上一頁      目錄      索引      下一頁
Sun Java System Identity Synchronization for Windows 1 2004Q3 安裝與配置指南

附錄 B
LinkUsers XML 文件範例

本附錄提供了兩個 XML 配置文件的範例，您可將其與 idsync resync 子指令配合使用，連結您的部署中現有的使用者。

下列兩個檔案均可從您安裝核心元件的 samples1 子目錄下取得：

範例 1：linkusers-simple.cfg (常見的簡易配置範例)
範例 2：linkusers.cfg (較複雜的配置範例，充分展示了指定連結條件的強大功能)

您可修改這些範例，使其適用於您的環境。這兩個檔案中包含的註解可以說明如何修改範例，來連結您的使用者 (包括如何連結多個 SUL 中的使用者)。

---

範例 1：linkusers-simple.cfg

<!--

  Copyright 2004 Sun Microsystems, Inc. All rights reserved

  Use is subject to license terms.

-->

<!--

  This xml file is used to link Windows and Sun Directory Server users from the command
  line. It is passed to the ‘idsync resync’script as the -f option.

  This is a simple file that links users in the SUL1 synchronization user list that have
  the same login name, that is the Directory Server uid attribute matches the Active
  Directory samaccountname attribute.

  For more complex matching rules, see the linkusers.cfg sample.

-->

<UserLinkingOperationList>

  <UserLinkingOperation parent.attr="UserLinkingOperation" sulid="SUL1">

    <UserMatchingCriteria parent.attr="UserMatchingCriteria">

      <AttributeMap parent.attr="AttributeMap">

        <AttributeDescription parent.attr="SunAttribute" name="uid"/>

        <AttributeDescription parent.attr="WindowsAttribute" name="samaccountname"/>

      </AttributeMap>

    </UserMatchingCriteria>

  </UserLinkingOperation>

</UserLinkingOperationList>

---

範例 2：linkusers.cfg

<?xml version ="1.0" encoding="UTF-8"?>

<!--

  Copyright 2004 Sun Microsystems, Inc. All rights reserved
  Use is subject to license terms.

-->

<!--

  This xml file is used to link Windows and Sun Directory Server users from
    the command line. It is passed to the 'idsync resync' script as the -f option.

-->

<!--

  The following parameters allowLinkingOutOfScope: if true, then Windows users can be
  linked to Sun Directory Server users that are outside of the users' Synchronization
  User List. Default is false.

-->

<UserLinkingOperationList allowLinkingOutOfScope="false">

<!--
  UserLinkingOperation encapsulates the configuration of a single SUL to link.
  It includes the SUL ID and a list of attributes to match.
  A separate UserLinkingOperation must be specified for each SUL being linked.

-->
<UserLinkingOperation parent.attr="UserLinkingOperation" sulid="SUL1">

<!--
  UserMatchingCriteria encapsulates a list of attributes that must match for a user
  to be linked. -->

<!--
  For two users to match using this UserMatchingCriteria, they must have the same
  givenName and the same sn. -->

<UserMatchingCriteria parent.attr="UserMatchingCriteria">
  <AttributeMap parent.attr="AttributeMap">
    <AttributeDescription parent.attr="SunAttribute" name="sn"/>
    <AttributeDescription parent.attr="WindowsAttribute" name="sn"/>
  </AttributeMap>
  <AttributeMap parent.attr="AttributeMap">
    <AttributeDescription parent.attr="SunAttribute" name="givenName"/>
    <AttributeDescription parent.attr="WindowsAttribute"
    name="givenName"/>
  </AttributeMap>
</UserMatchingCriteria>

<!--
  Multiple UserMatchingCriteria can be specified for a single SUL.They are treated as
  a logical OR.In this example, (the givenName's and sn's must match (see above)) OR
  (the employee(Number|ID) must match), for the user to be linked.Notice that attribute
  that is specified, employeeNumber, is the name of the DS attribute. -->

<!--
  This UserMatchingCriteria is commented out because employeeNumber is not an indexed
  attribute in DS.All attributes used in a UserMatchingCriteria should be indexed.

  <UserMatchingCriteria parent.attr="UserMatchingCriteria">
    <AttributeMap parent.attr="AttributeMap">
      <AttributeDescription parent.attr="SunAttribute" name="employeeNumber"/>
      <AttributeDescription parent.attr="WindowsAttribute" name="employeeID"/>
    </AttributeMap>
  </UserMatchingCriteria>

-->

</UserLinkingOperation>

<!--
  When multiple SULs are linked, a separate UserLinkingOperation is specified
  for each.As shown here, each UserLinkingOperation can use different
  UserMatchingCriteria:in this example, users in SUL2 are only linked if their
  sn and employeeNumber match.

  Note:this UserLinkingOperation is currently commented out because
  the example configuration only has a single SUL.

<UserLinkingOperation parent.attr="UserLinkingOperation" sulid="SUL2">
  <UserMatchingCriteria parent.attr="UserMatchingCriteria">
    <AttributeMap parent.attr="AttributeMap">
      <AttributeDescription parent.attr="SunAttribute" name="sn"/>
      <AttributeDescription parent.attr="WindowsAttribute" name="sn"/>
    </AttributeMap>
      <AttributeMap parent.attr="AttributeMap">
        <AttributeDescription parent.attr="SunAttribute" name="employeeNumber"/>
        <AttributeDescription parent.attr="WindowsAttribute" name="employeeID"/>
    </AttributeMap>
  </UserMatchingCriteria>
</UserLinkingOperation>
-->

</UserLinkingOperationList>

上一頁      目錄      索引      下一頁

---

文件編號：817-7849。 Copyright 2004 Sun Microsystems, Inc. 版權所有。