׺��Զ��Ŀ��Ŀ¼��Ҳ��ɼ�

ɾ��λ�� cn=databaseName,cn=chaining database,cn=plugins,cn=config �е��Ӧ��ݿ��Ŀ��ļ��Ŀ��

ldapdelete -h host -p port -D "cn=Directory Manager" -w password
cn=monitor,cn=dbName,cn=chaining database,cn=plugins,cn=config
cn=dbName,cn=chaining database,cn=plugins,cn=config

��ü�jt��

�ڼ�jt��У��һ��t�ӵ��Ҳ��һ��t�Ӻ�׺��t�ӵ��Ӻ�׺��һ��е��t�Ӻ�׺ʱ��ת��м��м��jϵ��Դ��ơ��ۺ�ʱ��Ķ��һ��Ծ��ķ��ļ�jt�Ӷ��Ŀ¼��е��ݡ�

��磬��ͼ��ʾ��Ŀ ou=People,l=Europe,dc=example,dc=com �ķ��δӷ�� A t�ӵ�� B��󵽴�� C�� A ��׺ dc=example,dc=com��Լ��֧ l=Europe,dc=example,dc=com �ĵ�� B ��t��Ӻ�׺�� B ��Ŀ l=Europe,dc=example,dc=com��֧ ou=People,l=Europe,dc=example,dc=com �ǵ�� C ��t��Ӻ�׺�� C ʵ�ʰ��Ŀ ou=People,l=Europe,dc=example,dc=com

��ü�j��

��з��Ӧ��ѭ��⣬�Ա��⵽t��е��κ��ѭ��δ��ѭ��⣬ѭ��еķ��ͣ��ѭ��ת��ֱ��ء�

Ӧ��м��t�Ӻ�׺��ó��91�� ACI��ͨ��t�Ӻ�׺�ĵ�һ��δ��д˲��

ʹ�ÿ��̨��ü�j��

�� Directory Server Console �Ķ��á�ѡ��ϣ�չ��ݡ��ڵ㣬Ȼ��ѡ��Ҫ�޸ĵ��t�Ӻ�׺��

��Ҳ��У�ѡ��ƺͿ��ơ�ѡ���ڴ˴��޸ļ�jt�Ӳ��

�ڼ�jt��е��м��ϣ�ѡ�м�鱾�� ACI �ĸ�ѡ��

�ڵ��t��У�δѡ�д˸�ѡ��Ϊ�û��ķ��Ȩ�޲��ڵ�һ��9#��ڵڶ��ͨ��9!��ǣ��ڼ�jt�ӵ��м��ϣ�� ACI ��ٴ�ת��֮ǰִ�з��ʿ��ơ�

�ڼ�jt��е��з��ϣ��t�Ӳ��Ծ��ÿ�ν�ͬһ��ת��һ��t�Ӻ�׺��Ϊһ��Ծ�㣬��ﵽ��Ծ��ʱ��t�Ӻ�׺��ת��

Ӧ��һ����jt��Ծ��֡��дﵽ��ƵĲ��Ϊ��ٶ��Ϊ��е�һ��ѭ��

��t��ѭ��ƣ��ڼ�j�� LDAP �ؼ��

��ɼ�j��ú��뵥��桱��

��ü�j��

��м��ϣ�ʹ��༭��ڼ�j��׺��t��Ŀ��

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn: cn=databaseName,cn=chaining database,cn=plugins,cn=config
changetype: modify
replace: nsCheckLocalACI
nsCheckLocalACI: on
-
changetype: modify
replace: nsHopLimit
nsHopLimit: maximumHops
^D

Ӧ�� maximumHops ��Ϊ����jt��е�Ծ��дﵽ��ƵĲ��Ϊ��ٶ��Ϊ��е�һ��ѭ��t��ѭ��ƣ��ڼ�j�� LDAP �ؼ��

�ڼ�jt��е��ϣ�ʹ��༭��ڼ�j��׺��t��Ŀ��

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn: cn=databaseName,cn=chaining database,cn=plugins,cn=config
replace: nsHopLimit
nsHopLimit: maximumHops
^D

��У�maximumHops ��һ��ͬ�Ķ��塣

��ڼ�j�� LDAP �ؼ�

Ĭ��£��t�ӵĺ�׺��䡰��Ȩ��ؼ��ǣ��һ��t�Ӻ�׺��һ��׺jϵʱ��Ҫ�ô˿ؼ�4��Զ�̷��ϵķ��ʿ��û��ʶ��м��t�Ӻ�׺��t�Ӵ˿ؼ��

��Ϊ��Ȩ��ؼ��ڶ��Э�顣��Ϊ��ͬ��汾��ʹ��}�ֿؼ�֮һ��Ӧ��м�j��t��¾�}�֡��Ȩ��ؼ��

��ѭ��⡱�ؼ�Ҳ�Ǽ�jt��з�ֹѭ��Ŀؼ��Ĭ��£��˿ؼ��t�ӵĲ��ת��Ӧ�Ը��ý��֤��˿ؼ�t�ӣ��򽫲��κ��漰�÷��ѭ��

��һ�� Ŀ¼ �� һ��
Sun Java(TM) System Directory Server 5 2004Q2 ��ָ��

�� 3 �� ����Ŀ¼��

������׺

ʹ�ÿ���̨�����µĸ��׺

ʹ�ÿ���̨�����µ��Ӻ�׺

�������д�����׺

�����׺

���û����ú�׺

ʹ�ÿ���̨���û����ú�׺

�������н��û����ú�׺

���÷���Ȩ�޺�����

ʹ�ÿ���̨���÷���Ȩ�޺�����

�����������÷���Ȩ�޺�����

ɾ���׺

ʹ�ÿ���̨ɾ���׺

��������ɾ���׺

������t�ӵĺ�׺

�����������

ʹ�ÿ���̨�����������

�������д����������

����Ĭ��t�Ӳ���

�ͻ���ز���

��jt�Ӳ���

l�ӹ������

���������

ʹ�ÿ���̨����Ĭ��t�Ӳ���

������������Ĭ��t�Ӳ���

ʹ�ÿ���̨������t�ӵĺ�׺

�������д�����t�ӵĺ�׺

ͨ����t�ӵĺ�׺���еķ��ʿ���

ʹ�� SSL t��

������t�ӵĺ�׺

����t�Ӳ���

LDAP �ؼ���t�Ӳ���

�����������t�Ӳ���

ʹ�ÿ���̨�޸�t�Ӳ���

���������޸�t�Ӳ���

���û�������t�ӵĺ�׺

ʹ�ÿ���̨���û�������t�ӵĺ�׺

�������н��û����ú�׺

���÷���Ȩ�޺�����

ʹ�ÿ���̨���÷���Ȩ�޺�����

ʹ�ÿ���̨���÷���Ȩ�޺�����

�޸�t�Ӳ���

ʹ�ÿ���̨�޸�t�Ӳ���

���������޸�t�Ӳ���

�Ż��߳�ʹ��

ʹ�ÿ���̨�����߳���Դ

�������������߳���Դ

ɾ����t�ӵĺ�׺

ʹ�ÿ���̨ɾ����t�ӵĺ�׺

��������ɾ���׺

���ü�jt��

���ü�j����

ʹ�ÿ���̨���ü�j����

�����������ü�j����

�������ڼ�j�� LDAP �ؼ�

�� 3 ��
��Ŀ¼��

��׺

ʹ�ÿ��̨��µĸ��׺

ʹ�ÿ��̨��µ��Ӻ�׺

��д��׺

��׺

��û��ú�׺

ʹ�ÿ��̨��û��ú�׺

��н��û��ú�׺

��÷��Ȩ�޺��

ʹ�ÿ��̨��÷��Ȩ�޺��

��÷��Ȩ�޺��

ɾ��׺

ʹ�ÿ��̨ɾ��׺

��ɾ��׺

��t�ӵĺ�׺

��

ʹ�ÿ��̨��

��д��

��Ĭ��t�Ӳ��

�ͻ��ز��

��jt�Ӳ��

l�ӹ��

��

ʹ�ÿ��̨��Ĭ��t�Ӳ��

��Ĭ��t�Ӳ��

ʹ�ÿ��̨��t�ӵĺ�׺

��д��t�ӵĺ�׺

ͨ��t�ӵĺ�׺��еķ��ʿ��

��t�ӵĺ�׺

��t�Ӳ��

LDAP �ؼ��t�Ӳ��

��t�Ӳ��

ʹ�ÿ��̨�޸�t�Ӳ��

��޸�t�Ӳ��

��û��t�ӵĺ�׺

ʹ�ÿ��̨��û��t�ӵĺ�׺

��н��û��ú�׺

��÷��Ȩ�޺��

ʹ�ÿ��̨��÷��Ȩ�޺��

ʹ�ÿ��̨��÷��Ȩ�޺��

�޸�t�Ӳ��

ʹ�ÿ��̨�޸�t�Ӳ��

��޸�t�Ӳ��

ʹ�ÿ��̨��߳��Դ

��߳��Դ

ɾ��t�ӵĺ�׺

ʹ�ÿ��̨ɾ��t�ӵĺ�׺

��ɾ��׺

��ü�jt��

��ü�j��

ʹ�ÿ��̨��ü�j��

��ü�j��

��ڼ�j�� LDAP �ؼ�