|
| |
| Sun Java System Identity Synchronization for Windows 1 2004Q3 安装和配置指南 | |
附录 B
LinkUsers XML 文档范例本附录提供两个 XML 配置文档范例,它们可与 idsync resync 子命令共用,以链接部署中的现有用户。
下列两个文件都可以在安装“核心”的子目录 samples1 中获得:
- 范例 1:linkusers-simple.cfg(普通简单配置示例)
- 范例 2:linkusers.cfg(较复杂的配置示例,说明指定链接条件的全部功能)
您可以修改这些示例,使其适合您的环境。这两个文件均包含解释如何修改示例以链接用户的注释 — 包括如何链接多个 SUL 中的用户。
范例 1:linkusers-simple.cfg<!--
Copyright 2004 Sun Microsystems, Inc. All rights reserved
Use is subject to license terms.
-->
<!--
This xml file is used to link Windows and Sun Directory Server users from the command
line.It is passed to the ’idsync resync’ script as the -f option.This is a simple file that links users in the SUL1 synchronization user list that have
the same login name, that is the Directory Server uid attribute matches the Active
Directory samaccountname attribute.For more complex matching rules, see the linkusers.cfg sample.
-->
<UserLinkingOperationList>
<UserLinkingOperation parent.attr="UserLinkingOperation" sulid="SUL1">
<UserMatchingCriteria parent.attr="UserMatchingCriteria">
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="uid"/>
<AttributeDescription parent.attr="WindowsAttribute" name="samaccountname"/>
</AttributeMap>
</UserMatchingCriteria>
</UserLinkingOperation>
</UserLinkingOperationList>
范例 2:linkusers.cfg<?xml version =”1.0” encoding=”UTF-8”?>
<!--
Copyright 2004 Sun Microsystems, Inc. All rights reserved
Use is subject to license terms.-->
<!--
This xml file is used to link Windows and Sun Directory Server users from
the command line. It is passed to the 'idsync resync' script as the -f option.-->
<!--
The following parameters allowLinkingOutOfScope: if true, then Windows users can be
linked to Sun Directory Server users that are outside of the users' Synchronization
User List. Default is false.-->
<UserLinkingOperationList allowLinkingOutOfScope="false">
<!--
UserLinkingOperation encapsulates the configuration of a single SUL to link.
It includes the SUL ID and a list of attributes to match.
A separate UserLinkingOperation must be specified for each SUL being linked.-->
<UserLinkingOperation parent.attr="UserLinkingOperation" sulid="SUL1"><!--
UserMatchingCriteria encapsulates a list of attributes that must match for a user
to be linked. --><!--
For two users to match using this UserMatchingCriteria, they must have the same
givenName and the same sn. --><UserMatchingCriteria parent.attr="UserMatchingCriteria">
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="sn"/>
<AttributeDescription parent.attr="WindowsAttribute" name="sn"/>
</AttributeMap>
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="givenName"/>
<AttributeDescription parent.attr="WindowsAttribute"
name="givenName"/>
</AttributeMap>
</UserMatchingCriteria><!--
Multiple UserMatchingCriteria can be specified for a single SUL. They are treated as
a logical OR. In this example, (the givenName's and sn's must match (see above)) OR
(the employee(Number|ID) must match), for the user to be linked. Notice that attribute
that is specified, employeeNumber, is the name of the DS attribute. --><!--
This UserMatchingCriteria is commented out because employeeNumber is not an indexed
attribute in DS. All attributes used in a UserMatchingCriteria should be indexed.<UserMatchingCriteria parent.attr="UserMatchingCriteria">
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="employeeNumber"/>
<AttributeDescription parent.attr="WindowsAttribute" name="employeeID"/>
</AttributeMap>
</UserMatchingCriteria>-->
</UserLinkingOperation>
<!--
When multiple SULs are linked, a separate UserLinkingOperation is specified
for each. As shown here, each UserLinkingOperation can use different
UserMatchingCriteria: in this example, users in SUL2 are only linked if their
sn and employeeNumber match.Note: this UserLinkingOperation is currently commented out because
the example configuration only has a single SUL.<UserLinkingOperation parent.attr="UserLinkingOperation" sulid="SUL2">
<UserMatchingCriteria parent.attr="UserMatchingCriteria">
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="sn"/>
<AttributeDescription parent.attr="WindowsAttribute" name="sn"/>
</AttributeMap>
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="employeeNumber"/>
<AttributeDescription parent.attr="WindowsAttribute" name="employeeID"/>
</AttributeMap>
</UserMatchingCriteria>
</UserLinkingOperation>
--></UserLinkingOperationList>