test

Sun Java System Access Manager 7.1 管理指南

Procedure若要增加其他的 LDAP 配置

  1. 撰寫一個 XML 檔案,其中包含完整屬性集和次要 (或第三) LDAP 認證配置需要的新值。

    檢視 amAuthLDAP.xml (位於 etc/opt/SUNWam/config/xml) 以參照可用的屬性。但於此步驟中建立的 XML 檔案是以 amadmin.dtd 為基礎,不同於 amAuthLDAP.xml。可以為此檔案定義任何或是所有屬性。程式碼範例 1-2 是子配置檔案的範例,其包含對 LDAP 認證配置可用的所有屬性之值。


    <?xml version="1.0" encoding="ISO-8859-1"?>
<!--
  Copyright (c) 2002 Sun Microsystems, Inc. All rights reserved.
  Use is subject to license terms.
-->
<!DOCTYPE Requests
    PUBLIC "-//iPlanet//Sun ONE Access Manager 6.0 Admin CLI DTD//EN"
    "jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>
<!--
  Before adding subConfiguration load the schema with
GlobalConfiguration defined and replace corresponding
 serviceName and subConfigID in this sample file OR load
 serviceConfigurationRequests.xml before loading this sample
-->
<Requests>
<realmRequests DN="dc=iplanet,dc=com">
    <AddSubConfiguration subConfigName = "ssc"
        subConfigId = "serverconfig"
        priority = "0" serviceName="iPlanetAMAuthLDAPService">

              <AttributeValuePair>
            <Attribute name="iplanet-am-auth-ldap-server"/>
            <Value>vbrao.red.iplanet.com:389</Value>
        </AttributeValuePair>
        <AttributeValuePair>
            <Attribute name="iplanet-am-auth-ldap-base-dn"/>
            <Value>dc=iplanet,dc=com</Value>
        </AttributeValuePair>
        <AttributeValuePair>
            <Attribute name="planet-am-auth-ldap-bind-dn"/>
            <Value>cn=amldapuser,ou=DSAME Users,dc=iplanet,dc=com</Value>
        </AttributeValuePair>
        <AttributeValuePair>
            <Attribute name="iplanet-am-auth-ldap-bind-passwd"/>
            <Value>
                  plain text password</Value>
        </AttributeValuePair>
        <AttributeValuePair>
            <Attribute name="iplanet-am-auth-ldap-user-naming-attribute"/>
            <Value>uid</Value>
        </AttributeValuePair>
        <AttributeValuePair>
            <Attribute name="iplanet-am-auth-ldap-user-search-attributes"/>
            <Value>uid</Value>
        </AttributeValuePair>
        <AttributeValuePair>
            <Attribute name="iplanet-am-auth-ldap-search-scope"/>
            <Value>SUBTREE</Value>
        </AttributeValuePair>
        <AttributeValuePair>
            <Attribute name="iplanet-am-auth-ldap-ssl-enabled"/>
            <Value>false</Value>
        </AttributeValuePair>
        <AttributeValuePair>
            <Attribute name="iplanet-am-auth-ldap-return-user-dn"/>
            <Value>true</Value>
        </AttributeValuePair>
        <AttributeValuePair>
            <Attribute name="iplanet-am-auth-ldap-auth-level"/>
            <Value>0</Value>
        </AttributeValuePair>
        <AttributeValuePair>
            <Attribute name="iplanet-am-auth-ldap-server-check"/>
            <Value>15</Value>
        </AttributeValuePair>

    </AddSubConfiguration>

</realmRequests>
</Requests>

  2. 複製純文字密碼做為建立於步驟 1 之 XML 檔案中 iplanet-am-auth-ldap-bind-passwd 的值。

    此屬性的值於程式碼範例中以粗體顯示。

  3. 使用 amadmin 指令行工具載入 XML 檔案。


    ./amadmin -u amadmin -w administrator_password -v -t name_of_XML_file.

    請注意次要 LDAP 配置不會顯示並且不能使用主控台修改。

    提示 –

    這是多重 LDAP 配置可用的範例。請參閱 /AccessManager-base/SUNWam/samples/admin/cli/bulk-ops/ 中的 serviceAddMultipleLDAPConfigurationRequests.xml 指令行範本。可於 /AccesManager-base/SUNWam/samples/admin/cli/Readme.html 中取得說明