Sun ONE Directory Server ��ָ��: �� 3 �� Ŀ¼��

Sun ONE Directory Server ��ָ��

�� 3 �� Ŀ¼��

Ŀ¼��е��Ŀ��ʶ�� (DN) ��ʶ��DN �Ĳ��Դ��֯��ݵķ�֧��Ҷ�ӡ�Ϊ�˹��Ŀ¼��պ�׺��Ӻ�׺��t�Ӻ�׺��֯��ʽ��ж��塣Directory Server ��̨�Դ��͹��ЩԪ�ؽ��п��ƣ��߿��ʹ��й��ߡ�

�й��֯Ŀ¼��ݵĸ��Ϣ�� Sun ONE Directory Server ��ָ��еĵ� 4 �¡��Ŀ¼��

��°��С�ڣ�

��

��׺

��׺

��t�ӵĺ�׺

��t�ӵĺ�׺

��ü�jt��

��

��׺��ȫ��ݶ��Ԫ�ķ�֧��磬Ϊ��ȫ��׺��ڵ��г�ʼ��ȫ��׺��׺�Ǹ��Ƶĵ�λϣ��ͬһ�ַ�ʽ��ʺ͹��Ӧλ��ͬһ��׺�С��׺��λ��Ŀ¼��ĸ��ʱ��Ϊ��׺��

��ͼ��ʾ��}��׺��Ŀ¼��ÿ��׺��һ��5Ĺ�˾ʵ�壺

ͼ 3-1    һ�� Directory Server �е�}��׺

һ��׺Ҳ��һ��׺�ķ�֧��ڴ��£��׺��Ϊ�Ӻ�׺��׺��(��ڹ��Ӻ�׺��ݣ��Ӻ�׺�Ĺ��b��丸��׺��ǣ�LDAP ��йغ�׺��Ϣ��Ŀ¼�ͻ��֪��Ŀ�Ǹ��׺��Ӻ�׺��һ��֡�

��ͼ��ʾһ�Ҵ��͹�˾ʵ��о��е��׺�Ͷ��Ӻ�׺��Ŀ¼��

ͼ 3-2    ��ж��Ӻ�׺��һ��׺

��׺��Ӧ�ڷ��ڵĵ��ݿ⡣��ǣ��ݿ⼰��ļ��ɷ��ڲ��?��Ҵ� Sun ONE Directory Server 5.2 ��ʼ��ȥ��ݿ��

t�Ӻ�׺ͨ��ϵĺ�׺4��Ŀ¼��t�Ӻ�׺��Directory Server ��Զ�̺�׺��ִ�в��ؽ��ڱ��ִ��һ��ݵ�λ��͸��ģ��Ϊ�ͻ��֪�:�׺��t�ӵĺ�׺��Ҳ��֪��Ǵ�Զ�̷��õ��ġ�һ��ϵĸ��׺��԰�t�ӵ��һ��Ӻ�׺��ӿͻ��ĽǶȶ��Դ��ǵ��ṹ��

�ڼ�jt�ӵ��£�t�Ӻ�׺��Զ�̷��ϵ��һ��t�Ӻ�׺��4��ơ�ÿ��ת��󽫽��ص��ͻ��ķ��

�й�t�ӵĳ��Ϣ�� Sun ONE Directory Server ��ָ�ϵ�� 5 �¡��Ŀ¼��˽ṹ��

��׺

��ʹ�� Directory Server ��̨��д��׺��Ӻ�׺��

ʹ�ÿ��̨��µĸ��׺

�� Directory Server ��̨�Ķ��á��ǩ�ϣ��Ҽ��ݡ��ڵ㣬��ӵ��˵��ѡ��½��׺��

��ߣ��ѡ��ݡ��ڵ㣬��ӡ��󡱲˵��ѡ��½��׺��

��ʾ��½��׺��Ի��

�ڡ��׺ DN��ֶ��Ψһ�ĺ�׺��ơ��Ʊ��ʹ��ɶ��ŷָ��һ��-ֵ��ɵı�ʶ��Ƹ�ʽ��

��Լ��׺ʹ�� (dc) ��ԡ��磬��Ϊ�º�׺ DN �� dc=example,dc=org��

ע��
��Ȼ��׺��ư� DN ��ʽ��-ֵ�ԣ��ַ��ˣ��пո��壬��Ǻ�׺��Ƶ�һ��֡�

Ĭ��£��˺�׺��ݿ��ļ��λ��ɷ��Զ�ѡ��⣬Ĭ��£��˺�׺ֻά��ϵͳ��Խ��м��ܣ�Ҳ��Ը��ƽ��á�

Ҫ�޸��һĬ��ֵ��뵥��ѡ���ť��ʾ�º�׺ѡ�

��ݿ��Ҳ�ǰ��ݿ��ļ��Ŀ¼��ơ�Ĭ��ݿ��Ǻ�׺ DN �е�һ��Ե�ֵ��ܻ��Ψһ��֡�Ҫʹ��ƣ��ѡ��ʹ��Զ��塱��ѡ��ť��Ȼ��һ��µġ�Ψһ��ݿ��ơ�

��ݿ��ֻ�ܰ� ASCII��7 λ��ĸ��ַ�l�ַ� (-) ��»�� (_)��磬��Խ��ݿ��Ϊ example_2��

��ѡ��ݿ��ļ��Ŀ¼��λ�á�Ĭ��£��λ��·��Ŀ¼��

ServerRoot/slapd-serverID/db

��·��򵥻��!��ݿ�Ŀ¼��λ�á��µ�·��Ŀ¼��Ϸ��ʡ�

Ҫ��º�׺��ѡ��еĺ�׺��ѡ�񡰸��ƺ�׺��á��-�˵��ѡ��Ҫ��Ƶĺ�׺��Ȼ��ѡ��һ��ý��и��ƣ�

�� - �º�׺��ͬ��ά��Ѹ��ƺ�׺��ͬ��

��Լ�� - �º�׺��Ѹ��ƺ�׺��ͬ��б�ͼ��ܷ��ü��ܡ�

��Ƹ�� - �º�׺��Ѹ��ƺ�׺��ͬ�ĸ��ͣ��ǹ�Ӧ�̸��򽫸��и��Э�飬��ҽ��ø��ơ�

��º�׺��ѡ��󣬵��ȷ��½��׺��Ի��ʾ��ѡ��ѡ�

�ڡ��½��׺��Ի��е��ȷ��Դ��µĸ��׺��

��׺�Զ��ڡ��ݡ��֧�¡��йؽ�һ��º�׺��Ϣ��׺��

�µĸ��׺��κ��Ŀ��r��׺ DN ��Ŀ��µ��Ӻ�׺�ڱ��ʼ��ʵ��ķ��Ȩ��ǰ��Ŀ¼��ǲ��ɷ��ʵģ��ڿ��̨�ġ�Ŀ¼��ǩ��Ҳ�ǲ��ɼ�ġ�

�� LDIF �ļ��ʼ��˺�׺��ಽ�衣��ǣ��ȷ�� LDIF �ļ��еĸ��Ŀ��ķ��ʿ��ָ�� (ACI)��

ѡ��̨�Ķ��Ŀ¼��ǩ��º�׺��Ŀ¼��Ȼ��ɼ�

��û��Ŀ¼��Ա��ݵ�¼��b��ͨ��ѡ�񡰿��̨��>��û��ݵ�¼��˵��е�¼��Ŀ¼��Ա�� DN �Ϳ��е�¼��Ĭ��£�Ŀ¼��Ա�� DN �� cn=Directory Manager��

�Ҽ��Ŀ¼��ĸ�ڵ㣬�˸�ڵ��Ͷ˿ڡ��ӵ��˵��ѡ��½��Ȼ��ѡ��µĸ��׺�� DN��

��ߣ�ѡ��Ŀ¼��ĸ�ڵ㣬Ȼ��ӡ��󡱲˵��ѡ��½��

��ʾ�ġ��½��󡱶Ի��У�Ϊ�ø��ѡ�񵥸��ࡣ�˶��ཫȷ��ӵ��Ŀ�е��ԡ�

��Լ�� dc ��Եĺ�׺ DN �ĸ�� domain ��ࡣͨ��£��Ǽ򵥶��󣬰��ٵ��ݡ�

ѡ��˶��ڡ��½��󡱶Ի��е��ȷ��

��̨b��ʾ�µĸ��ͨ�ñ༭��Ĭ�ϵ� ACI ��ϱ��Զ��ӵ��¶��С��й��Ϣ��Ĭ�� ACI��Ӳ��༭��κ��ֵ��(�� ACI ��κ��޸ġ�

��º�׺��û��Ŀ��Ӧ�޸ı��Ϊ�� nsroledn �� aci ��֮��Ŀ��޸ġ��Ĭ�� ACI��Ҫ��ö��İ�ȫ�ԣ�� ACI ��滻��

aci:(targetattr != "nsroledn || aci || nsLookThroughLimit ||
nsSizeLimit || nsTimeLimit || nsIdleTimeout ||
passwordPolicySubentry || passwordExpirationTime ||
passwordExpWarned || passwordRetryCount || retryCountResetTime
|| accountUnlockTime || passwordHistory ||
passwordAllowChangeTime")(version 3.0; acl "Allow self entry
modification except for nsroledn, aci, resource limit
attributes, passwordPolicySubentry and password policy state
attributes"; allow (write)userdn ="ldap:///self";)

�༭��Ŀ��ڡ�ͨ�ñ༭��е��ȷ��Դ��º�׺�ĸ��

�º�׺b��Ŀ¼��У��԰�� ACI ��Ȩ��ͨ��̨��й��?

ʹ�ÿ��̨��µ��Ӻ�׺

��й��Ѵ��ڵĸ��Ӻ�׺��δ��µ��Ӻ�׺��

�� Directory Server ��̨�Ķ��á��ǩ�ϣ�չ��ݡ��ڵ��κκ�׺�ڵ��ʾ��׺��

�Ҽ��׺�ڵ㣬�ӵ��˵��ѡ��½��Ӻ�׺��

��ߣ��ѡ�񸸺�׺�ڵ㣬��ӡ��󡱲˵��ѡ��½��Ӻ�׺��

��֡��½��Ӻ�׺��Ի��

�ڡ��Ӻ�׺ RDN��ֶ��Ψһ��ơ��Ʊ��ʹ��Ա�ʶ��Ƹ�ʽ��һ��ɶ��ŷָ��-ֵ��ɣ�� ou=Contractors��

�ı��µ�һ��ʾ��Ӻ�׺�� DN��ɸ��ӵ� RDN �ĸ��׺ DN ��ɡ�

ע��
��Ȼ�Ӻ�׺��ư�� RDN ��ʽ��-ֵ�ԣ��ַ��ˣ��пո��壬��Ǻ�׺ DN ��һ��֡�

Ĭ��£��˺�׺��ݿ��ļ��λ��ɷ��Զ�ѡ��⣬Ĭ��£��˺�׺ֻά��ϵͳ��Խ��м��ܣ�Ҳ��Ը��ƽ��á�

Ҫ�޸��һĬ��ֵ��뵥��ѡ���ť��ʾ�º�׺ѡ�

��ݿ��Ҳ�ǰ��ݿ��ļ��Ŀ¼��ơ�Ĭ�ϵ��ݿ�� RDN �е�һ��Ե�ֵ��ܻ��Ψһ��֡�Ҫʹ��ƣ��ѡ��ʹ��Զ��塱��ѡ��ť��Ȼ��һ��µġ�Ψһ��ݿ��ơ�

��ݿ��ֻ�ܰ� ASCII��7 λ��ĸ��ַ�l�ַ� (-) ��»�� (_)��磬��Խ��ݿ��Ϊ temps-US��

��ѡ��ݿ��ļ��Ŀ¼��λ�á�Ĭ��£��λ��·��Ŀ¼��

ServerRoot/slapd-serverID/db

��·��򵥻��!��ݿ�Ŀ¼��λ�á��µ�·��ͨ��Ŀ¼��Ӧ�ó��ʡ�

Ҫ��Ӻ�׺��ã��ѡ��еĺ�׺��Ӻ�׺�ĸ��׺��Ҳ��κ��׺��ѡ�񡰸��ƺ�׺��á��-�˵��ѡ��Ҫ��Ƶĺ�׺��Ȼ��ѡ��һ��ý��и��ƣ�

�� - �º�׺��ͬ��ά��Ѹ��ƺ�׺��ͬ��

��Լ�� - �º�׺��Ѹ��ƺ�׺��ͬ��б�ͼ��ܷ��ü��ܡ�

��Ƹ�� - �º�׺��Ѹ��ƺ�׺��ͬ�ĸ��ͣ��ǹ�Ӧ�̸��򽫸��и��Э�飬��ҽ��ø��ơ�

��º�׺��ѡ��󣬵��ȷ��½��Ӻ�׺��Ի��ʾ��ѡ��ѡ�

�ڡ��½��Ӻ�׺��Ի��е��ȷ��Դ��Ӻ�׺��

�ڡ��á��ǩ�У��Ӻ�׺�Զ��丸��׺�¡��йؽ�һ��º�׺��Ϣ��׺��

�µ��Ӻ�׺��κ��Ŀ��r�� RDN ��Ŀ��µ��Ӻ�׺�ڱ��ʼ��ʵ��ķ��Ȩ��ǰ��Ŀ¼��ǲ��ɷ��ʵģ��ڿ��̨�ġ�Ŀ¼��ǩ��Ҳ�ǲ��ɼ�ġ�

�� LDIF �ļ��ʼ��˺�׺��ಽ�衣��ǣ��ȷ�� LDIF �ļ��еĸ��׺��Ŀ��ķ��ʿ��ָ�� (ACI)��

�ڿ��̨�Ķ��Ŀ¼��ǩ�У�չ��Ŀ¼��ʾ�Ӻ�׺�ĸ��׺��µ��Ӻ�׺��ǲ��ɼ�ġ�

��û��Ŀ¼��Ա��ݵ�¼��b��ͨ��ѡ�񡰿��̨��>��û��ݵ�¼��˵��е�¼��Ŀ¼��Ա�� DN �Ϳ��е�¼��Ĭ��£�Ŀ¼��Ա�� DN �� cn=Directory Manager��

�Ҽ��Ӻ�׺�ĸ��׺��Ȼ��ӵ��˵��ѡ��½����½��б��У�ѡ��Ӧ��Ӻ�׺�� RDN �Ķ��͡��磬�� ou=Contractors �Ӻ�׺��ѡ�� OrganizationalUnit ���δ�г��Ӻ�׺�Ķ��࣬��ѡ��Ȼ��ʾ�ġ��½��󡱶Ի��ѡ��˶��ࡣ

��ߣ�ѡ��Ӻ�׺�ĸ��׺��Ȼ��ӡ��󡱲˵��ѡ��½��

��̨b��ʾ�¶��Զ��ͨ�ñ༭��Ӳ��༭��κ��ֵ��(�� ACI ��κ��޸ġ�

�༭��Ŀ��ڡ��༭��е��ȷ��Դ��µ��Ӻ�׺��Ŀ��

�µ��Ӻ�׺b��Ŀ¼��У��԰�� ACI ��Ȩ��ͨ��̨��й��?

��д��׺

��ʹ�� ldapmodify ��й��ó��Ŀ¼�д��׺��ڸ��׺��Ӻ�׺��ɷ��ͬ��ʽ��ڲ��й��?��Դ��д��׺��Ӻ�׺�Ĺ�̼��ͬ��

ʹ��Ϊ��׺�� cn=mapping tree,cn=config �´��׺��Ŀ��

ldapmodify -a -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:cn="suffixDN",cn=mapping tree,cn=config
objectclass:top
objectclass:extensibleObject
objectclass:nsMappingTree
cn:suffixDN
nsslapd-state:backend
nsslapd-backend:databaseName
^D

��Ӻ�׺��ʹ�ô��һ��Ե��ͬ��
nsslapd-parent-suffix:"parentSuffixDN"

suffixDN ��º�׺�� DN��ڸ��׺��Լ��ʹ�� (dc) ��ԣ�� dc=example,dc=org��Ӻ�׺��suffixDN ��(�Ӻ�׺�� RDN ��丸��׺�� DN�� ou=Contractors,dc=example,dc=com��

ע��
��Ȼ��׺��Ʋ�� DN ��ʽ��ַ��ˣ��пո��壬��Ǻ�׺��Ƶ�һ��֡�Ҫ��ʴ˺�׺��Ҫ�� suffixDN �ַ��ʹ�õļ��

databaseName ��˺�׺��ص��ڲ��ݿ��ơ��к�׺�� databaseNames ��Ψһ�ģ��Լ�� suffixDN �ĵ�һ��ֵ��databaseName Ҳ�ǰ��׺��ݿ��ļ��Ŀ¼��ƣ��Ӧ�� ASCII��7 λ��ĸ��ַ�l�ַ� (-) ��»�� (_)��

��Ӻ�׺��parentSuffixDN ��Ǹ��׺�� DN��

ʹ����ݿ��Ŀ��

ldapmodify -a -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:cn=databaseName,cn=ldbm database,cn=plugins,cn=config
objectclass:top
objectclass:extensibleObject
objectclass:nsBackendInstance
cn:databaseName
nsslapd-suffix:suffixDN
^D

��У�databaseName �� suffixDN ��ֵ��ϸ��ʹ�õ�ֵ��ͬ��

��Ŀ��ӵ�Ŀ¼��ʱ��ݿ�ģ�齫��Ŀ¼��Զ��ݿ��ļ��

ServerRoot/slapd-serverID/db/databaseName

Ҫʹ��һ��λ�ô��ݿ��ļ��ʹ��Դ��ݿ��Ŀ��

nsslapd-directory:path/databaseName

��Զ��ڸ��λ�ô��һ��Ϊ databaseName ��Ŀ¼�Դ��ݿ��ļ��

��׺��Ӻ�׺�Ļ��Ŀ��

��磬��ʹ���� dc=example,dc=org ��׺�Ļ��Ŀ��

ldapmodify -a -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:dc=example,dc=org
objectclass:top
objectclass:domain
dc:example
^D

��( DN �ĵ�һ��Լ��ֵ��(��Ŀ�Ķ��ģʽ��ԡ��Լ��ʹ�� (dc) �ĸ��׺ DN �� domain ��࣬�˶��಻��Ҫ�κ��ԡ�

��Ӧ��׺��ӷ��ʿ��ָ�� (ACI) ��ԣ��ǿ��ִ��ķ��ʲ��ԡ��һЩ aci ��ֵ��Щ��ֵ��ȡ��ȷ��޸ĺ��ȫ�Ĺ��Ա��Ȩ��ʣ�

aci:(targetattr != "userPassword") (version 3.0; acl
"Anonymous access";
allow (read, search, compare)userdn = "ldap:///anyone";)
aci:(targetattr != "nsroledn || aci || nsLookThroughLimit ||
nsSizeLimit || nsTimeLimit || nsIdleTimeout ||
passwordPolicySubentry || passwordExpirationTime ||
passwordExpWarned || passwordRetryCount || retryCountResetTime
|| accountUnlockTime || passwordHistory ||
passwordAllowChangeTime")(version 3.0; acl "Allow self entry
modification except for nsroledn, aci, resource limit
attributes, passwordPolicySubentry and password policy state
attributes"; allow (write)userdn ="ldap:///self";)
aci:(targetattr = "*")(version 3.0; acl
"Configuration Administrator";
allow (all) userdn = "ldap:///uid=admin,ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot";)
aci:(targetattr ="*")(version 3.0;acl
"Configuration Administrators Group";
allow (all) (groupdn =
"ldap:///cn=Configuration Administrators, ou=Groups,
ou=TopologyManagement, o=NetscapeRoot");)

��Ϊ�Ӻ�׺��һ��ʾ��ʹ���� ou=Contractors,dc=example,dc=com �Ļ��Ŀ��

ldapmodify -a -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:ou=Contractors,dc=example,dc=com
objectclass:top
objectclass:organizationalUnit
description:base of separate subsuffix for contractor identities
^D

��( DN ��Լ��ֵ��(��Ŀ�Ķ��ģʽ��ԣ��κ��ԡ��Ӻ�׺��丸��׺�ϵ� ACI ��ķ��ʿ��ƣ�ֻҪ��Щ ACI �ķ�Χ��(��µ��Ӻ�׺��ɡ�Ҫ��Ӻ�׺�϶��岻ͬ�ķ��ʲ��ԣ��ڴ��Ŀʱָ�� aci ��ԡ�

��׺

��׺��ȫ��ݡ��˵��ι��Ժ�׺�ķ��ʣ��(��в��ʹ��׺Ϊֻ�zʹ��׺��

��ں�׺��Ŀ¼��񣬵��ڱ��Ĳ�ͬ�½ڽ��˵��

��

��

��

Ϊ��ֵ��

��?��

��û��ú�׺

ĳЩʱ��ά��Ҫʹ��׺��ã��ڰ�ȫ��ʹ��ݲ��á��ú�׺ʹ��޷��Ӧ��Է��ʴ˺�׺��κοͻ��д�˺�׺��ݡ��Ѷ��Ĭ��ڿͻ��Է��ѽ��õĺ�׺ʱ��ء�

ʹ�ÿ��̨��û��ú�׺

�� Directory Server ��̨�Ķ��á��ǩ�ϣ�չ��ݡ��ڵ㣬Ȼ��ѡ��Ҫ��õĺ�׺��

��Ҳ��ѡ��á��ǩ��Ĭ��£��к�׺�ڴ��ʱ��á�

��ô˺�׺�ĸ��Ʋ��һ��֪ͨ��֪�˱�ǩ��ݿ��Զ��¡��ø��Ƶĺ�׺��ж϶Դ˺�׺�ĸ��ơ�ֻҪ�жϸ��Ƶ�ʱ�䲻�Ȼָ��õ�ʱ�䳤��ƻ��ƾͻ��ڴ˺�׺�ٴ��ʱ�ָ��Դ˸��ĸ��¡��ƻָ��ð�(��ʹ��߸��ӳټ��乩Ӧ�̸��־��С�ʹ��ڣ��߼�ʹ��á��

ȡ��ѡ�С��öԸú�׺�ķ��Ȩ�ޡ��ѡ��Խ��ô˺�׺��ѡ�д˸�ѡ��ô˺�׺��

��桱Ӧ�ø�Ĳ�b��û��ô˺�׺��

��ѡ�أ��ô˺�׺ʱ��Ҳ��Ϊ�Դ˺�׺ִ�е��в��ý��ص�ȫ��Ĭ��λ�ڶ��á��ǩ�ĸ�ڵ�ġ��硱��ǩ�ϡ��ϸ��Ϣ��ʹ�ÿ��̨��Ĭ��

��н��û��ú�׺

ʹ��ں�׺��Ŀ�б༭ nsslapd-state ��ԣ�

ldapmodify -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:cn="suffixDN",cn=mapping tree,cn=config
changetype:modify
replace:nsslapd-state
nsslapd-state:disabled or backend
^D

��У�suffixDN �Ǻ�׺ DN ��ʱ��ַ��пո񡣽� nssladp-state ��Ϊֵ disabled �ɽ��ú�׺��Ϊֵ backend ��ʵ��ȫ��ʡ�

�ɹ�ִ��󣬽�b��ú�׺��

��ѡ�أ��ô˺�׺ʱ��Ҳ��Ϊ�Դ˺�׺ִ�е��в��ý��ص�ȫ��Ĭ��ϸ��Ϣ��Ĭ��

��÷��Ȩ�޺��

��Ҫ��ƶԺ�׺�ķ��ʣ��ȫ��޸ķ��Ȩ��ֻ�w��ʡ��ڴ��£��붨��һ��д��ͬʱ�ܾ��д��ʣ�Ϊ�Ժ�׺ִ�е��в��

��ʹ��ͻ��Ӧ�ó��ʱָ��磬��Ӷ�ĳ��׺��Ա��ڱ��ݴ˺�׺��ʱ��˺�׺ָ��

��ƻ��5дȨ�޺��4��ú�׺�Խ��и��ơ��ø��ơ��򽵼��޸��á�

��

��ƴ˺�׺��޸��ܻ�Ӱ��˺�׺��Ѹ��Ƶ��Ϊ��

ʹ�ÿ��̨��÷��Ȩ�޺��

�� Directory Server ��̨�Ķ��á��ǩ�ϣ�չ��ݡ��ڵ㣬Ȼ��ѡ��Ҫ��ĺ�׺��

��Ҳ��ѡ��á��ǩ��t�ӵĺ�׺��ֻ��Ȩ�޺��ô˺�׺�ĸ��Ʋ��һ��֪ͨ��֪�˱�ǩ��ݿ��Զ��¡�

ѡ��ĳһ��ѡ��ť��öԴ˺�׺��Ŀ��κ�д��ʱ��Ӧ��

��д�� - Ĭ��½�ѡ��˵�ѡ��ť��׺��Ϊ��Զ��᷵��ǡ�

��󲢷��д�� - ��Ҫʹ��׺Ϊֻ�r��б��Ҫ��Ϊд��ص�һ�� LDAP URL��ѡ��˵�ѡ��ť��

Ϊ��д��󷵻�� - ��Ҫͬʱ�ܾ��д��ʣ��ѡ��˵�ѡ��ť��Ϊ��ڽ��öԺ�׺�ķ��ʣ��ͬ��ǣ��Ϊ��Ϊ�˺�׺ר�Ŷ��ʹ��ȫ��Ĭ��

ͨ��ӡ��͡�ɾ��ť�༭��б?��ӡ��ť��ʾһ��Ի��ڴ�� LDAP URL��Զ�̷��д��κη�֧�� DN ��й� LDAP URL �ṹ��ϸ��Ϣ�� Sun ONE Directory Server ��ָ�ϡ�

��Ŀ¼��ش��б��е��Ӧ4�Կͻ��Ӧ�ó��

��桱Ӧ�ø�Ĳ�b��ʼִ��µ�Ȩ�޺��á�

��÷��Ȩ�޺��

��У�suffixDN �Ǻ�׺ DN ��ʱ��ַ��пո�LDAPURL ��Ч�� URL��˿ںź�Ŀ�� DN��磺

ldap://phonebook.example.com:389/ou=People,dc=example,dc=com

ʹ��༭��׺��Ŀ��

ldapmodify -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:cn="suffixDN",cn=mapping tree,cn=config
changetype:modify
replace:nsslapd-state
nsslapd-state:referral on update or referral
-
add:nsslapd-referral
nsslapd-referral:LDAPURL
^D

��ظ��һ��Խ� LDAP URL ��κ��ӵ� nsslapd-referral ��С�

�� nsslapd-state ��ֵ�� referral on update ʱ��˺�׺Ϊֻ�� LDAP URL ��Ϊд��ء��ֵ�� referral ʱ��ϵͳ��ܾ��д��Ϊ��һ��󷵻��

�˺�׺��Ϊֻ�{򲻿ɷ��ʣ��׼��ڳɹ�ִ��b��

ɾ��׺

ɾ��׺��Ŀ¼��ɾ��֧��ɾ��׺��Ӻ�׺��Ϊ�µĸ��׺��Ŀ¼�С�

��

ɾ��׺ʱ��Ŀ¼��>�ɾ��˺�׺��Ŀ��ɾ��˺�׺��ã��(�临��ã��

ʹ�ÿ��̨ɾ��׺

�� Directory Server ��̨�ġ��á��ǩ�ϣ�չ��ݡ��ڵ㡣

�Ҽ��Ҫɾ��ĺ�׺��ӵ��˵��ѡ��ɾ��

��ߣ��ѡ��׺�ڵ㣬��ӡ��󡱲˵��ѡ��ɾ��

��ȷ�϶Ի��򣬸�֪��Ӹ�Ŀ¼��ɾ��к�׺��Ŀ��

��⣬��ڸ��׺��ѡ��õݹ鷽ʽɾ��Ӻ�׺��Ҫɾ��֧��ѡ��ɾ��˺�׺��Ӻ�׺��ֻ��ɾ��ض��׺��Ŀ¼�б��Ӻ�׺��ѡ��ֻɾ��˺�׺��

��ȷ��ɾ��˺�׺��

��ʾ��̶Ի��򣬸�֪��Щ��ɿ��̨��ɡ�

��ɾ��׺

Ҫ��ɾ��׺��ʹ�� ldapdelete ��Ŀ¼��ɾ��Ŀ��

��Ҫɾ��Ӻ�׺��֧��ҵ��ɾ��ĸ��׺��Ӻ�׺��ÿ��׺��ܵ��Ӻ�׺�ظ��˹�̡�

ʹ��ɾ��׺��Ŀ��

ldapdelete -h �� -p �˿� -D "cn=Directory Manager" -w �� \
           -v 'n="suffixDN",cn=mapping tree,cn=config'

��ӷ��ɾ��׺�� suffixDN ��Ļ��Ŀ��ʼɾ��ڣ��˺�׺��Ŀ¼�мȲ��ɼ�Ҳ��ܷ��ʡ�

ɾ��λ�� cn=databaseName,cn=ldbm database,cn=plugins,cn=config �е��Ӧ��ݿ��Ŀ��µ��Ŀ��ʹ�� Sun ONE Directory Server Resource Kit (DSRK) �� ilash ��ߡ��й��غ�ʹ�� DSRK ��Ϣ�� Directory Server ��ߡ��

% ilash -call "http://��:�˿�/" -user "cn=Directory Manager"
[...]
Enter password for "cn=Directory Manager":��
[...]
[example,com]% dcd cn=config
[config]% ddelete -subtree \
"cn=databaseName,cn=ldbm database,cn=plugins,cn=config"

Removed cn=aci, cn=index, cn=databaseName, cn=ldbm database, cn=plugins, cn=config

Removed cn=entrydn, cn=index, cn=databaseName, cn=ldbm database, cn=plugins, cn=config

[...]

Removed cn=encrypted attributes, cn=databaseName, cn=ldbm database, cn=plugins, cn=config

Removed cn=index, cn=databaseName, cn=ldbm database, cn=plugins, cn=config

Removed cn=monitor, cn=databaseName, cn=ldbm database, cn=plugins, cn=config

Removed cn=databaseName,cn=ldbm database,cn=plugins,cn=config

��ʾ��ݿ��غ��Ҫɾ��Ŀ��ȫɾ��ݿ��ú󣬷��ɾ��˺�׺��ص��ݿ��ļ��Ŀ¼��

��t�ӵĺ�׺

��׺��Ӻ�׺��t�ӵ��һ̨��}��̶��ͨ��̨��4ִ�С�

��ǣ��ڴ��κ��t�ӵĺ�׺ǰ��Ӧ��Զ�̷��ϴ��ݡ��ط��ͨ��t�Ӻ�׺ת��ʱ��ʹ�ô��ݰ󶨵�Զ�̷��ϡ�

��õ��t�Ӻ�׺��ͬ��ӦΪ�µ��t�Ӻ�׺��t�Ӳ��Ĭ��ֵ��ڴ��t�Ӻ�׺ǰ��κ�ʱ�䣬��Ϊ LDAP �ؼ��ͷ��t�Ӳ��ԣ��t�Ӳ��ԡ��

��

��Ǳ��ط��ڰ󶨺�ת��t�Ӳ��Զ�̷��ϵ��û��ڰ�ȫ��ǣ��ô��ʱ��һ��Ҫʹ��Ŀ¼��Ա��û� (admin) ��ݡ�

�෴��Ӹ��ֻ��t�Ӳ��ݡ��ڽ�t�ӵ��з��Լ��ʹ�ÿ��̨��t�ӵĺ�׺��ʹ�ÿ��̨�޸�t�Ӳ��ԡ��ж��й��л��ϴ��ݡ�

ʹ�ÿ��̨��

�˹��l�ӵ�Զ�̷��Ϊ��t�Ӻ�׺��Ŀ�꣩�� Directory Server ��̨��

�� Directory Server ��̨�Ķ��Ŀ¼��ǩ�ϣ�չ��Ŀ¼��

�Ҽ�� cn=config ��Ŀ��ӵ��˵��ѡ��½��>��û����ߣ�ѡ�� cn=config ��Ŀ��ӡ��󡱲˵��ѡ��½��>��û��

�ڡ��û��Ի��ֶ��дֵ��ݣ��磺

��֣�proxy
��ϣ� �� 1
ͨ�� �� 1 chaining proxy
�û� ID�� �� 1_proxy
�� ��
ȷ�Ͽ�� ��

��У��� 1 �ǰ��t�Ӻ�׺�ķ��ơ��к�׺t�ӵ��ĸ��Ӧʹ�ò�ͬ�Ĵ��ݡ�

��ȷ��Ա��µĴ��ݡ�

��д��

�˹��ʹ���� 1 ���� 2 �ֱ�ָ��t�Ӻ�׺�ı��ط��Լ��Ϊ��t�Ӻ�׺Ŀ��Զ�̷��

ʹ���� 2 �ϴ��ݣ�

ldapmodify -a -h �� 2 -p �˿� 2 -D "cn=Directory Manager" -w �� 2
dn:uid=�� 1_proxy,cn=config
objectclass:top
objectclass:person
objectclass:organizationalPerson
objectclass:inetorgperson
uid:�� 1_proxy
cn:�� 1 chaining proxy
sn:�� 1
userpassword:��
description:proxy entry to be used for chaining from �� 1
^D

��Ĭ��t�Ӳ��

t�Ӳ��ȷ��l�ӵ��t�ӵķ��ϣ��Լ��δ��Ը��t�Ӻ�׺ִ�еĲ��ÿ��t�Ӻ�׺��Щ��Directory Server �ṩÿ�δ��t�Ӻ�׺ʱʹ�õ�Ĭ��ֵ��µ��t�Ӻ�׺�ϱ༭��ЩĬ��ֵ��ָ��t�Ӳ��

�޸�Ĭ�ϲ��󴴽��ÿ��µ��t�Ӻ�׺��ָ��ֵ��ǣ��˺�׺�󣬾�ֻ��޸��t�ӵĺ�׺��Ĳ��

t�Ӳ��Ժ�Ĭ��ֵ��й��ֵ�� Sun ONE Directory Server �ο��ֲ�ĵ� 5 ��еġ��t�ӵĺ�׺��ԡ��

�ͻ��ز��

nsReferralOnScopedSearch - Ĭ��Ϊ on ʱ��ͻ��䷶Χ��ȫ��t�ӵĺ�׺�ڣ��ն�Զ�̷��ɱ��⽫��}�Ρ��Ϊ off ʱ��Ӧ��ô�С��ʱ��Ʋ��Ա��t�ӵĺ�׺��г�ʱ��

nsslapd-sizelimit - �˲��ȷ��Ӧ��t�ӵ��ص��Ŀ��Ĭ��ֵ��С�� 2000 ��Ŀ��Ҫ��ƶ��漰��t�Ӻ�׺��д�Χ��뽫�˲��Ϊ�ϵ͵�ֵ��κ��£��Զ�̷��ϵ��κδ�С��ơ�

nsslapd-timelimit - �˲��t�Ӳ��ʱ�䳤�ȡ�Ĭ��ʱ�� 3600 �루1 Сʱ��Ҫ��ƶ��t�Ӻ�׺ִ�в��ʱ�䣬�򽫴˲��Ϊ�ϵ͵�ֵ��κ��£��Զ�̷��ϵ��κ�ʱ��ơ�

��jt�Ӳ��

nsCheckLocalACI - �ڵ��t��У��ط��t�ӵĺ�׺�ϰ��û��ķ��Ȩ�ޣ��Ϊ��Զ�̷��ְ��ˣ�Ĭ��ֵΪ off��ǣ�Ϊ�˼��ת��t�Ӳ��ķ��ʹ�õĴ�� DN �ķ��Ȩ�ޣ��jt��е��м��뽫�˲��Ϊ on��

nsHopLimit - ѭ��5�˲��Զ��Ծ��ڼ�j��д��ѭ��򵽴��Ծ��κ��t�Ӳ��ת��Ƿ��

l�ӹ��

nsOperationConnectionsLimit - ��t�ӵĺ�׺ͨ��Զ�̷��Խ�b��ͬʱ�� LDAP l��Ĭ��ֵ�� 10 ��l�ӡ�

nsBindConnectionsLimit - ��t�ӵĺ�׺ͨ��Զ�̷��Խ�b��ͬʱ�� TCP l��Ĭ��ֵ�� 3 ��l�ӡ�

nsConcurrentBindLimit - ÿ�� LDAP l��ͬʱ�󶨲��Ĭ��ֵ��ÿ��l�� 10 ��ͻ��󶨲��

nsBindRetryLimit - ��ʱ��t�ӵĺ�׺��°󶨵�Զ�̷��ϵĴ��ֵ 0 ��ʾ��t�ӵĺ�׺��԰�һ�Ρ�Ĭ��ֵ�ǳ�� 3 �Ρ�

nsConcurrentOperationsLimit - ÿ�� LDAP l��ͬʱ��Ĭ��ֵ��ÿ��l�� 10 ��

nsBindTimeout - t�ӷ��ϰ󶨳��Գ�ʱ֮ǰ��ʱ�䳤�ȣ��Ϊ��λ��Ĭ��ֵΪ 15 �롣

nsAbandonedSearchCheckInterval - �ڷ��Ƿ��ѷ��ĳ��ǰ��Ĭ��ֵΪ 2 �롣

nsConnectionLife - ��t�ӵĺ�׺��Զ�̷��֮��l�ӱ��Ϊ��״̬�Ա��ʹ�õ�ʱ�䳤�ȡ��l�ӱ��Ϊ��״̬��Լӿ��ٶȣ��Ҫʹ�ø��Դ��磬��ʹ�ò��l�ӣ��ϣ��l��ʱ�䡣Ĭ��£�l�Ӳ��ƣ��ֵ 0 ��塣


��

nsmaxresponsedelay - Զ�̷��Ӧ��t�Ӳ��ĳ�ʼ�� LDAP ��ѵ��ʱ�䡣��ڼ䰴��㡣�ڴ��ӳٺ󣬱��ط��l�ӡ�Ĭ��ӳ�� 60 �롣

nsmaxtestresponsedelay - ��Զ�̷��Ƿ��Ӧ�Ĳ��Եĳ��ʱ�䡣�˲��ǶԲ��ڵ��Ŀ��ִ�еļ��󡣴��ڼ䰴��㡣��ڲ��ӳ��ڼ�δ��Ӧ��t�ӵĺ�׺��ٶ�Զ�̷��ͣ��Ĭ�ϵĲ��Ӧ�ӳ�� 15 �롣

��Ϊ��t�Ӻ�׺ֻ��һ��Զ�̷��Զ�̷��t�Ӳ�� 30�룬�Է�ֹ��ء��Ѷ��˹��л��t�ӵĲ��ʼʹ��һ��Ѷ��ı��÷��

ʹ�ÿ��̨��Ĭ��t�Ӳ��

�� Directory Server ��̨�Ķ��Ŀ¼��ǩ�ϣ�չ��Ŀ¼��ѡ��Ŀ��cn=default instance config,cn=chaining database,cn=plugins,cn=config��

˫��Ŀ��ѡ�񡰶��>��ͨ�ñ༭��б༭��˵����б��и��Ҫ�޸��ֵ��

�ڡ�ͨ�ñ༭��Ի��е��桱��ĸ�Ľ�b��Ч��

��Ĭ��t�Ӳ��

ʹ�� ldapmodify ��༭��Ŀ cn=default instance config,cn=chaining database,cn=plugins,cn=config��Ŀ��Գ�Ϊ�µ��t�Ӻ�׺�в��Ĭ��ֵ��

��磬��µ��t�Ӻ�׺�У��Ĭ�ϴ�С��ӵ� 5000 ��Ŀ��Ĭ��ʱ��Ƽ��ٵ� 10 ��ӡ�

ldapmodify -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:cn=default instance config,cn=chaining database,
cn=plugins,cn=config
changetype:modify
replace:nsslapd-sizelimit
nsslapd-sizelimit: 5000
-
replace:nsslapd-timelimit
nsslapd-timelimit: 600
^D

�Դ��Ŀ��޸Ľ�b��Ч��

ʹ�ÿ��̨��t�ӵĺ�׺

��й��봴��t�ӵĸ��׺��t�ӵ��Ӻ�׺�Ĺ�̼��ͬ��

�� Directory Server ��̨��ѡ��á��ǩ��

��t�ӵĸ��׺��Ҽ��ݡ��ڵ㣬Ȼ��ӵ��˵��ѡ��½��t�ӵĺ�׺��ߣ��ѡ��ݡ��ڵ㣬��ӡ��󡱲˵��ѡ��½��t�ӵĺ�׺��

��t�ӵ��Ӻ�׺��չ��ݡ��ڵ��κκ�׺�ڵ��ʾ��׺��Ҽ��׺�ڵ㣬�ӵ��˵��ѡ��½��t�ӵ��Ӻ�׺��ߣ��ѡ�񸸺�׺�ڵ㣬��ӡ��󡱲˵��ѡ��½��t�ӵ��Ӻ�׺��

��ʾ��½��t�ӵģ��ӣ��׺��Ի��

��Ҫt�ӵ��Զ�̷��Ŀ�� DN��Զ��Ŀ��һ��Զ�̺�׺�Ļ��Ŀ��

��ڸ��׺��ڡ��׺ DN��ֶ��Զ��Ŀ�� DN��ΪԶ��Ŀ¼��һ��Ŀ��һ DN��Ŀ��t�ӵĸ��׺�Ļ��Ŀ�µ��ݶ��ͨ��t�ӵĺ�׺��á�

��Ӻ�׺��뽫Ҫt�ӵ��Ŀ��Ӻ�׺ RDN��Ŀ��t�ӵ��Ӻ�׺�Ļ��ı��ֶ��³��ֵ��Ӻ�׺��Ʊ��Ǵ��Զ�̷��е��Ŀ��

��׺��ݣ��б�Ҫ��Ҳ��(�򣩵�Զ�̷��

��ڷ��Զ�̷��Ķ˿ںţ��ö˿��ǰ�ȫ�˿ڣ��ѡ�иø�ѡ��ʹ�ð�ȫ�˿�ʱ��ͨ�� SSL ��t�Ӳ��м��ܡ��ϸ��Ϣ��ʹ�� SSL t�ӡ��

�Ի��ײ��ı��ʾԶ�̷�� URL��

��Զ�̷��ݵİ� DN �Ϳ����Զ�̷��Ϻ�׺��ʱ��ط�� DN ��?��磬ʹ��ݡ��ж�� uid=�� 1_proxy,cn=config DN��

��ʹ��Զ�̷��Ŀ¼��Ա�� DN��ͨ��t�Ӻ�׺ִ�еĲ�� creatorsName �� modifiersName ��ʹ�ô˴��ݡ��Ժ��Դ�� DN��ڴ��£��ط��ڷ��Զ�̷��ʱ��а󶨡�

��ȷ��Դ��t�ӵĺ�׺��º�׺��У��t��ͼ�ꡣ

��µ��t�Ӻ�׺��ѡ��Ȼ��Ҳ��ѡ��Զ�̷��ǩ��

��ѡ�أ��Ϊ��t�ӵĺ�׺��һ��л��˷��޷��Զ�̷��jϵ��˳��ÿ��л��ֱ��һ��ӦΪֹ��л��t�ӵ��ͬ��׺��ʹ��ͬһ�� DN ִ�д��?

Ҫ��л��ڡ�Զ�̷�� URL��ֶ��ɿո�ָ��Ͷ˿ںŶԡ��ֶβ��и�ʽ��

ldap[s]://hostname[:port][ hostname[:port]].../

�ڡ�Զ�̷��ǩ�ײ��ı��ʾ��ͨ��t��ִ�д�� ACI��뽫�� ACI ��ӵ�� suffixDN λ��Զ�̷��ϵ��Ŀ�С��κι��л��Ӧ�� ACI ��ӵ��Щ��С�ʹ�á�� ACI��ť�� ACI �ı��Ƶ�ϵͳ�ļ��Ͻ��ճ��

�� ACI ��ӵ�Զ�̷��ϵĻ��Ŀ��t�ӵĺ�׺�ڱ��ط��Ŀ¼��н��ǿɼ�ġ�

��

��Ҫ��ͬһ��Ŀ�϶�� ACI ��ƶ�Ŀǰͨ��t�Ӷ��Զ�̷��з��ʡ��ͨ��t�ӵĺ�׺��еķ��ʿ��ơ��

��Ϊ��t�Ӳ��ԣ��򻹱��ӽ��Щ��Զ�̷�� ACI��磬��Բ��t�ӣ��뽫�� ACI ��ӵ��Step 2 �и�� DN �Ļ��Ŀ�У�

aci:(targetattr "*")
(target="ldap:///suffixDN")
(version 3.0; acl "RefInt Access for chaining"; allow
(read,write,search,compare) userdn = "ldap:///cn=referential
integrity postoperation,cn=plugins,cn=config";)

��д��t�ӵĺ�׺

��ʹ�� ldapmodify ��й��ó��Ŀ¼�д��t�ӵĺ�׺��t�ӵĸ��׺��t�ӵ��Ӻ�׺��ɷ��ͬ��ʽ��ڲ��й��?��Դ��д��t�ӵĸ��׺��t�ӵ��Ӻ�׺�Ĺ�̼��ͬ��

ʹ��Ϊ��t�ӵĸ��׺�� cn=mapping tree,cn=config �´��t�ӵĺ�׺��Ŀ��

ldapmodify -a -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:cn=suffixDN,cn=mapping tree,cn=config
objectclass:top
objectclass:extensibleObject
objectclass:nsMappingTree
cn:suffixDN
nsslapd-state:backend
nsslapd-backend:databaseName
^D

��t�ӵ��Ӻ�׺��ʹ�ô��һ��Ե��ͬ��
nsslapd-parent-suffix:parentSuffixDN

��t�ӵ��Ӻ�׺��suffixDN ��Ӻ�׺�� RDN ��丸��׺�� DN�� l=Europe,dc=example,dc=com��suffixDN ��ͨ��Զ�̷��õ��Ŀ�� DN��һ��Զ�̺�׺�Ļ��Ŀ��

ע��
��Ȼ��׺��Ʋ�� DN ��ʽ��ַ��ˣ��пո��壬��Ǻ�׺��Ƶ�һ��֡�Ϊ��ʹ��Զ��Ŀ��suffixDN �ַ��Զ�̺�׺��ʹ�õļ��

databaseName ��t�Ӳ��ڱ�ʶ��t�Ӻ�׺��ǳơ��к�׺�� databaseNames ��Ψһ�ģ��Լ�� suffixDN �ĵ�һ��ֵ��뱾�غ�׺��ͬ��t�ӵĺ�׺�ڱ��ط��û��κ��ݿ��ļ��

��Ӻ�׺��parentSuffixDN ��Ǹ��׺�� DN��׺��Ǳ��غ�׺��Ҳ��t�ӵĺ�׺��

ʹ����t��Ŀ��

ldapmodify -a -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:cn=databaseName,cn=chaining database,cn=plugins,cn=config
objectclass:top
objectclass:extensibleObject
objectclass:nsBackendInstance
cn:databaseName
nsslapd-suffix:suffixDN
nsfarmserverurl:LDAPURL
nsmultiplexorbinddn:proxyDN
nsmultiplexorcredentials:ProxyPassword
^D

��У�databaseName �� suffixDN ��ֵ��ϸ��ʹ�õ�ֵ��ͬ��LDAPURL ��Զ�̷�� URL��κκ�׺��Ϣ��URL ��԰��и�ʽ�г�Ĺ��л��

ldap[s]://��[:�˿�][ ��[:�˿�]].../

�� LDAP URL ��г��Զ�̷�� suffixDN��й�ָ��ȫ�˿ڵ��Ϣ��ʹ�� SSL t�ӡ��

proxyDN ��Զ�̷��ϴ��ݵ� DN��Զ�̷��Ϻ�׺��ʱ��ط�� DN ��?ͨ��t�Ӻ�׺ִ�еĲ�� creatorsName �� modifiersName ��ʹ�ô˴��ݡ��δָ�� DN��ط��ڷ��Զ�̷��ʱ��а󶨡�

ProxyPassword �Ǵ�� DN ��δ��ܵĿ��ֵ��洢��ļ��У��򽫶Կ��м��ܡ��磺

nsmultiplexorbinddn:uid=�� 1_proxy,cn=config
nsmultiplexorcredentials:secret

��

Ӧͨ��ܶ˿�ִ�� ldapmodify ��Ա��ⷢ��Ŀ��

��Ŀ��Զ��(��t�Ӳ��Ĭ��ֵ�� cn=default instance config,cn=chaining database,cn=plugins,cn=config �ж��塣��t��Ŀʱ��ͨ��þ��в�ֵͬ��Ը��е��κ�ֵ��йؿɶ��ֵ��б?��Ĭ��t�Ӳ��

ʹ��Զ��Ŀ�ϴ�� ACI��Ҫ�� ACI ��ͨ��t��ִ�д��й� ACI ��ϸ��Ϣ�� 6 �¡��ʿ��ơ��

ldapmodify -h �� 2 -p �˿� 2 -D "cn=Directory Manager" -w �� 2
dn:suffixDN
changetype:modify
add:aci
aci:(targetattr=*)(target = "ldap:///suffixDN")(version 3.0;acl
"Allows use of admin for chaining"; allow (proxy)
(userdn="ldap:///proxyDN");)
^D

��

��Ҫ��ͬһ��Ŀ�϶�� ACI ��ƶ�Ŀǰͨ��˷��Զ�̷��з��ʡ��ͨ��t�ӵĺ�׺��еķ��ʿ��ơ��

��Ϊ��t�Ӳ��ԣ��򻹱��ӽ��Щ��Զ�̷�� ACI��磬��Բ��t�ӣ��뽫�� ACI ��ӵ��Ŀ��,��Ŀ�� suffixDN Ϊ��

aci:(targetattr "*")
(target="ldap:///suffixDN")
(version 3.0; acl "RefInt Access for chaining"; allow
(read,write,search,compare) userdn = "ldap:///cn=referential
integrity postoperation,cn=plugins,cn=config";)

��t�ӵ��Ӻ�׺��ʾ��ע�⣬ֻ�е��ų�� DN ��ʱ��suffixDN �еĶ��Ųű��÷�б�ܽ��ת�� (\)��

��ʾ�� 3-1    ʹ��д��t�ӵ��Ӻ�׺

ldapmodify -a -h �� 1 -p �˿�1 -D "cn=Directory Manager" -w ��1

dn:cn=l=Europe\,dc=example\,dc=com,cn=mapping tree,cn=config

objectclass:top

objectclass:extensibleObject

objectclass:nsMappingTree

cn:l=Europe,dc=example,dc=com

nsslapd-state:backend

nsslapd-backend:Europe

nsslapd-parent-suffix:dc=example,dc=com

dn:cn=Europe,cn=chaining database,cn=plugins,cn=config

objectclass:top

objectclass:extensibleObject

objectclass:nsBackendInstance

cn:Europe

nsslapd-suffix:l=Europe,dc=example,dc=com

nsfarmserverurl:ldap://�� 2:�˿� 2/

nsmultiplexorbinddn:uid=�� 1_proxy,cn=config

nsmultiplexorcredentials:proxyPassword

^D

ldapmodify -h �� 2 -p �˿� 2 -D "cn=Directory Manager" -w �� 2

dn:l=Europe,dc=example,dc=com

changetype:modify

add:aci

aci:(targetattr=*)(target =

"ldap:///l=Europe,dc=example,dc=com")(version 3.0;acl

"Allows use of admin for chaining"; allow (proxy)

(userdn="ldap:///uid=�� 1_proxy,cn=config");)

^D

ͨ��t�ӵĺ�׺��еķ��ʿ��

��֤��û��t�Ӻ�׺ʱ��Ὣ��û��ݷ��͵�Զ�̷��ʿ��ʼ��Զ�̷��Ͻ��9!��Զ�̷��95�ÿ�� LDAP ��ʹ�ÿͻ��Ӧ�ó��ͨ��Ѵ��Ȩ�ؼ��д��ݣ��ԭʼ��ݡ�ֻ�е��û��Զ�̷��ϰ��ȷ�ķ��ʿ��ʱ��Զ�̷��ϻ�óɹ��ʾ��Ҫ��Զ�̷��ӽ��Ƶĳ��ʿ��ƣ�

��ʹ��͵ķ��ʿ��ơ�

��磬��ڽ�ɫ��ڹ�� ACI ��Ҫ��û��Ŀ��Ϊ��ͨ��t�ӵĺ�׺��ݣ��ֻ��֤��ؼ��е��ݡ��뿼��ĳ�ַ�ʽ��Ŀ¼��ʹ�û��Ŀ��û��λ��ͬһ��׺�С�

��л��ڿͻ�� IP ��ַ�� DNS ��ķ��ʿ��ƿ��в�ͨ��Ϊ�ͻ��ԭʼ��t�ӹ��Ѷ�ʧ��

Զ�̷��ͻ��Ӧ�ó��Ϊ��t�Ӻ�׺��ͬ IP ��ַ��ͬһ�� DNS ��С�

��t�Ӻ�׺һ��ʹ�õ� ACI��

ACI ��ʹ�õ��λ��ͬһ��ϡ��Ϊ��̬��е��û�� ACI ��λ��ͬһλ�á��Ϊ��̬��ָԶ��û��

ACI ��ʹ�õ��κν�ɫ��Լ��κ��ӵ��Щ��ɫ��û�λ��ͬһ��

��Զ��û��û��Ŀֵ�� userattr ��򣩵� ACI ��Ч��

��Ȼͨ��Զ�̷��97��ʿ��ƣ��Կ�ѡ��ڰ��t�Ӻ�׺�ķ��Զ�̷��϶��9!��һЩ��ƣ�

�ڷ��ʿ��99��У��û��Ŀ��ݲ��һ��ã��磬��ʿ��ڰ��t�Ӻ�׺�ķ��9#��Ŀλ��Զ�̷��ϣ��

��ԭ�򣬿ͻ��ɽ��Զ�̲�ѯ��97��ʿ��ơ�

��t�ӵĺ�׺��һ��ɿͻ��Ӧ�ó��޸ĵ��Ŀ��з��Ȩ��

��ִ��޸Ĳ��ʱ��t�ӵĺ�׺��жԴ洢��Զ�̷��ϵ�ȫ��Ŀ�ķ��Ȩ��ִ��ɾ��t�ӵĺ�׺ֻ֪��Ŀ�� DN��ʿ��ָ��ض��ԣ��ͨ��t�Ӻ�׺ִ��ɾ��ʱ��ɾ��ʧ�ܡ�

Ĭ��£��t�Ӻ�׺�ķ��õķ��ʿ��ƽ��9!�Ҫ��Ǵ�Ĭ��ã��ʹ�� cn=databaseName,cn=chaining database,cn=plugins,cn=config ��Ŀ�е� nsCheckLocalACI ��ԡ��ǣ��ʹ�ü�jt�ӣ��Ƽ��ڰ��t�Ӻ�׺�ķ��97��ʿ��ơ��ϸ��Ϣ��ü�jt�ӡ��

ʹ�� SSL t��

��t�ӵĺ�׺ִ�в��ʱ��÷��ʹ�� SSL ��Զ�̷��ͨѶ��ʹ�� SSL ��t�Ӱ�(��²��裺

��Զ�̷�� SSL��

�ڰ��t�Ӻ�׺�ķ�� SSL��

�й�� SSL ��ϸ��Ϣ�� 11 �¡�ʵ�ְ�ȫ�ԡ��

�ڴ��޸��t�Ӻ�׺�Ĺ��ָ�� SSL ��Զ�̷��İ�ȫ�˿ڡ�

��ʹ�ÿ��̨ʱ��t�Ӻ�׺�Ĵ��ù��ѡ�а�ȫ�˿ڸ�ѡ��ʹ�ÿ��̨��t�ӵĺ�׺��ʹ�ÿ��̨�޸�t�Ӳ��ԡ��

��ʹ��й��ʱ��ָ�� LDAPS URL ��Զ�̷��İ�ȫ�˿ڣ��磺ldaps://example.com:636/��д��t�ӵĺ�׺��޸�t�Ӳ��ԡ��

��t�ӵĺ�׺��Զ�̷��ʹ�� SSL ��ͨѶʱ��ʾ��в��Ŀͻ��Ӧ�ó��Ҳ��ʹ�� SSL ��ͨѶ��ͻ��ʹ�� LDAP Э�� DSML Э��}��˿�֮һ��

��t�ӵĺ�׺

��˵��θ��º�ɾ��t�ӵĺ�׺�Լ��ο��t�ӻ��ơ�

��t�Ӳ��

��t�Ӳ��ȷ��Щ LDAP �ؼ��չ��t�ӵķ��Լ��Щ��t�ӵĺ�׺��Ӧ�˽��Щ��ü��漰��t�Ӻ�׺�Ĳ��Ӱ�졣t�Ӳ��Խ��ڷ��ϵ��t�Ӻ�׺��

Ĭ��͸��һ��ǣ��漰 LDAP �ؼ��ʹ��Բ��֮��ķ��Ӧȷ��Ҫ��t�Ӳ��ԡ�

��ڴ��κ��t�Ӻ�׺֮ǰ��t�Ӳ��ԣ��Ա�һ��t�Ӻ�׺�Ϳ�Ӧ�ò��ԡ��Ҳ��Ժ��κ�ʱ��޸Ĳ��ԡ�

LDAP �ؼ��t�Ӳ��

LDAP �ؼ��ɿͻ��Ϊ��һ��ַ��ͣ��Ա��ĳ�ַ�ʽ�Բ��޸ġ��t�Ӳ��ȷ��Щ�ؼ��ת��t�ӵĺ�׺��Ĭ��£��¿ؼ��ת��t�Ӻ�׺��Զ�̷��

�ؼ�� OID

�ؼ��ƺ�˵��

1.2.840.113556.1.4.473

�� - ��j�Ը��ֵ�Խ��Ŀ�� *

1.3.6.1.4.1.1466.29539.12

t��ѭ�� - ��ٷ��һ��t�ӵĴ��t�Ӽ��ﵽ��õ��ʱ��֪ͨ�ͻ��Ӧ�ó��ϸ��Ϣ��ڼ�j�� LDAP �ؼ��

2.16.840.1.113730.3.4.2

��ܹ� DSA - ��Ŀ��ѭ��⽫��Ļ�ɾ��?

2.16.840.1.113730.3.4.9

��б��ͼ (VLV) - �ṩ��Ĳ��ֽ��һ�η��н��Ŀ�� *

Ĭ��t�ӵ� LDAP �ؼ�">
�� 3-1

�ؼ�� OID

�ؼ��ƺ�˵��

1.2.840.113556.1.4.473

�� - ��j�Ը��ֵ�Խ��Ŀ�� *

1.3.6.1.4.1.1466.29539.12

t��ѭ�� - ��ٷ��һ��t�ӵĴ��t�Ӽ��ﵽ��õ��ʱ��֪ͨ�ͻ��Ӧ�ó��ϸ��Ϣ��ڼ�j�� LDAP �ؼ��

2.16.840.1.113730.3.4.2

��ܹ� DSA - ��Ŀ��ѭ��⽫��Ļ�ɾ��?

2.16.840.1.113730.3.4.9

��б��ͼ (VLV) - �ṩ��Ĳ��ֽ��һ�η��н��Ŀ�� *

Ĭ��t�ӵ� LDAP �ؼ�

(*) �� VLV �ؼ��ΧΪ��һ��׺ʱ�ſ�ͨ��t��֧�֡��ͻ��Ӧ�ó��Զ��׺��ʱ��t�ӵĺ�׺�޷�֧�� VLV �ؼ��

�±��г��ͨ��t�Ӳ��Կ��t�ӵ�� LDAP �ؼ��

�ؼ�� OID

�ؼ��ƺ�˵��

1.3.6.1.4.1.42.2.27.9.5.2

��Ч��Ȩ�� - Ҫ��ڽ��з��й��Ŀ��Եķ��Ȩ�޺� ACI ��Ϣ��

2.16.840.1.113730.3.4.3

�� - ��Ӧʹ��ֻ״̬��ۺ�ʱ��ӡ�ɾ��޸��ƥ��Ŀ��͵��ͻ��

2.16.840.1.113730.3.4.4

��֪ͨ - ֪ͨ�ͻ��Ӧ�ó��ѹ��ڡ�

2.16.840.1.113730.3.4.5

����֪ͨ - ֪ͨ�ͻ��Ӧ�ó���ڸ�ʱ��ڵ��ڡ�

2.16.840.1.113730.3.4.12

�Ѵ��Ȩ��ɹ淶�� - ��ͻ��ڼ��ڲ��һ��ݡ�*

2.16.840.1.113730.3.4.13

��Ƹ��Ϣ - ��ͨ��Ψһ��ʶ�� (UUID) �͸��Ʋ��ĸ��к� (CSN)��

2.16.840.1.113730.3.4.14

�ض��ݿ�� - ��ָ��ڿؼ��ݿ��ִ�С�

2.16.840.1.113730.3.4.15

��֤��Ӧ - ��Ӧһ�𷵻ص��ͻ��Ӧ�ó��ṩ DN ��ʹ�õ��֤�� SASL ��֤��ʱ��ã��

2.16.840.1.113730.3.4.16

��֤�� - �ṩ��Ҫ��ڰ��Ӧ��ṩ��֤�顣

2.16.840.1.113730.3.4.17

��ʵ�� - ��Ӧ��ʵ��ڷ��Ŀ�е��ԣ��Ҫ��ԡ�

2.16.840.1.113730.3.4.18

�Ѵ��Ȩ��¹淶�� - ��ͻ��ڼ��ڲ��һ��ݡ�*

2.16.840.1.113730.3.4.19

�� - ��Ӧ��ɽ�ɫ�ͷ��๦��ɵ��ԡ�

��t�ӵ� LDAP �ؼ�
�� 3-2

�ؼ�� OID

�ؼ��ƺ�˵��

1.3.6.1.4.1.42.2.27.9.5.2

��Ч��Ȩ�� - Ҫ��ڽ��з��й��Ŀ��Եķ��Ȩ�޺� ACI ��Ϣ��

2.16.840.1.113730.3.4.3

�� - ��Ӧʹ��ֻ״̬��ۺ�ʱ��ӡ�ɾ��޸��ƥ��Ŀ��͵��ͻ��

2.16.840.1.113730.3.4.4

��֪ͨ - ֪ͨ�ͻ��Ӧ�ó��ѹ��ڡ�

2.16.840.1.113730.3.4.5

����֪ͨ - ֪ͨ�ͻ��Ӧ�ó���ڸ�ʱ��ڵ��ڡ�

2.16.840.1.113730.3.4.12

�Ѵ��Ȩ��ɹ淶�� - ��ͻ��ڼ��ڲ��һ��ݡ�*

2.16.840.1.113730.3.4.13

��Ƹ��Ϣ - ��ͨ��Ψһ��ʶ�� (UUID) �͸��Ʋ��ĸ��к� (CSN)��

2.16.840.1.113730.3.4.14

�ض��ݿ�� - ��ָ��ڿؼ��ݿ��ִ�С�

2.16.840.1.113730.3.4.15

��֤��Ӧ - ��Ӧһ�𷵻ص��ͻ��Ӧ�ó��ṩ DN ��ʹ�õ��֤�� SASL ��֤��ʱ��ã��

2.16.840.1.113730.3.4.16

��֤�� - �ṩ��Ҫ��ڰ��Ӧ��ṩ��֤�顣

2.16.840.1.113730.3.4.17

��ʵ�� - ��Ӧ��ʵ��ڷ��Ŀ�е��ԣ��Ҫ��ԡ�

2.16.840.1.113730.3.4.18

�Ѵ��Ȩ��¹淶�� - ��ͻ��ڼ��ڲ��һ��ݡ�*

2.16.840.1.113730.3.4.19

�� - ��Ӧ��ɽ�ɫ�ͷ��๦��ɵ��ԡ�

��t�ӵ� LDAP �ؼ�

(*) Ӧ�ó��ʹ��κ�һ��Ѵ��Ȩ�ؼ��}�ֿؼ�� OID ��ԣ�Ӧ�þ��ͬ��t�Ӳ��ԡ��ϸ��Ϣ��ڼ�j�� LDAP �ؼ��

��t�Ӳ��

��Ƿ��ʹ��ڲ��κ��Ի��ܵ�Ԫ��磬��ͱ��Ϊ��ڴ��ԣ�Ҫִ��񣬱��Ŀ¼��ݣ��(��ݻ�洢��Ŀ¼�е��û��ݡ�

Ĭ��£��t��κη��Ҫ��t�ӵĺ�׺��ȷ��t�ӡ��ɷ��t��ݵ�� DN �г��¡�

��ʹ�ÿ��̨��t�ӵĺ�׺��Զ�̷��ϵ� ACI ��һ��Ȩ��t�ӡ��t�ӷ��ʱ��ڴ� ACI ��ȡ�ͱȽϣ��Ա��ִ��Щ��⣬ĳЩ��Ҫ��Զ�̷��ϵ�д��Ȩ�ޣ��б��

cn=ACL Plugin,cn=plugins,cn=config - ACL ��ʵ�ַ��ʿ��ƹ��ܡ��t��ڼ��͸�� ACI ��ԵĲ��Ϊ��ϱ��غ�Զ�� ACI ��Բ��ȫ��t��ڷ��û��Ŀ��й�Χ�� ACI ��t�ӵ��ƵĽ�һ��Ϣ��ĵġ�ACI ��ơ��

cn=old plugin,cn=plugins,cn=config - �˲�� Directory Server 4.x ��Լ��Ƿ��t�ӡ�4.x ��ͬһt�Ӳ��ԡ��Ҫ��Զ�̷��ϸ�� 4.x ��ִ�еĲ�� ACI��

cn=resource limits,cn=components,cn=config - ��û�� DN ��Դʹ��ơ��t�Ӵ��ʱ��ɶ��ݴ洢��t�Ӻ�׺�е��û�ǿ��ִ��Դ��ơ�

cn=certificate-based authentication,cn=components,cn=config - ��ʹ�� SASL �ⲿ�󶨷��ʱʹ�ô��Զ�̷��û�֤�顣

��

��t�ӵĺ�׺��֤��֤��ɰ�ȫ©��׺t�ӵ��ε�Զ�̷��η��ϵ�֤��֤��

cn=referential integrity postoperation,cn=plugins,cn=config - �ò��ȷ��Ŀ��ɾ��չ�� DN ��Ŀ��Ա�б?��Աλ��t�ӵĺ�׺��ʱ��t��ʹ�ô˲��ڼ򻯾�̬��Ĺ��?��˲��t�ӵĺ�׺ʱ��Ҫ��Զ�̷��ϵ�дȨ�ޡ�

cn=uid uniqueness,cn=plugins,cn=config - UID Ψһ�Բ��ȷ��ָ��Ե��ֵ�ڷ��϶��Ψһ�ġ��˲��t�ӽ�ȷ��Ŀ¼��е�Ψһ�ԡ�

ע��
��ܱ�t�ӣ�

��ɫ��

��

��Ʋ��

ʹ�ÿ��̨�޸�t�Ӳ��

�� Directory Server ��̨�ġ��á��ǩ�ϣ�ѡ��ݡ��ڵ㣬��Ҳ��ѡ��t�ӡ��ǩ��

��Ҳ��б��ѡ��һ�� LDAP �ؼ��Ȼ�󵥻��ӡ��t�ӡ�ʹ�á��ӡ��͡�ɾ��ť��t�ӵĿؼ��б?

�� OID �г� LDAP �ؼ��LDAP �ؼ��t�Ӳ��ԡ��Ի�ȡÿ��ؼ��ƺ�˵��

��t�ӵķ��ͬһ��ǩ�ĵ׶ˡ��Ҳ��б��ѡ��һ��ƣ�Ȼ�󵥻��ӡ��t�ӡ�ʹ�á��ӡ��͡�ɾ��ť��t�ӵ��б?

��t�Ӳ��ԡ��Ի�ȡÿ��˵��

��桱�Ա��t�Ӳ��ԡ�

��ʹ��Ч��

��޸�t�Ӳ��

cn=config,cn=chaining database,cn=plugins,cn=config ��Ŀ��t�Ӳ��õ��ԡ�ʹ�� ldapmodify ��༭��Ŀ��

�޸� nsTransmittedControls ��ֵ��ԣ��ʹ��t�ӵ� LDAP �ؼ�� OID��LDAP �ؼ��t�Ӳ��ԡ��Ի�ȡ��пɱ�t�ӵĿؼ�� OID��

��磬����Ч��Ȩ�޿ؼ��ӵ��t�ӿؼ��б��У�

ldapmodify -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:cn=config,cn=chaining database,cn=plugins,cn=config
changetype:modify
add:nsTransmittedControls
nsTransmittedControls: 1.3.6.1.4.1.42.2.27.9.5.2
^D

��ͻ��Ӧ�ó��ʹ��Զ��ؼ��ϣ��t�ӣ��Ҳ�ɽ�� OID ��ӵ� nsTransmittedControls ��ԡ�

�޸� nsActiveChainingComponents ��ֵ��ԣ��ʹ��t�ӵķ�� DN��t�Ӳ��ԡ��Ի�ȡÿ��˵��

��磬����ӵ��t��б��У�

ldapmodify -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:cn=config,cn=chaining database,cn=plugins,cn=config
changetype:modify
add:nsActiveChainingComponents
nsActiveChainingComponents:cn=referential integrity
postoperation,cn=components,cn=config
^D

�޸��t�Ӳ��Ŀ�󣬾ͱ��ʹ��Ч��

��û��t�ӵĺ�׺

ĳЩʱ��ά��ȫԭ��Ҫʹ��t�ӵĺ�׺��á��ú�׺�ɷ�ֹ��Զ�̷��j��Ӧ�κ��ͼ��ʺ�׺�Ŀͻ��Ĭ��ڿͻ��Է��ѽ��õĺ�׺ʱ��ظ�Ĭ��

ʹ�ÿ��̨��û��t�ӵĺ�׺

�� Directory Server ��̨�Ķ��á��ǩ�ϣ�չ��ݡ��ڵ㣬Ȼ��ѡ��Ҫ��õ��t�Ӻ�׺��

��Ҳ��ѡ��á��ǩ��Ĭ��£��t�ӵĺ�׺�ڴ��ʱ��á�

ȡ��ѡ�С��öԸú�׺�ķ��Ȩ�ޡ��ѡ��Խ��ô˺�׺��ѡ�д˸�ѡ��ô˺�׺��

��桱Ӧ�ø�Ĳ�b��û��ô˺�׺��

��ѡ�أ��ô˺�׺ʱ��Ҳ��Ϊ�Դ˺�׺ִ�е��в��ý��ص�ȫ��Ĭ��λ�ڶ��á��ǩ�ĸ�ڵ�ġ��硱��ǩ�ϡ��ϸ��Ϣ��ʹ�ÿ��̨��Ĭ��

��н��û��ú�׺

��༭��t�ӵĺ�׺��Ŀ�е� nsslapd-state ��ԣ�

ldapmodify -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:cn=suffixDN,cn=mapping tree,cn=config
changetype:modify
replace:nsslapd-state
nsslapd-state:disabled or backend
^D

��У�suffixDN Ϊ��׺ DN ��ʱ��ַ��(�ո��б�� (\) �Ա��ֵ��ʹ�ö��š�� nssladp-state ��Ϊֵ disabled �ɽ��ú�׺��Ϊֵ backend ��ʵ��ȫ��ʡ�

�ɹ�ִ��󣬽�b��ú�׺��

��ѡ�أ��ô˺�׺ʱ��Ҳ��Ϊ�Դ˺�׺ִ�е��в��ý��ص�ȫ��Ĭ��ϸ��Ϣ��Ĭ��

��÷��Ȩ�޺��

��Ҫ��ƶ��l�Ӻ�׺�ķ��ʶ��ȫ��޸ķ��Ȩ��ֻ�w��ʡ��ڴ��£��붨��һ��д��ͬʱ�ܾ��д��ʣ�Ϊ�Ժ�׺ִ�е��в��

�й�һ��ϸ��Ϣ�� Sun ONE Directory Server ��ָ�ϡ�

ʹ�ÿ��̨��÷��Ȩ�޺��

�� Directory Server ��̨�Ķ��á��ǩ�ϣ�չ��ݡ��ڵ㣬Ȼ��ѡ��Ҫ��t�Ӻ�׺��

��Ҳ��ѡ��á��ǩ��t�ӵĺ�׺��ֻ��Ȩ�޺��

ѡ��ĳһ��ѡ��ť��öԴ˺�׺��Ŀ��κ�д��ʱ��Ӧ��

��д�� - Ĭ��½�ѡ��˵�ѡ��ť��Ϊ��ȡ��д��ת��Զ�̷��ؿͻ��Զ��Ὣ��Ƿ��ص��ͻ��

��󲢷��д�� - ��ת��󲢽��ؿͻ��б��뽫��Ϊд��ص�һ�� LDAP URL��

Ϊ��д��󷵻�� - ��б��뽫��Ϊ��в��ص�һ�� LDAP URL��Ϊ��ڽ��öԺ�׺�ķ��ʣ��ͬ��ǣ��Ϊ��Ϊ�˺�׺ר�Ŷ��ʹ��ȫ��Ĭ��

ͨ��ӡ��͡�ɾ��ť�༭��б?��ӡ��ť��ʾһ��Ի��ڴ�� LDAP URL��Զ�̷��д��κη�֧�� DN ��й� LDAP URL �ṹ��ϸ��Ϣ�� Sun ONE Directory Server ��ָ�ϡ�

��Ŀ¼��ش��б��е��Ӧ4�Կͻ��Ӧ�ó��

��桱Ӧ�ø�Ĳ�b��ʼִ��µ�Ȩ�޺��á�

ʹ�ÿ��̨��÷��Ȩ�޺��

��У�suffixDN ��t�Ӻ�׺��ʱ��ַ��(��пո�LDAPURL ��Ч�� URL��˿ںź�Ŀ�� DN��磺

ldap://alternate.example.com:389/ou=People,dc=example,dc=com

ʹ��༭��t�ӵĺ�׺��Ŀ��

ldapmodify -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:cn=suffixDN,cn=mapping tree,cn=config
changetype:modify
replace:nsslapd-state
nsslapd-state:referral on update or referral
-
add:nsslapd-referral
nsslapd-referral:LDAPURL
^D

��ظ��һ��Խ� LDAP URL ��κ��ӵ� nsslapd-referral ��С�

�� nsslapd-state ��ֵ�� referral on update ʱ��˺�׺Ϊֻ�� LDAP URL ��Ϊд��ء��ֵ�� referral ʱ��ϵͳ��ܾ��д��Ϊ��һ��󷵻��

�˺�׺��Ϊֻ�{򲻿ɷ��ʣ��׼��ڳɹ�ִ��b��

�޸�t�Ӳ��

��t�ӵĺ�׺�󣬾Ϳ��޸Ŀ��t�ӵĲ��ָ��η��Զ�̷��θ��ڴ�� DN��θ��Զ�̷��޸��ܲ��Щ��Ʒ��ν�b��ά��t�ӷ��l�ӡ�

ʹ�ÿ��̨�޸�t�Ӳ��

�� Directory Server ��̨�Ķ��á��ǩ�ϣ�չ��ݡ��ڵ㣬Ȼ��ѡ��Ҫ�޸ĵ��t�Ӻ�׺��

��Ҳ��ѡ��Զ�̷��ǩ��

Ҫ��Զ�̷��ƻ�˿ڣ��޸ġ�Զ�̷�� URL��ֶΡ�� URL ��¸�ʽ��һ��Զ�̷��Ϳ�ѡ�˿ںţ�

ldap[s]://��[:�˿�][ ��[:�˿�]].../

�� URL ��(�κκ�׺��Ϣ��й�ָ��ȫ�˿ڵ��Ϣ��ʹ�� SSL t�ӡ�� URL �еĵ�һ��Ӧt��ʧ��ʱ��г��˳�� URL �е��jϵ�� LDAP URL ��г��Զ�̷�� suffixDN��t�Ӻ�׺�Ļ��Ŀ��

Ҫ��Ĵ��û�� DN��ڡ�� DN��ֶ��һ��ֵ��ڡ���ֶ��벢ȷ�ϴ� DN ��Ӧ��

proxyDN ��Զ�̷��ϵ��û�� DN��Զ�̷��Ϻ�׺��ʱ��ط�� DN ��?ͨ��t�Ӻ�׺ִ�еĲ�� creatorsName �� modifiersName ��ʹ�ô˴��ݡ��δָ�� DN��ط��ڷ��Զ�̷��ʱ��а󶨡�

��ǩ�ײ��ı��ʾ��t�Ӵ˺�׺��Ҫ�� ACI��Զ�̷�� URL��뽫�� ACI ��ӵ�� suffixDN λ��µ�һ̨��̨Զ�̷��ϵ��Ŀ�С��޸��˴�� DN, ��Ӧ��t�ӷ��ϵ� ACI��ʹ�á�� ACI��ť�� ACI �ı��Ƶ�ϵͳ�ļ��Ͻ��ճ��

ѡ��ƺͿ��ơ��ǩ��t��Ĳ��ü�jt�ӡ��˼�jt�Ӳ��

��á��ƿͻ��ء��t�Ӳ��Ĵ�С��ʱ�䣺

��ط�Χ�� - ��Χ��ȫ��t�Ӻ�׺�е��Ч�ʵ͵��Ϊ��}�Ρ�Ĭ��£��ض��t�ӷ��ǿ�ƿͻ��ֱ��t�ӷ��ִ��ȡ��ѡ��ѡ���Ӧ��²��ƽ��t�ӵĽ��Ĵ�С��

��С��ƻ��޴�С�� - �˲��ȷ��Ϊ��Ӧ��t�ӵ��ص��Ŀ��Ĭ��ֵ��С�� 2000 ��Ŀ��Ҫ��ƶ��漰��t�Ӻ�׺��д�Χ��뽫�˲��Ϊ�ϵ͵�ֵ��κ��£��Զ�̷��ϵ��κδ�С��ơ�

ʱ��ƻ��ʱ�� - �˲��t�Ӳ��ʱ�䳤�ȡ�Ĭ��ʱ�� 3600 �루1 Сʱ��Ҫ��ƶ��t�Ӻ�׺ִ�в��ʱ�䣬�򽫴˲��Ϊ�ϵ͵�ֵ��κ��£��Զ�̷��ϵ��κ�ʱ��ơ�

��á�l�ӹ��?��Կ��Ʒ��ι��l��Լ��Զ�̷��İ󶨣�

�� LDAP l��t�ӵĺ�׺ͨ��Զ�̷��Խ�b��ͬʱ�� LDAP l��Ĭ��ֵ�� 10 ��l�ӡ�

�� TCP l��t�ӵĺ�׺ͨ��Զ�̷��Խ�b��ͬʱ�� TCP l��Ĭ��ֵ�� 3 ��l�ӡ�

ÿ��l��İ��ÿ�� LDAP l��ͬʱ�󶨲��Ĭ��ֵ��ÿ��l�� 10 ��ͻ��󶨲��

��İ��Դ��ʱ��t�ӵĺ�׺��°󶨵�Զ�̷��ϵĴ��ֵ 0 ��ʾ��t�ӵĺ�׺��԰�һ�Ρ�Ĭ��ֵΪ�� 3 �Ρ�

ÿ��l��Ĳ��ÿ�� LDAP l��ͬʱ��Ĭ��ֵ��ÿ��l�� 10 ��

�󶨳�ʱ��ް󶨳�ʱ��t�ӷ��ϰ󶨳��Գ�ʱ֮ǰ��ʱ�䳤�ȣ��Ϊ��λ��Ĭ��ֵΪ 15 �롣

��ǰ�ĳ�ʱ��޳�ʱ��Ƿ��ѷ��ĳ��֮ǰ��Ĭ��ֵΪ 2 �롣

l��ڻ��ơ��t�ӵĺ�׺��Զ�̷��֮��l�ӱ��ִ�״̬�Ա��ʹ�õ�ʱ�䳤�ȡ��l�ӱ��Ϊ��״̬��Լӿ��ٶȣ��Ҫʹ�ø��Դ��磬��ʹ�ò��l�ӣ��ϣ��l��ʱ�䡣Ĭ��£�l�Ӳ��ơ�

��޷�ͨ��̨��ȡ��޸�t�Ӳ��

��t�Ӳ��ú��뵥��桱��

��޸�t�Ӳ��

��У��ʹ�ÿ��̨ʱ��õ��ͬ��Ҳ��

ʹ��༭��Ӧ��Ҫ�޸ĵĺ�׺��t��Ŀ��

ldapmodify -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:cn=databaseName,cn=chaining database,cn=plugins,cn=config
changetype:modify
replace:attributeName
attributeName:attributeValue
-
changetype:modify
replace:attributeName
attributeName:attributeValue
...
^D

��²��˵��˿��ܵ��ֵ��а�(��䣬�Ա�һ�θ��

�޸� nsfarmserverURL ��Ը��Զ�̷��ƻ�˿ڡ��ֵΪ��¸�ʽ��һ��Զ�̷��Ϳ�ѡ�˿ںŵ� URL��

ldap[s]://��[:�˿�][ ��[:�˿�]].../

�� URL ��(�κκ�׺��Ϣ��й�ָ��ȫ�˿ڵ��Ϣ��ʹ�� SSL t�ӡ�� URL �еĵ�һ��Ӧt��ʧ��ʱ��г��˳�� URL �е��jϵ�� LDAP URL ��г��Զ�̷�� suffixDN��t�Ӻ�׺�Ļ��Ŀ��

�޸� nsmultiplexorBindDN �� nsmultiplexorCredentials ��Ը��ڴ��Զ�̷�� DN��

��Զ�̷��Ϻ�׺��ʱ��ط�� DN ��?ͨ��t�Ӻ�׺ִ�еĲ�� creatorsName �� modifiersName ��ʹ�ô˴��ݡ��δָ�� DN��ط��ڷ��Զ�̷��ʱ��а󶨡�

��޸Ĵ�� DN ��ƾ֤��Զ�̷��ϴ��Ӧ�� ACI��Ҫ�� ACI ��ͨ��t��ִ�д��

ldapmodify -h �� 2 -p �˿� 2 -D "cn=Directory Manager" -w �� 2
dn:suffixDN
changetype:modify
add:aci
aci:(targetattr=*)(target = "ldap:///suffixDN")(version 3.0;acl
"Allows use of admin for chaining"; allow (proxy)
(userdn="ldap:///proxyDN");)
^D

��Ĭ��t�Ӳ��κ��ԣ��Կ��Զ�̷��ϵ�l�ӺͲ��?��ü�jt�ӡ��н�һ��˵��˼�j��

�Ż��߳�ʹ��

Ҳ��÷��ȫ��ʹ�õ��߳��Կ��t�ӵ��߳��Դ��t�ӵĲ��ܻ�ռ�úܳ�ʱ�䣬��Ϊ��뽫��ת��Զ�̷��Զ�̷��ʱ��ǵ��߳�Ϊ��״̬��t�ӵķ��ӳ٣��Ӧ��߳��Ա��и��Դ��ͬʱ��?�ز��

Ĭ��£��ʹ�õ��߳��Ϊ 30 ��ǣ��ʹ��t�ӵĺ�׺ʱ��ͨ��ӿ��ڴ��߳��4��ܡ��t�Ӻ�׺��ִ�еĲ��Ͳ��ͣ��Լ��Զ�̷��ϴ��Ҫ��ƽ��ʱ��4ȷ��Ҫ��߳��

ͨ��Ӧ��ÿ��t�Ӻ�׺��߳�� 5 �� 10 ��ٶ��t�ӵĺ�׺��뱾�غ�׺��ͬ��Ĳ��Ŀ�꣩��

ʹ�ÿ��̨��߳��Դ

�� Directory Server ��̨�Ķ��á��ǩ�ϣ��ܡ��ڵ㣬Ȼ��Ҳ��ѡ����ǩ��

�ڡ��߳��ֶ��ֵ��

��ȷ��Ա��ģ��ȷ��Ҫ��ʹ��Ч��Ϣ��

�� Directory Server ��ʹ��µ��߳��

��߳��Դ

ʹ��༭ȫ��Ŀ��޸��߳��

ldapmodify -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:cn=config
changetype:modify
replace:nsslapd-threadnumber
nsslapd-threadnumber:newThreadNumber
^D

�� Directory Server ��ʹ��µ��߳��

ɾ��t�ӵĺ�׺

ɾ��һ��t�ӵĺ�׺��ʹ�䲻��ͨ��Ŀ¼��ʣ��ɾ��t�ӷ��ϵ��Ŀ��׺��ɾ��׺��Ӻ�׺��Ϊ�µĸ��׺��Ŀ¼�С�

ʹ�ÿ��̨ɾ��t�ӵĺ�׺

�� Directory Server ��̨�ġ��á��ǩ�ϣ�չ��ݡ��ڵ㡣

�Ҽ��Ҫɾ��ĺ�׺��ӵ��˵��ѡ��ɾ��

��ߣ��ѡ��׺�ڵ㣬��ӡ��󡱲˵��ѡ��ɾ��

��ȷ�϶Ի��򣬸�֪��ͨ��t�Ӻ�׺��ʵ��Ŀ������Զ��Ŀ¼��ɾ��

��⣬��ڸ��׺��ѡ��õݹ鷽ʽɾ��Ӻ�׺��Ҫɾ��֧��ѡ��ɾ��˺�׺��Ӻ�׺��ֻ��ɾ��ض��׺��Ŀ¼�б��Ӻ�׺��ѡ��ֻɾ��˺�׺��

��ȷ��ɾ��˺�׺��

��ʾ��̶Ի��򣬸�֪��Щ��ɿ��̨��ɡ�

��ɾ��׺

Ҫ��ɾ��׺��ʹ�� ldapdelete ��Ŀ¼��ɾ��Ŀ��

��Ҫɾ��Ӻ�׺��֧��ҵ��ɾ��ĸ��׺��Ӻ�׺��ÿ��׺��ܵ��Ӻ�׺�ظ��˹�̡�

ʹ��ɾ��׺��Ŀ��

ldapdelete -h �� -p �˿� -D "cn=Directory Manager" -w ��
cn=suffixDN,cn=mapping tree,cn=config

��ʹ��t�Ӻ�׺��Զ��Ŀ��Ŀ¼��Ҳ��ɼ�

ɾ��λ�� cn=databaseName,cn=chaining database,cn=plugins,cn=config �е��Ӧ��ݿ��Ŀ��ļ��Ŀ��

ldapdelete -h �� -p �˿� -D "cn=Directory Manager" -w ��
cn=monitor,cn=dbName,cn=chaining database,cn=plugins,cn=config
cn=dbName,cn=chaining database,cn=plugins,cn=config

��ü�jt��

�ڼ�jt��У��һ��t�ӵ��Ҳ��һ��t�Ӻ�׺��t�ӵ��Ӻ�׺��һ��е��t�Ӻ�׺ʱ��ת��м��м��jϵ��Դ��ơ��ۺ�ʱ��Ķ��һ��Ծ��ķ��ļ�jt�Ӷ��Ŀ¼��е��ݡ�

��磬��ͼ��ʾ��Ŀ ou=People,l=Europe,dc=example,dc=com �ķ��δӷ�� A t�ӵ�� B��󵽴�� C�� A ��׺ dc=example,dc=com��Լ��֧ l=Europe,dc=example,dc=com �ĵ�� B ��t��Ӻ�׺�� B ��Ŀ l=Europe,dc=example,dc=com��֧ ou=People,l=Europe,dc=example,dc=com �ǵ�� C ��t��Ӻ�׺�� C ʵ�ʰ��Ŀ ou=People,l=Europe,dc=example,dc=com

ͼ 3-3    ͨ��м�jt��

��ü�j��

��}��t�Ӳ��ڼ�j��

��з��Ӧ��ѭ��⣬�Ա��⵽t��е��κ��ѭ��δ��ѭ��⣬ѭ��еķ��ͣ��ѭ��ת��ֱ��ء�

Ӧ��м��t�Ӻ�׺��ó��91�� ACI��ͨ��t�Ӻ�׺�ĵ�һ��δ��д˲��

ʹ�ÿ��̨��ü�j��

�� Directory Server ��̨�Ķ��á��ǩ�ϣ�չ��ݡ��ڵ㣬Ȼ��ѡ��Ҫ�޸ĵ��t�Ӻ�׺��

��Ҳ��У�ѡ��ƺͿ��ơ��ǩ��ڴ˴��޸ļ�jt�Ӳ��

�ڼ�jt��е��м��ϣ�ѡ�м�鱾�� ACI �ĸ�ѡ��

�ڵ��t��У�δѡ�д˸�ѡ��Ϊ�û��ķ��Ȩ�޲��ڵ�һ��9#��ڵڶ��ͨ��9!��ǣ��ڼ�jt�ӵ��м��ϣ�� ACI ��ٴ�ת��֮ǰִ�з��ʿ��ơ�

�ڼ�jt��е��з��ϣ��t�Ӳ��Ծ��ÿ�ν�ͬһ��ת��һ��t�Ӻ�׺��Ϊһ��Ծ�㣬��ﵽ��Ծ��ʱ��t�Ӻ�׺��ת��

Ӧ��һ����jt��Ծ��֡��дﵽ��ƵĲ��Ϊ��ٶ��Ϊ��е�һ��ѭ��

��t��ѭ��ƣ��ڼ�j�� LDAP �ؼ��

��ɼ�j��ú��뵥��桱��

��ü�j��

��м��ϣ�ʹ��༭��ڼ�j��׺��t��Ŀ��

ldapmodify -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:cn=databaseName,cn=chaining database,cn=plugins,cn=config
changetype:modify
replace:nsCheckLocalACI
nsCheckLocalACI:on
-
changetype:modify
replace:nsHopLimit
nsHopLimit:maximumHops
^D

Ӧ�� maximumHops ��Ϊ����jt��е�Ծ��дﵽ��ƵĲ��Ϊ��ٶ��Ϊ��е�һ��ѭ��t��ѭ��ƣ��ڼ�j�� LDAP �ؼ��

�ڼ�jt��е��ϣ�ʹ��༭��ڼ�j��׺��t��Ŀ��

ldapmodify -h �� -p �˿� -D "cn=Directory Manager" -w ��
dn:cn=databaseName,cn=chaining database,cn=plugins,cn=config
changetype:modify
replace:nsHopLimit
nsHopLimit:maximumHops
^D

��У�maximumHops ��һ��ͬ�Ķ��塣


��ڼ�j�� LDAP �ؼ�

Ĭ��£��t�ӵĺ�׺��䡰��Ȩ��ؼ��ǣ��һ��t�Ӻ�׺��һ��׺jϵʱ��Ҫ�ô˿ؼ�4��Զ�̷��ϵķ��ʿ��û��ʶ��м��t�Ӻ�׺��t�Ӵ˿ؼ��

��Ϊ��Ȩ��ؼ��ڶ��Э�顣��Ϊ��ͬ��汾��ʹ��}�ֿؼ�֮һ��Ӧ��м�j��t��¾�}�֡��Ȩ��ؼ��

��ѭ��⡱�ؼ�Ҳ�Ǽ�jt��з�ֹѭ��Ŀؼ��Ĭ��£��˿ؼ��t�ӵĲ��ת��Ӧ�Ը��ý��֤��˿ؼ�t�ӣ��򽫲��κ��漰�÷��ѭ��

��t�Ӳ��ԡ��еĲ��ִ�в��ȷ��t��ؼ��

2.16.840.1.113730.3.4.12 - ��Ȩ��ؼ��ɹ淶��

2.16.840.1.113730.3.4.18 - ��Ȩ��ؼ��¹淶��

1.3.6.1.4.1.1466.29539.12 - ��ѭ��⡱�ؼ�

**��ʾ�� 3-1 ʹ��д��t�ӵ��Ӻ�׺**
ldapmodify -a -h �� 1 -p �˿�1 -D "cn=Directory Manager" -w ��1
dn:cn=l=Europe\,dc=example\,dc=com,cn=mapping tree,cn=config
objectclass:top
objectclass:extensibleObject
objectclass:nsMappingTree
cn:l=Europe,dc=example,dc=com
nsslapd-state:backend
nsslapd-backend:Europe
nsslapd-parent-suffix:dc=example,dc=com

dn:cn=Europe,cn=chaining database,cn=plugins,cn=config
objectclass:top
objectclass:extensibleObject
objectclass:nsBackendInstance
cn:Europe
nsslapd-suffix:l=Europe,dc=example,dc=com
nsfarmserverurl:ldap://�� 2:�˿� 2/
nsmultiplexorbinddn:uid=�� 1_proxy,cn=config
nsmultiplexorcredentials:proxyPassword
^D

ldapmodify -h �� 2 -p �˿� 2 -D "cn=Directory Manager" -w �� 2
dn:l=Europe,dc=example,dc=com
changetype:modify
add:aci
aci:(targetattr=*)(target =
"ldap:///l=Europe,dc=example,dc=com")(version 3.0;acl
"Allows use of admin for chaining"; allow (proxy)
(userdn="ldap:///uid=�� 1_proxy,cn=config");)
^D

�ؼ�� OID	�ؼ��ƺ�˵��
1.2.840.113556.1.4.473	�� - ��j�Ը��ֵ�Խ��Ŀ�� *
1.3.6.1.4.1.1466.29539.12	t��ѭ�� - ��ٷ��һ��t�ӵĴ��t�Ӽ��ﵽ��õ��ʱ��֪ͨ�ͻ��Ӧ�ó��ϸ��Ϣ��ڼ�j�� LDAP �ؼ��
2.16.840.1.113730.3.4.2	��ܹ� DSA - ��Ŀ��ѭ��⽫��Ļ�ɾ��?
2.16.840.1.113730.3.4.9	��б��ͼ (VLV) - �ṩ��Ĳ��ֽ��һ�η��н��Ŀ�� *

�ؼ�� OID	�ؼ��ƺ�˵��
1.3.6.1.4.1.42.2.27.9.5.2	��Ч��Ȩ�� - Ҫ��ڽ��з��й��Ŀ��Եķ��Ȩ�޺� ACI ��Ϣ��
2.16.840.1.113730.3.4.3	�� - ��Ӧʹ��ֻ״̬��ۺ�ʱ��ӡ�ɾ��޸��ƥ��Ŀ��͵��ͻ��
2.16.840.1.113730.3.4.4	��֪ͨ - ֪ͨ�ͻ��Ӧ�ó��ѹ��ڡ�
2.16.840.1.113730.3.4.5	����֪ͨ - ֪ͨ�ͻ��Ӧ�ó���ڸ�ʱ��ڵ��ڡ�
2.16.840.1.113730.3.4.12	�Ѵ��Ȩ��ɹ淶�� - ��ͻ��ڼ��ڲ��һ��ݡ�*
2.16.840.1.113730.3.4.13	��Ƹ��Ϣ - ��ͨ��Ψһ��ʶ�� (UUID) �͸��Ʋ��ĸ��к� (CSN)��
2.16.840.1.113730.3.4.14	�ض��ݿ�� - ��ָ��ڿؼ��ݿ��ִ�С�
2.16.840.1.113730.3.4.15	��֤��Ӧ - ��Ӧһ�𷵻ص��ͻ��Ӧ�ó��ṩ DN ��ʹ�õ��֤�� SASL ��֤��ʱ��ã��
2.16.840.1.113730.3.4.16	��֤�� - �ṩ��Ҫ��ڰ��Ӧ��ṩ��֤�顣
2.16.840.1.113730.3.4.17	��ʵ�� - ��Ӧ��ʵ��ڷ��Ŀ�е��ԣ��Ҫ��ԡ�
2.16.840.1.113730.3.4.18	�Ѵ��Ȩ��¹淶�� - ��ͻ��ڼ��ڲ��һ��ݡ�*
2.16.840.1.113730.3.4.19	�� - ��Ӧ��ɽ�ɫ�ͷ��๦��ɵ��ԡ�

��һ�� Ŀ¼ �� ĵ��ҳ ��һ��
��Ȩ�� 2003 Sun Microsystems, Inc. ��Ȩ��

���

������׺

ʹ�ÿ���̨�����µĸ��׺

ʹ�ÿ���̨�����µ��Ӻ�׺

�������д�����׺

�����׺

���û����ú�׺

ʹ�ÿ���̨���û����ú�׺

�������н��û����ú�׺

���÷���Ȩ�޺����

ʹ�ÿ���̨���÷���Ȩ�޺����

�����������÷���Ȩ�޺����

ɾ���׺

ʹ�ÿ���̨ɾ���׺

��������ɾ���׺

������t�ӵĺ�׺

�����������

ʹ�ÿ���̨�����������

�������д����������

����Ĭ��t�Ӳ���

�ͻ���ز���

��jt�Ӳ���

l�ӹ������

���������

ʹ�ÿ���̨����Ĭ��t�Ӳ���

������������Ĭ��t�Ӳ���

ʹ�ÿ���̨������t�ӵĺ�׺

�������д�����t�ӵĺ�׺

ͨ����t�ӵĺ�׺���еķ��ʿ���

ʹ�� SSL t��

������t�ӵĺ�׺

����t�Ӳ���

LDAP �ؼ���t�Ӳ���

�����������t�Ӳ���

ʹ�ÿ���̨�޸�t�Ӳ���

���������޸�t�Ӳ���

���û�������t�ӵĺ�׺

ʹ�ÿ���̨���û�������t�ӵĺ�׺

�������н��û����ú�׺

���÷���Ȩ�޺����

ʹ�ÿ���̨���÷���Ȩ�޺����

ʹ�ÿ���̨���÷���Ȩ�޺����

�޸�t�Ӳ���

ʹ�ÿ���̨�޸�t�Ӳ���

���������޸�t�Ӳ���

�Ż��߳�ʹ��

ʹ�ÿ���̨�����߳���Դ

�������������߳���Դ

ɾ����t�ӵĺ�׺

ʹ�ÿ���̨ɾ����t�ӵĺ�׺

��������ɾ���׺

���ü�jt��

���ü�j����

ʹ�ÿ���̨���ü�j����

�����������ü�j����

�������ڼ�j�� LDAP �ؼ�

��

��׺

ʹ�ÿ��̨��µĸ��׺

ʹ�ÿ��̨��µ��Ӻ�׺

��д��׺

��׺

��û��ú�׺

ʹ�ÿ��̨��û��ú�׺

��н��û��ú�׺

��÷��Ȩ�޺��

ʹ�ÿ��̨��÷��Ȩ�޺��

��÷��Ȩ�޺��

ɾ��׺

ʹ�ÿ��̨ɾ��׺

��ɾ��׺

��t�ӵĺ�׺

��

ʹ�ÿ��̨��

��д��

��Ĭ��t�Ӳ��

�ͻ��ز��

��jt�Ӳ��

l�ӹ��

��

ʹ�ÿ��̨��Ĭ��t�Ӳ��

��Ĭ��t�Ӳ��

ʹ�ÿ��̨��t�ӵĺ�׺

��д��t�ӵĺ�׺

ͨ��t�ӵĺ�׺��еķ��ʿ��

��t�ӵĺ�׺

��t�Ӳ��

LDAP �ؼ��t�Ӳ��

��t�Ӳ��

ʹ�ÿ��̨�޸�t�Ӳ��

��޸�t�Ӳ��

��û��t�ӵĺ�׺

ʹ�ÿ��̨��û��t�ӵĺ�׺

��н��û��ú�׺

��÷��Ȩ�޺��

ʹ�ÿ��̨��÷��Ȩ�޺��

ʹ�ÿ��̨��÷��Ȩ�޺��

�޸�t�Ӳ��

ʹ�ÿ��̨�޸�t�Ӳ��

��޸�t�Ӳ��

ʹ�ÿ��̨��߳��Դ

��߳��Դ

ɾ��t�ӵĺ�׺

ʹ�ÿ��̨ɾ��t�ӵĺ�׺

��ɾ��׺

��ü�jt��

��ü�j��

ʹ�ÿ��̨��ü�j��

��ü�j��

��ڼ�j�� LDAP �ؼ�