test

Sun Java System Access Manager 7 2005Q4 管理指南

Procedure若要新增其他的配置

步驟

  1. 撰寫一個 XML 檔案,其中包含完整屬性集和次要 (或第三) LDAP 認證配置需要的新值。

    檢視 amAuthLDAP.xml (位於 etc/opt/SUNWam/config/xml) 就可以參照可用的屬性。此 XML 檔案於此步驟中建立,然而,不像 amAuthLDAP.xml,它是以 amadmin.dtd 的結構為基礎。任何或是全部屬性都能定義給這個檔案。程式碼範例 1-2 為子配置檔案的範例,其包括 LDAP 認證配置可用的所有屬性值。


    <?xml version="1.0" encoding="ISO-8859-1"?>

<!--

  Copyright (c) 2002 Sun Microsystems, Inc. All rights reserved.

  Use is subject to license terms.

-->

<!DOCTYPE Requests

    PUBLIC "-//iPlanet//Sun ONE Access Manager 6.0 Admin CLI DTD//EN"

    "jar://com/iplanet/am/admin/cli/amAdmin.dtd"

>

<!--

  Before adding subConfiguration load the schema with

GlobalConfiguration defined and replace corresponding

 serviceName and subConfigID in this sample file OR load

 serviceConfigurationRequests.xml before loading this sample

-->

<Requests>

<realmRequests DN="dc=iplanet,dc=com">

    <AddSubConfiguration subConfigName = "ssc"

        subConfigId = "serverconfig"

        priority = "0" serviceName="iPlanetAMAuthLDAPService">



              <AttributeValuePair>

            <Attribute name="iplanet-am-auth-ldap-server"/>

            <Value>vbrao.red.iplanet.com:389</Value>

        </AttributeValuePair>

        <AttributeValuePair>

            <Attribute name="iplanet-am-auth-ldap-base-dn"/>

            <Value>dc=iplanet,dc=com</Value>

        </AttributeValuePair>

        <AttributeValuePair>

            <Attribute name="planet-am-auth-ldap-bind-dn"/>

            <Value>cn=amldapuser,ou=DSAME Users,dc=iplanet,dc=com</Value>

        </AttributeValuePair>

        <AttributeValuePair>

            <Attribute name="iplanet-am-auth-ldap-bind-passwd"/>

            <Value>

                  plain text password</Value>

        </AttributeValuePair>

        <AttributeValuePair>

            <Attribute name="iplanet-am-auth-ldap-user-naming-attribute"/>

            <Value>uid</Value>

        </AttributeValuePair>

        <AttributeValuePair>

            <Attribute name="iplanet-am-auth-ldap-user-search-attributes"/>

            <Value>uid</Value>

        </AttributeValuePair>

        <AttributeValuePair>

            <Attribute name="iplanet-am-auth-ldap-search-scope"/>

            <Value>SUBTREE</Value>

        </AttributeValuePair>

        <AttributeValuePair>

            <Attribute name="iplanet-am-auth-ldap-ssl-enabled"/>

            <Value>false</Value>

        </AttributeValuePair>

        <AttributeValuePair>

            <Attribute name="iplanet-am-auth-ldap-return-user-dn"/>

            <Value>true</Value>

        </AttributeValuePair>

        <AttributeValuePair>

            <Attribute name="iplanet-am-auth-ldap-auth-level"/>

            <Value>0</Value>

        </AttributeValuePair>

        <AttributeValuePair>

            <Attribute name="iplanet-am-auth-ldap-server-check"/>

            <Value>15</Value>

        </AttributeValuePair>



    </AddSubConfiguration>



</realmRequests>

</Requests>

  2. 複製純文字密碼做為建立於步驟 1 之 XML 檔案中 iplanet-am-auth-ldap-bind-passwd 的值。

    此屬性的值於程式碼範例中以粗體顯示。

  3. 使用 amadmin 指令行工具載入 XML 檔案。


    ./amadmin -u amadmin -w administrator_password -v -t name_of_XML_file.

    請注意此次要 LDAP 配置無法使用主控台顯示或修改。

    提示 –

    這是多重 LDAP 配置可用的範例。請參閱 /AccessManager-base /SUNWam/samples/admin/cli/bulk-ops/ 中的 serviceAddMultipleLDAPConfigurationRequests .xml 指令行範本。可於 /AccesManager-base /SUNWam/samples/admin/cli/Readme.html 取得指示。