论坛首页 综合技术论坛

如何在Windows下安装IBM所用的UD

浏览 3495 次
精华帖 (0) :: 良好帖 (0) :: 新手帖 (0) :: 隐藏帖 (0)
作者 正文
   发表时间:2009-01-24   最后修改:2009-01-28
IBM的大多Web项目都是使用LDAP来做用户认证,而其中很多又是使用一种名叫UD(Unify Directory)的LDAP服务器。我初到IBM工作时,我所在项目开发所用的测试服务器都是用美国的,感觉很不方便,心里想,为什么不可以直接在本地安装一个LDAP服务器呢?带这个疑问,我在这个项目组工作了一年多。终于有一天我成功地在我本地电脑上安装了一个和美国完全一样的LDAP测试服务器。从此,我再不需要连到美国去才能起动我的WAS或WPS了。感觉真好啊!

以下便是我在本地安装这个UD的全过程,希望对大家有所帮助:

首先列一下安装UD所需的全部文件:

所需软件:

1. openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe

2. LDAP-Browser-2.8.2.zip

这两个软件都是属于开源软件,不涉及版权问题,可以自由使用。

配置文件:

1. [open_ladp_root]/slapd.conf

2. [open_ladp_root]/schema/ud.schema

3. [ldap_browser_root]/localhost.cfg

LDAP测试用户数据:[ldap_browser_root]/ibm.ldif

以上文件均包含在本文的附件中。
请点击:
下载

Pathes中包含所需的配置文件1和2。
而配置文件3和测试用户数据文件则已包含在了LDAP-Browser-2.8.2.zip中。

下面让我们来开始安装:

第一步:运行openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe,按照默认选项完成openldap服务器的安装。

第二步:编辑slapd.conf:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
ucdata-path	./ucdata
include		./schema/core.schema
include     ./schema/cosine.schema
include     ./schema/misc.schema
include     ./schema/inetorgperson.schema
include     ./schema/ud.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap:/root.openldap.org

pidfile		./run/slapd.pid
argsfile	./run/slapd.args

# Load dynamic backend modules:
# modulepath	./libexec/openldap
# moduleload	back_bdb.la
# moduleload	back_ldap.la
# moduleload	back_ldbm.la
# moduleload	back_passwd.la
# moduleload	back_shell.la

# Sample security restrictions
#	Require integrity protection (prevent hijacking)
#	Require 112-bit (3DES or better) encryption for updates
#	Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#	Root DSE: allow anyone to read it
#	Subschema (sub)entry DSE: allow anyone to read it
#	Other DSEs:
#		Allow self write access
#		Allow authenticated users read access
#		Allow anonymous users to authenticate
#	Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# BDB database definitions
#######################################################################

database	bdb
suffix		"o=ibm.com"
rootdn		"cn=Manager,o=ibm.com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw		secret
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	./data
# Indices to maintain
index	objectClass	eq



第三步:创建ud.schema


# Unify Directory schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.68.2.6 2005/01/20 17:01:18 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
## Portions Copyright (C) The Internet Society (1997-2003).
## All Rights Reserved.
##
## This document and translations of it may be copied and furnished to
## others, and derivative works that comment on or otherwise explain it
## or assist in its implementation may be prepared, copied, published
## and distributed, in whole or in part, without restriction of any
## kind, provided that the above copyright notice and this paragraph are
## included on all such copies and derivative works.  However, this
## document itself may not be modified in any way, such as by removing
## the copyright notice or references to the Internet Society or other
## Internet organizations, except as needed for the purpose of
## developing Internet standards in which case the procedures for
## copyrights defined in the Internet Standards process must be         
## followed, or as required to translate it into languages other than
## English.
##                                                                      
## The limited permissions granted above are perpetual and will not be  
## revoked by the Internet Society or its successors or assigns.        
## 
## This document and the information contained herein is provided on an 
## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

#
#
# Includes LDAPv3 schema items from:
#	RFC 2252/2256 (LDAPv3)
#
# Select standard track schema items:
#	RFC 1274 (uid/dc)
#	RFC 2079 (URI)
#	RFC 2247 (dc/dcObject)
#	RFC 2587 (PKI)
#	RFC 2589 (Dynamic Directory Services)
#
# Select informational schema items:
#	RFC 2377 (uidObject)

#
# Standard attribute types from RFC 2256
#

# system schema
#attributetype ( 2.5.4.0 NAME 'objectClass'
#	DESC 'RFC2256: object classes of the entity'
#	EQUALITY objectIdentifierMatch
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )

# system schema
#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
#	DESC 'RFC2256: name of aliased object'
#	EQUALITY distinguishedNameMatch
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.20081.9.1.1 NAME ( 'ibm-replicagroup' )
	DESC 'RFC1274: RFC822 Mailbox'
    EQUALITY caseIgnoreIA5Match
    SUBSTR caseIgnoreIA5SubstringsMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	
attributetype ( 1.3.6.1.4.1.20081.9.1.2 NAME ( 'ibm-allGroups' )
	DESC 'RFC1274: RFC822 Mailbox'
    EQUALITY caseIgnoreIA5Match
    SUBSTR caseIgnoreIA5SubstringsMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	
attributetype ( 1.3.6.1.4.1.20081.9.1.3 NAME ( 'authenid' )
	DESC 'RFC1274: RFC822 Mailbox'
    EQUALITY caseIgnoreIA5Match
    SUBSTR caseIgnoreIA5SubstringsMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

attributetype ( 1.3.6.1.4.1.20081.9.1.4 NAME ( 'sourcedirectoryuid' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

attributetype ( 1.3.6.1.4.1.20081.9.1.5 NAME ( 'sourcedirectorydn'  )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

attributetype ( 1.3.6.1.4.1.20081.9.1.6 NAME ( 'passwordIsStruckOut'  )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )	

attributetype ( 1.3.6.1.4.1.20081.9.1.7 NAME ( 'sourcedirectory' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )	

attributetype ( 1.3.6.1.4.1.20081.9.1.8 NAME ( 'passwordIsExpired' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )	

attributetype ( 1.3.6.1.4.1.20081.9.1.9 NAME ( 'passwordmodifytimestamp' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )	

attributetype ( 1.3.6.1.4.1.20081.9.3.1 NAME ( 'mode' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )	
	
attributetype ( 1.3.6.1.4.1.20081.9.3.2 NAME ( 'viewaccess'  )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )	

attributetype ( 1.3.6.1.4.1.20081.9.3.3 NAME ( 'expirationdate'  )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )	

attributetype ( 1.3.6.1.4.1.20081.9.3.4 NAME ( 'admin' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )		


attributetype ( 1.3.6.1.4.1.20081.9.3.5 NAME ( 'aclPropagate' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )	
	
attributetype ( 1.3.6.1.4.1.20081.9.3.6 NAME ( 'aclSource' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )		

attributetype ( 1.3.6.1.4.1.20081.9.3.7 NAME ( 'aclEntry' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
	
attributetype ( 1.3.6.1.4.1.20081.9.3.8 NAME ( 'entryOwner' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )


attributetype ( 1.3.6.1.4.1.20081.9.3.9 NAME ( 'ibm-allMembers' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.4.1 NAME ( 'ibm-capabilitiessubentry' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.4.2 NAME ( 'ibm-effectiveAcl' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.4.3 NAME ( 'ibm-entryChecksum' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.4.4 NAME ( 'ibm-entryChecksumOp' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.4.5 NAME ( 'ibm-entryUuid' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.4.6 NAME ( 'ibm-replicationIsQuiesced' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.4.7 NAME ( 'ibm-replicationThisServerIsMaster' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.4.8 NAME ( 'ownerPropagate' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )
	
attributetype ( 1.3.6.1.4.1.20081.9.4.9 NAME ( 'ownerSource' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.5.1 NAME ( 'ibm-enabledCapabilities' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.5.2 NAME ( 'ibm-slapdWriteTimeout' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.5.3 NAME ( 'lomreturnsuccessfuloperations' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.5.4 NAME ( 'lomallowedattributes' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.5.5 NAME ( 'lomreturnfailedoperations' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.5.6 NAME ( 'lomreturnqueuename' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.5.7 NAME ( 'lommaymodifyentries' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )
	
attributetype ( 1.3.6.1.4.1.20081.9.5.8 NAME ( 'lommayaddentries' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.5.9 NAME ( 'lommaydeleteentries' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.6.1 NAME ( 'ibm-replicaserverid' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.6.2 NAME ( 'ibm-replicationserverismaster' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.6.3 NAME ( 'ibm-replicaconsumerid' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.6.4 NAME ( 'ibm-replicationonhold' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.6.5 NAME ( 'ibm-replicacredentialsdn' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )

attributetype ( 1.3.6.1.4.1.20081.9.6.6 NAME ( 'ibm-replicaurl' )
	DESC 'RFC1274: user identifier'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}  )
# Standard object classes from RFC2256

# system schema
#objectclass ( 2.5.6.1 NAME 'alias'
#	DESC 'RFC2256: an alias'
#	SUP top STRUCTURAL
#	MUST aliasedObjectName )


objectclass ( 1.3.6.1.4.1.20081.9.2.1 NAME 'udPerson'
	DESC 'RFC2256: a country'
	SUP top AUXILIARY
	MUST (cn $ sn $ uid $ authenid $ o $ ou $ passwordIsExpired $ passwordIsStruckOut $ sourcedirectory $ sourcedirectorydn $ sourcedirectoryuid  $ c  $ passwordmodifytimestamp)
	MAY (aclPropagate $ aclEntry $ aclSource $ entryOwner $ ibm-allGroups $ ibm-capabilitiessubentry $ ibm-effectiveAcl $ ibm-entryChecksum $ ibm-entryChecksumOp $ ibm-entryUuid $ ibm-replicationIsQuiesced $ ibm-replicationThisServerIsMaster $ ownerPropagate $ ownerSource $ mail $ givenName $ preferredLanguage) 
	)

objectclass ( 1.3.6.1.4.1.20081.9.2.2 NAME 'UDGroupOfUniqueNames'
	DESC 'RFC2256: a country'
	SUP top AUXILIARY
	MUST (admin $ expirationdate $ mode $ viewaccess )
	MAY (aclPropagate $ aclEntry $ aclSource $ entryOwner $ ibm-allMembers $ ibm-capabilitiessubentry $ ibm-effectiveAcl $ ibm-entryChecksum $ ibm-entryChecksumOp $ ibm-entryUuid $ ibm-replicationIsQuiesced $ ibm-replicationThisServerIsMaster $ ownerPropagate $ ownerSource)
	)
objectclass ( 1.3.6.1.4.1.20081.9.2.3 NAME 'ibm-replicationContext'
	DESC 'RFC2256: a country'
	SUP top AUXILIARY
	)
objectclass ( 1.3.6.1.4.1.20081.9.2.4 NAME 'ibm-replicaGroup'
	DESC 'RFC2256: a country'
	SUP top STRUCTURAL
	MUST ibm-replicagroup
	)

objectclass ( 1.3.6.1.4.1.20081.9.2.5 NAME 'ibmCapabilitiesSubentry'
	DESC 'RFC2256: a country'
	SUP top AUXILIARY
	MUST (ibm-enabledCapabilities $ ibm-slapdWriteTimeout)
	)
	
objectclass ( 1.3.6.1.4.1.20081.9.2.6 NAME 'lomExploiterHost'
	DESC 'RFC2256: a country'
	SUP top AUXILIARY
	)
	
objectclass ( 1.3.6.1.4.1.20081.9.2.7 NAME 'eAccount'
	DESC 'RFC2256: a country'
	SUP top AUXILIARY
	MUST (uid $ o $ ou)
	)
	
objectclass ( 1.3.6.1.4.1.20081.9.2.8 NAME 'lomExploiter'
	DESC 'RFC2256: a country'
	SUP top AUXILIARY
	MUST (usercertificate $ cn )
	MAY (lommaymodifyentries $ lomreturnqueuename $ lomreturnfailedoperations $ lomallowedattributes $ lomreturnsuccessfuloperations $ lommaydeleteentries $ lommayaddentries)
	)

objectclass ( 1.3.6.1.4.1.20081.9.2.9 NAME 'ibm-replicaSubentry'
	DESC 'RFC2256: a country'
	SUP top STRUCTURAL
	MUST (ibm-replicaserverid $ ibm-replicationserverismaster $ cn)
	MAY description
	)

objectclass ( 1.3.6.1.4.1.20081.9.2.10 NAME 'ibm-replicationAgreement'
	DESC 'RFC2256: a country'
	SUP top STRUCTURAL
	MUST (ibm-replicaconsumerid $ ibm-replicationonhold $ ibm-replicaurl $ ibm-replicacredentialsdn $ cn)
	MAY description
	)


第四步:在运行窗口中输入services.msc启动service管理器,然后启动“OpenLDAP Directory Service”。

第五步:编辑或创建[ldap_browser_root]/localhost.cfg

#################################
# LDAP Browser v2.8 config file #
#################################

password=secret
managerlogin=yes
version=3
managereferrals=no
leafindicatortype=int
autoconnect=yes
timeout=0
sorttree=ascending
port=389
batchsize=0
supportsmovetree=no
basedn=o=ibm.com
host=localhost
derefaliases=always
sslport=636
limit=0
leafindicator=numsubordinates
deleteolddn=yes
managerdn=cn=Manager,o=ibm.com


第六步:运行LDAP-Browser-2.8.2/lbe.bat,启动LDAP Browser。

第七步:在“Session List"选择框中选择"localhost",然后点击"connect"按钮。



第八步:编辑或创建[ldap_browser_root]/ibm.ldif

dn: o=ibm.com
objectClass: top
objectClass: organization
o: ibm.com

dn: ou=groups,o=ibm.com
objectClass: organizationalUnit
objectClass: top
ou: groups

dn: cn=ud,ou=groups,o=ibm.com
objectClass: groupOfUniqueNames
objectClass: top
objectClass: UDGroupOfUniqueNames
admin: uid=ZZZZZZ000WI,ou=persons,o=ibm.com
cn: ud
description: test
expirationdate: 20050429
mode: memberlist
o: ibm.com
ou: groups
owner: uid=ZZZZZZ000WI,ou=persons,o=ibm.com
uniquemember: uid=ZZZZZZ000WI,ou=persons,o=ibm.com
viewaccess: Owner/Admins
aclEntry: group:CN=ANYBODY:normal:rsc:system:rsc:restricted:rsc
aclPropagate: TRUE
aclSource: default
entryOwner: access-id:CN=ROOT
ibm-allMembers: uid=ZZZZZZ000WI,ou=persons,o=ibm.com
ibm-capabilitiessubentry: cn=ibm-capabilities,o=ibm.com
ibm-effectiveAcl: group:CN=ANYBODY:restricted:rsc:system:rsc:normal:rsc
ibm-entryChecksum: 425:11:19:7315B995:13C100EE
ibm-entryChecksumOp: 108:5:5:83DE22E1:1C600A98
ibm-entryUuid: 430090c0-65a4-102a-817e-ac5c698b35e1
ibm-replicationIsQuiesced: FALSE
ibm-replicationThisServerIsMaster: FALSE
ownerPropagate: TRUE
ownerSource: default

dn: ou=persons,o=ibm.com
objectClass: organizationalUnit
objectClass: top
ou: persons

dn: uid=ZZZZZZ000WI,ou=persons,o=ibm.com
objectclass: udPerson
objectclass: top
objectclass: person
authenid: ud@ibm.com
c: us
cn: ud
givenname: ud
mail: ud@ibm.com
o: ibm.com
ou: persons
userPassword: ud
passwordisexpired: false
passwordisstruckout: false
passwordmodifytimestamp: 20060512
sn: ud
sourcedirectory: WI
sourcedirectorydn: IBMuniqueIdentifier=uid=ZZZZZZ000,cn=people,c=US,l=world
sourcedirectoryuid: ZZZZZZ000
uid: ZZZZZZ000WI
aclEntry: group:CN=ANYBODY:normal:rsc:system:rsc:restricted:rsc
aclPropagate: TRUE
aclSource: default
entryOwner: access-id:CN=ROOT
ibm-capabilitiessubentry: cn=ibm-capabilities,o=ibm.com
ibm-effectiveAcl: group:CN=ANYBODY:restricted:rsc:system:rsc:normal:rsc
ibm-entryChecksum: 198:17:19:86C67C86:82801FF3
ibm-entryChecksumOp: 102:5:5:6C7521C5:3D3D0C8E
ibm-entryUuid: 8b422a40-7609-102a-9b1c-862c2bb65bb2
ibm-replicationIsQuiesced: FALSE
ibm-replicationThisServerIsMaster: FALSE
ownerPropagate: TRUE
ownerSource: default

第九步:在左栏中选择“o=ibm.com”,然后选择“LDIF->Import”,在对话框中浏览选择“ibm.ldif”,最后点击“Import”按钮,完成全部安装。



  • 大小: 20.3 KB
  • 大小: 18.5 KB
  • 大小: 9.3 KB
  • 大小: 13.2 KB
  • 大小: 9.6 KB
论坛首页 综合技术版

跳转论坛:
Global site tag (gtag.js) - Google Analytics