|
|
IBM的大多Web项目都是使用LDAP来做用户认证,而其中很多又是使用一种名叫UD(Unify Directory)的LDAP服务器。我初到IBM工作时,我所在项目开发所用的测试服务器都是用美国的,感觉很不方便,心里想,为什么不可以直接在本地安装一个LDAP服务器呢?带这个疑问,我在这个项目组工作了一年多。终于有一天我成功地在我本地电脑上安装了一个和美国完全一样的LDAP测试服务器。从此,我再不需要连到美国去才能起动我的WAS或WPS了。感觉真好啊!
以下便是我在本地安装这个UD的全过程,希望对大家有所帮助:
首先列一下安装UD所需的全部文件:
所需软件:
1. openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe
2. LDAP-Browser-2.8.2.zip
这两个软件都是属于开源软件,不涉及版权问题,可以自由使用。
配置文件:
1. [open_ladp_root]/slapd.conf
2. [open_ladp_root]/schema/ud.schema
3. [ldap_browser_root]/localhost.cfg
LDAP测试用户数据:[ldap_browser_root]/ibm.ldif
以上文件均包含在本文的附件中。
请点击:
下载。
Pathes中包含所需的配置文件1和2。
而配置文件3和测试用户数据文件则已包含在了LDAP-Browser-2.8.2.zip中。
下面让我们来开始安装:
第一步:运行openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe,按照默认选项完成openldap服务器的安装。
第二步:编辑slapd.conf:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
ucdata-path./ucdata
include./schema/core.schema
include ./schema/cosine.schema
include ./schema/misc.schema
include ./schema/inetorgperson.schema
include ./schema/ud.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referralldap:/root.openldap.org
pidfile./run/slapd.pid
argsfile./run/slapd.args
# Load dynamic backend modules:
# modulepath./libexec/openldap
# moduleloadback_bdb.la
# moduleloadback_ldap.la
# moduleloadback_ldbm.la
# moduleloadback_passwd.la
# moduleloadback_shell.la
# Sample security restrictions
#Require integrity protection (prevent hijacking)
#Require 112-bit (3DES or better) encryption for updates
#Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
#Root DSE: allow anyone to read it
#Subschema (sub)entry DSE: allow anyone to read it
#Other DSEs:
#Allow self write access
#Allow authenticated users read access
#Allow anonymous users to authenticate
#Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#by self write
#by users read
#by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
databasebdb
suffix"o=ibm.com"
rootdn"cn=Manager,o=ibm.com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpwsecret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory./data
# Indices to maintain
indexobjectClasseq
第三步:创建ud.schema
# Unify Directory schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.68.2.6 2005/01/20 17:01:18 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
## Portions Copyright (C) The Internet Society (1997-2003).
## All Rights Reserved.
##
## This document and translations of it may be copied and furnished to
## others, and derivative works that comment on or otherwise explain it
## or assist in its implementation may be prepared, copied, published
## and distributed, in whole or in part, without restriction of any
## kind, provided that the above copyright notice and this paragraph are
## included on all such copies and derivative works. However, this
## document itself may not be modified in any way, such as by removing
## the copyright notice or references to the Internet Society or other
## Internet organizations, except as needed for the purpose of
## developing Internet standards in which case the procedures for
## copyrights defined in the Internet Standards process must be
## followed, or as required to translate it into languages other than
## English.
##
## The limited permissions granted above are perpetual and will not be
## revoked by the Internet Society or its successors or assigns.
##
## This document and the information contained herein is provided on an
## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
#
#
# Includes LDAPv3 schema items from:
#RFC 2252/2256 (LDAPv3)
#
# Select standard track schema items:
#RFC 1274 (uid/dc)
#RFC 2079 (URI)
#RFC 2247 (dc/dcObject)
#RFC 2587 (PKI)
#RFC 2589 (Dynamic Directory Services)
#
# Select informational schema items:
#RFC 2377 (uidObject)
#
# Standard attribute types from RFC 2256
#
# system schema
#attributetype ( 2.5.4.0 NAME 'objectClass'
#DESC 'RFC2256: object classes of the entity'
#EQUALITY objectIdentifierMatch
#SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
# system schema
#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
#DESC 'RFC2256: name of aliased object'
#EQUALITY distinguishedNameMatch
#SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.20081.9.1.1 NAME ( 'ibm-replicagroup' )
DESC 'RFC1274: RFC822 Mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.20081.9.1.2 NAME ( 'ibm-allGroups' )
DESC 'RFC1274: RFC822 Mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.20081.9.1.3 NAME ( 'authenid' )
DESC 'RFC1274: RFC822 Mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.20081.9.1.4 NAME ( 'sourcedirectoryuid' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.1.5 NAME ( 'sourcedirectorydn' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.1.6 NAME ( 'passwordIsStruckOut' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.1.7 NAME ( 'sourcedirectory' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.1.8 NAME ( 'passwordIsExpired' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.1.9 NAME ( 'passwordmodifytimestamp' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.3.1 NAME ( 'mode' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.3.2 NAME ( 'viewaccess' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.3.3 NAME ( 'expirationdate' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.3.4 NAME ( 'admin' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.3.5 NAME ( 'aclPropagate' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.3.6 NAME ( 'aclSource' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.3.7 NAME ( 'aclEntry' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.3.8 NAME ( 'entryOwner' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.3.9 NAME ( 'ibm-allMembers' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.4.1 NAME ( 'ibm-capabilitiessubentry' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.4.2 NAME ( 'ibm-effectiveAcl' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.4.3 NAME ( 'ibm-entryChecksum' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.4.4 NAME ( 'ibm-entryChecksumOp' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.4.5 NAME ( 'ibm-entryUuid' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.4.6 NAME ( 'ibm-replicationIsQuiesced' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.4.7 NAME ( 'ibm-replicationThisServerIsMaster' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.4.8 NAME ( 'ownerPropagate' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.4.9 NAME ( 'ownerSource' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.5.1 NAME ( 'ibm-enabledCapabilities' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.5.2 NAME ( 'ibm-slapdWriteTimeout' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.5.3 NAME ( 'lomreturnsuccessfuloperations' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.5.4 NAME ( 'lomallowedattributes' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.5.5 NAME ( 'lomreturnfailedoperations' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.5.6 NAME ( 'lomreturnqueuename' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.5.7 NAME ( 'lommaymodifyentries' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.5.8 NAME ( 'lommayaddentries' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.5.9 NAME ( 'lommaydeleteentries' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.6.1 NAME ( 'ibm-replicaserverid' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.6.2 NAME ( 'ibm-replicationserverismaster' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.6.3 NAME ( 'ibm-replicaconsumerid' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.6.4 NAME ( 'ibm-replicationonhold' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.6.5 NAME ( 'ibm-replicacredentialsdn' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.20081.9.6.6 NAME ( 'ibm-replicaurl' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# Standard object classes from RFC2256
# system schema
#objectclass ( 2.5.6.1 NAME 'alias'
#DESC 'RFC2256: an alias'
#SUP top STRUCTURAL
#MUST aliasedObjectName )
objectclass ( 1.3.6.1.4.1.20081.9.2.1 NAME 'udPerson'
DESC 'RFC2256: a country'
SUP top AUXILIARY
MUST (cn $ sn $ uid $ authenid $ o $ ou $ passwordIsExpired $ passwordIsStruckOut $ sourcedirectory $ sourcedirectorydn $ sourcedirectoryuid $ c $ passwordmodifytimestamp)
MAY (aclPropagate $ aclEntry $ aclSource $ entryOwner $ ibm-allGroups $ ibm-capabilitiessubentry $ ibm-effectiveAcl $ ibm-entryChecksum $ ibm-entryChecksumOp $ ibm-entryUuid $ ibm-replicationIsQuiesced $ ibm-replicationThisServerIsMaster $ ownerPropagate $ ownerSource $ mail $ givenName $ preferredLanguage)
)
objectclass ( 1.3.6.1.4.1.20081.9.2.2 NAME 'UDGroupOfUniqueNames'
DESC 'RFC2256: a country'
SUP top AUXILIARY
MUST (admin $ expirationdate $ mode $ viewaccess )
MAY (aclPropagate $ aclEntry $ aclSource $ entryOwner $ ibm-allMembers $ ibm-capabilitiessubentry $ ibm-effectiveAcl $ ibm-entryChecksum $ ibm-entryChecksumOp $ ibm-entryUuid $ ibm-replicationIsQuiesced $ ibm-replicationThisServerIsMaster $ ownerPropagate $ ownerSource)
)
objectclass ( 1.3.6.1.4.1.20081.9.2.3 NAME 'ibm-replicationContext'
DESC 'RFC2256: a country'
SUP top AUXILIARY
)
objectclass ( 1.3.6.1.4.1.20081.9.2.4 NAME 'ibm-replicaGroup'
DESC 'RFC2256: a country'
SUP top STRUCTURAL
MUST ibm-replicagroup
)
objectclass ( 1.3.6.1.4.1.20081.9.2.5 NAME 'ibmCapabilitiesSubentry'
DESC 'RFC2256: a country'
SUP top AUXILIARY
MUST (ibm-enabledCapabilities $ ibm-slapdWriteTimeout)
)
objectclass ( 1.3.6.1.4.1.20081.9.2.6 NAME 'lomExploiterHost'
DESC 'RFC2256: a country'
SUP top AUXILIARY
)
objectclass ( 1.3.6.1.4.1.20081.9.2.7 NAME 'eAccount'
DESC 'RFC2256: a country'
SUP top AUXILIARY
MUST (uid $ o $ ou)
)
objectclass ( 1.3.6.1.4.1.20081.9.2.8 NAME 'lomExploiter'
DESC 'RFC2256: a country'
SUP top AUXILIARY
MUST (usercertificate $ cn )
MAY (lommaymodifyentries $ lomreturnqueuename $ lomreturnfailedoperations $ lomallowedattributes $ lomreturnsuccessfuloperations $ lommaydeleteentries $ lommayaddentries)
)
objectclass ( 1.3.6.1.4.1.20081.9.2.9 NAME 'ibm-replicaSubentry'
DESC 'RFC2256: a country'
SUP top STRUCTURAL
MUST (ibm-replicaserverid $ ibm-replicationserverismaster $ cn)
MAY description
)
objectclass ( 1.3.6.1.4.1.20081.9.2.10 NAME 'ibm-replicationAgreement'
DESC 'RFC2256: a country'
SUP top STRUCTURAL
MUST (ibm-replicaconsumerid $ ibm-replicationonhold $ ibm-replicaurl $ ibm-replicacredentialsdn $ cn)
MAY description
)
第四步:在运行窗口中输入services.msc启动service管理器,然后启动“OpenLDAP Directory Service”。
第五步:编辑或创建[ldap_browser_root]/localhost.cfg
#################################
# LDAP Browser v2.8 config file #
#################################
password=secret
managerlogin=yes
version=3
managereferrals=no
leafindicatortype=int
autoconnect=yes
timeout=0
sorttree=ascending
port=389
batchsize=0
supportsmovetree=no
basedn=o=ibm.com
host=localhost
derefaliases=always
sslport=636
limit=0
leafindicator=numsubordinates
deleteolddn=yes
managerdn=cn=Manager,o=ibm.com
第六步:运行LDAP-Browser-2.8.2/lbe.bat,启动LDAP Browser。
第七步:在“Session List"选择框中选择"localhost",然后点击"connect"按钮。
http://bradoo.iyunv.com/upload/attachment/71421/6ad745c4-c0d2-3b8f-a7af-cce5b53284b5.jpg
第八步:编辑或创建[ldap_browser_root]/ibm.ldif
dn: o=ibm.com
objectClass: top
objectClass: organization
o: ibm.com
dn: ou=groups,o=ibm.com
objectClass: organizationalUnit
objectClass: top
ou: groups
dn: cn=ud,ou=groups,o=ibm.com
objectClass: groupOfUniqueNames
objectClass: top
objectClass: UDGroupOfUniqueNames
admin: uid=ZZZZZZ000WI,ou=persons,o=ibm.com
cn: ud
description: test
expirationdate: 20050429
mode: memberlist
o: ibm.com
ou: groups
owner: uid=ZZZZZZ000WI,ou=persons,o=ibm.com
uniquemember: uid=ZZZZZZ000WI,ou=persons,o=ibm.com
viewaccess: Owner/Admins
aclEntry: group:CN=ANYBODY:normal:rsc:system:rsc:restricted:rsc
aclPropagate: TRUE
aclSource: default
entryOwner: access-id:CN=ROOT
ibm-allMembers: uid=ZZZZZZ000WI,ou=persons,o=ibm.com
ibm-capabilitiessubentry: cn=ibm-capabilities,o=ibm.com
ibm-effectiveAcl: group:CN=ANYBODY:restricted:rsc:system:rsc:normal:rsc
ibm-entryChecksum: 425:11:19:7315B995:13C100EE
ibm-entryChecksumOp: 108:5:5:83DE22E1:1C600A98
ibm-entryUuid: 430090c0-65a4-102a-817e-ac5c698b35e1
ibm-replicationIsQuiesced: FALSE
ibm-replicationThisServerIsMaster: FALSE
ownerPropagate: TRUE
ownerSource: default
dn: ou=persons,o=ibm.com
objectClass: organizationalUnit
objectClass: top
ou: persons
dn: uid=ZZZZZZ000WI,ou=persons,o=ibm.com
objectclass: udPerson
objectclass: top
objectclass: person
authenid: ud@ibm.com
c: us
cn: ud
givenname: ud
mail: ud@ibm.com
o: ibm.com
ou: persons
userPassword: ud
passwordisexpired: false
passwordisstruckout: false
passwordmodifytimestamp: 20060512
sn: ud
sourcedirectory: WI
sourcedirectorydn: IBMuniqueIdentifier=uid=ZZZZZZ000,cn=people,c=US,l=world
sourcedirectoryuid: ZZZZZZ000
uid: ZZZZZZ000WI
aclEntry: group:CN=ANYBODY:normal:rsc:system:rsc:restricted:rsc
aclPropagate: TRUE
aclSource: default
entryOwner: access-id:CN=ROOT
ibm-capabilitiessubentry: cn=ibm-capabilities,o=ibm.com
ibm-effectiveAcl: group:CN=ANYBODY:restricted:rsc:system:rsc:normal:rsc
ibm-entryChecksum: 198:17:19:86C67C86:82801FF3
ibm-entryChecksumOp: 102:5:5:6C7521C5:3D3D0C8E
ibm-entryUuid: 8b422a40-7609-102a-9b1c-862c2bb65bb2
ibm-replicationIsQuiesced: FALSE
ibm-replicationThisServerIsMaster: FALSE
ownerPropagate: TRUE
ownerSource: default
第九步:在左栏中选择“o=ibm.com”,然后选择“LDIF->Import”,在对话框中浏览选择“ibm.ldif”,最后点击“Import”按钮,完成全部安装。
http://bradoo.iyunv.com/upload/attachment/71614/7da97c07-1109-3887-ab33-adc2d3f35467.png
http://bradoo.iyunv.com/upload/attachment/71618/7ca1bb3e-dfee-3823-bb82-d942a9a40a20.png
http://bradoo.iyunv.com/upload/attachment/71620/10bcf56e-4493-3658-bf14-00d75ffe96e4.png
http://bradoo.iyunv.com/upload/attachment/71622/0cebdeaa-bf8f-3a5a-ad7a-21ebf1024946.png |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2016-5-21 13:03:28
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡