Sun ONE Directory Server �޲z��n: �� 3 �� إ߾𪬥ؿ�

Sun ONE Directory Server �޲z��n

�� 3 �� إ߾𪬥ؿ�

�𪬥ؿ�]�t��A��Ҧ��ءA�åH��O�W�� (DN) �@��ѧO�C�ѩ� DN ��h��[�c�A�[�c��|�إߤ$�P�8��A��K�i�ϥΤ$�P�8��𪬥ؿ��ƫإߵ��c�C��F�޲z�𪬥ؿ�A�𪬥ؿ�b�޲z�W�w�q��=X�B�l�=X�B�쵲�=X�CDirectory Server �D��x ��ѥΩ�إ߻P�޲z�Ҧ��o�Ǥ��*���A��~�A�z�]�i�H�ϥΫ�O��u��C

�p��إߥؿ��ƫغc��סA�аѾ\�mSun ONE Directory Server ��p��n�n�� 4 ��<�]�p�𪬥ؿ�>�C

��]�t�U�C��`�G

²��

�إߧ=X

�޲z�=X

�إ��쵲�=X

�޲z�쵲�=X

�]�w��h��쵲

²��

�=X�O�@�Ӥ$�ξ𪬤l�ؿ�A��Ӥ��e�|�Q�޲z�u�@��O�@�ӳ��C�Ҧp�A�s�s�dެO�w��ӧ=X�w�q�A��ӧ=X�i�H�Τ@�ӧ@�~��l�ơA�ӥB�=X�]�O�Ƽg��C�Z�O�n�H�ۦP�覡�s��κ޲z��ơA��3��ۦP�=X��C�=X�i��b�𪬥ؿ�ڳ��A��B��ɭԺ٬��ڧ=X�C

�U��ܦ��Ӯڧ=X��ؿ�A�C�ӧ=X�U�N��@�Ӥ��q��G

�� 3-1    ��@�ؿ��A��Ӯڧ=X

�=X�]�i�H�O�t�@�ӧ=X��$�A�b�o�ر��p�U�A��٬��l�=X�C��=X�i��޲z�@�~�ɡA�ä��]�t�l�=X��e�A�]��b�޲z�W��=X�P�l�=X�O�W�ߪ��C�M�ӡALDAP �@�~��G��]�t��=X��T�A�ӥB�ؿ�Τ�ݤ]��D��جO�_�ݩ�ڧ=X�Τl�=X��@��!C

�U�ϩ��ܪ��ؿ�@�Ӥj��q��A�ؿ�t��@�ڧ=X�P�h�Ӥl�=X�G

�� 3-2    �]�t�h�Ӥl�=X��@�Ӯڧ=X

�=X��3��A��ӧO��Ʈw�C��O�A��Ʈw�P��ɮײ{�b�O�Ѧ�A��t�d�޲z�A�]�� Sun ONE Directory Server 5.2 �_�w�o��Ʈw�o�ӥλy�C

�쵲�=X�|�ǥѰѦҨ�L��A��W��=X�A�ӫإߵ��>𪬥ؿ�C�ϥ��쵲�=X�ɡADirectory Sever �|�b��ݧ=X�W��@�~�öǦ^��G�A�N�p�P�O�b��@��C��ƪ��m�O�z��A�]��Τ�ݨä��D�o�O�쵲��=X�A�]��|��D��ƬO�q��ݦ�A��^��o�ӡC�@��A��W��ڧ=X�i��֦��쵲��t�@��A��l�=X�A��O�N�Τ�ݪ��[�I�Ө��A�o�u�O��@��𪬥ؿ�C

�b��h��쵲��S�?�p�U�A�쵲�=X�i�H�Ѧһ��ݦ�A��W��t�@��쵲�=X�A�̦��!C�C��A��N�|��e�@�~�A�̫��`�O�|�N��G�Ǧ^��B�z�Τ�ݭn�D��A��C

�p�ݧ�h��쵲��@��ʸ�T�A�аѾ\�mSun ONE Directory Server ��p��n�n�� 5 ��<�]�p�ؿ�ݼ�>�C

�إߧ=X

�i�H�ϥ�Directory Server �D��x�Ϋ�O��إ߮ڧ=X�P�l�=X�C

�ϥΥD��x�إ߷s��ڧ=X

�b Directory Server �D��x�̤W�h�� [�պA] ��ҤW�A�H�ƹ��k��@�U [��] �`�I�A�M��b��\�� [�s�W�=X]�C

�Ϊ̡A�i�H�� [��] �`�I�A�A�� [��] �\��?�� [�s�W�=X]�C

�� [�s�W�=X] ��ܤ��C

�b [�=X DN] ��줤��J�ߤ@��=X�W�١C�W�٥��ϥο�O�W�ٮ榡�A�]�t�H�r�I�9j��@�Φh��ݩʭȰt��C

�b�D�ҤW�A�ڧ=X�ϥκ��-�� (dc) �R�W�ݩʡC�Ҧp�A�z�i�H��J dc=example,dc=org �@��s��=X DN�C

�`�N
�=X�W�٥]�t DN �榡��ݩʭȰt��A��L��@�r��C�]��A�Ҧ��Ů泣��N�q�A�ӥB��=X�W�٪��@��C

�̹w�]�ȡA��A��|�۰ʿ�ܦ��=X��Ʈw�ɮצ�m�C��~�A�̷ӹw�]�ȡA�=X�u�|��@�t�ίdޡA��|��ݩʥ[�K�A�ӥB�]��|�]�w�Ƽg�C

�Y�n�ק��w�]�ȡA�Ы�@�U [�ﶵ] ��s�A��ܷs��=X�ﶵ�G

��Ʈw�W�٤]�O�]�t��Ʈw�ɮת��ؿ�W�١C�w�]��Ʈw�W�٬O�=X DN ��Ĥ@�өR�W�ݩʪ��ȡA��F�O��Ȫ��ߤ@�ʡA�i��|��[�@�ӼƦr�C�Y�n�ϥΤ��P��W�١A�п�� [�ϥΦۭq��] �ﶵ��s�A�ÿ�J�s��ߤ@��Ʈw�W�١C

��Ʈw�W�٥u��]�t ASCII (7 �줸) �^�Ʀr��B�s�r�� (-) �M��u�Ÿ� (_)�C�Ҧp�A�i�H�N�s��Ʈw�R�W�� example_2�C

�]�i�H��ܥ]�t��Ʈw�ɮת��ؿ��m�C�̹w�]�ȡA��U�C��|��l�ؿ�G

ServerRoot/slapd-serverID/db

�п�J�s��|�A�Ϋ�@�U [�s��] �M��Ʈw�ؿ�s��m�C�s��|�b�ؿ��A��D��O�i�s��C

��[�t�]�w�s�=X��պA�A�i�H��ܽƻs�{��=X�C�� [�ƻs�=X�պA]�A�ÿ�ܱz�Q�n�q�U�Ԧ��\��?�ƻs��=X�C��ۡA��U�C��@�ӻݭn�ƻs��պA�G

�ƻs�d޲պA - �s��=X�|�P�ƻs�=X�ۦP��ݩʤW��@�ۦP��dޡC

�ƻs�ݩʥ[�K�պA - �s��=X�|�ҥλP�ƻs�=X��ݩʲM��ۦP�Υ[�K��c�ۦP��[�K�C

�ƻs�Ƽg�պA - �s��=X�|�P�ƻs�=X��ƥ��ۦP�A�Y��3�ӡA�h�|�ƻs�Ҧ��Ƽg��ĳ�A�ӥB�N�ҥνƼg�C

��]�w��Ҧ��s�=X��ﶵ��A�Ы�@�U [�T�w]�C�s�W�=X��ܤ��|��ܱz��ܪ��Ҧ��ﶵ�C

�b [�s�W�=X] ��ܤ��@�U [�T�w]�A�H�إ߷s��ڧ=X�C

�ڧ=X�|�۰ʥX�{�b [��] �$�U�C�аѾ\<�޲z�=X>�A�H�i�@�B�]�w�s��=X�C

�s��ڧ=X��]�t��󶵥ءA�s�=X DN ��س��S��C�]��A�b�N��l�ƨô��ѾA�?�s��v��e�A��b�ؿ�O�L�k�s��A�ӥB�b�D��x [�ؿ�] ��Ҥ��]�ݤ��C

�p�G�q LDIF �ɮפ��l�Ƨ=X�A�h�i��L��l�B�J�C��O�A�аȥ��T�{ LDIF �ɮפ��ڶ��إ]�t�z��p�һݪ��s��O (ACI)�C

��D��x�̤W�h�� [�ؿ�] ��ҡC�𪬥ؿ�|��ܷs��=X�C

�p�G��O�H�ؿ�޲z��n�J�A�h�� [�D��x] > [�n�J��s�ϥΪ�] �\��?�ءC��J�ؿ�޲z�� DN �M�K�X�n�J�C�̹w�]�ȡA�ؿ�޲z�� DN �� cn=Directory Manager�C

�b�𪬥ؿ�ڸ`�I (�]�t��A��D��W�ٻP�s��𪺸`�I) �W��@�U�ƹ��k��C��\��?�� [�s�W�ڪ��]�A�A��s�ڧ=X�� DN�C

�Ϊ̡A��𪬥ؿ�ڸ`�I�A�A�� [��] �\��?�� [�s�W�ڪ��] ��ءC

�b��ܪ� [�s�W��] ��ܤ��A��ڪ��@�Ӫ��O�C��O�N�M�w�i�[�J�ڶ��ت��L�ݩʤ��e�C

��ӺD�ҡA�]�t dc �R�W�ݩʤ��=X DN ��ڪ��ݩ� domain ��O�C�q�`�A�ڪ��O²�檫��A�ӥB�]�t��֪��ơC

��n��O��A��@�U [�s�W��] ��ܤ�� [�T�w]�C

�{�b�D��x�|��ܷs�ڪ��󪺼зǽs�边�A�æ۰ʱN�w�]�� ACI �ե[�J�s��C�p�ݨ�L��T�A�аѾ\<�w�] ACI>�C�[�J�νs��ݼ��ݪ��ݩʭȡA�]�A ACI �ժ��Ҧ��ק�C

�p�G�z��s�=X�N�]�t��ϥΪ̶��ءA�h3�ק��D��<��\ nsroledn �M aci �ݩʥH�~��ضi��ۨ��ק�>��w�] ACI�C�p��L�w��ʻݨD�A�ШϥΤU�C ACI �Ө�N�G

aci:(targetattr != "nsroledn || aci || nsLookThroughLimit ||
nsSizeLimit || nsTimeLimit || nsIdleTimeout ||
passwordPolicySubentry || passwordExpirationTime ||
passwordExpWarned || passwordRetryCount || retryCountResetTime
|| accountUnlockTime || passwordHistory ||
passwordAllowChangeTime")(version 3.0; acl "Allow self entry
modification except for nsroledn, aci, resource limit
attributes, passwordPolicySubentry and password policy state
attributes"; allow (write)userdn ="ldap:///self";)

��ؽs�觹��A��@�U [�зǽs�边] �� [�T�w]�A�H�إ߷s�=X��ڪ��C

�{�b�𪬥ؿ�|��ܷs�=X�A�B�i�H�ھ� ACI �ұ»P��v��z�L�D��x�޲z�s�=X�C

�ϥΥD��x�إ߷s��l�=X

�U�C�{�Ǵy�z�p��b�w�s�b��ڧ=X�Τl�=X�U�إ߷s��l�=X�G

�b Directory Server �D��x�̤W�h�� [�պA] ��ҤW�A�i�} [��] �`�I�P��=X�`�I�A�H��ܤ�=X�C

�b��=X�`�I�W��@�U�ƹ��k��A�A��\��?�� [�s�W�l�=X]�C

�Ϊ̡A�z�i�H��=X�`�I�A�A�� [��] �\��?�� [�s�W�l�=X]�C

�� [�s�W�l�=X] ��ܤ��C

�b [�l�=X RDN] ��줤��J�ߤ@��W�١C�W�٥��ĥά۹��O�W�ٮ榡�A�]�t�H�r�I�9j��@�Φh��ݩʭȰt��A�Ҧp ou=Contractors�C

��r��U�@��ܦ��l�=X�� DN (�� RDN ��[��=X DN �զ�)�C

�`�N
�l�=X�W�٥]�t RDN �榡��ݩʭȰt��A��L��@�r��C�]��A�Ҧ��Ů泣��N�q�A�ӥB��=X�W�٪��@��C

�̹w�]�ȡA��A��|�۰ʿ�ܦ��=X��Ʈw�ɮצ�m�C��~�A�̷ӹw�]�ȡA�=X�u�|��@�t�ίdޡA��|��ݩʥ[�K�A�ӥB�]��|�]�w�Ƽg�C

�Y�n�ק��w�]�ȡA�Ы�@�U [�ﶵ] ��s�A��ܷs��=X�ﶵ�G

��Ʈw�W�٤]�O�]�t��Ʈw�ɮת��ؿ�W�١C�w�]��Ʈw�W�٬O RDN ��Ĥ@�өR�W�ݩʪ��ȡA��F�O��Ȫ��ߤ@�ʡA�i��|��[�@�ӼƦr�C�Y�n�ϥΤ��P��W�١A�п�� [�ϥΦۭq��] �ﶵ��s�A�ÿ�J�s��ߤ@��Ʈw�W�١C

��Ʈw�W�٥u��]�t ASCII (7 �줸) �^�Ʀr��B�s�r�� (-) �M��u�Ÿ� (_)�C�Ҧp�A�z�i�H�N�s��Ʈw�R�W�� temps-US�C

�]�i�H��ܥ]�t��Ʈw�ɮת��ؿ��m�C�̹w�]�ȡA��U�C��|��l�ؿ�G

ServerRoot/slapd-serverID/db

�п�J�s��|�A�Ϋ�@�U [�s��] �M��Ʈw�ؿ�s��m�C�s��|��i�Q�ؿ��A��3�ε{��s��C

��[�t�]�w�s�l�=X��պA�A�i�H��ܽƻs�{��=X�A��׬O��=X�Υ��L�=X�ҥi�C�� [�ƻs�=X�պA]�A�ÿ�ܷQ�n�q�U�Ԧ��\��?�ƻs��=X�C��ۡA��U�C��@�ӭn�ƻs��պA�G

�ƻs�d޲պA - �s��=X�|�P�ƻs�=X�ۦP��ݩʤW��@�ۦP��dޡC

�ƻs�ݩʥ[�K�պA - �s��=X�|�ҥλP�ƻs�=X��ݩʲM��ۦP�Υ[�K��c�ۦP��[�K�C

�ƻs�Ƽg�պA - �s��=X�|�P�ƻs�=X��ƥ��ۦP�A�Y��3�ӡA�h�|�ƻs�Ҧ��Ƽg��ĳ�A�ӥB�N�ҥνƼg�C

��]�w��Ҧ��s�=X��ﶵ��A�Ы�@�U [�T�w]�C[�s�W�l�=X] ��ܤ��|��ܱz��ܪ��Ҧ��ﶵ�C

�b [�s�W�l�=X] ��ܤ��@�U [�T�w]�A�H�إߤl�=X�C

�l�=X�|�۰ʥX�{�b [�պA] ��Ҥ��=X�U�C�аѾ\<�޲z�=X>�A�H�i�@�B�]�w�s��=X�C

�s��l�=X��]�t��󶵥ءA�s RDN ��س��S��C�]��A�b�N��l�ƨô��ѾA�?�s��v��e�A��b�ؿ�O�L�k�s��A�ӥB�b�D��x [�ؿ�] ��Ҥ��]�ݤ��C

�p�G�q LDIF �ɮפ��l�Ƨ=X�A�h�i��L��l�B�J�C��O�A�аȥ��T�{ LDIF �ɮפ��ڶ��إ]�t�z��p�һݪ��s��O (ACI)�C

�b�D��x�̤W�h�� [�ؿ�] ��ҤW�A�i�}�𪬥ؿ�A��ܤl�=X��h�C��٤��|��ܷs��l�=X�C

�p�G��O�H�ؿ�޲z��n�J�A�h�� [�D��x] > [�n�J��s�ϥΪ�] �\��?�ءC��J�ؿ�޲z�� DN �M�K�X�n�J�C�̹w�]�ȡA�ؿ�޲z�� DN �� cn=Directory Manager�C

�b�l�=X��h�W��@�U�ƹ��k��A�A��\��?�� [�s�W] ��ءC�b�s��M�椤�A��P�l�=X RDN ��3��C�Ҧp�A�p�G�إ� ou=Contractors �l�=X�A�i�� OrganizationalUnit ��ءC�p�G�l�=X��O��b�M�椤�A�п�� [��L]�A�æb��ܪ� [�s�W��] ��ܤ��ܸӪ��O�C

�Ϊ̡A��l�=X��h�A�A�� [��] �\��?�� [�s�W] ��ءC

�{�b�D��x�|��ܷs��󪺦ۭq�μзǽs�边�C�[�J�νs��ݼ��ݪ��ݩʭȡA�]�A ACI �ժ��Ҧ��ק�C

��ؽs�觹��A��@�U [�s�边] �� [�T�w]�A�H�إ߷s�l�=X��ءC

�{�b�𪬥ؿ�|��ܷs�l�=X�A�B�i�H�ھ� ACI �ұ»P��v��z�L�D��x�޲z�s�l�=X�C

�q��O��إߧ=X

�z�]�i�H�� ldapmodify ��O�椽�ε{��b�z��ؿ�إߧ=X�C�ѩ��A��O�H�ۦP��覡�޲z�ڧ=X�P�l�=X�A�]��q��O��إ߳o��ا=X��{�ǴX�G��ۦP�C

�ΤU�C��O�b cn=mapping tree,cn=config �U��ڧ=X�إߧ=X�պA��ءG

ldapmodify -a -h host -p port -D "cn=Directory Manager" -w password
dn:cn="suffixDN",cn=mapping tree,cn=config
objectclass:top
objectclass:extensibleObject
objectclass:nsMappingTree
cn:suffixDN
nsslapd-state:backend
nsslapd-backend:databaseName
^D

��l�=X�A�ХάۦP��O�A�A�[�W�U�C�ݩʡG
nsslapd-parent-suffix:"parentSuffixDN"

suffixDN �O�s�=X�� DN�C��ڧ=X�A�D�ҤW�O�ϥκ��-�� (dc) �R�W�ݩʡA�Ҧp dc=example,dc=org�C�Y�O�l�=X�AsuffixDN �]�t�l�=X�� RDN �P��=X�� DN�A�Ҧp ou=Contractors,dc=example,dc=com�C

�`�N
�=X�W�٬� DN �榡�A��L��@�r��C�]��A�Ҧ��Ů泣��N�q�A�ӥB��=X�W�٪��@��C�s��=X�� suffixDN �r�ꤤ�ҥάۦP��Ů�Ϊk�C

databaseName �O�P��=X��޲z��Ʈw��W�١C�b�Ҧ��=X�� databaseNames ��A�W�٥��O�ߤ@��A�ӥB�b�D�ҤW�A��O suffixDN ��Ĥ@�өR�W��ȡCdatabaseName �]�O�]�t�=X��Ʈw�ɮת��ؿ�W�١A�]��3�ӥu�]�t ASCII (7 �줸) �^�Ʀr��B�s�r�� (-) �P��u�Ÿ� (_)�C

�Y�O�l�=X�AparentSuffixDN ��=X�u�� DN�C

�ϥΤU�C��O�إ߸�Ʈw�պA��ءG

ldapmodify -a -h host -p port -D "cn=Directory Manager" -w password
dn:cn=databaseName,cn=ldbm database,cn=plugins,cn=config
objectclass:top
objectclass:extensibleObject
objectclass:nsBackendInstance
cn:databaseName
nsslapd-suffix:suffixDN
^D

�䤤 databaseName �M suffixDN ��֦��P��e�B�J��ҨϥΪ��ȬۦP��ȡC

�N��إ[�J�ؿ��A��A��Ʈw�ҲձN�۰ʩ�U�C�ؿ�إ߸�Ʈw�ɮסG

ServerRoot/slapd-serverID/db/databaseName

�Y�n��A��b��L��m�إ߸�Ʈw�ɮסA�ХΤU�C�ݩʫإ߸�Ʈw�պA��ءG

nsslapd-directory:path/databaseName

��A��N�b��w��m�A�۰ʫإߦW�� databaseName ��ؿ�H�x�s��Ʈw�ɮסC

�إ߮ڧ=X�Τl�=X��¦��ءC

�Ҧp�A�ϥΤU�C��O�i�إ� dc=example,dc=org �ڧ=X��¦��ءG

ldapmodify -a -h host -p port -D "cn=Directory Manager" -w password
dn:dc=example,dc=org
objectclass:top
objectclass:domain
dc:example
^D

�z��]�t DN ��Ĥ@�өR�W�ݩʤΨ�ȡA�]��]�t��¦��ت��O��c�һݪ��Ҧ��ݩʡC�̷ӺD�ҡA�ϥκ��-�� (dc) ��ڧ=X DN �֦� domain ��O�A��ݭn��L��ݩʡC

�z�]3�Ӧb�ڧ=X��[�J�s��O (ACI) �ݩʡA�H�j��s��h�C�U�C�O�i�[�J�� aci �ݩʭȡA�H��\�ΦWŪ��B�w��ۧڭק�Χ��㪺�޲z��s��v��G

aci:(targetattr != "userPassword") (version 3.0; acl
"Anonymous access";
allow (read, search, compare)userdn = "ldap:///anyone";)
aci:(targetattr != "nsroledn || aci || nsLookThroughLimit ||
nsSizeLimit || nsTimeLimit || nsIdleTimeout ||
passwordPolicySubentry || passwordExpirationTime ||
passwordExpWarned || passwordRetryCount || retryCountResetTime
|| accountUnlockTime || passwordHistory ||
passwordAllowChangeTime")(version 3.0; acl "Allow self entry
modification except for nsroledn, aci, resource limit
attributes, passwordPolicySubentry and password policy state
attributes"; allow (write)userdn ="ldap:///self";)
aci:(targetattr ="*")(version 3.0;acl
"Configuration Administrator";
allow (all) userdn = "ldap:///uid=admin,ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot";)
aci:(targetattr ="*")(version 3.0;acl
"Configuration Administrators Group";
allow (all) (groupdn =
"ldap:///cn=Configuration Administrators, ou=Groups,
ou=TopologyManagement, o=NetscapeRoot");)

�H�l�=X��ҡA�ϥΤU�C��O�i�إ� ou=Contractors,dc=example,dc=com ��¦��ءG

ldapmodify -a -h host -p port -D "cn=Directory Manager" -w password
dn:ou=Contractors,dc=example,dc=com
objectclass:top
objectclass:organizationalUnit
description:base of separate subsuffix for contractor identities
^D

�z��]�t DN ��R�W�ݩʤΨ�ȡA�]��]�t��¦��ت��O��c�һݪ��Ҧ��ݩʡA�ӥB�i�H�[�J��L��\��ݩʡC�l�=X�֦��=X�W�� ACI �ҩw�q��s��A�e��O�o�� ACI ��d�򥲶��]�t�s��l�=X�C�Y�n�b�l�=X�W�w�q��P��s��h�A�Цb�إ߰�¦��خɫ�w�z�� aci �ݩʡC

�޲z�=X

�إߧ=X�i��z�P�ɺ޲z�ӧ=X��Ҧ��e�C��`��p��޲z�=X��s��A�]�A��ΩҦ��@�~�B�N�=X�]��Ū�H�Ϋإߧ=X�h�Ū��श�C

�\�h��L�ؿ�޲z�u�@�O�b�=X�h�ų]�w�A��ѱN��L��`��СG

<�פJ��>�C

<�ץX��>�C

<�޲z�d�>�C

<�[�K�ݩʭ�>�C

<�޲z�Ƽg>�C

��ΩαҥΧ=X

��ɭԡA�z�i�ॲ��N�=X�]��L�k�ϥΥH�i��@�A�ά��F�w��ʪ��]�ӱN�䤺�e�]��L�k�ϥΡC��Χ=X�i��A��L�k��^3�xզs��ӧ=X��Τ�ݧ@�~�A��Ū��μg�J�=X��e�C�p�G�w�w�q�F�w�]�श�A��Τ�ݹxզs��Ϊ��=X�ɡA�|�Ǧ^��श�C

�ϥΥD��x��ΩαҥΧ=X

�b Directory Server �D��x�̤W�h�� [�պA] ��ҤW�A�i�} [��] �`�I�A�A��n��Ϊ��=X�C

�b�k��O��A�� [�]�w��] ��ҡC�̹w�]�ȡA�Ҧ��=X��|�b�إ߮ɱҥΡC

�p�G�w�ҥΦ��=X��Ƽg�\��A�h�|�ݨ�@�ӻ��i�D�z��Ҫ��e�i��۰ʧ�s�C��νƼg��=X�]�|��_��=X��Ƽg�@�~�C�u�n�Ƽg��_��ɶ��W�L�_��]�w�ȡA�Ƽg��N�b�=X�A�ױҥΫ��_��s��ƥ��C�Ƽg�_��]�w�ȬO�Τ�ƥ��M��P��3�Ӫ��ܧ�O��ɪ��̤j�j�p�ήɶ� (�аѾ\<�i��Τ�պA>)�C

�� [�ҥΦs��=X] �֨��i��Χ=X�A�ο��֨��i�N��ҥΡC

��@�U [�x�s] �i�M��ܧ�A�åi�ߧY��Ωαҥθӧ=X�C

�Ϊ̡A�z�i�]�w��w�]�श�A��श�b��Ϊ��P�ɡA�]�|�w�惡�=X�W��Ҧ��@�~�ӶǦ^�C��]�w�Ȧ��̤W�h [�պA] ��Ҫ��ڸ`�I [��] ��ҤW�C�p�ݸԲӸ�T�A�аѾ\<�ϥΥD��x�]�w�w�]�श>�C

�q��O�氱�ΩαҥΧ=X

�ΤU�C��O�s��=X�պA��ؤ�� nsslapd-state �ݩʡG

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn:cn="suffixDN",cn=mapping tree,cn=config
changetype:modify
replace:nsslapd-state
nsslapd-state:disabled or backend
^D

�䤤 suffixDN �O�w�q�=X DN �ɧ��㪺�r��A�]�A��Ů�C�N nssladp-state �ݩʳ]�w�� disabled �i��Χ=X�A�]�w�� backend �i�ҥΧ��s��C

��O��\�ɡA�|�ߧY��Χ=X�C

�Ϊ̡A�z�i�]�w��w�]�श�A��श�b��Ϊ��P�ɡA�]�|�w�惡�=X�W��Ҧ��@�~�ӶǦ^�C�p�ݸԲӸ�T�A�аѾ\<�q��O��]�w�w�]�श>�C

�]�w�s��v��श

�p�G��n��Χ=X�A�u�n��s��A�z�i�H�ק�s��v��A�H��\��Ū�s��C��ɡA�z��g�J�@�~��t�@��A��w�q�श�C�z�]�i�H�ڵ�Ū��M�g�J�s��A�ì��=X�W��Ҧ��@�~�w�q�श�C

�श�]�i�Ω�N�Τ��3�ε{��Ȯɫ�V��P��A��C�Ҧp�A�z�i�H�b�=X��[�J�श�A�ϱo��b�ƥ�=X��e�ɡA�=X�|��V��P��A��C

�Ƽg����̾a�g�J�v��P�श�A�~��]�w�=X��Ƽg�\��C�ҥνƼg�B�ɯŽƥ��έ��Žƥ��|�ק��श�]�w�ȡC

�p��

�p�G�w�Ƽg�=X�A�ק��श�i��|�v�T��=X��Ƽg�欰�C

�ϥΥD��x�]�w�s��v��M�श

�b Directory Server �D��x�̤W�h�� [�պA] ��ҤW�A�i�} [��] �`�I�A�A��n�]�w�श��=X�C

�b�k��O��A�� [�]�w��] ��ҡC�p�G�ҥ��쵲��=X�A�z�u��]�w�v��M�श�C�p�G�w�ҥΦ��=X��Ƽg�\��A�h�|�ݨ�@�ӻ��i�D�z��Ҫ��e�i��۰ʧ�s�C

�п��U�C�䤤�@�ӿﶵ��s�A�]�w�^�е��=X��ؤW��g�J�@�~�G

�B�z�g�J�MŪ��n�D - �w�]��A�U�|��ﶵ��s�A��N��=X��`�欰�C�t�Υi��|�w�q�श�A��O��|�Ǧ^�श�C

�B�zŪ��n�D�A�öǦ^�g�J�n�D��श - �p�G�Ʊ�N�=X�]��Ū�A�i��ﶵ��s�A�æb�M�椤��J�@�Φh�� LDAP URL�A�@��g�J�n�D�Ǧ^��श�C

�Ǧ^Ū��M�g�J�n�D��श - �p�G�Ʊ�ڵ�Ū��P�g�J�s��A�i��ﶵ��s�C��欰�P��Χ=X��s��ۦ�A��P�B�O�|�S�O�w�惡�=X�w�q�श�A�Ӥ��O�ϥΥ��w�]�श�C

�ϥ� [�[�J] �P [��] ��s�s��श�M��C��@�U [�[�J] ��s�|��ܫإ߷s�श�� LDAP URL ��ܤ��C�z�i�ﻷ�ݦ�A��$䪺 DN �إ��श�C�p�� LDAP URL ��c��ԲӸ�T�A�аѾ\�mSun ONE Directory Server �J��n�n�C

�z�i��J�h��श�C�ؿ�|�Ǧ^��M�檺�Ҧ��श�A�^3�ӦۥΤ��3�ε{��n�D�C

��@�U [�x�s] �i�M�αz��ܧ�A�åB�ߧY�}�l�j��s��v��M�श�]�w�ȡC

�q��O��]�w�s��v��M�श

�b�U�C��O��AsuffixDN �O�w�q�=X DN �ɧ��㪺�r��A�]�A��Ů�CLDAPURL ��Ī� URL�A�䤤�]�t�D��W�١B�s��𸹽X�Υؼ� DN�A�Ҧp�G

ldap://phonebook.example.com:389/ou=People,dc=example,dc=com

�ϥΤU�C��O�s��=X��պA��ءG

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn:cn="suffixDN",cn=mapping tree,cn=config
changetype:modify
replace:nsslapd-state
nsslapd-state:referral on update or referral
-
add:nsslapd-referral
nsslapd-referral:LDAPURL
^D

�z�i��Ƴ̫᪺�ܧ󳯭z��A�N��ƶq�� LDAP URL �[�J nsslapd-referral �ݩʡC

�� nsslapd-state �Ȭ� referral on update �ɡA�ӧ=X��Ū�A�ӥB�|�Ǧ^�Ҧ�� LDAP URL �@��g�J�@�~��श�C��Ȭ� referral �ɡA�|�ڵ�Ū��P�g�J�ⶵ�@�~�A�ӥB�|�w��n�D�Ǧ^�श�C

�=X�|�ܦ��Ū�εL�k�s��A��O��\�ɡA�|�ߧY�ǳƦn�Ǧ^�श�C

�R��=X

�R��=X�N�|�q�ؿ��Ӥ$�C�z�i�R��=X�A�æb�ؿ�O�d��l�=X�@��s��ڧ=X�C

�p��

��z�R��=X�ɡA�|�N��û��q�ؿ��A�ò��=X��Ҧ��պA (�]�A��Ƽg�պA)�C

�ϥΥD��x�R��=X

�b Directory Server �D��x�� [�պA] ��ҤW�A�i�} [��] �`�I�C

�b�Q�n��=X�W��@�U�ƹ��k��A�A��㦡�\��?�� [�R��]�C

�Ϊ̡A�i�H��=X�`�I�A�A�� [��] �\��?�� [�R��]�C

��ܽT�{��ܤ��A�q��z�N�q�ؿ��Ҧ��=X��ءC

��F��=X�H�~�A�]�i�H��ܻ��j��R��Ҧ��l�=X�C�p�G�n��Ӥ$�A�п�� [�R��=X�Ψ�Ҧ��l�=X]�C�ۤϪ��A�p�G�u�n��S�w��=X�A�æb�ؿ�O�d��l�=X�A�п�� [�ȧR��=X]�C

��@�U [�T�w] �R��ӧ=X�C

��ܶi�׹�ܤ��A�i�D�z�D��x�w�g��B�J�C

�q��O��R��=X

�Y�n�q��O��R��=X�A�Шϥ� ldapdelete ��O��ؿ�պA��ءC

�p�G�Q�n�R��]�t�l�=X��Ӥ$�A��M��w�R��l�=X�A�ù�C�Ӥl�=X�Ψ�i�઺�l�=X��Ƹӵ{�ǡC

�ϥΤU�C��O��=X�պA��ءG

ldapdelete -h host -p port -D "cn=Directory Manager" -w password\
           -v cn="suffixDN",cn=mapping tree,cn=config

��O�q�� suffixDN ��¦��ض}�l�A�N�=X�q��A��C�{�b��=X�N��A��ܡA�]�L�k�b�ؿ�s��C

�� cn=databaseName,cn=ldbm database,cn=plugins,cn=config ��3��Ʈw�պA��ءA�Ψ�U��Ҧ��ءC�U�C��O�ϥ� Sun ONE Directory Server Resource Kit (DSRK) �� ilash �u��C�p��U��P�ϥ� DSRK ��T�A�аѾ\<�U��ؿ��A��u��>�C

% ilash -call "http://host : port/" -user "cn=Directory Manager"
[...]
Enter password for "cn=Directory Manager":password
[...]
[example,com]% dcd cn=config
[config]% ddelete -subtree \
"cn=databaseName,cn=ldbm database,cn=plugins,cn=config"

Removed cn=aci, cn=index, cn=databaseName, cn=ldbm database, cn=plugins, cn=config

Removed cn=entrydn, cn=index, cn=databaseName, cn=ldbm database, cn=plugins, cn=config

[...]

Removed cn=encrypted attributes, cn=databaseName, cn=ldbm database, cn=plugins, cn=config

Removed cn=index, cn=databaseName, cn=ldbm database, cn=plugins, cn=config

Removed cn=monitor, cn=databaseName, cn=ldbm database, cn=plugins, cn=config

Removed cn=databaseName,cn=ldbm database,cn=plugins,cn=config

��X�|��ܻP��Ʈw��B��Ҧ��d޲պA��ءC��R��Ʈw�պA��A��A��N��P��=X��Ҧ��Ʈw�ɮפΥؿ�C

�إ��쵲�=X

�ڧ=X�P�l�=X��i�H�쵲��L��A��A�ӥB�o��ӵ{�ǧ��i�z�L�D��x�αq��O��C

�M�ӡA�b�إߥ��쵲�=X�ɡA�z3�Ӧb��ݦ�A��W�إߥN�z��C��A��b�z�L�쵲�=X��e�@�~�ɡA�|�ϥΥN�z��ӳs��ݦ�A��C

�p�G�z�ϥΧ��@�˪��ѼƳ]�w�\�h�쵲�=X�A�z�]3�Ӭ��s��쵲�=X�]�w�쵲�Ѽƪ��w�]�ȡC�b�إ��쵲�=X�e�Ϋ᪺��ɶ��A�]�i�H�]�w LDAP ���P��A��쵲��h�A�p<�]�w�쵲��h>��ҭz�C

�إߥN�z��

�N�z��O��ݦ�A��W��@�ӨϥΪ̡A��A��N�ϥΥ��ӳs��e�쵲�@�~�C��w��ʪ��]�A�ؿ�޲z��κ޲z�ϥΪ� (admin) ��3�ӧ@��N�z��C

�ӬO3�إ߷s��A��s��M�Ω�q��w��A��쵲�@�~�C��3�إߦb�Y�N�쵲��Ҧ��A��A�H�Φb<�ϥΥD��x�إ��쵲�=X>��<�ϥΥD��x�ק��쵲��h>��w�q��Ҧ��e��A��W�C

�ϥΥD��x�إߥN�z��

��{�ǾA�Ω�P�@��쵲�=X�ؼЪ��ݦ�A��۳s�� Directory Server �D��x �W�C

�b Directory Server �D��x�̤W�h�� [�ؿ�] ��ҤW�A�i�}�𪬥ؿ�C

�b cn=config ��ؤW��@�U�ƹ��k��A�A��\��?�� [�s�W] > [�ϥΪ�] ��ءC�Ϊ̡A�� cn=config ��ءA�A�� [��] �\��? [�s�W] > [�ϥΪ�] ��ءC

�b [�إ߷s�ϥΪ�] ��ܤ��줤��J�ȡA�H�y�z�N�z��A�Ҧp�G

�W�r�Gproxy
�m��G host1
�@��W�١G host1 chaining proxy
�ϥΪ� ID�G host1_proxy
�K�X�G password
�T�{�K�X�G password

�䤤 host1 �O�]�t�쵲�=X��A��W�١C�C�@��=X�쵲�ܦ��A��A��3�ӨϥΤ��P��N�z��C

��@�U [�T�w] �H�x�s��s��N�z��C

�q��O��إߥN�z��

��{�Ǩϥ� host1 �P host2 �'O�N��]�t�쵲�=X��A��Χ@��쵲�=X�ؼЪ��ݦ�A��C

�ϥΤU�C��O�b host2 �W�إߥN�z��G

ldapmodify -a -h host2 -p port2 -D "cn=Directory Manager" -w password2
dn:uid=host1_proxy,cn=config
objectclass:top
objectclass:person
objectclass:organizationalPerson
objectclass:inetorgperson
uid:host1_proxy
cn:host1 chaining proxy
sn:host1
userpassword:password
description:proxy entry to be used for chaining from host1
^D

�]�w�w�]�쵲�Ѽ�

�쵲�ѼƷ|�M�w��A��P�쵲��A��s�u�覡�A�H�Φ�A��b��쵲�=X�W�B�z�@�~��覡�C�o�ǰѼƬO�b�C��쵲�=X�W�]�w�C�ؿ��A�� ѤF�C��إ��쵲�=X�ɩҥΪ��w�]�ȡC�z�i�H�s��o�ǹw�]�ȡA�H��w�Ҧ��s�쵲�=X�W��쵲�ѼơC

�C�@�Ӧb�ק�w�]�Ѽƫ�s�إߪ��쵲�=X�A��N�ϥαz��w��ȡC�M�ӡA�@��إߧ=X��A�K�u��<�޲z�쵲�=X>�ҭz�覡�ק�ѼơC

�쵲�Ѽƪ��ݩʻP�w�]�Ȼ��p�U�C�p�ݤ��\�Ȫ��y�z�A�аѾ\�mSun ONE Directory Server �ѦҤ�U�n�� 5 ��<�쵲�=X�~��{��ݩ�>�G

�Τ�ݶǦ^�Ѽ�

nsReferralOnScopedSearch - �ϥιw�]��}�ҳ]�w�ɡA�j�M�d�򧹥��b�쵲�=X��Τ�ݱN��컷�ݦ�A��श�C�p��K�i�קK�N�j�M��G�ǰe�G��C��]��ɡA3�ӳ]�w�j�p�P�ɶ��ѼơA�H�קK�b�쵲�=X�W��椾��j�M�C

nsslapd-sizelimit - ��ѼƷ|�M�w�b�^3�쵲�j�M�@�~�ɱN�|�Ǧ^��ؼơC�w�]�j�p�� 2000 �Ӷ��ءC�p�G�Q�n��A��쵲�=X��s�x�j�M�A�бN��ѼƳ]�w��C�ȡC�b��󱡪p�U�A��ݦ�A��W�Ҧ��j�p�]�w�ȧ��|��ӧ@�~�C

nsslapd-timelimit - ��ѼƱ��쵲�@�~��ɶ��סC�w�]�ɶ�� 3600 �� (1 �Ӥp��)�C�p�G�Q�n���\�b�쵲�=X�W�@�~��ɶ��A�бN��ѼƳ]�w��C�ȡC�b��󱡪p�U�A��ݦ�A��W�Ҧ��ɶ��]�w�ȧ��|��ӧ@�~�C

��h��쵲�Ѽ�

nsCheckLocalACI - �b��@��h�쵲��A��A��|�b�쵲�=X�W�ˬd�s��ϥΪ̪��s��v��A�]��O��ݦ�A��d��C�]��A�w�]�ȬO off�C�M�ӡA��h��쵲��A��N��ѼƳ]�� on�A�~��ˬd�έ��e�쵲�@�~��A��ҥΤ��N�z DN ��s��v��C

nsHopLimit - �j�鰻��̾a��Ѽƨөw�q��\��̤j�D�I�ơC�t�Τ��|��e��F�즹�D�I�ƪ��쵲�@�~�A�ӬO�b��h��ݼ��N�~�j�骺��]��U�A�N��@�~��C

�s�u�޲z�Ѽ�

nsOperationConnectionsLimit - �쵲�=X�i�P�ɻP��ݦ�A��إߤ� LDAP �s�u�ƪ��̤j�ȡC�w�]�Ȭ� 10 �ӳs�u�C

nsBindConnectionsLimit - �쵲�=X�i�P�ɻP��ݦ�A��إߤ� TCP �s�u�ƪ��̤j�ȡC�w�]�Ȭ� 3 �ӳs�u�C

nsConcurrentBindLimit - �C�� LDAP �s�u�P�ɳs��@�~�ƪ��̤j�ȡC�w�]�Ȭ��C�ӳs�u�� 10 �ӥ��s��@�~�C

nsBindRetryLimit - �P��ݦ�A��s��ѫ�A�쵲�=X�xխ��s�s��ơC0 �ȥN��쵲��=X�u�|�xճs��@��C�w�]�Ȭ��x� 3 ��C

nsConcurrentOperationsLimit - �C�� LDAP �s�u�P�ɧ@�~�ƪ��̤j�ȡC�w�]�Ȭ��C�ӳs�u�� 10 �ӧ@�~�C

nsBindTimeout - �P�쵲�=X��s��xչO�ɤ��e��ɶ�� (�H�?��)�C�w�]�Ȭ� 15 ��C

nsAbandonedSearchCheckInterval - ��A��ˬd�@�~�O�_�w�Q��󤧫e��ơC�w�]�Ȭ� 2 ��C

nsConnectionLife - �쵲�=X�P��ݦ�A��s�u��}�ҡA�H�K�i�H��ƨϥΪ��ɶ��סC��s�u�}�ҷ|��ֳt�A��|�ϥθ�h��귽�C�Ҧp�A�p�G�z��ϥμ��s�u�A�z�i��|�Q�n��s�u��ɶ��C�w�]�Ȭ� 0�A��ܳs�u�S��C

��~��Ѽ�

nsmaxresponsedelay - ��ݦ�A��^3�쵲�@�~�� LDAP �n�D��l�ƥi��O�ɶ��̤j�ȡC��v��|�H�?��C�b��𤧫�A��A��|��ճs�u�C�w�]��v�� 60 ��C

nsmaxtestresponsedelay - �ˬd��ݦ�A��O�_��^3��ի��ɶ��C��դ��e�u�O²��a�n�D�j�M�@�Ӥ��s�b��ءC��v��|�H�?��C�p�G�b��թ��v��^3�A�쵲�=X�|��]��ݦ�A��w��C�w�]��զ^3��v�� 15 ��C

�p�G�z�u��쵲�=X�w�q�@��ݦ�A��A��ݦ�A��Ҧ��쵲�@�~��N�� 30 ��A�H��t��L��C�p�G�w�w�q�e��A��A�h�쵲�@�~�N�}�l�ϥΤU�@�өw�q��%N��A��C

�ϥΥD��x�]�w�w�]�쵲�Ѽ�

�b Directory Server �D��x�̤W�h�� [�ؿ�] ��ҤW�A�i�}�𪬥ؿ�A�ÿ��U�C��ءGcn=default instance config,cn=chaining database,cn=plugins,cn=config�C

�s��U��ءA�ο�� [��] > [�H�зǽs�边�s��] �\��?�ءC�ק�W�z�M�椤�ݭn��ݩʭȡC

��@�U [�зǽs�边] ��ܤ�� [�x�s]�A�ܧ�N�|�ߧY�ͮġC

�q��O��]�w�w�]�쵲�Ѽ�

�ϥ� ldapmodify ��O�s�� cn=default instance config,cn=chaining database,cn=plugins,cn=config ��ءC��ت��Ҧ��ݩʦ��s�쵲�=X��Ѽƪ��w�]�ȡC

�Ҧp�A�U�C��O�|�N�s�쵲�=X��w�]�j�p���� 5000 �Ӷ��ءA�ñN�w�]�ɶ���C�� 10 ��aG

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn:cn=default instance config,cn=chaining database,
cn=plugins,cn=config
changetype:modify
replace:nsslapd-sizelimit
nsslapd-sizelimit: 5000
-
replace:nsslapd-timelimit
nsslapd-timelimit: 600
^D

�惡��ت��ק�N�ߧY�ͮġC

�ϥΥD��x�إ��쵲�=X

�U�C�{�ǴX�G�P�إ��쵲�ڧ=X�M�쵲�l�=X��覡��@�ˡG

�� Directory Server �D��x�� [�պA] ��ҡC

�Y�O�쵲�ڧ=X�A�b [��] �`�I�W��@�U�ƹ��k��A�A��\��?�� [�s�W�쵲��=X]�C�Ϊ̡A�i�H�� [��] �`�I�A�A�� [��] �\��?�� [�s�W�쵲��=X]�C

�Y�O�쵲�l�=X�A�i�} [��] �`�I�P��=X�`�I�A�H��ܤ�=X�C�b��=X�`�I�W��@�U�ƹ��k��A�A��\��?�� [�s�W�쵲��l�=X]�C�Ϊ̡A�i�H��=X�`�I�A�A�� [��] �\��?�� [�s�W�쵲��l�=X]�C

�� [�s�W�쵲�� (�l) �=X] ��ܤ��C

��J�n�쵲��ݦ�A��W��ت� DN�C��ݶ��ؤ��@�w�n�O��ݧ=X��¦��ءG

�Y�O�ڧ=X�A�b [�=X DN] ��줤��J��ݶ��ت�� DN�C�i�H��J��ݾ𪬥ؿ�ت�� DN�C�Ӷ��رN�O�쵲�ڧ=X��¦�A�ӥB�Ӷ��ة��U��󶵥ا��i�z�L�쵲�=X��o�C

�Y�O�l�=X�A��J�Y�N�쵲��ت��l�=X RDN�C�Ӷ��جO�쵲�l�=X��¦�C��ܦb��r��U��l�=X�W�٥��O�s�b�󻷺ݦ�A��W��ءC

��J�]�t�=X��ƪ��ݦ�A��D��W�� (��n�ɥ]�t��)�C

��J�s��ݦ�A��s��𸹽X�A�p�G�o�O�w��s��A�]�п��Ӯ֨��C�ϥΦw��s��ɡA�쵲�@�~�|�z�L SSL �[�K�C�p�ݸԲӸ�T�A�аѾ\<�ϥ� SSL �i��쵲>�C

��ܤ��U�誺��r�|��ܻ��ݦ�A�� URL�C

��J��ݦ�A��W�N�z��s�� DN �P�K�X�C�b��ݦ�A��W�s��=X��e�ɡA��A��|�ϥΦ� DN �@��N�z�C�Ҧp�A�ϥ�<�إߥN�z��>��w�q�� uid=host1_proxy,cn=config DN�C

�z�L�k�ϥλ��ݦ�A��W�ؿ�޲z�� DN�C�z�L�쵲�=X��檺�@�~�N�b creatorsName �P modifiersName �ݩʤ��ϥΦ��N�z��C�i�H��ϥΥN�z DN�A�p��@�ӡA��A��b�s��ݦ�A��ɱN�H�ΦW�覡�s��C

��@�U [�T�w] �H�إ��쵲�=X�C�s�=X�|�X�{�b�պA�𪬥ؿ�A�å]�t�쵲��ϥܡC

��@�U�s��쵲�=X�H��A�ÿ��k��O�� [��ݦ�A��] ��ҡC

�i�H��ܩʦa��쵲�=X�w�q�@�Φh��e��A��C�p�G��A��L�k�p��ݦ�A��A��|�̩w�q��ǳv�@�xծe��A��A��䤤�@��A��^3��C�e��A��]�t�P�Q�쵲�=X�ۦP��=X�A�ӥB��\�ۦP��s�� DN �@��N�z�C

�Y�n�w�q�e��A��A�Цb [��ݦ�A�� URL] ��줤��J��h�t�諸�D��W�ٻP�s��𸹽X�A�åH�Ů�9j�C��쪺�榡�p�U�G

ldap[s]://hostname[:port][ hostname[:port]].../

�b [��ݦ�A��] ��ҩ��ݡA��r��|��ܤ��\�z�L�쵲��N�z�@�~�һݪ� ACI�C��N�� ACI �[�J��ݦ�A��W�]�t suffixDN ��ءC�p�G�z��g�w�q��e��A��A�K3�ӱN�� ACI �[�J�Ҧ��e��A��C�ϥ� [�ƻs ACI] ��s�i�N ACI ��r�ƻs��z�ΨӶK�W��t�ΰŶKï�C

�N�� ACI �[�J��ݦ�A��W��¦��ث�A�쵲�=X�K�|��ܦb��A��𪬥ؿ�C

�p��

�z�i��ݭn�b�P�@�Ӷ��ؤW�w�q��L ACI�A�H��s��ثe�z�L�쵲��}��ݦ�A��C�аѾ\<�z�L�쵲�=X��s��>�C

�p�G�w�g�]�w��A��쵲��h�A�h��]�[�J��\�o�Ǥ��s��ݦ�A�� ACI�C�Ҧp�A�p�G��\�쵲�Ѧҧ��ʥ~��{��A�h��N�U�C ACI �[�J�B�J 2 ��ҫ�w�� DN ��¦��ءG

aci:(targetattr "*")
(target="ldap:///suffixDN")
(version 3.0; acl "RefInt Access for chaining"; allow
(read,write,search,compare) userdn = "ldap:///cn=referential
integrity postoperation,cn=plugins,cn=config";)

�q��O��إ��쵲�=X

�]�i�H�� ldapmodify ��O�椽�ε{��b�z��ؿ�إ��쵲�=X�C�ѩ��A��O�H�ۦP��覡�޲z�쵲�ڧ=X�P�쵲�l�=X�A�]��q��O��إ߳o��ا=X��{�ǴX�G��ۦP�C

��쵲�ڧ=X�A�ϥΤU�C��O�b cn=mapping tree,cn=config �U�إ��쵲�=X��ءG

ldapmodify -a -h host -p port -D "cn=Directory Manager" -w password
dn:cn=suffixDN,cn=mapping tree,cn=config
objectclass:top
objectclass:extensibleObject
objectclass:nsMappingTree
cn:suffixDN
nsslapd-state:backend
nsslapd-backend:databaseName
^D

��쵲�l�=X�A�ШϥάۦP��O�A�A�[�W�U�C�ݩʡG
nsslapd-parent-suffix:parentSuffixDN

�Y�O�쵲�l�=X�AsuffixDN �O�l�=X�� RDN�A�Ψ��=X�� DN�A�Ҧp l=Europe,dc=example,dc=com�CsuffixDN ��O�i�z�L��ݦ�A��o��ت� DN�A��@�w�n�O��ݧ=X��¦��ءC

�`�N
�=X�W�٬� DN �榡�A��L��@�r��C�]��A�Ҧ��Ů泣��N�q�A�ӥB��=X�W�٪��@��C��F��A��s��ݶ��ءAsuffixDN �r�ꥲ��ӻ��ݧ=X��ҨϥάۦP��Ů�Ϊk�C

databaseName �O�쵲�~��{��ҨϥΪ��ʺ١A�ΥH�ѧO��쵲�=X�C�b�Ҧ��=X�� databaseNames ��A�W�٥��O�ߤ@��A�ӥB�b�D�ҤW�A��O suffixDN ��Ĥ@�өR�W��ȡC�쵲�=X�P��=X��P�A�쵲�=X�b��A��W�S��Ʈw�ɮסC

�Y�O�l�=X�AparentSuffixDN ��=X�u�� DN�C��=X�i�H�O��=X��쵲�=X�C

�ϥΤU�C��O�إ��쵲�պA��ءG

ldapmodify -a -h host -p port -D "cn=Directory Manager" -w password
dn:cn=databaseName,cn=chaining database,cn=plugins,cn=config
objectclass:top
objectclass:extensibleObject
objectclass:nsBackendInstance
cn:databaseName
nsslapd-suffix:suffixDN
nsfarmserverurl:LDAPURL
nsmultiplexorbinddn:proxyDN
nsmultiplexorcredentials:ProxyPassword
^D

�䤤 databaseName �M suffixDN ��֦��P��e�B�J��ҨϥΪ��ȬۦP��ȡCLDAPURL �O��ݦ�A�� URL�A��]�A��=X��T�CURL �i�H�]�t�H�U�C�榡�C�ܪ��e��A��G

ldap[s]://hostname[:port][ hostname[:port]].../

LDAP URL ��ҦC��Ҧ��ݦ�A��]�t suffixDN�C�p��w�w��s��𪺸�T�A�аѾ\<�ϥ� SSL �i��쵲>�C

proxyDN �O��ݦ�A��W�N�z�� DN�C�b��ݦ�A��W�s��=X��e�ɡA��A��|�ϥΦ� DN �@��N�z�C�z�L�쵲�=X��檺�@�~�N�b creatorsName �P modifiersName �ݩʤ��ϥΦ��N�z��C�p�G�S��w�N�z DN�A��s��ݦ�A��ɡA��A��|�ΦW�s��C

ProxyPassword �O�N�z DN �K�X��D�[�K�ȡC��K�X�x�s�b�պA�ɮɡA�t�η|�N�K�X�[�K�C�Ҧp�G

nsmultiplexorbinddn:uid=host1_proxy,cn=config
nsmultiplexorcredentials:secret

�p��

�z3�ӳz�L�[�K�s�� ldapmodify ��O�A�H�קK�ǰe�¤�r��K�X�C

�s��ط|�۰ʥ]�t�Ҧ��쵲�ѼơA�P�b cn=default instance config,cn=chaining database,cn=plugins,cn=config ��w�q��w�]�ȡC�z�i�H�b�إ��쵲�պA��خɨϥΤ��P��ȳ]�w�ѼơA�H�мg��w�]�ȡC�p�ݥi�w�q�Ȫ��ݩʲM��A�аѾ\<�]�w�w�]�쵲�Ѽ�>�C

�ϥΤU�C��O�b��ݶ��ؤW�إ� ACI�C�� ACI �~��z�L�쵲��N�z�@�~�C�p�� ACI ��ԲӸ�T�A�аѾ\�� 6 ��<�޲z�s��>�C

ldapmodify -h host2 -p port2 -D "cn=Directory Manager" -w password2
dn:suffixDN
changetype:modify
add:aci
aci:(targetattr=*)(target = "ldap:///suffixDN")(version 3.0;acl
"Allows use of admin for chaining"; allow (proxy)
(userdn="ldap:///proxyDN");)
^D

�p��

�z�i��ݭn�b�P�@�Ӷ��ؤW�w�q��L ACI�A�H��s��ثe�z�L��A��}��ݦ�A��C�аѾ\<�z�L�쵲�=X��s��>�C

�p�G�w�g�]�w��A��쵲��h�A�h��]�[�J��\�o�Ǥ��s��ݦ�A�� ACI�C�Ҧp�A�p�G��\�쵲�Ѧҧ��ʥ~��{��A�h��N�U�C ACI �[�J�]�t suffixDN ��¦��ءG

aci:(targetattr "*")
(target="ldap:///suffixDN")
(version 3.0; acl "RefInt Access for chaining"; allow
(read,write,search,compare) userdn = "ldap:///cn=referential
integrity postoperation,cn=plugins,cn=config";}

�U�C��O��إ��쵲�l�=X��d�ҡC�Ъ`�N�A�u�� DN ��R�W�ݩʤ��X�{�r�I�ɡAsuffixDN ��r�I�~��Τϱ׽u (\) ��C

�{��X�d�� 3-1    �ϥΫ�O��إ��쵲�l�=X

ldapmodify -a -h host1 -p port1 -D "cn=Directory Manager" -w password1

dn:cn=l=Europe\,dc=example\,dc=com,cn=mapping tree,cn=config

objectclass:top

objectclass:extensibleObject

objectclass:nsMappingTree

cn:l=Europe,dc=example,dc=com

nsslapd-state:backend

nsslapd-backend:Europe

nsslapd-parent-suffix:dc=example,dc=com

dn:cn=Europe,cn=chaining database,cn=plugins,cn=config

objectclass:top

objectclass:extensibleObject

objectclass:nsBackendInstance

cn:Europe

nsslapd-suffix:l=Europe,dc=example,dc=com

nsfarmserverurl:ldap://host2:port2/

nsmultiplexorbinddn:uid=host1_proxy,cn=config

nsmultiplexorcredentials:proxyPassword

^D

ldapmodify -h host2 -p port2 -D "cn=Directory Manager" -w password2

dn:l=Europe,dc=example,dc=com

changetype:modify

add:aci

aci:(targetattr=*)(target =

"ldap:///l=Europe,dc=example,dc=com")(version 3.0;acl

"Allows use of admin for chaining"; allow (proxy)

(userdn="ldap:///uid=host1_proxy,cn=config");)

^D

�z�L�쵲�=X��s��

��ҨϥΪ̦s��쵲�=X�ɡA��A��|�ǰe�ϥΪ̪��ݦ�A��C�s��`�O�b��ݦ�A��W��C�b��ݦ�A��W��C�@�� LDAP �@�~��ϥΥΤ��3�ε{��l��A��O�z�L�N�z��ұ���Ҷǰe�C�u��ϥΪ̹ﻷ�ݦ�A��W�]�t��𪬤l�ؿ�֦��T��s��ɡA�b��ݦ�A��W��@�~�~�|��\�C�o��ܡA�z��N�@�몺�s��[�J�컷�ݦ�A��W�A�å[�W�@�ǭ��G

�z�L�k�ϥΩҦ��s��C

�Ҧp�A�H��οz��󬰰�¦�� ACI �ݭn�s��ϥΪ̶��ءC�ѩ�z�O�g��쵲�=X�s��ơA�]��u��ҥN�z����ơC�ҥH�b�]�p�ؿ�ɡA3�Ҽ{��n�T�O�ϥΪ̶��ػP�ϥΪ̪��Ʀ�3�b�P�@�ӧ=X��C

�Ҧ��H�Τ�ݪ� IP ��}�� DNS ��쬰��¦��s��i��S��@�ΡA�]��Τ�ݪ��l��|�b�쵲�L�{��򥢡C

��ݦ�A��Τ��3�ε{��ҨϥΪ� IP ��}�P�쵲�=X�ۦP�A�B��Τ��3�ε{��O�b�ۦP�� DNS ��줤�C

�U�C��A�Ω󬰤F�ϥ��쵲�=X�ӫإߪ� ACI�G

ACI ��P��ϥΪ��s�զ�b�P�@��A��W�C�p�G�O�ʺA�s�աA�s�դ��Ҧ��ϥΪ̳��b ACI �P�s�դ��F�p�G�O�R�A�s�աA�h�i�H�Ѧһ��ݨϥΪ̡C

ACI ��P��ϥΪ�� role �w�q��b�P�@��A��W�A�ûP�p��֦��o�Ǩ��⪺��ϥΪ̦b�@�_�C

�p�G�ϥΪ̦b��ݡA�ѦҨϥΪ̶��حȪ� ACI (�Ҧp userattr ��H�W�h) �|��@�ΡC

��M�s��`�O�b��ݦ�A��W��A��z�]�i�H��̦b�]�t�쵲�=X��A��P��ݦ�A��W��i��C�o�|��X��G

�b�s��v��A�ϥΪ̶��ت��e��i�Ѩϥ� (�Ҧp�A�p�G�b�]�t�쵲�=X��A��W��s��A�Ӷ��ئ�b��ݦ�A��W)�C

��į઺��]�A�Τ�ݵL�k��滷�ݬd�ߤε��s��C

�쵲�=X��v�i�s��Q�Τ��3�ε{��ק諸��ءC

�b��ק�@�~�ɡA�쵲�=X�L�k�s��x�s�b��ݦ�A��W��㶵�ءC�p�G�n��R��@�~�A�쵲�=X�u�|��D��ت� DN�C�p�G�s��w�S�w�ݩʡA�h�z�L�쵲�=X�i�檺�R��@�~�N�|��ѡC

�̹w�]�ȡA��|��b�]�t�쵲�=X��A��W�]�w��s��C�Y�n�мg��w�]�ȡA�Шϥ� cn=databaseName,cn=chaining database,cn=plugins,cn=config ��ؤ�� nsCheckLocalACI �ݩʡC��D�ϥζ��h��쵲�A�_�h�ä��ĳ�b�]�t�쵲�=X��A��W��s��C�p�ݸԲӸ�T�A�аѾ\<�]�w��h��쵲>�C

�ϥ� SSL �i��쵲

�z�i�H�]�w��A��b�쵲�=X�W��@�~�ɡA�|�ϥ� SSL �P��ݦ�A��i��q�T�C�b�쵲��ϥ� SSL �ݭn�U�C�B�J�G

�b��ݦ�A��W�ҥ� SSL�C

�b�]�t�쵲�=X��A��W�ҥ� SSL�C

�p��ҥ� SSL ��ԲӸ�T�A�аѾ\�� 11 ��<��w��>�C

�b�إߩέק��쵲�=X��{�Ǥ��A��w��ݦ�A�� SSL �P�w��s��C

�ϥΥD��x�ɡA�b�쵲�=X�إߩβպA�{�Ǥ��w��s��𪺮֨��C�аѾ\<�ϥΥD��x�إ��쵲�=X>��<�ϥΥD��x�ק��쵲��h>�C

�ϥΫ�O��{�ǮɡA��w��ݦ�A�� LDAPS URL �P�w��s��A�Ҧp�Gldaps://example.com:636/�C�аѾ\<�q��O��إ��쵲�=X>��<�q��O��ק��쵲��h>�C

��z�]�w�쵲�=X�P��ݦ�A��ϥ� SSL �i��q�T�ɡA�ä��ܰ��ӧ@�~�n�D��Τ��3�ε{��]��ϥ� SSL �i��q�T�C�Τ�ݥi��ϥ� LDAP �� DSML �q�T��w��s��C

�޲z�쵲�=X

��`��s�P�R��{��쵲�=X��覡�A�H�α��쵲���覡�C

�]�w�쵲��h

��A��쵲��h�|�M�w�� LDAP ���N�|�ǵ��쵲��A��A��\��Ǧ�A��s��쵲�=X�C�z3�Ӫ��D�o�ǳ]�w�ȤΨ��A��쵲�=X��@�~��v�T�C�쵲��h�A�Ω��A��W��Ҧ��쵲�=X�C

�w�]��]�w�ȬO�n��`�@�~��z��a��C�M�ӡA�p�G�z��@�~�A�� LDAP ���A�αz�ϥΦp�Ѧҧ��ʥ~��{��o�@��A��ɡA�z3�ӽT�w�쵲��h�O�̾ڱz��ݭn�ҳ]�w��C

�쵲��h��]�w�̦n�O�b�إߥ��쵲�=X��e�i��A�h�b�@�ҥ��쵲�=X�ɡA�K�|�ߧY�M�θӭ�h�C��z�]�i�H�H�ɭק��h�C

LDAP ����쵲��h

�Τ�ݷ|�N LDAP ���?�n�D��@��(Ӷǰe�A�H�K��ϥάY�ؤ覡�ק�@�~�Ψ䵲�G�C��A��쵲��h�i�M�w��A��|�s�P�@�~�@��e��쵲�=X���C�̹w�]�ȡA�|��e�U�C����쵲�=X��ݦ�A��G

�� OID

����W�٩M�y�z

1.2.840.113556.1.4.473

��A��ݱƧ� - �P�j�M��p�A�|�̾ڶ��ت��ݩʭȱN��ͪ��رƧǡC *

1.3.6.1.4.1.1466.29539.12

�쵲�j�鰻�� - �l�ܦ�A��P�t�@��A��쵲��ơC��p�ƨ��F�]�w��Ʀr�ɡA�K�|��@�~�A�óq��Τ��3�ε{��C�p�ݸԲӸ�T�A�аѾ\<�ǰe��h�� LDAP ��>�C

2.16.840.1.113730.3.4.2

��z��श��޲z DSA - �N��z��श�?��ضǦ^�A�Ӥ��l��श�C�o��z��ܧ�ΧR��z��श��C

2.16.840.1.113730.3.4.9

��2M��˵� (VLV) - ��ѷj�M��5��G�A�Ӥ��@��Ǧ^�Ҧ��ͪ��ءC *

�w�]��\�쵲�� LDAP ��">
�� 3-1

�� OID

����W�٩M�y�z

1.2.840.113556.1.4.473

��A��ݱƧ� - �P�j�M��p�A�|�̾ڶ��ت��ݩʭȱN��ͪ��رƧǡC *

1.3.6.1.4.1.1466.29539.12

�쵲�j�鰻�� - �l�ܦ�A��P�t�@��A��쵲��ơC��p�ƨ��F�]�w��Ʀr�ɡA�K�|��@�~�A�óq��Τ��3�ε{��C�p�ݸԲӸ�T�A�аѾ\<�ǰe��h�� LDAP ��>�C

2.16.840.1.113730.3.4.2

��z��श��޲z DSA - �N��z��श�?��ضǦ^�A�Ӥ��l��श�C�o��z��ܧ�ΧR��z��श��C

2.16.840.1.113730.3.4.9

��2M��˵� (VLV) - ��ѷj�M��5��G�A�Ӥ��@��Ǧ^�Ҧ��ͪ��ءC *

�w�]��\�쵲�� LDAP ��

(*) �u��j�M�d��O��@�=X�ɡA�~�䴩�z�L�쵲�ӨϥΦ�A��ݱƧǻP VLV ���C��Τ��3�ε{��h�ӧ=X��X�n�D�ɡA�쵲�=X�L�k�䴩 VLV ���C

�U��C�X�i�H�ǥѳ]�w�쵲��h�Ӥ��\�쵲��L LDAP ���G

�� OID

����W�٩M�y�z

1.3.6.1.4.1.42.2.27.9.5.2

��o��v�Q�n�D - �n�D��A��Ǧ^�P��G��ؤ��ݩʬ��s��v��P ACI ��T�C

2.16.840.1.113730.3.4.3

��j�M - ��ܦ�A��3�N�@�~�H�ɫO��@�Τ��A�A�ӥB�C��[�J�B�R��έק�ŦX�j�M��󪺶��خɫK�N��G�Ǧ^��Τ�ݡC

2.16.840.1.113730.3.4.4

�K�X��sq�� - �q��Τ��3�ε{��A�K�X�w��aC

2.16.840.1.113730.3.4.5

�K�X�Y�N��sq�� - �q��Τ��3�ε{��A�K�X�N�b��w�ɶ��aC

2.16.840.1.113730.3.4.12

��N�z�� (�³W��) - ��\�Τ�ݦb�n�D��v��Ӿ�t�@�Ө��C*

2.16.840.1.113730.3.4.13

�Ƽg��s��T - �Ӹ�Ƽg�@�~��q�ΰߤ@�ѧO�X (UUID) �P�ܧ�Ǹ� (CSN)�C

2.16.840.1.113730.3.4.14

�j�M�S�w��Ʈw - �Ω�j�M�@�~�A�H��w��b���ҫ�W��Ʈw�W��j�M�C

2.16.840.1.113730.3.4.15

��Ҧ^3 - �γs��^3�Ǧ^��Τ��3�ε{��A�H�� DN �P�ҥΪ��Ҥ�k (�b�ĥ� SASL �ξ��Үɬ۷?��)�C

2.16.840.1.113730.3.4.16

��ҭn�D - ��Ѥ@�ӳs��n�D�A�H�n�D��A��b�s��^3��Ѿ��ҡC

2.16.840.1.113730.3.4.17

�ȭ��u��ݩʪ��n�D - ��ܦ�A��u3�Ǧ^�u��]�t��Ǧ^��ؤ��B��ѪR��ݩʪ��ݩʡC

2.16.840.1.113730.3.4.18

��N�z�� (�s�W��) - ��\�Τ�ݦb�n�D��v��Ӿ�t�@�Ө��C*

2.16.840.1.113730.3.4.19

�ȭ��ݩʪ��n�D - ��ܦ�A��u3�Ǧ^�Ѩ��ΪA��O�\��Ҳ��ͪ��ݩʡC

�i�쵲�� LDAP ��">
�� 3-2

�� OID

����W�٩M�y�z

1.3.6.1.4.1.42.2.27.9.5.2

��o��v�Q�n�D - �n�D��A��Ǧ^�P��G��ؤ��ݩʬ��s��v��P ACI ��T�C

2.16.840.1.113730.3.4.3

��j�M - ��ܦ�A��3�N�@�~�H�ɫO��@�Τ��A�A�ӥB�C��[�J�B�R��έק�ŦX�j�M��󪺶��خɫK�N��G�Ǧ^��Τ�ݡC

2.16.840.1.113730.3.4.4

�K�X��sq�� - �q��Τ��3�ε{��A�K�X�w��aC

2.16.840.1.113730.3.4.5

�K�X�Y�N��sq�� - �q��Τ��3�ε{��A�K�X�N�b��w�ɶ��aC

2.16.840.1.113730.3.4.12

��N�z�� (�³W��) - ��\�Τ�ݦb�n�D��v��Ӿ�t�@�Ө��C*

2.16.840.1.113730.3.4.13

�Ƽg��s��T - �Ӹ�Ƽg�@�~��q�ΰߤ@�ѧO�X (UUID) �P�ܧ�Ǹ� (CSN)�C

2.16.840.1.113730.3.4.14

�j�M�S�w��Ʈw - �Ω�j�M�@�~�A�H��w��b���ҫ�W��Ʈw�W��j�M�C

2.16.840.1.113730.3.4.15

��Ҧ^3 - �γs��^3�Ǧ^��Τ��3�ε{��A�H�� DN �P�ҥΪ��Ҥ�k (�b�ĥ� SASL �ξ��Үɬ۷?��)�C

2.16.840.1.113730.3.4.16

��ҭn�D - ��Ѥ@�ӳs��n�D�A�H�n�D��A��b�s��^3��Ѿ��ҡC

2.16.840.1.113730.3.4.17

�ȭ��u��ݩʪ��n�D - ��ܦ�A��u3�Ǧ^�u��]�t��Ǧ^��ؤ��B��ѪR��ݩʪ��ݩʡC

2.16.840.1.113730.3.4.18

��N�z�� (�s�W��) - ��\�Τ�ݦb�n�D��v��Ӿ�t�@�Ө��C*

2.16.840.1.113730.3.4.19

�ȭ��ݩʪ��n�D - ��ܦ�A��u3�Ǧ^�Ѩ��ΪA��O�\��Ҳ��ͪ��ݩʡC

�i�쵲�� LDAP ��

(*) 3�ε{��i��N�z��ҨϥΥ�@�ر���C�o�� OID 3�ӱĥάۦP��쵲��h�C�p�ݸԲӸ�T�A�аѾ\<�ǰe��h�� LDAP ��>�C

��A��쵲��h

��O��ϥΤ��@�~��A��\��Υ\��C�Ҧp�A�~��{��Q��C��椸�󪺤u�@�A�j��$��󥲶��s��ؿ�e (�p�պA��Ʃ��x�s�b�ؿ�ϥΪ̸��)�C

�̹w�]�ȡA��A��󳣤��\�쵲�C�p�G�n��s��쵲�=X�A�z��T��\�쵲�C�i�s��쵲��ƪ��̨� DN �C�ܩ�U�C

�p<�ϥΥD��x�إ��쵲�=X>��ҭz�A��b��ݦ�A��W�� ACI ��»P�Y��v��A�H��\�쵲�C��쵲��A��ɡA��b�� ACI ��\�j�M�BŪ��P��A�Ϧ�A��i�H��o�ǧ@�~�C��Ȧp��A�Y�Ǥ��ٻݭn��ݦ�A��g�J�v��A�p�M�椤��G

cn=ACL Plugin,cn=plugins,cn=config - ACI �~��{��s��\��C�Ψ��^��P��s ACI �ݩʪ��@�~��|�쵲�A�]��N��P�� ACI �ݩʲV�b�@�_�D�`��w��C��O�A�ΨӦs��ϥΪ̶��ت��n�D�i�H�쵲�C�p��P ACI ��쵲��i�@�B��T�A�аѾ\�C

cn=old plugin,cn=plugins,cn=config - ��~��{��N��Ҧ� Directory Server 4.x �~��{��A�H�άO�_��\��쵲�C4.x �~��{��@�ΦP�@��쵲��h�C�� 4.x �~��{��Ұ��@�~��P�A�z�i�ॲ��b��ݦ�A��W�]�w ACI�C

cn=resource limits,cn=components,cn=config - ��ھڨϥΪ̪��s�� DN �]�w�귽�ϥέ��C�?�\�쵲��ɡA�i�H��䨭��x�s�b�쵲�=X��ϥΪ̱j��귽��C

cn=certificate-based authentication,cn=components,cn=config - ��Ω�ϥ� SASL �~��s��k�ɡA��|�q��ݦ�A��^��ϥΪ̾��ҡC

�p��

�Y��\�q�쵲�=X�i��H��Ҭ��¦��ҡA�i��|�y��w��W��|�}�C�p�G��L�=X�쵲�줣��H��ݦ�A��A�K�i�H�ϥΤ��H��A��W��Ҷi��ҡC

cn=referential integrity postoperation,cn=plugins,cn=config - ��~��{��T�O��ت��|�ǵ��L�i��ѦҨ� DN ��ءA�Ҧp�s�զ��M��C��s�զ��b�쵲�=X�ɡA�N��~��{��Ω��쵲�W��U��²��R�A�s�ժ��޲z�C�?�~��{��s��쵲�=X�ɡA��ݭn��ݦ�A��g�J�v��C

cn=uid uniqueness,cn=plugins,cn=config - UID �ߤ@�ʥ~��{��|�T�O��w�ݩʪ��Ҧ��s�Ȧb��A��W�O�ߤ@��C��\�쵲��~��{��N�T�O��Ӿ𪬥ؿ�ߤ@�ʡC

�`�N
�U�C��󤣱o�쵲�G

��~��{��

�K�X��h��

�Ƽg�~��{��

�ϥΥD��x�ק��쵲��h

�b Directory Server �D��x�� [�պA] ��ҤW�A�� [��] �`�I�A�æb�k��O�� [�쵲] ��ҡC

�q�k�䪺�M�椤��@�Φh�� LDAP ���A�A��@�U [�[�J] �H��\�쵲�C�ϥ� [�[�J] �P [�R��] ��s�A�إߤ��\�쵲���M��C

LDAP ���̨� OID �C�ܡC�p�ݨC�ӱ����W�ٻP�y�z�A�аѾ\�C

��\�쵲��A��|�C�b�P�@��ҤU��C�бq�k�䪺�M�椤��@�Φh�Ӥ��W�١A�A��@�U [�[�J] �H��\�쵲�C�ϥ� [�[�J] �P [�R��] ��s�A�إߤ��\�쵲��M��C

�p�ݨC�Ӥ��󪺴y�z�A�аѾ\<��A��쵲��h>�C

��@�U [�x�s] �H�x�s�쵲��h�C

��s�Ұʦ�A��A��ܧ�ͮġC

�q��O��ק��쵲��h

cn=config,cn=chaining database,cn=plugins,cn=config ��إ]�t�쵲��h�պA��ݩʡC�ϥ� ldapmodify ��O�i�s�覹��ءG

�ק�h��Ȫ� nsTransmittedControls �ݩʡA�ϥ��]�t��\�쵲��Ҧ� LDAP ���� OID�C�p�ݥi�쵲��Ҧ�� OID�A�аѾ\�C

�Ҧp�A�U�C��O�b�쵲���M�椤�[�J��v���G

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn:cn=config,cn=chaining database,cn=plugins,cn=config
changetype:modify
add:nsTransmittedControls
nsTransmittedControls: 1.3.6.1.4.1.42.2.27.9.5.2
^D

�p�G�Τ��3�ε{��ϥΦۭq���A�ӥB�z�Ʊ椹�\��쵲�A�z�]�i�H�N�� OID �[�J nsTransmittedControls �ݩʡC

�ק�h��Ȫ� nsActiveChainingComponents �ݩʡA�ϥ��]�t��\�쵲��Ҧ��A�� DN�C�p�ݨC�Ӥ��󪺴y�z�A�аѾ\<��A��쵲��h>�C

�Ҧp�A�U�C��O�b�쵲��M�椤�[�J�Ѧҧ��ʤ��G

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn:cn=config,cn=chaining database,cn=plugins,cn=config
changetype:modify
add:nsActiveChainingComponents
nsActiveChainingComponents:cn=referential integrity
postoperation,cn=components,cn=config
^D

�ק��쵲��h�պA��ث�A��s�Ұʦ�A��ܧ�ͮġC

��Ωαҥ��쵲�=X

��ɭԬ��F�i��@�A�ΰ��w��ʪ��]�A�i�ॲ��N�=X�]��L�k�ϥΡC��Χ=X�i��A��^3�xզs��ӧ=X��Τ�ݧ@�~�A��p��ݦ�A��C�p�G�w�w�q�F�w�]�श�A��Τ�ݹxզs��Ϊ��=X�ɡA�|�Ǧ^��श�C

�ϥΥD��x��Ωαҥ��쵲�=X

�b Directory Server �D��x�̤W�h�� [�պA] ��ҤW�A�i�} [��] �`�I�A�A��n��Ϊ��쵲�=X�C

�b�k��O��A�� [�]�w��] ��ҡC�̹w�]�ȡA�Ҧ��쵲�=X��|�b�إ߮ɱҥΡC

�� [�ҥΦs��=X] �֨��i��Χ=X�A�ο��֨��i�N��ҥΡC

��@�U [�x�s] �i�M��ܧ�A�åi�ߧY��Ωαҥθӧ=X�C

�Ϊ̡A�i�]�w��w�]�श�A��श�b��Ϊ��P�ɡA�]�|�w�惡�=X�W��Ҧ��@�~�ӶǦ^�C��]�w�Ȧ��̤W�h [�պA] ��Ҫ��ڸ`�I [��] ��ҤW�C�p�ݸԲӸ�T�A�аѾ\<�ϥΥD��x�]�w�w�]�श>�C

�q��O�氱�ΩαҥΧ=X

�ΤU�C��O�s��쵲�=X��ؤ�� nsslapd-state �ݩʡG

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn:cn=suffixDN,cn=mapping tree,cn=config
changetype:modify
replace:nsslapd-state
nsslapd-state:disabled or backend
^D

�䤤 suffixDN �O�w�q�=X DN �ɧ��㪺�r��A�]�A��Ů�Τϱ׽u (\) �H��Ȥ��r�I�C�N nssladp-state �ݩʳ]�w�� disabled �i��Χ=X�A�]�w�� backend �i�ҥΧ��s��C
��O��\�ɡA�|�ߧY��Χ=X�C

�Ϊ̡A�i�]�w��w�]�श�A��श�b��Ϊ��P�ɡA�]�|�w�惡�=X�W��Ҧ��@�~�ӶǦ^�C�p�ݸԲӸ�T�A�аѾ\<�q��O��]�w�w�]�श>�C

�]�w�s��v��श

�p�G��n��쵲�=X�A�u�n��s��A�z�i�H�ק�s��v��A�H��\��Ū�s��C��ɡA��g�J�@�~��t�@��A��w�q�श�C�z�]�i�H�ڵ�Ū��M�g�J�s��A�ì��=X�W��Ҧ��@�~�w�q�श�C

�p�ݧ�h��श��@��ʸ�T�A�аѾ\�mSun ONE Directory Server ��p��n�n�C

�ϥΥD��x�]�w�s��v��M�श

�b Directory Server �D��x�̤W�h�� [�պA] ��ҤW�A�i�} [��] �`�I�A�A��n�]�w�श��쵲�=X�C

�b�k��O��A�� [�]�w��] ��ҡC�p�G�ҥ��쵲��=X�A�h�u��]�w�v��M�श�C

�п��U�C�䤤�@�ӿﶵ��s�A�]�w�^�е��=X��ؤW��g�J�@�~�G

�B�z�g�J�MŪ��n�D - �w�]��A�U�|��ﶵ��s�A��N�?�`��欰�C�t�η|�NŪ��P�g�J�@�~��e��ݦ�A��A�ӱN��G�Ǧ^�Τ�ݡC�t�Υi��|�w�q�श�A��O��|�Ǧ^�श�ܥΤ�ݡC

�B�zŪ��n�D�A�öǦ^�g�J�n�D��श - ��A��N�u��eŪ��n�D�A�ñN��G�Ǧ^��Τ�ݡC�Цb�M�椤��J�@�өΦh�� LDAP URL�A�@��g�J�n�D�Ǧ^��श�C

�Ǧ^Ū��M�g�J�n�D��श - �b�M�椤��J�@�өΦh�� LDAP URL�A�@��Ҧ��@�~�Ǧ^��श�C��欰�P��Χ=X��s��ۦ�A��P�B�O�|�S�O�w�惡�=X�w�q�श�A�Ӥ��O�ϥΥ��w�]�श�C

�ϥ� [�[�J] �P [��] ��s�s��श�M��C��@�U [�[�J] ��s�|��ܫإ߷s�श�� LDAP URL ��ܤ��C�i�ﻷ�ݦ�A��$䪺 DN �إ��श�C�p�� LDAP URL ��c��ԲӸ�T�A�аѾ\�mSun ONE Directory Server �J��n�n�C

�i��J�h��श�C�ؿ�|�Ǧ^��M�檺�Ҧ��श�A�^3�ӦۥΤ��3�ε{��n�D�C

��@�U [�x�s] �i�M�αz��ܧ�A�åB�ߧY�}�l�j��s��v��M�श�]�w�ȡC

�ϥΥD��x�]�w�s��v��M�श

�b�U�C��O��AsuffixDN �O�w�q�쵲�=X�ɧ��㪺�r��A�]�A��Ů�CLDAPURL ��Ī� URL�A�䤤�]�t�D��W�١B�s��𸹽X�Υؼ� DN�A�Ҧp�G

ldap://alternate.example.com:389/ou=People,dc=example,dc=com

�ϥΤU�C��O�s��쵲�=X��ءG

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn:cn=suffixDN,cn=mapping tree,cn=config
changetype:modify
replace:nsslapd-state
nsslapd-state:referral on update or referral
-
add:nsslapd-referral
nsslapd-referral:LDAPURL
^D

�i��Ƴ̫᪺�ܧ󳯭z��A�N��ƶq�� LDAP URL �[�J nsslapd-referral �ݩʡC

�� nsslapd-state �Ȭ� referral on update �ɡA�ӧ=X��Ū�A�ӥB�|�Ǧ^�Ҧ�� LDAP URL �@��g�J�@�~��श�C��Ȭ� referral �ɡA�|�ڵ�Ū��P�g�J�ⶵ�@�~�A�ӥB�|�w��n�D�Ǧ^�श�C

�=X�|�ܦ��Ū�εL�k�s��A��O��\�ɡA�|�ߧY�ǳƦn�Ǧ^�श�C

�ק��쵲�Ѽ�

�w�q�쵲�=X��A�z�i�H�קﱱ��쵲��ѼơC�i�H��w�p��s��ݦ�A��B�ܧ�N�z�ҥΪ� DN �άƦ��ܧ󻷺ݦ�A��C�z�]�i�H�ק�į�ѼơA�H��A��إ߻P��@�쵲��A��s�u��覡�C

�ϥΥD��x�ק��쵲�Ѽ�

�b Directory Server �D��x�̤W�h [�պA] ��ҤW�A�i�} [��] �`�I�A�ÿ��Q�n�ק諸�쵲�=X�C

�b�k��O��A�� [��ݦ�A��] ��ҡC

�Y�n�ܧ󻷺ݦ�A��W�٩γs��A�Эק� [��ݦ�A�� URL] ��CURL �]�t�@�Φh�ӻ��ݦ�A��D��W�ٻP��γs��𸹽X�A�ñĥΤU�C�榡�G

ldap[s]://hostname[:port][ hostname[:port]].../

URL ��]�t��=X��T�C�p��w�w��s��𪺸�T�A�аѾ\<�ϥ� SSL �i��쵲>�C��Ĥ@��A��L�k�^3�쵲�=X�ɡA�|�̷ӦC�ܪ��Ǩ��p�� URL ��A��CLDAP URL ��ҦC�ܪ��Ҧ��ݦ�A��]�t suffixDN�A�䬰�쵲�=X��¦��ءC

�Y�n�ܧ�N�z�ϥΪ̪� DN�A�Цb [�s�� DN] ��줤��J�s�ȡC�b�K�X��줤��J�P�T�{�� DN ��3��K�X�C

proxyDN �O��ݦ�A��W�ϥΪ̪� DN�C�b��ݦ�A��W�s��=X��e�ɡA��A��|�ϥΦ� DN �@��N�z�C�z�L�쵲�=X��檺�@�~�N�b creatorsName �P modifiersName �ݩʤ��ϥΦ��N�z��C�p�G�S��w�N�z DN�A��s��ݦ�A��ɡA��A��|�ΦW�s��C

��ҩ��ݪ��r��ܤ��\��=X�쵲�һݪ� ACI�C�p�G�ܧ�L��ݦ�A�� URL�A�z��b�s��ݦ�A�� (�@�x�Φh�x) �W�]�t suffixDN ��ؤ��[�J�� ACI�C�p�G�ק�L�N�z DN�A�z3�ӧ�s�Ҧ��쵲��A��W�� ACI�C�ϥ� [�ƻs ACI] ��s�i�N ACI ��r�ƻs��z�ΨӶK�W��t�ΰŶKï�C

�� [��P��] ��ҡA�H�]�w�쵲�n�D��ѼơC��h��쵲�ѼƷ|��<�]�w��h��쵲>��C

�]�w [��Τ�ݶǦ^] �ѼƥH��쵲�@�~��j�p�P�ɶ��G

��j�M�Ǧ^�श - �d�򧹥��b�쵲�=X��j�M�O�S��Ĳv��A�]��|�ǰe��G�⦸�C�̹w�]�ȡA��A��N�אּ�Ǧ^�쵲��A��श�A�j��Τ�ݪ��b�쵲��A��W��j�M�C�p�G��ﶵ�A�z3�ӳ]�w�U�C�ѼơA�H��Y�N�쵲��G�j�p�C

�j�p��εL�j�p�� - ��ѼƷ|�M�w�b�^3�쵲�j�M�@�~�ɷ|�Ǧ^��ؼơC�w�]�j�p�� 2000 �Ӷ��ءC�p�G�Q�n��A��쵲�=X��s�x�j�M�A�бN��ѼƳ]�w��C�ȡC�b��󱡪p�U�A��ݦ�A��W�Ҧ��j�p�]�w�ȧ��|��ӧ@�~�C

�ɶ��εL�ɶ�� - ��ѼƱ��쵲�@�~��ɶ��סC�w�]�ɶ�� 3600 �� (1 �Ӥp��)�C�p�G�Q�n���\�b�쵲�=X�W�@�~��ɶ��A�бN��ѼƳ]�w��C�ȡC�b��󱡪p�U�A��ݦ�A��W�Ҧ��ɶ��]�w�ȧ��|��ӧ@�~�C

�]�w [�s�u�޲z] �ѼƥH��A��p��޲z��s�u�A�H�λP��ݦ�A��s��G

�̤j LDAP �s�u�ơC�쵲�=X�i�P�ɻP��ݦ�A��إߤ� LDAP �s�u�ƪ��̤j�ȡC�w�]�ȬO�s�u 10 ��C

�̤j TCP �s�u�ơC�쵲�=X�i�P�ɻP��ݦ�A��إ� TCP �s�u�ƪ��̤j�ȡC�w�]�ȬO�s�u 3 ��C

�C��s�u�̤j�s��ơC�C�� LDAP �s�u�P�ɳs��@�~�ƪ��̤j�ȡC�w�]�Ȭ��C�ӳs�u�� 10 �ӥ��s��@�~�C

�̤j�s��ռơC�P��ݦ�A��s��ѫ�A�쵲�=X�N�xխ��s�s��ơC0 �ȥN��쵲��=X�u�|�xճs��@��C�w�]�ȬO�x� 3 ��C

�C��s�u�̤j�@�~�ơC�C�� LDAP �s�u�P�ɧ@�~�ƪ��̤j�ȡC�w�]�Ȭ��C�ӳs�u�� 10 �ӧ@�~�C

�s��O�ɩεL�s��O�ɡC�P�쵲�=X��s��xչO�ɤ��e��ɶ�� (�H�?��)�C�w�]�Ȭ� 15 ��C

��e�O�ɩεL�O�ɡC��A��ˬd�@�~�O�_�w�Q��󤧫e��ơC�w�]�Ȭ� 2 ��C

�s�u�s�d�ɶ��εL��C�쵲�=X�P��ݦ�A��s�u��}�ҡA�H�K�i�H��ƨϥΪ��ɶ��סC��s�u�}�ҷ|��ֳt�A��|�ϥθ�h��귽�C�Ҧp�A�p�G�z��ϥμ��s�u�A�z�i��|�Q�n��s�u��ɶ��C�w�]�Ȭ��s�u�S��C

�z�L�D��x�L�k�]�w��~��ѼơC�аѾ\<�q��O��ק��쵲�Ѽ�>�C

��]�w�쵲�Ѽƫ��@�U [�x�s]�C

�q��O��ק��쵲�Ѽ�

�q��O��A�z��ȥi�H�]�w�ϥΥD��x�ɩҳ]�w��ѼơA�٥i�H�]�w<��~��Ѽ�>��ҭz��L�ѼơG

�ϥΤU�C��O�s��n�ק蠟�=X��3��쵲�պA��ءG

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn:cn=databaseName,cn=chaining database,cn=plugins,cn=config
changetype:modify
replace:attributeName
attributeName:attributeValue
-
changetype:modify
replace:attributeName
attributeName:attributeValue
...
^D

�i�઺�ݩʦW�ٻP�ȱN��U�C�B�J��C�i�H�b��O��]�t�ƭ��ܧ󳯭z��A�H�K��@��ܧ��ƥت��ѼơC

�ק� nsfarmserverURL �ݩʥi�ܧ󻷺ݦ�A��W�٩γs��C��ȬO URL�A�䤤�]�t�@�Φh�ӻ��ݦ�A��D��W�ٻP��γs��A�ñĥΤU�C�榡�G

ldap[s]://hostname[:port][ hostname[:port]].../

URL ��]�t��=X��T�C�p��w�w��s��𪺸�T�A�аѾ\<�ϥ� SSL �i��쵲>�C��Ĥ@��A��L�k�^3�쵲�=X�ɡA�|�̷ӦC�ܪ��Ǩ��p�� URL ��A��CLDAP URL ��ҦC�ܪ��Ҧ��ݦ�A��]�t suffixDN�A�䬰�쵲�=X��¦��ءC

�ק� nsmultiplexorBindDN �P nsmultiplexorCredentials �ݩʥi�ܧ�N�z�s��ݦ�A��ɩҥΪ� DN�C

�b��ݦ�A��W�s��=X��e�ɡA��A��|�ϥΦ� DN �@��N�z�C�z�L�쵲�=X��檺�@�~�N�b creatorsName �P modifiersName �ݩʤ��ϥΦ��N�z��C�p�G�S��w�N�z DN�A��s��ݦ�A��ɡA��A��|�ΦW�s��C

�p�G�ק�N�z DN �Ψ�{�ҡA�h��b��ݦ�A��W�إ߹�3�� ACI�C�t�Υ�� ACI �~��z�L�쵲��N�z�@�~�G

ldapmodify -h host2 -p port2 -D "cn=Directory Manager" -w password2
dn:suffixDN
changetype:modify
add:aci
aci:(targetattr=*)(target = "ldap:///suffixDN")(version 3.0;acl
"Allows use of admin for chaining"; allow (proxy)
(userdn="ldap:///proxyDN");)
^D

�]�w<�]�w�w�]�쵲�Ѽ�>��ҭz��ݩʡA�H���ݦ�A��W�s�u�P�@�~��B�z�覡�C��h��ѼƱN�i�@�B��<�]�w��h��쵲>��C

�̨Τư��Ϊk

�]�i�H�]�w��A��ϥΪ��ƥءA�H�Ҽ{�쵲�ҥΪ��귽�C�ѩ��쵲�@�~��e�컷�ݦ�A��A�]��@�~�һݪ��ɶ��i��ܦh�A��O�?�ݦ�A��b�B�z�@�~�ɨ��|�O��m�C�p�G�z��쵲��A��۷��A�z3�Ӵ��ƥءA�H�K��P�ɳB�z��h��@�~�C

�̹w�]�ȡA��A��ҥΪ��ƥجO 30�A��O�b�ϥ��쵲�=X�ɡA�z�i�H��B�z�@�~�i�Ϊ��ƥءA�H�ﵽ�į�C�z�ݭn��ƥض��쵲�=X�ơB�b�쵲�=X�W��@�~�ƥػP��A�H�Ω󻷺ݦ�A��W�B�z�@�~�һݪ��ɶ��өw�C

�@��Ө��A�C�@��쵲�=X3�W�[ 5 �� 10 �Ӱ��A�o�O��]�b�쵲�=X�W��檺�@�~�ƻP��=X�@�ˡC

�ϥΥD��x�]�w��귽

�b Directory Server �D��x�̤W�h�� [�պA] ��ҤW�A��@�U [�į�] �`�I�A�æb�k��O�� [��L] ��ҡC

�� [��̤j�ƶq] ��J�s�ȡC

��@�U [�T�w] �H�x�s�ܧ�A�ýT�{�z��s�Ұʦ�A��ܧ�~�|�ͮĪ��T��C

��s�Ұʥؿ��A��H�ϥΰ��s��X�C

�q��O��]�w��귽

�ϥΤU�C��O�s��պA��ءA�H�ק��ƥءG

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn:cn=config
changetype:modify
replace:nsslapd-threadnumber
nsslapd-threadnumber:newThreadNumber
^D

��s�Ұʥؿ��A��H�ϥΰ��s��X�C

�R��쵲�=X

�R��쵲�=X��A�|�ϱo��쵲�=X�L�k�z�L��𪬥ؿ�s��A��|�R��쵲��A��W��ةΧ=X�C�i�R��=X�A�æb�ؿ�O�d��l�=X�@��s��ڧ=X�C

�ϥΥD��x�R��쵲�=X

�b Directory Server �D��x�� [�պA] ��ҤW�A�i�} [��] �`�I�C

�b�Q�n��=X�W��@�U�ƹ��k��A�A��㦡�\��?�� [�R��]�C

�Ϊ̡A�i�H��=X�`�I�A�A�� [��] �\��?�� [�R��]�C

��ܽT�{��ܤ��A�q��z�i�z�L��쵲�=X�s����|�q��ݥؿ��C

��F��=X�H�~�A�]�i�H��ܻ��j��R��Ҧ��l�=X�C�p�G�n��Ӥ$�A�п�� [�R��=X�Ψ�Ҧ��l�=X]�C�ۤϪ��A�p�G�u�n��S�w��=X�A�æb�ؿ�O�d��l�=X�A�п�� [�ȧR��=X]�C

��@�U [�T�w] �R��ӧ=X�C

��ܶi�׹�ܤ��A�i�D�z�D��x�w�g��B�J�C

�q��O��R��=X

�Y�n�q��O��R��=X�A�Шϥ� ldapdelete ��O��ؿ�պA��ءC

�p�G�Q�n�R��]�t�l�=X��Ӥ$�A��M��w�R��l�=X�A�ù�C�Ӥl�=X�Ψ�i�઺�l�=X��Ƹӵ{�ǡC

�ϥΤU�C��O��=X�պA��ءG

ldapdelete -h host -p port -D "cn=Directory Manager" -w password
cn=suffixDN,cn=mapping tree,cn=config

��O�|��쵲�=X�Ψ价�ݶ��ؤ��A��ܦb�ؿ�C

��b cn=databaseName,cn=chaining database,cn=plugins,cn=config ��3��Ʈw�պA��ءA�Ψ�U��ʱ��ءG

ldapdelete -h host -p port -D "cn=Directory Manager" -w password
cn=monitor,cn=dbName,cn=chaining database,cn=plugins,cn=config
cn=dbName,cn=chaining database,cn=plugins,cn=config

�]�w��h��쵲

�b��h��쵲��A�P�@��A��쵲��𪬤l�ؿ�i�H�O�쵲�=X�Υ]�t�쵲�l�=X�C��@�~�A�Τ@��A��쵲�=X�ɡA�t�η|�N��@�~��e�줤��A��A�Ӧ�A��|�p��ĤT��A��A�̦��!C�b�s��𪬥ؿ�Ҧ��ƮɡA�Y�ݭn�g�L��A��@��H�W��D�I�A�K�|�o�Ͷ��h��쵲�C

�Ҧp�A�U��ܦs�� ou=People,l=Europe,dc=example,dc=com ��خɬO�p��q��A�� A �쵲��A�� B�A�̫�A��A�� C�C��A�� A �]�t�ڧ=X dc=example,dc=com�A�H�γs��A�� B �W l=Europe,dc=example,dc=com �$䪺�쵲�l�=X�C��A�� B �]�t l=Europe,dc=example,dc=com ��ءA�� ou=People,l=Europe,dc=example,dc=com �$�O�s��A�� C ��쵲�l�=X�C��A�� C �h��ڥ]�t ou=People,l=Europe,dc=example,dc=com ��

�� 3-3    ��T��A��h��쵲

�]�w��h��Ѽ�

��쵲�Ѽƥi�]�w��h��@�~�G

Ҧ��A��3�]�w�j�鰻��A�H�K��쵲�ݼ��N�~��j��C�p�G��ҥΰj�鰻��A�j�餤��A��N�@�A�`��e�@�~�A��W�L�t��C

Ҧ��쵲�=X��3�]��|�� ACI�A�q�`�o��O�b�Ĥ@�h��쵲�=X�W��檺�C

�ϥΥD��x�]�w��h��Ѽ�

�b Directory Server �D��x�̤W�h [�պA] ��ҤW�A�i�} [��] �`�I�A�ÿ��z�Q�n�ק諸�쵲�=X�C

�b�k��O��A�� [��P��] ��ҡA��B�i�ק� [��h��쵲] �ѼơC

�b��h��쵲��Ҧ��A��W�A��Ӯ֨��H�ˬd�� ACI�C

�b��@��h�쵲�v��A��|��֨��A�]��ϥΪ̪��s��v��|�b�Ĥ@��A��W��A�ӬO�b�z�L�N�z��ĤG��A��W�i��C��O�A�b��h��쵲��A��W�A�z��ҥ� ACI �ˬd�A�H��\��s��A��A�N�@�~��e�C

�b��h��쵲��Ҧ��A��W�A�]�w�z��ݼ��Ҧ��쵲�@�~��\��̤j�D�I�ơC�P�@�ӧ@�~�C��e��t�@��쵲�=X�N��@��D�I�A�p�G��F��A�쵲�=X�N��A��e�ӧ@�~�C

�z�ҳ]�w��ƥ�3�Ӥj�󶥼h��쵲�̪��D�I�ơC��F�쭭��@�~��|��A�]��A��|��]�o�O�ݼ��N�~��j��C

�]��]�w�쵲�պA�H��\�j�鰻��A�p<�ǰe��h�� LDAP ��>��ҭz�C

��]�w��h��Ѽƫ�A��@�U [�x�s]�C

�q��O��]�w��h��Ѽ�

�b�Ҧ��A��W�A�ϥΤU�C��O�s��쵲�=X��쵲�պA��ءG

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn:cn=databaseName,cn=chaining database,cn=plugins,cn=config
changetype:modify
replace:nsCheckLocalACI
nsCheckLocalACI:on
-
changetype:modify
replace:nsHopLimit
nsHopLimit:maximumHops
^D

�z3�ӱN maximumHops �]��j�󶥼h��쵲��̪��D�I�ơC��F�쭭��@�~��|��A�]��A��|��]�o�O�ݼ��N�~��j��C�]��]�w�쵲�պA�H��\�j�鰻��A�p<�ǰe��h�� LDAP ��>��ҭz�C

�b��h��쵲��Ҧ��L��A��W�A�ϥΤU�C��O�s�趥�h��=X��쵲�պA��ءG

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn:cn=databaseName,cn=chaining database,cn=plugins,cn=config
changetype:modify
replace:nsHopLimit
nsHopLimit:maximumHops
^D

�䤤 maximumHops �P�W�@�B�J��w�q�ۦP�C

�ǰe��h�� LDAP ��

�̹w�]�ȡA�쵲�=X��|�ǰe�N�z��ұ���C��O��@��쵲�=X�p��t�@��쵲�=X�ɡA�ݭn���~��ǰe��ݦ�A��W�s��һݪ��ϥΪ��ѧO��T�C��쵲�=X��\�쵲���C

�̪�w�w�q�ĤG�ӥΩ�N�z��ұ����q�T��w�C�]��P��A��i��ϥΥ�@�ر���A�z3�N�Ҧ��h��A��]��\�쵲�s�B�¨�إN�z��ұ���C

��~�A�]��]�w�j�鰻���A�H���h��쵲�L�{��o�Ͱj��C���w�]��\�P�쵲�@�~�@�_��e�A��3��Ҧ��պA�C�p�G��A��\�쵲���A�N�L�k��A�θӦ�A��j��C

�̷�<�]�w�쵲��h>��B�J��A�H�T�O��\�쵲�U�C�T�ӱ���G

2.16.840.1.113730.3.4.12 - �N�z��ұ�� (�³W��)

2.16.840.1.113730.3.4.18 - �N�z��ұ�� (�s�W��)

1.3.6.1.4.1.1466.29539.12 - �j�鰻��

**�{��X�d�� 3-1 �ϥΫ�O��إ��쵲�l�=X**
ldapmodify -a -h host1 -p port1 -D "cn=Directory Manager" -w password1
dn:cn=l=Europe\,dc=example\,dc=com,cn=mapping tree,cn=config
objectclass:top
objectclass:extensibleObject
objectclass:nsMappingTree
cn:l=Europe,dc=example,dc=com
nsslapd-state:backend
nsslapd-backend:Europe
nsslapd-parent-suffix:dc=example,dc=com

dn:cn=Europe,cn=chaining database,cn=plugins,cn=config
objectclass:top
objectclass:extensibleObject
objectclass:nsBackendInstance
cn:Europe
nsslapd-suffix:l=Europe,dc=example,dc=com
nsfarmserverurl:ldap://host2:port2/
nsmultiplexorbinddn:uid=host1_proxy,cn=config
nsmultiplexorcredentials:proxyPassword
^D

ldapmodify -h host2 -p port2 -D "cn=Directory Manager" -w password2
dn:l=Europe,dc=example,dc=com
changetype:modify
add:aci
aci:(targetattr=*)(target =
"ldap:///l=Europe,dc=example,dc=com")(version 3.0;acl
"Allows use of admin for chaining"; allow (proxy)
(userdn="ldap:///uid=host1_proxy,cn=config");)
^D

�� OID	����W�٩M�y�z
1.2.840.113556.1.4.473	��A��ݱƧ� - �P�j�M��p�A�\|�̾ڶ��ت��ݩʭȱN��ͪ��رƧǡC *
1.3.6.1.4.1.1466.29539.12	�쵲�j�鰻�� - �l�ܦ�A��P�t�@��A��쵲��ơC��p�ƨ��F�]�w��Ʀr�ɡA�K�\|��@�~�A�óq��Τ��3�ε{��C�p�ݸԲӸ�T�A�аѾ\<�ǰe��h�� LDAP ��>�C
2.16.840.1.113730.3.4.2	��z��श��޲z DSA - �N��z��श�?��ضǦ^�A�Ӥ��l��श�C�o��z��ܧ�ΧR��z��श��C
2.16.840.1.113730.3.4.9	��2M��˵� (VLV) - ��ѷj�M��5��G�A�Ӥ��@��Ǧ^�Ҧ��ͪ��ءC *

�� OID	����W�٩M�y�z
1.3.6.1.4.1.42.2.27.9.5.2	��o��v�Q�n�D - �n�D��A��Ǧ^�P��G��ؤ��ݩʬ��s��v��P ACI ��T�C
2.16.840.1.113730.3.4.3	��j�M - ��ܦ�A��3�N�@�~�H�ɫO��@�Τ��A�A�ӥB�C��[�J�B�R��έק�ŦX�j�M��󪺶��خɫK�N��G�Ǧ^��Τ�ݡC
2.16.840.1.113730.3.4.4	�K�X��sq�� - �q��Τ��3�ε{��A�K�X�w��aC
2.16.840.1.113730.3.4.5	�K�X�Y�N��sq�� - �q��Τ��3�ε{��A�K�X�N�b��w�ɶ��aC
2.16.840.1.113730.3.4.12	��N�z�� (�³W��) - ��\�Τ�ݦb�n�D��v��Ӿ�t�@�Ө��C*
2.16.840.1.113730.3.4.13	�Ƽg��s��T - �Ӹ�Ƽg�@�~��q�ΰߤ@�ѧO�X (UUID) �P�ܧ�Ǹ� (CSN)�C
2.16.840.1.113730.3.4.14	�j�M�S�w��Ʈw - �Ω�j�M�@�~�A�H��w��b���ҫ�W��Ʈw�W��j�M�C
2.16.840.1.113730.3.4.15	��Ҧ^3 - �γs��^3�Ǧ^��Τ��3�ε{��A�H�� DN �P�ҥΪ��Ҥ�k (�b�ĥ� SASL �ξ��Үɬ۷?��)�C
2.16.840.1.113730.3.4.16	��ҭn�D - ��Ѥ@�ӳs��n�D�A�H�n�D��A��b�s��^3��Ѿ��ҡC
2.16.840.1.113730.3.4.17	�ȭ��u��ݩʪ��n�D - ��ܦ�A��u3�Ǧ^�u��]�t��Ǧ^��ؤ��B��ѪR��ݩʪ��ݩʡC
2.16.840.1.113730.3.4.18	��N�z�� (�s�W��) - ��\�Τ�ݦb�n�D��v��Ӿ�t�@�Ө��C*
2.16.840.1.113730.3.4.19	�ȭ��ݩʪ��n�D - ��ܦ�A��u3�Ǧ^�Ѩ��ΪA��O�\��Ҳ��ͪ��ݩʡC

�W�@�� ؿ� �d� ��󭺭� �U�@��
��v�Ҧ� 2003 Sun Microsystems, Inc. �O�d�Ҧ��v�Q�C

²��

�إߧ=X

�ϥΥD���x�إ߷s���ڧ=X

�ϥΥD���x�إ߷s���l�=X

�q��O��إߧ=X

�޲z�=X

���ΩαҥΧ=X

�ϥΥD���x���ΩαҥΧ=X

�q��O�氱�ΩαҥΧ=X

�]�w�s���v�����श

�ϥΥD���x�]�w�s���v���M�श

�q��O��]�w�s���v���M�श

�R���=X

�ϥΥD���x�R���=X

�q��O��R���=X

�إ��쵲�=X

�إߥN�z����

�ϥΥD���x�إߥN�z����

�q��O��إߥN�z����

�]�w�w�]�쵲�Ѽ�

�Τ�ݶǦ^�Ѽ�

���h���쵲�Ѽ�

�s�u�޲z�Ѽ�

��~����Ѽ�

�ϥΥD���x�]�w�w�]�쵲�Ѽ�

�q��O��]�w�w�]�쵲�Ѽ�

�ϥΥD���x�إ��쵲�=X

�q��O��إ��쵲�=X

�z�L�쵲�=X���s���

�ϥ� SSL �i���쵲

�޲z�쵲�=X

�]�w�쵲��h

LDAP ������쵲��h

��A�������쵲��h

�ϥΥD���x�ק��쵲��h

�q��O��ק��쵲��h

���Ωαҥ��쵲�=X

�ϥΥD���x���Ωαҥ��쵲�=X

�q��O�氱�ΩαҥΧ=X

�]�w�s���v�����श

�ϥΥD���x�]�w�s���v���M�श

�ϥΥD���x�]�w�s���v���M�श

�ק��쵲�Ѽ�

�ϥΥD���x�ק��쵲�Ѽ�

�q��O��ק��쵲�Ѽ�

�̨Τư���Ϊk

�ϥΥD���x�]�w����귽

�q��O��]�w����귽

�R���쵲�=X

�ϥΥD���x�R���쵲�=X

�q��O��R���=X

�]�w���h���쵲

�]�w���h���Ѽ�

�ϥΥD���x�]�w���h���Ѽ�

�q��O��]�w���h���Ѽ�

�ǰe���h���� LDAP ���

�ϥΥD��x�إ߷s��ڧ=X

�ϥΥD��x�إ߷s��l�=X

��ΩαҥΧ=X

�ϥΥD��x��ΩαҥΧ=X

�]�w�s��v��श

�ϥΥD��x�]�w�s��v��M�श

�q��O��]�w�s��v��M�श

�R��=X

�ϥΥD��x�R��=X

�q��O��R��=X

�إߥN�z��

�ϥΥD��x�إߥN�z��

�q��O��إߥN�z��

��h��쵲�Ѽ�

��~��Ѽ�

�ϥΥD��x�]�w�w�]�쵲�Ѽ�

�ϥΥD��x�إ��쵲�=X

�z�L�쵲�=X��s��

�ϥ� SSL �i��쵲

LDAP ����쵲��h

��A��쵲��h

�ϥΥD��x�ק��쵲��h

��Ωαҥ��쵲�=X

�ϥΥD��x��Ωαҥ��쵲�=X

�]�w�s��v��श

�ϥΥD��x�]�w�s��v��M�श

�ϥΥD��x�]�w�s��v��M�श

�ϥΥD��x�ק��쵲�Ѽ�

�̨Τư��Ϊk

�ϥΥD��x�]�w��귽

�q��O��]�w��귽

�R��쵲�=X

�ϥΥD��x�R��쵲�=X

�q��O��R��=X

�]�w��h��쵲

�]�w��h��Ѽ�

�ϥΥD��x�]�w��h��Ѽ�

�q��O��]�w��h��Ѽ�

�ǰe��h�� LDAP ��