IBM Tivoli Directory Server: IBM Tivoli Directory Server...

422
IBM Tivoli Directory Server IBM Tivoli Directory Server zΓ U 5.2 SC40-1892-00

Transcript of IBM Tivoli Directory Server: IBM Tivoli Directory Server...

Page 1: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

IBM Tivoli Directory Server

IBM Tivoli Directory Server zΓU

5.2

SC40-1892-00

Page 2: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2
Page 3: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

IBM Tivoli Directory Server

IBM Tivoli Directory Server zΓU

5.2

SC40-1892-00

Page 4: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

bΩTHΣΣúºeA²\¬ 395² I, yNzñ@δΩTC

@]2003 9 δ

úDsñtúAhA≤ IBM Tivoli Directory Server 5.2 AHß≥M∩C

© Copyright International Business Machines Corporation 2003. All rights reserved.

Page 5: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

²

eÑ . . . . . . . . . . . . . . . . viiAX∩H . . . . . . . . . . . . . . viiX . . . . . . . . . . . . . . . . vii

IBM Tivoli Directory Server w . . . . . vii÷X . . . . . . . . . . . . . viiuWsX . . . . . . . . . . . . viii

≤Uuπ . . . . . . . . . . . . . . . viiipnΘΣñ . . . . . . . . . . . . viiiD . . . . . . . . . . . . . viiirΘD . . . . . . . . . . . . . ix@ttº . . . . . . . . . . . . . ix

1 g ²º[ . . . . . . . . . . 1

1 wq² . . . . . . . . . . . 3²ßP°A . . . . . . . . . . . . 3²w . . . . . . . . . . . . . . 3

2 IBM Tivoli Directory Server . . 5

3 OW (DN) . . . . . . . . 7OWyk . . . . . . . . . . . . . . 7DN ⌡µWh . . . . . . . . . . . . . . 8wj DN Bz . . . . . . . . . . . 9

2 g °Az . . . . . . . . 11

4 ²zní . . . . . . . 13²zní . . . . . . . . . . . 13ε²zní . . . . . . . . . . . 13

5 utmví . . . . . . . . 15utmvíCD . . . . . . . . . 15p≤butmvíU . . . . . . . . 15 Web zG . . . . . . . . . . . 15ⁿOµG . . . . . . . . . . . . . 15

p≤butmvíUτ°Ab⌡µ . . . 16 Web zG . . . . . . . . . . . 16ⁿOµG . . . . . . . . . . . . . 16

6 Web zuπí

(GUI) . . . . . . . . . . . . . . . 17 Web zuπ. . . . . . . . . . . . 17nJDx . . . . . . . . . . . . . . 17HDxz¡≈nJDx . . . . . . . 17H°Az¡≈nJDx . . . . . . . 18Hzs¿ LDAP ¡≈nJDx 18

DxGm . . . . . . . . . . . . . . 18nXDx . . . . . . . . . . . . . . 19

7 ]wDx . . . . . . . . . 21zDx . . . . . . . . . . . . . . 21≤DxznJ . . . . . . . . . . 21≤DxzKX . . . . . . . . . . 21sWB∩úDxñ°A . . . . . 21zDxe . . . . . . . . . . . . 22

8 ≥°Az@ . . . . . . 23nJ Web zuπ. . . . . . . . . . . . 23≤zOWPKX . . . . . . . . 23 Web zG . . . . . . . . . . . 23ⁿOµG . . . . . . . . . . . . . 24

Pε°A . . . . . . . . . . . . 24 Web zG . . . . . . . . . . . 24ⁿOµ Windows AG . . . . . 25

d°A¼A . . . . . . . . . . . . . 25 Web zG . . . . . . . . . . . 25ⁿOµG . . . . . . . . . . . . . 30

z°Asu . . . . . . . . . . . . . 34 Web zG . . . . . . . . . . . 35ⁿOµG . . . . . . . . . . . . . 36

zsue . . . . . . . . . . . . . . 36 Web zG . . . . . . . . . . . 36ⁿOµG . . . . . . . . . . . . . 38

zs . . . . . . . . . . . . . . 38Mzs . . . . . . . . . . 39sW¿zs . . . . . . . . . . 40∩zs¿ . . . . . . . . . . . 41qzsú¿ . . . . . . . . . . 42

z@ . . . . . . . . . . . . . . 42@s . . . . . . . . . . . 42q@M椣 . . . . . . . 44

9 ]w°Ae . . . . . . . . 45≤°A≡PyÑ . . . . . . . . 45 Web zG . . . . . . . . . . . 46ⁿOµG . . . . . . . . . . . . . 46

]wα . . . . . . . . . . . . . . . 47 Web zG . . . . . . . . . . . 47ⁿOµG . . . . . . . . . . . . . 48

]wjM . . . . . . . . . . . . . . . 48 Web zG . . . . . . . . . . . 49ⁿOµG . . . . . . . . . . . . . 49XRjMε . . . . . . . . . . . . . 50

µ÷Σ . . . . . . . . . . . 53µ÷Σ . . . . . . . . . . . . . 53µ÷Σ . . . . . . . . . . . . . 54

≤q . . . . . . . . . . . 55≤q . . . . . . . . . . . . . 55≤q . . . . . . . . . . . . . 56

sWúr . . . . . . . . . . . . . 57

© Copyright IBM Corp. 2003 iii

Page 6: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

sWr . . . . . . . . . . . . 57úr . . . . . . . . . . . . . . 57

úα . . . . . . . . . . . . . 58α . . . . . . . . . . . . . . 59úα . . . . . . . . . . . . . . 59]wαΣL LDAP ² . . . . . . . . 60

bñsWú . . . . . . . 63]wsW . . . . . . . . 64úñ . . . . . . . . . . 65

10 O@² . . . . . . . . . . 67tmw]w . . . . . . . . . . . . . 67 Web zG . . . . . . . . . . . 67ⁿOµG . . . . . . . . . . . . . 68µ÷hw . . . . . . . . . . . . . 69w Socket h . . . . . . . . . . . . 69 gsk7ikm . . . . . . . . . . . . . 74

]w≈Ωw . . . . . . . . . . . . . 82 Web zG . . . . . . . . . . . 83ⁿOµG . . . . . . . . . . . . . 83

]w[Kh . . . . . . . . . . . . . . 83 Web zG . . . . . . . . . . . 83ⁿOµG . . . . . . . . . . . . . 84KX[K . . . . . . . . . . . . . . 85

]wKXh . . . . . . . . . . . . . . 86 Web zG . . . . . . . . . . . 87ⁿOµG . . . . . . . . . . . . . 87KXh . . . . . . . . . . . . . . 88

]wKXΩw . . . . . . . . . . . . . . 89 Web zG . . . . . . . . . . . 89ⁿOµG . . . . . . . . . . . . . 90

]wKXτ . . . . . . . . . . . . . . 90 Web zG . . . . . . . . . . . 90ⁿOµG . . . . . . . . . . . . . 91

]w Kerberos. . . . . . . . . . . . . . 92 Web zG . . . . . . . . . . . 93ⁿOµG . . . . . . . . . . . . . 93 Kerberos. . . . . . . . . . . . . 93Kerberos ¡≈∩M . . . . . . . . . . 94

oετ . . . . . . . . . . . . . . 96 Web zG . . . . . . . . . . . 96ⁿOµG . . . . . . . . . . . . . 96

tm DIGEST-MD5 ≈ε . . . . . . . . . . 97 Web zG . . . . . . . . . . . 97ⁿOµG . . . . . . . . . . . . . 97

11 z IBM Directory ⌡ . . . 99@q⌡Σ . . . . . . . . . . . . . 100½≤OX (OID) . . . . . . . . . . . . 101Bz½≤O . . . . . . . . . . . . . 101wq½≤O . . . . . . . . . . . . 101°½≤O . . . . . . . . . . . . 102sW½≤O . . . . . . . . . . . . 103sΦ½≤O . . . . . . . . . . . . 104s½≤O . . . . . . . . . . . . 105Rú½≤O . . . . . . . . . . . . 106

Bz . . . . . . . . . . . . . . . 107° . . . . . . . . . . . . . . 107sW . . . . . . . . . . . . . . 108sΦ . . . . . . . . . . . . . . 109s . . . . . . . . . . . . . . 110Rú . . . . . . . . . . . . . . 111IBMAttributeTypes ¼ . . . . . . . 112±∩Wh . . . . . . . . . . . . . . 113Wh . . . . . . . . . . . . . . 114yk . . . . . . . . . . . . . . 115

l⌡ . . . . . . . . . . . . . . 116IBMsubschema ½≤O . . . . . . . . . . 116⌡d . . . . . . . . . . . . . . . 116A⌡ . . . . . . . . . . . . . . . 117sε . . . . . . . . . . . . . . 117 g . . . . . . . . . . . . . . . 117

úe\⌡≤ . . . . . . . . . . . . 118½≤O . . . . . . . . . . . . . . 118 . . . . . . . . . . . . . . . 118yk . . . . . . . . . . . . . . . 123±∩Wh . . . . . . . . . . . . . . 124

⌡d . . . . . . . . . . . . . . . 124 ⌡d . . . . . . . . . . 124

DEN ⌡Σ . . . . . . . . . . . . . 125iPlanet e . . . . . . . . . . . . . 126qP UTC í . . . . . . . . . . . . 126

12 g . . . . . . . . . . . 129 g . . . . . . . . . . . . . . . 129 g≤w . . . . . . . . . . . . . . . 132D- °A . . . . . . . . . . 132 Web zG . . . . . . . . . . . 133ⁿOµG . . . . . . . . . . . . 138

D-α- . . . . . . . . . . . 140 Web zG . . . . . . . . . . . 140ⁿOµG . . . . . . . . . . . . 141

° gº[ . . . . . . . . . . 144Ph g]w° . . . . . . . 144 Web zG . . . . . . . . . . . 146ⁿOµG . . . . . . . . . . . . 147

]whD . . . . . . . . . . . . . 152 Web zG . . . . . . . . . . . 154ⁿOµG . . . . . . . . . . . . 155

z g Web z@ . . . . . . . 160z . . . . . . . . . . . . . . 160∩ ge . . . . . . . . . . . . 164 g . . . . . . . . . . . . 165zεC . . . . . . . . . . . . . . 166

z gⁿOµ@ . . . . . . . . . 167ⁿwl≡ú DN MKX . . . . . . . 167° gtmΩT . . . . . . . . . . . 168 g¼A . . . . . . . . . . . . 169hD°A . . . . . . . . . . . . 170

13 Θxí . . . . . . . 173∩ΘxOⁿ . . . . . . . . . . . . 173

iv IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 7: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ⁿOµG . . . . . . . . . . . . 174°Θx . . . . . . . . . . . . . 174 Web zG . . . . . . . . . . . 174ⁿOµG . . . . . . . . . . . . 174

fΘx . . . . . . . . . . . . . . . 175fΘx∩fΘx]w . . . . . . 175fΘx . . . . . . . . . . . . 177°fΘx . . . . . . . . . . . . 177

DB2 ΘxOⁿ. . . . . . . . . . . . 179∩ DB2 Θx]w . . . . . . . . . 179° DB2 Θx . . . . . . . . . . 179

bulkload Θx . . . . . . . . . . . . 180∩jqⁿJΘx]w . . . . . . . . 180° bulkload Θx . . . . . . . . . 180

zníΘxOⁿ . . . . . . . . . 181∩zníΘx]w . . . . . . 181°zníΘx . . . . . . . . 182

znífOⁿ . . . . . . . . . . 183znífΘxP∩zfΘx]

w . . . . . . . . . . . . . . . . 183znífΘx . . . . . . . . 184°znífΘx . . . . . . . . 184

3 g ²z . . . . . . . . . 187

14 ² . . . . . . . 189s²²≡ . . . . . . . . . . . . . . 189sW . . . . . . . . . . . . . . . 189yÑ . . . . . . . . . . . . . . . 190]tπyѺ . . . . . 191jM]tπyѺ . . . . . 192qñúyÑyzl . . . . . . . 193

Rú . . . . . . . . . . . . . . . 193∩ . . . . . . . . . . . . . . . 194Gi . . . . . . . . . . . . . . 195s . . . . . . . . . . . . . . . 195sΦsεMµ . . . . . . . . . . . . 196sWU½≤O . . . . . . . . . . . . 196RúUO . . . . . . . . . . . . . 197≤s¿Ωµ . . . . . . . . . . . . 197jM² . . . . . . . . . . . . . 197jMLo°≤ . . . . . . . . . . . . 197∩ . . . . . . . . . . . . . . . 199

15 sεMµ . . . . . . . 201º[ . . . . . . . . . . . . . . . . 201

EntryOwner ΩT . . . . . . . . . . . 201sεΩT . . . . . . . . . . . . 201

sεyk . . . . . . . . . . . . 202DD . . . . . . . . . . . . . . . 203Ω DN . . . . . . . . . . . . . . 203½≤Lo°≤ . . . . . . . . . . . . 205vQ . . . . . . . . . . . . . . . 205

. . . . . . . . . . . . . . . . 206s⌠Γ . . . . . . . . . . . . . . . 207 ACL . . . . . . . . . . . . . . 209

Web zuπíz ACL . . . 209ⁿOµíz ACL . . . . . . 213

l≡ gN . . . . . . . . . . . . 217

16 sñΓ . . . . . . . . 219s . . . . . . . . . . . . . . . . 219RAs . . . . . . . . . . . . . . 219As . . . . . . . . . . . . . . 219¼s . . . . . . . . . . . . . . 220VXís . . . . . . . . . . . . . 221Pws¿Ωµ . . . . . . . . . . . 221s½≤O . . . . . . . . . . . . 223s¼ . . . . . . . . . . . . 224

ñΓ . . . . . . . . . . . . . . . . 224

17 zjM¡εs . . . . . . 225jM¡εs . . . . . . . . . . . . 225 Web zG . . . . . . . . . . . 225ⁿOµG . . . . . . . . . . . . 227

∩jM¡εs . . . . . . . . . . . . 227 Web zG . . . . . . . . . . . 227ⁿOµG . . . . . . . . . . . . 227

sjM¡εs . . . . . . . . . . . . 227°AzG . . . . . . . . . . . 227ⁿOµG . . . . . . . . . . . . 227

újM¡εs . . . . . . . . . . . . 228 Web zG . . . . . . . . . . . 228ⁿOµG . . . . . . . . . . . . 228

18 z Proxy vs . . . . 229 Proxy vs . . . . . . . . . . . 229 Web zG . . . . . . . . . . . 229ⁿOµG . . . . . . . . . . . . 230

∩ Proxy vs . . . . . . . . . . . 231°AzG . . . . . . . . . . . 231ⁿOµG . . . . . . . . . . . . 231

s Proxy vs . . . . . . . . . . . 231°AzG . . . . . . . . . . . 231ⁿOµG . . . . . . . . . . . . 231

ú Proxy vs . . . . . . . . . . . 231 Web zG . . . . . . . . . . . 232ⁿOµG . . . . . . . . . . . . 232

4 g ÷@ . . . . . . 233

19 ΓBdBs 235Γ . . . . . . . . . . . . . . . 235Γz . . . . . . . . . . . . . 235Γzs . . . . . . . . . . . 235z . . . . . . . . . . . . 236sWzzs . . . . . . . . . 236

d . . . . . . . . . . . . . . . 237sWdΓ . . . . . . . . . . . . . 238s . . . . . . . . . . . . . . . 239sWΓ . . . . . . . . . . . . 239zΓ . . . . . . . . . . . . . . . 239

² v

Page 8: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

sWΓ . . . . . . . . . . . . . . 239sΦΓ . . . . . . . . . . . . . . 240úΓ . . . . . . . . . . . . . . 240sΦΓW ACL . . . . . . . . . . 240

zd . . . . . . . . . . . . . . . 240sWd . . . . . . . . . . . . 240sΦd . . . . . . . . . . . . . . 242úd . . . . . . . . . . . . . . 242sΦdW ACL . . . . . . . . . . 243

z . . . . . . . . . . . . . . 243sW . . . . . . . . . . . . . 243MΣΓ . . . . . . . . . . 243sΦΩT . . . . . . . . . . . 243s . . . . . . . . . . . . . 244ú . . . . . . . . . . . . . 244

zs . . . . . . . . . . . . . . . 244sWs . . . . . . . . . . . . . . 244MΣΓs . . . . . . . . . . . 245sΦsΩT . . . . . . . . . . . . 245ss . . . . . . . . . . . . . . 245ús . . . . . . . . . . . . . . 245

5 g ⁿOµí . . . . . . 247

20 ⁿOµí. . . . . . . 249ßí . . . . . . . . . . . . . 249

ldapchangepwd . . . . . . . . . . . . 250ldapdelete . . . . . . . . . . . . . . 253ldapexop . . . . . . . . . . . . . . 257ldapmodifyBldapadd . . . . . . . . . . 265ldapmodrdn . . . . . . . . . . . . . 271ldapsearch . . . . . . . . . . . . . . 275

°Aí . . . . . . . . . . . . . 284bulkload í . . . . . . . . . . . 284dbback . . . . . . . . . . . . . . . 287dbrestore . . . . . . . . . . . . . . 287db2ldif í . . . . . . . . . . . 288ibmdiradm. . . . . . . . . . . . . . 289ibmdirctl . . . . . . . . . . . . . . 289ldapdiff . . . . . . . . . . . . . . 291ldaptrace . . . . . . . . . . . . . . 297ldif í . . . . . . . . . . . . 300ldif2db í . . . . . . . . . . . 300runstats . . . . . . . . . . . . . . 301

6 g ²PßO . . . . . . . . 303

² A. ° . . . . . . . . . . 305GSKit . . . . . . . . . . . . . 305\iv . . . . . . . . . . . . . . 305Kerberos . . . . . . . . . . . . . . . 305

Kerberos AíW≤ . . . . . . . . 305b Windows W slapd.cat o . . . . 306Web z. . . . . . . . . . . . . . . 306

b Web zuπñΘJΩl . . . . . 306ΣLnJeó . . . . . . . . . . . 307ldapmodify ⁿON Web zm≤ú@P¼A 307b Windows 2003 ¡xW Web z GUI DxJx° . . . . . . . . . . . . 307AIX W Websphere Application Server -Express . . . . . . . . . . . . . . 308Web zuπb HP-UX Wsuñ . . . . 308Web zBϕµYMRAMµπyÑúT . . . . . . . . . . . . . . . 309LkTπ HTML Sϕr . . . . . . 310Web zb Domino™ °AWn IBMJDK . . . . . . . . . . . . . . . 310

ú . . . . . . . . . . . . . . . . 310tmúΘX . . . . . . . . . . . . 310ibmslapd ⁿO . . . . . . . . . . . 312°Aúí . . . . . . . . . . . . 312

gⁿOµ]A≤ Windows ¡x 313

² B. IBM UUID . . . . . . . . . 315

² C. X . . . . . . . . . . . 317

² D. Root DSE ñ½≤OX

(OID) P . . . . . . . . . . . . 321Root DSE ñ . . . . . . . . . . . 321ΣP\α OID . . . . . . . . . . 323ACI ≈ε OID . . . . . . . . . . . . 324@ OID . . . . . . . . . . . . 324ε OID . . . . . . . . . . . . . . 325

² E. LDAP Ωµ½µí (LDIF) 327LDIF d . . . . . . . . . . . . . . 327 1 LDIF Σ . . . . . . . . . . . 328 1 LDIF d . . . . . . . . . . . 328¡xΣ IANA r . . . . . . . . . 329

² F. IPv6 Σ . . . . . . . . . 331

² G. IBM Tivoli Directory Server5.2 nwq . . . . . . . . . 333

² H. IBM Tivoli Directory 5.2 t

m⌡½≤OM . . . . . . . . 369tm½≤O . . . . . . . . . . . . . 369tm . . . . . . . . . . . . . . . 372A≤ . . . . . . . . . . . . 393

² I. N . . . . . . . . . . 395 . . . . . . . . . . . . . . . . 396

Wⁿ. . . . . . . . . . . . . . 397

. . . . . . . . . . . . . . . 403

vi IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 9: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

σ≤]tz IBM® Tivoli® Directory Server nΩTC

AX∩H

AXtz\¬C

X

\¬ IBM Tivoli Directory Server wíAHPXiα∩zUC

bzMwnXºßA\uWsXⁿC

IBM Tivoli Directory Server w

IBM Tivoli Directory Server wñX]AG

IBM Tivoli Directory Server Version 5.2 Readme Addendum

Tivoli nΘw⌠s IBM Tivoli Directory Server 5.2 Readme

AddendumAΣñt Readme ñ]t½nΩTCpsuWX

÷ΩTA\ viiiyuWsXzC

IBM Tivoli Directory Server 5.2 ß Readme

]t÷≤ßsΩTC

IBM Tivoli Directory Server 5.2 °A Readme

]t°AsΩTC

IBM Tivoli Directory Server 5.2 Web zuπ Readme

]tuWeb zuπvs÷ΩTC Readme iHquWeb zuπv

DeñoC

IBM Tivoli Directory Server 5.2 wPtmΓU

]tw IBM Tivoli Directory Server ßB°AM Web zuπ

πΩTC]Aq IBM Tivoli Directory Server or SecureWay® Directory i

µα÷ΩTC

IBM Tivoli Directory Server Version 5.2 Tuning Guide

]tπ°AH≥o≤nα÷ΩTC

IBM Tivoli Directory Server 5.2 zΓU

]tzLuWeb zuπvⁿOµ⌡µz@ⁿC

IBM Tivoli Directory Server Version 5.2 Plug-in Reference

]tg°Aí÷ΩTC

IBM Tivoli Directory Server Version 5.2 C-Client SDK Programming Reference

]tg LDAP ßí÷ΩTC

÷X

UCXú÷ IBM Tivoli Directory Server ÷ΩTG

© Copyright IBM Corp. 2003 vii

Page 10: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v IBM Tivoli Directory Server 5.2 Sun Microsystems JNDI ßC÷

J N D I ßΩTA\ S u n M i c r o s y s t e m s ⌠ (

http://java.sun.com/products/jndi/1.2/javadoc/index.html) W Java™ Naming and Directory

Interface™ 1.2.1 SpecificationC

v Tivoli nΘwúU Tivoli XApBΩϕBdB⌡Miτ

ÑCTivoli nΘw≤UC⌠Ghttp://www.ibm.com/software/tivoli/library/

v Tivoli nΘWⁿ]t\h Tivoli nΘ÷NNywqCTivoli nΘWⁿ

úσAΣ≤UC⌠ Tivoli nΘw⌠¬Σ Glossary ñGhttp://www.ibm.com/software/tivoli/library/

uWsX

Tivoli nΘwñuWúúXAuiΓíσ≤µí (PDF)vM]uW

σrOyÑ (HTML)vµíGhttp://www.ibm.com/software/tivoli/libraryC

YnbwñMΣúXA÷@Uuwv¬ΣúΓUC

Ab Tivoli nΘΩTñWMΣ÷@UúWC

ΩTO úA]A READMEBwΓUBΓUBzΓUMoΓ

UC

: YnTOα≈TaCL PDF XA∩ Adobe AcrobatuCLv°íñ

MJi∩]ϕz÷@U →CLXC

≤Uuπ

≤Uuπ\αOU Θ¬]pµúK°O¬Qan

ΘúCúAziHUNÑM²CwºßAz]iH

ΣLN ½@í\αC

pnΘΣñ

bzp IBM Tivoli nΘΣñHMDºeA² IBM tzM Tivoli

nΘ⌠A⌠pUG

http://www.ibm.com/software/sysmgmt/products/support/

pGnB≤UA≤UC⌠º IBM nΘΣΓUñípnΘΣ

ñG

http://techsupport.services.ibm.com/guides/handbook.html

ⁿñúUCΩTG

v ¼ΣUMΩµD

v qXMqll≤A zbΩa w

v s ßΣñºez¼ΩTMµ

D

bSϕNyM@H@t÷ⁿOM⌠ΦFDC

viii IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 11: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

rΘD

ñUCrΘDG

Θ °HPP≥σr!pgⁿOVXjpgⁿOB÷ΣrBB∩B

Java OWM½≤íHΘϕC

Θ XDHjSϕrⁿⁿJOHΘϕC

<Θ>

< > ]wH <Θ>ϕC

ÑerΘ

íXdBⁿOµB⌡ΘXB°HPP≥σr!M²WBt

TºB"ΘJσrHⁿO∩OHÑerΘϕC

@ttº

ΓU UNIX® Dⁿw⌠²ϕkCϕz Windows® ⁿO

µAN⌠º $variable N %variable%AN²⌠ñu (/)

N¿#u (\)CpGzb Windows tW Bash ShellAhiH UNIX

DC

eÑ ix

Page 12: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

x IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 13: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

1 g ²º[

© Copyright IBM Corp. 2003 1

Page 14: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

2 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 15: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

1 wq²

²OHÑhícC½≤÷ΩT¿CªO@SϕΩwAi²

íΣπ Sw@ºSΩC

pGD½≤WAhiΣSCpGúDYSw½≤WAhijM

²AHΣX@tCXYD½≤CqziH Sw≥jM²A

úuO Jw@ wC

²O@MΩwAΣñ]@S Mq÷píΩwOCΣñ@

²SOΣs]¬jMWvq±≤s]gJWvo¬C%≤²

"α≈Σjq¬nDA@δ ÑAb¬sΦjC%≤²

DnúOnúqΩwδh\αA]bj¼!í⌠ñAi¿H

g¿ú≤híts²ΩC

²iñí!íCpG²ñíAhu@m]@²°A

]°AOAMú²sCpG²!íAh%@HW°A

]qO!bUatdú²sC

ϕ²!íA²ñΩTi! gΦíCpGΩT!ΦíAhC

@²°AñUxs@p@Bú½ΩTCτYA%C@°AUx

s@²C!²NO LDAP α\αCLDAP α\αi²

Nu ²sqT≤w (LDAP) vnD¿t@]P@°AñP

úPWíCϕΩT gΦíAhP@²xsb@HW°A

ñCb!í²ñAΩTiH!AΩTiH gC

²ßP°A

²qOuß/°AvqTísCßP°Aiαúúo

bP≈WC°Aα≈AhßC Q¬]gJ²ñΩT

íúOs²CªIs@\αí]p (API)AHKú@

hTºt@CGNúXnDíAs²ñΩ

TCAAN¬gJ@G#úXnDíC

API wqSwí]pyÑsAí]pCßP°Aíµ½

TºµíPeA"ϕugL PNqT≤wC LDAP wqF@²

ßP²°ATºqT≤wCτú÷p C yÑ LDAP APIA

H@ΦkAHKαq JavaíAH Java RWP² (JNDI) s²C

²w

²iΣΩ@wh@≥\αC²úúoú≥ªw

\αA²iMia⌠⌠wAπXAHú@≥wAC²A

OΦkCOOⁿτOuHCWPKXO≥

OΦíCbgLOºßAh"PLOv∩Sw½≤⌡µnD

@C

© Copyright IBM Corp. 2003 3

Page 16: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

vHsεMµ (ACL) ≥ªCACL O@vMµAis²ñ½≤P

CACL wqC@sα≈úα≈s¼CF² ACL

≤δ H≤e÷zAqONsvP!b@C

4 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 17: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

2 IBM Tivoli Directory Server

IBM Tivoli Directory Ω@O Internet Engineering Task Force (IETF) LDAP V3 W

µCAªt IBM b\αPαΦK[[j\αC IBM DB2®

≈xswAHúU LDAP @µ÷πXB¬α@HuW ≈P\

αCIBM Tivoli Directory Server MH IETF LDAP V3 ≥ªßµ¼B@C

Dn\αpUG

v iztm IBM Directory (GUI) – ΣzMtm\α

zα≈G

– iµl²]wC

– ≤tmP∩

– z²Θ@AOsWsΦ½≤]pG½≤OBP

ÑC

v AXW²⌡ – τYAziwqsP½≤OAHj²⌡C

Ab@PdεUA]i∩²⌡iµ≤CiHA∩⌡

eA ú"½s²°AC%≤⌡¡O²@í≈A]izL

LDAP API iµ⌡≤s@CLDAPv3 AXW⌡úDn\αpUG

– izL LDAP API d⌡ΩT

– zL LDAP API A≤⌡

– °A Root DSE

v UTF-8]qrα½µí– IBM Tivoli Directory Server iΣUyÑΩA

i²xsBPzϕaytrXΩTC

v ÷OPwh (SASL) – ΣOw∩ΣLO≈ε úCw Socket h

(SSL) X.509v3 ≈úΩ[KPOC°Aitm¿bΣ

úΣ SSL U⌡µC

v g – iΣ g\αFb\αUAiúΣL²¬AHú&²A

αPiaC g]ΣαMhD°AC

v α – iΣ LDAP α\αA²²i!Gbh LDAP °AWA bí

pUA@°Añiαutπ²ΩñlC

v sεí – izL ACL ΣjjB÷≤zsεíC

v ≤Θx

v KXh

v wfΘxOⁿ

v LDAP API A≤tm

© Copyright IBM Corp. 2003 5

Page 18: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

6 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 19: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

3 OW (DN)

²ñC@ú@OW (DN)CDN Ob²ñ@OWC

DN O%hu=vt∩¿AUt∩ºíHrIjApG

cn=Ben Gray,ou=editing,o=New York Times,c=UScn=Lucille White,ou=editing,o=New York Times,c=UScn=Tom Brown,ou=reporting,o=New York Times,c=US

ZO²⌡ñwqAic¿ DNC≤t∩ϕ½nC

N²ÑhC@h ÑADN Ut@≤ABOq íA@b

ºhεCLDAP DN HSO]qOYWYAß≥sx

AqOHΩaCDN @≤u∩OWv(RDN)Cªi²

O≤ΣLπ P)CbWñARDN ″cn=Ben Gray″ ²@O≤G]Σ RDN ″cn=Lucille White″CúºAoΓd DN @

@CAc¿ RDN u:vt∩τ"XbñC]o∩≤ DN

ΣL≤ ÑúAC

OWyk

°AΣOW (DN) ykAO RFC 2253 CBackus-Naur Form

(BNF) ykwqpUG

<name> ::= <name-component> ( <spaced-separator> )| <name-component> <spaced-separator> <name>

<spaced-separator> ::= <optional-space><separator><optional-space>

<separator> ::= "," | ";"

<optional-space> ::= ( <CR> ) *( " " )

<name-component> ::= <attribute>| <attribute> <optional-space> "+"

<optional-space> <name-component>

<attribute> ::= <string>| <key> <optional-space> "=" <optional-space> <string>

<key> ::= 1*( <keychar> ) | "OID." <oid> | "oid." <oid><keychar> ::= letters, numbers, and space

<oid> ::= <digitstring> | <digitstring> "." <oid><digitstring> ::= 1*<digit><digit> ::= digits 0-9

<string> ::= *( <stringchar> | <pair> )| ’"’ *( <stringchar> | <special> | <pair> ) ’"’| "#" <hex>

<special> ::= "," | "=" | <CR> | "+" | "<" | ">"| "#" | ";"

<pair> ::= "\" ( <special> | "\" | ’"’)<stringchar> ::= any character except <special> or "\" or ’"’

© Copyright IBM Corp. 2003 7

Page 20: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

<hex> ::= 2*<hexchar><hexchar> ::= 0-9, a-f, A-F

÷M@δOrI (,) rAúL]i! (;) rjOWñ RDNC

riXbrI!Γñ⌠@CrQñAB!QN

¿rIC

A’+’ ’=’ eßiXµ (’ ’ ASCII 32) rCbσRñoµr

C

iAW (’″’ ACSII 34) rA²rúO@í≈CbAW

iXUCrA úQ¿⌡µrG

v XbrΩYµ ″#″ r

v XbrΩµr

v UC@rG″’″B″=″B″+″B″\″B″<″B″>″ ″;″

Aibn⌡µµ@re[W@#u (’\’ ASCII 92) CΦki⌡µW

zC⌠≤rH (’″’ ASCII 34) rC

oϕkOFαΦK@δWµíCUCdOoϕkg

OWC@OtT≤WC@≤h¼ RDNCh¼ RDN t

@HWu:vt∩Aib µ CN tkúMATOSwG

OU=Sales+CN=J. Smith,O=Widget Inc.,C=US

DN ⌡µWh

DN itSϕrCor ,]rIB=]ÑB+][B<]p≤B>]j≤B#]# OB;]!B\]#uP “”]C

pGnb DN rΩñYñA⌡µoSϕrΣLrAUC⌠≤

@ΦkG

v pGn⌡µroSϕrº@AibΣe[W@#u (’\’ ASCII 92)C

UCdΦkAHbWñ⌡µrIG

CN=L. Eagle,O=Sue\, Grabbit and Runn,C=GB

oOzQΦkC

v hAiNn⌡µr½¿#uHΓQ*irAc¿rrXñ@

µCrrX UTF-8 rXC

CN=L. Eagle,O=Sue\2C Grabbit and Runn,C=GB

v H “”](ASCII 34) AϕπA D@í≈CúF \]#uºA¿∩ñírúaC \]#ui⌡µ#u (ASCII 92) (ASCII 34)BWz⌠≤SϕrBΦk

2 ñúQ*it∩CpAF⌡µ cn=xyz"qrs"abc ñAª¿

cn=xyz\"qrs\"abcAYn⌡µ \ hpUG

"you need to escape a single backslash this way \\"

A@A"\Zoo" úXWwA] ’Z’ bWUσñLk⌡µC

8 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 21: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

b°AWAϕ¼µí DN A°A⌡µ≈ε 1 P 2

½sµí DNAHK≤íBzC

wj DN Bz

DN ñX¿ RDN i%h≤¿A o≤íH ‘+’ BΓlC°Aj

Fπ DN ºjMΣCX¿ RDN iH⌠≤ⁿwAjM@

≥ªC

ldapsearch cn=mike+ou=austin,o=ibm,c=us

°Aⁿ DN WXR@CDN WXR@Oⁿ°A⌡² DN

WCXR@∩≤ DN í ÑßUCΩT\ IBM

Tivoli Directory Server 5.2 C-client Programming ReferenceC

3 OW (DN) 9

Page 22: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

10 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 23: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

2 g °Az

© Copyright IBM Corp. 2003 11

Page 24: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

12 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 25: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

4 ²zní

²zní (ibmdiradm) i∩ IBM Tivoli Directory Server iµzCz"

NªwbwwB"≥⌡µ IBM Tivoli Directory Server ≈WC²z

níi% LDAP @ⁿnDABiH∩ IBM Tivoli Directory Server

iµBεB½sM¼AC w]AIBM Directory zníi

ÑΓ≡A≡ 3538 O≤D SSL suA ≡ 3539 h≤ SSL su]Y SSL

qTC

pGn²zníAb⌠≤ⁿOúU⌡µ ibmdiradm íC\y

²znízC

: pGz SSL qTAN"εMß½s²zníA+α SSL

C\ 67y Web zGzC

²zní

: w]Aϕzw IBM Tivoli Directory Server AzníN⌡µC

pGnzníA⌡µUC⌠≤@BJG

v b UNIX ¼M Windows ¼tñAoXUCⁿOG

ibmdiradm

v b Windows ¼tñAεx -> AA∩ IBMDirectory zníA

Mß÷@UC

ε²zní

pGnεzníAUCΣñ@ΦkG

v pGzwgtmF²z DN MKXAKi ibmdirctl ⁿOεzníCoⁿODSw¡xMCΣlΩTA\ 289yibmdirctlzC

oXUCⁿOG

ibmdirictl -D <adminDN> -w <adminPW> admstop

v b UNIX ¼tñAoXUCⁿOG

ps -ef | grep ibmdiradmkill -p <pid]e@ⁿOo>

v b Windows ¼tñAεx -> AA∩ IBMDirectory zníA

Mß÷@UεC

© Copyright IBM Corp. 2003 13

Page 26: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

14 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 27: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

5 utmví

IBM Tivoli Directory Server iΣ∩°Atm]wiµ LDAP sCzi

LDAP qT≤wdP≤s°AtmC%\αAα≈iµzCF²

sΦí≤[PiaA°Aú αΩwßíl]wO¿

\CYu cn=configuration rB≤@ñA]ibutmvíU°AC

½yíAuntmßí,MiA°AKiⁿ LDAP nDCu

tmvíi²zs°AAYbíJC

butmvíUΣ\αpUG

v stmPΘx

v f

v ≤q

v Kerberos

v SASL

v SSL

butmvíUúΣ\αpUG

v sΩw

v ≤Θx

v KXh

v g

v ⌡≤

v µ÷

utmvíCD

v tm"T LDIF µíAB°A"α≈ΣP¬C

v °A"α≈ tmA¬PⁿJ⌡C

v °A"α≈ⁿJtmíC

p≤butmvíU

°A≈í⌠≤óúy¿°AbutmvíUC

Web zG

ϕzzLuWeb zuπv°AA∩utmvíC

ⁿOµG

b°A≈íⁿw -a -AC

ibmslapd -a

© Copyright IBM Corp. 2003 15

Page 28: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ibmdirctl -h <hostname> -D <adminDN> -w <adminpw>-p <portnumber>start -- -a

: pG°ALkMΩwßí@]DutmvíA-n M -N∩h²ε°ACpo ibmslapd ∩÷ΩTA\ 289

yibmdirctlzC

p≤butmvíUτ°Ab⌡µ

pGnP°AObutmvíU⌡µAUCΣñ@ΦkC

Web zG

pG°AwbutmvíUAhεPí || e¬Gπ

C

ⁿOµG

∩ ibm-slapdisconfigurationmode oX root DSE jMCpG] TrueAϕ

°AbutmvíUB≤⌡µñC

ldapsearch -s base -b " " objectclass=* ibm-slapdisconfigurationmode

16 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 29: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

6 Web zuπí (GUI)

IBM Tivoli Directory Server 5.2 Web zuπOw≤í°AApO

IBM WebSphere®Application Server - Express (WAS)At≤ IBM Tivoli Directory

ServerAzLDxiµzCZsWDxñ°AizL Web zuπ

zA ú"tbC@í°AWwuπC

z°AnΦkO Web zuπC

l Web zuπz°AºeATwzbtm°Aíwg¿U

C@G

v z"N adminDN MKX]w¿α≈w°AC

v z"NΩwtm¿α≈Nw°AbutmvíH¼AUC

v z"²zní⌡µAHKα≈qBε½sw°A

C

÷o@ΩTA\ IBM Tivoli Directory Server 5.2 wPtmΓUM

13 4 , y²znízC

: pGzwg⌡µΣLí°AATww Web zuπí°

A⌡µ≡MΣLí°A≡úPC

Web zuπ

pGn Web zuπAz"wwuπí°AC

YO IBM WebSphere Application Server - Express OA⌡zw IBM Tivoli

Directory Server ²AMßoXUCⁿOG

UNIX ¼¡x

<IDSinstalldir>/ldap/appsrv/bin/startServer.sh server1

: b Solaris ñAhO opt/ibmldapc/appsrv/bin/startServer.sh server1

Windows ¼¡x

<IDSinstalldir>\ldap\appsrv\bin\startServer.bat server1

nJDx

@ Web s²AMßΣJUC

Ghttp://localhost:9080/IDSWebApp/IDSjsp/Login.jspCπ IBM Tivoli

Directory Server Web znJeC

: pGznJs²D≤w Web zuπP@í°AWAlocalhost K

D≈W IP C

HDxz¡≈nJDx

pGnHDxz¡≈nJG

© Copyright IBM Corp. 2003 17

Page 30: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

1. b IBM Tivoli Directory Server Web znJñAHDxz¡≈nJA

oO LDAP D≈Wµw]∩C

2. bWµñAΣJGsuperadminC

3. bKXµñAΣJGsecretC

4. ÷@UnJC

π IBM Tivoli Directory Server Web zuπDxC

H°Az¡≈nJDx

pGnH°Az¡≈nJG

v b IBM Tivoli Directory Server Web znJñAqU\αϕñ∩z≈

LDAP D≈W IP C

v ΘJ°Az DN PKX]τYAzb°AtmBzí]wC

v ÷@UnJC

π IBMTivoli Directory Server Web zuπDxAΣñúU°A

z@Cú°Az@°°A\α ºC

: Web zuπúΣ gúnJw°AC

Hzs¿ LDAP ¡≈nJDx

pGnHzs¿]\ 38yzsz LDAP ¡≈

nJG

v b IBM Tivoli Directory Server Web znJñAqU\αϕñ∩z≈

LDAP D≈W IP C

v ΘJz≤°AW] DN µíMKXC

v ÷@UnJC

π IBMTivoli Directory Server Web zuπDxAΣñúU°A

z@Cú°Az@°zv¡M]°A\α ºC

: Web zuπúΣ gúnJw°AC

DxGm

IBM Tivoli Directory Server Web zuπDxY%¡¿G

X X≤eAΣñ]tíWBIBM Tivoli Directory

ServeruWeb zuπvM IBM xC

² ≤e¬Σ²ñπUDx°A@iXWCi

@°zv¡BznnJº°A\αAΓ ºC

u@ u@ñπzb²ñ∩@÷p@CpA]zb²ñ

∩z°AwAhu@ñπu°AwvM\h

Ao]tP]w°Aw÷@C

°A¼A

: pGzHDxz¡≈nJAoπuDxzvAú@í²sC

18 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 31: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

≤u@WΦ°A¼AAⁿXezº°A¼APWC

ΣñΓA@ⁿVu/ε/½svAt@ⁿV

@δíΩTCϕzb²∩X@@Aτπ∩@WB@

ⁿVΘxAH@ⁿV@íC

@¼A

≤u@UΦ@¼Añπµ@¼AC

nXDx

pGnnXDxAb²ñ÷@UnXC

QnXeπUCTºG

pGzúpnXAz÷@UBH½snJC

÷@UohTºñ BorAH# IBM Tivoli Directory Server Web zn

JC

6 Web zuπí (GUI) 19

Page 32: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

20 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 33: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

7 ]wDx

í°AºßAz"]wDxAHzz²°ACq IBM Tivoli

Directory Server Web znJñAHDxz¡≈nJA⌡µUC@G

zDx

b IBM Tivoli Directory Server Web zuπDxñG

≤DxznJ

pGnN superadmin ≤úPz IDG

1. i²ñDxzC

2. ÷@U≤DxznJC

3. ΘJsz IDC

: zuα@z IDCsuperadmin ID Qzⁿws ID NC

4. ΘJµzKXCsz ID KX secretAz≤KXεC

≤DxzKX

pGnNzKX secret ≤t@KXG

1. i²ñDxzC

2. ÷@U≤DxzKXC

3. ΘJµKXC

4. ΘJsKXC

5. AΘJsKXAHTS,rC

6. ÷@UTwC

sWB∩úDxñ°A

UCsWBsΦRúDxñ°AG

sW°ADxpGnsW°ADxG

1. i²ñDxzC

2. ÷@UzDx°ACπ@≈ϕµACX°AD≈WP≡C

3. ÷@UsWC

4. ΘJ°AD≈W IP Ap servername.austin.ibm.com

5. ⁿw≡ⁿw]C

6. ⁿw°AO SSLCTw¿zDxe@U 22 5 BJC

7. pGnM≤A÷@UTwFpGn⌠e ú⌠≤≤A÷@U

°C

© Copyright IBM Corp. 2003 21

Page 34: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

∩Dxñ°A

pGn≤°A≡ SSL \αG

1. i²ñDxzC

2. ÷@UzDx°ACCX°AD≈WP≡C

3. ∩zQ∩º°AΩsC

4. ÷@UsΦC

5. ziH≤≡C

6. ziH≤°AO SSLCpGzn SSLATw¿zDxe

@UBJ 5C

7. pGnM≤A÷@UTwFpGn⌠e ú⌠≤≤A÷@U

°C

qDxú°A

pGnqDxú°AG

1. i²ñDxzC

2. ÷@UzDx°ACCX°AD≈WP≡C

3. ∩zQúº°AΩsC

4. ÷@URúC

5. pGnRú°AA÷@UTwFpGn⌠e ú⌠≤≤A÷@U

°C

zDxe

pGn≤Dxe]wG

1. i²ñDxzC

2. ÷@UzDxeC

3. ÷@U≤z - HⁿwwDxñ°A≤C w]A

≤C

: pGzb°AWSTv¡AO°AS\αAΓúSAYwgz≤AziαOúªΣí≈@C

4. ÷@UÑq@e - H]wDxÑq@O¡εCw] 60 !C

: Ñq@íiα±]wíhXT¡!CoO]I⌡µⁿbí°Añ⌡µLAΣOHpíjΦíB@C

píj°Ñq@OíC

5. ÷@U SSL ≈Ωw - Hb"n]wDxAΣiHuw Socket

hv(SSL) PΣL LDAP °AqTCbAϕµñ]w≈Ωw⌠

MWB≈KXBiH⌠Ωw⌠MWBH⌠KXCΣ¼

jksC÷≈ΩwP SSL ΩTA\ 74y gsk7ikmzP 69

yw Socket hzC

ϕz]wnDxßA÷@UnX⌠C

22 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 35: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

8 ≥°Az@

: úDtíAh²zzs¿i⌡µ@G

v ynJ Web zuπz

v y≤zOWPKXz

v 24yPε°Az

v 25yd°A¼Az

v 34yz°Asuz

v 36yzsuez

v 38yzsz

v 42yz@z

nJ Web zuπ

pGnH²zzs¿¡≈nJG

v b IBM Tivoli Directory Server Web znJñAqU\αϕñ∩°A

LDAP D≈W IP C

v ΘJ°Az DN MKXC

v ÷@UnJC

≤zOWPKX

u²z+α⌡µo@C

zWPKXqObwPtm°ABz@í]wCúLAziH

uWeb zuπvⁿOµ≤zWPzKXC

Web zG

÷@UuWeb zuπv²ñeCXΓ∩G

≤znJ

bµñⁿw@sz DNAΘJµKXC÷@UTw÷@U°

#uw∩veA ú⌠≤≤C

: ubzOH²z¡≈nJA+α∩CpGzOHzs¿¡≈nJAhLkªC

≤KX

pGn≤enJ DN KXAbµKXµñΣJzeKXC

MßbsKXµñΣJzsKXABbTsKXµñ½sΣJ@

sKXAMß÷@UTwCpGúQiµ⌠≤≤A÷@U°A#uw

∩veC

© Copyright IBM Corp. 2003 23

Page 36: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ⁿOµG

ziHbⁿOµñ ldapcfg ⁿO ldapxcfg íC

ldapcfg ⁿOG

ldapcfg -u <admindn> -p <adminPW>

pGn ldapxcfg íAbⁿOµñΘJ ldapxcfgCX IBM Tivoli Directory

ServerutmuπveA∩z DN/KXϕⁿC÷ ldapxcfg

íΣLΩTA\ IBM Tivoli Directory Server 5.2 wPtmΓUC

÷OWΩTA\ 7 3 , yOW (DN)zC

Pε°A

ziHUC@ΦkAε°AC

Web zG

: zní (ibmdiradm) "b⌡µC

ziq°A¼A¬WñΘ°Ae¼A]wBwεB

utmvíCbu@@ylñ]íµ¼AAp

Directory Server eb⌡µ

1. pGzpA÷@UuWeb zv²ñ°AzAMßbi

Mµñ÷@U/ε/½s°AC

2. Tºπ°Aµ¼A]wεB⌡µñAHutmví⌡µC

t °A¼A]⌡µñwεAú@÷sz≤°A¼

AC

ϕ 1. °A¼A wi@

°A¼A i÷s

wε B÷¼

⌡µñ εB½sB÷¼

Hutmví⌡µ εB½sB÷¼

v pG°Ab⌡µAzi÷@UεAHε°AA÷@U½sAH

εA°AC

v pG°AwεAzi÷@UAH°AC

v Y÷@U÷¼Ah#u veC

3. ϕ°AQεANπTºC

pGzniµ°Atm@A∩butmvíU/½s∩

CboíUAutz+αs°ACb°A½sA DB2

ßí]°∩butmvíU/½s∩ºeAΣL

suúQCΣlΩT\ 15 5 , yutmvízC

: b°A⌡µíA,iiµtm@C

24 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 37: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ⁿOµ Windows AG

UCⁿOAHPε°AG

: zní (ibmdiradm) "b⌡µC

ibmdirctl [-h <hostname>] [-D <adminDN>] [-w <password>] [-p <portnumber>]start|stop|restart|status -- [ibmslapd options]

ΣlΩTA\ 289yibmdirctlzC

Y Windows tAiWzⁿOA⌡µUCBJG

1. qα÷ΓUqúC

2. ÷ΓUεxC

3. ÷ΓUAC

4. pGn°AA∩ IBMTivoliDirectory V5.2AMß÷@UC

5. pGnε°AA∩ IBMTivoliDirectory V5.2AMß÷@UεC

d°A¼A

ziH%jM cn=monitor U½≤OAd°A¼ACΣkOUC

Φkº@G

Web zG

i²ñu°AvzC÷@U°°A¼ACoeπ 9

CziHboeA÷@U½sπzH≤seb°ºWπ

¼AAz]iH÷@U÷¼≡# IBM Tivoli Directory Server w∩eCpG²

°Ab⌡µAhπUCΩTG

÷@U@δAπUCΩTG

D≈W

LDAP °AD≈WC

°A¼A

°AB≤⌡µñBwεA⌡µutmví¼ACzHiq

°A¼A¬ΣñTAA°A¼AC

°AíCíµípUG

year-month-day hour:minutes:seconds GMT

°AWeíCeíµípUG

year-month-day hour:minutes:seconds GMT

⌡µⁿ

°Au@⌡µⁿC

gJⁿΩ⌡µⁿp

#ß⌡µⁿC

8 ≥°Az@ 25

Page 38: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

¬ⁿΩ⌡µⁿp

¬ßΩ⌡µⁿ

su

e@ñsuC

su

)°AHwsupC

SSL sup

)°AH SSL supC

TLS sup

)°AH TLS supC

we

)°AHA°AweC

ewFh.*!±CutmvíñúπoC

wjMLo°≤±

jMLo°≤ewFh.*!±Cutmvíñúπo

C

ACL

Boolean Fⁿw ACL B≤@ñ (TRUE) D@ñ (FALSE)Cu

tmvíñúπoC

ACL jpW¡

ACL ñe\W¡CutmvíñúπoC

ñLOW

ⁿXOiHñLOWBz°A⌡µCpG²ñúsb⌠≤

OW½≤π TrueAY²ñ.sb@OW½≤hπ FalseC

@p÷@U@pAπUCΩTG

wnD@

)°AHwlnDC

w¿@

)°AHw¿nDC

wnDjM@

)°AHwljMC

w¿jM@

)°AHw¿jMC

wnDs@

)°AHsnDC

w¿s@

)°AHw¿snDC

wnDs@

)°AH/snDC

26 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 39: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

w¿s@

)°AHw¿/snDC

wnDsW@

)°AHsWnDC

w¿sW@

)°AHw¿sWnDC

wnDRú@

)°AH/snDC

w¿Rú@

)°AHw¿/snDC

wnD∩ RDN @

)°AH∩ RDN nDC

w¿∩ RDN @

)°AHw¿∩ RDN nDC

wnD∩@

)°AH∩nDC

w¿∩@

)°AHw¿∩nDC

wnD±@

)°AH±nDC

w¿±@

)°AHw¿±nDC

wnD±≤@

)°AH±≤nDC

w¿±≤@

)°AHw¿±≤nDC

wnD@

)°AHnDC

w¿@

)°AHw¿nDC

wnDú@

)°AHúnDC

w¿ú@

)°AHw¿únDC

u@εC÷@Uu@εCAπUCG

iu@í⌡µⁿ

iu@u@í⌡µⁿC

u@εC

eu@εCjpC

8 ≥°Az@ 27

Page 40: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

u@εCjjp

u@εC FjjpC

suMúí÷¼su

)suMúí÷¼ómsuC

w⌡µsuMúí

w⌡µ)suMúíC

e@ñ≥µ⌡µⁿ

≥µ⌡µⁿO⌡µñⁿC

≥µ⌡µⁿ

≥µ⌡µⁿC

W≥µ⌡µⁿ

W≥µ⌡µⁿC

°u@í¼A÷@U°u@í¼Aiπe@ñu@í⌡µⁿ÷ΩTCϕ°A

pwa⌡µ⌡µ¼púAoΩTUC⌡µjM°

AíA@¿εCtπovTiAí¿@

íO suM@ñu@í⌡µⁿ wC÷@UOiπΩTC

²÷@U²AπUCΩTCeT¼AHϕµµíπC

ϕ 2. ²ϕ

Rñ jp

WC

bLo°≤ºßALo°≤QC

jp

OΘqC

pjp]Hdµ

OΘqC

: ]AzBOΘAoúOw∩OpΓC]Aj≤OOΘqC

tmjp

ⁿwOΘqC÷ⁿA\ 63yb

ñsWúzC

²∩

oOHϕµµíπ 10 MµCpGoWvL¬A

ziαnNªsWñC

28 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 41: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ϕ 3. ²∩ϕ

WC

Lo°≤C

≤Θx÷@U≤ΘxAπUCΩTCeT¼AHϕµµíπC

ϕ 4. ≤Θxϕ

Rñ jp

WC

bLo°≤ºßALo°≤QC

jp

OΘqC

pjp]Hdµ

OΘqC

: ]AzBOΘAoúOw∩OpΓC]Aj≤OOΘqC

tmjp

ⁿwOΘqC÷ⁿ\ 63ybñsW

úzC

≤Θx∩

oOHϕµµíπ 10 MµCpGoWvL¬A

ziαnNªsWñC

ϕ 5. ≤Θx∩ϕ

WC

Lo°≤C

lPΘx÷@UulPΘxvi°UCΩTG

8 ≥°Az@ 29

Page 42: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

wl

°Ae trace CpGb¼lΩAK TRUEFpGS¼

lΩAh FALSECp÷l\αΩTA\ 297

yldaptracezC

lTºh

°Ae ldap_debug CoQ*iµíApG

0x0=00xffff=65535

lTºΘx

tlΘXWC

: pG stderrAΘXNπb LDAP °AⁿO°íCpG°

AúOqⁿOµAhúπ⌠≤ΩC

sW°AΘxTº

)°AHwO²TºC

sW CLI ΘxTº

)°AHwO² DB2 TºC

sWfΘxTº

)°AH%fΘxO²TºC

sWfΘxTº

%fΘxO²ó@TºC

ⁿOµG

pGnⁿOµP°A¼AA bases cn=monitor M cn=worker,cn=monitor

ldapsearch ⁿOC

cn=monitorldapsearch -h <servername> -p <portnumber> -b cn=monitor -s base objectclass=*

ⁿO#UCΩTG

cn=monitor

version=IBM Tivoli Directory (SSL), Version 5.2

totalconnections)°AHwsupC

total_ssl_connections)°AH SSL supC

total_tls_connections)°AH TLS supC

currentconnections@ñsuC

maxconnectionse\@ñsuW¡C

writewaiters#ß⌡µⁿC

30 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 43: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

readwaiters¬ßΩ⌡µⁿ

opsinitiated)°AHnDC

livethreads°Au@⌡µⁿC

opscompleted)°AHw¿nDC

entriessent)°AHA°AweC

searchesrequested)°AHnDjMC

searchescompleted)°AHw¿jMC

bindsrequested)°AHnDs@C

bindscompleted)°AHw¿s@C

unbindsrequested)°AHnD/s@C

unbindscompleted)°AHw¿/s@C

addsrequested)°AHnDsW@C

addscompleted)°AHw¿sW@C

deletesrequested)°AHnDRú@C

deletescompleted)°AHw¿Rú@C

modrdnsrequested)°AHnD∩ RDN @C

modrdnscompleted)°AHw¿∩ RDN @C

modifiesrequested)°AHnD∩@C

modifiescompleted)°AHw¿∩@C

comparesrequested)°AHnD±@C

8 ≥°Az@ 31

Page 44: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

comparescompleted)°AHw¿±@C

abandonsrequested)°AHnD±≤@C

abandonscompleted)°AHw¿±≤@C

extopsrequested)°AHnD@C

extopscompleted)°AHw¿@C

unknownopsrequested)°AHnDú@C

unknownopscompleted)°AHw¿ú@C

slapderrorlog_messages)°A⌡µ½]HwO²°ATºC

slapdclierrors_messages)°A⌡µ½]HwO² DB2 TºC

auditlog_messages)°A⌡µ½]HwO²fTºC

auditlog_failedop_messages)°A⌡µ½]HwO²ó@TºC

filter_cache_sizeñe\Lo°≤W¡C

filter_cache_currentñeLo°≤C

filter_cache_hitbñΣLo°≤C

filter_cache_missbñΣLo°≤C

filter_cache_bypass_limitϕjMLo°≤#WL¡εAhúC

entry_cache_sizeñe\W¡C

entry_cache_currentñeC

entry_cache_hitbñΣC

entry_cache_missbñΣC

32 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 45: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

acl_cache Boolean Fⁿw ACL B≤@ñ (TRUE) D@ñ (FALSE)C

acl_cache_sizeACL ñW¡C

cached_attribute_total_size²OΘqC

cached_attribute_configured_sizeⁿw²OΘqC

currenttime°AWeíCeíµípUG

year-month-day hour:minutes:seconds GMT

starttime°AíCíµípUG

year-month-day hour:minutes:seconds GMT

trace_enabled°Ae trace CpGb¼lΩAK TRUEFpGS¼

lΩAh FALSECp÷l\αΩTA\ 297

yldaptracezC

trace_message_level°Ae ldap_debug CoQ*iµíApG

0x0=00xffff=65535

trace_message_log°Ae LDAP_DEBUG_FILE ⌠]wC

en_currentregsniµ≤qºeßn²C

en_notificationssent)°AHwß≤qC

bypass_deref_aliasesⁿXOiHñLOWBz°A⌡µCpG²ñúsb⌠≤

OW½≤π TrueAY²ñ.sb@OW½≤hπ FalseC

available_workersiu@u@í⌡µⁿC

current_workqueue_sizeeu@εCC

largest_workqueue_sizeu@εC FjjpC

idle_connections_closedu)suMúív÷¼ómsuC

auto_connection_cleaner_runw⌡µu)suMúívC

8 ≥°Az@ 33

Page 46: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

emergency_thread_running≥µ⌡µⁿO⌡µñⁿC

totaltimes_emergency_thread_run≥µ⌡µⁿC

lasttime_emergency_thread_runW≥µ⌡µⁿC

cn=workers,cn=monitorw∩u@í⌡µⁿΩTATwwfAoXUCⁿOG

ldapsearch -D <adminDN> -w <adminpw> -b cn=workers,cn=monitor -s base objectclass=*

oⁿOw∩C@@ñu@íúUC¼ΩTG

cn=workers,cn=monitor

cn=workers

objectclass=container

cn=thread2640,cn=workers,cn=monitor

threadu@í⌡µⁿAp 2640C

ldapversionLDAP hAV1 V2C

binddns°A DNC

clientipß IP C

clientportß≡C

connectionidOsuXC

received¼u@nDΘMíC

workrequest¼u@nD¼H÷≤nDΣLΩTCpApGnDOjMA]

úUCΩTG

base=cn=workers,cn=monitorscope=baseObjectderefaliases=neverDerefAliasestypesonly=falsefilter=(objectclass=*)attributes=all

z°Asu

ziHUCΣñ@Φkd°Asu¼AC

34 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 47: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Web zG

i²ñu°AvzC÷@Uz°AsuCπ@ϕ

µAtC@suUCΩTG

DN ⁿw°Aºßsu DNC

IP

ⁿw°Asuß IP C

ⁿwsuΘMíC

¼A ⁿwsub@ómñCpGsu⌠≤@biµANQ°@

ñC

Ops initiatedⁿw)sußwnD@C

Ops completedⁿwbCsuΦAw¿@C

Type ⁿwsuO% SSL TLS O@ChµKC

:

1. ϕµ@hiπ 20 suC

ziHⁿw DN IP πϕµAieU\αϕ∩π

ΦíCw]∩O DNCPaAz]iHⁿwOnH&¡¡π

ϕµC

÷@U½sπz≤sesuΩTC

pGzOHzzs¿¡≈nJAziHbeW∩/°As

uCo/°Asu\αi²zε²A≡Hε°AsCzi

HiU\αϕ∩ DNBIP ΓAMß÷@Usu/YsuC

z∩AoUC@G

ϕ 6. /suWh

∩ DN ∩ IP @

<DNvalue> L /ⁿw DN s

suC

L <IPvalue> /zLⁿw IP s

uC

<DNvalue> <IPvalue> /ⁿw DN HzLⁿ

w IP suC

L L oOL°≤Cz"ⁿw

DN IP AΓC

UU\αϕw]íLC

Yn/úFúXnDº°AsuA÷@UsuCπT

iC÷@UTw≥/su@÷@U°⌠@≡#z°Asu

eC

8 ≥°Az@ 35

Page 48: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ⁿOµG

pGn°°AsuAoXUCⁿOG

ldapsearch -D<adminDN> -w <adminPW> -h <servername> -p <portnumber>-b cn=connections,cn=monitor -s base objectclass=*

oⁿOHUCµí#ΩTG

cn=connections,cn=monitorconnection=1632 : 9.41.21.31 : 2002-10-05 19:18:21 GMT : 1 : 1 : CN=ADMIN : :connection=1487 : 127.0.0.1 : 2002-10-05 19:17:01 GMT : 1 : 1 : CN=ADMIN : :

: pGAϕAbC@suWsW@ SSL TLS ⁿC

pGn⌠°AsuAoXUCΣñ@ⁿOG

# pGnSw DN suGldapexop -D<adminDN> -w <adminPW> -op unbind -dn cn=john

# pGnSw IP suGldapexop -op unbind -ip 9.182.173.43

#pGnzLSw IP Sw DN suGldapexop -op unbind -D cn=john -ip 9.182.173.43

#pGnsuGldapexop -D<adminDN> -w <adminPW> -op unbind -all

p⌠suΩTA\ 257yldapexopzC

zsu e

zsue\αi²z÷¼UCíßsuAHεßΩϕ°A

G

v eΩwCBeí≈ΩeΩC

v ¬ΩG¬GwCC

v /sC

v WΦísC

P]iHTOϕßtú≤⌡µ°í@Az@α≈s°AC

Web zG

: ubzOHzzs¿¡≈bΣ\α°AWnJA+πo∩C

i²ñu°AvzC÷@UzDxeC

1. ∩u@δvC

2. wgz∩F\Wsu∩AHⁿWsCoOw]]wCzi

H÷@U∩A°∩\Wsu\αC@°A/W

suC

: ú0\WsiαPí≈íóC

3. ]wlMúWsuCziHbWsuMúµñⁿw 0

65535 ºíC

36 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 49: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

: Ωjⁿ¡≤Ce\Cb UNIX tWAziH

ulimit -a ⁿOPo¡εCb Windows tWAoOTwC

w] 0AϕWLWsuAY ómOµñ]wómO

¡εMúsuC

4. ]wlMúwOsuCziHbwOsuMúµñⁿ

w 0 65535 ºíC

: Ωjⁿ¡≤Ce\Cb UNIX tWAziH

ulimit -a ⁿOPo¡εCb Windows tWAoOTwC

w] 1100CϕWLwOsuAY ómOµñ]wóm

O¡εMúsuC

5. ]wlMúsuCziHbsuMúµñⁿw 0

65535 ºíC

: Ωjⁿ¡≤Ce\Cb UNIX tWAziH

ulimit -a ⁿOPo¡εCb Windows tWAoOTwC

w] 1200CϕWLsuAY ómOµñ]wómO¡

εMúsuC

6. ]wYsubQMúBz÷¼ºeiHómϕCziHbómO¡

εµñⁿw 0 65535 ºíC

: Ωjⁿ¡≤Ce\Cb UNIX tWAziH

ulimit -a ⁿOPo¡εCb Windows tWAoOTwC

w] 300CϕlMúBzA÷¼WL¡ε⌠≤su]ⁿBz

zC

7. ]w0\gJíjϕCziHbGO¡εµñⁿw 0 65535 º

írCw] 120CWLo¡⌠≤suúQεC

: oA≤ Windows tCWL 30 ϕsu%@t)ñC]A

oGO¡ε]wb 30 ϕºß%@tm½C

8. ∩≥µ⌡µⁿC

9. wgz∩F≥µ⌡µⁿ∩AHi≥µ⌡µⁿCoOw]]

wCziH÷@U∩A°∩≥µ⌡µⁿ\αC@iε≥µ⌡

µⁿQC

10. ]w≥µ⌡µⁿu@nD¡εCbmnDµñⁿw 0

65535 ºíA]wb≥µ⌡µⁿºeiHdbεCñu@nD¡εC

w] 50CϕWLⁿw¡εAY≥µ⌡µⁿC

11. ]wqW@u@)εCñúHiH!CpGεCñu@

BwWLí¡εAY≥µ⌡µⁿCziHbíµñⁿ

w 0 240 ºíCw] 5C

12. qU\αϕñ∩≥µ⌡µⁿ≥CziH∩G

v jp - uϕεCWLⁿwmu@q+≥µ⌡µⁿC

v í - ubQúu@ºíí¡εWLⁿwq+≥µ⌡

µⁿC

v jpí - ϕεCjpíWLⁿwqú≥µ⌡µⁿC

8 ≥°Az@ 37

Page 50: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v jpMí - ϕεCjpMííWLⁿwq+≥µ⌡µ

ⁿC

ujpMívw]C

13. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

ⁿOµG

pGnⁿOµ⌡µP@AoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=Connection Management,cn=Front End, cn=Configurationcn: Connection Management

changetype: modifyreplace: ibm-slapdAllowAnonibm-slapdAllowAnon: TRUE-replace: ibm-slapdAnonReapingThresholdibm-slapdAnonReapingThreshold: 0-replace: ibm-slapdBoundReapingThresholdibm-slapdBoundReapingThreshold: 1100-replace: ibm-slapdAllReapingThresholdibm-slapdAllReapingThreshold: 1200-replace: ibm-slapdIdleTimeOutibm-slapdIdleTimeOut: 300-replace: ibm-slapdWriteTimeoutibm-slapdWriteTimeout: 120-replace: ibm-slapdEThreadEnablibm-slapdEThreadEnable: TRUE-replace: ibm-slapdESizeThresholdibm-slapdESizeThreshold: 50-replace: ibm-slapdETimeThresholdibm-slapdETimeThreshold: 5-#ibm-slapdEThreadActivate iH] S ϕjpAT ϕ#íASOT ϕjpíASAT ϕjpMíCreplace: ibm-slapdEThreadActivateibm-slapdEThreadActivate: S | T | SOT | SAT

pGnA≤s]wAoXUC ldapexop ⁿOG

ldapexop -D cn=root -w root -op readconfig -scope entire

ldapexop ⁿOu≤sACF²ΣL≤Az"ε½s°AC\ 393yA≤zAHoiAΦí≤sMµC

zs

zsú 24 pz\αA únUzí@@ ID MKXCzs

¿π)v@ ID MKXCzs¿ DN úi A B]úαP

IBM Tivoli Directory Server z DN C#aAIBM Tivoli Directory Server

z DN úαP⌠≤zs¿ DN CoWhτA≤ IBM

38 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 51: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

TivoliDirectory Server zMzs¿ Kerberos Digest-MD5 IDCo DN

úαP⌠≤ IBM Tivoli Directory Server gú DN Co]ϕ IBM

TivoliDirectory Server gú DN úαP⌠≤zs¿ DN IBM Tivoli

Directory Server z DN C

: IBM Tivoli Directory Server gú DN iH .

zs¿π²zαOA²UCαOúG

v u IBM Tivoli Directory Server ziHsWúzsñ¿CA

u IBM Tivoli Directory Server ziH∩⌠≤zs¿ DNBKXB

Kerberos ID Digest-MD5 IDCM Azs¿iH∩)vKXA²O

Lk∩)v DNBKerberos ID Digest-MD5 IDCzs¿úαd⌠≤

ΣLzs¿ IBM Tivoli Directory Server zKXC

v u IBM Tivoli Directory Server ziHsWútmßíñ

cn=Keberos,cn=Configuration M cn=Digest,cn=Configuration Czs¿iH

∩oñA²²z Keberos ID M Digest-MD5 ID úC

v u IBM Tivoli Directory Server ziH∩≤s⌠≤fΘx]wCz

s¿uα°fΘxMfΘx]wC

v u IBM Tivoli Directory Server ziHMúfΘxC

Mzs

z"O IBM Tivoli Directory Server z+α⌡µ@C

: b@PUuzzsv@ñA∩zs¿@÷sCzs¿uα°zzseñ zs¿ϕµC

Web zGi²ñu°AvzC÷@UzzsC

1. YnzsA÷@UzsΣ∩CpGΦw

∩AhwgzsC

2. ÷@UTwC

: pGzzsAwnJ⌠≤¿úiH≥iµz@AnD¿½ssεCYnεwgszs¿⌠≤ΣL@A⌡µ/

s@CΩTA\ 34yz°AsuzC

ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=Configurationcn: Configuration

changetype: modifyreplace: ibm-slapdAdminGroupEnabled#ⁿw TRUE ϕ FALSE ϕzs#ww²∩ TRUECibm-slapdAdminGroupEnabled: TRUEobjectclass: topobjectclass: ibm-slapdConfigEntryobjectclass: ibm-slapdTop

8 ≥°Az@ 39

Page 52: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

pGnA≤s]wAoXUC ldapexop ⁿOG

ldapexop -D cn=root -w root -op readconfig -scope singlecn=Configuration ibm-slapdAdminGroupEnabled

sW¿zs

z"O IBM Tivoli Directory Server z+α⌡µ@C

Web zGpGnsW¿zsAbzzseñ÷@UsWC

bsWzs¿eñG

1. ΘJ¿z DN]"O DN ykC

2. ΘJ¿KXC

3. AΘJ¿KXiµTC

4. ziH∩aΘJ¿ Kerberos IDCKerberos ID "O ibm-kn

ibm-KerberosName µíCoú!jpgAp

[email protected] P [email protected]

PC

: µuαb AIX® M WindowsNT® M Windows2000 ¡xWCub°

AWΣ Kerberos Σ\α OID (1.3.18.0.2.32.30) Aª+πC

5. ziH∩aΘJ¿ Digest-MD5 WC

6. ÷@UTwC

: Digest-MD5 W!jpgC

∩znsWzsC@¿A½C

¿z DNBDigest-MD5 W]pGⁿwM Kerberos ID]pGⁿw

Aúπbzs¿MµñC

: Kerberos Σuαb AIX M WindowsNTBWindows2000 M Windows 2003 ¡x

ñCub°AWΣ Kerberos Σ\α OID (1.3.18.0.2.32.30) A

Kerberos ID µ+πbzs¿MµñC

ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG

ldapadd -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=AdminGroup, cn=Configurationcn: AdminGroupobjectclass: topobjectclass: container

dn: cn=admin1, cn=AdminGroup, cn=Configurationcn: admin1ibm-slapdAdminDN: <memberDN>ibm-slapdAdminPW: <password>#ibm-slapdKrbAdminDN M ibm-slapdDigestAdminUser O∩Cibm-slapdKrbAdminDN: <KerberosID>

40 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 53: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ibm-slapdDigestAdminUser: <DigestID>objectclass: topobjectclass: ibm-slapdConfigEntryobjectclass: ibm-slapdAdminGroupMember

: pGzwgbzsñF¿Añ@C

pGnA≤s]wAoXUC ldapexop ⁿOG

ldapexop -D cn=root -w root -op readconfig -scope subtreecn=AdminGroup,cn=Configuration

∩zs¿

z"O IBM Tivoli Directory Server z+α⌡µ@C

Web zGpGn∩zs¿ΩTAbuzzsveñ⌡µUC@G

1. ∩n∩ΣΩT¿C

2. ÷@UsΦC

3. ΘJ¿z DN]"O DN ykC

4. ≤¿KXC

5. AΘJ¿KXiµTC

6. ΘJ≤¿ Kerberos IDCKerberos ID "O ibm-kn

ibm-KerberosName µíCoú!jpgAp

[email protected] P [email protected]

PC

: µuαb AIX M WindowsNT M Windows2000 ¡xWCub°A

WΣ Kerberos Σ\α OID (1.3.18.0.2.32.30) Aª+πC

7. ΘJ≤¿ Digest-MD5 WCDigest-MD5 W!jp

gC

8. ÷@UTwC

: pGzOzs¿AiHe-> ≤KXe≤KXC

∩zsñn∩C@¿A½C

ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=admin1, cn=AdminGroup, cn=Configurationcn: admin1

changetype: modifyreplace: ibm-slapdAdminDNibm-slapdAdminDN: cn=<memberDN>-replace: ibm-slapdAdminPWibm-slapdAdminPW: <password>-replace: ibm-slapdKrbAdminDN

8 ≥°Az@ 41

Page 54: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ibm-slapdKrbAdminDN: <KerberosID>-replace: ibm-slapdDigestAdminUseribm-slapdDigestAdminUser: <DigestID>

pGnA≤s]wAoXUC ldapexop ⁿOG

ldapexop -D cn=root -w root -op readconfig -scope subtreecn=AdminGroup,cn=Configuration

qzsú¿

z"O IBM Tivoli Directory Server z+α⌡µ@C

°AzGpGnúzs¿Abuzzsveñ⌡µUC@G

1. ∩nú¿C

2. ÷@URúC

3. úzTú@C

4. ÷@UTwHRú¿F÷°≡#uzzsve ú⌠≤≤C

∩≤znqzsñúC@¿A½C

ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG

ldapdelete -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

#bBCXΣL DNACµ@dn: cn=admin1, cn=AdminGroup, cn=Configuration

Ynúh¿ACX DNCC@ DN "bO@µC

pGnA≤s]wAoXUC ldapexop ⁿOG

ldapexop -D cn=root -w root -op readconfig -scope subtreecn=AdminGroup,cn=Configuration

z@

u@v\αiTOⁿwb²@wπ@Couαb

cn=uniqueattribute,cn=localhost M cn=uniqueattribute,cn=IBMpolicies ΓñⁿwC

@xsbNⁿw@°AWC@jMGu∩°

AΩw+O@CtαñºGjMGiαúO@C

: GiB@BtmM½≤Oúúαⁿw@C

@s

: YHOAyÑP@¼-CpGzⁿwSw@AªNúαPª÷yÑC

Web zGi²ñu°AvzC÷@Uz@C

42 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 55: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

1. qi\αϕñ∩znsW@CCXiiHⁿw

@Ap snC

: bQP±J cn=localhost M cn=IBMpolicies xsºeA@d

biMµñC

2. ÷@UsW cn=localhost sW cn=IBMpoliciesCoΓxstºOcn=IBMpolicies O gA cn=localhost húOCπbAϕM

µñCziHNPCboΓxsC

: pGb cn=localhost M cn=IBMpolicies ΓUYAoΓ

GpYΣ@MµXCpApG cn M employeeNumber b

cn=localhost ñⁿw@A B cn M telephoneNumber b cn=IBMploicies

Wⁿw@A°AKN cnBemployeeNumber M telephoneNumber ϕ

@C

3. ∩≤znsW@C@A½BzC

4. ÷@UTwHxsz≤AO÷@U°H⌠oe ú⌠≤≤C

ⁿOµGpGnⁿwY"@AoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=uniqueattributes,cn=localhostchangetype: addcn: uniqueattributesibm-UniqueAttributeTypes: snobjectclass: topobjectclass: ibm-UniqueAttributeTypes

pGnsWΣLAoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=uniqueattributes,cn=localhostcn: uniqueattributes

changetype: modifyadd: ibm-UniqueAttributeTypesibm-UniqueAttributeTypes: AIXAdminUserId

-add: ibm-UniqueAttributeTypesibm-UniqueAttributeTypes: adminGroupNamessW∩@ApG⌠≤CX@@¡εúA

Núb²ñsWCz"²MoDA]"½soXsW

∩ⁿOCpAbsW@²ñApGbΣñ@¼ϕ

µW@¡εó]τYA%≤bΩwñ½AhúN@

sW²ñCoX DSA ú@⌡µC

: pGb cn=localhost M cn=IBMpolicies ΓUYAoΓGp

YΣ@MµXCpApG cn M employeeNumber b

cn=localhost ñⁿw@A B cn M telephoneNumber b cn=IBMploicies

Wⁿw@A°AKN cnBemployeeNumber M telephoneNumber ϕ

@C

8 ≥°Az@ 43

Page 56: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ϕísWπ²A P²½A

LDAP °ANoX#GX 20]LDAPG X 20 - sbC

ϕ°AAªd@MµAPC@@Oú DB2 ¡ε

sbCpGY¡ε]wQ bulkload íA]wΓNªú úsbAªNq@MµñúA Θx ibmslapd.log ñ]O²@

hTºCpApGb cn=uniqueattributes,cn=localhost ñN cn ⁿw¿@

A Bª]S⌠≤ DB2 ¡εAtKO²UCTºG

CN úO@C CN wqUC@úGCN=UNIQUEATTRIBUTES,CN=LOCALHOST

q@M椣

Ynq@MµñúAUCΣñ@ΦkC

: pG@sb cn=uniqueattribute,cn=localhost M cn=uniqueattribute,cn=IBMpolicies

ΓA Buq@NªúA°A≥N°@CqΓ

ñNúßAªN¿D@C

Web zGi²ñu°AvzC÷@Uz@C

1. ÷@UAϕMµñA∩znq@MµñúCpe@

ñ AIXAdminUserIdC

2. ÷@UúC

3. ∩≤znqMµñúC@A½BzC

4. ÷@UTwHxsz≤AO÷@U°H⌠oe ú⌠≤≤C

: pGzq cn=localhost cn=IBMpolicies Mµñúß@@AK)

RúMµ cn=uniqueattribute,cn=localhost cn=uniqueattribute,cn=IBMpolicies

xsC

ⁿOµGpGnⁿOµú@MµñAoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> tG

dn: cn=uniqueattributes,cn=localhostcn: uniqueattributes

changetype: modifycn: uniqueattributesibm-UniqueAttributeTypes: AIXAdminUserIdpGnúxsb cn=localhost ñ@AoXUCⁿOG

ldapdelete -D <adminDN> -w <Adminpw> "cn=uniqueattributes,cn=localhost"

q²ñRú ″cn=uniqueattributes″ AYúhIµ≤@W@¡εA SiH0\D@C

44 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 57: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

9 ]w°A e

ziH]w°AUCeG

v y≤°A≡PyÑz

v 48y]wjMz

v 53yµ÷Σz

v 55y≤qz

v 57ysWúrz

v 58yúαz

v 63ybñsWúz

÷M Web zuπOzQΦkAúLz]iHQ LDAP í≤s°A

tmCioX LDAP ∩nDG

v IBM Tivoli Directory Server úº C-client C-íC

v JNDI Java í

v ΣL⌠≤ú V3 LDAP C

UCd ldapmodify ⁿOµíC

ldapmodify ⁿOiHb¼íU⌡µAOñⁿwΘJ⌡µCNΓUjí!d ÑAúúiHM ldapmodify ⁿO@eCqoⁿOµíG

ldapmodify -D <adminDN> —w <password> —i <filename>

pGnHAΦí≤s°Atm]wAz"oXUC ldapexop ⁿOCⁿO≤sAtm]wG

ldapexop -D cn=root -w root -op readconfig -scope entire

ⁿO≤sµ@]wC

ldapexop -D cn=root -w root -op readconfig -scope single <entry DN><attribute>

ldapexop ⁿOu≤sACF²ΣL≤Az"ε½s°AC\ 393yA≤zAHoiAΦí≤sMµC

÷ ldapmodify P ldapexop ⁿOΩTA\ 249 20 , yⁿ

OµízC

: uzMzs¿+α≤s°Atm]wC

≤°A≡PyÑ

: OoApGz≤°A≡]wAN"P≤Dxñ°A≡]wC\ 21yzDxzC

© Copyright IBM Corp. 2003 45

Page 58: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Web zG

b Web z²ñ÷@Uz°AeAπuz°AeveC

eñw²∩@δCu@δveΓ¬ΩTµAΣñπ°A

D≈WAHwb≈W IBM Tivoli Directory Server hC

oe]]tTi∩"nµA]ADwqT≡]w] 389Bw

qT≡]w] 636)]eG!Oπe≡AHiyÑΣ

∩CpGzQ≤≡]wyÑAΓC

: ≡ 0 1023Fn²≡ 1024 49151FApK≡h 49152

65535C

1. ÷@UDwqT≡AMßΘJ 49152 65535 d≥Cp 399C

2. ÷@UwqT≡AMßΘJ 49152 65535 d≥Cp 699C

3. ÷@UyÑΣ∩AyÑΣCw]]wC

ΩTA\ 190yyÑzC

4. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

pGz≤F≡Ah"ε°AA≤+C\ 24yP

ε°AzCε°AºßAz"bεAMßAzníA+

α½s∩≡iµPBC\ 13 4 , y²znízC½s

°AC

ⁿOµG

pGnPOwyÑ\αAoX r o o t D S E jMAⁿw

″ibm-enabledCapabilities″C

ldapsearch -b "" -s base objectclass=* ibm-enabledCapabilities

pG# OID ″1.3.6.1.4.1.4203.1.5.4″Aϕw\αC

pGSyÑΣA⌠≤NyÑ÷p LDAP @úQA

#UCTºG

unrecognized attribute

pGnⁿOµⁿwúOw]≡AyÑAoXUCⁿOG

ldapmodify -D <adminDN> —w <password> —i <filename>

Σñ <filename> ]tG

dn: cn=configurationchangetype: modify

replace: ibm-slapdPortibm-slapdPort: 399-replace: ibm-slapdSecurePortibm-slapdSecurePort: 699-dn: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationreplace: ibm-slapdLanguageTagsEnabledibm-slapdLanguageTagsEnabled: TRUE

46 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 59: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

z"ε°AA≤+C\ 24yPε°AzCε°

AºßAz"bεAMßAzníA+α½s∩≡iµPB

C\ 13 4 , y²znízC

ibmdirctl -D <AdminDN> -w <Adminpw> -p 389 stop

ibmdirctl -D<AdminDN> -w <Adminpw> admstop

ibmdiradm

ibmdirctl -D<AdminDN> -w <Adminpw> start

]wα

: ÷sπΩTA\ IBMTivoli Directory Server Version 5.2 Tuning GuideA

ΓUib TivoliSoftware Library ⌠WΣCpsuWX÷ΩTA

\ viiiyuWsXzC

ziH≤jM¡εPsu]wAHjαC

Web zG

iuWeb zuπv²ñz°AeAMß∩ αC

1. ⁿwΩwsuCoO]w°A DB2 suCz"ⁿwp

5Cw] 15CpGz LDAP °A¼jqßnDA

ß¼usuDvAziHW[°Aα DB2 su]

wA\iHozQGCjsuO%z DB2 Ωwñ]wM

wCúLA÷MbⁿwsuΦúA°A]¡AΩWACsuú

ΩCd\ IBM Tivoli Directory Server Version 5.2 Tuning GuideAHoz

tAsπC

2. ⁿwg@ΩwsuCo]w°Aiµ g@ DB2 su

Cz"ⁿwp 1Cw]]wO 4Cd\ IBMTivoli Directory

Server Version 5.2 Tuning GuideAHoztAsπC

: ⁿwΩwsuM g@ΩwsusuúiWL DB2ΩwC

3. ∩ ACL ΩTAHUC ACL ]wCz"∩o∩Ae

ñΣL]w∩+αC

4. ⁿw ACL ñW¡Cw] 25,000C

5. ⁿwñW¡Cw] 25,000C

6. ⁿwjMLo°≤ñW¡Cw] 25,000CjMLo°≤]

tnDLo°≤WΩdAHúOXCb≤s@

ñALo°≤ú¿LC

7. ⁿwqµ@jMñisWjMLo°≤ñW¡CpGz∩

Ah"ΘJ@Cw] 100Ch∩ú]¡CjM

pGWXBⁿwAhúNªsWjMLo°≤ñC

8. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

9. pGzn]wΩwsuAz"½s°AA≤+CpGz

uO∩]wAhú"½s°AC

9 ]w°Ae 47

Page 60: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ⁿOµG

pGnⁿOµ⌡µP@AoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=Directory,cn=RDBM Backends,cn=IBM Directory,cn=Schemas,cn=Configurationchangetype: modify

replace: ibm-slapdDbConnectionsibm-slapdDbConnections: 15-replace: ibm-slapdReplDbConnsibm-slapdReplDbConns: 4

dn: cn=Front End, cn=Configurationchangetype: modify

replace: ibm-slapdACLCacheibm-slapdACLCache: TRUE-replace: ibm-slapdACLCacheSizeibm-slapdACLCacheSize: 25000-replace: ibm-slapdEntryCacheSizeibm-slapdEntryCacheSize: 25000-replace: ibm-slapdFilterCacheSizeibm-slapdFilterCacheSize: 25000-replace: ibm-slapdFilterCacheBypassLimitibm-slapdFilterCacheBypassLimit: 100

pGnA≤s]wAoXUC ldapexop ⁿOG

ldapexop -D cn=root -w root -op readconfig -scope entire

ldapexop ⁿOu≤sACF²ΣL≤Az"ε½s°AC\ 393yA≤zAHoiAΦí≤sMµC

]wjM

ziH]wjMεjMαOAp!MjMC

!Gi²zzqjMnD#ΩqCziHnDl]

A únP¼GCß≥jMnDπU@GA@

°#ßGεCjMi²ß ≥Mµ¼jMGA

ΣñC≥úNϕ@jMΣCo∩iNd⌠Aqßí

°AA]b°A⌡µ±vC

t ’alias’ ’aliasObject’ ½≤O²]t ’aliasedObjectName’ AoO

²ñΣLCujMnDiHⁿwOnOWCϕn

lOW#lCpGOWsb≤²ñAϕOW∩]w@w

jMAIBM Tivoli Directory Server jM#íAPOW∩]ú

jM#í±πoϕ°C

°A∩iH]wúBMΣBjM@wCo∩PΦ AND

@ºjMnDñⁿw∩XCúhϕjM@ñ

∩C

48 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 61: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Web zG

iuWeb zuπv²ñz°AeAMß∩jM]wC

1. ]wjMjp¡εCzi÷@Uú]¡ΩsCpGz∩Ah"

bµñⁿwjM#W¡Cw] 500CpGXjM≥

WL¡AhXhú#Co¡εúA≤zC

2. ]wjMí¡εCzi÷@Uϕú]¡ΩsCpGz∩ϕAh"bµ

ñⁿw°AhiHßh.íBznDCw] 900Co¡εúA≤

zC

3. pGnNjM\α¡εzA∩e\zNjM ∩

C

4. pGnNjM!\α¡εzA∩e\zNjM∩

C

5. pGn]wOWhAiOWU\αϕAMß∩UC@

Cw]@wC

ú /úOW

MΣ ϕMΣjMIOWA²OblºUjMhú

C

jM ϕMΣjMIºUOWA²ObMΣlhú

C

@w ϕMΣjMIHjMlºUú@wOWC

u@wvOw]C

: uϕz°AΣOW+αo∩C

6. ⁿwb!jMñnÑϕ]ómOC!jMnb LDAP °AM

xs LDAP Ω DB2 Ωwºí@suCuómOvoz

¡εDnOn!GjMnD O DB2 ΩwsuOC

7. ⁿwb⌠≤wíA°Aie\µ!jMW¡Cw] 3C

8. ⁿwbjMñαW¡Cw] 3C

9. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

\ 50yXRjMεzAHo÷≤jMΣLΩTC

ⁿOµG

pGnⁿOµ⌡µP@AoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=Configurationchangetype: modify

replace: ibm-slapdTimeLimitibm-slapdTimeLimit: 900-replace : ibm-slapdDerefAliasesibm-slapdDerefAliases: never|find|search|always-replace: ibm-slapdSizeLimitibm-slapdSizeLimit: 500

9 ]w°Ae 49

Page 62: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

dn: cn=Directory,cn=RDBM Backends,cn=IBM Directory,cn=Schemas,cn=Configurationchangetype: modify

replace: ibm-slapdPagedResAllowNonAdminibm-slapdPagedResAllowNonAdmin: false-replace: ibm-slapdPagedResLmtibm-slapdPagedResLmt: 3-replace: ibm-slapdSortKeyLimitibm-slapdSortKeyLimit: 3-replace:ibm-slapdSortSrchAllowNonAdmin: false

dn: cn=Front End, cn=Configurationchangetype: modify

replace: ibm-slapdIdleTimeOutibm-slapdIdleTimeOut: 300

pGnA≤s]wAoXUC ldapexop ⁿOG

ldapexop -D cn=root -w root -op readconfig -scope entire

\ 275yldapsearchzAHAp≤ⁿOµiµjMC

XRjMε

pGSAhjM\αube 240 ñAMΣLo°

≤CApGjMnDñⁿwAh°Aue 240

jM@ΣC@δßí"NG°ϕµñO

S wApGjMLo°≤Obe 240 ßY

ñAhiαúN#ßC

: ¡ε IBM Tivoli Directory Server SCΣL¡x]]A z/OS™ P

OS/400®W IBM LDAP °AAhiαúP¡εC\U¡xσ≤A

HAΣ¡εC

zib Web zuπ]⌡z -> z -> <attributename> -> sΦ ->IBMXROñdwqAd cn=schema jM@#wqAHPw

OwSCb Web zuπñ°wqAIBM XRO

πUCG

Wh

[] Equality[] Ordering[] Approximate[] Substring[] Reverse

t∩AWhCpG ldapsearch íAh ibmattributetypes

]tUC÷ΣrGAPPROXBEQUALITYBORDERINGBSUBSTR REVERSEC

pA’cn’ tUCwwqG

attributetypes=( 2.5.4.3 NAME ( ’cn’ ’commonName’ ) DESC ’This is the X.500commonName attribute, which contains a name of an object.If the object corresponds to a person, it is typically thepersons full name.’ SUP 2.5.4.41 EQUALITY 2.5.13.2ORDERING 2.5.13.3 SUBSTR 2.5.13.4 )

ibmattributetypes=( 2.5.4.3 DBNAME ( ’cn’ ’cn’ ) ACCESS-CLASS NORMAL LENGTH256 EQUALITY ORDERING SUBSTR APPROX )

50 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 63: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

\ 114yWhzC

jMε

jMGiπ ¡S\α LDAP ßAú\αCj

MGi² LDAP ß¼ @≥]ΣñC@≥UNϕ@Σ

jMGC≥]AG¼B±∩WhP¡C°A²

o≥jMGAMßA#CoNd⌠qßíα°A

A °Ab⌡µW≤vCpAßíQ um≤BWr

MqXAqº Grand Cayman ⌠WuMµCúnmjMMµ

ΓA+αNΣ]@b°AWAMßÑG#bßWAm@

AunmjMMµ@AMßbNG#ßíºeA[H

C

°A jMA w]AbC@jM@ñhe\T

Σ]WCpGn≤z¡εAb ibmslapd.conf ñ≤

ibm-slapdSortKeyLimit: 3 @µC\ 48y]wjMzAHop≤⌡µo

BJ÷ΩTCpGµúsbAsW]wsj]pGµúsbA

h°Aw]C

w]A°ABzDzsunDA]AHWsC%≤²jM

GA#A°AΩ±uµ#hA]ziHN°Atm¿u

Bzszv¡ºoXnDCpGnBzuzsúX

jMnDAb ibmslapd.conf ñAN ibm-slapdSortSrchAllowNonAdmin: true

@µ∩¿ ibm-slapdSortSrchAllowNonAdmin: falseC\ 48y]wjMzC

pGµúsbAsWµN]w falseAΣue\zsC\ 53

ysWjMdzC

ϕjMnD⌠ALDAP °ANNα#ßCAN%ß

AíMwOn]wjMnD≥nA íbA

ϕípUABzα°AWoεΣΦóCALDAP °AúαTO

α°AOΣjMεC#ßíMµiαh≈A

hSCßíN)µMwΩTe@δnΦíCiα

MΦíG²XαGAMßAe@δFπh≈MµP

∩α°AD≈WFútµΣLBJA NGπb@δ

eApPO%°A#δCßí"αA+αo@≈

uΩMµAhpGObⁿwjMεUlαAiαoLk

wGC

bz°AjMGA"NUCUIG

v °AOQ≥ª DB2 ΩwA⌡µjMGCoN²AjMG

iα]ΩwΩrXúP úP]SOOpGzΩwrX UTF-8

C

v °AñⁿwΣ±∩WhCe°AúΣ±∩WhC

v úΣh°A]αC°AúαOαß°AOΣj

MGC

÷°AºjMεΩTAib RFC 2891 ñΣCjMG

ε OID 1.2.840.113556.1.4.473AB Root DSE ΩTñ@ΣεC

9 ]w°Ae 51

Page 64: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

÷G

÷!GiuQ¼@pjMG]@ D@π≈Mµ LDAP ßA

ú!\αCCϕßß≥úX@!GjMnDAY#U@

ßíA@°#ßGεCpGjpj≤Ñ≤°A

sizeLimit AFXµ@@ñnDA°ANñ ÷!GnDC

%≤jMG!Sbπ ÷!GnDLñA,°AΩA]

@sz¡εAHTOb ÷!GnDíA°AΩú

QC

ibm-slapdPagedResAllowNonAdmin w]A°ABzDzsunDA]AHWsCpGµ°

AuBzszv¡ºúX ÷!GjMnDAz"

b ibmslapd.conf ñAN ibm-slapdPagedResAllowNonAdmin: true @µ∩¿

ibm-slapdPagedResAllowNonAdmin: falseC\ 48y]wjMzCp

GµúsbAsWµN]w falseAΣue\zsC

\ 53ysWjMdzC

ibm-slapdPagedResLmt w]Ab⌠≤wí°Ahe\iT¿ ÷!G@

CFTOαHt#ß≥ ÷!GnDAbjMnD

íA°A≥@°ΩwsuA° ÷!G

nDAßGw#ßíεCz¡ε«bTO°A

bBzΣL@Aú]ΩwsuQ¿ ÷!Gj

MnD,A QACDG@PAN ibm-slapdPagedResLmt ]wp≤z°AΩwsuW¡CpGn≤z¡εAb

ibmslapd.conf ñ≤ ibm-slapdPagedResLmt: 3 @µC\ 48y]

wjMzCpGµúsbAsW]wsj]pGµúsbAh

°Aw]C\ 53ysWjMdzC

ibm-slapdPagedSizeLmt w]A°AC@h# 50 ºjMGCpGzQ]wúPjp

W¡Azib ibmslapd.conf ñ≤ ibm-slapdPagedSizeLmt: 50 @µC

: IBM Directory Server 4.1 M 5.1 Σ ibm-slapdPagedSizeLmtCIBM Tivoli

Directory Server 5.2 úΣ ibm-slpadPagedSizeLmtC

ibm-slapdIdleTimeOutuómOvoz¡εADnOw∩ ÷!GjMnDA²Σ

¼A DB2 ΩwsuOC ÷!GnDw]ómí 500

ϕCpA]ßíbΓºíyF 510 ϕA°A²Σn

DOAHKXΩwsuA²ΣL°A@CϕßíU

úX ÷!GnDA°A#AϕíA

ßí"½s ÷!GnDCbC#@ß

íßAY½sp ÷!GnDómíC°AC 5 ϕY

d@ ÷!GnDOOA]NΓz ibm-slapdIdleTimeOut C≤ 5 ϕAz,oÑ 5 ϕA ÷!GnD+ΓOCpGn≤

z¡εAb ibmslapd.conf ñ≤ ibm-slapdIdleTimeOut: 300 @µC

\ 48y]wjMzCpGµúsbAsW]wsj

]pGµúsbAh°Aw]C\ 53ysWjM

dzC

52 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 65: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

bjMnD⌠ALDAP °ANα#ßApPú⌠≤ε

iµjM@CoN²ApG°A 10 Gn#Aα±b 10

ñ#A úO±bC@#CblαíAßí"b

N Cookie ]ípUAe@l!GnDC@α°ACA

ßAíNMwb÷!GΣΦOn]w≥nA

íbAϕípUABzα°AWεΣΦóCA

LDAP °AúαTOα°AOΣ!GεC#ßíM

µiαh≈AhS!CßíN)µMwΩTe@δ

nΦíCiαMΦíG²XαGAMßAe@δ

Fπh≈MµP∩α°AD≈WFútµΣLBJA N

Gπb@δeApPO%°A#δCßí"

αA+αo@≈uΩ!MµAhpGObⁿw!GjMεUl

αAiαoLkwGC

÷°Aº ÷!GεΩTAib RFC 2686 ñΣC ÷!G

ε OID 1.2.840.113556.1.4.319AB Root DSE ΩTñ@ΣεC

sWjMd

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=Directory,cn=RDBM Backends,cn=IBM Directory,cn=Schemas,cn=Configurationchangetype: addadd: ibm-slapdSortSrchAllowNonAdminibm-slapdSortSrchAllowNonAdmin: TRUE-add: ibm-slapdSortKeyLimitibm-slapdSortKeyLimit: 3-add: ibm-slapdPagedResAllowNonAdminibm-slapdPagedResAllowNonAdmin: TRUE-add: ibm-slapdPagedResLmtibm-slapdPagedResLmt: 3-add: ibm-slapdPagedSizeLmtibm-slapdPagedSizeLmt: 50-add: ibm-slapdIdleTimeOutibm-slapdIdleTimeOut: 300

pGnA≤s]wAoXUC ldapexop ⁿOG

ldapexop -D cn=root -w root -op readconfig -scope entire

µ÷Σ

µ÷Bzi²íN@≤s±b@@ñCqC@ LDAP @

A!OQ°MΩwíOµ÷CϕY@Mt@@ AN@s

b@OUAoO]ϕΣñ@@óAπµ÷KóCµ÷]

wOMw°AWαe\µ÷í¡εC

µ÷Σ

pGnµ÷ΣAUCΣñ@C

9 ]w°Ae 53

Page 66: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Web zGiuWeb zuπv²ñz°AeAMß∩µ÷C

1. ∩µ÷Bz ∩Aµ÷BzCpGµ÷Bz

Ah°AñeñΣL∩ApCµ÷@W¡H

mí¡εC

2. ]wµ÷W¡Czi÷@Uµ÷ú]¡ΩsCpGz∩µ÷Ah"b

µñⁿwµ÷W¡Cµ÷W¡ 2,147,483,647Cw] 20 µ÷C

3. ]wCµ÷@W¡Czi÷@U@ú]¡ΩsCpGz∩@

Ah"bµñⁿwC@µ÷e\@W¡C@W¡

2,147,483,647CV.AαVnCw] 5 @C

4. ]wmí¡εC∩O]wmñµ÷OW¡]HϕpCzi÷

@Uϕú]¡ΩsCpGz∩ϕAh"bµñⁿwC@µ÷e\

ϕW¡CϕW¡ 2,147,483,647CpGµ÷¿¼AíWL

íAhQ°]#Cw] 300 ϕC

5. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

6. pGzwgµ÷ΣAh"½s°AA≤+CpGzuO

∩]wAhú"½s°AC

ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=Transaction,cn=Configurationchangetype: modify

replace: ibm-slapdTransactionEnableibm-slapdTransactionEnable: TRUE-replace: ibm-slapdMaxNumOfTransactionsibm-slapdMaxNumOfTransactions: 20-replace: ibm-slapdMaxOpPerTransactionibm-slapdMaxOpPerTransaction: 5-replace: ibm-slapdMaxTimeLimitOfTransactionsibm-slapdMaxTimeLimitOfTransactions: 300pGnA≤s]wAoXUC ldapexop ⁿOG

ldapexop -D cn=root -w root -op readconfig -scope entire

ldapexop ⁿOu≤sACF²ΣL≤Az"ε½s°AC\ 393yA≤zAHoiAΦí≤sMµC

µ÷Σ

pGnµ÷BzAUCΣñ@C

Web zGiuWeb zuπv²ñz°AeAMß∩µ÷C

1. °∩µ÷Bz ∩Aµ÷BzC

54 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 67: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

2. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

3. z"½s°AA≤+αC

ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=Transaction,cn=Configurationchangetype: modify

replace: ibm-slapdTransactionEnableibm-slapdTransactionEnable: Falsez"½s°AA≤+αC

pµ÷ΣΣL÷ΩTA\ IBM Tivoli Directory Server Version 5.2

C-Client SDK Programming ReferenceC

≤q

zL≤q\αA°Aiqwn²ßAw≤BsWRú²≡ñ

CqíuDDTºvC

ϕo≤A°ANTºϕ¿@huLDAP v3 DDqvßCΣ

messageID 0ABTº@@#íCresponseName µ]nO

OIDCb#µñAπ@nO ID P@ⁿX≤o≈íWOC

íµ UTC íµíC

: ϕiµµ÷Abπµ÷¿eAúeµ÷BJ÷≤qC

≤q

pGn≤qAUCΣñ@C

Web zGiuWeb zuπv²ñz°AeAMß∩≤qC

1. ∩≤q∩AH≤qCpG≤qA°A

ñeñΣL∩C

2. ]wCsun²W¡Czi÷@Un²ú]¡ΩsCpGz∩n²

Ah"bµñⁿwCsue\n²W¡Cµ÷W¡

2,147,483,647Cw] 100 n²C

3. ]wn²W¡C∩O]w°AL≤αn²Czi÷@

Un²ú]¡ΩsCpGz∩n²Ah"bµñⁿwCsue\

n²W¡Cµ÷W¡ 2,147,483,647Cw]n²Oú]¡C

4. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

5. pGz≤qAh"½s°AA≤+CpGzuO∩

]wAhú"½s°AC

9 ]w°Ae 55

Page 68: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=Event Notification,cn=Configurationchangetype: modify

replace: ibm-slapdEnableEventNotificationibm-slapdEnableEventNotification: TRUE-replace: ibm-slapdMaxEventsPerConnectionibm-slapdMaxEventsPerConnection: 100-replace: ibm-slapdMaxEventsTotalibm-slapdMaxEventsTotal: 0

pGz≤qAh"½s°AA≤+CpGzuO∩]

wAhú"½s°AC

pGnA≤s]wAoXUC ldapexop ⁿOG

ldapexop -D cn=root -w root -op readconfig -scope entire

ldapexop ⁿOu≤sACF²ΣL≤Az"ε½s°AC\ 393yA≤zAHoiAΦí≤sMµC

≤q

pGn≤qAUCΣñ@C

Web zGiuWeb zuπv²ñz°AeAMß∩≤qC

1. °∩≤q∩AHµ÷BzC

2. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

3. z"½s°AA≤+αC

ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=Event Notification,cn=Configurationchangetype: modify

replace: ibm-slapdEnableEventNotificationibm-slapdEnableEventNotification: FALSEz"½s°AA≤+αC

p≤qΣL÷ΩTA\ IBM Tivoli Directory Server Version 5.2

C-Client SDK Programming ReferenceC

56 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 69: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

sWúr

rO@ DNAOxsb²ÑhñWhC%≤ LDAP ñ

∩RW≈εAo DN ]O²ÑhñΣLCrC²°Aihr

ACrUO@Od²ÑhFpAo=ibm,c=usC

: XrSw"sW²ñC

sW²ñΣr"X DN AOG’ou=Marketing,o=ibm,c=us’CpG

dñrMtmΩw⌠≤rúAhdw]α

ⁿ LDAP °ACpGⁿw LDAP w]αAh#GⁿX½≤ús

bC

sWr

pGnsWrAUCΣñ@ΦkC

Web zG

: LksWúwwqrAp cn=localhostBcn=pwdpolicy M cn=ibmpoliciesC

]AªúπbeñC

iuWeb zuπv²ñz°AeAMß∩rC

1. ΘJr DNFp c=Italyr°W¡ 1000 rC

2. ÷@UsWC

3. w∩znsWr]ú¡A!O½BzC

4. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

ⁿOµGpGnⁿOµsWrAoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

DN: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationchangetype: modify

add: ibm-slapdSuffixibm-slapdSuffix: <suffixname>ibm-slapdSuffix: <suffix2>ibm-slapdSuffix: <suffix3>

pGnA≤s]wAoXUC ldapexop ⁿOG

ldapexop -D cn=root -w root -op readconfig -scope single "cn=Directory,cn=RDBM Backends,cn=IBM Directory,cn=Schemas,cn=Configuration" ibm-slapdSuffix

úr

pGnúrAUCΣñ@ΦkC

Web zG

: LksWúwwqrAp cn=localhostBcn=pwdpolicy M cn=ibmpoliciesC

]AªúπbeñC

9 ]w°Ae 57

Page 70: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

iuWeb zuπv²ñz°AeAMß∩rC

1. qµr DN MµñA∩znúrC

2. ÷@UúC

3. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

ⁿOµG

: úΣútwqrAp cn=localhostBcn=pwdpolicy M cn=ibmpoliciesC

pGnⁿOµ⌡µP@AoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

DN: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationchangetype: modify

delete: ibm-slapdSuffixibm-slapdSuffix: <suffixname>ibm-slapdSuffix: <suffix2>ibm-slapdSuffix: <suffix3>

z"½s°AA≤+C

pGnA≤s]wAoXUC ldapexop ⁿOG

ldapexop -D cn=root -w root -op readconfig -scope single "cn=Directory,cn=RDBM Backends,cn=IBM Directory,cn=Schemas,cn=Configuration" ibm-slapdSuffix

: z]iHtmí ldapcfgBldapucfg M ldapxcfg sWMúrC÷oíΩTA\ IBM Tivoli Directory Server 5.2 wPtm

ΓUC

úα

αú@Φí²°ANßΣL²°ACαⁿwN LDAP °

A URLCoN°ABzbµ LDAP °A⌠≤l≡ñúΣú½

≤nDCαAziHG

v NWíΩT!bhí°AW

v iΩO≤@÷p°Añ≤B

v NßnDeAϕ°A

αuIG

v !BztßAHú≥tⁿ¡

v b¡!Ωz

v úWL¡º¡τbsj¼p⌠C

: b LinuxBSolaris HP-UX ¡xWApGßblαí\ATw

zt⌠ñ] LDAP_LOCK_REC ⌠Cú⌠≤SwC

set LDAP_LOCK_REC=anyvalue

58 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 71: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

α

pGnPúαAz Web zíC

Web zGiuWeb zuπv²ñz°AeAMß∩αC

1. ΘJ@α URLAΣY"l ldap://C° 32700 rC

2. ÷@UsWC

3. w∩C@zQsWαA!O½BzC

4. ziH∩αA÷@UWUA≤ªbαMµñmCC÷@UA

∩αNbMµñ@mCziHh÷XUA∩α

≤nmεCoOαxsbtmñC

5. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

z"½s°AA≤+αC

ⁿOµGwq@w]αAHt@°AW²Cw]αiⁿVG

v °AW@h]bÑhñ

v uΩT≤sv°AAOÑhñWh°A

v iBzWíºHí≈uΩT≤sv°A

: w]α LDAP URL út DN í≈C ut ldap:// identifier P hostname:port

í≈C

pG

ldapadd -D <adminDN> -w <adminpw> -i <filename>

Σñ <filename> ]tG

# referraldn: cn=Referral, cn=Configurationcn: Referralibm-slapdReferral: ldap://dcecds3.endicott.ibm.com:389ibm-slapdReferral: ldap://<additional hostname:port>ibm-slapdReferral: ldap://<additional hostname:port>ibm-slapdReferral: ldap://<additional hostname:port>objectclass: ibm-slapdReferralobjectclass: topobjectclass: ibm-slapdConfigEntry

úα

pGnúαAUCΣñ@ΦkC

Web zGiuWeb zuπv²ñz°AeAMß∩αC

1. qµαqñA∩znúαC

2. ÷@UúC

3. XTeC÷@UTwHúαF÷@U°#e@eA ú⌠

≤≤C

4. w∩C@zQúαA!O½BzC

9 ]w°Ae 59

Page 72: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

5. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

z"½s°AA≤+αC

ⁿOµGpGnRú@w]αAp austin.ibm.com:389AoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -f <filename>

Σñ <filename> ]tG

dn: cn=referral, cn= configurationchangetype: modify

delete: ibm-slapdReferralibm-slapdReferral: ldap://referral.austin.ibm.com:398

pGnRúw]αG

ldapdelete -D <adminDN> -w <adminPW> "cn=referral,cn=configuration"

]wαΣL LDAP ²

íp≤ referral ½≤OP ref AbtΣL LDAP ²º

Y LDAP ²ñcC]íp≤αh°Aí÷p

Aú÷dC

referral ½≤OP ref referral ½≤OP ref U≤!íWRAU≤bh°AíjMC

ref OXboXº°AñⁿWCref hⁿVQ°Añ

@C

: UCdtmO ref kC

bñA°A A sUCΓGo=ABC, c=US P o=XYZ, c=USCb

o=ABC, c=US ΦA°A A s°A B Ab o=XYZ, c=US Φ

A°A A s°A C C

Σñ@α]wΦíOA °Azl≡AN°AcÑhñCM

ßqs¬]±Ñh íΩT°AúuαvαANw]α

]#YⁿVΣ)°AC

1. αd

60 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 73: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Qα°Aí÷p: pGnzLαA°Aí÷pG

v α½≤ⁿVΣL°AAHiµlhC

v wqw]αHⁿVn⌠≤@B]qOⁿV)°AC

: ziqⁿOµ LDAP íA%ⁿw -M ∩Adα½≤C

ⁿVΣL°A: ziα½≤ⁿVΣL°AAHiµlhAτYA°AUAWíí≈C

NΣL½≤δAα½≤[Jßí (DB2) ñCα½≤%UC¿G

dn: ⁿwOWCQº°ABzWíí≈C

objectclass:ⁿw ″referral″ ½≤OC

ref: ⁿw°A LDAP Web C Web %UC¿G ldap: / /

identifierBhostname:port H@ DNCidentifier iHOD≈WrΩ TCP/IP

CDN ºe"@°u (/) Hj DN P hostname:portAB DN "

Mα½≤ DN Cαñⁿw DN Mα½≤ DN

C@δ ÑAoXº°AOdºRWwqñ]ΣUºY

RWwqC

dn: o=IBM,c=USobjectclass: referralref: ldap://9.130.25.51:389/o=IBM,c=US

síWíϕ⌡µjMAzsnJl°A DNAsQ°AA

úD IBM Directory íQ]p¿∩s DN PCz"P DN

]wTsvA+αsoΓ°AAHKlαCΣlΩTA\ 23

ynJ Web zuπzC

zLαWídíHUOϕα!WíAABJC

1. WzWíÑhC

Ωa - USq - IBM, Lotusµ - IBM Austin, IBM Endicott, IBM Raleigh, IBM HQ

2. ]wh°AAC@°AtWí@í≈C

2. ]w°A

9 ]w°Ae 61

Page 74: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

°AíG

°A A°AHMΣⁿΩñΣL°ACßbSΣL⌠≤ΩTUA

i²oMΣbⁿΩº⌠≤H÷ΩTC

°A BMⁿΩ IBM ÷ºΩs±ñCΣOsΣL IBM Ωb

m÷ΩT]αC

°A COs IBM Austin ΩTC

°A DOs IBM Endicott ΩTC

°A EOs Lotus® ΩTC

3. ]wα½≤AHⁿVΣL°AñUhC

°A]iHwq@w]αAHⁿVuΩT≤sv°A]∩≤bW

íñúOb°AU⌠≤ ÑC

: w]α LDAP Web út DN í≈C

HUOPo¡°ACAΣñπΩwñα½≤AHiµWh

w]αC

3. °A A Ωw]LDIF ΘJ

62 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 75: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

bñsWú

uIOα≈bOΘñRLoA úObΩwñCt@uI

NOúLo@AbC⌡µ LDA sWBRúB∩ modrdn @ßú

nMúC

bMwnxsbOΘñAnUCG

v °AiOΘq

v ²jp

4. αdKn

9 ]w°Ae 63

Page 76: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v íqjMLo°≤¼

@δ ÑA]OΘ¡εAu±J¡ñCYn≤U

PnA°u²v∩MµMu≤Θxv∩MµA

ΣXzí 10 jMLo°≤CΩTA\ 25

yd°A¼AzC

]wsW

pGn]wsWAUCΣñ@Φk

Web zGiuWeb zuπv²ñz°AeAMß∩C

1. ziH≤²iOΘq]HµCw]O 16384000 d

(16 KB)C

2. ziH≤≤ΘxiOΘq]HµCw]O 16384000

d (16 KB)C

: pG≤ΘxStmAo∩K¼AC

3. qi\αϕñ∩znsW@Co\αϕuπiH

ⁿw@Cp snC

: bQP±J cn=directory M cn=changelog xsºeA@db

iMµñC

4. ÷@UsW cn=directory sW cn=changelogCπbAϕMµñCziHNPCboΓxsC

: pG≤ΘxStmAsW cn=changelog K¼AC

5. ∩≤znsWC@A½BzC

6. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

ⁿOµGYnP²M≤ΘxAoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> tG

dn: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationchangetype: modify

add: ibm-slapdCachedAttributeibm-slapdCachedAttribute: sn-add: ibm-slapdCachedAttributeibm-slapdCachedAttribute: cn-add: ibm-slapdcachedattributesizeibm-slapdcachedattributesize: 16384000

dn: CN=CHANGE LOG, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationchangetype: modify

add: ibm-slapdCachedAttributeibm-slapdCachedAttribute: sn-add: ibm-slapdCachedAttribute

64 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 77: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ibm-slapdCachedAttribute: cn-add: ibm-slapdcachedattributesizeibm-slapdcachedattributesize: 16384000

úñ

pGnqúA⌡µUCΣñ@@C

Web z

1. ÷@UAϕMµñA∩znqñúCpe@ñ

AIXAdminGroupIdC

2. ÷@UúC

3. ∩≤znqMµñúC@A½BzC

4. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

DN: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationchangetype: modify

delete: ibm-slapdCachedAttributeibm-slapdCachedAttribute: sn

DN: cn=Changelog, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationchangetype: modify

delete: ibm-slapdCachedAttributeibm-slapdCachedAttribute: sn

9 ]w°Ae 65

Page 78: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

66 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 79: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

10 O@²

í@z²ΩwBJC

tmw]w

%≤ IBM Tivoli Directory Server uw Socket h (SSL)vwuµ÷hw

(TLS)vΓ[KΩA]αOO@ LDAP sCϕ SSL TLS

O@ LDAP M IBM Directory íqTwAiPΣ°AeOMß

OΦíCpGn SSL TLSAztñ"w GSKitC\ 69yw

Socket hzB 69yµ÷hwzP 74y gsk7ikmzAHo

ΩTC

Web zG

i Web zuπ²ñzweAMß∩]wC

1. wsu¼A∩UCΣñ@ΩsG

L °Auα¼)ßúwqTCw]≡ 389C

SSL °A¼)ßw]w]≡ 636úw]w]≡ 389

qTCw]≡O 636C

SSL°Auα¼)ßwqTCoOtm°AwΦ

kCw]≡O 636C

TLS °Ai¼)ßzLw]≡ 389 wMúwqTCYw

qTAß" TLS @CΩTA\ 69yµ

÷hwzC

SSL M TLS°Ai¼)ßzLw]≡ 389 wMúwqTCYw

]≡WwqTAß" TSL @C°A]¼zL

SSL ≡ 636 wqTCΩTA\ 69yµ÷hwzC

:

a. TLSBSSL M TLS ∩uϕz°AΣ TLS +αC

b. TLS M SSL ú¼@CzLw≡e TLS nDP@

C

2. ∩OΦkC

: z"N°A!eC@ßCpGniµ°APßOAz"b°A≈ΩwñsWC@ßC

∩UCΩsG

°AO

pGniµ°AOΦíAIBM Tivoli Directory Server °Abl

SSL Tºµ½íAú IBM Tivoli Directory Server X.509 CpG

© Copyright IBM Corp. 2003 67

Page 80: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ßτL°AAhb IBM Tivoli Directory Server Mß

íºíA@w[KqTqDC

F²°AO@AIBM Tivoli Directory Server b°A≈Ω

wñA"πpK≈H÷p°AC

°APßO

O¼iú LDAP ßP LDAP °AíVOC

ßOALDAP ß"π] X.509 Co

OV IBM Tivoli Directory Server O LDAP ßC

\ 73yßOzC

3. ⁿwnw≡Cw]≡O 636C

4. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

5. z"ε½s IBM Tivoli Directory Server MzníA+α≤

C

a. ε°AC

b. UCΣñ@ΦkεzníC

v oXUCⁿOG

ibmdirictl -D <adminDN> -w <adminPW> admstop

v b UNIX ¼tñAoXUCⁿOG

ps -ef | grep ibmdiradmkill -p <pid]e@ⁿOo>

v b Windows ¼tñAεx -> AA∩ IBMDirectory zn

íAMß÷@UεC

c. zníC

v b UNIX ¼tñAoXUCⁿOG

ibmdiradm

v b Windows ¼tñAεx -> AA∩ IBMDirectory zn

íAMß÷@UC

d. °AC

ⁿOµG

pGnⁿOµtm SSL qTAoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> ]tG

dn: cn=SSL,cn=Configurationchangetype: modify

replace: ibm-slapdSslAuthibm-slapdSslAuth: serverAuth | serverClientAuth-replace: ibm-slapdSecurityibm-slapdSecurity: none | SSL | SSlOnly | TLS | SSLTLS

z"½s°AMzníA≤+αC

68 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 81: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

µ÷hw

uΘhw (TLS)vOTOßP°AºíbiµqTpKPΩπ

@qT≤wC

TLS %Γh¿G

TLS O²qT≤w

HΩ[KΦkApuΩ[K (DES)v RC4 ú[KAúsuw

Co∩í[Kk≈bC@suñú@aúA uTLS T

ºµ½qT≤wvK≤CuO²qT≤wv]iHú[KkC

TLS Tºµ½qT≤w

°AMßA OM≤[KtΓk[K≈ºßAAiµΩ

µ½C

TLS Obßí -Y ∩IsC

: TLS M SSL úα¼@CzL SSL ≡oX TLS nD]-Y ∩P

@C

w Socket h

%≤ IBM Tivoli Directory Server uw Socket h (SSL)vw[KΩA

]αOO@ LDAP sCϕ SSL O@ LDAP M IBM Directory íq

TwAiPΣ°AOPßOΦíC

°AOAIBM Tivoli Directory Server "π] X.509

CVßí]pGu²zuπv ldapsearchHíoM≤m í]HKzL SSL iµ LDAP sAO

IBM Tivoli Directory ServerC

pGniµ°AOΦíAIBM Tivoli Directory Server °Abl SSL Tºµ

½íAú IBM Tivoli Directory Server X.509 CpGßτL°A

Ahb IBM Tivoli Directory Server MßíºíA@w[K

qTqDC

F²°AO@AIBM Tivoli Directory Server b°A≈ΩwñA

"πpK≈H÷p°AC

ßOΦíib LDAP ß LDAP °AºíúVOC

ßOALDAP ß"π] X.509 Co

OV IBM Tivoli Directory Server O LDAP ßC\ 73yß

OzC

pGnb Internet Wiµ íAziH VeriSign ÑsHzñ

(CA)AHo¬iH°AC

SSL O@z°A

pGnb IBM Directory °AOΦ SSL ΣAh"⌡µUC¬ÑB

JCoBJ]zwwPtm IBM Tivoli Directory ServerG

10 O@² 69

Page 82: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

1. w IBM Directory GSKit M≤ApGwC÷w GSKit M≤ΩTA

\ IBM Tivoli Directory Server 5.2 wPtmΓUC

2. gsk7ikm í]H GSKit @wú IBM Tivoli Directory Server

pK≈P°AC°Ai% VeriSign o CA Ai

gsk7ikm uπ)µCCA ])µ]"!tß

í≈ΩwC

3. N°A≈ΩwP÷pKX⌠xsb°AñC≈Ωw

w]⌠]...\ldap\etc ²σ¼mC

4. s Web ¼ LDAP zAHtm LDAP °AC÷BzíA

\ 67y Web zGzC

pGz]QbDn IBM Tivoli Directory Server P@h °AíwqTA

z"t¿UCBJG

1. tm ²°AC

: ϕWzw∩D°ABJiµAúF∩C@ °A⌡µªHCϕN °Atm¿ SSL Ahb SSL íA °AñΓ

MD°AⁿCϕD°A SSL M °AqTAΣP@

LDAP ßC

2. tmD²°AG

a. bD²°A≈ΩwñsW °Aw°AA

iH⌠DnCbípUADn²ΩWO@ LDAP ßCpG

)µAz"qC °A IBM Tivoli Directory Server ñA

X)µAMßNºsWD°A≈ΩwñAT

woQiH⌠DnCΩΦWAzOND°Atm¿

°A SSL ßC

b. ND IBM Tivoli Directory Server tm¿ °ACOo]w replicaPort

AH °A IBM Tivoli Directory Server iµ SSL qTº≡C

3. ½sD°APC@ °AC

: C@ LDAP °Aue\@≈ΩwC

]w°AO: Yn°AOAziHb ibmslapd.conf ñ cn=SSL,

cn=Configuration Uiµ∩CpGnuWeb zuπvA\ 67

y Web zGzC

ⁿOµG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> ]tG

dn: cn=SSL,cn=Configurationchangetype: modify

replace: ibm-slapdSSLAuthibm-slapdSSLAuth: serverAuth

z"½s°AMzníA≤+αC

70 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 83: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ízñ]CAo°A

pGnb IBM Directory PΣßíúwsuA°A"π@≈ X.509

PpK≈C

úpK≈AVí CA o"n°AAH H IBM Directory

BJpUG

1. Hz root ¡≈nJC

2. /½zQ≈ΩwHxspK≈P²C

3. ⌡µ gsk7ikmAHs≈ΩwCb≈ΩwWΦAiH⌠≤CúzW≤AbzN LDAP °Atm¿ SSL A"

úWCúπ⌠WCgsk7ikm íúpK-≈

∩H@1CΣlΩTA\ 74y gsk7ikmzC

: w]A°ALk¬ GSKit s KDBCz"N≤

ldapC

chown ldap:ldap <mykeyring>.*

í\ 305yKerberoszC

4. ]zí CA O VeriSignA÷pUV VeriSign oG

a. sUC VeriSign ⌠Ghttp://digitalid.verisign.com/server_ids.html

b. ÷@U IBM internet connection serversC

c. b⌠WΩTßA÷@U BeginC

d. ú"nΩTA÷"nBJiµH1°ACboíúº¬

iH°AΦAVeriSign iíODnΣzñC

5. pGzQúP CAAϕ CA ⁿAN1eúµ

CAC

ϕz¼ CA oG

1. Hz°A¡≈nJC

2. /½≈Ωw²C

3. N CA ow±b²ñ@CbUBJñC

4. bP@²U⌡µ gsk7ikmAHKN¼≈ΩwñC

5. s LDAP °A Web zAtmU SSL A]A≈Ωw

WµC\ 67y Web zGzC

6. pG≈Ωwñ@≈HWAzQb IBM Directory ñA"

Ow]C

7. IBM DirectoryC

: pGzⁿ gsk7ikm NKXxsbKX⌠ñAhú"b ibmslapd.conf ñ

≤]wKXC

µ°A

pGzb°⌠⌠⌠ñ IBM DirectoryA gsk7ikm z)v°A

Cz]iH gsk7ikm t SSL IBM DirectoryA LR VeriSign

¬iH°ACo¼Y)µC

10 O@² 71

Page 84: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ϕUCBJAH)µ≈ΩwC

1. bC@°AWG

a. /½zQ≈ΩwHxspK≈P²C

b. s≈ΩwAH)µ1AHz CA C

v ji≈jpC

v w°AA DCiHC

c. o1Cgsk7ikm uπ)N±b≈ΩwñC

2. pGzOw∩ßíAbC@íß≈W⌡µUCB

JG

a. N CA 1m≤ß≈W@ismñC

b. N CA 1¼ß≈ΩwñC

c. N¼iH⌠DnC

ΣlΩTA\ 74y gsk7ikmzC

:

1. z"Tw²N CA ¼°A≈ΩwñANºiH⌠

DnAMßAN°A¼°A≈ΩwñC

2. unzO gsk7ikm z IBM Tivoli Directory Server ≈ΩwA

Oo/½≈Ωwb²C

3. C IBM Tivoli Directory Server ")vpK≈PCpG²h IBM

Tivoli Directory Server @#@≈pK≈PAuW[wIC²C°A

úPPpK≈Aib@3°A≈ΩwDaA

N¬KípCC

]wz LDAP ßHs IBM DirectoryUC"nBJt@h≈)µBQßiH⌠°A

LDAP ßA@≈ΩwC]iJΣL]p

VeriSign CA Am≤ß≈ΩwñAHiH⌠DnC

iH⌠DnπHOΩΘ]p VeriSign )µº°A

X.509 ABOJß≈ΩwñABiH⌠

C

1. N°A (cert.arm) szßu@ñC

2. ⌡µ gsk7ikm sß≈ΩwAs≈ΩwCYnsß≈ΩwA∩@ipQßWAHΦK

zCíApG LDAP ßOb Fred ≈W⌡µAiRW FRED.KDB

C

3. pGnN°AsWß≈ΩwG

a. ÷@U≈ΩwAMß∩C

b. ΘJ≈Ωw⌠PWA÷@UTwC

c. ΘJKXC

d. Twwg∩C÷@UsWC

e. ΘJ°AWPmC

f. ΘJ°Abß≈Ωwñ]p Corporate Directory

ServerAMß÷@UTwC

72 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 85: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

4. pGznsß≈ΩwG

a. ÷@U≈ΩwAMß∩sC

b. ΘJsß≈ΩwWMmA÷@UTwC

c. ΘJKXC

d. bsß≈ΩwßA½WzBJAHKN°AsW

≈ΩwñC

5. ⌠ gsk7ikmC

ΣlΩT\ 74y gsk7ikmzC

b LDAP ßM°Aíw SSL suAª°A)µ

AτΣsOAϕ°AC

w∩ LDAP ßnbwíUsC@ IBM Tivoli Directory ServerA½

WzBJC

N≈⌠α≈ΩwpGnαH MKKF í≈⌠G

1. gsk7ikmC

2. ÷@U≈ΩwAMß∩C

3. ΘJz≈⌠⌠PWA÷@UTwC

4. ΘJ≈⌠KXCpG≈⌠SKXAz" MKKF

Σⁿw@KXC

5. b≈⌠ßA÷@U≈ΩwAMß∩tssC

6. Tw≈Ωw¼O] CMS ≈ΩwC±≈ΩwWP

mA÷@UTwC

ßO

ßOΦíib LDAP ß LDAP °AºíúVOC

ßOALDAP ß"π] X.509 Co

OV IBM Tivoli Directory Server O LDAP ßC

÷OPwh (SASL) ibsuqT≤wñ[JOΣCqT≤wt@

ⁿOAHOAV°AOCªiH∩a≤X@w

hAHiµß≥qT≤wµC

b°A¼OⁿO⌠≤ß#ßAªioX@hLdAⁿXó

¿CpGß¼@hLdAioX#⌠µ½]°qT≤w]w

wC

bOqT≤wµ½íASASL ≈ε⌡µOANßv¡≈]Y

IDΘ°AAMß≤X≈εSwhC

ϕ LDAP °A¼ßoX LDAP snDA÷UCBznDG

1. °AσR LDAP snDAUCΩTG

v ßO DNC

v OΦkC

10 O@² 73

Page 86: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v ⌠≤AOnDñtKXC

v pGOΦk SASLA°Aτ LDAP snDñ SASL ≈ε

WC

2. °A²)nDñ DN XGC

3. °A⌠≤H LDAP snD@ú LDAP εC

4. pGOΦk SASLA°APOΣ SASL ≈ε]ⁿw≤nDñCp

G°AúΣ SASL ≈εA°Ae@#XßA⌠s

BzC

5. pGΣ SASL ≈ε (=EXTERNAL)AB SSL O¼°APßOA

h°AτßOAOW CA oATwß

ñSLwoεCpG ldap_sasl_bind ñⁿwß DN PK

X NULLAhbß≥ LDAP @ñߺ x.509v3 ñt DN

gLO¡≈ChAHWΦíOß]pG DN PKX

NULLA ßúsΩTOßC

6. pGOΦku ÷vAh°Ad DN OrΩOSC

7. pG DN rΩAⁿw⌠≤Ah°A]ßOHWΦís

A#nGßCsu DN POΦk!OOd NULL P

LDAP_AUTH_NONEC

8. pGßS²sABbs@íSXAhsuC

]wßO: YnßOAziHb ibmslapd.conf ñ cn=SSL,

cn=Configuration Uiµ∩CpGnuWeb zuπvA\ 67

y Web zGzC

ⁿOµG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> ]tG

dn: cn=SSL,cn=Configurationcn: SSL

changetype: modifyreplace: ibm-slapdSSLAuthibm-slapdSSLAuth: serverClientAuth

z"½s°AMzníA≤+αC

gsk7ikmUC≈zí gsk7ikm H≤ IBM Global Security Kit (GSKit)CªO@

z≈H GUIAH Java Applet ΦíΩ@C

: b AIX @tWA pGtúz]w JAVA_HOMEAziHNº]t

w Java IBM Tivoli Directory Server Java CpGz IBM

Tivoli Directory Server Azn]w LIBPATH ⌠pUG

export LIBPATH=/usr/ldap/java/bin:/usr/ldap/java/bin/classic:$LIBPATH

gsk7ikm -pK≈∩H1BN1¼≈Ωw

ñAHz≈Ωwñ≈C

ziQ gsk7ikm ⌡µ@G

74 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 87: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v ≈∩AVzñ1

v N¼≈Ωwñ

v z≈P

– ≤≈ΩwKX

– π≈÷ΩT

– Rú≈

– ²≈¿≈Ωwñw]≈

– ≈∩P1AH)µ

– X≈

– N≈J≈Ωwñ

– N≈ⁿwiH⌠Dn

– úiH⌠Dn≈ⁿw

– ≈1

v N≈⌠α¿≈Ωwµí

≈∩AVzñ

pGzßís LDAP °AnDiµßP°AOAz"

@-pK≈∩P@≈C

pGßís LDAP °AunDiµ°AOAhú"-

pK≈∩PCzubß≈Ωwñ±m@≈iH⌠

DnYiCpGo°Azñ (CA) wqbzß≈

ΩwñAh"V CA 1 CA A¼z≈ΩwñAMßNº

iH⌠C\ 80yN≈ⁿwiH⌠DnzC

zßΣpK≈n°ATºC°ANΣ≈

ßA²ßi[KTº°AA°AHΣpK≈[HKC

FNΣ≈°AAßn@≈Cñtß≈

BMß÷pOWBHΘCO% CA

oAHτß¡≈C

CA º≥BJpUG

1. gsk7ikm nDC

2. N1úµ CACiQqll≤Aq CA ⌠iµuWúµC

3. N CA #¼z°AºtWYismñC

4. N¼≈ΩwñC

: pGznVCbw]iH⌠ CA Mµñ CA owßA

z"o CA ANº¼z≈ΩwñAiH⌠Cz

"²¿@A+αNwß¼≈ΩwñC

pGn-pK≈∩A1G

1. ΘJUCⁿOAH gsk7ikm Java íG

gsk7ikm

2. ∩≈ΩwC

10 O@² 75

Page 88: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

3. ∩s]ApG≈ΩwwsbC

4. ⁿw≈ΩwWPmC÷@UTwC

: ≈Ωw@Aß°Axs@h≈≈∩PC

5. ϕXúAú≈ΩwKXC÷@UTwC

6. ∩C

7. ∩sC

8. ≈∩úⁿwCHb≈ΩwñO≈∩P

C

9. pGz1OCiHßAΘJ@δWC"O@AB

WC

10. pGz1O¬iHw°AG

v ΘJ°A X.500 qWCqO TCP/IP πD≈WAp

www.ibm.comCY VeriSign °AAh"OπD≈WC

v ΘJWCzWCY VeriSign w°AA]zw

@ VeriSign bßAhµñW"MbßWWC

v ΘJµWC∩µC

v ΘJ°Aba/½C∩µC

v ΘJ°Abº/ (ñ/½) Yg]3 rC

v ΘJ°AbalC

v ΘJ°AbaΩX]2 rC

11. ÷@UTwC

12. π@hTºAΣñⁿX1WPmC÷@UTwC

13. e1 CAC

pGO1 VeriSign CiHw°AAz"zLqll≤N

1 VeriSignC

pGOCiH1AiYlH VeriSignCpGOw°A1A

hni@Bσ≤íCpGQAb1w°AAVeriSign nD

AeUC URLGhttp://www.verisign.com/ibmC

14. ϕz¼ CA A gsk7ikm Nº¼xs≈∩≈Ωw

ñC\yN¼≈ΩwñzC

: g≤≈ΩwKXCpGzⁿw@ΘAz"HlAHA≤≤KXCpGKXbz≤eKLA≈ΩwNLk

Az≤KXεC

N ¼≈Ωwñbz¼ CA #ßAz"N¼≈ΩwñC

pGnN¼≈ΩwñG

1. ΘJ gsk7ikmA Java íC

2. ∩≈ΩwC

3. ∩C

4. ⁿw≈ΩwWPmC÷@UTwC

76 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 89: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

5. ϕXúAú≈ΩwKXC÷@UTwC

6. ∩C

7. bñí°íñ∩HC

8. ÷@U ¼C

9. ΘJtw]) CA oºWPmC÷@UTwC

≤≈ΩwKXpGn≤≈ΩwKXG

1. ΘJ gsk7ikmA Java íC

2. ∩≈ΩwC

3. ∩C

4. ⁿw≈ΩwWPmC÷@UTwC

5. ϕXúAú≈ΩwKXC÷@UTwC

6. ∩≈ΩwC

7. ∩≤KXC

8. ΘJ<sKX>C

9. T<sKX>C

10. ∩]w∩KXíC

11. pGzQ[KKXxsbWA∩NKX⌠bñHC

12. ÷@UTwC

13. X@hTºAΣñⁿX⌠KXWPmC÷@UTwC

: KXϕ½nA]ªiO@pK≈CpK≈@≈Aiσ≤AKH≈[KTºC

π≈÷ΩT

pGnπ≈÷ΩTApGΣWBjpOiH⌠DnG

1. ΘJ gsk7ikmA Java íC

2. ∩≈ΩwC

3. ∩C

4. ⁿw≈ΩwWPmC÷@UTwC

5. ϕXúAú≈ΩwKXC÷@UTwC

6. pGndⁿwuHv≈÷ΩTG

v ∩≈Ωwe°íHC

v ∩C

v ÷@U°/sΦAHπ∩≈÷ΩTC

v ÷@UTwA#uHvMµC

7. pGndⁿwuvº≈÷ΩTG

v ∩≈Ωwe°íC

v ∩C

v ÷@U°/sΦAHπ∩≈÷ΩTC

v ÷@UTwA#uvMµC

10 O@² 77

Page 90: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Rú≈pGnRú≈G

1. ΘJ gsk7ikmA Java íC

2. ∩≈ΩwC

3. ∩C

4. ⁿw≈ΩwWPmC÷@UTwC

5. ϕXúAú≈ΩwKXC÷@UTwC

6. b≈Ωwe°íA∩zQRú≈¼]HB

H1C

7. ∩C

8. ÷@URúC

9. ÷@UO[HTC

²≈¿≈⌠ñw]≈w]≈"O°AiµΣwqTpK≈C

pGn²≈¿≈⌠ñw]≈G

1. ΘJ gsk7ikmA Java íC

2. ∩≈ΩwC

3. ∩C

4. ⁿw≈ΩwWPmC÷@UTwC

5. ϕXúAú≈ΩwKXC÷@UTwC

6. ∩≈Ωwe°íHC

7. ∩nC

8. ÷@U°/sΦC

9. ∩N]w]C÷@UTwC

≈∩PAHµ wqAw°A"@≈-pK≈∩PC

°AΣpK≈AnßTºC°ANΣ≈

ßA²ßi[KTº°AA°AHΣpK≈[HKC

°An@≈AHKNΣ≈ßCñt°A≈

BM°A÷pOWBHΘCO% CA

oAHτ°A¡≈C

ziH1UC@G

v VeriSign oCiHAAXbD WAOzw⌠ Beta

C

v VeriSign ΣL CA o°AAHiµ íC

v )µ°A]pGz¡QΩtYpH Web ⌠⌠ CA

÷ VeriSign Ñ CA °AΩTA\ 75y≈

∩AVzñ1zC

78 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 91: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

)µ≥BJpUG

1. ΘJ gsk7ikmA Java íC

2. ∩≈ΩwC

3. ∩s]pG≈ΩwwsbC

4. ⁿw≈ΩwWPmC÷@UTwC

: ≈Ωw@Aß°Axs@h≈≈∩PC

5. ϕXúAú≈ΩwKXC÷@UTwC

6. ÷@UsµC

7. úUCΩTG

v ≈∩ⁿwCHb≈ΩwñO≈∩PC

v nC

v n≈jpC

v °A X.500 qWCqO TCP/IP πD≈WAp www.ibm.comC

v WCzWC

v µWC∩µC

v °Aba/½C∩µC

v °Abº/]ñ/½Yg]TrC

v °AbalC

v °AbaΩX]2 rC

v C

8. ÷@UTwC

X≈pGznαe≈∩t@íqúAziHqΣ≈ΩwX≈∩

ñCMßb≤t@íqúWAN≈∩J≈⌠ñC

pGnX≈Ωwñ≈G

1. ΘJ gsk7ikmA Java íC

2. ∩≈ΩwC

3. ∩C

4. ⁿw≈ΩwWPmC÷@UTwC

5. ϕXúAú≈ΩwKXC÷@UTwC

6. ∩≈Ωwe°íHC

7. ∩nC

8. ÷@UJ/XC

9. b@¼ñA∩X≈C

10. ∩≈¼G

v PKCS12

v CMS ≈Ωw

v ≈⌠] mkkf

v SSLight ≈ΩwO

10 O@² 79

Page 92: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

11. ⁿwWC

12. ⁿwmC

13. ÷@UTwC

14. ΘJnKXC÷@UTwC

J≈pGnN≈J≈⌠ñG

1. ΘJ gsk7ikmA Java íC

2. ∩≈ΩwC

3. ∩C

4. ⁿw≈ΩwWPmC÷@UTwC

5. ϕXúAú≈ΩwKXC÷@UTwC

6. ∩≈Ωwe°íHC

7. ∩nC

8. ÷@UJ/XC

9. b@¼ñA∩J≈C

10. ∩n≈¼C

11. ΘJWPmC

12. ÷@UTwC

13. ΘJnKXC÷@UTwC

N≈ⁿwiH⌠Dn

iH⌠DnO@≈ABM CA OW÷pCUCiH⌠Dn

)wqbC@s≈ΩwñG

v Integrion Certification Authority Root

v IBM World Registry™ Certification Authority

v Thawte Personal Premium CA

v Thawte Personal Freeemail CA

v Thawte Personal Basic CA

v Thawte Premium Server CA

v VeriSign Test CA Root Certificate

v RSA Secure Server Certification Authority

v VeriSign Class 1 Public Primary Certification Authority

v VeriSign Class 2 Public Primary Certification Authority

v VeriSign Class 3 Public Primary Certification Authority

v VeriSign Class 4 Public Primary Certification Authority

: w]AoiH⌠Dn@l]iH⌠DnC

pGnN≈ⁿwiH⌠DnG

1. ΘJ gsk7ikmA Java íC

2. ∩≈ΩwC

80 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 93: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

3. ∩C

4. ⁿw≈ΩwWPmC÷@UTwC

5. ϕXúAú≈ΩwKXC÷@UTwC

6. ∩≈Ωwe°íC

7. ∩nC

8. ÷@U°/sΦC

9. ∩N]iH⌠Dn A÷@UTwC

10. ∩≈ΩwAMß∩÷¼C

úuiH⌠Dnv≈iH⌠DnO@≈ABM CA OW÷pCUCiH⌠Dn

)wqbC@s≈ΩwñG

v Integrion Certification Authority Root

v IBM World Registry Certification Authority

v Thawte Personal Premium CA

v Thawte Personal Freeemail CA

v Thawte Personal Basic CA

v Thawte Premium Server CA

v VeriSign Test CA Root Certificate

v RSA Secure Server Certification Authority

v VeriSign Class 1 Public Primary Certification Authority

v VeriSign Class 2 Public Primary Certification Authority

v VeriSign Class 3 Public Primary Certification Authority

v VeriSign Class 4 Public Primary Certification Authority

: w]AoiH⌠Dn@l]iH⌠DnC

pGnú≈uiH⌠Dnv¼AG

1. ΘJ gsk7ikmA Java íC

2. ∩≈ΩwC

3. ∩C

4. ⁿw≈ΩwWPmC÷@UTwC

5. ϕXúAú≈ΩwKXC÷@UTwC

6. ∩≈Ωwe°íC

7. ∩nC

8. ÷@U°/sΦC

9. MúN]iH⌠DnC÷@UTwC

10. ∩≈ΩwAMß∩÷¼C

pGn≈1G

1. ΘJ gsk7ikmA Java íC

10 O@² 81

Page 94: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

2. ∩≈ΩwC

3. ∩C

4. ⁿw≈ΩwWPmC÷@UTwC

5. ϕXúAú≈ΩwKXC÷@UTwC

6. ∩≈Ωwe°íHC

7. ∩nC

8. ÷@UJ/XC

9. b@¼ñA∩X≈C

10. ∩nΩ¼G

v ≥ 64 sX ASCII Ω

v Gi DER Ω

v SSLight ≈ΩwO

11. ΘJWPWC

12. ÷@UTwC

13. ∩≈ΩwAMß∩÷¼C

e1 CAC

pGO1 VeriSign CiHw°AAz"zLqll≤N1

VeriSignC

pGOCiH1AiYlH VeriSignCpGOw°A1Ah

ni@Bσ≤íCpGQAb1w°AAVeriSign nDA

eUC URLGhttp://www.verisign.com/ibmC

N≈⌠α¿≈Ωwµígsk7ikm íiN≈⌠]H mkkf α¿ gsk7ikm

µíC

pGnα≈⌠G

1. ΘJ gsk7ikmA Java íC

2. ∩≈ΩwC

3. ∩C

4. ⁿw≈ΩwWPmC÷@UTwC

5. ϕXúAú≈⌠KXC÷@UTwC

6. ∩≈ΩwC

7. ∩tss...C

8. ∩ CMS ≈Ωw≈Ωw¼C

9. ⁿwWC

10. ⁿwmC

11. ÷@UTwC

]w≈Ωw

pGn]w≈ΩwAUCΣñ@C

82 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 95: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Web zG

i Web zuπ²ñzweAMß∩≈ΩwC

1. ⁿw≈Czwq≈AHⁿwn≈Ωwñ

í≈C

2. ⁿw≈Ωw⌠MWC≈ΩwπWµCpGwqK

X⌠Ah]OPWµAΣW .sthC

3. ⁿw≈KXCpGSKX⌠Ah"bⁿw≈ΩwK

XCMßbTKXµñA½sⁿwKXC

4. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

: F²°AoA ID ldap "α≈¬ªC\ 305

y\ivzC

ⁿOµG

pGnⁿOµ]w SSL M TLS ≈ΩwAoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> ]tG

dn: cn=SSL,cn=Configurationchangetype: modify

replace: ibm-slapdSSLKeyDatabaseibm-slapdSSLKeyDatabase: <databasename>-replace: ibm-slapdSSLKeyDatabasePWibm-slapdSSLKeyDatabasePW: <password>-replace: ibm-slapdSslKeyRingFileibm-slapdSslKeyRingFile: <filename>-replace: ibm-slapdSslKeyRingFilePWibm-slapdSslKeyRingFilePW: <password>

z"½s°AMzníA≤+αC

]w[Kh

w]ASSL M TLS IBM Tivoli Directory Server bPß⌡µKX≤]b

SSL TLS Tºµ½íUCKXC

: ÷MKXh\αúαbutmvíUA²OzoiHbutmvíU≤KX[KhC

Web zG

i Web zuπ²ñu°AzvC

1. ÷@UzweC

2. ÷@U[KC

3. ns°AßA∩zn[KΦkCpGz∩h[KΦ

kA w]A¬[KhAúLAz∩C[Khß,

is°AC

10 O@² 83

Page 96: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

: IBM Tivoli Directory Server 5.2 ΣuiÑ[K (AES)v[KhC

p AES ÷ΩTA\ NIST ⌠AΣ⌠

http://csrc.nist.gov/encryption/aes/C

ϕ 7. Σ[Kh

[Kh

168 ≈ SHA-1 MAC T½ DES [

Kk

ibm-slapdSslCipherSpec: TripleDES-168

56 ≈ SHA-1 MAC DES [Kk ibm-slapdSslCipherSpec: DES-56

128 ≈ SHA-1 MAC RC4 [K

k

ibm-slapdSslCipherSpec: RC4-128-SHA

128 ≈ MD5 MAC RC4 [Kk ibm-slapdSslCipherSpec: RC4-128-MD5

40 ≈ MD5 MAC RC2 [Kk ibm-slapdSslCipherSpec: RC2-40-MD5

40 ≈ MD5 MAC RC4 [Kk ibm-slapdSslCipherSpec: RC4-40-MD5

AES 128 [Kk ibm-slapdSslCipherSpec: AES-128

AES 256 [Kk ibm-slapdSslCipherSpec: AES

∩KX ibm-slapdsslCipherSpec ÷ΣrH)WzϕµwqxstmñApApGzuQuT½ DESvA∩ 168 ≈

SHA-1 MAC T½ DES [KkCb ibmslapd.conf ñsWibm-slapdSslCipherSpec: TripleDES-168 CbíUAuPΣuT½ DESvßA+α≈P°Aí SSL suCziH∩h½KXC

4. pGz°AΣupXΩTBz (FIPS)ví\αAbuΩ@vYU

Kπww²∩ FIPS Ω@∩Coo°Aα≈ ICC

FIPS w[KtΓkCpGz°∩o∩AhD FIPS w

[KtΓkC

5. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

ⁿOµG

pGnⁿOµ]w SSL [Kh]bñ 168 ≈M SHA-1 MAC

T½ DES [KAoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> ]tG

dn: cn=SSL,cn=Configurationchangetype: modify

replace: ibm-slapdSslCipherSpecibm-slapdSslCipherSpec: TripleDES-168

\ϕ 7 HoΣL[KC

YnsW@hHW[KkAz <filename> iα]tG

dn: cn=SSL,cn=Configurationchangetype: modify

replace: ibm-slapdSslCipherSpecibm-slapdSslCipherSpec: RC2-40-MD5ibm-slapdSslCipherSpec: AESibm-slapdSslCipherSpec: RC4-128-MD5

84 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 97: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ibm-slapdSslCipherSpec: RC4-128-SHAibm-slapdSslCipherSpec: TripleDES-168ibm-slapdSslCipherSpec: DES-56ibm-slapdSslCipherSpec: RC4-40-MD5

pGnⁿOµ FIPS íAoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> ]tG

dn: cn=SSL,cn=Configurationchangetype: modify

replace: ibm-slapdSslFIPSModeEnabledibm-slapdSslFIPSModeEnabled: false

z"½s°AMzníA≤+αC

KX[K

IBM Directory i²zε≥vsKXípoCKXisXx

sb²ñApiεσKXD⌠≤]]AtzsC

ziN°Atm¿µVsXµíVsXµíAsX userPassword

C

µVsXµíG

v SHA-1

v crypt

btm°AßA⌠≤sKX]s∩LKX]bx

s²ΩwºeAúgLsXCgsXKXHsXtΓkW[HOA

pi²úPµísXKX]α@sb²ñCϕsXtmAwsX

KX,úBα≥B@C

bnσKXíΦ]pGñíhONzíA²z

"N°Atm¿⌡µVsXú[KKXCbípUAxsb²

ñσKXNzL² ACL ≈εO@C

VsXµíG

v imask

imask O@VBn∩AiN userPassword sXb²ñAHlσ

µíAϕ¿@í≈Cí]pGñíhO°AnD

HσµíKXAúLAqwhiαTεNσKXxsbn

/[xsΘñC∩iPí¼oΓDC

unsnDñúKXAMh userPassword ñ⌠≤@AYΓO

÷s¿\C

ϕz Web ztm°AAziH∩UC6[K∩º@G

L ú[KCKXOHσσrµíxsC

crypt bNKXxs²ºeA²H UNIX crypt sXtΓksXC

SHA-1 bNKXxs²ºeA²H SHA-1 sXtΓksXC

10 O@² 85

Page 98: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

imask bNKXxs²ºeA²H imask tΓksXAHσµíAN

ºϕ¿Y@í≈C

w]∩O imaskC≤n²b°AtmKX[KεⁿOñC

ibm-SlapdPwEncryption: imask

°Atm≤G

<w⌠>\etc\ibmslapd.conf

úF userPassword AsecretKey ϕH ″imask″ sXb²ñCúuserPasswordAsXOMw∩ secretKey ΩICSΣL∩CsecretKey

O@ IBM wq⌡Cíixs"TwsXb²ñ

PΩAHQ²sεσµíΩC

÷tmΣLΩTA\wPtmΓUC

pGnⁿOµ≤[K¼Ap≤ cryptAoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -f <filename>

Σñ <filename> tG

dn: cn=configurationchangetype: modify

replace: ibm-slapdPWEncryptionibm-slapdPWEncryption: crypt

pGnA≤s]wAoXUC ldapexop ⁿOG

ldapexop -D <adminDN> -w <adminPW> -op readconfig -scope single"cn=configuration" ibm-slapdPWEncryption

:

1. pGzH imask °AKX[KΦkAhzΘJKXñue 46 r

C 46 rß⌠≤rQñ°CPaApG

UNIX crypt ΦkAhue 8 rCA%≤ SecretKey H

imask [KΦí[KbΩwñAWL 46 r SecretKey τúOdC

2. µVsXKXiiµKX±∩A²LkKCbnJíAsX

nJKXAMxs±AHiµ±∩τC

]wKXh

KXhO@εp≤b IBM Directory ñzKXWhCoWh«

bTOw≤ΣKXAHKXXnDKXykCAo

Whτ¡εKX½AHTw@3WLwqóßY

QΩwC

pKXΣL÷ΩTA\ 88yKXhzC

úF²zMzs¿HA"ϕuKXhCz

Mzs¿KX/úA Bbß]/úQΩwC²zM

zs¿¼≈sεv∩KXPKXhC

86 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 99: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Web zG

iuWeb zuπv²ñzweAMß∩KXhCe

πúisΦKXµAΣñ]tKXhWC

1. qUMµñ∩KX[K¼G

v L

v imask

v crypt

v sha

ΣlΩT\ 85yKX[KzC

2. ∩KXh∩KXhC

: pGSKXhAoeñΣL\αΣLKXeúNLkA∩εC w]AKXhOC

3. ∩i≤KX∩AHⁿwi≤KXC

4. ∩b½]ß≤KX∩AHⁿwb½]KXnJ

ßAO"≤KXC

5. ∩b≤KXe∩AHⁿwbnJßAO"

²AⁿwKXA+α≤KXC

6. ]wKX¡C÷@UKXúLΩsAhϕKXú"Cj@qSw

íY≤F÷@UΩsAhiⁿwKX"½]ííj]6C

7. ⁿwtbKXLeAOnoX@hKXiCpGz÷@Uúi

ΩsAhbe@KXLeAúúiCbzsKXeA

NLks²CpGz÷@UeΩsAⁿw@6]nAh

bKXLe n 6lACϕnJAú¼@hiAú

≤KXC,is²AKXLεC

8. ⁿwbKXLßA,inJ]YC∩i²

LKXs²C

9. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

ⁿOµG

pGnⁿOµ⌡µP@AoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=pwdpolicychangetype: modify

replace: ibm-pwdpolicyibm-pwdpolicy: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace:pwdallowuserchangepwdallowuserchange: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace:pwdmustchangepwdmustchange: TRUE|FALSE#∩ TRUE HA∩ FALSE H

10 O@² 87

Page 100: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

-replace:pwdmaxagepwdmaxage: 5-replace:pwdexpirewarningpwdexpirewarning: 7-replace:pwdgraceloginlimitpwdgraceloginlimit: 2z"½s°AA≤+αC

KXh

Uú IBM Tivoli Directory Server ñ IBM Tivoli Directory Server

(IDS) KXΣΩTAHz LDAP ⌠bßCΣñ]ún

KrhAHε.b⌡µ Directory Server ⁿOµuπM C-API

VcC

Directory Server Γbß¼G

v zbß]LDAP z(cn=root)Azs¿A LDAP DB2 A

xsb /etc/ibmslapd.conf ñC

v (iNetOrgPerson) AΣπKXA≤ Directory Server C M Java

(JNDI) APICoOí]p Policy Director M WebSphereC¿

Directory Server ΣsxUKXΘJAz,ndííσ≤

TAh¡εC

HUz IBM Tivoli Directory Server 5.2 ΣKXC

(InetOrgPerson) KX 5.2 AuserPasswordµiΣUCrH C M Java API xsb

Directory Server ñC Directory Server í]p Policy DirectorBWebSphere

ÑÑiα÷≤KXΣL¡εCpíA\oSwúú

íσ≤C

v jgMpgσr)MrC

v ΣΣL ASCII σrC

v IBM Tivoli Directory Server 5.2 Níσ≤ñⁿwºyÑΣ

rC

v KX!jpgC]pApGKX = TeStA TEST test KXNóC

ujpgX TeSt +αqLC

LDAP ibmslapd.conf G 5.2 A <LDAP_DIR>/etc/ibmslapd.conf ñKXiΣUCrG

v ΣjgMpgσr)MrrC

v ΣΣL ASCII µrC

v KX!jpgC]pApGKX = TeStA TEST test KXNóC

ujpgX TeSt +αqLC

:

1. ibmslapd.conf ñuviH]tUCG

v LDAP z (cn=root)

v zs¿

88 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 101: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v g@Dn ID (cn=MASTER)

v LDAP DB M≤ΘxΩw LDAP DB2 (LDAPDB2)

2. zKXñúΣrC

uIDS Web zuπv∩KXG 5.2 Web zuπAiΣUCrsW∩KXµG

v ΣjgMpgσr)MrrC

v ΣΣL ASCII µrC

v KX!jpgC]pApGKX = TeStA TEST test KXNóC

ujpgX TeSt +αqLC

:

1. zKXúΣrC

2. KXΣrC

SϕrKUCrA]@ Shell iαNªuSϕvrG

`’\"|

pA 5.2 Web zuπⁿwKXG

"\"test\’

nbⁿOµñUCKXG

-w\"\\\"test\’

oOdjMG

ldapsearch -b" " -sbase -Dcn=newEntry,o=ibm,c=us -w\"\\\"test\’ objectclass=*

: blKX ú⌡µrº Web zuπ Java íñiHK

XCb²edñAuWeb zuπvsKXPuWeb zuπvñⁿwKX

ΘJKXPG

"\"test\’

]wKXΩw

pGn]wΩwKX¼pAUCΣñ@C

: pG°AKXhAKXΩw\αNúC

Web zG

iuWeb zuπv²ñz°AeAMß∩KXΩwC

: pG°AKXhAoeñ\αNúC

1. ⁿw"LXϕBX!BXpX6ºßA+α≤KXC

2. ⁿwpGnJAOnNKXΩwC

10 O@² 89

Page 102: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v pGze\L¡εnJA∩KXúΩwΩsCo∩

KXΩw\αC

v ∩ΩsAⁿwbΩwKXee\nJCo∩

KXΩw\αC

3. ⁿwΩwC∩Ωw[ Ωsⁿwtz"½]KXA∩ϕ

ΩsⁿwΩwLXϕºß+α#nJC

4. ⁿwnJCzi÷@UKXT!MúnJΩsAⁿw

¿\nJß+αMúnJF÷@UϕΩsAⁿw"LFXϕßA+

NónJqOΘñMúC

: ubKXΩwípUA∩+α@C

5. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

ⁿOµG

pGnⁿOµ⌡µP@AoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=pwdpolicychangetype: modify

replace: pwdlockoutpwdlockout: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace:pwdmaxfailurepwdmaxfailure: 3-replace:pwdlockoutdurationpwdlockoutduration: 15-replace:pwdfailurecountintervalpwdfailurecountinterval: 30-replace:pwdexpirewarningpwdexpirewarning: 7-replace:pwdgraceloginlimitpwdgraceloginlimit: 2

]wKXτ

pGn]wτKX≥DM¡εAUCΣñ@C

Web zG

iuWeb zuπv²ñz°AeAMß∩KXτC

: pG°AKXhAoeñ\αNúC

1. ]w"LXKXßA+αA½P@KXCΘJ 0 30 í@

rCpGzΘJ 0AϕKXi½ S¡εC

2. qU\αϕñA∩OHUCΘJµñwqykdKXCziH∩

G

90 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 103: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

údyk

ú⌡µykdC

dyk]w[KKXú

∩[KKXiµykdC

dyk

∩KXiµykdC

3. ⁿw@AH]wKX°U¡CY]sAhúiµykdC

v ⁿw@AH]wKXñ.XσrC

v ⁿw@AH]wKXñ.XPSϕrC

: σBrMSϕrrU¡"Ñ≤p≤zⁿwKX°U¡C

4. ⁿwKXñr½W¡C∩O¡εP@SwrbKXñαX

CY]sAhúd½rC

5. ⁿw.oXrMeKXHKX½epíjµñⁿwX

eKXúPCY]sAhúdúPrC

6. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

ⁿOµG

pGnⁿOµ⌡µP@AoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=pwdpolicychangetype: modify

replace: pwdinhistorypwdinhistory: 8-replace:pwdchecksyntaxpwdchecksyntax: 0|1|2# 0=údyk#1=dyk]w[Kú#2=dyk-replace:pwdminlengthpwdminlength: 6-replace:passwordminalphacharspasswordminalphachars: 3-replace:passwordminothercharspasswordminotherchars: 3-replace:passwordmaxrepeatedcharspasswordmaxrepeatedchars: 2-replace:passwordmindiffcharspasswordmindiffchars: 4

10 O@² 91

Page 104: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

]w KerberosIBM Tivoli Directory °AibΣ AIX °AP AIX 64 ßWΣ

Kerberos 1.3 °AAp IBM Network Authentication ServiceC@t

tABA≤ AIX 32 ßBWindows NT P Windows 2000 Kerberos

C

: z"w Kerberos ßA+α Kerberos OΦíC

b Network Authentication Service UAße@h²o≈!tñ (KDC)

qµnDCKDC ß@≈uqµPqµ (TGT)vAß

KXNº[K¿≈ANw[K TGT #ßCAßi

ΣKXK TGTCpGK¿\AßiOdK TGTAHß¡≈

C

TGT @3FⁿwíYLA Σe\ßoiúSwAº\ivΣL

qµCboΣLqµ1PPLñAúnJC

Network Authentication Service ≤⌠⌠WΓIíOH∩[KqTCª

i²íú@PßOb⌡≡@L÷whCbípUA

Network Authentication Service ibz⌠⌠wñΩtúiñΓC

znDΘW ldap/<hostname>.<mylocation>.<mycompany>.comAb≈!eñ

]KDCñ@ LDAP °AAíWC

: ziH⌠ ″LDAP_KRB_SERVICE_NAME″ P LDAP Kerberos A

íWjpgCpGO]w¿ ’LDAP’Ahjg LDAP Kerberos

AíWCpGS]wAhpg ldapCLDAP ßM°Aú

o⌠Cbw]ípUAú]woCΩT\

305yKerberoszC

Network Authentication Service ú≤pUG

≈eñ

KDC O@iH⌠°AAvsΓñDΘpK≈CKDC %

UCΓí≈¿GuO°A (AS)vPuqµP°A (TGS)v¿C

AS %o TGTABzlßOCTGS tdoAqµA

HKßVAO¡C

z°A

z°Aiú Network Authentication Service ΩwzsvCΩ

wt@DΘB≈BhHΓΣLzΩTCz°Ae\s

WB∩BRúP°DΘPhC

KX≤A

KX≤Ai²≤ΣKXCKX≤A%z°AúC

ßí

ßíi@]qµB@ keytab B≤KXAH⌡

µΣL≥ Network Authentication Service @C

í]p]APIiúíwPYAHiµw!ííoC÷úº API

íA\ Application Development ReferenceC

92 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 105: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Web zG

b°AzUAi Web zuπ²ñzweCpGz°A

Σ Kerberos]τYªΣ kerberos \α OID - 1.3.18.0.2.32.30A∩

Kerberos CpGz°AúΣ KerberosAoNúπC

1. ∩ Kerberos O∩AH Kerberos OC

: z"w Kerberos ßA+α Kerberos OΦíC

2. ∩N Kerberos ID ∩M LDAP DN ∩A²²zB Kerberos

OΦk ACL ΩCΩTA\ 94yKerberos ¡≈∩

MzC

3. hostName.domainName µíΘJ Kerberos ΓAp TEST.AUSTIN.IBM.COMC

oµí!jpgC

4. ΘJ Kerberos keytab ⌠MWCo]t LDAP °ApK≈A

≈PΣ kerberos bß÷pCoM SSL ≈ΩwúⁿO@C

5 . pGzOH²z¡≈nJA i b m - k n = v a l u e @ r e a l m

i b m - K e r b e r o s N a m e = v a l u e @ r e a l m I f µíΘJNz I DAp

[email protected]¿úαsΦoµC

: ID "O Kerberos Γñ IDCo ID !jpgC

6. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

ⁿOµG

pGn Kerberos AoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -f <filename>

Σñ <filename> tG

dn: cn=Kerberos, cn=Configurationcn: Kerberosibm-slapdKrbAdminDN: [email protected]: trueibm-slapdKrbIdentityMap: trueibm-slapdKrbKeyTab: /keytabs/mykeytab.keytabibm-slapdKrbRealm: MYREALM.AUSTIN.IBM.COMobjectclass: ibm-slapdKerberosobjectclass: ibm-slapdconfigEntryobjectclass: top

pGn∩ Kerberos Ap≤ keytab AoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -f <filename>

Σñ <filename> ]tG

dn: cn=Kerberos, cn=Configurationchangetype: modify

replace: ibm-slapdKrbKeyTabibm-slapdKrbKeyTab: /keytabs/mynewkeytab.keytab

KerberosbzⁿOµ⌡µ Kerberos OºeAz"⌡µ Kerberos l]w@Co

XUCⁿOG

10 O@² 93

Page 106: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

kinit <kerberos_principlename>@<realm_name>

pGn Kerberos OAz"b ldapadd P ldapsearch ⁿOñAⁿw -m ∩P

GSSAPI CpG

ldapsearch -V 3 -m GSSAPI -b <"cn=us"> objectclass=*

Kerberos ¡≈∩M

¡≈∩Mi²²zB Kerberos OΦk ACL ΩCIBM

Directory ACL OHⁿws²°AºßOW (DN) ≥ªCs

vN°P DN \iv wAH° DN º⌠≤s\iv wCpG

GSSAPI sΦk]τYA Kerberos V°AO¡Ah DN

I IBM-KN=your_principal@YOUR_REALM_NAMEC DN ¼is ID

ss¿Cz]iHuKerberos ¡≈∩Mv\αAN DN svP

²ñC

pApG²ñ@ Reginald Bender G

dn: cn=Reginald Bender, ou=internal users, o=ibm.com, c=USobjectclass: top

objectclass: personobjectclass: organizationalpersoncn: Reginald Bendersn: Benderaclentry: access-id:CN=THIS:critical:rwscaclentry: group:CN=ANYBODY:normal:rscuserpassword: cL1eNt

svi²H DN ″cn=Reginald Bender, ou=internal users, o=ibm.com, c=US″s⌠≤H°KXѽnΩA²ΣLHhúµC

pG R e g i n a l d B e n d e r K e r b e r o s s°AAΣ D N hI

[email protected]_1CpG°AWS¡≈∩M\αANúe\Σ

°¡KXC

pG¡≈∩MAunw∩¿pUAhΣi°KXG

dn: cn=Reginald Bender, ou=internal users, o=ibm.com, c=US...objectclass: ibm-securityidentitiesaltsecurityidentities: Kerberos:[email protected]_1

ϕ Reginald Bender s²°AA°A²jMπ²AHP²O

KDC]≈!tñbßn²CYúOA°AjM²AαΣ⌠≤t

altsecurityidentities BΣM Kerberos DΘPΓCbñA

DΘ rbenderAΓO SW.REALM_1C Kerberos ¡≈∩Mw]CpG

π @HWAhsóC∩M"O@∩@CpG∩M¿\A

Reginald Bender N ″cn=Reginald Bender, ou=internal users, o=ibm.com, c=US″ svA]A⌠≤t¿ssC

IBM Tivoli Directory Server i]t Kerberos bßΩT (krbRealmName-V2 =

<realm_name> M krbPrincipalName = <princ_name>@<realm_name>)AH KDC

xswC

pG°A Kerberos ¡≈∩M\αAh²jM²AHΣXΣ½≤O

krbRealm-V2 M krbRealmName-V2 =<realm_name> AOG

94 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 107: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

dn: krbRealmName-V2=SW.REALM_1, o=ibm.com, c=USobjectclass: krbRealm-V2krbReamlName-V2: SW.REALM_1

pGΣú⌠≤A°AWzw] Kerberos ¡≈∩MCpGΣW

L@AhsóC

úLApG²ñtUC@G

dn: krbRealmName-V2=SW.REALM_1, ou=Group, o=ibm.com, c=USobjectclass: krbRealm-V2krbRealmName-V2: SW.REALM_1krbPrincSubtree: ou=internal users,o=ibm.com, c=USkrbPrincSubtree: ou=external users,o=ibm.com, c=US

°AjMC@H krbPrincSubtree CXl≡AHMΣt krbPrincipalName

C

bñAF² Reginald Bender ¡≈∩Mα@Az"b ″cn=Reginal

Bender, ou=internal users, o=ibm.com, c=US″ ñ[JUCΓG

objectclass: extensibleObjectkrbPrincipalName: [email protected]_1

°²O KDC bßn² wAG

dn: cn=Reginald Bender, ou=internal users, o=ibm.com, c=US...objectclass: ibm-securityidentitiesaltsecurityidentities: Kerberos:[email protected]_1...

AY KDC bßn²hG

dn: cn=Reginald Bender, ou=internal users, o=ibm.com, c=US ...objectclass: extensibleObjectkrbPrincipalName: [email protected]_1

úWzípAßú∩M ″cn=Reginald Bender, ou=internal users,

o=ibm.com, c=US″C

pG]SΣ ∩M DNAh∩MóA²s,Γ¿\CúLApGO∩M

@HW DNAhsóC

¡≈∩Mi² ACL ft Kerberos OCπ@∩M¡≈º Kerberos

ßAπΓIMúP¡≈A bPsv⌠oΓ¡≈C

¡≈∩MAIX@NCsíjMvTαAB¡≈∩M⌡

µΣL]wAHsWAϕn∩MñC

bñApGw]¡≈∩MAhz]Kerberos LDAP"Tw KDC

ñΩM LDAP °AñΩPBCpGΩúPBAh] ACL ⌠úTA

#GiαOC

: ½≤O]p K r b P r i n c i p a lP]p K r b P r i n c S u b t r e eBKRbAliasedObjectName P KrbHintAliasesHN IBM Directory wq¿

Kerberos KDCCΩT\ Kerberos íσ≤C

10 O@² 95

Page 108: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

oετ

pGb SSL ]wñz∩n°APßOΦíAziαN°Atm¿

dOwoεLC

ϕßegOnD°AA°A¬Ae@hdt

woεMµ LDAP °ACpGbMµñΣúßAhe\ßP°

Ag% SSL qTCpGΣAhúe\qTC

pGntm SSL oετAUC@ΦkG

Web zG

b°AzUAiuWeb zuπv²ñzweA∩o

εC

1. ΘJtwoε°AWC°AO%zPñ (CA) ⁿ

wAp V e r i S i g nCD≈Wµí h o s t N a m e . d o m a i n N a m eAp

myserver.ibm.comC

2. ΘJM°AqT≡Ap 389C

3. ΘJsτ°A DNAp cn=rootCpGτ°Ae\WjM

oεMµ (CRL)Ah∩C

4. ΘJs DN ÷pKXCpGzⁿw DNAh"ΘJC

5. ½sΘJsKXAHTS,rC

6. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

: LúXbMµñA]¡tΘC

ⁿOµG

pGnⁿOµtm SSL oετAoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> ]tG

dn: cn=CRL,cn=SSL,cn=Configurationchangetype: modify

replace: ibm-slapdCrlHostibm-slapdCrlHost: <newhostname>-replace: ibm-slapdCrlPasswordibm-slapdCrlPassword: <password>-replace: ibm-slapdCrlPortibm-slapdCrlPort: <portnumber>-replace: ibm-slapdCrlUseribm-slapdCrlUser: <username>

z"½s°AMzníA≤+αC

96 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 109: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

tm DIGEST-MD5 ≈ε

DIGEST-MD5 O@ SASL O≈εCϕß Digest-MD5 AKXúH

σµíΘA BqT≤wε½e≡C

pGntm DIGEST-MD5 ≈εAUCΣñ@ΦkC

Web zG

b°AzUAiuWeb zuπv²ñzweA∩

DIGEST-MD5 C

: uϕz°AΣ DIGEST-MD5 Ao+πC

1. b°AΓºUAziHw²∩w]]wAoO°AπD≈W

AziH÷@UΓΘJntm°A¿ΓWC

: pG]wtmñ ibm-slapdDigestRealm A°A ú

Γw]CbípUAuΓv÷sQw²∩AΓπ

bµñC

ΓWO%ßMwn@WMKXC

ϕ g@AzQn²°AtmPΓC

2. bWºUAziHw²∩w]]w (uid)AziH÷@

UΘJzn°Ab DIGEST-MD5 SASL sí@O

WC

: pG]wtmñ ibm-slapdDigestAttr A°A ú

uWvw]CbípUAuv÷sQw²∩A

πbµñC

3. pGzOH²z¡≈nJAbzWºUAΘJz

WCzs¿úαsΦoµCpGⁿw≤ DIGEST-MD5 SASL s

WXrΩANOzC

: zW!jpgC

4. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz

≤⌠F÷@U°A⌠eA ú⌠≤≤C

ⁿOµG

Yn cn=Digest,cn=configuration AΘJⁿOG

ldapadd -D <adminDN> -w <adminpw> -i <filename>

Σñ <filename> ]tG

dn: cn=Digest,cn=configurationcn: Digestibm-slapdDigestRealm: <realm name>ibm-slapdDigestAttr: <uuid>ibm-slapdDigestAdminUser: <Adminuser>objectclass: topobjectclass: ibm-slapdConfigEntryobjectclass: ibm-slapdDigest

Yn≤ DIGEST-MD5 ]wAoXUCⁿOG

10 O@² 97

Page 110: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ldapmodify -D <adminDN> -w <adminpw> -i <filename>

Σñ <filename> ]tG

dn: cn=Digest,cn=configurationchangetype: modify

replace: ibm-slapdDigestRealmibm-slapdDigestRealm: <newrealmname>-replace: ibm-slapdDigestAttribm-slapdDigestAttr: <newattribute>-replace: ibm-slapdDigestAdminUseribm-slapdDigestAdminUser: <newAdminuser>

98 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 111: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

11 z IBM Directory ⌡

⌡@WhAHΣtΩp≤xsb²ñC⌡wqe\¼BΣ

cHykC

: °AH⌡ΩT]p½≤OíPykíσCoΩTC

ΩOH²Φíxsb²ñCO%@"n½≤OHΣ

¿Ci"n∩C½≤OHⁿXíºΩTAwqΣ

t@CC@@h÷pC÷ΣLΩTA\

189 14 , y²zC

IBM Directory 5.2 ⌡Ow²wqnAúLApGzΣLDAz,MiH

∩⌡C

IBM Tivoli Directory Server 5.2 tA⌡ΣC⌡OH²ΩT@GAB

ibl⌡ (Subschema) (DN=″cn=schema″) ñΣCziH ldap_search() API

d⌡AH ldap_modify() ∩C÷o API ΩTA\ IBM

Directory Client SDK Programming ReferenceC

⌡ttmΩTA± LDAP 3 Request For Comments (RFC) Wµ

ohCpANYw ÑAziH»z"@CbAϕípUA

BtmΩT@≤l⌡ñCtAl⌡ IBMsubschema hwqF

@½≤OAΣtH±mXR⌡ΩT ″MAY″ C

IBM Tivoli Directory Server nDw∩RWwqwq⌡A"xsbSϕ

² ″cn=schema″ ñCtw∩°Awq⌡CpGn⌡ΩTAziHΘJUCAH⌡µ ldap_searchG

DN: "cn=schema", search scope: base, filter: objectclass=subschemaor objectclass=*

⌡úUC¼G

v objectClasses]\ 101yBz½≤OzC

v attributeTypes]\ 107yBzzC

v IBMAttributeTypes]\ 112yIBMAttributeTypes ¼zC

v ±∩Wh]\ 113y±∩WhzC

v ldap yk]\ 115yykzC

o⌡wqykOH LDAP 3 RFC C

d⌡itG

objectclasses=( 1.3.6.1.4.1.1466.101.120.111NAME ’extensibleObject’SUP top AUXILIARY )

objectclasses=( 2.5.20.1NAME ’subschema’AUXILIARY MAY

© Copyright IBM Corp. 2003 99

Page 112: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

( dITStructureRules$ nameForms$ ditContentRules$ objectClasses$ attributeTypes$ matchingRules$ matchingRuleUse ) )

objectclasses=( 2.5.6.1NAME ’alias’SUP top STRUCTURALMUST aliasedObjectName )

attributeTypes ( 2.5.18.10 NAME ’subschemaSubentry’ EQUALITY distinguishedNameMatch

SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATIONSINGLE-VALUE USAGE directoryOperation )

( 2.5.21.5 NAME ’attributeTypes’EQUALITY objectIdentifierFirstComponentMatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )

( 2.5.21.6 NAME ’objectClasses’EQUALITY objectIdentifierFirstComponentMatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation )

ldapSyntaxes ( 1.3.6.1.4.1.1466.115.121.1.5 DESC ’Binary’ )( 1.3.6.1.4.1.1466.115.121.1.7 DESC ’Boolean’ )( 1.3.6.1.4.1.1466.115.121.1.12 DESC ’DN’ )( 1.3.6.1.4.1.1466.115.121.1.15 DESC ’Directory String’ )( 1.3.6.1.4.1.1466.115.121.1.24 DESC ’Generalized Time’ )( 1.3.6.1.4.1.1466.115.121.1.26 DESC ’IA5 String’ )( 1.3.6.1.4.1.1466.115.121.1.27 DESC ’INTEGER’ )( 1.3.6.1.4.1.1466.115.121.1.50 DESC ’Telephone Number’ )( 1.3.6.1.4.1.1466.115.121.1.53 DESC ’UTC Time’ )

matchingRules ( 2.5.13.2 NAME ’caseIgnoreMatch’

SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )( 2.5.13.0 NAME ’objectIdentifierMatch’

SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )( 2.5.13.30 NAME ’objectIdentifierFirstComponentMatch’

SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )( 2.5.13.4 NAME ’caseIgnoreSubstringsMatch’

SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )

pPWzdAbµ@úñAzú"úYw¼C

⌡ΩTizL ldap_modify API ∩CΣLΩT\ Client SDK Programming

ReferenceC% DN ″cn=schema″AziHsWBRúm½¼½≤OCpGnRú⌡ΩΘAúAWA oid (oid)Cz]iHúπíCziHs

W≤½¿ LDAP 3 wq IBM XRwqoΓwq⌡C

@q⌡Σ

IBM Directory iΣpUwq²⌡G

v Internet Engineering Task Force]IETF LDAP 3 RFCAp RFC 2252 M

2256C

v Directory Enabled Network (DEN)

100 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 113: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v Desktop Management Task Force (DMTF) Common Information Model (CIM)

v Network Application Consortium Lightweight Internet Person Schema (LIPS)

LDAP N LDAP 3 wq⌡]tbw]⌡tmñCAτ]t

DEN ⌡wqC

IBM τú@XR@q⌡wqAiΣL IBM úbB LDAP ²@#C

o]AG

v White Page í½≤AOGepersonBsBΩaBBµPB

baB/Ñ

v ΣLlt½≤AOGbßBAPsIBvBOBwhÑ

½≤OX (OID)½≤OX (OID) O@QirΩAH@OY½≤C@δ ÑAo½≤

@½≤OCoXiq IANA]⌠⌠⌠ⁿúX≈coCIANA ⌠

⌠O http://www.iana.org/iana/C

pGzS OIDAziHⁿw@½≤OWAßA[W -oidCpApGz tempID AziHN OID ⁿw tempID-oidC

Bz½≤O

½≤OHⁿw@í½≤CíApGz½≤O

tempEmployeeAhOñitYu÷pAO idNumberBdateOfHire assignmentLengthCziHw∩zDAsW)q½≤OCIBM Tivoli Directory Server ⌡úY≥¼½≤OA]AG

v s

v m

v

v H

: IBM Tivoli Directory Server S½≤Oú ’ibm-’ @rC

wq½≤O

½≤OO%¼SBHwq ¿C

½≤O¼

½≤OiUCT¼º@G

cG C@"⌡≤úαWL@c½≤OUAΣñwqF

≥ªeC½≤OqNϕ@uΩ@½≤C%≤⌡

bc½≤OUA]iíOú½≤O¼C

ΓHG ¼HΣL]c½≤OWOdCΣwq@i

Yc½≤O@Co½≤OpGOwq¿ΓHOl

OAhΣwqCzú"w∩C@lh½≤OA!Owq

C

11 z IBM Directory ⌡ 101

Page 114: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

UG ¼ⁿXΣLAoiM⌡≤Swc½≤OUY

÷pC÷M@uα⌡≤@c½≤OA²i⌡≤h

U½≤OC

½≤O IBM Tivoli Directory Server ib½≤OPwqWΣ½≤Cs½≤

Oi)O]hH[g≤wq ¿C

C@t@µ@c½≤OC½≤OΓH½≤O

topCª]iHΣL½≤OC½≤OcMwSw"nPe\MµC½≤OAM≤½≤Owq wC½≤Ouα

bΣe½≤OCpAb LDIF ñAperson ½≤Ociwq

G

objectClass: topobjectClass: person

objectClass: organizationalPerson

bcñAorganizationalPerson person P top ½≤OA person ½≤

Ou top ½≤OC]AϕzN organizationalPerson ½≤OⁿwY

A)Wѽ≤O]bñAⁿO person ½≤O"n

Pe\C

t ⌡OÑhd⌡≤s@AO@PAMßAiµBzPT

wC

C@½≤Ot@"nP∩C"nOⁿ"Xb½

≤OºñC∩OⁿiXb½≤OºñC

°½≤O

ziH Web zuπBNΦkⁿOµA°⌡ñ½≤OC

Web zGi²ñ⌡zA÷@Uz½≤OC

π@¬eA²z°⌡ñ½≤OHΣSC½≤O÷r

)πCziH÷@UuW@vuU@veßCo÷sµ

ⁿXzbC

z]iHµU\αϕA⌡SwCñC@½≤

OWXAH≤UzΣn°½≤OCpApGzQMΣ person ½≤OAziHiU\αϕAU 14/16 nsLiServer P 15/16

printerLPRC%≤÷r) person ≤ nsLiServer P printerLPR íAzi∩

14 A÷@UC

z]iH ¼π½≤OCqπ½≤OU\αϕñA∩¼A

Mß÷@U C½≤O Σ¼]ΓHBUcA÷r)

CPaAziHNMµ#LAΦkO∩ ¡AMß÷@U C

bΣXzn½≤OßAziH°Σ¼BB"nP∩Ci

B"nP∩U\αϕAHdC@SπMµC

102 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 115: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ziHqkuπC∩n⌡µ½≤O@ApG

v sW

v sΦ

v s

v Rú

ϕz¿A÷@U÷¼≡# IBM Tivoli Directory Server w∩eC

ⁿOµGpGn°⌡ñt½≤OAoXUCⁿOG

ldapsearch -b cn=schema -s base objectclass=* objectclasses

sW½≤O

Web zGpGzpAi²ñ⌡zA÷@Uz½≤OCpGn

s½≤OG

1. ÷@UsWC

: z]iHi²ñ⌡zAMß÷@UsW½≤OAsoe

C

2. b@δeñG

v ΘJ½≤OWC"nµAHyz½≤O\αCpA

tempEmployee ϕlu½≤OC

v ΘJ½≤OíFpA≤u½≤OC

v ΘJ½≤O OIDC"nµC\ 101y½≤OX (OID)zC

pGzS OIDAi½≤OWßA[W -oidCpApG½≤OW tempEmployeeAh OID Y tempEmployee-oidCziH≤@µC

v q\αϕñ∩@hWѽ≤OCo∩MwΣLn)

]½≤OC@δ ÑAWѽ≤O topA²]iHOt@½≤OAtXΣL½≤OCpAtempEmployee Wѽ≤OiαO top M ePersonC

v ∩½≤O¼C÷½≤O¼ΣLΩTA\ 101y½≤

O¼zC

v ÷@UAHⁿw½≤O"nP∩A° F

÷@UTwAsWs½≤OF÷@U°A#z½≤O ú⌠≤

≤C

3. bñG

v q÷r)CiMµñ∩@AMß÷@UsWn

A²¿"nA÷@UsW∩AH¿½≤O∩

CXb∩AϕMµñC

v w∩zQ∩A½BzC

v ziHbMµíANq∩MµñRúAΦkO∩zn

A÷@UAϕú÷sC

11 z IBM Directory ⌡ 103

Page 116: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v ziH° "nP∩MµC O zb@δ

ñ∩Wѽ≤O CzLk≤ CúLApGz≤

∩F@δñWѽ≤OAhπt@ C

4. ÷@UTwAsWs½≤OF÷@U°A#z½≤O ú⌠≤

≤C

: pGzb@δñ÷@UTwA SsW⌠≤AziH%sΦs½

≤OsWC

ⁿOµGpGnⁿOµsW½≤OAoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> tG

dn: cn=Schemachangetype: modify

add: objectclassesobjectclasses: ( <myobjectClass-oid> NAME ’<myObjectClass>’ DESC ’<An object class

I defined for my LDAP application>’ SUP ’<objectclassinheritance>’<objectclasstype> MUST (<attribute1> $ <attribute2>)

MAY (<attribute1> $ <attribute2>) )

sΦ½≤O

b⌡≤WADiH⌠N C÷≤W¡εA\ 118yúe

\⌡≤zC

Web zGpGzpAi²ñ⌡zA÷@Uz½≤OCpGns

Φ½≤OG

1. ÷@UzQsΦº½≤OΩsC

2. ÷@UsΦC

3. ∩@G

v b@δñziHG

– ∩íC

– ≤Wѽ≤OCq\αϕñ∩@hWѽ≤OCoMwΣ

Ln)]½≤OC@δ ÑAWѽ≤O topA²]iHOt@½≤OAtXΣL½≤OCpA

tempEmployee Wѽ≤OiαO top M ePersonC

– ≤½≤O¼C∩@½≤O¼C÷½≤O¼ΣLΩ

TA\ 101y½≤O¼zC

– ÷@UuvAH≤½≤O"nP∩A°

F÷@UTwAMz≤F÷@U°A#z½≤O

ú⌠≤≤C

v bñziHG

q÷r)CiMµñ∩@AMß÷@UsWn

A²¿"nA÷@UsW∩AH¿½≤O∩

CXb∩AϕMµñC

w∩zQ∩A½BzC

104 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 117: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ziHbMµíANq∩MµñRúAΦkO∩Xzn

A÷@UAϕRú÷sC

ziH° "nP∩MµC O zb@δ

ñ∩Wѽ≤O CzLk≤ CúLApGz≤

∩F@δñWѽ≤OAhπt@ C

4. ÷@UTwAHM≤F÷@U°A#z½≤O ú⌠≤≤C

ⁿOµGpGn°⌡ñt½≤OAoXUCⁿOG

ldapsearch -b cn=schema -s base objectclass=* objectclasses

pGnⁿOµsΦ½≤OAoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> tG

dn: cn=schemachangetype: modify

replace: objectclassesobjectclasses: ( <myobjectClass-oid> NAME ’<myObjectClass>’ DESC ’<An object class

I defined for my LDAP application>’ SUP ’<newsuperiorclassobject>’<newobjectclasstype> MUST (<attribute1> $ <attribute2>)MAY (<attribute1> $ <attribute2>) )

s½≤O

Web zGpGzpAi²ñ⌡zA÷@Uz½≤OCpGn

s½≤OG

1. ÷@UzQsº½≤OΩsC

2. ÷@UsC

3. ∩@G

v b@δñziHG

– ΘJs½≤OWCpAziHN t e m p P e r s o n s¿

tempPersonCOPYC

– ∩íC

– ΘJs OIDCpGSs OID i≤zs½≤OAziH

OIDAA[ COPY orCpAziH <tempPerson-oid> Nªs¿ <tempPerson-oid>COPYC

– ≤Wѽ≤OCq\αϕñ∩@hWѽ≤OCoMwΣ

Ln)]½≤OC@δ ÑAWѽ≤O topA²]iHOt@½≤OAtXΣL½≤OCpA

tempEmployeeCOPY Wѽ≤OiαO top M ePersonC

– ≤½≤O¼C∩@½≤O¼C÷½≤O¼ΣLΩ

TA\ 101y½≤O¼zC

– ÷@U≤½≤O"n∩A°A

÷@UTwMz≤A÷@U°≡#z½≤OA úiµ

⌠≤≤C

v bñziHG

11 z IBM Directory ⌡ 105

Page 118: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

q÷r)CiMµñ∩@AMß÷@UsWn

A²¿"nA÷@UsW∩AH¿½≤O∩

CXb∩AϕMµñC

w∩zQ∩A½BzC

ziHbMµíANq∩MµñRúAΦkO∩Xzn

A÷@UAϕRú÷sC

ziH° "nP∩MµC O zb@δ

ñ∩Wѽ≤O CzLk≤ CúLApGz≤

∩F@δñWѽ≤OAhπt@ C

4. ÷@UTwAHM≤F÷@U°A#z½≤O ú⌠≤≤C

ⁿOµGpGn°⌡ñt½≤OAoXUCⁿOG

ldapsearch -b cn=schema -s base objectclass=* objectclasses

∩ns½≤OCziHsΦ≤÷ΩTABN≤xs

<filename>CoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> tG

dn: cn=schemachangetype: modify

replace: objectclassesobjectclasses: ( <mynewobjectClass-oid> NAME ’<mynewObjectClass>’

DESC ’<A new object class I copied for my LDAP application>’SUP ’<superiorclassobject>’<objectclasstype>MUST (<attribute1> $ <attribute2>)MAY (>attribute1> $ <attribute2> $ <attribute3>) )

Rú½≤O

b⌡≤WADiH⌠N C÷≤W¡εA\ 118yúe

\⌡≤zC

Web zGpGzpAi²ñ⌡zA÷@Uz½≤OCpGnR

ú½≤OG

1. ÷@UzQRúº½≤OΩsC

2. ÷@URúC

3. úzTOnRú½≤OC÷@UTwAhRú½≤OF÷@U

°Ah#z½≤O ú⌠≤≤C

ⁿOµGpGn°⌡ñt½≤OAoXUCⁿOG

ldapsearch -b cn=schema -s base objectclass=* objectclasses

∩znRú½≤OCoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> tG

106 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 119: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

dn: cn=schemachangetype: modify

delete: objectclassesobjectclasses: ( <myobjectClass-oid> NAME ’<myObjectClass>’

DESC ’<An object class I defined for my LDAP application>’SUP ’<objectclassinheritance>’ <objectclasstype >MUST (<attribute1> $ <attribute2>) >MAY (<attribute1> $ <attribute2>) )

Bz

C@²bΣ½≤OñU@÷pC½≤OOít

ΩT¼A ΩΩhOtbñCOH@huW-vt∩ϕ

AtSwΩAOGWBqXCIBM Tivoli Directory Server

HuW-vt∩Bí]p commonName (cn)HSwΩT]

p John DoeeΩC

íAJohn Doe it@uW-vt∩C

dn: uid=jdoe, ou=people, ou=mycompany, c=us,objectClass: top

objectClass: personobjectClass: organizationalPerson

cn: John Doesn: Doe

givenName: JackgivenName: John

÷M⌡ñwwq@Az,i zDABsΦBs

RúC

°

ziH Web zuπBNΦkⁿOµA°⌡ñC

Web zGi²ñ⌡zA÷@UzCπ@¬eA²z°

⌡ñHΣSCO÷r)πCziH÷@UuW@vuU

@veßCo÷sµⁿXzbCz]iHµ

U\αϕA⌡SwCñC@½≤OWXAH≤U

zΣn°½≤OCpApGzQMΣ authenticationUserID AziiU\αϕAU 3 /62 app lSys temHin t P 4 /62

authorityRevocatonListC%≤÷r) authenticationUserID ≤ applSystemHint

P authorityRevocatonList íAzi∩ 3 A÷@UC

z]iHπ ykC∩ykA÷@U CbΣykñN÷

r)C÷yk¼MµA\ 115yykzCPaAzi

HNMµ#LAΦkO∩ ¡AMß÷@U C

bΣXznßAziH°Σyk]úΣOh¼H]t

½≤OCi½≤OU\αϕAHd½≤OC

ϕz¿A÷@U÷¼≡# IBM Tivoli Directory Server w∩eC

11 z IBM Directory ⌡ 107

Page 120: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ⁿOµGpGn°⌡ñtAoXUCⁿOG

ldapsearch -b cn=schema -s base objectclass=* attributeTypes IBMAttributeTypes

sW

ziHUC@ΦkAsCnΦkO Web zuπC

Web zGpGzpAi²ñ⌡zA÷@UzCpGns

G

1. ÷@UsWC

: z]iHi²ñ⌡zAMß÷@UsWAsoe

C

2. ΘJWApAtempIdC"nµABΣY"Oσr)C

3. ΘJíApAúu ID XC

4. ΘJ OIDC"nµC\ 101y½≤OX (OID)zCpG

zS OIDAiWß[W -oidCpApGW tempIDAhw] OID tempID-oidCziH≤@µC

5. ∩UMµñWÑCWÑOMwneC

6. ∩UMµñykC÷ykΣLΩTA\ 115 yy

kzC

7. ΘJ°AHⁿw°W¡C°OHϕC

8. ∩e\h∩A²ihC÷hΣLΩTA\Wⁿ

C

9. !OquÑvBuvPulrΩv±∩WhU\αϕñAU∩@

±∩WhC÷π±∩WhMµA\ 113y±∩WhzC

10. ÷@U IBM XROⁿwΣLXROA÷@UTwsWA

÷@U°≡#zA ú⌠≤≤C

11. b IBM XROñG

v ∩ DB2 ϕµWCpGµdAh°Aú DB2 ϕµWCpG

zΘJ@ DB2 ϕµWAz]"ΘJ@ DB2 µWC

v ∩ DB2 µWCpGµdAh°Aú DB2 µWCpG

zΘJ@ DB2 µWAz]"ΘJ@ DB2 ϕµWC

v qUMµñ∩@δBPYAH]wwOCpwO

÷ΩTA\ 209 uwOv@C

v ∩@hWhAH]wWhC÷WhΣLΩTA\

114yWhzC

: zbjMLo°≤ñ⌠≤WA.ⁿwuÑ≤vΦíC

12. ÷@UTwAsWsF÷@U°A#z ú⌠≤≤C

: pGzbu@δvñ÷UuTwvA sW⌠≤XROAYnsWXROAhi%sΦsF¿C

108 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 121: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ⁿOµGUCd ″myAttribute″ osW@¼wqAu²rΩvyk]\ 115 yykzMuñjpgÑv±∩Wh]\

113 y±∩WhzCbwqñAIBM Sí≈ⁿXΩOxsb

″myAttrTable″ ϕµ ″myAttrColumn″ µñCpGⁿwoWAhNµPϕµWw] ″myAttribute″CⁿwsO ″normal″AΣ°W¡ 200

C

ldapmodify -D <admindn> -w <adminpw> -i myschema.ldif

Σñ myschema.ldif tG

dn: cn=schemachangetype: modify

add: attributetypesattributetypes: ( myAttribute-oid NAME ( ’myAttribute’ )

DESC ’An attribute I defined for my LDAP application’EQUALITY 2.5.13.2 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15

USAGE userApplications )-add: ibmattributetypesibmattributetypes: ( myAttribute-oid DBNAME ( ’myAttrTable’ ’myAttrColumn’ )

ACCESS-CLASS normal LENGTH 200 )

÷ⁿOΩTA\ 265yldapmodifyBldapaddzC

b⌡≤WADiH⌠N C÷≤W¡εA\ 118yúe

\⌡≤zC

bzsWeAi²≤wqñ⌠≤@í≈CziHUC@

ΦkAsΦCnΦkO Web zuπC

Web zGpGzpAi²ñ⌡zA÷@UzCpGnsΦ

G

1. ÷@UzQsΦºΩsC

2. ÷@UsΦC

3. ∩@G

v b@δñziHG

– ∩UC@G

- b@δñziHG

v ∩í

v ≤yk

v ]w°

v ≤h]w

v ∩@±∩Wh

v ≤WÑ

- ÷@U IBM XROsΦXROA÷@UTwMz

≤A÷@U°≡#zA ú⌠≤≤C

11 z IBM Directory ⌡ 109

Page 122: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

- IBM XRO]pGzws IBM Tivoli Directory ServerA

v ≤wOC

: zLk≤πtⁿ¡w!wOC

v ≤WhC

– ÷@UTwAMz≤F÷@U°A#z ú⌠≤

≤C

4. ÷@UTwAMz≤F÷@U°A#z ú⌠≤≤C

ⁿOµGObñsWA²ΣjMt[Cb ldapmodify ⁿOP LDIF

≤wqG

ldapmodify -D <admindn> -w <adminpw> -i myschemachange.ldif

Σñ myschemachange.ldif tG

dn: cn=schemachangetype: modify

replace: attributetypesattributetypes: ( myAttribute-oid NAME ( ’myAttribute’ ) DESC ’An attribute

I defined for my LDAP application’ EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )

-replace: ibmattributetypesibmattributetypes: ( myAttribute-oid DBNAME ( ’myAttrTable’ ’myAttrColumn’ )

ACCESS-CLASS normal LENGTH 200 EQUALITY SUBSTR )

: b≤½@ñ"]twqñoΓí≈] a t t r i b u t e t y p e s P

ibmattributetypesAYzu≤ ibmattributetypes qC@≤Obwq[J ″EQUALITY SUBSTR″AHnDuÑvPulrΩv±∩C

÷ⁿOΩTA\ 265yldapmodifyBldapaddzC

s

ziHUC@ΦkAsCnΦkO Web zuπC

Web zGpGzpAi²ñ⌡zA÷@UzCpGns

G

1. ÷@UzQsºΩsC

2. ÷@UsC

3. ∩WCw]WsºWAßA[W COPY rCpA

tempID s¿ tempIDCOPYC

4. ∩íFpAtu ID XC

5. ∩ OIDCw] OID Ozsº OID ßA[W COPYOIDCp

tempID-oid s¿ tempID-oidCOPYOIDC

6. ∩UMµñWÑCWÑOMwneC

7. ∩UMµñykC÷ykΣLΩTA\ 115 yy

kzC

8. ΘJ°AHⁿw°W¡C°OHϕC

110 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 123: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

9. ∩e\h∩A²ihC÷hΣLΩTA\Wⁿ

C

10. !OquÑvBuvPulrΩv±∩WhU\αϕñAU∩@

±∩WhC÷π±∩WhMµA\ 113y±∩WhzC

11. ÷@U IBM XRO∩ΣLXROF÷@UTwMz

≤F÷@U°≡#zA ú⌠≤≤C

12. b IBM XROñG

v ∩ DB2 ϕµWCpGµdAh°Aú DB2 ϕµWCpG

zΘJ@ DB2 ϕµWAz]"ΘJ@ DB2 µWC

v ∩ DB2 µWCpGµdAh°Aú DB2 µWCpG

zΘJ@ DB2 µWAz]"ΘJ@ DB2 ϕµWC

v qUMµñ∩@δBPYAH∩wOC

: zLk≤πtⁿ¡w!wOC

v ∩@hWhAH∩WhC÷WhΣLΩTA\

114yWhzC

: zbjMLo°≤ñ⌠≤ΦA.ⁿwuÑ≤vΦíC

13. ÷@UTwAMz≤F÷@U°A#z ú⌠≤≤C

: pGzb@δñ÷@UTwA SsW⌠≤XROAziH%sΦs

sW∩XROC

ⁿOµGpGn°⌡ñtAoXUCⁿOG

ldapsearch -b cn=schema -s base objectclass=* attributeTypes IBMAttributeTypes

∩znsCziHsΦ≤÷ΩTABN≤xs

<filename>CMßoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> tG

dn: cn=schemachangetype: modify

add: attributetypesattributetypes: ( <mynewAttribute-oid> NAME ’<mynewAttribute>’ DESC ’<A new

attribute I copied for my LDAP application> EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )

-add: ibmattributetypesibmattributetypes: ( myAttribute-oid DBNAME ( ’myAttrTable’ ’myAttrColumn’ )

ACCESS-CLASS normal LENGTH 200 )

b⌡≤WADiH⌠N C÷≤W¡εA\ 118yúe

\⌡≤zC

ziHUC@ΦkARúCnΦkO Web zuπC

11 z IBM Directory ⌡ 111

Page 124: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Web zGpGzpAi²ñ⌡zA÷@UzCpGnRú

G

1. ÷@UzQRúºΩsC

2. ÷@URúC

3. úzTOnRúC÷@UTwAhRúF÷@U°A#

z ú⌠≤≤C

ⁿOµG

ldapmodify -D <admindn> -w <adminpw> -i myschemadelete.ldifΣñ myschemadelete.ldif tG

dn: cn=schemachangetype: modify

delete: attributetypesattributetypes: ( myAttribute-oid NAME ( ’myAttribute’ ) DESC ’An attribute

I defined for my LDAP application’ EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )

-delete: ibmattributetypesibmattributetypes: ( myAttribute-oid DBNAME ( ’myAttrTable’ ’myAttrColumn’ )

ACCESS-CLASS normal LENGTH 200 EQUALITY SUBSTR )÷ⁿOΩTA\ 265yldapmodifyBldapaddzC

IBMAttributeTypes ¼

IBMAttributeTypes iwq LDAP 3 ñ[\⌡ΩTC

IBMAttributeTypes "ϕUCσkG

IBMAttributeTypesDescription = "(" whspnumericoid whsp

[ "DBNAME" qdescrs ] ; at most 2 names (table, column)[ "ACCESS-CLASS" whsp IBMAccessClass whsp ][ "LENGTH" wlen whsp ] ; maximum length of attribute[ "EQUALITY" [ IBMwlen ] whsp ] ; create index for matching rule[ "ORDERING" [ IBMwlen ] whsp ] ; create index for matching rule[ "APPROX" [ IBMwlen ] whsp ] ; create index for matching rule[ "SUBSTR" [ IBMwlen ] whsp ] ; create index for matching rule[ "REVERSE" [ IBMwlen ] whsp ] ; reverse index for substringwhsp ")"

IBMAccessClass ="NORMAL" / ; this is the default"SENSITIVE" /"CRITICAL" /"RESTRICTED" /"SYSTEM" /

IBMwlen = whsp len

Numericoid attributetypes M IBMAttributeTypes í÷pC

DBNAMEzhiú 2 W]pGu 2 WC@W

ϕµWCGϕµñiµWµWC

pGzuú@WAhPϕµWPµWCpGzú⌠

≤ DBNAMEAh uW]) attributetypesC

112 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 125: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ACCESS-CLASSnⁿs\iv÷Osb@C∩Mªb²⌡

ñOCoOOús≥FsYOútiHst@

OC\iv]wOPπΘsO÷CbSϕOW]w

\ivMsOAúDⁿwFOs\i

vC

IBM wqF¡OApΓsvG@δBPBY

BtM¡εCpAcommonName ≤@δOAuserPassword≤YOCwq≤@δsOAúDtⁿwC

ΩTA\ 205yvQzC

pGñ ACCESS-CLASSAhw] normalC

LENGTH°W¡C°OHϕCIBM Directory 5.2 ñú

°ⁿwCb attributetypes ñArΩG

( attr-oid ... SYNTAX syntax-oidlen ... )

ϕ oid attr-oid attributetype π°W¡C

EQUALITYBORDERINGBAPPROXBSUBSTRBREVERSEun⌠≤oAY∩º±∩WhC∩°H

ⁿwµeCb\hykΦAziH@@AΩ@h

±∩WhCIBM Tivoli Directory Server QΦíCϕú°A

ªⁿw@CSLAPD ]iH±nDu°ApGoO

NqCíAϕ°WL°W¡Ahñ

°C

±∩Wh

±∩WhibjM@íúrΩ±hCoWhi!¿UCTG

v Ñ

v

v lrΩ

ϕ 8.

uÑv±∩Wh

±∩Wh OID yk

caseExactIA5Match 1.3.6.1.4.1.1466.109.114.1 u²rΩvyk

caseExactMatch 2.5.13.5 u²rΩvyk

caseIgnoreIA5Match 1.3.6.1.4.1.1466.109.114.2 uIA5 rΩvyk

caseIgnoreMatch 2.5.13.2 u²rΩvyk

distinguishedNameMatch 2.5.13.1 DN - OW

generalizedTimeMatch 2.5.13.27 uqívyk

ibm-entryUuidMatch 1.3.18.0.2.22.2 u²rΩvyk

integerFirstComponentMatch 2.5.13.29 uπvyk - π

integerMatch 2.5.13.14 uπvyk - π

11 z IBM Directory ⌡ 113

Page 126: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ϕ 8. (≥)

uÑv±∩Wh

±∩Wh OID yk

objectIdentifierFirstComponentMatch 2.5.13.30 t OID rΩCOID

@tr]0-9

PpI].rΩ.

objectIdentifierMatch 2.5.13.0 t OID rΩCOID

@tr]0-9

PpI].rΩ

octetStringMatch 2.5.13.17 u²rΩvyk

telephoneNumberMatch 2.5.13.20 uqXvyk

uTCTimeMatch 2.5.13.25 UTC íyk

ϕ 9.

u v±∩Wh

±∩Wh OID yk

caseExactOrderingMatch 2.5.13.6 u²rΩvyk

caseIgnoreOrderingMatch 2.5.13.3 u²rΩvyk

distinguishedNameOrderingMatch 1.3.18.0.2.4.405 DN - OW

generalizedTimeOrderingMatch 2.5.13.28 uqívyk

ϕ 10.

ulrΩv±∩Wh

±∩Wh OID yk

caseExactSubstringsMatch 2.5.13.7 u²rΩvyk

caseIgnoreSubstringsMatch 2.5.13.4 u²rΩvyk

telephoneNumberSubstringsMatch 2.5.13.21 uqXvyk

: UTC í ASN.1 wqírΩµíC\ ISO 8601 P X680Cp

GnH UTC íµíxsíAykC\ 126yqP

UTC ízC

Wh

bñ[WhAiH≤tΩTCpGuúAhúOd⌠≤

CIBM Directory úWhpUG

v Ñ

v

v j

v lrΩ

v fV

114 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 127: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

WhWµⁿw@WhAiεñºSϕP@Coijjú&

toºLo°≤jM@#íCMjMLo°≤ñMº@

÷Wh¼UC 5 G

Ñ MUCjM@G

v equalityMatch ’=’

pG

"cn = John Doe"

MUCjM@G

v greaterOrEqual ’>=’

v lessOrEqual ’<=’

pG

"sn >= Doe"

j MUCjM@G

v approxMatch ’~=’

pG

"sn ~= doe"

lrΩ MlrΩykjM@G

v substring ’*’

pG

"sn = McC*""cn = J*Doe"

fV MUCjM@G

v ’*’ substring

pG

"sn = *baugh"

zbjMLo°≤ñ⌠≤WA.ⁿwuÑ≤vΦíC

yk

ziH r) OID πykC∩yk OIDA÷@U CPaA

ziHNMµ#LAΦkO∩ ¡AMß÷@U C

ϕ 11.

yk OID

u¼ívyk 1.3.6.1.4.1.1466.115.121.1.3

Binary - KirΩ 1.3.6.1.4.1.1466.115.121.1.5

Boolean - TRUE/FALSE 1.3.6.1.4.1.1466.115.121.1.7

u²rΩvyk 1.3.6.1.4.1.1466.115.121.1.15

uDIT eWhívyk 1.3.6.1.4.1.1466.115.121.1.16

uDITStructure Whívyk 1.3.6.1.4.1.1466.115.121.1.17

DN - OW 1.3.6.1.4.1.1466.115.121.1.12

11 z IBM Directory ⌡ 115

Page 128: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ϕ 11. (≥)

yk OID

uqívyk 1.3.6.1.4.1.1466.115.121.1.24

uIA5 rΩvyk 1.3.6.1.4.1.1466.115.121.1.26

IBM ¼í 1.3.18.0.2.8.1

uπvyk - π 1.3.6.1.4.1.1466.115.121.1.27

uLDAP ykívyk 1.3.6.1.4.1.1466.115.121.1.54

±∩Whí 1.3.6.1.4.1.1466.115.121.1.30

±∩Whí 1.3.6.1.4.1.1466.115.121.1.31

W桡 1.3.6.1.4.1.1466.115.121.1.35

u½≤Oívyk 1.3.6.1.4.1.1466.115.121.1.37

t OID rΩCOID @tr

]0-9PpI].rΩ. \ 101

y½≤OX (OID)zC

1.3.6.1.4.1.1466.115.121.1.38

uqXvyk 1.3.6.1.4.1.1466.115.121.1.50

UTC íyk UTC í ASN.1 w

qírΩµíC\ ISO 8601 P

X680CpGnH UTC íµíxsí

AykC\ 126yq

P UTC ízC

1.3.6.1.4.1.1466.115.121.1.53

l⌡

C@°Aú@l⌡C²ñ@⌠t

subschemaSubentry ¼CsubschemaSubentry ¼O∩ºl⌡

D NCP@°AU@P@l⌡A Σ

subschemaSubentry ¼PCl⌡πwX DN ’cn=schema’C

l⌡⌡b½≤O ’top’B’subschema’ P ’IBMsubschema’ UC’IBMsubschema’

½≤OS MUST A @ MAY ¼ (’IBMattributeTypes’)C

IBMsubschema ½≤O

pUCAIBMsubschema ½≤Ouαbl⌡ñG

( <objectClass-oid-TBD> NAME ’IBMsubschema’ AUXILIARYMAY IBMattributeTypes )

⌡d

ldap_search() API idl⌡FúUCdG

DN : "cn=schema"search scope : basefilter : objectclass=subschema or objectclass=*

dπ⌡CpGn∩¼Ab ldap_search ñ

attrs CzúαuSw¼YSwC

116 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 129: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

÷ ldap_search API ΩTA\ IBM Directory Version 5.2: Client SDK

Programming ReferenceC

A⌡

pGn⌡µA⌡≤A ldap_modify API P DN ″cn=schema″Cz@uαsWBRú≤½@⌡ΩΘ]pG¼½≤OC

pGnRú⌡ΩΘAúAWA oidG

( oid )

z]iHúπíCú≤ípAMΣnRúº⌡ΩΘ±∩Wh

objectIdentifierFirstComponentMatchC

pGnsW≤½⌡ΩΘAz"ú@ LDAP 3 wqABziú IBM

wqCbípUAz"uúzQvTº⌡ΩΘwqC

pApGnRú¼ ’cn’]Σ OID 2.5.4.3A÷pU

ldap_modify()G

LDAPMod attr;LDAPMod *attrs[] = &attr, NULL ;char *vals [] = "( 2.5.4.3 )", NULL ;attr.mod_op = LDAP_MOD_DELETE;attr.mod_type = "attributeTypes";attr.mod_values = vals;ldap_modify_s(ldap_session_handle, "cn=schema", attrs);

pGnsW¼ barABΣ OID 20.20.20ANAME ° 20 rG

char *vals1[] = "( 20.20.20 NAME ’bar’ SUP NAME )", NULL ;char *vals2[] = "( 20.20.20 LENGTH 20 )", NULL ;LDAPMod attr1;LDAPMod attr2;LDAPMod *attrs[] = &attr1, &attr2, NULL ;attr1.mod_op = LDAP_MOD_ADD;attr1.mod_type = "attributeTypes";attr1.mod_values = vals1;attr2.mod_op = LDAP_MOD_ADD;attr2.mod_type = "IBMattributeTypes";attr2.mod_values = vals2;ldap_modify_s(ldap_session_handle, "cn=schema", attrs);

: zLk≤Σ ″system″ ″restricted″ ACCESS-CLASS ¼C

\ 107yBzzAHouWeb zuπvM ldapmodify ⁿOdC

÷ ldap_modify API ΩTA\ IBM Directory Version 5.2: Client SDK

Programming ReferenceC

u gúz DN +α⌡µA⌡≤C

g

ϕ⌡µA⌡≤AhMΣL⌠≤ ldap_modify @ⁿANiµ gC

11 z IBM Directory ⌡ 117

Page 130: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

úe\⌡≤

b⌡≤WADiH⌠N C≤W¡ε]AG

v úzp≤≤⌡A⌡"@P¼AC

v pG¼t@¼W¼AhúúoαRúCpG¼Y

½≤O ″MAY″ ″MUST″ ¼AhúúoαRúC

v pG½≤Ot@½≤OWOAhúúoαRúC

v pG¼½≤OOúsbΩΘ]pAyk½≤OAh

úαRúC

v pG¼½≤OOúsbΩΘ]pAyk½≤

OAhúα∩C

úe\∩⌡iµ¼HvT°AB@≤C²°A⌡wqpUC

oí≈úo≤C

½≤O

úi∩UC½≤OwqG

v accessGroup

v accessRole

v alias

v referral

v replicaObject

v top

úi∩UCwqG

@∩²°A ÑSϕNqA@CoO%°A

@A#°Az÷ΩTvT°A@CoSϕΦG

v úDbjMnDñSOnD] WAhjM@ú#C

v oúαRúC

v úO⌠≤½≤O@í≈C°AεπC

IBM Tivoli Directory Server ΣUC@MµG

v aclEntry

v aclPropagate

v aclSource

v aliasedObjectName, aliasedentryName

v createTimestamp

v creatorsName

v entryOwner

v hasSubordinates

v ibm-allGroups

118 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 131: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v ibm-allMembers

v ibm-capabilitiessubentry

v ibm-effectiveAcl

v ibm-entryChecksum

v ibm-entryChecksumOp

v ibm-entryUuid

v ibm-filterAclEntry

v ibm-filterAclInherit

v ibm-replicationChangeLDIF

v ibm-replicationIsQuiesced

v ibm-replicationLastActivationTime

v ibm-replicationLastChangeId

v ibm-replicationLastFinishTime

v ibm-replicationLastGlobalChangeId

v ibm-replicationLastResult

v ibm-replicationLastResultAdditional

v ibm-replicationNextTime

v ibm-replicationPendingChangeCount

v ibm-replicationPendingChanges

v ibm-replicationState

v ibm-replicationThisServerIsMaster

v modifiersName

v modifyTimestamp

v ownerPropagate

v ownerSource

v pwdAccountLockedTime

v pwdChangedTime

v pwdExpirationWarned

v pwdFailureTime

v pwdGraceUseTime

v pwdHistory

v pwdReset

v subschemaSubentry

v subtreeSpecification

po÷ΩTA\ 333² G, yIBM Tivoli Directory Server

5.2 "nwqzC

¡εIBMTivoli Directory Server ΣUC¡εMµG

v aclEntry

11 z IBM Directory ⌡ 119

Page 132: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v aclPropagate

v entryOwner

v ibm-filterAclEntry

v ibm-filterAclInherit

v ownerPropagate

Root DSE UCP Root DSE ÷A BúαQ∩G

v altServer

v ibm-effectiveReplicationModel

v ibm-enabledCapabilities

v ibm-serverId

v ibm-supportedCapabilities

v ibm-supportedReplicationModels

v namingContexts

po÷ΩTA\ 333² G, yIBM Tivoli Directory Server

5.2 "nwqzC

⌡wqUCPu⌡vwq÷A BúαQ∩G

v attributeTypes

v ditContentRules

v ditStructureRules

v IBMAttributeTypes

v ldapSyntaxes

v matchingRules

v matchingRuleUse

v nameForms

v objectClasses

v supportedExtension

v supportedLDAPVersion

v supportedSASLMechanisms

po÷ΩTA\ 333² G, yIBM Tivoli Directory Server

5.2 "nwqzC

tmUCOvT°AtmCiH∩ΣA²°ATB@Aúα≤o

wq

v ibm-audit

v ibm-auditAdd

v ibm-auditBind

v ibm-auditDelete

120 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 133: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v ibm-auditExtOpEvent

v ibm-auditFailedOpOnly

v ibm-auditLog

v ibm-auditModify

v ibm-auditModifyDN

v ibm-auditSearch

v ibm-auditUnbind

v ibm-slapdAclCache

v ibm-slapdAclCacheSize

v ibm-slapdAdminDN

v ibm-slapdAdminPW

v ibm-slapdAuthIntegration

v ibm-slapdCLIErrors

v ibm-slapdDB2CP

v ibm-slapdDBAlias

v ibm-slapdDbConnections

v ibm-slapdDbInstance

v ibm-slapdDbLocation

v ibm-slapdDbName

v ibm-slapdDbUserID

v ibm-slapdDbUserPW

v ibm-slapdDerefAliases

v ibm-slapdDN

v ibm-slapdsupportedCapabilities

v ibm-slapdEnableEventNotification

v ibm-slapdEntryCacheSize

v ibm-slapdErrorLog

v ibm-slapdFilterCacheBypassLimit

v ibm-slapdFilterCacheSize

v ibm-slapdIdleTimeOut

v ibm-slapdIncludeSchema

v ibm-slapdIpAddress

v ibm-slapdKrbAdminDN

v ibm-slapdKrbEnable

v ibm-slapdKrbIdentityMap

v ibm-slapdKrbKeyTab

v ibm-slapdKrbRealm

v ibm-slapdLdapCrlHost

v ibm-slapdLdapCrlPassword

v ibm-slapdLdapCrlPort

11 z IBM Directory ⌡ 121

Page 134: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v ibm-slapdLdapCrlUser

v ibm-slapdMasterDN

v ibm-slapdMasterPW

v ibm-slapdMasterReferral

v ibm-slapdMaxEventsPerConnection

v ibm-slapdMaxEventsTotal

v ibm-slapdMaxNumOfTransactions

v ibm-slapdMaxOpPerTransaction

v ibm-slapdMaxTimeLimitOfTransactions

v ibm-slapdMigrationInfo

v ibm-slapdPagedResAllowNonAdmin

v ibm-slapdPagedResLmt

v ibm-slapdPageSizeLmt

v ibm-slapdPlugin

v ibm-slapdPort

v ibm-slapdslapdPwEncryption

v ibm-slapdReadOnly

v ibm-slapdReferral

v ibm-slapdSchemaAdditions

v ibm-slapdSchemaCheck

v ibm-slapdSecurePort

v ibm-slapdSecurity

v ibm-slapdSetenv

v ibm-slapdSizeLimit

v ibm-slapdSortKeyLimit

v ibm-slapdSortSrchAllowNonAdmin

v ibm-slapdSslAuth

v ibm-slapdSslCertificate

v ibm-slapdSslCipherSpec

v ibm-slapSslCipherSpecs

v ibm-slapdSslKeyDatabase

v ibm-slapdSslKeyDatabasePW

v ibm-slapdSslKeyRingFile

v ibm-slapdSslKeyRingFilePW

v ibm-slapdSuffix

v ibm-slapdSupportedWebAdmVersion

v ibm-slapdSysLogLevel

v ibm-slapdTimeLimit

v ibm-slapdTraceEnabled

v ibm-slapdTraceMessageLevel

122 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 135: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v ibm-slapdTraceMessageLog

v ibm-slapdTransactionEnable

v ibm-slapdUseProcessIdPW

v ibm-slapdVersion

v replicaBindDN

v replicaBindMethod

v replicaCredentials, replicaBindCredentials

v replicaHost

v replicaPort

v replicaUpdateTimeInterval

v replicaUseSSL

po÷ΩTA\ 333² G, yIBM Tivoli Directory Server

5.2 "nwqztmC

ítAíwqúαQ∩G

v businessCategory

v cn, commonName

v changeNumber

v ≤

v changeTime

v changeType

v deleteOldRdn

v description

v dn, distinguishedName

v member

v name

v newSuperior

v o, organizationName, organization

v objectClass

v ou, organizationalUnit, organizationalUnitName

v owner

v ref

v seeAlso

v targetDN

po÷ΩTA\ 333² G, yIBM Tivoli Directory Server

5.2 "nwqzC

yk

ú0\∩⌠≤ykC

11 z IBM Directory ⌡ 123

Page 136: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

±∩Wh

ú0\∩⌠≤±∩WhC

⌡d

ϕl]w°AA¬⌡dO@PPTCpGdóAh°A

Lkl]wABoXTºCb⌠≤A⌡≤íAτdú

⌡O@PPTCpGdóAh#AB≤óCd≤σ

k@í≈]pA¼hi@W¼A½≤OiL¡W

OC

b¼ΦAdUCUG

v ΓúP¼íW OID úα@C

v ¼Ñhúα⌠C

v ¼W¼τ"wqA÷MΣwqiαIXObO

ñC

v pG¼t@¼W¼AhΣ USAGE PC

v ¼@yk]wq C

v u@+α NO-USER-MODIFICATIONC

b½≤OΦAdUCUG

v ΓúP½≤OíW OID úα@C

v ½≤OÑhúα⌠C

v ½≤OWOτ"wqA÷MΣwqiαIXObO

ñC

v ½≤O ″MUST″ P ″MAY″ ¼τ"wqA÷MΣwqiαIXObOñC

v C@c½≤O top ílOC

v pGΓH½≤OπWOAhoWOτ"OΓHC

⌡d

ϕzzL LDAP @sW∩A ⌡dC w]A⌡µ

ñCdCúLAziH∩aΣñYdAkOb

ibmslapd.conf εⁿOñú@ ibm-slapdSchemaCheck C÷⌡tmΩ

TA\ IBM Tivoli Directory Server 5.2 wPtmΓUC

FX⌡AdOXUC°≤G

½≤OΦG

v ¼ ″objectClass″ .@C

v U½≤Oú¡]sCoúO@dA OßMíC

S∩iC

v ΓH½≤Oú¡A²ΘOOC]NOíAb

C@ΓH½≤OΦAτ@íΓH½≤

OcU½≤OC

v .@c½≤OC

124 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 137: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v "T/@≥≥ªc½≤OC]NOíAú

c½≤OA"OªΣñ@WOC:hl½≤

Ou≥vu≥ªcv½≤OA u

cv½≤OC

v Lk≤Σ≥c½≤O]b ldap_modify ñC

v búC@½≤OΦApΓΣPíWO

FunúoWOñ⌠≤@AY)sWC

º¼ PAM≤pUG

v º MUST ¼ϕ¿Σ½≤Oº MUST ¼p

pΓA]A⌠tº ½≤OCpG MUST ¼

úOtº¼lAhC

v º MAY ¼ϕ¿Σ½≤Oº MAY ¼p

pΓA]A⌠tº ½≤OCpGt¼Aú

Oº MUST P MAY ¼ºplAhC

v pGwq¼ñA¼Q

NO-USER-MODIFICATIONAYC

º¼ PAM≤pUG

v btC@¼ΦApG¼µ¼A]

WL@AhC

v btºC@¼C@ΦApGΣykúX

ykyÑdíAhC

v btºC@¼C@ΦApGΣ°WLⁿw

¼°W¡AhC

DN dΦípUG

v dykOX DistinguishedNames BNFCpGúXAh

C

v τ RDN TΩ%¼¿C

v τñTΩ RDN ñ¼sbC

DEN ⌡Σ

uπ²\α⌠⌠ (DEN)vWµOεw@⌡µíAHxsPíU½≤

]NϕBíB⌠⌠P⌠⌠Aí÷YC

FΣ DENAIBM Tivoli Directory Server úFUC\αG

v lO]OCOwqizLlOqwq CsO

wq)OwqeC½≤Owqñ SUP ∩ⁿw)]W½

≤OC

v DEN LDAP ykA]AG

– Boolean

– DN

– ²rΩ

– qí

– UTC í

11 z IBM Directory ⌡ 125

Page 138: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

– IA5 rΩ

– π

iPlanet e

IBM Tivoli Directory Server σRlAe\ iPlanet σkⁿw⌡

¼]objectClasses M attributeTypesCpAiⁿwAWµ descrs P

numeric-oids]Nº°p qdescrs δCúLA⌡ΩTúOzL ldap_search sC

unz∩ñYiµµ@A≤] ldap_modifyAYNπ

N¿Σñϕ IBM Directory 5.2 WµC%≤ñ

σRlM ldap_modify nDñPAY ldap_modify bΦO

iPlanet σkAταBzTC

ϕzd iPlanet °Al⌡AhdGbw OID Φiα@

HWCpApGY¼ΓW]p ’cn’ P ’commonName’Ah

úΓ¼í]@W@CY⌡ñY¼½≤

OíXhAIBM Tivoli Directory Server bσR⌡iNº°Pí

]NAME M DESCR úCúLAϕ IBM Tivoli Directory Server G⌡Ah

OCXW]²CX úo¼µ@íCpAiPlanet HU

CΦíí@δWG

( 2.5.4.3 NAME ’cn’DESC ’Standard Attribute’SYNTAX ’1.3.6.1.4.1.1466.115.121.1.15’ )

( 2.5.4.3 NAME ’commonName’DESC ’Standard Attribute, alias for cn’SYNTAX ’1.3.6.1.4.1.1466.115.121.1.15’ )

HUO IBM Tivoli Directory Server íΦíG

( 2.5.4.3 NAME ( ’cn’ ’commonName’ ) SUP name )

IBM Tivoli Directory Server iΣl¼CpGzúQ² ’cn’ ¿Wl¼]τ

YAµ≈AziHipUG

( 2.5.4.3 NAME ( ’cn’ ’commonName’ )DESC ’Standard Attribute’SYNTAX ’1.3.6.1.4.1.1466.115.121.1.15’ )

@W (’cn’) °NW A’cn’ ßΣLWh°NWCq

IlArΩ ’2.3.4.3’B’cn’ P ’commonName’]HΣú!jpgPqrb

⌡ñiµ¼BAbnsW²ñWC

qP UTC í

UúPϕkiⁿwΘPí÷ΩTCpA1999 0 2 δ 4 Θig

¿G

2/4/994/2/9999/2/44.2.199904-FEB-1999

ΣLUúPϕkC

126 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 139: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

IBM Tivoli Directory Server %nD LDAP °AΣUCΓykA²íWO

ϕC

v Nuqívyk ÑAµípUG

YYYYMMDDHHMMSS[.|,fraction][(+|-HHMM)|Z]

ΣñA0≈ 4 AδBΘBB!Pϕ!O 2 Ati∩a[Wϕ

pCpGSi@B[AhNΘPí°ϕaCpGnⁿX

íO@í (UTC)AbYíß[W@jgr) Z Pϕa

ítCpG

"19991106210627.3"

ⁿϕaí 1999 0 11 δW 9 I 6 ! 27.3 ϕC

"19991106210627.3Z"

oO@íC

"19991106210627.3-0500"

ⁿϕaí]M@d@A M@í (UTC) t 5 pC

pGznⁿw∩pϕAhtyIrICpGnⁿXMϕaí

tAh"b hour-minute ºe[W@ ’+’ ’-’

v N Universal Time yk ÑAµípUG

YYMMDDHHMM[SS][(+ | -)HHMM)|Z]

ΣñA0BδBΘBB!H∩ϕµ!O 2 CpGOuq

ívAhiⁿw∩tCpApGϕaí 1999 0 1 δ 2 ΘW:A@

í (UTC) 1999 0 1 δ 2 Θñ: 12 IAh UTC íiG

"9901021200Z""9901020700-0500"

pGϕaí 2001 0 1 δ 2 ΘW:A@í (UTC) 2001 0 1 δ 2

Θñ: 12 IAh UTC íiG

"0101021200Z""0101020700-0500"

%≤ UTC íb0≈Φue\ 2 A]úC

Σ±∩Wh generalizedTimeMatch]YÑíP generalizedTimeOrderingMatch

]YúÑíCúe\lrΩjMCpAUCLo°≤G

generalized-timestamp-attribute=199910061030utc-timestamp-attribute>=991006generalized-timestamp-attribute=*

UCLo°≤LG

generalized-timestamp-attribute=1999*utc-timestamp-attribute>=*1010

11 z IBM Directory ⌡ 127

Page 140: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

128 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 141: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

12 g

gO@²²°A∩αiaNC gBzNh²

ñΩOPBC

gúΓDnnBG

v ΩT - ≈ªú°AeC

v ≤tjM - jMnDiH!GbúP°AºíA úObµ@°A

WA o°AeiHPCo∩nD¿#íC

g

IBM Tivoli Directory Server 5.2 sΦkz gCbí g@

ⁿJpUG

Ñíg

πhh°A gCqPh/D°A g@¬]α°

AAßA gΣL°ACoiH!D°A g@t

ⁿC

°A

zLqt@]ú°A g¼≤°AC

ⁿXúsΦkM"nΩTCb ÷sñAo]t

DN MKXCOxsb g≤wñwⁿwΣ DN ñC

α°A

gªº≤¬°ACoMPh/D°A#Abo°

AñªO¬A BSPh°AC

hD°A

@í°AAqΣb gxAN gyqα g⌠⌠ñ

ΣLhDC]¼) g@⌠⌠ΣLhD°A gyqAAα

Σ gxW°AC

hD°A"OD°A]igJC

D°A

wl≡igJ]i≤s°AC

¼l≡

² gl≡l≡C

Ph°A

ϕwl≡hD°AAíD°AⁿJCPh°Aú

gt@Ph°Aeª≤F u g²bªW

≤C

s

b g⌠wqU@π½≤O ibm-replicaGroupAB

NϕP g°A¿Cªú@KQm]w ACLAHO@

© Copyright IBM Corp. 2003 129

Page 142: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

gΩTCzuπeibC@ g⌠wqUΣ@ sA

NªⁿW ibm-replicagroup=defaultC

l

b sUAiH@hπ½≤O ibm-replicaSubentry

FC@P g@ú°AU@C liO°A

b gñΩtñΓGDn¬C¬°AiHΣÑíC g

g≤wC

wgl≡

DIT ñqY°A gt@°Aí≈Cbo]pUASwl≡

iH gY°AA úα gΣL°ACl≡iHbw°A

WgJA ΣLl≡hiHO¬C

g⌠⌠

]ts gx⌠⌠C

g≤w

²ñtΩTAHwqΓ°Aºíusuvu g⌠vC

Σñ@í°Aú]eX≤°AAt@í]¼

≤°AC≤wts@qúsuAH g

íΩTC

g⌠wq

ⁿX gl≡ CziHN ibm-replicationContext U½≤OsW

ñANª g CP g÷tmΩTOs g⌠wq

U@ñC

gx

tmb@ ghD°AM⌠≤D°ABPh °AC

ziHN gwbSwíoABNú≤[HpAMßHσ

ΦíeC ≤w]tú DNC

ú°A

e≤t@]°A°AC

²ñSwiϕ@ gl≡ AΦkOsW ibm-replicationContext ½≤O

oñCC@l≡úOO gCl≡≥VU²ΩT≡]DITA

ΦF¡IΣL gl≡εCsW gl≡ UΦAH]t g

tmΩTCoO@h sAΣUhOn lCPC

@ l÷pO g≤wAªiOC@°Aú] g

°AAHwqΩTC

zL gA∩Y²≤@hΣL²CΩWA∩Y

²≤πbhúP²WC IBM Directory ΣiDq gíC

giH]AG

v gu²ΩT²≡ (DIT)vl≡Sw°A

v Ñí ghh

v %l≡ⁿú°AñΓ]D °AC

v hD°AA∩Ñí gC

v ≤⌠⌠hD g@C

130 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 143: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

%l≡ guIb≤ ún gπ²CªiHO²í≈l≡

C

ií∩FD°A °AºCoⁿJúAA≤°AA O

A≤°A∩≤Sϕ gl≡πñΓC@°AiHPRϕYl≡

D°AA SRϕΣLl≡ °ACuD°AvoⁿJO≤ⁿ

gl≡ºß≤sΩ°ACu °AvoⁿJhO≤ⁿ)

ΣL°A]ⁿw gl≡úº≤sΩ°AC

\αwqA²6¼GD/PhBhDBα]ÑíCM ]

¬C

ϕ 12. °AñΓ

D/Ph D/Ph°AtDn²ΩTAΣñ≤ °AC

≤úObD°AWs@oA BD°AtdNo≤

°AC

iH°ARϕ²ΩTD°AAC@D°Atd≤sΣLD

°A °ACoºPh gCPh giH∩αia

Cα∩O]úF@°ABzsG⌠⌠ñ≤sΩC

ia∩hO]úFpGDnD°AGAYiY

≈D°AC

:

1. D°A gß≤sΩA²ú gqΣLD°A¼

≤sΩC

2. Ph°Aºí≤siHY⌡µ ⌡µCΩTA\

165y gzC

3. h°AY∩P@iµ≤sAiαP²Ωú@PA]

S≡MΦC\ 291yldapdiffzAHo½sPB°

A÷ΩTC

α]Ñí

C

αÑíC°AO@ °AAtd g≤CoúP

≤D/Ph°AA]D/Ph°A gs°Aºß

≤CÑíC°AiHεD°A gu@qAo°A≤

t\h!6B ⌠⌠ñC

hD hD g@hD°A≤ g⌠⌠ºía¼M! gΩTCh

D gDnnBOC⌠⌠yqC

°A

t²ΩTΣL°AC °AOD°A]ªOΣ °A

l≡C °AúF gl≡ ≈C

ziHnD °AW≤sA²≤sΩWαD°AAΦkONα

#ßCpG≤sQ¿AD°Ae≤s °ACD°A

¿F≤sΩ gA≤+#Mb²nDª °AWCpG gó

AN½⌡µAY½sD°A]O@C g≤O bD°

AWiµ≤C

pGúA °AAhz"qúú ≤wCdUwqP°A

εC≤A] ún²íCAú]≥p≥

A½seΩC

12 g 131

Page 144: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

g≤w

g≤wO²ñ@AΣ½≤O ibm-replicationAgreement Ob lºUAHwqqlNϕ°At@°A g@Co½≤

P²e Directory Server replicaObject ⁿC g≤wO%UC

¿G

v ÷OWA@≤wRWC

v ⁿw°AB≡HO SSL LDAP URLC

v °A IDAYD --uúvNϕΣ°A ID ú°A]pP

ñ⌡µ°A@δC

v tús½≤ DNC

v t gΩTº½≤∩ DN ⁿCpGeANY g≤C

÷OWiHO°AWΣLyzrΩC

F[jΩδTAϕúsAªq root DSE °A IDA

MßP≤wñ±CpG°A ID úANOⁿiC

°A ID OQz GUI MXC@3wF°A IDAGUI

NiHMΣ∩lΣ≤wC

%≤ g≤wiH gAH½≤ DNCoiH²xsb²D

gC g½≤]uσv"iHqooNϕτ±w

Ccn=localhost rO½≤Aϕw]mCO½≤]oΣúP

OΦk≤e÷@FziHs½≤OA ú"Yz∩N

qC

½≤OOw∩C@ΣOΦk wqG

v ÷s

v t SSL SASL EXTERNAL ≈ε

v Kerberos O

ziH%sW ibm-replicationContext UOl≡ rootAⁿwún gí!

gl≡A ú"wq⌠≤ lC

: uWeb zuπvb\@bÑn w≤w g≤A]N

≤w ’εC’C

HUUⁿOµíM LDIF ]w gdCodí°

¬G

v @D°AM@ °A

v @D°AA@α°AM@ °A

v ΓPh/D°AAΓα°AAM6 °AC

D-°A

pGnwqD- °AAz"G

132 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 145: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

1. D°AwqΣñeC∩n gl≡AN°AⁿwD°A

C

2. únC

3. °AC

4. NΩX °AC

Web zG

:

pGznsWúO°AñrAbziHsWl≡\αºeAz

"TwΣ ACL wqpUG

Lo ACLG

ownersource: <P DN>ownerpropagate: TRUE

aclsource: <P DN>aclpropagate: TRUE

Lo ACLG

ibm-filteraclinherit: FALSE

Fí¼ ACL DApGúO°AñrAbzeñsΦ

ACLC∩÷@UsΦ ACLCpGznsWLo ACLA∩

AMßP ACL MsW@ cn=this H access-id ñΓCTwwg∩ ACL MCpGznsWwLo ACLA∩

AMßP ACL MsW@ cn=this H access-id ñΓCTwwg°∩ pLo ACLA²Ow∩CΩT\

209y ACLzC

D°A]gl≡

: °A"b⌡µA+α⌡µ@C

o@NⁿwO gl≡ rootAB@ ibm-replicasubentryANo°Aϕ¿l≡µ@D°ACYn gl≡Az"ⁿwn°A

gl≡C

: b LinuxBSolaris HP-UX ¡xWApG]α°A⌡µ Pαó

ATwzt⌠ñwg]w⌠ LDAP_LOCK_RECCú⌠≤Sw

C

set LDAP_LOCK_REC=anyvalue

is²ñu gvzAA÷@UzC

1. ÷@UsWl≡C

2. ΘJzn gl≡ DNA÷@Us²iAH∩n@l≡ root

C

3. D°Aα URL OH LDAP URL µíπApG

ldap://<myservername>.<mylocation>.<mycompany>.com

12 g 133

Page 146: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

: D°Aα URL O∩CubUCípU+ªG

v pG°A]t]YN]t⌠≤¬l≡C

v n∩°AW⌠≤¬l≡wq@n#iµ≤sα URLC

4. ÷@UTwC

5. s°AπbuzveWA≤Ywgl≡ºUC

iuWeb zuπvs²ñu gvzAA÷@UzC

1. qul≡vMµñ∩nxsmCuWeb zuπvi²zbT

mñwqG

v cn=replication,cn=localhostAubµ°AWOsC

: bjí! g¼pñA±n@kOMΣ cn=replication,cn=localhost ñ

A]ªúw±≤l≡W g¬C²OAYSw

ípoLk≤ cn=replication,cn=localhost C

pGzb°A]p serverAºUsW °AA Bzw Web

zuπsúP°A s e r v e r BAh∩µúπ

cn=replication,cn=localhost ∩CoO]zLkbs serverB A

¬≤s serverA º cn=localhost U⌠≤ΩTC

uϕzbΣñsW °AO Web zuπsP@í

°AA+α cn=replication,cn=localhostC

v YϕzbΣñsW °AúO Web zuπsP@í°

AA]α cn=replication,cn=IBMpoliciesC±bmºU g°AC

: uϕ IBMpolicies Σ OID (1.3.18.0.2.32.18) sb≤ DSE

ibm-supportedcapabilities ºUA+α cn=replication,cn=IBMpolicies

mC

v b gl≡ñCbípUA gΣll≡CN±mb gl

≡ñANbl≡ ibm-replicagroup=default UC

: pGπ⌠≤l≡A 133yD°A] gl≡zA

Hop≤n gºl≡ⁿC

2. ÷@UsWC

3. ΘJznWAp mycredsFµñ cn= wgw²±C

4. ∩nOΦk¼AA÷@UU@BC

v pGz∩ ÷sOG

a. ΘJ°As °A DNApAcn=any

b. ΘJϕªs °AKXApAsecretC

c. AΘJKXAHTS,C

d. pGQnAΘJ uíC

e. ÷@U¿C

134 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 147: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

: ziαnO²s DN MKXAHΘßCzb ≤w

noKXC

v pGz∩ Kerberos OG

a. ΘJz Kerberos s DNC

b. ΘJsKXC

c. ½sΘJsKXiµTC

d. pGQnAΘJ uíCúnΣLΩTC\ 92

y]w KerberoszAHoΣLΩTC

e. ÷@U¿C

w]Aú¡ADΘsCpApGúW

m a s t e r . o u r . o r g . c o mA ΓO S O M E . R E A L MAh D N O

ibm-Kn=ldap/[email protected]Γ!jpgCpG@HWúAz"ⁿwúnDΘMKXC

bz°AWG

a. i²z÷@UzC

b. ∩zxsl≡ApAcn=localhostAMß÷@UiC

c. ∩ cn=replication ÷@UiC

d. ∩ kerberos ]ibm-replicationCredentialsKerberos÷@UsΦ

C

e. ÷@UΣLC

f. ΘJ [email protected]

g. ΘJ replicaCredentialsCoO myprincipal KDC KXC

: oDΘMKXMzqⁿOµ⌡µ kinit DΘMKXPC

b°AW

a. ÷@Us²ñzgeC

b. qúΩTU\αϕñ∩@úAΘJzntmú

gl≡WC

c. ÷@UsΦC

d. ΘJ g bindDNCbdñAhO

[email protected]

e. ΘJTgsKXCoO myprincipal KDC KXC

v pG∩FtO SSLAhb°AAzNúnú⌠≤

ΣLΩTCpGz∩núO°AA⌡µUC@G

a. ΘJ≈WC

b. ΘJ≈KXC

c. ½sΘJ≈KXiµTC

d. ΘJ≈C

e. pGQnAΘJ uíC

f. ÷@U¿C

\ 69yw Socket hzAHoΣLΩTC

12 g 135

Page 148: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

°A

: °A"b⌡µA+α⌡µ@C

i²ñgzAA÷@UzC

1. ∩n gl≡AA÷@UπC

2. ÷@Ug∩bYAiú°AMµC

3. ∩ú°AAA÷@UsWC

bsW°í°AWG

v ΘJzn D≈W≡Cw]≡O 389ANϕD SSLA 636 hNϕ

SSLCoúO"nµC

v ∩On SSL qTC

v ΘJ WANoµdD≈WC

v ΘJ IDCpGznbΣñ °Ab⌡µñA÷@Uo ID)w²±goµCpGznsW°AN¿Phα°AAh

oO"nµCz∩ IBM Tivoli Directory Server 5.2 °A⌡

µo@C

v ΘJ °AíC

bΣLWG

1. ⁿw °APD°AqTC

: uWeb zuπvi²zbΓaΦñwqG

v cn=replication,cn=localhostAub°AWOs

v YϕzbΣñsW °AúO Web zuπsP@

í°AA]α cn=replication,cn=IBMpoliciesC±bmºU g°AC

: uϕ IBMpolicies Σ OID (1.3.18.0.2.32.18) sb≤ DSE

ibm-supportedcapabilities ºUA+α cn=replication,cn=IBMpolicies

mC

v b gl≡ñCbípUA gΣll≡CN±mb g

l≡ñANbl≡ ibm-replicagroup=default UC

N±mb cn=replication,cn=localhost ñ±wC

a. ÷@U∩C

b. ∩nmCnO cn=replication,cn=localhostC

c. ÷@UπC

d. iMµAMß∩nC

e. ÷@UTwC

\ 134yzAHo÷≤≤wΣLΩTC

2. qUMµⁿw gA÷@UsW@C\ 165y

gz

3. qú\αMµñAziH°∩⌠≤ún g\αC

136 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 149: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

pGz⌠⌠VUúP°AAßi\αb¡ñi

αLkC\α]pLo ACL MKXhOQ%ΣL≤ g

@Cbjí!ípUApGo\αAzµ°AúαΣ

ªCpGúO°AúαΣY\αAzNúnªCpAzb

C@°AWúnúP ACL b@CM AziαnbΣY\α

°AWo\αA²OSúnbúΣo\α°AW gP\α

÷≤CbípUAziH\αMµún gSw\αC

4. ÷@UTw C

5. oπ@hTºAⁿX"B@C÷@UTwC

: pGznsWhí°A@ΣL °AAOn°Abz¿wqD°AWºeA<⌡µysΩ zysWú

ΩT zCpGzÑ¿ºß+ masterfile.ldifAªN]tD°A

M≤wπCϕzbC@í°AWⁿJoºßAC@í°

ANPΩTC

b ßAz"YND°AñX CoOΓC

bD°AWAΩ LDIF CpGnsD°AWΩAoXUC

ⁿOG

db2ldif -o <masterfile.ldif>

pGunsµ@l≡ΩAoXUCⁿOG

db2ldif -o <masterfile.ldif> -s <subtreeDN>

: úDⁿw -j ∩AhN6@]createTimestampBcreatorsNameB

modifiersName M modifyTimestampX LDIF C

bn ≈WG

1. Tw ibmslapd.conf ñwwqD°ArC

2. ε C

3. N <masterfile.ldif> s AMßoXUCⁿOG

ldif2db -r no -i <masterfile.ldif>

g≤wBB]pGxsb gl≡ñHΩⁿJ

ñC

4. °AC

sWúΩT

zn≤ tmAHⁿXQv gtm≤HABsWαD°A

C

bn ≈WG

1. i²ñgzAMß÷@UzgeC

2. ÷@UsWC

3. qgl≡U\αϕñ∩@úAΘJzntmú gl

≡WCpGznsΦúANLksΦoµC

12 g 137

Page 150: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

4. ΘJ g bindDNCbodñO cn=anyC

: ziHoΓ∩⌠≤@A°z¼p wC

v ’w]Mα’A g°Al≡]w gs DN]MK

XHw]αCqP@ú gl≡Aiαo

\αC

v C@ gl≡!O]w gs DN MKXAΦkOC@l≡s

WúΩTCϕC@l≡úúPú]τYC@l≡D°

AúPAiαo\αC

5. °¼ wAΘJTKXC]zºewgO²oKXHΘß

C

v ÷s - ⁿw DN MKX

v Kerberos - pGúLkODΘMKXA]τYA°A¡

ADΘAhs DN O ibm-kn=ldap/<yourservername@yourrealm>CpG

@ⁿ <myprincipal@myrealm> DΘWAª@ DNCb⌠≤

@ípUAúúnKXC

v SSL H/ EXTERNAL s - ⁿwDD DNA²úⁿwKX

\ 134yzC

6. ÷@UTwC

7. z"½s A≤+αC

ΣlΩTA\ 164y∩ gezC

B≤¼AAS⌠≤ g@oC¿ g]wºßAz"÷@

UzεCA∩ AMß÷@U/ gCΩT\ 166

yzεCzC biHqD°A¼≤sC

ⁿOµG

dí]zns gl≡C

:

dn: o=ibm,c=usobjectclass: organizationobjectclass: ibm-replicationContext

Oznl≡CpGowgsbA∩ªsW

objclass=ibm-replicationContextA únsWπC

pGnl≡ AznbD°AM ºí@ ≤wA\

132y g≤wzCo≤w"ⁿJD°AM WC

Γ°Aºí÷YOGun°AO úA OD°A

C

l≡ o=ibm,c=us D°A]masterM ]replicalG

1 . bD°Ab≈WA@]t≤wΩTApA

myreplicainfofileAΣñ myreplicainfofile ]tG

138 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 151: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

: NUCñX <master-uuid> N¿D°A cn=Configurationñ ibm-slapdServerId CoOb@°A%°AúCziH∩ cn=Configuration ⌡µ ldapsearchApGzUNIX tAziH∩ ibmslapd.conf grep ⁿOCPAz"NX <replica1-uuid> N °A cn=Configuration ibm-slapdServerId C

###g⌠wq - búMWdn: cn=replication,cn=localhostobjectclass: container

dn: o=ibm,c=usobjectclass: organizationobjectclass: ibm-replicationContext

###NUCes V5.1 ≤¬°AWC###sdn: ibm-replicaGroup=default, o=IBM, c=USobjectclass: topobjectclass: ibm-replicaGroupibm-replicaGroup: default

###N/Φks°A - g≤w###ⁿVBCdn: cn=replica1 BindCredentials,cn=replication,cn=localhostobjectclass: ibm-replicationCredentialsSimplecn: replica1 BindCredentialsreplicaBindDN: cn=masterreplicaCredentials: masterdescription: Bindmethod of master to replica1

### SubEntrydn: ibm-replicaServerId=<master-uuid>,ibm-replicaGroup=default,o=IBM, c=USobjectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <master-uuid>ibm-replicationServerIsMaster: truecn: masterdescription: master server

###∩°Ag≤wdn: cn=replica1,ibm-replicaServerId=<master-uuid>,

ibm-replicaGroup=default,o=IBM,c=USobjectclass: topobjectclass: ibm-replicationAgreementcn: replica1ibm-replicaConsumerId: <replica1-uuid>ibm-replicaUrl: ldap://<replicahostname:replicaport>ibm-replicaCredentialsDN: cn=replica1 BindCredentials,cn=replication,

cn=localhostdescription: replica server number one

2. εD°A]YεC

3. oXUCⁿOG

ldif2db -r no -i <myreplicainfofile>

4. oXUCⁿOG

db2ldif -o <masterfile.ldif>

ΩTA\ 288ydb2ldif ízC

5. N <masterfile.ldif> s replica1 b≈C

6. ε ]pGb⌡µñC

12 g 139

Page 152: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

7. z"N replica1 tm¿ °ACsΦNUC[J replica1

ibmslapd.conf ñG

dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Serveribm-slapdMasterDN: <cn=masterbndn>ibm-slapdMasterPW: <masterbnpw>ibm-slapdMasterReferral: ldap://<masterhostname>:<masterport>/

8. xs ibmslapd.conf C

9. oXUCⁿOG

ldif2db -r no -i <masterfile.ldif>

10. master M replica1C

: pGzNl≡s v4.1 ≤¡°AAzúiHs

ibm-replicagroup=default l≡A B"ú ibm-replicationcontext UOA] 4.1 ⌡úΣHWΓC

D-α-

pGnwqD-α- Az"G

1. wD°AM °AC\ 132yD- °AzC

2. l °As °AC

3. NΩs °AñC\ 137ysΩ zC

Web zG

pGzw]w g]\ 133yD°A] gl≡zAH

D°A (server1) M °A (server2)AziH≤ server2 ñΓα°AC

YnpAb server2 Us °A (server3)C

1. sD°A (server1) uWeb zv

2. is²ñu gvzAA÷@UzC

3. ∩n gl≡AA÷@UπC

4. ÷@Ug∩bYAiú°AMµC

5. ÷@U server1 ∩bYAi°AMµC

6. ∩ server2 A÷@UsWC

7.

bsW°í°AWG

v ΘJzn (server3) D≈W≡Cw]≡O 389ANϕD SSLA

636 hNϕ SSLCoúO"nµC

v ∩On SSL qTC

v ΘJ WANoµdD≈WC

v ΘJ IDCpGznbΣñ °Ab⌡µñA÷@Uo

ID )w²±goµCpGznsW°AN¿Phα°AAhoO"nµCz∩ IBM Tivoli Directory Server 5.2

°A⌡µo@C

v ΘJ °AíC

140 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 153: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

bΣLWG

a. ⁿw °APD°AqTC

: uWeb zuπvi²zbΓaΦñwqG

v cn=replication,cn=localhostAub°AWOsC

v b gl≡ñCbípUA gΣll≡C

N±mb cn=replication,cn=localhost ñ±wCN±mb g

l≡ñANbl≡ ibm-replicagroup=default UC

1) ÷@U∩C

2) ∩nmCnO cn=replication,cn=localhostC

3) ÷@UπC

4) iMµAMß∩nC

5) ÷@UTwC

\ 134yzAHo÷≤≤wΣLΩTC

b. qUMµⁿw gA÷@UsW@C\ 165y

gzC

c. qú\αMµñAziH°∩⌠≤ún g\αC

pGz⌠⌠VUúP°AAßi\αb¡

ñiαLkC\α]pLo ACL MKXhOQ%ΣL≤

g@Cbjí!ípUApGo\αAzµ

°AúαΣªCpGúO°AúαΣY\αAzNún

ªCpAzbC@°AWúnúP ACL b@CM Az

iαnbΣY\α°AWo\αA²OSúnbúΣo\

α°AW gP\α÷≤CbípUAziH\αMµ

ún gSw\αC

d. ÷@UTw C

8. NΩq server2 ss (server3)C\ 137ysΩ

zAHop≤⌡µBJ÷ΩTC

9. sW server3 ú≤wA² server2 ¿ server 3 ú server3 ¿

server2 C\ 137ysWúΩT zAHop≤⌡µ

oBJ÷ΩTC

°AñΓ% Web zuπñNϕCzNpUG

v server1]D°A

– server2]α°A

- server3] °A

ⁿOµG

dí]zns gl≡C

:

dn: o=ibm,c=usobjectclass: organizationobjectclass: ibm-replicationContext

12 g 141

Page 154: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Oznl≡CpGowgsbA∩ªsW

objclass=ibm-replicationContextA únsWπC

oPµ@D°A °AⁿA²"Nπ[JC@

°AñA B≤wΩTe≤°Cb]tα°AΩTHú

-ΩTC

oΩú-÷YG

v D°AOα°AúC

v α°AΓñΓG

1. D°A

2. ú

v Oα°AC

l≡ o=ibm,c=us D°A]masterBα°A]forwarder1M

]replica1°AG

1 . bD°Ab≈WA@]t≤wΩTApA

myreplicainfofileAΣñ myreplicainfofile ]tG

: NUCñX <master-uuid> N¿D°A cn=Configurationñ ibm-slapdServerId CoOb@°A%°AúCziH∩ cn=Configuration ⌡µ ldapsearchApGzUNIX tAziH∩ ibmslapd.conf grep ⁿOCPAz"NX <forwarder1-uuid> M <replica1-uuid> N¿÷°A

cn=Configuration ibm-slapdServerId C

dn: cn=replication,cn=localhostobjectclass: container

dn: o=ibm,c=usobjectclass: organizationobjectclass: ibm-replicationContext

dn: ibm-replicaGroup=default, o=ibm,c=usobjectclass: topobjectclass: ibm-replicaGroupibm-replicaGroup: default

dn: cn=forwarder1 BindCredentials,cn=replication,cn=localhostobjectclass: ibm-replicationCredentialsSimple

# ibm-replicationCredentialsExternal #ibm-replicationCredentialsKerberos

cn: forwarder1 BindCredentialsreplicaBindDN: <cn=forw1bnddn>replicaCredentials: <forw1bndpw>cn:forwarder1 BindCredentialsdescription: Bindmethod of master to forwarder1

dn: cn=replica1 BindCredentials,cn=replication,cn=localhostobjectclass: ibm-replicationCredentialsSimplecn: replica1 BindCredentialsreplicaBindDN: <cn=rep1bnddn>replicaCredentials: <rep1bndpw>description: Bindmethod of forwarder1 to replica1

dn: ibm-replicaServerId=<master-uuid>,ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicaSubentry

142 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 155: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ibm-replicaServerId: <master-uuid> #tmñ IDibm-replicationServerIsMaster: true#YD°AAh trueAYα°AAh falsecn: masterdescription: master ibm-replicaSubentry

dn: ibm-replicaServerId=<forwarder1-uuid>,ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <forwarder1-uuid>ibm-replicationServerIsMaster: falsecn: forwarder1description: forwarder1 ibm-replicaSubentry

dn: cn=forwarder1,ibm-replicaServerId=<master-uuid>,ibm-replicaGroup=default,o=ibm,c=us

objectclass: topobjectclass: ibm-replicationAgreementcn: forwarder1ibm-replicaConsumerId: <forwarder1-uuid>ibm-replicaUrl: ldap://<forwarder1hostname:forwarder1port>ibm-replicaCredentialsDN: cn=forwarder1 BindCredentials,cn=replication,

cn=localhostdescription: master1 to forwarder1 agreement

dn: cn=replica1,ibm-replicaServerId=<forwarder1-uuid>,ibm-replicaGroup=default,o=ibm,c=us

objectclass: topobjectclass: ibm-replicationAgreementcn: replica1ibm-replicaConsumerId: <replica1-uuid>-uuidibm-replicaUrl: ldap://<replica1hostname:replica1port>ibm-replicaCredentialsDN: cn=replica1 BindCredentials,cn=replication,

cn=localhostdescription: forwarder1 to replica1 agreement

2. εD°A]YεC

3. oXUCⁿOG

ldif2db -r no -i <myreplicainfofile>

4. oXUCⁿOG

db2ldif -o <masterfile.ldif>

ΩTA\ 288ydb2ldif ízC

5. N <masterfile.ldif> s forwarder1 b≈C

6. ε forwarder1]pGb⌡µñC

7. z"N forwarder1 tm¿α°ACsΦNUC[J forwarder1

ibmslapd.conf ñG

dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Serveribm-slapdMasterDN: <cn=masterbnddn>ibm-slapdMasterPW: <masterbndp>wibm-slapdMasterReferral: ldap://masterhostname:masterport/

#bsWαD°AC#α]iH[J replicaContextABu²#dªO°AC

8. xs ibmslapd.conf C

9. N <masterfile.ldif> s replica1 b≈C

10. ε replica1]pGb⌡µñC

12 g 143

Page 156: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

11. z"N replica1 tm¿ °ACsΦNUC[J replica1

ibmslapd.conf ñG

dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Serveribm-slapdMasterDN: <cn=forw1bndn>ibm-slapdMasterPW: <forw1bnpw>ibm-slapdMasterReferral: ldap://forw1hostname:forw1port/

12. xs ibmslapd.conf C

13. b forwarder1 M replica1 b≈WAoXUCⁿOG

ldif2db -r no -i <masterfile.ldif>

14. masterBforward1 M replica1C

°gº[

ziHo¬Ñº[@]w° gⁿC

1. iαPhD°AMYN@ °AANªm≤ut

mvíC

2. ’@’ D°AANªtm¿⌠ñD°AC

3. ⁿJnb ’@’ D°AW gl≡Ω]YⁿJΩC

4. ∩n gl≡C

5. sWiαPhD°A@u@vD°A C

6. sWΣL C

7. ΣLPhD°Aú&ªC

8. sW ≤wC@PhD°AC

: pGnbcn=replication,cn=localhost ñAN"b½sC@°AºßAbC@°AWCb½≤ºeAPh°

A gúóC

9. sWΣLD°A ≤wC@PhD°AC’@’ D°Awg

ΩTC

10. Rε gl≡C

11. uεCvz⌡LC@εCC

12. q ’@’ D°AX gl≡ΩC

13. °Rεl≡C

14. N gl≡ΩJC@ MPhD°AC

15. zC@ MPhD°AW geAN]w¿%úC

16. ϕC@ MPhD°A AY½sªC

Phg]w°

Ph gO@ gAΣñh°AOD°ACM APhD°A

⌠úPOAPh°Aºíú"⌡µ≡MΦCLDAP °AⁿPh

°Aú≤sAMß≤s¡ΩC¼≤sSSw

qAh≤sO≡]SSϕqC

144 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 157: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

pGnsWΣLD]Ph°AAz"²N°AsWD°A

¬ ]\ 136y °AzAl]w²ΩAMßN°A

ú&D°A]\ 161yú&°AzC

ΦlAo ibm-replicagroup ½≤ gl≡ root

ACLCo ACL iαúAXε∩²ñ gΩTiµsC

F²usWvl≡@Q¿ApGzsW DN úO°AñrAN"

πT ACLC

Lo ACLG

v ownersource : < DN>

v ownerpropagate : TRUE

v aclsource : < DN>

v aclpropagate: TRUE

Lo ACLG

v ownersource : < DN>

v ownerpropagate : TRUE

v ibm-filteraclinherit: FALSE

v ibm-filteraclentry : <⌠≤>

Web zuπsΦ ACL \αAPΦº gl≡÷p gΩT]w ACL]\ 163ysΦsεMµzC

B≤¼AAS⌠≤ g@oC¿ g]wºßAz"÷@

UzεCA∩ AMß÷@U/ gCΩT\ 166

yzεCzC biHqD°A¼≤sC

ubw≤sVq⌠ñA+Ph gC∩²ñSw½≤

≤s"%YPh°A⌡µCoOFεbY°ARú½≤ºßAt

@°Ao∩½≤CoΩ]iαb∩ⁿOºßAPh°Ao¼R

úⁿOAoNú≡C

pGnwqPh-α- AΣ]tΓíPh-D°ABΓíα°A

M6í °Az"G

1. wD°AM °AC\ 132yD- °AzC

2. D°AΓíB °AC\ 136y °AzC

3. bΦΓí °AºU!OΓí °AC

4. N °Aú&D°AC

: znú&D°A°A"O@¡ AS⌠≤lh °AC

5. ND°AΩssD°AM °AñC\ 137ys

Ω zC

12 g 145

Page 158: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Web zG

ziHb 140y Web zGz ñαAN°Aú&P

h°ACbdñAzNΓ °A (server3) ú&D°A (server1)

Ph°AC

1. sD°A (server1) uWeb zvC

2. is²ñu gvzAA÷@UzC

3. ∩n gl≡AA÷@UπC

4. ÷@Ug∩bYAi°AMµC

5. ÷@U server1 ∩bYAi°AMµC

6. ÷@U server2 ∩bYAi°AMµC

7. ÷@U server1AA÷@UsWC server4C\ 136y

°AzCϕP server5C°AñΓ% Web zuπñ

NϕCzNpUG

v server1]D°A

– server2]α°A

- server3] °A

– server4] °A

– server5] °A

8. ÷@U server2AA÷@UsW server6C

9. ÷@U server4AA÷@UsW server7CϕP

server8CbzNpUG

v server1]D°A

– server2]α°A

- server3] °A

- server6] °A

– server4]α°A

- server7] °A

- server8] °A

– server5] °A

10. ∩ server5AA÷@UC

: zn°A"O@¡ AS⌠≤lh C

11. ∩nN ú&D°AgC÷@UC

12. oπΣLú≤weCPh gnDC@íD°AúO

ñΣLD°AH@h °A]Y server2 M server4úM

CServer5 wgO server1 Abª"¿ server1Bserver2 M server4

úCTw∩UCUúX∩G

ϕ 13.

ú

U server5 server1

U server5 server2

146 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 159: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ϕ 13. (≥)

ú

U server5 server4

÷@U≥C

: bYípUAu∩ve⌡XAnDúúbcn=rep l i ca t ion ,cn= loca lhos t CbípUAz"ú≤

cn=replication,cn=localhost HaΦ½≤Cq∩l≡N

AsC\ 134yz

.

13. ÷@UTwCbzNpUG

v server1]D°A

– server2]α°A

- server3] °A

- server6] °A

– server4]α°A

- server7] °A

- server8] °A

– server5]D°A

v server5]D°A

– server1]D°A

– server2]α°A

– server4]α°A

14. N server1 Ωs°AñC\ 137ysΩ zA

Hop≤⌡µBJ÷ΩTC

ⁿOµG

dí]zns gl≡C

:

dn: o=ibm,c=usobjectclass: organizationobjectclass: ibm-replicationContext

Oznl≡CpGowgsbA∩ªsW

objclass=ibm-replicationContextA únsWπC

bodñ≤°Cª]tΓPhD°A]peer1 M peer2AΓ

α°A] fo rwarder1 M fo rwarder2H6 °A] rep l i ca1B

replica2Breplica3 M replica4Co°Aºí÷YpUG

v peer1 M peer2 OPh-D°ACoϕϕª¼) ≤sAu g

qß¼CϕΓD°Aúπ PeAu¼ß

nD°A gCoΓ°AúO úMA]Oα

°AúC

12 g 147

Page 160: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v forwarder1 M forwarder 2 ΩtΓñΓCªPO peer1 M peer2 A

]O÷ úCªú⌡µ⌠≤ß≤sCªN g≤se

ªCboΩñ

– forwarder1 O replica1 M replica2 ú

– forwarder2 O replica3 M replica4 ú

forwarder1 M forwarder2 ºíS¼C

v 1 M 2 O forwarder1 Areplica3 M replica4 O forwarder2

C

pGnPh-D]peer1 M peer2Bα°A]forwarder1 M forwarder2M

°A]replica1Breplica2Breplica3 M replica4

Peer1<------->Peer2| \ / || X |↓ / \ ↓

Forwarder1 Forwarder2/ | | \

Replica1 Replica2 Replica3 Replica4

Hl≡ o=ibm,c=usG

1. ε°A peer1 M peer2C

2. z"N peer1 M peer2 tm¿Ph°ACsΦNUC[J

peer1 M peer2 ibmslapd.conf ñG

dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Serveribm-slapdMasterDN: cn=masteribm-slapdMasterPW: master

: oboΓí°Añ@wnPA]od½≤Ob°AW@C

3. xs ibmslapd.conf C

4. bD°A peer 1 b≈WA@]t≤wΩTApA

mycredentialsfileAΣñ mycredentialsfile ]tG

dn: cn=replication,cn=localhostobjectclass: container

dn: cn=simple,cn=replication,cn=localhostobjectclass: ibm-replicationCredentialsSimplecn: simplereplicaBindDN: cn=masterreplicaCredentials: masterdescription: Bindmethod for topology

5. oXUCⁿOG

ldif2db -r no -i <mycredentialsfile>

6. N <mycredentialsfile> s peer2Bforwarder1 M forwarder2 b≈WAM

ßbC@í≈WoXUCⁿOG

ldif2db -r no -i <mycredentialsfile>

148 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 161: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

7. b peer1 b≈WA@ <mytopologyfile>AΣñ <mytopologyfile> ]

AG

: NUCñX <master-uuid> N¿D°A cn=Configurationñ ibm-slapdServerId CoOb@°A%°AúCziH∩ cn=Configuration ⌡µ ldapsearchApGzUNIX tAziH∩ ibmslapd.conf grep ⁿOCPAz"NX <peerx-uuid>B<forwarderx-uuid> M <replicax-uuid>]Σñ

x Nϕ@rN¿÷°A cn=Conf igurat ion

ibm-slapdServerId C

dn: o=ibm,c=uso: ibmobjectclass: topobjectclass: organizationobjectclass: ibm-replicationContext

dn: ibm-replicaGroup=default, o=ibm,c=usobjectclass: topobjectclass: ibm-replicaGroupibm-replicaGroup: default

dn: ibm-replicaServerId=<peer1-uuid>,ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <peer1-uuid>ibm-replicationServerIsMaster: truecn: peer1description: peer1 server

dn: ibm-replicaServerId=<peer2-uuid>,ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <peer2-uuid>ibm-replicationServerIsMaster: truecn: peer2description: peer2 server

dn: ibm-replicaServerId=<forwarder1-uuid>,ibm-replicaGroup=default,o=ibm,c=us

objectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <forwarder1-uuid>ibm-replicationServerIsMaster: falsecn: forwarder1description: forwarder server number one

dn: ibm-replicaServerId=<forwarder2-uuid>,ibm-replicaGroup=default,o=ibm,c=us

objectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <forwarder2-uuid>ibm-replicationServerIsMaster: falsecn: forwarder2description: forwarder server number two

#peer1 ∩ peer2 ≤wdn: cn=peer2,ibm-replicaServerId=<peer1-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: peer2ibm-replicaConsumerId: <peer2-uuid>ibm-replicaUrl: ldap://<peer2hostname:peer2port>

12 g 149

Page 162: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: peer2 server

#peer1 ∩ forwarder1 ≤wdn: cn=forwarder1,ibm-replicaServerId=<peer1-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: forwarder1ibm-replicaConsumerId: <forwarder1-uuid>ibm-replicaUrl: ldap://<forwarder1hostname:forwarder1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: forwarder server one

#peer1 ∩ forwarder2 ≤wdn: cn=forwarder2,ibm-replicaServerId=<peer1-uuid>

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: forwarder2ibm-replicaConsumerId: <forwarder2-uuid>ibm-replicaUrl: ldap://<forwarder2hostname:forwarder2port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: forwarder server two

#peer2 ∩ peer1 ≤wdn: cn=peer1,ibm-replicaServerId=<peer2-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: peer1ibm-replicaConsumerId: <peer1-uuid>ibm-replicaUrl: ldap://<peer1hostname:peer1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: peer server one

#peer2 ∩ forwarder1 ≤wdn: cn=forwarder1,ibm-replicaServerId=<peer2-uuid>

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: forwarder1ibm-replicaConsumerId: forwarder1-uidibm-replicaUrl: ldap://<forwarder1hostname:forwarder1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: forwarder server one

#peer2 ∩ forwarder2 ≤wdn: cn=forwarder2,ibm-replicaServerId=<peer2-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: forwarder2ibm-replicaConsumerId: <forwarder2-uuid>ibm-replicaUrl: ldap://$<forwarder2hostname:forwarder2port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: forwarder server two

#forwarder1 ∩ replica1 ≤wdn: cn=replica1,ibm-replicaServerId=<forwarder1-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: replica1ibm-replicaConsumerId: <replica1-uuid>ibm-replicaUrl: ldap://<replica1hostname:replica1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhost

150 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 163: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

description: replica server number one

#forwarder1 ∩ replica2 ≤wdn: cn=replica2,ibm-replicaServerId=<forwarder1-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: replica2ibm-replicaConsumerId: <replica2-uuid>ibm-replicaUrl: ldap://<replica2hostname:replica2port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: replica server number two

#forwarder2 ∩ replica3 ≤wdn: cn=replica3,ibm-replicaServerId=<forwarder2-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: replica3ibm-replicaConsumerId: <replica3-uuid>ibm-replicaUrl: ldap://<replica3hostname:replica3port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: replica server number three

#forwarder2 ∩ replica4 ≤wdn: cn=replica4,ibm-replicaServerId=<forwarder2-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: replica4ibm-replicaConsumerId: <replica4-uuid>ibm-replicaUrl: ldap://<replica4hostname:replica4port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: replica server number four

8. pGnⁿJoAoXUCⁿOG

ldif2db -r no -i <mytopologyfile>

Σñ -r no iε gC

9. oAziαnⁿJzl≡ΣLΩC

10. ¿ΩⁿJApGnXHJΣL°AAoXUCⁿOG

db2ldif -s"o=ibm,c=us" -o <mymasterfile.ldif>

ΩTA\ 288ydb2ldif ízC

11. N <masterfile.ldif> s peer2 b≈WC

12. b peer2 Mb≈WAoXUCⁿOG

ldif2db -r no -i <masterfile.ldif>

13. Tw forwarder1 M forwarder2 wgεC

14. z"N forwarder1 M forwarder2 tm¿α°ACsΦNUC

[J forwarder1 M forwarder2 ibmslapd.conf ñG

dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Serveribm-slapdMasterDN: cn=masteribm-slapdMasterPW: masteribm-slapdMasterReferral: ldap://peer1hostname:peer1port/

: oiTO)ß≤súQ peer1C

15. N <masterfile.ldif> s forwarder1 M forwarder2 b≈WC

12 g 151

Page 164: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

16. bC@í≈WoXUCⁿOG

ldif2db -r no -i <masterfile.ldif>

17. Tw replica1Breplica2Breplica3 M replica4 wgεC

18. z"N replica1Breplica2Breplica3 M replica4 tm¿ °ACsΦ

NUC[JC@í °A ibmslapd.conf ñG

dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Serveribm-slapdMasterDN: cn=masteribm-slapdMasterPW: masteribm-slapdMasterReferral: ldap://peer1hostname:peer1port/

19. xs ibmslapd.conf C

20. N <masterfile.ldif> s replica1Breplica2Breplica3 M replica4 b≈WC

21. bC@í≈WoXUCⁿOG

ldif2db -r no -i <masterfile.ldif>

22. peer1Bpeer2Bforwarder1Bforwarder2Breplica1Breplica2Breplica3 M replica4C

]whD

: hD°A"O IBM Tivoli Directory Server 5.2 °AAOtΣhD g

@ºí IBM Directory Server 5.1 °AC

hD g@hD°A≤ g⌠⌠ºía¼M! gΩTChD g

DnnBOC⌠⌠yqC

hD°A"OD°A]igJCUíhD g@B@ΦíG

152 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 165: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

5 ñ g⌠⌠]t6 gxAC@]t@íhD°AChD°AG

v qb gxñPh/D°A¼ g≤sAe≤s g⌠⌠

ΣLhD°AC

v q g⌠⌠ñΣLhD°A¼ g≤sAe≤sΣb gxñ

Ph/D°AM °AC

hD°A°A ids M ids Mw≤sne g⌠⌠ΣLhD

°AA≤sne gx°AC

Yn]whD g@Az".ΓhD°AChD°Ai

gxCz"bhDM⌠≤D/PhHnJhD gxñ °Aº

íA g≤wC

hD°A"OD°A]igJCpGzsWhD½≤O

ibm-replicaGateway úOD°A lAh#TºC

ΓΦkiHhD°ACziHG

v shD°A

v α½Ph°AhD°A

: SONAzuαbC@ gxWⁿw@íhD°AC

5. πhD°A g⌠⌠

12 g 153

Page 166: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Web zG

pGnte@díPh g°]whDG

v NPh°A (peer1) ૨hD°AH gx 1C

v gx 2 shD°AAH peer1 ≤wC

v gx 2 ]dñíC

v ND°AΩsñ≈ñC

1. sD°A (server1) uWeb zvC

2. is²ñu gvzAA÷@UzC

3. ∩n gl≡AA÷@UπC

4. ÷@Ug∩bYAi°AMµC

5. pGnN°A૨hD°AA∩ server1 ΣPh server5Cd server1C

6. ÷@UsΦ°AC

7. Tw∩°AOD°AA∩°AOhDC

8. ÷@UTwC

: pGznhD°AwgOD°AAª"OSlh ¡ °AAziH²Nªú&D°AAMßANªⁿw¿hDC

9. pGnshD°AA∩ server1AA÷@UsWC

10. s °A server9C\ 136y °AzC

11. ∩ server9AA÷@UC

12. ∩nN ú&D°AgC÷@UC

13. oπΣLú≤weCTwu∩ server1 ú≤w∩

C

ϕ 14.

ú

U server9 server1

server9 server2

server9 server4

server9 server5

÷@U≥C

: bYípUAu∩ve⌡XAnDúúbcn=rep l i ca t ion ,cn= loca lhos t CbípUAz"ú≤

cn=replication,cn=localhost HaΦ½≤Cq∩l≡N

AsC\ 134yzC

.

14. ÷@UTwC°AñΓ% Web zuπñNϕCbzNpUG

v server1] gx 1 D-hD

– server2]α°A

- server3] °A

- server6] °A

154 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 167: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

– server4]α°A

- server7] °A

- server8] °A

– server5]D°A

– server9] gx 2 D-hD

v server5]D°A

– server1]D°A

– server2]α°A

– server4]α°A

v server9]D-hD

– server1]D-hD

15. sW °A server9AH gx 2 C

16. ½WzAHΣL gxCNAzuαbC@ gxWⁿ

w@íhD°AC

17. ¿ºßAN server1 Ωs gxñ°AWC

\ 137ysΩ zAHop≤⌡µBJ÷ΩTC

ⁿOµG

bdíñAzN@s gl≡AΣPI∩Idñ

PC

:

dn: o=ibm,c=usobjectclass: organizationobjectclass: ibm-replicationContext

Oznl≡CpGowgsbA∩ªsW

objclass=ibm-replicationContextA únsWπC

bodñAzN≤eΓíPh°ABΓíα°AAH6í °A

AHKG

v N peer1 ñΓ∩¿ΣhD°A] gx 1C

v gx 2 shD°A gate2C

: gx 2 ª)vAH gate2 ΣhD°ACdNúí

gCziH gx 1 ϕ@¼C²OAú"

JΩ]wñ gxC

Gate2 <-------------->Peer1(G)<---->Peer2| \ / || X |↓ / \ ↓

Forwarder1 Forwarder2/ | | \

Replica1 Replica2 Replica3 Replica4

1. ε°A gate2Bpeer1 M peer2C

2. z"N gate2Bpeer1 M peer2 tm¿Ph°ACsΦNUC

[J peer1 M peer2 ibmslapd.conf ñG

12 g 155

Page 168: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Serveribm-slapdMasterDN: cn=masteribm-slapdMasterPW: master

: ob°Añ@wnPA]od½≤Ob°AW@C

3. xs ibmslapd.conf C

4. bD°A peer 1 b≈WA@]t≤wΩTApA

mycredentialsfileAΣñ mycredentialsfile ]tG

dn: cn=replication,cn=localhostobjectclass: container

dn: cn=simple,cn=replication,cn=localhostobjectclass: ibm-replicationCredentialsSimplecn: simplereplicaBindDN: cn=masterreplicaCredentials: masterdescription: Bindmethod for topology

5. oXUCⁿOG

ldif2db -r no -i <mycredentialsfile>

6. N <mycredentialsfile> s gate2Bpeer2Bforwarder1 M forwarder2 b≈

WAMßoXUCⁿOG

ldif2db -r no -i <mycredentialsfile>

7. b peer1 b≈WA@ <mytopologyfile>AΣñ <mytopologyfile> ]

AG

: NUCñX <peer1-uuid> N¿D°A cn=Configurationñ ibm-slapdServerId CoOb@°A%°AúCziH∩ cn=Configuration ⌡µ ldapsearchApGzUNIX tAziH∩ ibmslapd.conf grep ⁿOCPaAz"NX <peerx-uuid>B<forwarderx-uuid>B<replicax-uuid M

< g a t e 2 - u u i d >]Σñ x Nϕ@rN¿÷°A

cn=Configuration ibm-slapdServerId CíXdñPezPhⁿOµdúP≤BíHΘπC

dn: o=ibm,c=uso: ibmobjectclass: topobjectclass: organizationobjectclass: ibm-replicationContext

dn: ibm-replicaGroup=default, o=ibm,c=usobjectclass: topobjectclass: ibm-replicaGroupibm-replicaGroup: default

#Make peer1 a gateway server for site 1dn: ibm-replicaServerId=<peer1-uuid>,ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicaSubentryobjectclass: ibm-replicaGatewayibm-replicaServerId: <peer1-uuid>ibm-replicationServerIsMaster: true

156 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 169: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

cn: peer1description: gateway server from replication site 1 to replication site 2

#Add gate2 as a gateway server for site 2dn: ibm-replicaServerId=<gate2-uuid>,ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicaSubentryobjectclass: ibm-replicaGatewayibm-replicaServerId: <gate2-uuid>ibm-replicationServerIsMaster: truecn: gate2description: gateway server from replication site 2 to replication site 1

dn: ibm-replicaServerId=<peer2-uuid>,ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <peer2-uuid>ibm-replicationServerIsMaster: truecn: peer2description: peer2 server

dn: ibm-replicaServerId=<forwarder1-uuid>,ibm-replicaGroup=default,o=ibm,c=us

objectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <forwarder1-uuid>ibm-replicationServerIsMaster: falsecn: forwarder1description: forwarder server number one

dn: ibm-replicaServerId=<forwarder2-uuid>,ibm-replicaGroup=default,o=ibm,c=us

objectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <forwarder2-uuid>ibm-replicationServerIsMaster: falsecn: forwarder2description: forwarder server number two

#peer1 to gate2 agreementdn: cn=gate2,ibm-replicaServerId=<peer1-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: gate2ibm-replicaConsumerId: <gate2-uuid>ibm-replicaUrl: ldap://<gate2hostname:gate2port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: supplier agreement from replication site1 to replication site2

#gate2 to peer1 agreementdn: cn=gate1,ibm-replicaServerId=<gate2-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: peer1ibm-replicaConsumerId: <peer1-uuid>ibm-replicaUrl: ldap://<peer1hostname:peer1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: supplier agreement from replication site2 to replication site 1

#peer1 ∩ peer2 ≤wdn: cn=peer2,ibm-replicaServerId=<peer1-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: peer2

12 g 157

Page 170: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ibm-replicaConsumerId: <peer2-uuid>ibm-replicaUrl: ldap://<peer2hostname:peer2port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: peer2 server

#peer1 ∩ forwarder1 ≤wdn: cn=forwarder1,ibm-replicaServerId=<peer1-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: forwarder1ibm-replicaConsumerId: <forwarder1-uuid>ibm-replicaUrl: ldap://<forwarder1hostname:forwarder1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: forwarder server one

#peer1 ∩ forwarder2 ≤wdn: cn=forwarder2,ibm-replicaServerId=<peer1-uuid>

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: forwarder2ibm-replicaConsumerId: <forwarder2-uuid>ibm-replicaUrl: ldap://<forwarder2hostname:forwarder2port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: forwarder server two

#peer2 ∩ peer1 ≤wdn: cn=peer1,ibm-replicaServerId=<peer2-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: peer1ibm-replicaConsumerId: <peer1-uuid>ibm-replicaUrl: ldap://<peer1hostname:peer1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: peer server one

#peer2 ∩ forwarder1 ≤wdn: cn=forwarder1,ibm-replicaServerId=<peer2-uuid>

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: forwarder1ibm-replicaConsumerId: forwarder1-uidibm-replicaUrl: ldap://<forwarder1hostname:forwarder1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: forwarder server one

#peer2 ∩ forwarder2 ≤wdn: cn=forwarder2,ibm-replicaServerId=<peer2-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: forwarder2ibm-replicaConsumerId: <forwarder2-uuid>ibm-replicaUrl: ldap://$<forwarder2hostname:forwarder2port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: forwarder server two

#forwarder1 ∩ replica1 ≤wdn: cn=replica1,ibm-replicaServerId=<forwarder1-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: replica1ibm-replicaConsumerId: <replica1-uuid>

158 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 171: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ibm-replicaUrl: ldap://<replica1hostname:replica1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: replica server number one

#forwarder1 ∩ replica2 ≤wdn: cn=replica2,ibm-replicaServerId=<forwarder1-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: replica2ibm-replicaConsumerId: <replica2-uuid>ibm-replicaUrl: ldap://<replica2hostname:replica2port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: replica server number two

#forwarder2 ∩ replica3 ≤wdn: cn=replica3,ibm-replicaServerId=<forwarder2-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: replica3ibm-replicaConsumerId: <replica3-uuid>ibm-replicaUrl: ldap://<replica3hostname:replica3port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: replica server number three

#forwarder2 ∩ replica4 ≤wdn: cn=replica4,ibm-replicaServerId=<forwarder2-uuid>,

ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: replica4ibm-replicaConsumerId: <replica4-uuid>ibm-replicaUrl: ldap://<replica4hostname:replica4port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: replica server number four

8. pGnⁿJoAoXUCⁿOG

ldif2db -r no -i <mytopologyfile>

Σñ -r no iε gC

9. oAziαnⁿJzl≡ΣLΩC

10. ¿ΩⁿJApGnXHJΣL°AAoXUCⁿOG

db2ldif -s"o=ibm,c=us" -o <mymasterfile.ldif>

ΩTA\ 288ydb2ldif ízC

11. N <masterfile.ldif> s gate2 b≈WC

12. b gate2 b≈WAoXUCⁿOG

ldif2db -r no -i <masterfile.ldif>

13. N <masterfile.ldif> s peer2 b≈WC

14. b peer2 Mb≈WAoXUCⁿOG

ldif2db -r no -i <masterfile.ldif>

15. Tw forwarder1 M forwarder2 wgεC

16. z"N forwarder1 M forwarder2 tm¿α°ACsΦNUC

[J forwarder1 M forwarder2 ibmslapd.conf ñG

dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Server

12 g 159

Page 172: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ibm-slapdMasterDN: cn=masteribm-slapdMasterPW: masteribm-slapdMasterReferral: ldap://peer1hostname:peer1port/

: oiTO)ß≤súQ peer1C

17. N <masterfile.ldif> s forwarder1 M forwarder2 b≈WC

18. bC@í≈WoXUCⁿOG

ldif2db -r no -i <masterfile.ldif>

19. Tw replica1Breplica2Breplica3 M replica4 wgεC

20. z"N replica1Breplica2Breplica3 M replica4 tm¿ °ACsΦ

NUC[JC@í °A ibmslapd.conf ñG

dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Serveribm-slapdMasterDN: cn=masteribm-slapdMasterPW: masteribm-slapdMasterReferral: ldap://peer1hostname:peer1port/

21. xs ibmslapd.conf C

22. N <masterfile.ldif> s replica1Breplica2Breplica3 M replica4 b≈WC

23. bC@í≈WoXUCⁿOG

ldif2db -r no -i <masterfile.ldif>

24. gate2Bpeer1Bpeer2Bforwarder1Bforwarder2Breplica1Breplica2Breplica3 M

replica4C

zg Web z@

Web zuπ⌡µUC@C

z

O gl≡SC

°

: °A"b⌡µA+α⌡µ@C

i²ñgzAA÷@UzC

1. ∩zn°l≡AMß÷@UπC

πbu gvMµñC÷@UΓTñiCqoMµAz

iHG

v sW C

v sΦ ÷ΩTC

v ≤ úPDnú°AAN ú&D°A

v Rú C

sW

\ 136y °AzC

160 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 173: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

sΦ≤wziH≤ UCΩTG

b°AWAzuα≤UCG

v D≈W

v ≡

v SSL

v í

bΣLWAziH≤UCG

v - \ 134yzC

v g - \ 165y gzC

v ≤ g \αCqú\αMµñAziH°∩⌠≤ún

g\αC

v ϕz¿A÷@UTwC

sΦ°A

: hD°A"O IBM Tivoli Directory Server 5.2 °AAOtΣhD g

@ºí IBM Directory Server 5.1 °AC

ziHⁿwD°AO gxWhD°AñΓC

pGnND°Aⁿw¿hD°AG

1. ∩°AOhD∩C

2. ÷@UTwC

pGnND°AhD°AñΓúG

1. °∩°AOhD∩C

2. ÷@UTwC

ΩTA\ 152y]whDzC

ú%°A

1. ∩°AAA÷@UC

2. ∩nN @°AA∩nN ú&D°AgC÷

@UC

3. bYípUAu∩ve⌡XAnDúúb cn=replication,cn=localhost

CbípUAz"ú≤ cn=replication,cn=localhost HaΦ

½≤Cq∩l≡NAsC\ 134

yzC

4. oπΣLú≤wC∩°AñΓAú≤wCpAp

GnN °AúPh°AAz"∩PΣL°AΣ

@h ú≤wCo≤w²ú&°Aα≈¿ΣL°AΣ

úCΣL°APΦú&º°Aú≤w,MAún½C

5. ÷@UTwC

12 g 161

Page 174: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

≡ñ≤#MX°AC

ΩTA\ 144yPh g]w°zC

ND°A

YnND°AñΓ≤ °AA⌡µUCBJG

1. szn°A Web zuπC

2. ÷@UzC

3. ∩l≡÷@UπC

4. RúzQ°A≤wC

5. ∩zQ°AA÷@UC

6. ∩°A]znN°Am≤ΣUAMß÷@UC

7. pPznsW @Ab°AMΣúºíAsú≤

wC÷ⁿA\ 136y °AzC

gl≡

: °A"b⌡µA+α⌡µ@C

i²ñgzAA÷@UzC

v ÷@UsWl≡C

v ΘJzn gl≡ DNA÷@Us²iAH∩n@l≡ root

C

v ΘJD°Aα URLCo"H LDAP URL µíϕApG

ldap://<myservername>.<mylocation>.<mycompany>.com

v ÷@UTwC

v s°AπbuzveWA≤Ywgl≡ºUC

: b LinuxBSolaris HP-UX ¡xWApGαóATwwbzt⌠ñ

]wF⌠ LDAP_LOCK_RECCú⌠≤SwC

set LDAP_LOCK_REC=anyvalue

sΦl≡

o∩≤D°A URLAol≡Σ Ne≤sΩo°A

CpGz≤D°A≡D≈WBND°A≤úP°AAz

n⌡µUCBJ

1. ∩nsΦl≡C

2. ÷@UsΦl≡C

3. ΘJD°Aα URLCo"H LDAP URL µíϕApG

ldap://<mynewservername>.<mylocation>.<mycompany>.com

°°Abol≡WΩtñΓ w]DnB αAeWXúP

M÷sC

v ϕl≡ñΓ °AAⁿX°A α°AH°

A¿D°A÷s@πCpG÷@Uo÷sAhuWeb zuπvs

°AN¿D°AC

162 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 175: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v %sWUONl≡tm¿⌡µ g]Sw]sMlsbA

h l≡gH÷sgl≡@πXCpG÷@Uo÷sA

NsWw]sMlAuWeb zuπvs°A¿D°AC

v pGΣú⌠≤D°AlA l≡wq⌠≤D°ANH

°A¿D°A÷s@πXCpG÷@Uo÷sANsW.l

AuWeb zuπvs°A¿D°AC

úl≡

1. ∩núl≡C

2. ÷@URúl≡C

3. ϕnDzTRúA÷@UTwC

l≡qgl≡MµñúC

: uϕ ibm-replicaGroup=default OAo@+Q¿C

Rεl≡

ϕzQn∩⌡µ@iµ≤AoτCªNiH∩°A

≤sCCRε°AúⁿßnDCªu°Azv

εAⁿ)znDC

oτO BooleanC

1. ÷@URε/°RεRεl≡C

2. ϕnDT@A÷@UTwC

3. ÷@URε/°Rε°Rεl≡C

4. ϕnDT@A÷@UTwC

sΦsεMµ

gΩT] lB g≤wBBiαOxsbSϕ½≤

ibm-replicagroup=default UCibm-replicagroup ½≤O≤ gl≡ root UC

w]Aol≡q gl≡ root ACLCo ACL iαúAX

ε∩ gΩTsC

"nv¡G

v ε g - z"π ibm-replicagroup=default ½≤gJsv]¡/

zC

v ÑíCε g - z"π ibm-replicagroup=default ½≤gJsv]¡

/zC

v εεC - z"π g≤wgJsvC

YnQuWeb zuπví° ACL eH ACLA\ 209

y ACLzC

ΣlΩTA\ 201 15 , ysεMµzC

12 g 163

Page 176: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

∩ge

i²ñgzAMß÷@UzgeC

qoeñAziHG

v ∩q g¼Ad#m≤W¡Cw]O 200C

v sWBsΦRúúΩTC

sWúΩT

1. ÷@UsWC

2. qU\αϕñ∩@úAΘJznsWú gl≡WC

3. ΘJ gs DNC

: ziHoΓ∩⌠≤@A°z¼p wC

v ’w]Mα’A g°Al≡]w gs DN]MK

XHw]αCqP@ú gl≡Aiαo

\αC

v C@ gl≡!O]w gs DN MKXAΦkOC@l≡s

WúΩTCϕC@l≡úúPú]τYC@l≡D°

AúPAiαo\αC

4. °¼ wAΘJTKXC]zºewgO²oKXHΘß

C

v ÷s - ⁿw DN MKX

v Kerberos - ’ibm-kn=LDAP-service-name@realm’ µíⁿwΩ DNA

BúⁿwKX

v SSL H/ EXTERNAL s - ⁿwDD DNA²úⁿwKX

\ 134yzC

5. ÷@UTwC

úl≡[JuúvΩTMµñC

sΦúΩT

1. ∩znsΦúl≡C

2. ÷@UsΦC

3. pGznsΦw]Mα]b cn=configuration U cn=Master Server

Abuw]ú LDAP URLvµñAΘJßn¼ ≤s

°A URLCª"O LDAP URL]ldap://ChA⌡BJ 4C

4. ΘJzns gs DNC

5. ΘJTKXC

6. ÷@UTwC

úúΩT

1. ∩znúúl≡C

2. ÷@URúC

3. ϕnDzTRúA÷@UTwC

164 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 177: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

l≡NquúvΩTMµñúC

g

ziH∩wq AN gwbSwíAOúnbSwí⌡µ

gCpGzSACiµ≤A°ANw gCoÑ≤Oⁿw@

AbC6 12:00 AM l gC

i²ñgzAMß÷@UzC

bCgñA∩znl≡AMß÷@UπCpG⌠≤

sbAªπbCgΦ⌠ñCYnsWG

1. ÷@UsWC

2. ΘJWCpAschedule1C

3. ∩≤@gñC@6]P6P*ACΘⁿw¿LCoϕ⌠≤

g≤s≤CW g≤]pG,MC]oOs AH

S²e g≤A]Nw]Y gC

4. ziH∩@gñ@6AA÷@UsWCΘªCΘ gCpG

zCΘAªN¿@gñC@6w]CziHG

v NCΘOC@6w]A∩SwΘAMßN#uLvCO

ϕA∩≤Sw g≤%@6AWo g≤,C

v ∩@ΘAA÷@UsΦCΘA∩CΘCOϕACΘ≤

vTΘA úuvTz∩%@ΘC

v ∩@ΘAA÷@UsWCΘAúPCΘCbFo

ßAªNsWCΘU\αϕC∩≤zQnC@6Az"∩

oC

\yCΘzAHop≤]wCΘΩTC

5. ϕz¿A÷@UTwC

CΘi²ñgzAMß÷@UzC

bCΘñA∩znl≡AMß÷@UπCpG⌠≤

sbAªπbCΘΦ⌠ñCYnsWG

1. ÷@UsWC

2. ΘJWCpAmonday1C

3. ∩]wGUTC ϕaC

4. qU\αϕ∩ g¼G

Y ⌡µ⌠≤qW g≤ßm≤sAMß≥≤sAU

@w≤s≤FεC

@ blíºeA⌡µm≤sC⌠≤blíß≤sN

ÑU@w g≤C

5. ∩ g≤líC

6. ÷@UsWCoπ g≤¼íC

7. sWú≤¿zC≤Mµ í½sπzC

12 g 165

Page 178: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

8. ϕz¿A÷@UTwC

pG

ϕ 15.

g¼ lí

Y 12:00 AM

@ 10:00 AM

@ 2:00 PM

Y 4:00 PM

@ 8:00 PM

boñA@ g≤ob:]A B≤s⌠≤bíem

≤Cϕ g≤soAª≥ 10:00 AMC10:00 AM P 2:00 PM ºí

≤sÑ 2:00 PM + gC⌠≤b 2:00 PM P 4:00 PM ºí≤sNÑ

wb 4:00 PM g≤AºßA g≤s≥U@wb 8:00 PM

g≤C⌠≤b 8:00 PM ºß≤sNÑU@w g≤C

: pG g≤wí=±AhbwU@≤ApG)²e≤≤s,biµñAhiα≥ó g≤C

zεC

o@i²z°°AC@ g≤w]εC g¼AC

i²ñgzAMß÷@UzεCC

∩znzεC C

v ° ¼A wAziH÷@U/ε gC

v ÷@UjógAúwU@ gO>≥Aú gmñ

≤C

v ÷@UεCHo÷ εCπΩTCz]iHqo∩zε

CC

v ÷@U½sπz≤sεCHMú°ATºC

εCpGz÷@UεCANπTG

v ¼A

v e

v m≤

¼Aπ WB l≡B ¼AM g÷²CboeñA

ziH÷@U# gCziH÷@U½sπz≤sεCΩTC

eúe≤s÷ΩTCpGLkⁿJA÷U⌡L²

≥ gU@mCziH÷@U½sπz≤sεCΩTC

m≤π m≤CpG gQ²AziH÷@Uí⌡L

Rúm≤CziH÷@U½sπz≤sm≤MµAH#Mwg

Bz⌠≤s≤sC

166 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 179: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

: pGz∩n⌡L²≤AN"Tw°AßQ≤sCΩTA\ 291yldapdiffzC

zgⁿOµ@

ⁿwl≡ú DN MKX

ziHSwl≡ⁿwú DN M PWCpGno≥Ah MD°AWn

UCΩTC

pGnl≡ AznbD°AM ºí@ ≤wA\

132y g≤wzCo≤w"ⁿJD°AM WCΓ°Aºí÷

YOGun°AO úA OD°AC

1 . bD°Ab≈WA@]t≤wΩTApA

mysupplierinfofileAΣñ mysupplierinfofile ]tG

#Replication data on the master:

dn: o=IBM,c=USobjectclass: organization

dn: ou=Test,o=IBM,c=USobjectclass: organizationalunitobjectclass: ibm-replicationContextaclentry: access-id:CN=this:object:a:normal:rwsc:sensitive:rwsc:critical:rwscentryowner: access-id:CN=this

dn: ibm-replicaGroup=default, ou=Test,o=IBM,c=USobjectclass: topobjectclass: ibm-replicaGroupibm-replicaGroup: default

dn: cn=replica1 BindCredentials, cn=localhostobjectclass: ibm-replicationCredentialsSimplecn: replica1 BindCredentialsreplicaBindDN: cn=s1replicaCredentials: s1description: Bindmethod of master to replica1

dn: ibm-replicaServerId=<master-uuid>,ibm-replicaGroup=default,ou=Test,o=IBM,c=US

#master uuid is whatever the server ID is set to in your ibmslapd.conf#on the master.objectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <master-uuid>ibm-replicationServerIsMaster: truecn: masterdescription: master server

dn: cn=replica1,ibm-replicaServerId=<master-uuid>,ibm-replicaGroup=default,ou=Test,o=IBM,c=US

objectclass: topobjectclass: ibm-replicationAgreementcn: replica1ibm-replicaConsumerId: <replica1-uuid>#<replica1-uuid> is whatever the server ID is set to in your#replica ibmslapd.conf file.ibm-replicaUrl: ldap://<replica1hostname:replica1port>ibm-replicaCredentialsDN: cn=replica1 BindCredentials, cn=localhostdescription: replica server number one

2. εD°A]YεC

12 g 167

Page 180: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

3. oXUCⁿOG

ldif2db -r no -i <mysupplierinfofile>

4. oXUCⁿOG

db2ldif -o <masterfile.ldif>

ΩTA\ 288ydb2ldif ízC

5. N <masterfile.ldif> s replica1 b≈C

6. ε ]pGb⌡µñC

7. z"N replica1 tm¿ °ACsΦNUC[J replica1

ibmslapd.conf ñG

dn: cn=Master Server, cn=configurationcn: Master Serveribm-slapdMasterDN: cn=masteribm-slapdMasterPW: <masterserverpassword>ibm-slapdMasterReferral: ldap://<masterhostname:masterport>objectclass: ibm-slapdReplication

dn: cn=Supplier s1, cn=configurationcn: Supplier s1ibm-slapdMasterDN: cn=s1ibm-slapdMasterPW: s1ibm-slapdReplicaSubtree: ou=Test, o=IBM, c=USobjectclass: ibm-slapdSupplier

8. xs ibmslapd.conf C

9. oXUCⁿOG

ldif2db -r no -i <masterfile.ldif>

10. master M replica1C

°gtmΩT

jMAiHΣϕhP gí÷ΩTCpGndPSw gl≡

÷ gΩTAziH⌡µµ@hjMAN≥ª]wl≡ DNANLo°

≤]]objectclass=ibm-replicaGroupAMΣ@ΩT≥ªlCpGo g⌠wqOzL W e b zAhWNO

ibm-replicaGroup=defaultC

ldapsearch -D <adminDN> -w <adminPW> -b <suffixentryDN> (objectclass=*)

#½≤]t s¡AtUCG

v g⌠wqΩC@°Aú@π

objectclass=ibm-replicaSubentry ½≤C l]t@°A ID H

°AΩtñΓⁿ]ibm-replicationServerIsMasterC

v bC@ lñAC@q lí°A¼ g≤s

°AAú@ g≤w½≤CC@ g≤wú]tUCΩTG

– ibm-replicaConsumerIdG°A°A IDC

– ibm-replicaURLG°A LDAP URLC

– ibm-replicaCredentialsDNG]tsº DNC

≤wiα]tUCG

168 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 181: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

– ibm-replicaScheduleDNGP≤nN g≤seo DNCpGⁿwAh gw]O ″Y″ íC

– ibm-replicationOnHoldGⁿX∩ gOw BooleanC

– ibm-replicationExcludedCapabilityGúΣ\αoMµ OID

Ce≤sNPo\α÷@úbC

g¼A

AbjMYTnDA\h@iúz g¼AΩTCP÷Σ

ñ@O gl≡≥ªAτYA[J ibm-replicationContext ½≤OCpGz∩⌡µ≥jMABnDn#∩ibm-replicationIsQuiesced CoOⁿXl≡OwgRε Boolean CpGl≡wgRεANúe\⌠

≤ß≤s]uⁿ) gú≤sCoO@XR@AiRεl

≡A\ 257yldapexopzC

ΣLP¼A÷@úP g≤w½≤ú÷pCubjMTnDA

+#oCipUG

v ibm-replicationLastActivationTimeGúPºíe gÑq@íC

v ibm-replicationLastFinishTimeGúMºee¿ gÑq@íC

v ibm-replicationLastChangeIdGee≤s≤ IDC

v ibm-replicationLastGlobalChangeIdGees≤s≤ IDCsOⁿA≤ DIT πeAp cn=schema

cn=pwdpolicyC

v ibm-replicationStateG g@µ¼ACiα]AG

@ñ be≤s≤s]iαO]o ½C

B≤Y gíA e≤sC

Ññ bÑU@w gíC

sñ bsC

s ñ bsC

OnHold g≤wwg ″Od″C

v ibm-replicationLastResult e@≤soGAΣµíG

<íWO> <≤ ID> <GX> <@> < DN>

v ibm-replicationLastResultAdditionalGe≤sq#⌠≤ΣLΩTC

v ibm-replicationPendingChangeCountGbεCñJn go≤sC

v ibm-replicationPendingChangesGoC@úúΣñ@m≤÷ΩTAΣµíG

<≤ ID> <@> < DN>

nDoAiα#\hCbnDoºeAd≤pC

12 g 169

Page 182: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v ibm-replicationChangeLDIFGú LDIF ñeó≤sπC

hD°A

shD°A

: bhD°AºßAz"s g≤w#MsCΩT\ 132y g≤wzC

b DIT ñs ⌠wqB sP lC l"]t

ibm-replicaSubentry ½≤OM ibm-replicaGateway U½≤OCibm-replicaSubentry

½≤OM ibm-replicaGateway U½≤ObUCdñOHΘϕG

dn: o=sandboxobjectclass: topobjectclass: organizationobjectclass: ibm-replicationContext

dn: ibm-replicagroup=default,o=sandboxobjectclass: topobjectclass: ibm-replicaGroupibm-replicagrpoup: default

dn: ibm-replicaServerId=<serverid>,ibm-replicagroup=default,o=sandboxobjectclass: topobjectclass: ibm-replicaSubentryobjectclass: ibm-replicaGatewayibm-replicaServerId:<serverid>ibm-replicationServerIsMaster: TRUEcn: <servername>

Σñ <servername> O°AWA<serverid> Ob@°Aⁿw 37

rrΩCbⁿOúUΘJUCⁿOiΣ°A IDG

ldapsearch -b "" -s base objectclass=*

α½Ph°AhD°A

: bhD°AºßAz"°ún g≤ws g≤wH#MsCp g≤wΣL÷ΩTA\ IBM Directory Server 5.1 z

ΓUC

bα½Ph°AhD°AºeATwl≡ORε BSmñ

≤CUCdπuúOvtmhD°A lC

dn: o=sandboxobjectclass: topobjectclass: organizationobjectclass: ibm-replicationContext

dn: ibm-replicagroup=default,o=sandboxobjectclass: topobjectclass: ibm-replicaGroupibm-replicagrpoup: default

dn: ibm-replicaServerId=<serverid>,ibm-replicagroup=default,o=sandboxobjectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <serverid>ibm-replicationServerIsMaster: TRUEcn: <servername>

170 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 183: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

pGnNPhα½hDAN ibm-replicaGateway auxiliary ½≤OsW DIT

ñ lñCibm-replicaGateway U½≤ObUCdñHΘϕC

dn: ibm-replicaServerId=<serverid>,ibm-replicagroup=default,o=sandboxchangetype: modify

add: objectclassobjectclass: ibm-replicaGateway

Σñ <servername> O°AWA<serverid> Ob@°Aⁿw 37

rrΩCbⁿOúUΘJUCⁿOiΣ°A IDG

ldapsearch -b "" -s base objectclass=*

12 g 171

Page 184: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

172 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 185: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

13 Θxí

IBM Tivoli Directory Server 5.2 úFizLuWeb zuπvtⁿOµ

°ΘxOⁿíC

:

1. buWeb zuπvñA@DCñΘxµisuWeb zD

xvΘxCziUCUñⁿwAs IBM Tivoli Directory Server

ΘxC

2. b Windows ¼tñApG⌠YO≈r)MANQOπ⌠

C⌠pGút≈r)ANNϕΣYw≡¼cCdG

c:\tmp\mylog O@π⌠A \tmp\mylog ¿ c:\program

files\ibm\ldap\tmp\mylogC

uzzs¿iH°sΘxΩTC

∩ΘxOⁿ

bw]ípUAΘx ibmslapd.log ∩Θx]wG

1. i²ñu°AvzA÷@UΘxAMß÷@U∩Θx]wC

2. ΘJΘx⌠WCTw⌠OCpGúsbA

CΘx]iHVHFΦApAµíLϕ≈C

: pGzⁿwOLkⁿ]pAykL°AS/

∩vQAhNóA BXUCG LDAP Server ú@

N⌡µ@C

3. Θxh∩uCvBuñvu¬vC

v uCvOⁿ.qΩTApG

Mar 29 11:03:23 2002 IBM Directory, Version 5.2slapd started.

v uñvOⁿñqΩTApG

Mar 29 11:07:51 2002 Configuration read securePort 636.Mar 29 11:07:51 2002 Plugin of type PREOPERATION is successfully

loaded from libDSP.dll.Mar 29 11:07:51 2002 Plugin of type DATABASE is successfully loaded from

C:\Program Files\IBM\LDAP/bin/libback-rdbm.dll.Mar 29 11:08:11 2002 Non-SSL port initialized to 389.Mar 29 11:08:12 2002 IBM Directory, Version 5.2slapd started.

v u¬vOⁿjqΩTApG

Mar 29 11:04:05 2002 Configuration read securePort 636.Mar 29 11:04:05 2002 Configuration read cipher specifications

mask to be 12288.Mar 29 11:04:05 2002 Plugin of type PREOPERATION is successfully

loaded from libDSP.dll.Mar 29 11:04:05 2002 Plugin of type DATABASE is successfully loaded from

C:\Program Files\IBM\LDAP/bin/libback-rdbm.dll

© Copyright IBM Corp. 2003 173

Page 186: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Mar 29 11:04:24 2002 Configuration file successfully read.Mar 29 11:04:24 2002 Non-SSL port initialized to 389.Mar 29 11:04:25 2002 IBM Directory, Version 5.2slapd started.

4. ÷@UTwMz≤A÷@U°≡# IBM Tivoli Directory Server Web

zw∩eA ú⌠≤≤C

5. ÷@UTw≡# IBM Tivoli Directory Server Web zw∩eC

ⁿOµG

oXUCⁿOG

ldapmodify -D <adminDN < -w >adminPW> -i <filename>

Σñ <filename> ]tG

dn: cn=Configurationchangetype: modify

replace: ibm-slapdErrorLogibm-slapdErrorLog: <newpathname>-replace: ibm-slapdSysLogLevelibm-slapdSysLogLevel: l | m | h

pGnA≤s]wAoXUC ldapexop ⁿOG

ldapexop -D cn=root -w root -op readconfig -scope entire

ldapexop ⁿOu≤sACF²ΣL≤Az"ε½s°AC\ 393yA≤zAHoiAΦí≤sMµC

°Θx

UC°ΘxC

Web zG

1. i²ñΘxAMß÷@U°ΘxC

2. eπΘx@A Bes²bYi²zUA

WCziHq\αϕñ∩SwAp 6/16 AMß÷@UAπ

Θx%@C

ziHG

v ÷@U½sπz≤sΘxñC

v ÷@UMúΘxRúzníΘxñC

v ÷@U÷¼i≡# IBM Tivoli Directory Server Web zw∩eC

ⁿOµG

Yn°ΘxAoXUCⁿOG

more /var/ldap/ibmslapd.log

Σñ var/ldap/ibmslapd.log OzΘxC

: v a r / l d a p / i b m s l a p d . l o g O U N I X tw]ΘxA

installpath\var\ibmslapd.log O Windows tw]ΘxC

174 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 187: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

YnAa°MúΘxG

ldapexop -D cn=root -w root -op readlog -log slapd -lines allldapexop -D cn=root -w root -op clearlog -log slapd

fΘx

fΘxO∩²°AwC°AHw]fíC f

tmAoíiα∩°ABzC@ LDAP @ANfOⁿ

bw]ⁿwfΘxCtziHfΘxñxsíAdO

i¼íAbwHWCpGH#wAhfΘxi

PwDp≤≤oAHiαy¿laCΩTODU≤qHW

AHiαU≤o≤nwIAεDCz]iHg)

vfíANw]fíAsW≤hBzw]f

íC

w]AfΘxOC

: zs¿iH°fΘxM]wA²Oúα∩Cu Root ziH

sB≤MúfΘxC

fΘx∩fΘx]w

YnfΘxG

1. is²ñΘxAA÷@U∩fΘx]wC

2. ∩fΘxfΘxíC

3. ∩znfC 1 ²efOⁿ\αH⌠≤σRfΘx

íC 2 i²zOⁿ@AM Aziαn∩σRf

ΘxíC

4. ∩Oⁿw∩@óAOⁿw∩@C

5. ΘJfΘx⌠MWCfΘx]iHVHFΦApAµí

Lϕ≈C

6. ∩nOⁿ@Cd\µíAHo÷ziHOⁿU@ΣLΩ

TC

v s - O²°Asu

v s - O²P°Añsu

v jM - O²%⌠≤ß⌡µ LDAP jM@

v sW - O² LDAP sW

v ∩ - O² LDAP ∩

v Rú - O²q LDAP Rú

v ∩ RDN - O² RDN ∩

v ≤q - O²≤q

v @- O²∩°A⌡µ@

: pGz∩f 1 A∩@ú\αCz"∩f

2 +αf@B@C

7. ÷@UTwMz≤A÷@U°≡# IBM Tivoli Directory Server Web

zw∩eA ú⌠≤≤C

13 Θxí 175

Page 188: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ⁿOµGoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> ]tG

dn: cn=audit, cn=localhostchangetype: modify

replace: ibm-auditibm-audit: true

-replace: ibm-auditaddibm-auditadd: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace: ibm-auditbindibm-auditbind: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace: ibm-auditdeleteibm-auditdelete: TRUE|FALSE-replace: ibm-auditextopeventibm-auditextopevent: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace: ibm-auditfailedoponlyibm-auditfailedoponly: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace: ibm-auditlogibm-auditlog: <newpathname>-replace: ibm-auditmodifyibm-auditmodify: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace: ibm-auditmodifydnibm-auditmodifydn: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace: ibm-auditsearchibm-auditsearch: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace: ibm-auditunbindibm-auditunbind: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace: ibm-auditversionibm-auditversion: 1|2#pGn@fA∩ 2-replace: ibm-auditExtOpibm-auditExtOp: TRUE|FALSE#∩ TRUE HA∩ FALSE H

: pGzbutmvíñfΘxOⁿA ⁿw DN O dn: cn=audit,

cn=configurationCb@δíU°AA∩ DN ⌠≤≤úQg

¿ dn: cn=audit, cn=localhost C

176 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 189: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

fΘx

YnfΘxG

Web zG

1. is²ñΘxAA÷@U∩fΘx]wC

2. °∩fΘxC

3. ÷@UTwMz≤A÷@U°≡# IBM Tivoli Directory Server Web

zw∩eA ú⌠≤≤C

ⁿOµGoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> ]tG

dn: cn=audit, cn=localhostchangetype: modify

replace: ibm-auditibm-audit: flase

: pGzbutmvíñfΘxOⁿA ⁿw DN O dn: cn=audit,

cn=configurationCb@δíU°AA∩ DN ⌠≤≤úQg

¿ dn: cn=audit, cn=localhost C

°fΘx

fΘx í²ßπfΘxCC@DTºút@δΩTYAß

≥@SΩCpA

2000-03-23-16:01:01.345-06:00--V3 Bind--bindDN:cn=root--client:9.1.2.3:12345--

ConnectionID:12--received:2000-03-23-16:01:01.330-06:00--success

name: cn=rootauthenticationChoice: simple

pGfO 2 AYK]t ″AuditV2--″C

AuditV2--2003-07-22-09:39:54.421-06:00DST--V3 Bind--bindDN: cn=root--client: 127.0.0.1:8196--connectionID: 3--received: 2003-07-22-09:39:54.421-06:00DST--Success

YπUCµíG

íWO 1 ″--″OⁿϕaíA½ÑºABznDíCíWOOHµí

YYYY-MM-DD-HH:MM:SS.mmm=(or-)HH:MM ϕC=(or=)HH:MM O UTC

tCmmm O@ϕC

X+[SSL]+[gOW] @″--″πw¼Bz LDAP nDCXO V2 V3Cb SSL ≤s

uA+π SSLCgOWπHⁿXnDO)gO

WßCpGnD)wOßAhJúπgO

ßA]úπWßC

bindDN:πs D NC∩≤ V 3 gOWnDAoµO

<*CN=NULLDN*>C

13 Θxí 177

Page 190: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ß:ß IP :≡ ″--″πß IP ≡C

ConnectionID: xxxx ″--″sbP@su]ϕbsP/sºíñ@¼C

w¼GíWO 2 ″--″O¼nDϕaíA≤SwíAYBznDlíCªµí

P≤uíWO 1vC

G¼ArΩ

π LDAP @G¼AC∩≤GrΩANOⁿσrµí LDAP

resultCodeApAsuccess operationsErrorA úO 0 1C

@SΩ≥bYºßAπ@SΩC

v s@

name: Y249bWFuYWdlcg0KauthenticationChoice: simple

v sW@

entry: cn=Jim Brown, ou=sales,o=ibm_us,c=usattributes: objectclass, cn, sn, telphonenumber

v Rú@

entry: cn=Jim Brown, ou=sales,o=ibm_us,c=us

v ∩@

object: cn=Jim Brown, ou=sales,o=ibm_us,c=usadd: maildelete: telephonenumber

UC°fΘxG

Web zGYn°fΘxG

1. is²ñΘxAA÷@U°fΘxC

2. eπfΘx@A Bes²bYi²zUA

WCziHq\αϕñ∩SwAp 6/16 AMß÷@Uπf

Θx%@C

ziHG

v ÷@U½sπz≤sΘxñC

v ÷@UMúΘxRúfΘxñC

v ÷@U÷¼i≡# IBM Tivoli Directory Server Web zw∩eC

ⁿOµGYn°ΘxAoXUCⁿOG

more /var/ldap/audit.log

Σñ /var/ldap/audit.log OzΘxC

: /var/ldap/audit.log O UNIX tw]fΘxA

installpath\var\audit.log O Windows tw]fΘxC

178 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 191: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

YnAa°MúfΘxG

ldapexop -D cn=root -w root -op readlog -log audit -lines allldapexop -D cn=root -w root -op clearlog -log audit

DB2 ΘxOⁿ

∩ DB2 Θx]w

1. i²ñΘxAMß÷@U∩ DB2 Θx]wC

2. ΘJΘx⌠WCqAoO≤ /var/ldap ²ñ db2cli.log C

Tw⌠OCpGúsbAC

: var/ldap/db2cli.log O U N I X tw] D B 2 ΘxA

installpath\var\db2cli.log O Windows tw] DB2 ΘxC

3. ÷@UTwMz≤A÷@U°≡# IBM Tivoli Directory Server Web

zw∩eA ú⌠≤≤C

4. ÷@UTw≡# IBM Tivoli Directory Server Web zw∩eC

ⁿOµGoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> ]tG

dn: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationchangetype: modify

replace: ibm-slapdCLIErrorsibm-slapdCLIErrors: <newpathname>

pGnA≤s]wAoXUC ldapexop ⁿOG

ldapexop -D cn=root -w root -op readconfig -scope single"cn=Directory,cn=RDBM Backends,cn=IBM Directory,cn=Schemas,cn=Configuration"ibm-slapdCLIErrors

ldapexop ⁿOu≤sACF²ΣL≤Az"ε½s°AC\ 393yA≤zAHoiAΦí≤sMµC

° DB2 Θx

ziHUC° DB2 ΘxC

Web zG

1. i²ñΘxAMß÷@U° DB2 ΘxC

2. eπ DB2 Θx@A Bes²bYi²zUA

WCziHq\αϕñ∩Sw]p 6/16 AMß÷@UAπ DB2

Θx%@C

ziHG

v ÷@U½sπz≤sΘxñC

v ÷@UMúΘxRú DB2 ΘxñC

v ÷@U÷¼i≡# IBM Tivoli Directory Server Web zw∩eC

13 Θxí 179

Page 192: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ⁿOµGpGn° DB2 ΘxAoXUCⁿOG

more /var/ldap/db2cli.log

Σñ var/ldap/db2cli.log Oz DB2 ΘxC

: v a r / l d a p / d b 2 c l i . l o g O U N I X tw] D B 2 ΘxA

installpath\var\db2cli.log O Windows tw] DB2 ΘxC

HAΦí°Mú DB2 ΘxG

ldapexop -D cn=root -w root -op readlog -log cli -lines allldapexop -D cn=root -w root -op clearlog -log cli

bulkload Θx

∩jqⁿJΘx]w

1. is²ñΘxAA÷@U∩ bulkload Θx]wC

2. ΘJΘx⌠WCqAoO≤ /var/ldap ²ñ bulkload.log

CTwsb≤ ldap °AWA B⌠C

: var/ldap/bulkload.log O UNIX tw]jqⁿJΘxA

installpath\var\bulkload.log O Windows tw]jqⁿJΘxC

3. ÷@UTwMz≤A÷@U°≡# IBM Tivoli Directory Server Web

zw∩eA ú⌠≤≤C

4. pGz÷@UTwANπ@hTºAú⌠zn½s°AC÷@UTw

≡# IBM Tivoli Directory Server Web zw∩eC

ⁿOµGoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> ]tG

dn: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationchangetype: modify

replace: ibm-slapdBulkloadErrorsibm-slapdBulkloadErrors: <newpathname>

pGnA≤s]wAoXUC ldapexop ⁿOG

ldapexop -D cn=root -w root -op readconfig -scope single"cn=Directory,cn=RDBM Backends,cn=IBM Directory,cn=Schemas,cn=Configuration"ibm-slapdBulkloadErrors

ldapexop ⁿOu≤sACF²ΣL≤Az"ε½s°AC\ 393yA≤zAHoiAΦí≤sMµC

° bulkload Θx

UC° bulkload ΘxC

Web zG

1. i²ñΘxAMß÷@U°jqⁿJΘxC

180 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 193: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

2. eπjqⁿJΘx@A Bes²bYi²zUA

WCziHq\αϕñ∩SwAp 6/16 AMß÷@Uπ

jqⁿJΘx%@C

ziHG

v ÷@U½sπz≤sΘxñC

v ÷@UMúΘxRújqⁿJΘxñC

v ÷@U÷¼i≡# IBM Tivoli Directory Server Web zw∩eC

ⁿOµGYn° bulkload ΘxAoXUCⁿOG

more /var/ldap/bulkload.log

Σñ var/ldap/bulkload.log Oz bulkload ΘxC

: v a r / l d a p / b u l k l o a d . l o g O U N I X tw]ΘxA

installpath\var\bulkload.log hO Windows tw] bulkload ΘxC

YnAa°Mú bulkload ΘxG

ldapexop -D cn=root -w root -op readlog -log bulkload -lines allldapexop -D cn=root -w root -op clearlog -log bulkload

zníΘxOⁿ

∩zníΘx]w

1. is²ñΘxAA÷@U∩zníΘx]wC

2. ΘJzníΘx⌠MWCqAoO≤ /var/ldap ²ñibmdiradm.log CTwsb≤ ldap °AWA B⌠C

: var/ldap/ibmdiradm.log O UNIX tw]zníΘxA

installpath\var\ibmdiradm.log O Windows tw]zníΘ

xC

3. ÷@UTwMz≤A÷@U°≡# IBM Tivoli Directory Server Web

zw∩eA ú⌠≤≤C

4. pGz÷@UTwANπ@hTºAú⌠zn½s°AC÷@UTw

≡# IBM Tivoli Directory Server Web zw∩eC

5. z"ε°AA≤+C\ 24yPε°AzC

ε°AºßAz"naεMßAzníA+α½s∩≡i

µPBC

v b UNIX tñG

ibmdirctl -D <AdminDN> -w <Adminpw> admstop

ibmdiradm

v b Windows tG

a. zLuεxvAuAv°íC

b. ÷@U Directory Admin DaemonC

c. ÷@U@ -> εC

13 Θxí 181

Page 194: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

½s°AC

ⁿOµGoXUCⁿOG

ldapmodify -D <adminDN> -w >adminPW> -i <filename>

Σñ <filename> ]tG

dn: cn=Admin, cn=Configurationchangetype: modify

replace: ibm-slapdErrorLogibm-slapdErrorLog: <newpathname>

z"ε°AA≤+Cε°AºßAz"bεAMßA

zníA+α½s∩≡iµPBC°AC

ibmdirctl -D <AdminDN> -w <AdminPW> -p 389 stop

ibmdirctl -D <AdminDN> -w <AdminPW> admstop

ibmdiradm

ibmdirctl -D <AdminDN> -w <AdminPW> start

°zníΘx

UC°zníΘxC

Web zG

1. i²ñΘxAMß÷@U°zníΘxC

2. eπzníΘx@A Bes²bYi²zU

AWCziHq\αϕñ∩SwAp 6/16 AMß÷@U

AπzníΘx%@C

ziHG

v ÷@U½sπz≤sΘxñC

v ÷@UMúΘxRúzníΘxñC

v ÷@U÷¼i≡# IBM Tivoli Directory Server Web zw∩eC

ⁿOµGYn°zníΘxAoXUCⁿOG

more /var/ldap/ibmdiradm.log

Σñ var/ldap/ibmdiradm.log OzuWeb zvΘxC

: var/ldap/ibmdiradm.log O UNIX tw]uWeb zvΘxA

installpath\var\ibmdiradm.log hO Windows tw]uWeb zvΘ

xC

YnAa°MúuWeb zvΘxG

ldapexop -D >adminDN> -w >adminPW> -op readlog -log ibmdiradm -lines allldapexop -D >adminDN> -w >adminPW> -op clearlog -log ibmdiradm

182 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 195: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

znífOⁿ

: zs¿iH°znífΘxM]wA²Oúα∩Cu Root

ziHsB≤MúznífΘxC

znífΘxP∩zfΘx]w

1. is²ñΘxAA÷@U∩znífΘx]wC

2. ∩znífOⁿAHfΘxí≤zníC

: w]CpGz²eznífΘx+n∩∩C

3. ΘJznífΘx⌠MWCqAoO≤ /var/ldap ²ñadminAudit.log CTwsb≤ ldap °AWA B⌠C

: var/ldap/adminAudit.log O UNIX tw]znífΘxA

installpath\var\adminAudit.log O Windows tw]zníf

ΘxC

4. ÷@UTwMz≤A÷@U°≡# IBM Tivoli Directory Server Web

zw∩eA ú⌠≤≤C

5. pGz÷@UTwANπ@hTºAú⌠zn½s°AC÷@UTw

≡# IBM Tivoli Directory Server Web zw∩eC

6. z"ε°AA≤+C\ 24yPε°AzC

ε°AºßAz"naεMßAzníA+α½s∩≡i

µPBC

v b UNIX tñG

ibmdirctl -D <AdminDN> -w <Adminpw> admstop

ibmdiradm

v b Windows tG

a. zLuεxvAuAv°íC

b. ÷@U Directory Admin DaemonC

c. ÷@U@ -> εC

d. ÷@U Directory Admin DaemonC

e. ÷@U@ -> C

½s°AC

ⁿOµGoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> ]tG

dn: cn=Admin Audit, cn=Configurationchangetype: modify

replace: ibm-auditibm-audit: true-replace: ibm-auditLogibm-auditLog: <newpathname>

13 Θxí 183

Page 196: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

z"ε°AA≤+Cε°AºßAz"bεAMßA

zníA+α½s∩≡iµPBC½s°AC

ibmdirctl -D <AdminDN> -w <adminPW> -p 389 stop

ibmdirctl -D <AdminDN> -w <adminPW> admstop

ibmdiradm

ibmdirctl -D <AdminDN> -w <adminPW> start

znífΘx

YnfΘxG

Web zG

1. is²ñΘxAA÷@U∩znífΘx]wC

2. °∩znífOⁿC

3. ÷@UTwMz≤A÷@U°≡# IBM Tivoli Directory Server Web

zw∩eA ú⌠≤≤C

ⁿOµGoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> ]tG

cn=Admin Audit, cn=Configurationchangetype: modify

replace: ibm-auditibm-audit: flase

: pGzbutmvíñznífΘxOⁿAⁿw DN O dn:

cn=audit, cn=configurationCb@δíU°AA∩ DN ⌠≤≤

úQg¿ dn: cn=audit, cn=localhost C

°znífΘx

UC°znífΘxC

Web zG

1. i²ñΘxAMß÷@U°znífΘxC

2. eπznífΘx@A Bes²bYi²z

UAWCziHq\αϕñ∩SwAp 6/16 AMß÷@U

AπznífΘx%@C

ziHG

v ÷@U½sπz≤sΘxñC

v ÷@UMúΘxRúznífΘxñC

v ÷@U÷¼i≡# IBM Tivoli Directory Server Web zw∩eC

ⁿOµGYn°znífΘxAoXUCⁿOG

more /var/ldap/adminAudit.log

184 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 197: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Σñ var/ldap/adminAudit.log OzzníΘxC

: var/ldap/adminAudit.log O UNIX tw]zníΘxA

installpath\var\adminAudit.log O Windows tw]zníΘxC

YnAa°MúzníΘxG

ldapexop -D <adminDN> -w <adminPW> -op readlog -log adminAudit -lines allldapexop -D <adminDN> -w <adminPW> -op clearlog -log adminAudit

13 Θxí 185

Page 198: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

186 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 199: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

3 g ²z

© Copyright IBM Corp. 2003 187

Page 200: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

188 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 201: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

14 ²

iuWeb zuπv²ñ²zCzQn⌡µ²@úi

H%∩zsCww∩sWMΣ]jMSw@s

WΓ°²C

ziHQ²⌡µUC@G

v s²²≡

v sW

v sWU½≤OqñRúª

v sΦ

v s

v sΦ ACL

v jM

s²²≡

pGzoAis²ñ²zAA÷@UzCziH

iUl≡AMß∩nb@Wu@CziHqkuπC∩n⌡µ

@C

sW

pGzoAis²ñ²zC

1. ÷@UsWC

2. qMµñ∩@c&½≤OC

3. ÷@UU@BC

4. quivΦ⌠ñ∩⌠≤zQnU½≤OAA÷@UsWC∩

≤C@znsWU½≤O½oCziHquw∩vΦ⌠

ñRúU½≤OAΦk∩ªAA÷@UúC

5. ÷@UU@BC

6. b∩ DN µñAΘJznsW∩OW (RDN)ApAcn=John

DoeC

7. b DN µñAΘJzw∩²≡OWApAou=Austin,

o=IBMCz]iH÷@Us²AqMµ∩u) DNvCz]iHi∩A

°l≡UhñΣL∩Cⁿwz∩AA÷@U∩ⁿwzn

u) DNvC DN w]²≡ñ∩C

: pGzwqzeF@Ahw²z±goµC∩

F DN ßA÷@UsWsWC

8. bnWAΘJ"nC

© Copyright IBM Corp. 2003 189

Page 202: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

9. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz

¿sWhA÷@UTwCpoK[JπbUΦ\αϕ

ñC

10. pGz°AFyÑAziH÷@UyÑsWúyÑ

yzlCΩTA\yyÑzC

11. ÷@UΣLC

12. bΣLWAΣLΘJAϕC÷sWGiΩTA

\ 195yGizC

13. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz

¿sWhA÷@UTwCpoK[JπbUΦ\αϕ

ñC

14. pGz°AFyÑAziH÷@UyÑsWúyÑ

yzlCΩTA\yyÑzC

15. ÷@UuTwvC

16. ÷@U ACL ÷s∩osεMµC\ 209 y

ACLzAHo ACL ÷ΩTC

17. b.¿"nµßA÷@UsWsWA÷@U°#s²²

≡Aú∩²⌠≤≤C

: F²yÑTB@Az"NΩwtm¿ UTF-8 ΩwC

uyÑv@ⁿOwq@²²N)MyÑXPOsb²ñú÷p≈

εAB²ßiHd²oXSw)MyÑDCyÑO

í≤CªOr lang- rΩAßσrDnlAΣßA∩a[Wu (-) sß≥lCß≥liHO⌠NrXAuDn

l"Oσr)CliH⌠N°A@¡εO°úαW

L 240 rCyÑú!jpgFen-usBen-US M EN-US úOPCDN

RDN ≤ñú0\yÑCC@íuα@yÑC

: YHOAyÑP@¼-CpGzⁿwFSw@AªNúαPª÷yÑC

pGNΩ[J²JFyÑAªNi≤jM@AH∩aS

wyÑñCpGbjMºnDMµñíñúyÑAhu

#πPúPyѺ²C]AbpUjMñG

ldapsearch -b "o=ibm,c=us" (objectclass=organization) description;lang-en

°A# ″discription;lang-en″ A ú# ″description″ ″description;lang-fr″ C

pGQⁿwΦí@XnDA úyÑNXAh#]ú

ªyÑNX≤C

¼MyÑñíH! (;) rjC

190 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 203: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

: RFC2252 0\b AttributeType ″NAME″ í≈ñ!rC²OA%≤orOj AtrributeType MyÑA]wúAe\ªb AttributeType

″NAME″ í≈ñk]p draft-ietf-ldapbis-models-07.txt ñⁿwC

pApGßnD ″description″ A X]tG

objectclass: topobjectclass: organizationo: Software GmbHdescription: softwaredescription;lang-en: software productsdescription;lang-de: SoftwareproduktepostalAddress: Berlin 8001 GermanypostalAddress;lang-de: Berlin 8001 Deutschland

°A#G

description: softwaredescription;lang-en: software productsdescription;lang-de: Softwareprodukte

pGjMnD ″description;lang-de″ Ah°A#G

description;lang-de: Softwareprodukte

oie\]thΩyÑΩ²AHΣUyÑ@ßCpGΩ@

TAwσßuw∩ lang-de ΘJΩA kσßuw∩

lang-fr ΘJΩC

pGnPOwyÑ\αAoX r o o t D S E jMAⁿw

″ibm-enabledCapabilities″C

ldapsearch -b "" -s base objectclass=* ibm-enabledCapabilities

pG# OID ″1.3.6.1.4.1.4203.1.5.4″Aϕw\αC

pGSyÑΣA⌠≤NyÑ÷p LDAP @úQA

#UCTºG

unrecognized attribute

]tπyѺ

UC⌠≤@Φk]tπyѺG

Web zGqz -> sΦ⌠sW -> ∩c&½≤O -> ∩U½≤

O -> ΘJ⌠G

1. ∩znyÑC

2. ÷@UyÑ÷ssuyÑveC

3. byѵñAΘJnºWCOo"H lang- YC

4. buvµñΘJC

5. ÷@UsWCyÑPΣπb\αϕMµñC

6. ziH½BJ 3B4 M 5AΣLyÑA∩yÑ

CFnyѺßA÷@UTwCC

14 ² 191

Page 204: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

7. ziHiyÑπ\αϕAA∩yÑC÷@U≤°ApN

πzyÑΘJCzHoΦkbo°eñsWs

Φ⌠≤AúuA≤∩yÑC

8. ϕz¿A÷@UTwC

ⁿOµGpGnsWtP cn ÷pyÑAΘJUCⁿOG

ldapadd -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=Mark Anthony, o=IBM, c=USobjectclass: person

cn: Mark Anthonycn;lang-spanish: Mark Antoniosn: Anthony

∩]tπyѺ: pGn∩]tπyѺAoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> ]tG

dn: cn=Mark Anthony, o=IBM, c=USchangetype: modify

add: sn;lang-spanishsn;lang-spanish: Antonio-replace: cn;spanishcn;spanish: Marco Antonio-delete: cn;spanish

oⁿONí-t∩ ″sn;lang-spanish=Antonio″ sWñCªm½″cn;spanish″ ARú ″cn;spanish″ ΣC

: m½Rú ″cn;spanish″ úvTí-t∩ ″cn=Mark Anthony″C

jM]tπyѺ

oXⁿOG

ldapsearch -b "o=ibm,c=us" "cn=Mark Anthony" sn

#UCGG

cn=Mark Anthony,o=IBM,c=USsn=Anthonysn;lang-spanish=Antonio

: ″sn″ úπbΘXñC

oXⁿOG

ldapsearch -b "o=ibm,c=us" "cn=Mark Anthony" sn;lang-spanish

#UCGC

cn=Mark Anthony,o=IBM,c=USsn;lang-spanish=Antonio

192 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 205: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

: ΘXñuπ ″sn;lang-spanish″C

oXⁿOG

ldapsearch -b "o=ibm,c=us" "sn;lang-spanish=Antonio"

#πG

cn=Mark Anthony,o=IBM,c=USobjectclass=personobjectclass=topcn=Mark Anthonysn=Anthonysn;lang-spanish=Antonio

qñúyÑyzl

UC⌠≤@ΦkAúyÑyzlµíMG

Web zGqz -> sΦ⌠sW -> ∩c&½≤O -> ∩U½≤

O -> ΘJ⌠G

1. ∩znúyÑC

2. ÷@UyÑ÷ssuyÑveC

3. byѵñA÷@UnúyÑC

4. ÷@UúCyÑPΣq\αϕMµñúC

5. ∩znúC@yѽBJ 3 M 4C

6. ϕz¿A÷@UTwC

ⁿOµGoXUCⁿOG

ldapmodify -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> ]tG

dn: cn=Mark Anthony, o=IBM, c=USchangetype: modify

delete:sn;lang-spanish: Antonio

oqñú sn;lang-spanish]Σ ″Antonio″C

pGzQRúπA\yRúzC

: ϕznJDxAWeb zuπú0\zRúnJCpApGz

user cn=John Doe,ou=mylocale,o=mycompany,c=mycountry nJAq

²≡ñRú cn=John DoeAK¼TºCz"HΣL¡≈nJA

+αRú John Doe C

pGzoAis²ñ²zAA÷@UzCziH

iUl≡AMß∩nl≡BrCqkuπC÷@URúC

v zQnDTRúC÷@UTwC

14 ² 193

Page 206: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v oqRúA Bz#MµC

pGzoAis²ñ²zAA÷@UzCziH

iUl≡AMß∩nb@Wu@CqkuπC÷@UsΦC

1. bnWAΘJ"nC÷sWGiΩTA\

195yGizC

2. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz

¿sWhA÷@UTwCpoK[JπbUΦ\αϕ

ñC

3. pGz°AFyÑAziH÷@UyÑsWúyÑ

yzlCΩTA\ 190yyÑzC

4. ÷@UΣLC

5. bΣLWAΣLΘJAϕC

6. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz

¿sWhA÷@UTwCpoK[JπbUΦ\αϕ

ñC

7. pGz°AFyÑAziH÷@UyÑsWúyÑ

yzlCΩTA\ 190yyÑzC

8. ÷@U¿ΩµC

9. pGzF⌠≤sAb¿ΩµñG

v qisñ∩@sAMß÷@UsWA²¿w∩RAs

¿Ωµ¿C

v qRAs¿Ωµñ∩@sAMß÷@UúANq∩s

úC

10. pGOsANiH¿C¿πw∩ws¿

CziHbsñsWú¿C

v sW¿sG

a. bnWA÷@U¿µhAOb¿WA÷

@U¿µ¿C

b. bu¿vµñAΘJznsW DNC

c. ÷@UsWC

d. ÷@UTwC

v qsñú¿G

a. bnΣLWA÷@U¿µhAOb¿

WA÷@U¿C

b. ∩núC

c. ÷@UúC

d. ÷@UTwC

v pGn½sπzµ¿MµAb¿W÷@U≤sC

11. ÷@UuTwv∩C

194 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 207: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Gi

pGnDGiΩAhµπ@GiΩ÷sCpG

SΩAhµC%≤GiLkπApGtGiΩAµ

ñπGiΩ 1CpGthAhµHUMµΦíπC

÷@UGiΩ÷sGiC

ziHJBXRúGiΩC

pGnsWGiΩñG

1. ÷@UGiΩ÷sC

2. ÷@UJC

3. ziHΘJn⌠WA÷@Us²AHMΣP∩GiC

4. ÷@UúXCX@hwWⁿTºC

5. ÷@U÷¼CGiΩUπGiΩ 1C

6. w∩znsWGi]ú¡A!O½JBzCß≥h

HGiΩ 2BGiΩ 3 ÑCXC

7. ϕzsWGiΩßA÷@UTwC

pGnXGiΩG

1. ÷@UGiΩ÷sC

2. ÷@UXC

3. ÷@UnUⁿGiΩC

4. ÷zδFⁿiµAHπGixssmC

5. ÷@U÷¼C

6. w∩znXGi]ú¡A!O½JBzC

7. ϕzXGiΩßA÷@UTwC

pGnRúGiΩG

1. ÷@UGiΩ÷sC

2. ∩zQRúGiΩCi∩hC

3. ÷@URúC

4. ϕúzTRúA÷@UTwCQRúGiΩqMµñ

úC

5. ϕzRúΩßA÷@UTwC

: GiOLkjMC

s

pGzbⁿAoτClCz

n@∩RWsC

pGzoAis²ñ²zAA÷@UzCziH

iUl≡AMß∩nb@Wu@Ap John DoeCqkuπC÷@U

sC

14 ² 195

Page 208: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v ≤ DN µñ RDN CpAN cn=John Doe ≤ cn=Jim SmithC

v b"nWAN cn ≤s RDNCbodñAⁿO Jim

SmithC

v NΣL"n≤AϕCbodñAN sn q Doe ≤ SmithC

v ϕzF"n≤A÷@UTwsC

v s Jim Smith sWMµC

: osCls¿ΩµússCusΦvτsW¿ΩµC

sΦsεMµ

YnQuWeb zuπví° ACL eH ACLA\ 209

y ACLzC

ΣlΩTA\ 201 15 , ysεMµzC

sWU½≤O

uπCWsWUO÷sAsWU½≤O²≡ñC

U½≤OúΣL[JªC

pGzoAis²ñ²zAA÷@UzCziH

iUl≡AMß∩nb@Wu@Ap John DoeCqkuπC÷@U

sWUOC

1. quivΦ⌠ñ∩⌠≤zQnU½≤OAA÷@UsWC∩

≤C@znsWU½≤O½oCziHquw∩vΦ⌠

ñRúU½≤OAΦk∩ªAA÷@UúC

2. bnWAΘJ"nC

3. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz

¿sWhA÷@UTwCpoK[JπbUΦ\αϕ

ñC

4. pGz°AFyÑAziH÷@UyÑsWúyÑ

yzlCΩTA\ 190yyÑzC

5. ÷@UΣLC

6. bΣLWAΣLΘJAϕC

7. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz

¿sWhA÷@UTwCpoK[JπbUΦ\αϕ

ñC

8. pGz°AFyÑAziH÷@UyÑsWúyÑ

yzlCΩTA\ 190yyÑzC

9. ÷@U¿ΩµC

10. pGzF⌠≤sAb¿ΩµñG

v qisñ∩@sAMß÷@UsWA²¿w∩RAs

¿Ωµ¿C

196 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 209: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v qRAs¿Ωµñ∩@sAMß÷@UúANq∩s

úC

11. ÷@UTw∩C

RúUO

÷MziHbsWUOíRúUOA²OpGzNqRúµ@

UOAhRúUOτ≤[e÷CM ApGzNqRúhU

OAhsWUOiα≤[ΦKC

1. pGzoAis²ñ²zAA÷@UzCzi

HiUl≡AMß∩nb@Wu@Ap John DoeCqkuπC

÷@URúUOC

2. qUOMµ∩nRúUOAA÷UTwC

3. nDzTRúA÷@UTwC

4. oUOqRúA Bz#MµC

∩≤C@znRúUO½oBJC

≤s¿Ωµ

pGzoAis²ñ²zC

1. ÷@UzC

2. q²≡∩@AMß÷@UuπCWsΦC

3. ÷@U¿ΩµC

4. ∩¿ΩµCu≤¿ΩµveπiH[Jis

AHRAs¿ΩµC

v qis∩@sAMß÷@UsWA²¿w∩s¿

C

v qRAs¿Ωµ∩@sAMß÷@UúANqw∩s

úC

5. ÷@UTwxsz≤A÷@U°#²eeAúxsz≤C

jM²

TjM²≡∩G

v w²wqjM≥ ÷jM

v wqjM≥iÑjM

v ΓjM

ziHis²ñ²zAA÷@UMΣAsjM∩C∩

UCΣñ@G

: Gi]pKXOLkjMC

jMLo°≤

∩UCΣñ@jMG

14 ² 197

Page 210: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

÷jM ÷jMw]jM≥G

v ≥ DN Or

v jMd≥Ol≡

v jMjpOú]¡

v í¡εOú]¡

v OWOqú

v lαO°∩]÷¼

Yn⌡µ ÷jMG

1. bjMLo°≤WA÷@U÷jMC

2. qUMµ∩@½≤OC

3. pGz°AFyÑAzYiⁿwyÑCΩTA\ 190

yyÑzC

4. ∩¼∩@SwCpGz∩njMSwAqU

Mµ∩@AMßbÑ≤Φ⌠ñΘJCpGzⁿwAhjM@

N#w∩¼²C

iÑjMiÑjMi²zⁿwjM¡εjMLo°≤C ÷jMw]jM≥

C

v ⌡µiÑjMG

1. bjMLo°≤WA÷@UiÑjMC

2. qUMµ∩@C

3. pGz°AFyÑAzYiⁿwyÑCΩTA\

190yyÑzC

4. ∩@±BΓlC

– = Ñ≤C

– ! úÑ≤C

– < p≤Ñ≤C

– > j≤Ñ≤C

– ~ XGÑ≤C

5. ΘJ≤±C

6. ∩°djMBΓl÷sC

– pGzwsW.@jMLo°≤AⁿwΣL≥AA÷@U ANDCAND ⁿO#XoΓjM≥C

– pGzwsW.@jMLo°≤AⁿwΣL≥AA÷@U ORCORⁿO#X⌠@jM≥C

7. ÷@UsWANjMLo°≤≥sWiÑjMC

8. ÷@U∩A∩znbjMñC@Lo°≤C

9. ≤∩ñ⌠≤w]]wC\ 199y∩zC

10. ÷@UTwAljMC

198 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 211: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

11. °jMGºßA÷@UTw#uMΣveC

: pGnújMLo°≤G

– ÷@U∩A∩znúC@Lo°≤C

– ÷@URúAqiÑjMújMLo°≤≥C

– ÷@U½]MújMLo°≤C

ΓjMoΦkjMLo°≤CpAYnjMOWAbµñΘJ sn=*CpG

znjMhAh"jMLo°≤ykCpAYnjMSϕíO

WAΘJG

(&(sn=*)(dept=<departmentname>))

b∩ñG

v jM≥ª - qUMµñ∩@rAHKbrñjMC

: pGzwqzeF@Ahw²z±goµC∩

F DN ßA÷@UsWsWC

z]iH∩rjMπ²≡C

v jMd≥

– ∩½≤AHb∩½≤jMC

– ∩µ@hAHb∩½≤YljMC

– ∩l≡AHjM∩UNC

v jMjp¡ε - ΘJnjMW¡A∩ú]¡C

v jMí¡ε - ΘJjMϕW¡A∩ú]¡C

v qUMµ∩@OW¼C

– qú - pG∩OOWANúªiµjMAτYAjM@

ñOWC

– MΣ - pG∩OWAhjMOWAbOWmñjMC

– jM - ú∩A²ZObjMñΣC

– - bjM@ñJOWC

v ∩lα∩AHKpGbjM@ñ#αAϕαt@°A

CϕαjM@t@°AA°AsuµCp

GzOHW (anonymous) ΦínJAhiαnwO DN nJ°A

C

pGb°AWΣAjMGeuπ DNCΣLµA

p½≤OB∩íWOÑÑúúπCzLkbαW⌡µsΦ

ACLBRúBsWURúUo@@C

\ 23ynJ Web zuπzAHonJ÷ΩTC\ 58

yúαzAHo÷≤αΩTC

\ 48y]wjMzAHo÷≤jMΣLΩTC

14 ² 199

Page 212: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

200 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 213: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

15 sεMµ

UCUíusεMµ (ACL)vHp≤zªC

º[

sεMµ (ACL) ú@O@ LDAP ²ñxsΩTΦkCziH

ACL ¡ε²úPí≈Sw²sCLDAP ² ÷YÑ

hí≡¼cCC@²]½≤ú]t½≤OWAH@

M∩C

sεíwqΓG

v entryOwner ΩT

v sεΩT (ACI)

ϕq LDAP íAACI ΩT entryOwner ΩTH-t∩ϕCiH

LDIF ykzoC

EntryOwner ΩT

entryOwner ΩTεDDiHwq ACICuv]o½≤π

svCwqvpUG

v entryOwner - TawqC

v ownerPropagate - ⁿw\ivOnl≡UNC

úO aclEntryAúπb½≤⌡µ⌠≤@π\ivCA

O@Qe\z½≤ aclEntries CEntryOwner OsεDDAªi

HwqHBsñΓC

: w]A²zMzs¿O²ñ½≤ entryOwnersA B

entryOwnership úαq⌠≤½≤úC

sεΩT

ACI SOwqDD\ivAH∩Y LDAP ½≤⌡µw@C

Lo ACL¼ ACL TaMtª²A²iαúª

UNCDLo ACL w]µOCwqDLo ACL pUG

v aclEntry - wq\ivC

v aclPropagate - ⁿw\ivOnl≡UNC

wLo ACLLo°≤¼ ACL OúPA]ªQⁿw½≤Lo°≤Lo°≤¼±

A½≤PMªsvC

÷Mª⌡µP\αA²OoΓ ACL ¼WhjúPCLo°≤¼

ACL ΦíPDLo°≤¼ ACL eΦíúPC÷ΦAª)Ma

© Copyright IBM Corp. 2003 201

Page 214: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

÷pl≡ñ⌠≤±½≤C≥≤oz%AaclPropagate ]

εDLo°≤ ACLúA≤sLo°≤¼ ACLC

Lo°≤¼ ACL w]µNOqCtAuWNVWAn DIT

ñ¬tCsvpΓ%¿WNPºsv

pCoµ@C≥≤Pl≡ g\αeAHe\≤jz

εAceiling ϕ@@ΦkAb]tªñεnC

t@sεSO≤Lo°≤¼ ACL ΣA úONLo°≤¼ΦX

DLo°≤¼ ACLCpUG

v ibm-filterAclEntry

v ibm-filterAclInherit

ibm-filterAclEntry µíP≤ aclEntryAuOh[F½≤Lo°≤≤C÷p

ceiling O ibm-filterAclInheritC w]Aª]¿ trueCϕ]¿ false Aª

εnC

sεyk

ziH LDIF ϕkzoC@CsLo°≤¼ ACL yk

OµDLo°≤¼ ACL ∩CHU baccus naur µí]BNFw

q ACI entryOwner ykC

<aclEntry> ::= <subject> [ ":" <rights> ]

<aclPropagate> ::= "true" | "false"

<ibm-filterAclEntry> ::= <subject> ":" <object filter> [ ":" <rights> ]

<ibm-filterAclInherit> ::= "true" | "false"

<entryOwner> ::= <subject>

<ownerPropagate> ::= "true" | "false"

<subject> ::= <subjectDnType> ’:’ <subjectDn> |<pseudoDn>

<subjectDnType> ::= "role" | "group" | "access-id"

<subjectDn> ::= <DN>

<DN> ::= distinguished name as described in RFC 2251, section 4.1.3.

<pseudoDn> ::= "group:cn=anybody" | "group:cn=authenticated" |"access-id:cn=this"

<object filter> ::= string search filter as defined in RFC 2254, section 4(extensible matching is not supported).

<rights> ::= <accessList> [":" <rights> ]

<accessList> ::= <objectAccess> | <attributeAccess> |<attributeClassAccess>

<objectAccess> ::= "object:" [<action> ":"] <objectPermissions>

<action> ::= "grant" | "deny"

<objectPermisssions> ::= <objectPermission> [ <objectPermissions> ]

<objectPermission> ::= "a" | "d" | ""

202 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 215: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

<attributeAccess> ::= "at." <attributeName> ":" [<action> ":"]<attributePermissions>

<attributeName> ::= attributeType name as described in RFC 2251, section 4.1.4.(OID or alpha-numeric string with leadingalphabet, "-" and ";" allowed)

<attributePermissions> ::= <attributePermission>[<attributePermissions>]

<attributePermission> ::= "r" | "w" | "s" | "c" | ""

<attributeClassAccess> ::= <class> ":" [<action> ":"]<attributePermissions>

<class> ::= "normal" | "sensitive" | "critical" | "system" | "restricted"

DD

DD]nDvb½≤W⌡µ@ΩΘO% DN]OW¼ DN X

¿C DN ¼OGaccess IdBGroup RoleC

DN HOSϕ access-idBrole groupCpADDiαO ″access-id: cn=personA,

o=IBM group: cn=deptXYZ, o=IBM″C

]µjrO ( : )AHt DN "H ( “” ) AϕCp

G DN wtπrAhor"Q#u (\) ⌡µC

²súiHbsεñC

: AccessGroupBGroupOfNamesBGroupofUniqueNames groupOfURLs c½≤O ibm-dynamicGroupBibm-staticGroup U½≤O⌠≤súiH≤sεC

t@bsεí DN ¼O roleC¿ñΓsbΩ@ΦíOⁿ

A²b[WAªOúPCϕⁿw@ñΓA@⌠twA

Yw]wF"nv¡A⌡µPñΓ÷pu@C≤s¿ΩµAS

]AⁿXwP]¿s¿\ivC

ñΓⁿ≤sA]ªb²ñúOH½≤ϕCAñΓiHt DN s

CsεññΓ"π AccessRole ½≤OC

Ω DNΩ DN ≤sεwqP⌠ñCLDAP/DB2 ²t@Ω DN]p

″group:cn=Anybody″ M ″access-id:cn=this″Ah@FY@qS DNA

qMn⌡µ@÷AM@⌡µ½≤∩H÷C

LDAP 3 ΣUCTΩ DNG

access-id:cn=thisN DN ⁿw ACL @í!A DN O bindDNAoP⌡µ@

b DN CpApG@Ow∩½≤ ″cn=personA, ou=IBM, c=US″

15 sεMµ 203

Page 216: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

⌡µA bindDn ″cn=personA, ou=IBM, c=US″AhP\ivAOú ″cn=this″ \ivA[Wú ″cn=personA, ou=IBM, c=US″ \ivC

group:cn=anybodyϕⁿw ACL @í≈A DN OAY%

gLOCLkqsñúABsLkqΩwñúC

group: cn=Authenticated DN ⌠≤wgL²O DNCúOΦkC

: ″cn=Authenticated″ Owb°AWgLO DNA úNϕ DN

½≤≤≤BCúLAh[pCpAbr ″cn=Secret″UAi@ ″cn=Confidential Material″ IA Σ@ ACL

″group:cn=Authenticated:normal:rsc″Cbt@r ″cn=Common″ UAi@ ″cn=Public Material″ IC]oΓ²≡≤P@°AWAh″cn=Public Material″ sQ°wOA io ″cn= Confidential

Material″ ½≤ñº@δO\ivC

Ω DN d

HUO@Ω DN dG

d 1UC½≤ ACLGcn=personA, c=US AclEntry:

access-id: cn = this:critical:rwscAclEntry: group: cn=Anybody: normal:rscAclEntry: group: cn=Authenticated: sensitive:rcs

ϕ 16.

s N¼

cn=personA, c=US normal:rsc:sensitive:rcs:critical:rwsc

cn=personB, c=US normal:rsc:sensitive:rsc

NULL (unauth.) normal:rsc

bñApersonA i¼P ″cn=this″ ID \ivAH¼ú″cn=Anybody″ P ″cn=Authenticated″ oΓΩ DN s\ivC

d 2NUC½≤ ACLGcn=personA, c=US AclEntry: access-id:cn=personA,

c=US: object:ad

AclEntry: access-id: cn = this:critical:rwscAclEntry: group: cn=Anybody: normal:rscAclEntry: group: cn=Authenticated: sensitive:rcs

∩≤w∩ cn=personA, c=US ⌡µ@ ÑG

ϕ 17.

s N¼

cn=personA, c=US object:ad:critical:rwsc

cn=personB, c=US normal:rsc:sensitive:rsc

NULL (unauth.) normal:rsc

204 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 217: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

bñApersonA i¼P ″cn=this″ ID \ivAH¼ú DN¡ ″cn=personA, c=US″ \ivCNA%≤s DN (″cn=personA,c=US″) ≤πΘ ACL (″access-id:cn=personA, c=US″)A]úús\ivC

½≤Lo°≤

oA≤Lo°≤ ACLCwqb RFC 2254 rΩjMLo°≤Oϕ@½≤

Lo°≤µíC]wD½≤AHrΩú⌡µujMC

#aA∩D½≤⌡µLo°≤¼±AHPwOw@

ibm-filterAclEntry MªC

vQ

sviHMπ½≤½≤CLDAP svOús≥CYvQút

t@vQCvQiHX@AHúQnvQMµAúLAª"ϕyß

QWhCvQiHOⁿwAⁿXPsv½≤WDDCv

QO%Tí≈¿G

@G

wqO grant denyCpGeoµAw]N]¿ grantC

\ivG

*iHb²½≤W⌡µ≥@Cqo@A≥ ACI \

ivCoOGsWBRúB¬BgJBjM

AH±C

iα\ivOG¬ ( r )BgJ ( w )BjM ( s ) ± ( c )C

A½≤\ivMπCo\ivOsWl ( a ) Rú

o ( d )C

UCϕµJ⌡µC@ LDAP @\ivC

ϕ 18.

@ \iv

ldapadd sW]b)

ldapdelete Rú]b½≤

ldapmodify gJ]bn∩

ldapsearch v jMB¬]b RDN ñ

v jM]bjMLo°≤ñⁿw

v jM]bHW#

v jMB¬]bH#

ldapmodrdn gJ]b RDN

ldapcompare ±]b±

: ∩≤jM@ADDA+α∩jMLo°≤ñπjMvAúMú#⌠≤C∩≤qjM@#ADDA+

α∩# RDN ñπjM (s) ¬ (r) vC

15 sεMµ 205

Page 218: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

sG

o\iviHMπ½≤]sWlBRúBM

OAiHMUCñís]sOC

nⁿs\iv÷Osb@C∩Mªb²⌡

ñOCoOOús≥FsYOútiHst@

OC\iv]wOPπΘsO÷CbSϕOW]w

\ivMsOAúDⁿwFOs\i

vC

IBM wqF¡OApΓsvG@δBPBY

BtM¡εCpAcommonName ≤@δOAuserPassword≤YOCwq≤@δsOAúDtⁿwC

AsεtOpUG

v aclSource

v ibm-effectiveAcl

v ownerSource

oO% LDAP °A@A²MzᬪC

OwnerSource aclSource íb@ñC

wqsεⁿ¡OpUG

v aclEntry

v aclPropagate

v entryOwner

v ibm-filterAclEntry

v ibm-filterAclInherit

v ownerPropagate

w]Aúα¬ⁿ¡A² entryOwners iHB∩RúoC

w±m aclEntry Q°πT aclEntryCPaApG entryOwner w]wbSϕWAhπTCoΓú±AπT

iHúiHπT aclEntryA πT aclEntry iHπTCpGo⌠@TaebWAh≥Oº)²≡ñ

WNIC

C@T aclEntry entryOwner Mª]wbCAiHMST]wUNCoQ°FªzL²≡

CSϕ≥t@FεC

: Lo°≤¼ ACL ΦíPDLo°≤¼ ACL ΦíúPCª

÷pl≡ñ⌠≤±½≤C\ 201ywLo ACLzAH

otºΩTC

206 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 219: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ziH]w AclEntry entryOwnerAM] ″false″ SϕA] ″true″ Σl≡C÷M aclEntry entryOwner úiHA²OLp≤ªúúb@C

aclEntry entryOwner 0\P@hAM A aclPropagate ownerPropagate bPuαµ@C

t aclSource ownerSource tI DNAaclEntry entryOwnerO!OqoIDCpGSpIsbANⁿw defaultC

½≤sεwqiH%UCΦlG

v pG½≤ñ@TsεAh%NO½≤sεwqC

v pGSTwqsεAhVWMX²≡AFπ@s

εWNIεC

v pGΣúpWNIAhys⌠Γzíw]svPDDC

s⌠Γ

Sϕ@svO ½≤W@DDs DN [HPC@3i

HPwsvANεC

dOsvkO²MΣ entryOwnership ACI wqBdOvAMßpΓ½≤ ACI C

Lo°≤¼ ACL OqCtAuWNVWAn DIT ñ¬t

CsvpΓ%¿WNPºsvpC

ⁿwXWhO⌠ΓLo°≤¼ ACL svC

bt²µ@ALo°≤¼DLo°≤¼O¼-CNoΓ

±JP@Oúe\A]oO¡εHWCpGo¼pAP≤s

²÷p@NóC

ϕpΓsvANb½≤WNñ@ ACL ¼]wpΓ

íCbLo°≤¼íñAbsvpΓññDLo°≤¼ ACLCP

aAbDLo°≤¼íñAbsvpΓññLo°≤¼ ACLC

Yn¡εbpΓsLo°≤¼ ACL pAiHN]¿ ″false″ ibm-filterAclInherit m≤wl≡ñAibm-filterAclEntry ohP.ºí⌠≤CoP½≤WNñbªºW ibm-filterAclEntry lDñC

YnbpΓsúLo°≤¼ A C L nA]¿ ″ f a l s e ″ ibm-filterAclInherit iαm≤wl≡ñb.o ibm-filterAclEntry ºU⌠≤CoP½≤WNñbªºW ibm-filterAclEntry DñCúsvRw]Lo°≤ ACL C

w]A²zBzs¿D°A]≤ gPh°Ao

²ñ½≤πsvA²tgJvúCΣL entryOwners obªvU½≤πsvA²OtgJvúC w]A

15 sεMµ 207

Page 220: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

∩≤@δBtⁿ¡úπ¬vCpGnDDDπ

entryOwnershipAhsvO%Ww]]wPwA BsBzε⌡µC

pGnDDDúO entryOwnerANd½≤ ACI C½≤ ACI ñwq

svO%ⁿwXWhpΓXC

ⁿwWh

Sw aclEntry wqNObpΓP/\ivwqC

ⁿwhpUG

v Access-id ± group role ≤[SwCsñΓObP@hC

v bP@ dnType hAOh\iv±Oh\iv≤[SwC

v bP@OhAdeny ± grant ≤[SwC

XWh

PÑ≤ⁿwDD\ivXb@CpGLkbP@ⁿwhPw

svAN≤.SwhsvwqCbMwq ACI ßApG

PwúXsvANsC

: bsvpΓñΣ access-id h aclEntry ßAshaclEntries ú]AbsvpΓñC@ANOpG access-id

h aclEntries úwqb cn=this ºUAhsh

aclEntries ]bpΓñXC

½ÑºAb½≤ApGwq ACI tXs DN access-id DD

DNAh² aclEntry pΓ\ivCbP@DD DN UApGwqF

h\ivAhªN⌠≤bOUwq\ivCbP@

OhwqUApGe≡\ivAh\ivm½P\ivC

: wq\iv²ε]A.Sw\ivwqC

pGsv,LkPwA BΣ aclEntries úwqb ″cn=this″ ºUANpΓs¿ΩµCpG≤hsAhqos¼X\

ivCA)≤ cn=Anybody sAHpGu⌡µFwO

sAhiα≤ cn=Authenticated sCpGwwq\iv%sAh

¼ⁿw\ivC

: usvuñΓv¿ΩµObsPwA B@≥t@soA¼/snDεC¼sñΓ]Y@sñΓwqt

@sñΓ¿Júb¿ΩµPwñA]úbsvpΓñ[H

RC

pA] attribute1 ObPOñA cn=Person A, o=IBM P≤

group1 group2Ah aclEntries wqpUG

1. aclEntry: access-id: cn=Person A, o=IBM: at.attributel:grant:rsc:sensitive:deny:rsc

2. aclEntry: group: cn=group1,o=IBM:critical:deny:rwsc

3. aclEntry: group: cn=group2,o=IBM:critical:grant:r:normal:grant:rsc

oG

208 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 221: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v is attribute1 ’rsc’]) 1ChwqNOhwqC

v Lks½≤ñΣLPO]) 1C

v PΣLvQ]2 3 ]AbsvpΓñC

∩≤t@dAaclEntries pUG

1. aclEntry: access-id: cn=this: sensitive

2. aclEntry: group: cn=group1,o=IBM:sensitive:grant:rsc:normal:grant:rsc

G

v LksPO]) 1Cwqb access-id U²ε]A) group1

PO\ivC

v His@δO ’rsc’]) 2C

ACLUCUíziH⌡µz ACL U@C

Web zuπíz ACLYnQuWeb zuπví° ACL eAHYn ACLG

1. ∩²CpAcn=John Doe,ou=Advertising,o=ibm,c=USC

2. ÷@UsΦ ACLCoπusΦ Ac1veABw²∩ ACL C

oeπ 5 G

v ACL

v

v Lo ACL

v wLo ACL

v

ACL M ]t÷ ACL ¬ΩTC

ACLu ACLvOw∩T ACLCziH°Sw ACL s

vAΦk∩ª÷@U°÷sCou°svveC

°sv:

v vQqπDDsWvRúvC

– sWlPDDbw∩UsW²vQC

– RúPDDRúw∩vQCbedñAªP

cn=Marketing Group Rú cn=John Doe αOC

v wOqwqwO\ivC!¿wOsG

– @δ - @δnCwApA commonNameC

– P - PnñÑwApAhomePhoneC

– Y - Yn¬wApA userpasswordC

– t - tO%°A@¬C

– ¡ε - ¡εOwqsεC

15 sεMµ 209

Page 222: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

C@wOúπPª÷p\ivC

– ¬ - DDiH¬C

– gJ - DDiH∩C

: tOúigJC

– jM - DDiHjMC

– ± - DDiH±C

÷@UTw#u ACLvC

÷@U°#usΦ ACLveC

uvOw∩TC

Lo ACL

ziHsWLo ACL AsΦLo ACLC

Lo ACL iHCoϕwqYsεΩTiHA≤ª

lhCACL NOw∩µ ACL CpGS ACLAª

)½≤ ACL ]wAq)½≤ ACLC

bLo ACL ñΘJUCΩTG

v ACL - ∩ ∩AHe\STwq ACL UNα≈qo

CpG∩∩AUNNqo ACLAYwglTwq

ACLAhº)) ACL QsW ACL NCpG∩∩AS

Twq ACL UNNqo]wo∩) ACLC

v DN]OW- ΘJnDv∩∩⌡µ@ΩΘ (DN) OWA

pAcn=Marketing GroupC

v ¼ - ΘJ DN ¼CpApG DN OA∩ access-idC

sWsΦsv: ÷@UsW÷sAN DN]OWµñ DN sW ACL

MµA÷@UusΦv÷sA∩ DN ACLC

sWsvsΦsvei²z]wsusεMµ (ACL)vs

vC¼µw]OzbsΦ ACL eñ∩¼CpGzbsW ACLA

hΣLµúw]CpGzbsΦ ACLAhµtW∩ ACL

]wC

ziHG

v ≤ ACL ¼

v ]wsWvRúv

v ]wwO\iv

Yn]wsvG

1. ∩ ACL ¼CpApG DN OA∩ access-idC

2. vQqπDDsWvRúvC

210 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 223: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v sWlPDDbw∩UsW²vQC

v RúPDDRúw∩vQC

3. wOqtdwqO\ivC!¿wOsG

v @δ - @δnCwApA commonNameC

v P - PnñÑwApAhomePhoneC

v Y - Yn¬wApA userpasswordC

v t - tO%°A@¬C

v ¡ε - ¡εY≤wqsεC

C@wOúπPª÷p\ivC

v ¬ - DDiH¬C

v gJ - DDiH∩C

: tOúigJC

v jM - DDiHjMC

v ± - DDiH±C

AziH A úOwOⁿw\ivCqO

bYwOºUC

v qwqUMµñ∩@C

v ÷@UwqCoπ\ivϕµC

v ⁿwOnP6P÷pwO\ivC@C

v ziH∩h½oC

v YnúA∩AA÷@URúC

v ϕz¿A÷@UTwC

ú ACL: ziHΓΦkº@ú ACLG

v ∩nRú ACL ΩsC÷@UúC

v ÷@UíúAqMµñRú DNC

wLo ACLziHsWwLo ACL AsΦwLo ACLC

Lo°≤¼ ACL Qⁿw½≤Lo°≤Lo°≤¼±A½≤PM

ªsvC

Lo°≤¼ ACL w]µNOqCtAuWNVWAn DIT

ñ¬tCsvpΓ%¿WNPºsv

pCoµ@C≥≤Pl≡ g\αeAHe\≤jz

εAceiling ϕ@@ΦkAb]tªñεnC

buLo ACLvñΘJUCΩTG

v pLo ACL -

– ∩ⁿwΩsAN ibm-filterACLInherit q∩ñúC

– ∩ True ΩsA²∩ ACL qlpAuWNV

WA@ DIT ñ]t¬Lo°≤ ACLC

15 sεMµ 211

Page 224: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

– ∩ False ΩsAiHb∩WεLo°≤ ACL pC

v DN]OW- ΘJnDv∩∩⌡µ@ΩΘ]DNOWA

pAcn=Marketing GroupC

v ¼ - ΘJ DN ¼CpApG DN OA∩ access-idC

sWsΦsv: ÷@UsW÷sAN DN]OWµñ DN sW ACL

MµA÷@UusΦv÷sA∩ DN ACLC

sWsvsΦsvei²z]wsusεMµ (ACL)vs

vCu¼vµw]zbusΦ ACLveW∩¼CpGzbsW

ACLAhΣLµúw]CpGzbsΦ ACLAhµtW∩

ACL ]wC

ziHG

v ≤ ACL ¼

v ]wsWvRúv

v ]wwLo ACL ½≤Lo°≤

v ]wwO\iv

Yn]wsvG

1. ∩ ACL ¼CpApG DN OA∩ access-idC

2. vQqπDDsWvRúvC

v sWlPDDbw∩UsW²vQC

v RúPDDRúw∩vQC

3. ]w≤Lo°≤¼±½≤Lo°≤Cb½≤Lo°≤µñA∩ ACL

ΘJn½≤Lo°≤C÷@UsΦLo°≤÷s≤UzgjMLo°≤r

ΩCµLo ACL ÷pl≡ñ⌠≤XoµñLo°≤UN

½≤C

4. wOqtdwqO\ivC!¿wOsG

v @δ - @δnCwApA commonNameC

v P - PnñÑwApAhomePhoneC

v Y - Yn¬wApA userpasswordC

v t - tO%°A@¬C

v ¡ε - ¡εY≤wqsεC

C@wOúπPª÷p\ivC

v ¬ - DDiH¬C

v gJ - DDiH∩C

: tOúigJC

v jM - DDiHjMC

v ± - DDiH±C

AziH A úOwOⁿw\ivCqO

bYwOºUC

v qwqUMµñ∩@C

212 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 225: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v ÷@UwqCoπ\ivϕµC

v ⁿwOnP6P÷pwO\ivC@C

v ziH∩h½oC

v YnúA∩AA÷@URúC

v ϕz¿A÷@UTwC

ú ACL: ziHΓΦkº@ú ACLG

v ∩nRú ACL ΩsC÷@UúC

v ÷@UíúAqMµñRú DNC

πb½≤⌡µ⌠≤@π\ivCiHOT

]C

bñΘJUCΩTG

v ∩∩AHe\STwqUNα≈qoC

pG∩∩ASTwqUNNqo]wo

∩)C

v DN]OW- ΘJnDv∩∩⌡µ@ΩΘ (DN) OWA

pAcn=Marketing GroupC

v ¼ - ΘJ DN ¼CpApG DN OA∩ access-idC

sW: ÷@UsWAN DN]OWµñ DN sWMµñC

ú: ziHΓΦkº@úG

v ∩nRú DN ΩsC÷@UúC

v ÷@UíúAqMµñRú DNC

ⁿOµíz ACLUCUíp≤ LDIF íz ACL

wq ACI M

UΓdπnzlΓC@dπnⁿwπΓ

entryOwner µ@CGdhπⁿw entryOwner sC

entryOwner: access-id:cn=Person A,o=IBMownerPropagate: true

entryOwner: group:cn=System Owners, o=IBMownerPropagate: true

U@dπp≤P access id ″cn=Person 1, o=IBM″ ¬BjM± attribute1

\ivC\ivMπl≡]bto ACI IñºUñ⌠≤

X ″(objectclass=groupOfNames)″ ±Lo°≤ICwN ibm-filterAclInherit ]

″false″AεF⌠≤WNIñ ibm-filteraclentry nC

ibm-filterAclEntry: access-id:cn=Person 1,o=IBM:(objectclass=groupOfNames):at.attribute1:grant:rsc

ibm-filterAclInherit: false

15 sεMµ 213

Page 226: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

U@dπp≤Ps ″cn=Dept XYZ, o=IBM″ ¬BjM± attribute1

\ivC\ivM≤to ACI IºUπl≡C

aclEntry: group:cn=Dept XYZ,o=IBM:at.attribute1:grant:rscaclPropagate: true

Udπp≤PñΓ ″cn=System Admins,o=IBM″ boIUsW½≤\ivAH¬BjM± attribute2 MYO\ivC\ivMt

o ACI IC

aclEntry: role:cn=System Admins,o=IBM:object:grant:a:at.attribute2:grant:rsc:critical:grant:rsc

aclPropagate: false

∩ ACI M

Modify-replaceModify-replace B@ΦíP≤ΣLCpGúsbAN

CpGsbANNC

wUC ACIG

aclEntry: group:cn=Dept ABC,o=IBM:normal:grant:rscaclPropagate: true

⌡µUC≤G

dn: cn=some entrychangetype: modify

replace: aclEntryaclEntry: group:cn=Dept XYZ,o=IBM:normal:grant:rsc

ú ACI pUG

aclEntry: group:cn=Dept XYZ,o=IBM:normal:grant:rscaclPropagate: true

Dept ABC ACI zLN óhC

wUC ACIG

ibm-filterAclEntry: group:cn=Dept ABC,o=IBM:(cn=Manager ABC):normal:grant:rsc

ibm-filterAclInherit: true

⌡µUC≤G

dn: cn=some entrychangetype: modify

replace: ibm-filterAclEntryibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):normal

:grant:rsc

dn: cn=some entrychangetype: modify

replace: ibm-filterAclInheritibm-filterAclInherit: false

ú ACI pUG

ibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):normal:grant:rsc

ibm-filterAclInherit: false

Dept ABC ACI zLN óhC

214 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 227: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Modify-addb ldapmodify-add íApG ACI entryOwner úsbANπSw

ACI entryOwnerCpG ACI entryOwner sbANsWⁿw

w ACI entryOwnerCpAw ACIG

aclEntry: group:cn=Dept XYZ,o=IBM:normal:grant:rsc

πUC∩G

dn: cn=some entrychangetype: modify

add: aclEntryaclEntry: group:cn=Dept ABC,o=IBM:at.attribute1:grant:rsc

NúpUh¼ aclEntryG

aclEntry: group:cn=Dept XYZ,o=IBM:normal:grant:rscaclEntry: group:cn=Dept ABC,o=IBM:at.attribute1:grant:rsc

pAw ACIG

Ibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):normal:grant:rsc

πUC∩G

dn: cn=some entrychangetype: modify

add: ibm-filterAclEntryibm-filterAclEntry: group:cn=Dept ABC,o=IBM:(cn=Manager ABC)

:at.attribute1:grant:rsc

NúpUh¼ aclEntryG

Ibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):normal:grant:rsc

ibm-filterAclEntry: group:cn=Dept ABC,o=IBM:(cn=Manager ABC):at.attribute1:grant:rsc

bP@OU\ivQ°≥m⌠A @hQ°

¡wCpGP@\ivsWFhAxs@CpGP@\iv

sWFhA²πúP@Ahß@@CpGú\

ivµO (″″)Ao\iv]¿A @h]¿ grant.pAwUC ACIG

aclEntry: group:cn=Dept XYZ,O=IBM:normal:grant:rsc

πUC∩G

dn: cn=some entrychangetype: modify

add: aclEntryaclEntry: group:cn=Dept XYZ,o=IBM:normal:deny:r:critical:deny::sensitive

:grant:r

úpU aclEntryG

aclEntry: group:cn=Dept XYZ,O=IBM:normal:grant:sc:normal:deny:r:critical:grant::sensitive:grant:r

pAwUC ACIG

Ibm-filterAclEntry: group:cn=Dept XYZ,O=IBM:(cn=Manager XYZ):normal:grant:rsc

πUC∩G

15 sεMµ 215

Page 228: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

dn: cn=some entrychangetype: modify

add: ibm-filterAclEntryibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):normal

:deny:r:critical:deny::sensitive:grant:r

úpU aclEntryG

ibm-filterAclEntry: group:cn=Dept XYZ,O=IBM:(cn=Manager XYZ):normal:grant:sc:normal:deny:r:critical:grant::sensitive:grant:r

Modify-deleteYnRúSϕ ACI A@δ ldapmodify-delete ykC

wpU ACIG

aclEntry: group:cn=Dept XYZ,o=IBM:object:grant:adaclEntry: group:cn=Dept XYZ,o=IBM:normal:grant:rwsc

dn: cn = some entrychangetype: modify

delete: aclEntryaclEntry: group:cn=Dept XYZ,o=IBM:object:grant:ad

b°AWúpUl ACIG

aclEntry: group:cn=Dept XYZ,o=IBM:normal:grant:rwscwpU ACIG

ibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):object:grant:ad

ibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):normal:grant:rwsc

dn: cn = some entrychangetype: modify

delete: ibm-filterAclEntryibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):object

:grant:ad

b°AWúpUl ACIG

ibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):normal:grant:rwsc

Rúúsb ACI entryOwner P≤ ACI entryOwnerA

BP@#XAⁿwúsbC

Rú ACI/Q ldapmodify-delete @AziHⁿwUCRú entryOwner

dn: cn = some entrychangetype: modify

delete: entryOwner

boípñANST entryOwnerCownerPropagate ])úCo

NϕWhAq²≡ñWNIª entryOwnerC

ziHP@ΦíπaRú aclEntryG

dn: cn = some entrychangetype: modify

delete: aclEntry

216 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 229: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

qRúß@ ACI entryOwner úP≤Rú ACI entryOwnerCi

αtS ACI entryOwnerCboípñAϕd ACI entryOwner A

ú#ß⌠≤FΦA B]wUNIAªQm½εCYn

εSHiHsa\A²z/úππsvAY

π ACI entryOwner A]OpC

ACI/ziHbjMñⁿwQn ACL entryOwner A ACI

entryOwner ApA

ldapsearch -b "cn=object A, o=ibm" -s base "objectclass=*"aclentry aclpropagate aclsource entryowner ownerpropagate ownersourceibm-filterAclEntry ibm-filterAclInherit ibm-effectiveAcl

#b½≤ A WsvpΓñ ACL entryOwner ΩTCNA#

iαúP≤ªb@wqlCoµíP≤lµíC

µWjM ibm-filterAclEntry A#tSwC

¬@ ibm-effectiveAcl OπnsvCibm-effectiveAcl jM

nD DLo°≤ ACL Lo°≤ ACLA#A≤½≤sv°

p≤b DIT ñ!eª wC

]Lo°≤¼ ACL iα)WNAHjM aclSource ú÷p

MµC

l≡gN

∩≤nbl≡ g@ñ]ADLo°≤¼svA⌠≤ aclEntry ú"n

b÷p ibm-replicationContext ñC]svLkq gl≡ºWW

NAH aclPropagate "]¿ true C

∩≤nbl≡ g@ñ]ALo°≤¼svA⌠≤ ibm-filterAclEntry "

nb÷p ibm-replicationContext ñºUC]svLkq gl≡

ºWWNnAH ibm-filterAclInherit attribute "]¿ false A B"nb÷p ibm-replicationContext ñC

15 sεMµ 217

Page 230: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

218 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 231: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

16 sñΓ

s

sO@MµAWXCsiHb aclentryBibm-filterAclEntry entryowner ñεsAbíSkñAplHMµF\ 201 15 , ysεMµzCsiHwq¿RABA¼C

RAs

RAsc½≤O groupOfNamesBgroupOfUniqueNamesBaccessGroup accessRole OwqC@¿FOU½≤Oibm-staticgroup OwqC@¿Co½≤On member]bgroupOfUniqueNames ípñAn uniqueMemberCoc½≤OR

As"π.@¿FªúαOCRAs]iHU½≤O

[HwqGibm=staticGroupAªún member A]iHOC

σ¼sG

DN: cn=Dev.Staff,ou=Austin,c=USobjectclass: accessGroupcn: Dev.Staffmember: cn=John Doe,o=IBM,c=USmember: cn=Jane Smith,o=IBM,c=USmember: cn=James Smith,o=IBM,c=US

C@s½≤út%¿ DN ¿h¼C

RússAss]qMª ACL ñúC

As

AsHúP≤RA¿Φíwqª¿CúOOCªAAsO

LDAP jMwqª¿CAsc½≤O groupOfURLs]U½≤O ibm-dynamicGroup memberURLA LDAP URL

ykwqjMC

ldap:///<base DN of search> ? ? <scope of search> ? <searchfilter>

: pPdzAD≈WúoebykñClpP≤@δ ldap URL y

kCYⁿwAC@µ]"H ? jCípUA#

MµN]Ab≥ DN PjMd≥ºíCϕPwA¿ΩµA°A]ú

oA]iHñªAM ,"e!jr ?CΣñG

base DN of searchO²ñljMICªiHO²r Ap ou=AustinCoO"nC

scope of searchⁿwjMd≥Cw]d≥O baseC

base #b URL ñⁿw≥ DN ÷ΩT

© Copyright IBM Corp. 2003 219

Page 232: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

one #b URL ñⁿw≥ DN U@h÷ΩTCªú]

A≥C

sub #bhU÷ΩTA]A≥ DNC

searchfilterOnMjMd≥Lo°≤C\ 280yldapsearch Lo°

≤∩zAHojMLo°≤yk÷ΩTCw] objectclass=*

A¿jM/úb°AíAHúP≤π ldap URLAqúⁿwD≈W

≡A BqT≤w/úO ldap]qúO ldapsCmemberURL iHt⌠≤ URLA²O°AH ldap:/// Y memberURLAPwA¿ΩµC

d

bd≥w] base Lo°≤w] objectclass=* µ@ñG

ldap:///cn=John Doe, cn=Employees, o=Acme, c=US

b cn=Employees U@hAHLo°≤w] objectclass=*G

ldap:///cn=Employees, o=Acme, c=US??one

bt objectclass=person o-Acme ºUG

ldap:///o=Acme, c=US??sub?objectclass=person

zwq½≤OA%iαS]tAX≤Pws¿

ΩµCziHU½≤O ibm-dynamicMemberAzH]A ibm-group Coi²zsWHNARϕzAsLo°≤CpG

oAs¿Obπ ibm-group GROUP1 cn=users,ou=Austin

ºUG

dn: cn=GROUP1,ou=Austinobjectclass: groupOfURLscn: GROUP1memberURL: ldap:///cn=users,ou=Austin??one?(ibm-group=GROUP1)

UO cn=GROUP1,ou=Austin d¿G

dn: cn=Group 1 member, cn=users, ou=austinobjectclass: person

objectclass: ibm-dynamicMembersn: memberuserpassword: memberpasswordibm-group: GROUP1

¼s

¼si²zÑhí÷YAwqs¿ΩµC¼swqO

ⁿ@lsAΣ DN Q)sñ]tC)sΦk

Σñ@cs½≤O]groupOfNamesBgroupOfUniqueNamesBaccessGroupBaccessRole groupOfURLsAA[W ibm-nestedGroup U½≤OCb¼sßAiαsWsh ibm-memberGroup Aª]¼ls DNCpG

220 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 233: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

dn: cn=Group 2, cn=Groups, o=IBM, c=USobjectclass: groupOfNamesobjectclass: ibm-nestedGroupobjectclass: topcn: Group 2description: Group composed of static, and nested members.member: cn=Person 2.1, cn=Dept 2, cn=Employees, o=IBM, c=USmember: cn=Person 2.2, cn=Dept 2, cn=Employees, o=IBM, c=USibm-memberGroup: cn=Group 8, cn=Nested Static, cn=Groups, o=IBM, c=US

úe\b¼sÑhñi⌠CpG¼s@úOHΦízL

@wúú⌠AhªQ°¡εHWA]Lk≤sC

VXís

⌠≤úcs½≤OúiHAHKαHRABA¼¿¼

Xís¿ΩµCpG

dn: cn=Group 10, cn=Groups, o=IBM, c=USobjectclass: groupOfURLsobjectclass: ibm-nestedGroupobjectclass: ibm-staticGroupobjectclass: topcn: Group 10description: Group composed of static, dynamic, and nested members.memberURL: ldap:///cn=Austin, cn=Employees, o=IBM, c=US??one?objectClass=personibm-memberGroup: cn=Group 9, cn=Nested Dynamic, cn=Groups, o=IBM, c=USmember: cn=Person 10.1, cn=Dept 2, cn=Employees, o=IBM, c=USmember: cn=Person 10.2, cn=Dept 2, cn=Employees, o=IBM, c=US

Pws¿Ωµ

Γ@idEs¿ΩµC∩≤wsAibm-allMembers @÷¼sÑhzACEs¿ΩµA]ARABA

¼¿C∩≤wAibm-allGroups @CEsA]A∩Σπ¿ΩµWNsC

nDα¼nDΩlAM≤ ACL p≤bΩW]w wC⌠≤Húi

HnD ibm-allMembers ibm-allGroups @A²O#ΩtnDvs LDAP ΩCnD ibm-allMembers ibm-allGroups "vss¼s member uniquemember A+αRA¿A B"α≈⌡µ memberURL ñⁿwjMA+αA¿CpG

16 sñΓ 221

Page 234: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Ñhd

∩≤odAm1 m2 úb g2 member ñCg2 ACL e\ user1 ¬ member A² user 2 Lvs member C g2 LDIF pUG

dn: cn=g2,cn=groups,o=ibm,c=usobjectclass: accessGroupcn: g2member: cn=m1,cn=users,o=ibm,c=usmember: cn=m2,cn=users,o=ibm,c=usaclentry: access-id:cn=user1,cn=users,o=ibm,c=us:normal:rscaclentry: access-id:cn=user2,cn=users,o=ibm,c=us:normal:rsc:at.member:deny:rsc

g4 w] aclentryAe\ user1 user2 ⪦ member C g4 LDIF pUG

dn: cn=g4, cn=groups,o=ibm,c=usobjectclass: accessGroupcn: g4member: cn=m5, cn=users,o=ibm,c=us

g5 O@AsANq memberURL oªΓ¿Cg5 LDIF

pUG

dn: cn=g5, cn=groups,o=ibm,c=usobjectclass: containerobjectclass: ibm-dynamicGroupcn: g5memberURL: ldap:///cn=users,o=ibm,c=us??sub?(|(cn=m3)(cn=m4))

m3 m4 úOs g5 ¿A]ªX memberURLCm3 ACL

e\ user1 user2 ΓjMªCm4 ACL úe\ user2 jMªC m4 LDIF pUG

dn: cn=m4, cn=users,o=ibm,c=usobjectclass:personcn: m4

222 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 235: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

sn: fouraclentry: access-id:cn=user1,cn=users,o=ibm,c=us:normal:rscaclentry: access-id:cn=user2,cn=users,o=ibm,c=us

d 1G 1 ⌡µjMos g1 ¿C 1 vs¿

AHN#ªíC

ldapsearch -D cn=user1,cn=users,o=ibm,c=us -w user1pwd -s base -b cn=g1,cn=groups,o=ibm,c=us objectclass=* ibm-allmembers

cn=g1,cn=groups,o=ibm,c=usibm-allmembers: CN=M1,CN=USERS,O=IBM,C=USibm-allmembers: CN=M2,CN=USERS,O=IBM,C=USibm-allmembers: CN=M3,CN=USERS,O=IBM,C=USibm-allmembers: CN=M4,CN=USERS,O=IBM,C=USibm-allmembers: CN=M5,CN=USERS,O=IBM,C=US

d 2G 2 ⌡µjMos g1 ¿C 2 Lvs¿ m1 m2A]LLvss g2 member C 2 vs g4 member A]vs¿ m5C 2 iHb m3 sg5 memberURL ñ⌡µjMAH¿CXA²OLk∩ m4 ⌡µjMC

ldapsearch -D cn=user2,cn=users,o=ibm,c=us -w user2pwd -s base -b cn=g1,cn=groups,o=ibm,c=us objectclass=* ibm-allmembers

cn=g1,cn=groups,o=ibm,c=usibm-allmembers: CN=M3,CN=USERS,O=IBM,C=USibm-allmembers: CN=M5,CN=USERS,O=IBM,C=US

d 3G 2 ⌡µjMd m3 Os g1 ¿C 2 v⌡µ

ojMAHjM@π m3 Os g1 ¿C

ldapsearch -D cn=user2,cn=users,o=ibm,c=us -w user2pwd -s base -b cn=m3,cn=users,o=ibm,c=us objectclass=* ibm-allgroups

cn=m3,cn=users,o=ibm,c=usibm-allgroups: CN=G1,CN=GROUPS,O=IBM,C=US

d 4G 2 ⌡µjMd m1 Os g1 ¿C 2 Lvs

member AHjM@úπ m1 Os g1 ¿C

ldapsearch -D cn=user2,cn=users,o=ibm,c=us -w user2pwd -s base -bcn=m1,cn=users,o=ibm,c=us objectclass=* ibm-allgroups

cn=m1,cn=users,o=ibm,c=us

s½≤O

ibm-dynamicGroupoUOe\∩ memberURL CªPcO]pgroupOfNamesftAiπRAA¿VXísC

16 sñΓ 223

Page 236: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ibm-dynamicMemberoUOe\∩ ibm-group Cª@As filter

C

ibm-nestedGroupoUOe\∩ ibm-memberGroup CªPcO]pgroupOfNamesftAi²lsα≈b)s¿¼C

ibm-staticGroupoUOe\∩ member CªPcO]pgroupOfURLsftAiπRAA¿VXísC

: ibm-staticGroup O@Σ member O∩OAΣLmember Oún.@¿C

ibm-allGroupsπísCiHOH memberBuniqueMember memberURL ϕ¿AOíH ibm-memberGroup ϕ¿CjMLo°≤ñúe\o¬@C

ibm-allMembersπs¿CiHOH memberBuniqueMember memberURL ϕ¿AOíH ibm-memberGroup ϕ¿CjMLo°≤ñúe\o¬@C

ibm-groupOUO ibm-dynamicMember CªwqHNAHεAsñ¿ΩµCpAsW ″Bowling Team″ ]A⌠≤memberURL ñπLo°≤ ″ibm-group=Bowling Team″ C

ibm-memberGroupOUO ibm-nestedGroup CªOO)slsCϕBz ACL ibm-allMembers ibm-allGroups @Apls¿ú°)s¿Cls¡úO¿C

¼¿ΩµOjC

ñΓ

ñΓ¼vOs¼vjA BbYípñC@ñΓ¿Az

v⌡µñΓAHK¿u@CúP≤sAñΓ⌠t\ivC

S]AⁿXwP]óh¿s¿\ivC

ñΓⁿ≤sA]ªb²ñúOH½≤ϕCAñΓiHt DN s

CsεñNñΓ"π ’AccessRole’ ½≤OC ’Accessrole’ ½≤

OO ’GroupOfNames’ ½≤OlOC

pApG@p ’sys admin’ DN XAhz@#iαNªQ¿

’sys admin group’]]sOMvú¼CM A]

@zwH ’sys admin’ ¿¡!¼\ivAH DN Xiα≤δT

awq ’sys admin role’C

224 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 237: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

17 zjM¡εs

b IBM Tivoli Directory Server ñAFεjMnDO=hΩ C°

AαAHbo∩⌠N°AnD[WjM¡εCϕtm°AA

z]w÷jMjpMíjM¡εCΩTA\ 48y]wj

MzC

uzMzs¿iHKúAΣLojM¡εCM A

zDAiHjM¡εs ±@δ≤IujM¡εC∩

jM¡εsñ]tºO¿sAPbjM¡εsñⁿwjM¡εC

ϕljMA²djMnD¡εCpGOjM¡εs¿A

K±¡εCpGjM¡εs¡ε¬≤ojMnDAhjMnD¡

εCpGjMnD¡ε¬≤ojM¡εsAhjM¡εs¡εCpGΣ

újM¡εsAh∩°AjM¡ε⌡µP±CpG]w⌠≤°

AjM¡εAh∩w]°A]w⌡µ±C¡ε@wO±ñC]

wC

pG≤hjM¡εsAhP¬hjMαOCpA

]≤PjMjp 2000 jMí 4000 ϕjMs 1A≤j

Mjpú¡jMí 3000 ϕjMs 2ANL¡εjMjp

jMí 4000 ϕjM¡εC

jM¡εsiHxsb localhost IBMpolicies ºUCb IBMpolicies ºUjM

¡εsQ gAb localhost UjM¡εhú gCziHNPjM¡εs

xsb localhost M IBMpolicies ºUCpGjM¡εsSxsbez⌠≤@

DN ºUA°AKñsjM¡εí≈ANª°sC

ϕljMA²d localhost ºUjM¡εsCpGΣú

AhjM IBMpolicies ºUjM¡εsCpGb localhost ºUΣ

Ahúd IBMpolicies ºUjM¡εsClocalhost ºUjM¡ε

su²¬≤ IBMpolicies ºUC

jM¡εs

pGnjM¡εsAz" Web zuπⁿOµsC

Web zG

pGzoAis²ñ²zC

1 . ÷@UsWA÷@UzAA∩m]cn=ibmPol ic ies

cn=localhostAMß÷@UsWC

2. qc&½≤O\αϕñ∩Σñ@s½≤OC

v accessGroup

v accessRole

v AIXaccessGroup

© Copyright IBM Corp. 2003 225

Page 238: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v eNTGroup

v groupofNames

v groupofUniqueNames

v groupofURLs

v ibm-nestedGroup

v ibm-proxyGroup

v ibm-staticGroup

v ibm-dynamicGroup

3. ÷@UU@BC

4. qi\αϕñ∩zn ibm-searchLimits U½≤OAA÷@UsWC½ezABzC@znsWΣLU½≤OCz]iHq

w∩\αϕñRúU½≤OAΦkO∩ªAA÷@UúC

5. ÷@UU@BC

6. b∩ DN µñAΘJznsWºs∩OW (RDN)Ap cn=Search

Group1C

7. b DN µñAΘJzn∩²≡OWAp cn=localhostC

z]iH÷@Us²AqMµ∩u) DNvC∩z∩AA÷@U∩

ⁿwzQnu) DNvC DN w]²≡ñ∩C

: pGzwqzeF@Ahw²z±goµC∩

F DN ßA÷@UsWsWC

8. bnWAΘJ"nC

v cn Ozy¡ⁿw∩ DNC

v b ibm-searchSizeLimit µñAⁿwwqjMjpCd≥Ob 0 2,147,483,647 ºíC]w 0 Pú]¡PC

v b ibm-searchTimeLimit µñAⁿwwqjMíϕCd≥Ob 0 2,147,483,647 ºíC]w 0 Pú]¡PC

v ∩½≤O wAz¿ uniqueMember µCoOznºs¿Co D N µíAp c n = B o b

Garcia,ou=austin,o=ibm,c=usC

9. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz

¿sWhA÷@UTwCpoK[JπbñiXR\

αϕñC

10. pGz°AFyÑAziH÷@UyÑsWúyÑ

yzlCΩTA\ 190yyÑzC

11. ÷@UΣLC

12. bΣLWAΘJAXC÷sWGiΩTA\

195yGizC

13. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz

¿sWhA÷@UTwCpoK[JπbñiXR\

αϕñC

14. pGz°AFyÑAziH÷@UyÑsWúyÑ

yzlCΩTA\ 190yyÑzC

226 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 239: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

15. ÷@U¿C

ⁿOµG

pGnⁿOµ⌡µP@AoXUCⁿOG

ldapmodify -a -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

Dn: cn=Search1, cn=localhostCn: Search1member: cn=user1,o=ibmmember: cn=user2,o=ibmibm-searchTimeLimit: 4000ibm-searchSizeLimit: 2000objectclass: topobjectclass: ibm-searchLimitsobjectclass: groupofNames

∩jM¡εs

ziHQ Web zuπⁿOµ∩jM¡εsAp≤jMjpí

¡εAOsWRúsC

Web zG

pGn∩jM¡εsA\ 194y∩zC

ⁿOµG

pGnⁿOµ∩jM¡εsAoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=Search1, cn=localhostnchangetype: modify

replace: ibm-searchTimeLimitibm-searchTimeLimit: 3000-replace: ibm-searchSizeLimitibm-searchSizeLimit: 0

add: membermember: cn=Bob Garcia,ou=austin,o=ibm,c=us

sjM¡εs

pGzn²PjM¡εs±b localhost M IBMpolicies ºUAsjM¡εs

DCϕznPsⁿΩTBptºss]C

°AzG

pGnsjM¡εsA \ 195yszC

ⁿOµG

pGn° localhost ñ]tjMsAoXⁿOG

ldapsearch -b cn=localhost objectclass=ibm-searchLimits

17 zjM¡εs 227

Page 240: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

∩nsjM¡εsCziHsΦ≤÷ΩTABN≤xs

<filename>CoXUCⁿOG

ldapmodify -a -D <adminDN> -w <adminPW> -i <filename>

Σñ <filename> tG

Dn: cn=NewSearch1, cn=localhostCn: NewSearch1member: cn=user1,o=ibmmember: cn=user2,o=ibmibm-searchTimeLimit: 4000ibm-searchSizeLimit: 2000objectclass: topobjectclass: ibm-searchLimitsobjectclass: groupofNames

újM¡εs

pGnújM¡εsAziH Web zuπⁿOC

Web zG

pGnújM¡εsA\ 193yRúzC

ⁿOµG

pGnⁿOµújM¡εsAoXUCⁿOG

ldapdelete -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

#bBCXΣL DNACµ@cn=Search1, cn=localhost

pGnúhjM¡εsAC DNCC@ DN "bO@µC

228 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 241: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

18 z Proxy vs

Proxy vOSϕOíC Proxy v≈εAßíiH)v

¡≈Os²A²O0\NΣL⌡µ@s²C@i

H⌠íiNh½s Directory ServerC

Proxy vsñ¿iH⌠≤wO¡≈OA²zzs¿

úC

Proxy vsiHxsb localhost IBMpolicies ºUCIBMpolicies ºU Proxy

vsOiH gA²O localhost ºU Proxy vshCziHN Proxy

vsPxsb localhost M IBMpolicies ºUCpG Proxy vsSxsbe

z⌠≤@ DN ºUA°AKñs Proxy í≈ANª°sC

pAYßí client1AiH¬hs\ivs Directory

ServerC¡\iv UserA enDßíCpGßO Proxy

vs¿AΣúH client1 ¡≈nD Directory ServerA Oⁿ¡ε

\ihAH UserA ¡≈nDCoNϕúOH client1 ⌡µnDAí

°Auαs⌡µ UserA α≈s⌡µΩT@CoONHNz UserA

Φí⌡µnDC

: ¿"π)v DN íCh#L DN ykTºCs

DN ú0\¿ Proxy vs¿C

zMzs¿ú0\¿ Proxy vs¿C

fΘxO² Proxy v⌡µºC@@s DN M proxy DNC

Proxy vs

pGn Proxy vsAz" Web zuπⁿOµsC

Web zG

pGzoAis²ñ²zC

1 . ÷@UsWA÷@UzAA∩m]cn=ibmPol ic ies

cn=localhostAMß÷@UsWC

2. qc&½≤O\αϕñA∩ groupof Names ½≤OC

3. ÷@UU@BC

4. qi\αϕñ∩ ibm-proxyGroup U½≤OAA÷@UsWC½

ezABzC@znsWΣLU½≤OCz]iHq∩\

αϕñRúU½≤OAΦkO∩ªAA÷@UúC

5. ÷@UU@BC

6. b∩ DN µñAΘJ cn=proxyGroupC

© Copyright IBM Corp. 2003 229

Page 242: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

7. b DN µñAΘJzn∩²≡OWAp cn=localhostC

z]iH÷@Us²AqMµ∩u) DNvC∩z∩AA÷@U∩

ⁿwzQnu) DNvC DN w]²≡ñ∩C

: pGzwqzeF@Ahw²z±goµC∩

F DN ßA÷@UsWsWC

8. bnWAΘJ"nC

v cn O proxyGroupC

v ¿ DN µíAp cn=Bob Garcia,ou=austin,o=ibm,c=usC

÷sWGiΩTA\ 195yGizC

9. pGzQnsWhSϕA÷@UhAMß@sW@C

: < cn hCProxy vs"úW proxyGroupC

ϕz¿sWhA÷@UTwCpoK[Jπbñi

XR\αϕñC

10. pGz°AFyÑAziH÷@UyÑsWúyÑ

yzlCΩTA\ 190yyÑzC

11. ÷@UΣLC

12. bΣLWAΘJAXC÷sWGiΩTA\

195yGizC

13. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz

¿sWhA÷@UTwCpoK[JπbñiXR\

αϕñC

14. pGz°AFyÑAziH÷@UyÑsWúyÑ

yzlCΩTA\ 190yyÑzC

15. ÷@U¿C

ⁿOµG

Yntl¿ proxy OsAoXUCⁿOG

ldapadd -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=proxyGroup,cn=localhostcn: proxyGroupmember: cn=client1, ou=austin, o=ibm, c=usobjectclass: topobjectclass: containerobjectclass: groupOfNamesobjectclass: ibm-proxyGroup

YnsWΣL¿AoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=proxyGroup,cn=localhostcn: proxyGroup

changetype: modifyadd: membermember: cn=client2, ou=austin, o=ibm, c=us

230 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 243: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

∩ Proxy vs

°AzG

pGn∩ Proxy vsApsWRús¿A\ 194y∩

zC

ⁿOµG

pGnⁿOµ∩ Proxy vsAoXUCⁿOG

ldapmodify -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> ]tG

dn: cn=proxyGroup,cn=IBMpolicieschangetype: modify

delete: membermember: cn=client1, ou=austin, o=ibm, c=us-add: membermember: cn=client2, ou=austin, o=ibm, c=us-add: membermember: cn=client3, ou=austin, o=ibm, c=us

s Proxy vs

°AzG

pGznNP Proxy vs±b localhost M IBMpolicies ºUAs Proxy

vsKiúW⌡C

pGns Proxy vsA\ 195yszC

ⁿOµG

pGn° localhost ñ]t Proxy vsAoXUCⁿOG

ldapsearch -D <adminDN> -w <adminPW> -b cn=localhost objectclass=ibm-proxyGroup

∩ Proxy vsCziHsΦ≤÷ΩTABN≤xs

<filename>CoXUCⁿOG

ldapmodify -a -D <adminDN> -w<adminPW> -i<filename>

Σñ <filename> tG

Dn: cn=proxyGroup, cn=ibmpoliciesCn: proxyGroupobjectclass: ibm-proxyGroupobjectclass: groupOfNamesmember: cn=client1, ou=austin, o=ibm, c=usmember: cn=client2, ou=austin, o=ibm, c=usmember: cn=client3, ou=austin, o=ibm, c=us

ú Proxy vs

pGnq Proxy vsñú¿AUCΣñ@ΦkC

18 z Proxy vs 231

Page 244: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Web zG

pGnú Proxy vsA\ 193yRúzC

ⁿOµG

pGnú Proxy vsAoXⁿOG

ldapdelete -D <adminDN> -w <adminpw> -s "cn=ProxyGroup,cn=IBMpolicies"

÷M Proxy vsiH% Web zuπzA²OΣL⌠≤ Web zuπ\

αoúLkδ Proxy vsC]AuProxy vεv LDAP @

LDAP ⁿO -y ∩ú Peoxy v\αCpG

ldapsearch -D "cn=client1,ou=austin,o=ibm,c=us" -w <client1password>-y "cn=userA,o=ibm,c=us" -b "o=ibm,c=us" -s sub ou=austin

Wz ldapsearch ⁿwAú userA >≥¬\ivAclient1 úiH¬

²C

232 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 245: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

4 g ÷@

© Copyright IBM Corp. 2003 233

Page 246: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

234 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 247: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

19 ΓBdBs

ΓOªsXCpAqBOyñíúiHO

ΓC

ΓΦíObRWwqñ⌠≤aΦ½≤O ″ibm-realm″ ]úb cn=localhostBcn=schema cn=configuration UCibm-realm ½≤wqΓW

(cn)BΓzs (ibm-realmAdminGroup)BⁿwΓñ½≤O

d½≤ (ibm-realmUserTemplate)AHsbΣUxsxs

m]ibm-realmUserContainer ibm-realmGroupContainerC²zM

zs¿tdzdBΓΓzsCbΓßAΓ

zs¿]ΓztdzΓsC

Γ

iuWeb zuπv²ñΓdC

1. ÷@UsWΓC

v ΘJΓWCpArealm1C

v ΘJHOΓmu) DNvCoOHrµíϕApA

o=ibm,c=usCz]iH÷@Us²A∩zQnl≡mC

2. ÷U@B≥C

3. dΩTCAzΩWΓAHiHñdjM

Lo°≤C

4. ÷@U¿ΓC

Γz

YnΓzA²z"ΓzsC

Γzs

iuWeb zuπv²ñ²zC

1. ÷@UzC

2. i²≡AMß∩zΦ+Γ cn=realm1,o=ibm,c=usC

3. ÷@UsΦ ACLC

4. ÷@UC

5. Tww∩C

6. ΘJΓ DN cn=realm1,o=ibm,c=usC

7. N¼≤sC

8. ÷@UsWC

9. ÷@UTwC

© Copyright IBM Corp. 2003 235

Page 248: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

z

pGSzAhz"@C

iuWeb zuπv²ñ²zC

1. ÷@UzC

2. N²≡izQnznmC

: Nz±bΓAHKzNRúªCbodñAmiαO o=ibm,c=usC

3. ÷@UsWC

4. ∩c&½≤OApAinetOrgPersonC

5. ÷@UU@BC

6. ∩⌠≤nsWU½≤OC

7. ÷@UU@BC

8. ΘJ"nCpA

v RDN cn=John Doe

v DN o=ibm,c=us

v cn John Doe

v sn Doe

9. bΣLWATwzwⁿwKXC

10. ϕz¿A÷@U¿C

sWzzs

iuWeb zuπv²ñ²zC

1. ÷@UzC

2. i²≡AMß∩zΦ+Γ cn=realm1,o=ibm,c=usC

3. ÷@UsΦC

4. ÷@U¿C

5. ÷@U¿C

6 . b¿µñAΘJz D NAbodñAhO c n = J o h nDoe,o=ibm,c=usC

7. ÷@UsWCo DN πb¿MµñC

8. ÷@UTwC

9. ÷@U≤sCo DN πbµ¿MµñC

10. ÷@UTwC

zwiHzΓzC

236 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 249: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

d

bΓßAzU@BNOdCdiH≤UznΘJΩ

TCiuWeb zuπv²ñΓdC

1. ÷@UsWdC

v ΘJdWApAtemplate1C

v ΘJdNnmC≥≤ gAΓd±bNodΓl

≡ñCpAb²e@ñΓ cn=realm1,o=ibm,c=usCz]iH÷@Us²A∩dmúPl≡C

2. ÷@UU@BCziH÷@U¿AdCyßziHsWΩTd

A\ 242ysΦdzC

3. pG÷@UFU@BA∩dc½≤OApAinetOrgPersonCz]iHsW⌠≤zQnU½≤OC

4. ÷@UU@BC

5. nwbdWCziH∩oW]tΩTC

a. ∩\αϕñnAA÷@UsΦCoπusΦveC

znWAH½≤O inetOrgPerson w∩G

v *sn - m≤

v *cn - @δW

: * ϕ"nΩTC

b. pGzQnsWΣLΩToAq\αϕ∩CpA∩

departmentNumberAA÷@UsWC∩ employeeNumberAA÷@Us

WC∩ titleAA÷@UsWC∩\αϕb¿G

v title

v employeeNumber

v departmentNumber

v *sn

v *cn

c. ziH½sCoµXbdΦíAΦk¬Gπw∩

AA÷@UWUCoWU@mC½oA

z²÷QnCεCpA

v *sn

v *cn

v title

v employeeNumber

v departmentNumber

d. z]iH∩C@∩C

1) ¬Gπw∩Φ⌠ñAA÷@UsΦC

2 ) ziH≤bdWµπWCpApGzQn

departmentNumber π Department numberANWΘJπW

µñC

19 ΓBdBs 237

Page 250: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

3) z]iHúw]Aw²±gdñµCpApGjí≈N

ΘJúOuí 789v¿AhziHΘJ 789 @w]Cd

Wµw²±J 789CϕzsWΩΩTANiH≤

C

4) ÷@UTwC

e. ÷@UTwC

6. YnΣLΩTt@A÷@UsWC

v ΘJsWCpAAddress informationC

v ∩≤oAq\αϕ∩CpA∩ homePostalAddressAA÷@UsWC∩ postOfficeBoxAA÷@UsWC∩ telephoneNumberAA÷@UsWC∩ homePhoneAA÷@UsWC∩

facsimileTelephoneNumberAA÷@UsWC∩\αϕ¿G

– homePostalAddress

– postOfficeBox

– telephoneNumber

– homePhone

– facsimileTelephoneNumber

v ziH½sCoµXbdΦíAΦk¬Gπw∩A

A÷@UWUCoWU@mC½oAz²

÷QnCεCpA

– homePostalAddress

– postOfficeBox

– telephoneNumber

– facsimileTelephoneNumber

– homePhone

v ÷@UTwC

7. ½oAzQnCϕz¿A÷@U¿d

C

sWdΓ

bFΓdßAznsWdΓCiuWeb zuπv²ñΓ

dC

1. ÷@UzΓC

2. ∩n[JdΓAbodñAcn=realm1,o=ibm,c=usAA÷@Us

ΦC

3. VUdAAiU\αϕC

4. ∩dAbodñAcn=template1,cn=realm1,o=ibm,c=usC

5. ÷@UTwC

6. ÷@U÷¼C

238 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 251: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

s

iuWeb zuπv²ñMsC

1. ÷@UsWsC

2. ΘJnsWCpAgroup1C

3. qU\αϕ∩n[JΓCbípUAhO realm1C

4. ÷@U¿sCpGzbΓñwAhiH÷@UU@BA∩

nsW group1 CMßA÷@U¿C

ΣlΩTA\ 219yszC

sWΓ

iuWeb zuπv²ñMsC

1. ÷@UsWC

2. qU\αϕ∩n[JΓCbípUAhO realm1C

3. ÷@UU@BCoπzΦdAtemplate1C±"nµ][P

* HñΣL⌠≤µCpGzwbΓsAhz]iHs

W@hsC

4. ϕz¿A÷@U¿C

b]wJzlΓßAziHsW≤hΓ∩ΓC

i²ñΓdAMß÷@UzΓCoπΓM

µCqoeAziHsWΓBsΦΓBúΓAsΦΓsεM

µ (ACL)C

sWΓ

iuWeb zuπv²ñΓdC

1. ÷@UsWΓC

v ΘJΓWCpArealm2C

v pGπw²sbΓApArealm1AziH∩@ΓANª]wszbΓC

v ΘJHOΓmu) DNvCoOHrµíϕApA

o=ibm,c=usCz]iH÷@Us²A∩zQnl≡mC

2. ÷@UU@B≥iµA÷@U¿C

3. pGz÷@UFU@BAdΩTC

4. qU\αϕ∩dCpGzqw²sbΓsF]wAhbo

µñw²±gªdC

5. ΘJjMLo°≤C

6. ÷@U¿ΓC

19 ΓBdBs 239

Page 252: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

sΦΓ

iuWeb zuπv²ñΓdC

v ÷@UzΓC

v qΓMµ∩nsΦΓC

v ÷@UsΦC

– ziHs²÷s≤

- zs

- sxs

- xs

– ziHqU\αϕ∩úPdC

– ÷@UsΦ∩jMLo°≤C

v ϕz¿A÷@UTwC

úΓ

iuWeb zuπv²ñΓdC

1. ÷@UzΓC

2. ∩núΓC

3. ÷@URúC

4. ϕúzTRúA÷@UTwC

5. oΓqΓMµúC

sΦΓW ACLYnQuWeb zuπví° ACL eH ACLA\ 209

y ACLzC

ΣlΩTA\ 201 15 , ysεMµzC

zd

bFzldßAziHsW≤hdA∩dC

i²ñΓdAMß÷@UzdCoπd

MµCqoeAziHsWdBsΦdBúdAsΦds

εMµ (ACL)C

sWd

iuWeb zuπv²ñΓdC

1. ÷@UsWdA÷@UzdAA÷@UsWC

v ΘJsdWCpAtemplate2C

v pGzw²sbdApAtemplate1AziH∩@dANª]wszbdC

v ΘJHOdmu) DNvCoOHrµíϕApA

cn=realm1,o=ibm,c=usCz]iH÷@Us²A∩zQnl≡mC

240 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 253: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

2. ÷@UU@BCziH÷@U¿AdCyßziHsWΩTd

A\ 242ysΦdzC

3. pG÷@UFU@BA∩dc½≤OApAinetOrgPersonCz]iHsW⌠≤zQnU½≤OC

4. ÷@UU@BC

5. qRWU\αϕñA∩dºΓñAC@ RDN A

CoRW]p employeeNumberA∩dºΓñC

@¿ ÑAú"OW@LGCoRWNOMs@

MµñAπWCpApG employeeNumber ORWA

BΘJF 1234abcAhbAϕMµñKπ¿ 1234abcC

6. nwbdWCziH∩oW]tΩTC

a. ∩\αϕñnAA÷@UsΦCoπusΦveC

znWAH½≤O inetOrgPerson w∩G

v *sn - m≤

v *cn - @δW

: * ϕ"nΩTC

b. pGzQnsWΣLΩToAq\αϕ∩CpA∩

departmentNumberAA÷@UsWC∩ employeeNumberAA÷@Us

WC∩ titleAA÷@UsWC∩\αϕb¿G

v title

v employeeNumber

v departmentNumber

v *sn

v *cn

c. ziH½sCoµXbdΦíAΦk¬Gπw∩

AA÷@UWUCoWU@mC½oA

z²÷QnCεCpA

v *sn

v *cn

v title

v employeeNumber

v departmentNumber

d. z]iH∩C@∩C

1) ¬Gπw∩Φ⌠ñAA÷@UsΦC

2 ) ziH≤bdWµπWCpApGzQn

departmentNumber π Department numberANWΘJπW

µñC

3) z]iHúw]Aw²±gdñµCpApGjí≈N

ΘJúOuí 789v¿AhziHΘJ 789 @w]Cd

Wµw²±J 789CϕzsWΩΩTANiH≤

C

4) ÷@UTwC

19 ΓBdBs 241

Page 254: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

e. ÷@UTwC

7. YnΣLΩTt@A÷@UsWC

v ΘJsWCpAAddress informationC

v ∩≤oAq\αϕ∩CpA∩ homePostalAddressAA÷@UsWC∩ postOfficeBoxAA÷@UsWC∩ telephoneNumberAA÷@UsWC∩ homePhoneAA÷@UsWC∩

facsimileTelephoneNumberAA÷@UsWC∩\αϕ¿G

– homePostalAddress

– postOfficeBox

– telephoneNumber

– homePhone

– facsimileTelephoneNumber

v ziH½sCoµXbdΦíAΦk¬Gπw∩A

A÷@UWUCoWU@mC½oAz²

÷QnCεCpA

– homePostalAddress

– postOfficeBox

– telephoneNumber

– facsimileTelephoneNumber

– homePhone

v ÷@UTwC

8. ½oAzQnCϕz¿A÷@U¿d

C

sΦd

iuWeb zuπv²ñΓdC

v ÷@UzdC

v qΓMµ∩nsΦΓC

v ÷@UsΦC

v pGzπw²sbdApAtemplate1AziH∩@dA²ª]w

szbsΦdC

v ÷@UU@BC

– ziHU\αϕA≤dc½≤OC

– ziHsWúU½≤OC

v ÷@UU@BC

v ziH∩dñ]tC\ 241 6AHop≤∩

÷ΩTC

v ϕz¿A÷@U¿C

úd

iuWeb zuπv²ñΓdC

1. ÷@UzdC

242 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 255: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

2. ∩núdC

3. ÷@URúC

4. ϕúzTRúA÷@UTwC

5. odqdMµúC

sΦdW ACLiuWeb zuπv²ñΓdC

1. ÷@UzdC

2. ∩n@dsΦ ACLC

3. ÷@UsΦ ACLC

YnQuWeb zuπví° ACL eH ACLA\ 209

y ACLzC

ΣlΩTA\ 201 15 , ysεMµzC

z

bz]wFΓdßAziHbΣñJC

sW

iuWeb zuπv²ñMsC

1. ÷@UsWA÷@UzAA÷@UsWC

2. qU\αϕ∩n[JΓC

3. ÷@UU@BCoπPΓ÷pdC±"nµ][P *

HñΣL⌠≤µCpGzwbΓsAhz]iHsW

@hsC

4. ϕz¿A÷@U¿C

MΣΓ

iuWeb zuπv²ñMsC

1. ÷@UMΣA÷@UzAA÷@UMΣC

2. q∩Γµ∩njMd≥C

3. bRWµñΘJjMrΩCΣUrApApGzΘJF *smithAhGOπRW smith C

4. ziH∩∩⌡µUC@G

v sΦ - \ysΦΩTzC

v s - \ 244yszC

v Rú - \ 244yúzC

5. ϕz¿A÷@UTwC

sΦΩT

iuWeb zuπv²ñMsC

1. ÷@UzC

19 ΓBdBs 243

Page 256: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

2. qU\αϕ∩@ΓCpGπbΦ⌠A÷@U°

C

3. ∩nsΦAA÷@UsΦC

4. ∩WΩTA∩s¿ΩµC

5. ϕz¿A÷@UTwC

s

pGzn@ΣΩTjí≈PAziHsl∩Ω

TAΣLC

iuWeb zuπv²ñMsC

1. ÷@UzC

2. qU\αϕ∩@ΓCpGπbΦ⌠A÷@U°

C

3. ∩nsAA÷@UsC

4. ∩sAϕΩTApAOSw"nΩTAp sn cnCoΓ

@ΩTún≤C

5. ϕz¿A÷@UTwC

ú

iuWeb zuπv²ñMsC

1. ÷@UzC

2. qU\αϕ∩@ΓCpGπbΦ⌠A÷@U°

C

3. ∩núAA÷@URúC

4. ϕúzTRúA÷@UTwC

5. oqMµúC

zs

b]wFΓdßAzNiHsC

sWs

iuWeb zuπv²ñMsC

1. ÷@UsWsA÷@UzsAA÷@UsWC

2. ΘJnsWC

3. qU\αϕ∩n[JΓC

4. ÷@U¿sCpGzbΓñwAhiH÷@UU@BA∩

nsWsCMßA÷@U¿C

ΣlΩTA\ 219yszC

244 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 257: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

MΣΓs

iuWeb zuπv²ñMsC

1. ÷@UMΣsA÷@UzsAA÷@UMΣC

2. q∩Γµ∩njMd≥C

3. bRWµñΘJjMrΩCΣUrApApGzΘJF *clubAhGOπRW club sApAbook clubBchess clubBgarden club Ñ

ÑC

4. ziH∩∩s⌡µUC@G

v sΦ - \ysΦsΩTzC

v s - \ysszC

v Rú - \yúszC

5. ϕz¿A÷@U÷¼C

sΦsΩT

iuWeb zuπv²ñMsC

1. ÷@UzsC

2. qU\αϕ∩@ΓCpGsπbsΦ⌠A÷@U°sC

3. ∩nsΦsAA÷@UsΦC

4. ziH÷@ULo°≤A¡εiCpAbum≤vµñΘJ

*smithANi¡εΣWH smith Ap Ann SmithBBob SmithBJoe

Goldsmith ÑÑC

5. ziHqssWúC

6. ϕz¿A÷@UTwC

ss

pGzn@Σ¿jí≈PsAziHsls∩ΩTA

ΣLsC

iuWeb zuπv²ñMsC

1. ÷@UzsC

2. qU\αϕ∩@ΓCpGπbsΦ⌠A÷@U°sC

3. ∩nssAA÷@UsC

4. ≤sWµñsWCssPls@πP¿C

5. ziH∩s¿C

6. ϕz¿A÷@UTwCossA BªPls@tP

¿AúLAbiµsíAFsWú∩@C

ús

iuWeb zuπv²ñMsC

1. ÷@UzsC

2. qU\αϕ∩@ΓCpGsπbsΦ⌠A÷@U°sC

3. ∩núsAA÷@URúC

19 ΓBdBs 245

Page 258: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

4. ϕúzTRúA÷@UTwC

5. osqsMµúC

246 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 259: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

5 g ⁿOµí

ziHoí@z IBM Tivoli Directory Server NΦkC

© Copyright IBM Corp. 2003 247

Page 260: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

248 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 261: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

20 ⁿOµí

íiHqⁿOúe⌡µíC

ßí

v 250yldapchangepwdz

v 253yldapdeletez

v 257yldapexopz

v 265yldapmodifyBldapaddz

v 271yldapmodrdnz

v 275yldapsearchz

°Aí

v 284ybulkload íz

v 287ydbbackz

v 287ydbrestorez

v 288ydb2ldif íz

v 289yibmdiradmz

v 289yibmdirctlz

v 291yldapdiffz

v 297yldaptracez

v 300yldif íz

v 300yldif2db íz

v 301yrunstatsz

ßíú ldap_sasl_bind APICYIssAiα#hGCH

UOUúP ID PKXXAúsGC

v pGⁿw admin DNAh"ⁿwTKXAúMNLkQsC

v pGⁿw DNAⁿw° 0 DNANogOsvAúDz

ís (SASL)Ap KerberosC

v pGⁿw DNAB DN úOAh"PⁿwKXAúM#C

v pGⁿw DN PKXA²Ooú≤²ñ⌠≤rUAh#αC

v pGⁿwT DN PKXANP¡≈OsC

v pGⁿw DN PKXA²Oⁿw DN úsbAh?gOsvC

v pGⁿw DN PKXABⁿw DN sbA²OΣ½≤SKXAh

#@hTºC

ßí

ú÷ßííCIBM Tivoli Directory Server Version 5.2: Client

SDK Programming Reference u 2 LDAP ívñ]íC

© Copyright IBM Corp. 2003 249

Page 262: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ldapchangepwdoO LDAP ∩KXuπC

yk

ldapchangepwd -D binddn -w passwd | ? -n newpassword | ?[-C charset] [-d debuglevel][-G realm][-h ldaphost][-K keyfile] [-m mechanism] [-M] [-N certificatename][-O maxhops] [-p ldapport] [-P keyfilepw] [-R][-U username] [-v] [-V version] [-y proxydn] [-Y] [-Z] [-?]

íe∩KXnD LDAP °AC

-C charset

ⁿwú@ ldapdelete íΘJ DNAOH charset ⁿwr

eC -C charset iH∩gw]AΣñrΩ"H UTF-8 úCp

C@@t¡xΣSwrA\ 329y¡xΣ

IANA rzCNAiΣrOM 1 LDIF ñA∩w

qrPC

-d debuglevel

N LDAP úh] debuglevelCp÷úhΩTA\ 312

y°AúízC

-D binddn

binddn s LDAP ²Cbinddn OHrΩe DNCϕtX -m

DIGEST-MD5 Aªⁿwv IDCªiHO DN H ″u:″ ″dn:″ Y authzId rΩC

-G realm

ⁿwΓWCϕtX -m DIGEST-MD5 Absí°

AC

-h ldaphost

ⁿw LDAP °A⌡µbND≈C

-K keyfile

ⁿw SSL TLS ≈ΩwWA]Aw]W kdbCpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWCpG

Sⁿw≈ΩwWAí²b SSL_KEYRING ⌠

ñAMΣπ÷pWCpGSwq SSL_KEYRING ⌠Ah

w]≈⌠]pGw]C

w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA

ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow

LDAP Σb⌠CLDAPHOME ]@t¡x úPG

v AIX @t - /usr/ldap

v HP-UX @t - /usr/IBMldap

v Linux @t - /usr/ldap

v Solaris @t - /opt/IBMldapc

v Windows @t - c:\Program Files\IBM\LDAP

250 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 263: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

: oOw]wmAΩ LDAPHOME Obw@íMwC

po÷w]≈ΩwHw]zñΣlΩTA

\ IBM Directory C-Client SDK Programming ReferenceC

pGΣú≈⌠ΩwAhw]iH⌠zñuw

XvC≈Ωwq]tßH⌠@hzñ

Co X.509 τuiH⌠DnvCp÷z SSL TLS

≈ΩwΩTA\ 74y gsk7ikmzCτ\ 252

ySSLBTLS NzM 69yw Socket hzñA÷ SSL P

ΩTC

a -Z /½C

-m mechanism

mechanismAⁿws°A S A S L ≈εCN

ldap_sasl_bind_s() APICY]w -V 2Ah -m QñCYSⁿw

-mAh ÷OC

-M Nα½≤ϕ@@δzC

-n newpassword | ?ⁿwsKXC ? iHúKXúCúiHε ps ⁿOñKXQC

-N certificatename

ⁿwP≈Ωwñß÷pCpG LDAP °Atm

u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ

ßP°AOAhnßCYwⁿww]/pK≈∩

@w]Ahúnⁿw certificatenameCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw certificatenameCpGúSⁿw -Z M -KAhQñC

-O maxhops

ⁿw maxhops i]wßíwblαAiHDW¡Cw]⌡DO 10 C

-p ldapport

ⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CYS

ⁿw -pA²ⁿw -ZAhw] LDAP SSL ≡ 636C

-P keyfilepw

ⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩTA

ñiα]A@hpK≈CpG≈Ωw÷pKX⌠

AhqKX⌠oKXA]Nún -P CpG -Z M -KΓúSⁿwAhQñC

-R ⁿwún)αC

-U username

ⁿwWC -m DIGEST-MD5 O"nAϕΣL≈εh

ñCusername °Atm wCiαO uid O

MΣ⌠≤ΣLC

-v íAhEgJΘXC

20 ⁿOµí 251

Page 264: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

-V version

ⁿwϕ ldapdchangepwd s LDAP °AAn LDAP C

w]A LDAP V3 suCYnTa∩ LDAP V3Aⁿw -V3Cⁿw -V 2 ⌡µ@ LDAP V2 íC ldapdchangepwd ºíA ldap_initA∩H LDAP V3 @"nqT≤wA ú

ldap_openC

-w passwd | ? passwd @OKXC ? iHúKXúCúiH

ε ps ⁿOñKXQC

-y proxydn

ⁿw≤ Proxy v DNC

-Y w TSL suM LDAP °AqTCubwF IBM GSKit +

Σ -Y ∩C

-Z w SSL suM LDAP °AqTCbw% IBM GSKit ú

SSL ≤A+iHΣ -Z ∩C

-? π ldapchangepwd ykíC

d

UCⁿOA

ldapchangepwd -D cn=John Doe -w a1b2c3d4 -n wxyz9876

NW commonName ″John Doe″ KXA% a1b2c3d4 ∩ wxyz9876

SSLBTLS NpGnPí÷p SSL TLS ÷τA"w SSL TLS

íwPuπCSSL TLS íwPuπO% IBM Global Security Kit (GSKit) ú

AΣñ]t% RSA Security Inc. ow@nΘC

: p÷ LDAP í 128 MT½ DES [KtΓkΩTAH

LDAP díA\ IBM Directory C-Client SDK Programming Reference ñ

LDAP_SSLCímdíMzí"nBJAΣαt

ijj[KtΓkº SSLC

\Pdí÷p make Ao÷ LDAP íAΣαs 128

HT½ DES [KtΓkΩTC

ß≈ΩweOH gsk7ikm í[HzCp÷ Java

íΩTA\ 74y gsk7ikmzCgsk7ikm íiwq²

ßH⌠@iH⌠µ (CA)C%qiH⌠ CA oBNx

sb≈ΩwñAMßNuiH⌠vAzNiHM%Σñ@

iH⌠ CA ouiH⌠v LDAP °AAH⌠÷YCgsk7ikm

í]iHoßAHKα⌡µßM°AOC

Yßs LDAP °Au°AOAhb≈ΩwñAunwq

@hiH⌠DnYiCzL°AOAßNiHTH LDAP °A

wo%Σñ@iH⌠ CA oCAbP°Aºí SSL

TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind

ldap_simple_bind_s ú LDAP CpAY LDAP °AO¬iH

VeriSign AzNq VeriSign o@≈ CA BNJz≈Ω

252 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 265: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

wñAMßNiH⌠CpG LDAP °AO)µ°A

Ah LDAP °AziHú@≈°A1zCN1

Jz≈ΩwñAMßiH⌠C

Yßs LDAP °AßM°AOAh"G

v b≈Ωwñwq@hiH⌠DnCΦíiH²ßTH

LDAP °Aw%Σñ@iH⌠ CA oCAbP°Aºí

SSL TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind

ldap_simple_bind_s ú LDAP C

v gsk7ikm ú≈∩AMßV CA nD@≈ßCbq CA ¼w

ßANxsbß≈ΩwñC

EYSoAh⌠¼AO 0CD 0 ⌠¼APAbΘxñ

gJETºC

t\

ldapaddBldapdeleteBldapexopBldapmodifyBldapmodrdnBldapsearch

ldapdeleteLDAP RúuπC

yk

ldapdelete [-c] [-C charset] [-d debuglevel][-D binddn] [-f file][-G realm] [-h ldaphost] [-i file] [-k] [-K keyfile] [-m mechanism][-M] [-n] [-N certificatename] [-O maxops] [-p ldapport][-P keyfilepw] [-R] [-s][-U username [-v] [-V version][-w passwd | ?] [-y proxydn][-Y] [-Z] [dn]...

íldapdelete O ldap_delete íwIsⁿOµC

ldapdelete M LDAP °AºísuBiµsAMßRú@hC

Yú@hOW (DN) AhRúπ% DN CC@ DN O

HrΩe DNCYSú DN AhqΘJ¬ DN MµAY

-i XAhOq¬ DN MµC

Ynπ ldapdelete ykíAΘJG

ldapdelete -?

.

-c ≥@íC÷°iAúL ldapdelete ,≥iµ∩ChAw]@Ob°iAY⌠@C

-C charset

ⁿwú@ ldapdelete íΘJ DNAOH charset ⁿwr

eC -C charset iH∩gw]AΣñrΩ"H UTF-8 úCp

20 ⁿOµí 253

Page 266: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

C@@t¡xΣSwrA\ 329y¡xΣ

IANA rzCNAiΣrOM 1 LDIF ñA∩w

qrPC

-d debuglevel

N LDAP úh] debuglevelCp÷úhΩTA\ 312

y°AúízC

-D binddn

binddn s LDAP ²Cbinddn OHrΩe DNCϕtX -m

DIGEST-MD5 Aªⁿwv IDCªiHO DN H ″u:″ ″dn:″ Y authzId rΩC

-f file q¬s≥µAMßw∩ñC@µ⌡µ@ LDAP RúCñ

C@µu]t@OWC

-G realm

ⁿwΓWCϕtX -m DIGEST-MD5 Absí°

AC

-h ldaphost

ⁿw LDAP °A⌡µbND≈C

-i file q¬s≥µAMßw∩ñC@µ⌡µ@ LDAP RúCñ

C@µu]t@OWC

-k ⁿw°AzεC

-K keyfile

ⁿw SSL TLS ≈ΩwWA]Aw]W kdbCpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWCpG

Sⁿw≈ΩwWAí²b SSL_KEYRING ⌠

ñAMΣπ÷pWCpGSwq SSL_KEYRING ⌠Ah

w]≈⌠]pGw]C

w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA

ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow

LDAP Σb⌠CLDAPHOME ]@t¡x úPG

v AIX @t - /usr/ldap

v HP-UX @t - /usr/IBMldap

v Linux @t - /usr/ldap

v Solaris @t - /opt/IBMldapc

v Windows @t - c:\Program Files\IBM\LDAP

: oOw]wmAΩ LDAPHOME Obw@íMwC

po÷w]≈ΩwHw]zñΣlΩTA

\ IBM Directory C-Client SDK Programming ReferenceC

pGΣú≈⌠ΩwAhw]iH⌠zñuw

XvC≈Ωwq]tßH⌠@hzñ

Co X.509 τuiH⌠DnvCp÷z SSL TLS

254 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 267: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

≈ΩwΩTA\ 74y gsk7ikmzCτ\ 256

ySSLBTLS NzM 69yw Socket hzñA÷ SSL P

ΩTC

a -Z /½C

-m mechanism

mechanismAⁿws°A S A S L ≈εCN

ldap_sasl_bind_s() APICY]w -V 2Ah -m QñCYSⁿw

-mAh ÷OC

-M Nα½≤ϕ@@δzC

-n πN⌡µ>≥@A²OúΩ∩CM -v tXA∩ú@C

-N certificatename

ⁿwP≈Ωwñß÷pCpG LDAP °Atm

u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ

ßP°AOAhnßCYwⁿww]/pK≈∩

@w]Ahúnⁿw certificatenameCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw certificatenameCpGúSⁿw -Z M -KAhQñC

-O maxhops

ⁿw maxhops i]wßíwblαAiHDW¡Cw]⌡DO 10 C

-p ldapport

ⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CYS

ⁿw -pA²ⁿw -ZAhw] LDAP SSL ≡ 636C

-P keyfilepw

ⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩTA

ñiα]A@hpK≈CpG≈Ωw÷pKX⌠

AhqKX⌠oKXA]Nún -P CpG -Z M -KΓúSⁿwAhQñC

-R ⁿwún)αC

-s ∩iHRú≤ⁿwUl≡C

-U username

ⁿwWC -m DIGEST-MD5 O"nAϕΣL≈εh

ñCusername °Atm wCiαO uid O

MΣ⌠≤ΣLC

-v íAhEgJΘXC

-V ⁿwϕ ldapdelete s LDAP °AAn LDAP C w]

A LDAP V3 suCYnTa∩ LDAP V3Aⁿw -V 3Cⁿw-V 2 ⌡µ@ LDAP V2 íC ldapdelete ºíA ldap_initA∩H LDAP V3 @"nqT≤wA ú ldap_openC

-w passwd | ? passwd @OKXC ? iHúKXúCúiH

ε ps ⁿOñKXQC

20 ⁿOµí 255

Page 268: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

-y proxydn

ⁿw≤ Proxy v DNC

-Y w TSL suM LDAP °AqTCubwF IBM GSKit +

Σ -Y ∩C

-Z w SSL suM LDAP °AqTCbw% IBM GSKit ú

SSL ≤A+iHΣ -Z ∩C

-dn ⁿw@h DN CC@ DN OHrΩe DNC

d

UCⁿOA

ldapdelete "cn=Delete Me, o=University of Life, c=US"

RúW commonName ″Delete Me″A≤ University of Life

ºUCiαnú binddn M passwd +αiµRú]\ -D M -w ∩C

YSú DN Ah ldapdelete ⁿOÑqΘJ¬ DN MµCYn#

ÑAi Ctrl+C Ctrl+DC

SSLBTLS NpGnPí÷p SSL TLS ÷τA"w SSL TLS

íwPuπCSSL TLS íwPuπO% IBM Global Security Kit (GSKit) ú

AΣñ]t% RSA Security Inc. ow@nΘC

: p÷ LDAP í 128 MT½ DES [KtΓkΩTAH

LDAP díA\ IBM Directory C-Client SDK Programming Reference ñ

LDAP_SSLCímdíMzí"nBJAΣαt

ijj[KtΓkº SSLC

\Pdí÷p make Ao÷ LDAP íAΣαs 128

HT½ DES [KtΓkΩTC

ß≈ΩweOH gsk7ikm í[HzCp÷ Java

íΩTA\ 74y gsk7ikmzCgsk7ikm íiwq²

ßH⌠@iH⌠µ (CA)C%qiH⌠ CA oBNx

sb≈ΩwñAMßNuiH⌠vAzNiHM%Σñ@

iH⌠ CA ouiH⌠v LDAP °AAH⌠÷YCgsk7ikm

í]iHoßAHKα⌡µßM°AOC

Yßs LDAP °Au°AOAhb≈ΩwñAunwq

@hiH⌠DnYiCzL°AOAßNiHTH LDAP °A

wo%Σñ@iH⌠ CA oCAbP°Aºí SSL

TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind

ldap_simple_bind_s ú LDAP CpAY LDAP °AO¬iH

VeriSign AzNq VeriSign o@≈ CA BNJz≈Ω

wñAMßNiH⌠CpG LDAP °AO)µ°A

Ah LDAP °AziHú@≈°A1zCN1

Jz≈ΩwñAMßiH⌠C

256 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 269: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Yßs LDAP °AßM°AOAh"G

v b≈Ωwñwq@hiH⌠DnCΦíiH²ßTH

LDAP °Aw%Σñ@iH⌠ CA oCAbP°Aºí

SSL TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind

ldap_simple_bind_s ú LDAP C

v gsk7ikm ú≈∩AMßV CA nD@≈ßCbq CA ¼w

ßANxsbß≈ΩwñC

EYSoAh⌠¼AO 0CD 0 ⌠¼APAbΘxñ

gJETºC

t\

ldapaddBldapchangepwdBldapexopBldapmodifyBldapmodrdnBldapsearch

ldapexopoO LDAP @uπ

yk

ldapexop [-C charset] [-d debuglevel][-D binddn][-e] [-G realm][-h ldaphost] [-help][-K keyfile] [-m mechanism] [-N certificatename][-p ldapport] [-P keyfilepw] [-?] [-U username] [-v] [-w passwd | ?][-Y] [-Z]-op cascrepl | clearlog | controlqueue | controlrepl | getAttributes |getlogsize | getusertype | quiesce | readconfig | readlog | stopserver |unbind | uniqueattr

íldapexop íO@ⁿOµAiús²\αABH¿@⌠≤Ω@oX@µ@@C

ldapexop íiΣ LDAP ßíD≈B≡B

SSLBTLS MO∩CAªwq@∩Aⁿwn⌡µ@AHC

@@C

Ynπ ldapexop ykíAΘJG

ldapexop -?

ldapexop -help

∩ldapexop ⁿO∩i!¿ΓOG

1. @δ∩Aⁿwp≤s²°ACo∩"b@Sw∩ºeⁿwC

2. @∩AⁿXn⌡µ@C

@δ∩: o∩ⁿws°AΦkAB"b -op ∩ºeⁿwC

-C charset

ⁿwú@ ldapexop íΘJ DN OHrⁿwreC

-C charset iH∩gw]AΣñrΩ"H UTF-8 úCpC@

20 ⁿOµí 257

Page 270: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

@t¡xΣSwrA\ 329y¡xΣ IANA

rzCNAiΣrOM 1 LDIF ñA∩wqr

PC

-d debuglevel

N LDAP úh] debuglevelCp÷úhΩTA\ 312

y°AúízC

-D binddn

binddn s LDAP ²Cbinddn OHrΩe DNCϕtX -m

DIGEST-MD5 Aªⁿwv IDCªiHO DN H ″u:″ ″dn:″ Y authzId rΩC

-e π LDAP íwΩTAMß⌠C

-G realm

ⁿwΓWCϕtX -m DIGEST-MD5 Absí°

AC

-h ldaphost

ⁿw LDAP °A⌡µbND≈C

-help πk

-K keyfile

ⁿw SSL TLS ≈ΩwWA]Aw]W kdbCpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWCpG

Sⁿw≈ΩwWAí²b SSL_KEYRING ⌠

ñAMΣπ÷pWCpGSwq SSL_KEYRING ⌠Ah

w]≈⌠]pGw]C

w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA

ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow

LDAP Σb⌠CLDAPHOME ]@t¡x úPG

v AIX @t - /usr/ldap

v HP-UX @t - /usr/IBMldap

v Linux @t - /usr/ldap

v Solaris @t - /opt/IBMldapc

v Windows @t - c:\Program Files\IBM\LDAP

: oOw]wmAΩ LDAPHOME Obw@íMwC

po÷w]≈ΩwHw]zñΣlΩTA

\ IBM Directory C-Client SDK Programming ReferenceC

pGΣú≈⌠ΩwAhw]iH⌠zñuw

XvC≈Ωwq]tßH⌠@hzñ

Co X.509 τuiH⌠DnvCp÷z SSL TLS

≈ΩwΩTA\ 74y gsk7ikmzCτ\ 263

ySSLBTLS NzM 69yw Socket hzñA÷ SSL P

ΩTC

a -Z /½C

258 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 271: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

-m mechanism

mechanismAⁿws°A S A S L ≈εCN

ldap_sasl_bind_s() APICY]w -V 2Ah -m QñCYSⁿw

-mAh ÷OC

-N certificatename

ⁿwP≈Ωwñß÷pCpG LDAP °Atm

u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ

ßP°AOAhnßCYwⁿww]/pK≈∩

@w]Ahúnⁿw certificatenameCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw certificatenameCpGúSⁿw -Z M -KAhQñC

-p ldapport

ⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CYS

ⁿw -pA²ⁿw -ZAhw] LDAP SSL ≡ 636C

-P keyfilepw

ⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩTA

ñiα]A@hpK≈CpG≈Ωw÷pKX⌠

AhqKX⌠oKXA]Nún -P CpG -Z M -KΓúSⁿwAhQñC

-? πkC

-U username

ⁿwWC -m DIGEST-MD5 O"nAϕΣL≈εh

ñCusername °Atm wCiαO uid O

MΣ⌠≤ΣLC

-v íAhEgJΘXC

-w passwd | ? passwd @OKXC ? iHúKXúCúiH

ε ps ⁿOñKXQC

-Y w TSL suM LDAP °AqTCubwF IBM GSKit +

Σ -Y ∩C

-Z w SSL suM LDAP °AqTCbw% IBM GSKit ú

SSL ≤A+iHΣ -Z ∩C

@∩: -op @∩AⁿXn⌡µ@C@iHOUCΣñ@G

v cascrepl -action<actionvalue> -rc<contextDN> [options]GÑíCε g@CnD@Mⁿw°AWA B@ewl≡

CpG⌠≤°Abα ANN@@eΣ C@

HÑíΦíCπ gWC

-action quiesce | unquiesce | replnow | waitoO"nAⁿwn⌡µ@C

Rε (quiesce)ú gAúe\i@B≤sC

20 ⁿOµí 259

Page 272: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

unquiesce#@δ@Aⁿß≤sC

replnowú≤ANJεC≤ g °A

C

wait ÑN≤s g ñC

-rc contextDn

oO"nAⁿwl≡ C

options

-timeout secs

oO∩AYⁿwAhOHϕµⁿwOíCYS

ⁿwA 0A@L¡εaÑC

dG

ldapexop -op cascrepl -action -quiesce -rc "o=acme,c=us" -timeout 60

v clearlog -log<logname>GMúΘx@

-log audit | bulkload | cli | slapd | ibmdiradm | adminDaemon| debugoO"nAⁿwnMúΘxC

dG

ldapexop -op clearlog -log audit

v controlqueue -skip<skipvalue> -ra<agreementDN>GεεC@

-skip all | change-idoO"nC

– all ϕ⌡L≤wm≤C

– change-id ⁿXn⌡Lµ@≤CY°AeSb g≤AhnDóC

-ra agreementDN

oO"nAⁿw g≤w DNC

dG

ldapexop -op controlqueue -skip all -ra "cn=server3,ibm-replicaSubentry=master1-id,ibm-replicaGroup=default,o=acme,c=us"

ldapexop -op controlqueue -skip 2185 -ra "cn=server3,ibm-replicaSubentry=master1-id,ibm-replicaGroup=default,o=acme,c=us"

v controlrepl -action<actionvalue> -rc<contextDN> | -ra<agreementDN>Gε g@

-action suspend | resume | replnowoO"nAⁿwn⌡µ@C

-rc contextDn | -ra agreementDn

-rc contextDn O g⌠wq DNCo@w∩⌠wq≤

w⌡µC-ra agreementDn O g≤w DNCo@w∩ⁿw g

≤w⌡µC

260 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 273: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

dG

ldapexop -op controlrepl -action suspend -ra "cn=server3,ibm-replicaSubentry=master1-id,ibm-replicaGroup=default,o=acme,c=us"

v getattributes -attrType<type> -matches bool <value>

-attrType operational | language_tag | attribute_cache | unique|configuration

oO"nAⁿwnD¼C

-matchess bool true | falseⁿw#MµOX -attrType< ∩ⁿw¼C

dG

ldapexop -op getattributes -attrType unique -matches bool true

#wⁿw@MµC

ldapexop -op getattributes -attrType unique -matches bool false

#ⁿw@MµC

v getlogsize -log<logname>GnDΘxjp@

-log audit | bulkload | cli | slapd | ibmdiradm | adminDaemon| debugoO"nAⁿwndΘxCΘxjp]Hµµg

JΘXC

dG

ldapexop -op getlogsize -log slapd2000 lines

v getusertypeGnD¼@

@ s DN #¼C

dG

ldapexop - D <AdminDN> -w <Adminpw> -op getusertype

#G

G root_administratorñΓ G server_config_administrator directory_administrator

ΩTA\ 264y@¼PñΓzC

v quiesce -rc <contextDN>[options]GRε°Rεl≡@

-rc contextDN

oO"nAⁿwnRε°Rε g⌠wq]l≡ DNC

options

-end oO∩AYⁿwAhOⁿwn°Rεl≡CYS

ⁿwAw]ORεl≡C

dG

ldapexop -op quiesce -rc "o=acme,c=us"

ldapexop -op quiesce -end -rc "o=ibm,c=us"

v readconfig -scope<scopevalue>: ½s¬tm@

20 ⁿOµí 261

Page 274: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

-scope entire | single<entry DN><attribute> | entry <entry DN> | subtree <entry

DN> oO"nC

– entire ϕ½s¬πtmC

– single entry DN><attribute ϕ¬ⁿwµ@MC

– entry <entry DN> ϕ¬ⁿwC

– subtree <entry DN> ϕ¬PΣUπl≡C

dG

ldapexop -op readconfig -scope entire

ldapexop -op readconfig -scope single "cn=configuration" ibm-slapdAdminPW

v readlog -log <logname> -lines <value>GnDoΘxµº@

-log audit | bulkload | cli | slapd | ibmdiradm | debugoO"nAⁿwndΘxC

-lines <first><last> | alloO"nAⁿwnq¬@µMß@µAµCµ

sq 0 lCⁿwµgJΘXC

dG

ldapexop -op readlog -log audit -lines 10 20

ldapexop -op readlog -log slapd -lines all

v stopserverGε IBM Tivoli Directory Server

dG

ldapexop -op stopserver

v unbind -dn<specificDN> | -ip<sourceIP> | -dn<specificDN> -ip<sourceIP> | allG DNBIPBDN/IP /su/suCS⌠≤@suH

bu@εCñ@suúY⌠CpGu@íe∩Ysuu@

ñAϕu@í¿@Y⌠C

-dn<specificDN> DN oXnD⌠suConDMúⁿw DN Wss

uC

-ip<sourceIP> IP oXnD⌠suConDMú)ⁿw IP s

uC

-dn<specificDN> -ip<sourceIP> DN/IP t∩oXnD⌠t∩MwsuConDMúⁿw

DN WsH)ⁿw IP suC

-all oXnD⌠suConDMúúFoXnDsuº

suCoLkM -D -IP @C

dG

ldapexop -op unbind -dn cn=john

ldapexop -op unbind -ip 9.182.173.43

262 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 275: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ldapexop -op unbind -dn cn=john -ip 9.182.173.43

ldapexop -op unbind -all

v uniqueattr -a <attributeType>: identify all nonunique values for a particular attribute.

-a <attribute>ⁿwCXΣ≡C

: úπGiB@BtmÑM½≤O½CoúO@Σ@C

dG

ldapexop -op uniqueattr -a "uid"

Uo@µN[J ″cn=Directory,cn=RDBM Backends,cn=IBM Directory,cn=s º

Utmñ

v Schema,cn=Configuration″ entry for this extended operation

ibm-slapdPlugin:extendedop /bin/libback-rdbm.dll initUniqueAttr

YSú DN Ah ldapdexop ⁿOÑqΘJ¬ DN MµCYn#

ÑAi Ctrl+C Ctrl+DC

SSLBTLS NpGnPí÷p SSL TLS ÷τA"w SSL TLS

íwPuπCSSL TLS íwPuπO% IBM Global Security Kit (GSKit) ú

AΣñ]t% RSA Security Inc. ow@nΘC

: p÷ LDAP í 128 MT½ DES [KtΓkΩTAH

LDAP díA\ IBM Directory C-Client SDK Programming Reference ñ

LDAP_SSLCímdíMzí"nBJAΣαt

ijj[KtΓkº SSL TLSC

\Pdí÷p make Ao÷ LDAP íAΣαs 128

HT½ DES [KtΓkΩTC

ß≈ΩweOH gsk7ikm í[HzCp÷ Java

íΩTA\ 74y gsk7ikmzCgsk7ikm íiwq²

ßH⌠@iH⌠µ (CA)C%qiH⌠ CA oBNx

sb≈ΩwñAMßNuiH⌠vAzNiHM%Σñ@

iH⌠ CA ouiH⌠v LDAP °AAH⌠÷YCgsk7ikm

í]iHoßAHKα⌡µßM°AOC

Yßs LDAP °Au°AOAhb≈ΩwñAunwq

@hiH⌠DnYiCzL°AOAßNiHTH LDAP °A

wo%Σñ@iH⌠ CA oCAbP°Aºí SSL

TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind

ldap_simple_bind_s ú LDAP CpAY LDAP °AO¬iH

VeriSign AzNq VeriSign o@≈ CA BNJz≈Ω

wñAMßNiH⌠CpG LDAP °AO)µ°A

Ah LDAP °AziHú@≈°A1zCN1

Jz≈ΩwñAMßiH⌠C

20 ⁿOµí 263

Page 276: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Yßs LDAP °AßM°AOAh"G

v b≈Ωwñwq@hiH⌠DnCΦíiH²ßTH

LDAP °Aw%Σñ@iH⌠ CA oCAbP°Aºí

SSL TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind

ldap_simple_bind_s ú LDAP C

v gsk7ikm ú≈∩AMßV CA nD@≈ßCbq CA ¼w

ßANxsbß≈ΩwñC

EYSoAh⌠¼AO 0CD 0 ⌠¼APAbΘxñ

gJETºC

@¼PñΓUCO@PΣñΓC

Root z: zt SSL TSL íM External sOxsb

cn=Configuration ºUC Kerberos s]∩Oxsb

cn=Kerberos,cn=Configuration ºUC Digest-MD5 s]∩O

xsb cn=Digest,cn=Configuration ºUCA¼iHsuz

nívC

ñΓ:

°Atmz

iHL¡εastmßíñΩTA BiH/

ε°ACiHoXAtm≤sC

²z

iL¡εstmßí]⌡M RDBM ßíº

²ΩCiHjMtmßíñ@ΓC

iαS⌠≤v¡iH@Swßí]OS/400 tδgß

íBz/OS RACF® SDBMC

zs¿: z íBt SSL TLS ExternalBKerberos]∩M

Digest-MD5]∩Oxsb cn=Admingroup,cn=Configuration l≡ñºUC

A¼iHsuznívC

ñΓ:

°Atms¿

iHsúFzMzsºtmΩTC

α≈Mε°ACúαsWúzsñ¿Cú

α∩ cn=AdminGroup,cn=Configuration U⌠≤zs¿ DNBK

XBKerberos ID Digest-MD5 IDCpGOuzs¿vA

iH∩)vKXA²úiH∩)v DNBKerberos ID Digest-MD5

IDC]úαdΣL⌠≤zs¿ IBM Tivoli Directory Server

zKXCAúαsWBRú∩fΘx]w]π

cn=Audit,cn=Configuration MúfΘxCúαsWRú

cn=Kerberos,cn=Configuration cn=Digest,cn=Configuration A²OiHj

MoºUCiH∩oºUúF Kerberos M

264 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 277: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Digest-MD5 Root zsºCoúαjM∩

cn=Configuration ºU ibm-slapdAdminDNBibm-slapdAdminGroupEnabled

ibm-slapdAdmin PW r8

²z

iL¡εstmßí]⌡M RDBM ßíº

²ΩCiHjMtmßíñ@ΓC

iαS⌠≤v¡iH@Swßí]OS/400 tδgß

íBz/OS RACF SDBMC

LDAP ¼: @δ LDAP Oxsb LDAP Server DIT

ñC íMt SSL TLS External s DN O DIT ñ DNC

KXOxsb userpassword ñC

ñΓ:

LDAP ñΓ

XGúαstmßíCiHjMtmßí

ñ@ΓC²Ω]⌡M RDBM ßísv

O% ACL εC

t\

ldapaddBldapchangepwdBldapdeleteBldapmodifyBldapmodrdnBldapsearch

ldapmodifyBldapaddLDAP ∩H LDAP sWuπ

yk

ldapmodify [-a] [-b] [-c] [-C charset] [-d debuglevel][-D binddn][-g][-G realm] [-h ldaphost] [-i file] [-k] [-K keyfile] [-m mechanism] [-M][-N certificatename] [-O maxhops] [-p ldapport] [-P keyfilepw] [-r] [-R][-U username] [-v] [-V] [-w passwd | ?] [-y proxydn] [-Y] [-Z]

ldapadd [-a] [-b] [-c] [-C charset] [-d debuglevel][-D binddn][-g][-G realm] [-h ldaphost] [-i file] [-k] [-K keyfile] [-m mechanism] [-M][-N certificatename] [-O maxhops] [-p ldapport] [-P keyfilepw] [-r] [-R][-U username] [-v] [-V] [-w passwd | ?] [-y proxydn] [-Y] [-Z]

íldapmodify O ldap_modify M ldap_add ΓíwIsⁿOµCldapadd Ω@ ldapmodify ≤WCϕ ldapadd A-a ]sWXN)C

ldapmodify M LDAP °AºísuAMßs°ACziH

ldapmodify ∩[JCΩTOqΘJ¬AY -i ∩Ahq¬C

Ynπ ldapmodify ldapadd ykíAΘJ

ldapmodify -?

ldapadd -?

20 ⁿOµí 265

Page 278: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

-a [JsCldapmodify w]@O∩CY ldapaddAhϕ]wXC

-b ]H `/’ l⌠≤OGiABΣΩObYñA

⌠OH valuer ⁿwC

-c ≥@íC÷°iAúL ldapmodify ,≥iµ∩ChAw]@Ob°iAY⌠@C

-C charset

ⁿwú@ ldapmodify H ldapadd ΓΣíΘJrΩAOHcharset ⁿwreA]"α½ UTF-8CϕqΘJ¼

ldapmodify M ldapadd O²ANⁿwrAα½ⁿwrΩAτYA≥b@ºß¼CpGO²Oqtr

LDIF ¼Ah LDIF ñr∩gⁿOµWⁿwr

CpC@@t¡xΣSwrA\ 329y¡x

Σ IANA rzCNAiΣrOM 1 LDIF ñA

∩wqrPC

-d debuglevel

N LDAP úh] debuglevelCp÷úhΩTA\ 312

y°AúízC

-D binddn

binddn s LDAP ²Cbinddn OHrΩe DNCϕtX -m

DIGEST-MD5 Aªⁿwv IDCªiHO DN H ″u:″ ″dn:″ Y authzId rΩC

: -D binddn -w passwd úw∩ superuser DN IssτC

-g ⁿwúnhúµC

-G realm

ⁿwΓWCϕtX -m DIGEST-MD5 Absí°

AC

-h ldaphost

ⁿw LDAP °A⌡µbND≈C

-i file q LDIF ¬∩ΩTA úOqΘJ¬CpGSⁿw LDIF

Az"ΘJⁿw LDIF µí≤sO²C

-k ⁿw°AzεC

-K keyfile

ⁿw SSL TLS ≈ΩwWA]Aw]W kdbCpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWCpG

Sⁿw≈ΩwWAí²b SSL_KEYRING ⌠

ñAMΣπ÷pWCpGSwq SSL_KEYRING ⌠Ah

w]≈⌠]pGw]C

w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA

ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow

LDAP Σb⌠CLDAPHOME ]@t¡x úPG

266 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 279: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v AIXBLinux @t- /usr/ldap

v HP-UX @t- /usr/IBMldap

v Solaris @t - /opt/IBMldapc

v Windows @t - c:\Program Files\IBM\LDAP

: oOw]wmAΩ LDAPHOME Obw@íMwC

po÷w]≈ΩwHw]zñΣlΩTA

\ IBM Directory C-Client SDK Programming ReferenceC

pGΣú≈⌠ΩwAhw]iH⌠zñuw

XvC≈Ωwq]tßH⌠@hzñ

Co X.509 τuiH⌠DnvCp÷z SSL TLS

≈ΩwΩTA\ 74y gsk7ikmzCτ\ 270

ySSLBTLS NzM 69yw Socket hzñA÷ SSL P

ΩTC

a -Z /½C

-m mechanism

mechanismAⁿws°A S A S L ≈εCN

ldap_sasl_bind_s() APICY]w -V 2Ah -m QñCYSⁿw

-mAh ÷OC

-M Nα½≤ϕ@@δzC

-N certificatename

ⁿwP≈Ωwñß÷pCpG LDAP °Atm

u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ

ßP°AOAhnßCYwⁿww]/pK≈∩

@w]Ahúnⁿw certificatenameCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw certificatenameCpGúSⁿw -Z M -KAhQñC

-O maxhops

ⁿw maxhops i]wßíwblαAiHDW¡Cw]⌡DO 10 C

-p ldapport

ⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CYS

ⁿw -pA²ⁿw -ZAhw] LDAP SSL ≡ 636C

-P keyfilepw

ⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩTA

ñiα]A@hpK≈CpG≈Ωw÷pKX⌠

AhqKX⌠oKXA]Nún -P CpG -Z M -KΓúSⁿwAhQñC

-r Hw]NµC

-R ⁿwún)αC

20 ⁿOµí 267

Page 280: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

-U username

ⁿwWC -m DIGEST-MD5 O"nAϕΣL≈εh

ñCusername °Atm wCiαO uid O

MΣ⌠≤ΣLC

-v íAhEgJΘXC

-V ⁿwϕ ldapmodify s LDAP °AAn LDAP C w]

A LDAP V3 suCYnTa∩ LDAP V3Aⁿw -V 3Cⁿw-V 2 ⌡µ@ LDAP V2 íC ldapmodify ºíA ldap_initA∩H LDAP V3 @"nqT≤wA ú ldap_openC

-w passwd | ? passwd @OKXC ? iHúKXúCúiH

ε ps ⁿOñKXQC

-y proxydn

ⁿw≤ Proxy v DNC

-Y w TSL suM LDAP °AqTCubwF IBM GSKit +

Σ -Y ∩C

-Z w SSL suM LDAP °AqTCbw% IBM GSKit ú

SSL ≤A+iHΣ -Z ∩C

ΘJµíe]pGⁿOµWSú -i XAhOΘJ"X LDIF µíC

NΘJµíFP ldapmodify eAtΣ@NΘJµíCµíO%@h¿AºíHµ!jAΣñC@µⁿpUG

OW (DN)

=

[= ...]

ΣñOWA OΣC

w]AQ[JCpGú -r ⁿOµXAh w]AOHsNµCP@iHXhApAn[JhCz]iHH

`\\’Ab≤µºß≥[JAsµu]t¡C

Ynú@Aºen@ε (-)CYnúπAhñ = H

C

b -r XsbAYn[J@Aºe[W +C

d

] /tmp/entrymods sbABπUCeG

dn: cn=Modify Me, o=University of Higher Learning, c=US

changetype: modify

replace: mail

268 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 281: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

mail: [email protected]

-

add: title

title: Grand Poobah

-

add: jpegPhoto

jpegPhoto: /tmp/modme.jpeg

-

delete: description

-

HUⁿOG

ldapmodify -b -r -i /tmp/entrymods

N Modify Me l≤eN¿ [email protected] oAsW

@ Grand Poobah DA /tmp/modme.jpeg e¿ jpegPhotoAMß

ú description Cz]iH ldapmodify ΘJµíA⌡µMWzP

∩G

cn=Modify Me, o=University of Higher Learning, c=US

[email protected]

+title=Grand Poobah

+jpegPhoto=/tmp/modme.jpeg

-description

[WHUⁿOG

ldapmodify -b -r -i /tmp/entrymods

] /tmp/newentry sbABπUCeG

dn: cn=John Doe, o=University of Higher Learning, c=US

objectClass: person

cn: John Doe

cn: Johnny

sn: Doe

title: the world’s most famous mythical person

mail: [email protected]

uid: jdoe

20 ⁿOµí 269

Page 282: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

HUⁿOG

ldapadd -i /tmp/entrymods

/tmp/newentry John Doe sW@C

] /tmp/newentry sbABπUCeG

dn: cn=John Doe, o=University of Higher Learning, c=US

changetype: delete

HUⁿOG

ldapmodify -i /tmp/entrymods

ú John Doe C

YSzL -i ∩AqúΩTAldapmodify ⁿOÑqΘJ¬CYn#ÑAi Ctrl+C Ctrl+DC

SSLBTLS NpGnPí÷p SSL TLS ÷τA"w SSL TLS

íwPuπCSSL TLS íwPuπO% IBM Global Security Kit (GSKit) ú

AΣñ]t% RSA Security Inc. ow@nΘC

: p÷ LDAP í 128 MT½ DES [KtΓkΩTAH

LDAP díA\ IBM Directory C-Client SDK Programming Reference ñ

LDAP_SSLCímdíMzí"nBJAΣαt

ijj[KtΓkº SSL TLSC

\Pdí÷p make Ao÷ LDAP íAΣαs 128

HT½ DES [KtΓkΩTC

ß≈ΩweOH gsk7ikm í[HzCp÷ Java

íΩTA\ 74y gsk7ikmzCgsk7ikm íiwq²

ßH⌠@iH⌠µ (CA)C%qiH⌠ CA oBNx

sb≈ΩwñAMßNuiH⌠vAzNiHM%Σñ@

iH⌠ CA ouiH⌠v LDAP °AAH⌠÷YCgsk7ikm

í]iHoßAHKα⌡µßM°AOC

Yßs LDAP °Au°AOAhb≈ΩwñAunwq

@hiH⌠DnYiCzL°AOAßNiHTH LDAP °A

wo%Σñ@iH⌠ CA oCAbP°Aºí SSL

TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind

ldap_simple_bind_s ú LDAP CpAY LDAP °AO¬iH

VeriSign AzNq VeriSign o@≈ CA BNJz≈Ω

wñAMßNiH⌠CpG LDAP °AO)µ°A

Ah LDAP °AziHú@≈°A1zCN1

Jz≈ΩwñAMßiH⌠C

Yßs LDAP °AßM°AOAh"G

270 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 283: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v b≈Ωwñwq@hiH⌠DnCΦíiH²ßTH

LDAP °Aw%Σñ@iH⌠ CA oCAbP°Aºí

SSL TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind

ldap_simple_bind_s ú LDAP C

v gsk7ikm ú≈∩AMßV CA nD@≈ßCbq CA ¼w

ßANxsbß≈ΩwñC

EYSoAh⌠¼AO 0CD 0 ⌠¼APAbΘxñ

gJETºC

t\

ldapchangepwdBldapdeleteBldapexopBldapmodrdnBldapsearch

ldapmodrdnoO LDAP ∩ RDN uπ

yk

ldapmodrdn [-c] [-C charset] [-d debuglevel][-D binddn][-G realm] [-h ldaphost] [-i file] [-k] [-K keyfile][-m mechanism] [-M] [-n] [-N certificatename] [-O hopcount][-p ldapport] [-P keyfilepw] [-r] [-R] [-U username] [-v] [-V][-w passwd | ?] [-y proxydn] [-Y] [-Z] [dn newrdn | [-i file]]

íldapmodrdn O ldap_modrdn íwIsⁿOµC

ldapmodrdn M LDAP °AºísuBiµsAMß∩ RDNC

ΩTOqΘJ¬AY -f ∩AOq¬AqⁿOµ DN P

RDN t∩¬C

\uLDAP OWvAo÷ RDN]Relative Distinguished NamesA∩O

WH DN]Distinguished NamesAOWΩTC

Ynπ ldapmodrdn ykíAΘJG

ldapmodrdn -?

-c ≥@íC÷°iAúL ldapmodrdn ,≥iµ∩ChAw]@Ob°iAY⌠@C

-C charset

ⁿwú@ ldapmodrdn íΘJrΩAOH charset ⁿwr

eC -C charset iH∩gw]AΣñrΩ"H UTF-8 úC

pC@@t¡xΣSwrA\ 329y¡xΣ

IANA rzCNAiΣrOM 1 LDIF ñA∩

wqrPC

-d debuglevel

N LDAP úh] debuglevelCp÷úhΩTA\ 312

y°AúízC

20 ⁿOµí 271

Page 284: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

-D binddn

binddn s LDAP ²Cbinddn OHrΩe DNCϕtX -m

DIGEST-MD5 Aªⁿwv IDCªiHO DN H ″u:″ ″dn:″ Y authzId rΩC

-G realm

ⁿwΓWCϕtX -m DIGEST-MD5 Absí°

AC

-h ldaphost

ⁿw LDAP °A⌡µbND≈C

-i file q¬∩ΩTA úOqΘJⁿOµ]ⁿw rdn M

newrdnCΘJ]iHqú (″< file″)C

-k ⁿw°AzεC

-K keyfile

ⁿw SSL TLS ≈ΩwW]]Aw]W ″kdb″CpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWC

pGSⁿw≈ΩwWAí²b SSL_KEYRING ⌠

ñAMΣπ÷pWCpGSwq SSL_KEYRING ⌠A

hw]≈⌠]pGw]C

w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA

ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow

LDAP Σb⌠CLDAPHOME ]@t¡x úPG

v AIXBLinux @t - /usr/ldap

v HP-UX @t - /usr/IBMldap

v Solaris @t - /opt/IBMldapc

v Windows @t - c:\Program Files\IBM\LDAP]NGoOw]w

mCΩ LDAPHOME Obw@íMwC

po÷w]≈ΩwHw]zñΣlΩTA

\ IBM Directory C-Client SDK Programming ReferenceC

pGΣú≈⌠ΩwAhw]iH⌠zñuw

XvC≈Ωwq]tßH⌠@hzñ

Co X.509 τuiH⌠DnvCp÷z SSL TLS

≈ΩwΩTA\ 74y gsk7ikmzCτ\ 274

ySSLBTLS NzM 69yw Socket hzñA÷ SSL P

ΩTC

a -Z /½C

-m mechanism

mechanismAⁿws°A S A S L ≈εCN

ldap_sasl_bind_s() APICY]w -V 2Ah -m QñCYSⁿw

-mAh ÷OC

-M Nα½≤ϕ@@δzC

-n πN⌡µ>≥@A²OúΩ∩CM -v tXA∩ú@C

272 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 285: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

-N certificatename

ⁿwP≈Ωwñß÷pCNGpG LDAP °A

tmu⌡µ°AOAhúnßCpG LDAP °Atm

n⌡µßP°AOAhnßCYwⁿww]/pK

≈∩@w]Ahúnⁿw certificatenameCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw certificatenameCpGúSⁿw -Z M -KAhQñC

-O hopcount

ⁿw hopcount i]wßíwblαAiHDW¡Cw]⌡DO 10 C

-p ldapport

ⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CYS

ⁿw -pA²Oⁿw -ZAhw] LDAP SSL ≡ 636C

-P keyfilepw

ⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩT]

ñiα]A@hpK≈CpG≈Ωw÷pKX⌠

AhqKX⌠oKXA]Nún -P CpG -Z M -KΓúSⁿwAhQñC

-r úñ RDN Cw]@OOdC

-R ⁿwún)αC

-U username

ⁿwWC -m DIGEST-MD5 O"nAϕΣL≈εh

ñCusername °Atm wCiαO uid O

MΣ⌠≤ΣLC

-v íAhEgJΘXC

-V ⁿwϕ ldapmodrdn s LDAP °AAn LDAP C w

]A LDAP V3 suCYnTa∩ LDAP V3Aⁿw -V 3Cⁿw -V 2 ⌡µ@ LDAP V2 íC ldapmodrdn ºíA ldap_initA∩H LDAP V3 @"nqT≤wA ú

ldap_openC

-w passwd | ? passwd @OKXC ? iHúKXúCúiH

ε ps ⁿOñKXQC

-y proxydn

ⁿw≤ Proxy v DNC

-Y w TSL suM LDAP °AqTCubwF IBM GSKit +

Σ -Y ∩C

-Z w SSL suM LDAP °AqTCbw% IBM GSKit ú

SSL ≤A+iHΣ -Z ∩C

dn newrdn\U@ 274ydn newrdn ΘJµízAoΩTC

20 ⁿOµí 273

Page 286: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

dn newrdn ΘJµíYúⁿOµ dn M newrdnAh newrdn N% DN, dn ⁿwº RDNC

úMAe]YSú - i XAhOΘJ]t@hG

OW (DN)

∩OW (RDN)

i@hµ!jC@ DN M RDN t∩C

d

] /tmp/entrymods sbABπUCeG

cn=Modify Me, o=University of Life, c=UScn=The New Me

HUⁿOG

ldapmodrdn -r -i /tmp/entrymods

N Modify Me RDNAq Modify Me ∩ The New MeAMßú cn Modify

MeC

YSzL -i ∩AqúΩT]qⁿOµW dn H rdn t∩ú

ΩTAldapmodify ⁿOÑqΘJ¬CYn#ÑAiCtrl+C Ctrl+DC

SSLBTLS NpGnPí÷p SSL TLS ÷τA"w SSL TLS

íwPuπCSSL TLS íwPuπO% IBM Global Security Kit (GSKit) ú

AΣñ]t% RSA Security Inc. ow@nΘC

: p÷ LDAP í 128 MT½ DES [KtΓkΩTAH

LDAP díA\ IBM Directory C-Client SDK Programming Reference ñ

LDAP_SSLCímdíMzí"nBJAΣαt

ijj[KtΓkº SSLC

\Pdí÷p make Ao÷ LDAP íAΣαs 128

HT½ DES [KtΓkΩTC

ß≈ΩweOH gsk7ikm í[HzCp÷ Java

íΩTA\ 74y gsk7ikmzCgsk7ikm íiwq²

ßH⌠@iH⌠µ (CA)C%qiH⌠ CA oBNx

sb≈ΩwñAMßNuiH⌠vAzNiHM%Σñ@

iH⌠ CA o LDAP °AAH⌠÷YCgsk7ikm í]

iHoßAHKα⌡µßM°AOC

Yßs LDAP °Au°AOAhb≈ΩwñAunwq

@hiH⌠DnYiCzL°AOAßNiHTH LDAP °A

wo%Σñ@iH⌠ CA oCAbP°Aºí SSL

TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind

ldap_simple_bind_s ú LDAP CpAY LDAP °AO¬iH

VeriSign AzNq VeriSign o@≈ CA BNJz≈Ω

274 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 287: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

wñAMßNiH⌠CpG LDAP °AO)µ°A

Ah LDAP °AziHú@≈°A1zCN1

Jz≈ΩwñAMßiH⌠C

Yßs LDAP °AßM°AOAh"G

v b≈Ωwñwq@hiH⌠DnCΦíiH²ßTH

LDAP °Aw%Σñ@iH⌠ CA oCAbP°Aºí

SSL TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind

ldap_simple_bind_s ú LDAP C

v gsk7ikm ú≈∩AMßV CA nD@≈ßCbq CA ¼w

ßAN¼ß≈ΩwñC

EYSoAh⌠¼AO 0CD 0 ⌠¼APAbΘxñ

gJETºC

t\

ldapaddBldapchangepwdBldapdeleteBldapexopBldapmodifyBldapsearch

ldapsearchoO LDAP jMuπPdí

yk

ldapsearch [-a deref] [-A] [-b searchbase] [-B] [-C charset] [-d debuglevel][-D binddn] [-F sep] [-G realm] [-h ldaphost] [-i file] [-K keyfile][-l timelimit] [-L] [-m mechanism] [-M] [-n] [-N certificatename][-o attr_type] [-O maxhops] [-p ldapport] [-P keyfilepw] [-q pagesize][-R] [-s scope ] [-t] [-T seconds] [-U username] [-v] [-V version][-w passwd | ?] [-z sizelimit] [-y proxydn] [-Y] [-Z]filter [-9 p] [-9 s] [attrs...]

íldapsearch O ldap_search íwIsⁿOµC

ldapsearch M LDAP °AºísuBiµsAMßLo°≤⌡µj

MCΣLo°≤"X LDAP Lo°≤rΩek]\ IBM Tivoli Directory

Server Version 5.2 C-Client SDK Programming Reference ñ ldap_searchAo÷

Lo°≤ΩTC

Y ldapsearch Σ@hANH attrs ⁿwAMßNMC

LΘXCYSCX attrsAh#C

Ynπ ldapsearch ykíAΘJ ldapsearch -?C

-a derefⁿwp≤⌡µOWCderef O neverBalwaysBsearch findAⁿw

OWú (never) Bϕn (always) BjM (search) A

bΣjM≥ª½≤ (find) +Cw]Oú (never) NOW

C

20 ⁿOµí 275

Page 288: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

-A u]ú]tCϕzundñOsbAún

DAo∩C

-b searchbasejM≥ª@jMlIA úOw]CYSⁿw -bAhíd LDAP_BASEDN ⌠jM≥ªwqCYΓúS]wA

hNw]≥ª] ″″AoϕjMCjM#πu²ΩT≡(DIT)vñCojMn -s l≡∩AhKπTºCdNA¼íjMnDO\hΩC

-B únϕεD ASCII πCbBzHNrAp ISO-8859.1Ae

Ao∩DC∩O% -L ∩tⁿC

-C charsetⁿwú@ ldapsearch íΘJrΩAOHr]% charset ⁿ

weCnrΩΘJ∩]ALo°≤Bs DN H≥ª DNCP

aAbπΩAldapsearch Nq LDAP °A¼ΩAα½ⁿ

wrC ″-C charset″ iH∩gw]AΣñrΩ"H UTF-8 ú

CtApGⁿw -C ∩M -L ∩Ah]ΘJOⁿwrAúLAldapsearch ΘX@wOdΣ UTF-8 ekFYLkCL

rAhOdΩ base-64 sXekCoO] LDIF u

]trΩΩ UTF-8] base-64 sX UTF-8ekCpC@@t

¡xΣSwrA\ 329y¡xΣ IANA rzC

NAiΣrOM 1 LDIF ñA∩wqr

PC

-d debuglevelN LDAP úh] debuglevelCp÷úhΩTA\ 312

y°AúízC

-D binddn

binddn s LDAP ²Cbinddn OHrΩe DNCϕtX -m

DIGEST-MD5 Aªⁿwv IDCªiHO DN H ″u:″ ″dn:″ Y authzId rΩC

-e π LDAP íwΩTAMß⌠C

-F sep sep @WMºíµ!jrCúDⁿw -L XAúMAw]!jrO `=’FYⁿw -L XA∩QñC

-G realm

ⁿwΓWCϕtX -m DIGEST-MD5 Absí°

AC

-h ldaphostⁿw LDAP °A⌡µbND≈C

-i file q¬s≥µAMßw∩C@µ⌡µ@ LDAP jMCbípUAq

ⁿOµúLo°≤Q°¼A@X %s Hñ@µ

NCpGO@µ@ ″-″ rAhqΘJ¬µC

pAb ldapsearch -V3 -v -b ″o=ibm,c=us″ -D ″cn=admin″ -w ldap -ifilter.input %s dn ⁿOñAfilter.input iα]tUCLoΩTG

276 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 289: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

(cn=*Z)(cn=*Z*)(cn=Z*)(cn=*Z*)(cn~=A)(cn>=A)(cn<=B)

: C@Lo°≤"ⁿw≤O@µC

ⁿOjMY cn=*Z C@Lo°≤l≡ o=ibm,c=usCϕ¿jMAjMlU@Lo°≤ cn=*Z*AH A¿jMß@Lo°≤ cn<=BC

: -i < file> ∩N -f< file> ∩C÷M -f ∩wgúAA²,M

Σ∩C

-K keyfileⁿw SSL TLS ≈ΩwW]]Aw]W ″kdb″CpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWC

pGSⁿw≈ΩwWAí²b SSL_KEYRING ⌠

ñAMΣπ÷pWCpGSwq SSL_KEYRING ⌠A

hw]≈⌠]pGw]C

w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA

ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow

LDAP Σb⌠CLDAPHOME ]@t¡x úPG

v AIXBLinux @t - /usr/ldap

v HP-UX @t - /usr/IBMldap

v Solaris @t - /opt/IBMldapc

v Windows @t - c:\Program Files\IBM\LDAP]NGoOw]w

mCΩ LDAPHOME Obw@íMwC

\ IBM C-Client SDK Programming Reference ñALDAP_SSL API

uw]≈⌠PKXvpAo÷w]≈ΩwHw]z

ñΩTC

pGΣú≈⌠ΩwAhw]iH⌠zñuw

XvC≈Ωwq]tßH⌠@hzñ

Co X.509 τuiH⌠DnvCp÷z SSL TLS

≈ΩwΩTA\ 74y gsk7ikmzCτ\HU

283ySSLBTLS NzH LDAP SSL TLS APIAo÷

SSL PΩTC

a -Z /½C

-l timelimithÑ timelimit ϕA¿jMC

-L H LDIF µíπjMGC∩] -B ∩AP -F ∩QñC

20 ⁿOµí 277

Page 290: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

-m mechanism m e c h a n i s m ⁿws°A S A S L ≈εCN

ldap_sasl_bind_s() APICY]w -V 2Ah -m QñCYSⁿw

-mAh ÷OC

-M Nα½≤ϕ@@δzC

-n πN⌡µ>≥@A²OúΩ∩CM -v tXA∩ú@C

-N certificatenameⁿwP≈Ωwñß÷pC

: pG LDAP °Atmu⌡µ°AOAhúnßCpG

LDAP °Atmn⌡µßP°AOAhnßCYw

ⁿww]/pK≈∩@w]Ahúnⁿw certificatenameCP

aAYⁿw≈Ωwñwg@/pK≈∩A]ún

ⁿw certificatenameCpGúSⁿw -Z M -KAhQñC

-o attr_type

YnⁿwY@jMG≥AiH -o (order) C

ziHh -o A≤i@BwqCbUCdñAjMG

² m≤ (sn) AMß WrAWr (givenname) fV]U

AoO%rε ( - ) ⁿwG

-o sn -o -givenname

]AykOpUG

[-]<attribute name>[:<matching rule OID>]

Σñ

v attribute name OniµWC

v matching rule OID Ozn∩±∩Wh OIDC

v ε ( - ) ⁿXG"HfVC

v ½n/½nC

w] ldapsearch @OúN#GC

-O maxhopsⁿw maxhops i]wßíwblαAiHDW¡C

w]⌡DO 10 C

-p ldapportⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CYS

ⁿw -pA²Oⁿw -ZAhw] LDAP SSL ≡ 636C

-P keyfilepwⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩT]

ñiα]A@hpK≈CpG≈Ωw÷pKX⌠

AhqKX⌠oKXA]Nún -P CpG -Z M -KΓúSⁿwAhQñC

-q pagesize

ⁿwjMG!AΓsiHG -q ]djpP -T]j

MºííjíAHϕµCbUCdñAjMG@#@

278 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 291: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

]25 ACj 15 ϕ@A#jMGCldapsearch

ßbjM@RgABzC@!GnDsu≥

C

-q 25 -T 15

Yⁿw -v (verbose) Abq°A#C@ºßAldapsearch

CXewg#h.ApAwg 30 C

iHh -q AHKbP@jM@RgAⁿwúP

jpCbUCdñA@O 15 AGO 20 AT

ε!/jM@G

-q 15 -q 20 -q 0

bUCdñA@O 15 AΣlO 20 AjM

@¿úO≥ßⁿw -q C

-q 15 -q 20

w] ldapsearch @ONbP@nDñ#Cw] ldapsearch

@ú⌡µ!C

-R ⁿwún)αC

-s scopeⁿwjMd≥Cd≥O baseBone subAHⁿwnjM≥ª½≤B@

Ñhl≡Cw]O subC

: pGzHúⁿw -b ∩ⁿw -b ″″ ΦíⁿwjMAz"ⁿw -s ∩CjMw]d≥OC

-t NgJ@sñCbBzD ASCII Ap jpegPhoto audio

Ao∩C

-T seconds

jMºííjí]HϕµCⁿw -q ∩A+Σ -T ∩C

-U username

ⁿwWC -m DIGEST-MD5 O"nAϕΣL≈εh

ñCusername °Atm wCiαO uid O

MΣ⌠≤ΣLC

-v íAhEgJΘXC

-V ⁿwϕ ldapmodify s LDAP °AAn LDAP C w]

A LDAP V3 suCYnTa∩ LDAP V3Aⁿw -V 3Cⁿw

″-V 2″ ⌡µ@ LDAP V2 íC ldapmodify ºíA

ldap_initA∩H LDAP V3 @"nqT≤wA ú ldap_openC

-w passwd | ? passwd @OKXC ? iHúKXúCúiH

ε ps ⁿOñKXQC

-y proxydn

ⁿw≤ Proxy v DNC

20 ⁿOµí 279

Page 292: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

-Y w TSL suM LDAP °AqTCubwF IBM GSKit +

Σ -Y ∩C

-z sizelimitNjMG¡εh]t sizelimit CpiHw∩jM@#

A]w@W¡C

-Z w SSL suM LDAP °AqTCbw% IBM GSKit ú

SSL ≤A+iHΣ -Z ∩C

-9 p ]w!½n FalseCjMúBz!C

-9 s ]w½n FalseCjMúBzC

Lo°≤

ⁿwnbjMñMLo°≤NϕrΩC µLo°≤iHⁿw¿ ’

¼=’C°Lo°≤hiH UC Backus Naur Form (BNF)A

rϕkⁿwG

<filter> ::=’(’<filtercomp>’)’<filtercomp> ::= <and>|<or>|<not>|<simple><and> ::= ’&’ <filterlist><or> ::= ’|’ <filterlist><not> ::= ’!’ <filter><filterlist> ::= <filter>|<filter><filtertype><simple> ::= <attributetype><filtertype><attributevalue><filtertype> ::= ’=’|’~=’|’<=’|’>=’

’~=’ cOⁿw±ⁿXC÷ <attributetype> P <attributevalue>

ekí≤ ″RFC 2252, LDAP V3 Attribute Syntax Definitions″CA<attributevalue> iHOµ@ * HiµsbA]iH]t!σr

PP ( * ) HiµlrΩ±∩C

pALo°≤ ″mail=*″ ΣXπ mail ⌠≤CLo°≤

″mail=*@student.of.life.edu″ ΣXπ mail ABHⁿwrΩ⌠

≤CYnbLo°≤ñAAH#u (\) rNΣ⌡µC

: ⁿ "cn=Bob *" oLo°≤AΣñb Bob MP ( * ) ºí@

µAX ″Bob Carter″A²úX IBM Directory ñ ″Bobby

Carter″C≤ ″Bob″ PUr ( * ) ºíµAvTLo°≤

jMGC

piLo°≤πíA\ uRFC 2254ALDAP jMLo°≤r

Ωϕk (RFC 2254, A String Representation of LDAP Search Filters)C

ΘXµíYΣ@hAC@úHUCígJΘXG

OW (DN)

W=

W=

W=

...

280 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 293: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

UºíH@µµ!jCY -F ∩ⁿw!jrAhrA ú `=’ rCY -t ∩AhsWNΩCYú -A ∩AhugJuWví≈C

d

UCⁿOG

ldapsearch "cn=john doe" cn telephoneNumber

⌡µl≡jM]w]jM≥ªAjM commonName ″john doe″ C commonName M telephoneNumber ΓAMßCLΘXCYΣΓ

AhΘXiαⁿpUG

cn=John E Doe, ou="College of Literature, Science, and the Arts",ou=Students, ou=People, o=University of Higher Learning, c=US

cn=John Doe

cn=John Edward Doe

cn=John E Doe 1

cn=John E Doe

telephoneNumber=+1 313 555-5432

cn=John B Doe, ou=Information Technology Division,ou=Faculty and Staff, ou=People, o=University of Higher Learning, c=US

cn=John Doe

cn=John B Doe 1

cn=John B Doe

telephoneNumber=+1 313 555-1111

UCⁿOG

ldapsearch -t "uid=jed" jpegPhoto audio

w]jM≥ª⌡µl≡jMAjM ID ″jed″ CjpegPhoto M audio AMßgJsCYΣñ@XnDA

hΘXiαⁿpUG

cn=John E Doe, ou=Information Technology Division,

ou=Faculty and Staff,

ou=People, o=University of Higher Learning, c=US

audio=/tmp/ldapsearch-audio-a19924

jpegPhoto=/tmp/ldapsearch-jpegPhoto-a19924

UCⁿOG

ldapsearch -L -s one -b "c=US" "o=university*" o description

20 ⁿOµí 281

Page 294: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

b organizationName Y university ñAbΣ c=US h⌡µ@h

jMCjMGH LDIF µíπ]\uLDAP Ωµ½µívC

organizationName H description ΓAMßCLΘXAΣΘXiα

ⁿpUG

dn: o=University of Alaska Fairbanks, c=US

o: University of Alaska Fairbanks

description: Preparing Alaska for a brave new tomorrow

description: leaf node only

dn: o=University of Colorado at Boulder, c=US

o: University of Colorado at Boulder

description: No personnel information

description: Institution of education and research

dn: o=University of Colorado at Denver, c=US

o: University of Colorado at Denver

o: UCD

o: CU/Denver

o: CU-Denver

description: Institute for Higher Learning and Research

dn: o=University of Florida, c=US

o: University of Florida

o: UFl

description: Shaper of young minds

...

UCⁿOG

ldapsearch -b "c=US" -o ibm-slapdDN "objectclass=person" ibm-slapdDN

b c=US h⌡µl≡hjMAMΣHCϕoSϕbjMñ

AjMG OW (DN) rΩekCΣΘXiαⁿp

UG

cn=Al Edwards,ou=Widget Division,ou=Austin,o=IBM,c=US

cn=Al Garcia,ou=Home Entertainment,ou=Austin,o=IBM,c=US

cn=Amy Nguyen,ou=In Flight Systems,ou=Austin,o=IBM,c=US

282 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 295: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

cn=Arthur Edwards,ou=Widget Division,ou=Austin,o=IBM,c=US

cn=Becky Garcia,ou=In Flight Systems,ou=Austin,o=IBM,c=US

cn=Ben Catu,ou=In Flight Systems,ou=Austin,o=IBM,c=US

cn=Ben Garcia Jr,ou=Home Entertainment,ou=Austin,o=IBM,c=US

cn=Bill Keller Jr.,ou=In Flight Systems,ou=Austin,o=IBM,c=US

cn=Bob Campbell,ou=In Flight Systems,ou=Austin,o=IBM,c=US

SSLBTLS NpGnPí÷p SSL TLS ÷τA"w SSL TLS

íwPuπCSSL TLS íwPuπO% IBM Global Security Kit (GSKit) ú

AΣñ]t% RSA Security Inc. ow@nΘC

: p÷ 128 MT½ DES [KtΓkΩTAH LDAP díA

\ SSL TLS ukvCímdí]Mzí

"nBJAΣαtijj[KtΓkº SSL TLSC

\Pdí÷p make Ao÷ LDAP íAΣαs 128

HT½ DES [KtΓkΩTC

ß≈ΩweOH gsk7ikm í[HzCp÷ Java

íΩTA\ 74y gsk7ikmzCgsk7ikm íiwq²

ßH⌠@iH⌠µ (CA)C%qiH⌠ CA oBNx

sb≈ΩwñAMßNiH⌠AzNiHM%Σñ@

iH⌠ CA o LDAP °AAH⌠÷YCgsk7ikm í

]iHoßAHKα⌡µßM°AOC

Yßs LDAP °Au°AOAhb≈ΩwñAunwq

@hiH⌠DnYiCzL°AOAßNiHTH LDAP °A

wo%Σñ@iH⌠ CA oCAbP°Aºí SSL

TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind

ldap_simple_bind_s ú LDAP ]\ LDAP_Bind APIC

pAY LDAP °AO¬iH VeriSign AzNq VeriSign o

@≈ CA BNJz≈ΩwñAMßNiH⌠Cp

G LDAP °AO)µ°AAh LDAP °AziHú@

≈°A1zCN1Jz≈ΩwñAMß

iH⌠C

Yßs LDAP °AßM°AOAh"G

v b≈Ωwñwq@hiH⌠DnCΦíiH²ßTH

LDAP °Aw%Σñ@iH⌠ CA oCAbP°Aºí

SSL TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind

ldap_simple_bind_s ú LDAP ]\ LDAP_Bind APIC

v gsk7ikm ú≈∩AMßV CA nD@≈ßCbq CA ¼w

ßAN¼ß≈ΩwñC

20 ⁿOµí 283

Page 296: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

EYSoAh⌠¼AO 0CD 0 ⌠¼APAbΘxñ

gJETºC

t\

ldapaddBldapchangepwdBldapdeleteBldapexopBldapmodifyBldapmodrdn

°Aí

í°AíC

:

1. úF ldif M db2ldif ºAb°AíºeA"²ε°AC

2. TwSís²ΩwCYís²ΩwANLk⌡µ

°AíC

bulkload í

bulkload íOq LDIF ⁿJ²ΩCoO± ldif2db ≤tNΦkABijqⁿJ LDIF µíjqΩC

:

1. b°AJíºeA"²ε°AC

2. TwSís²ΩwCYís²ΩwANLk⌡µ

°AíC

3. jqⁿJ⌠Ab IBM Tivoli Directory Server 5.2 ñwúAC

A C L C H E C KBA C T I O NB L D A P I M P O R TB S C H E M A C H E C K H

STRING_DELIMITER Ñ⌠Aúwg!OⁿOµ∩ -AB-aB-LB-SB-s

NCbAⁿOµ/½újpgC

4. Yn⌡µ bulkload íAz"π dbadm sysadm MvCY

Windows tAz"b DB2 ⁿOµ (CLI) ñ⌡µ bulkload íC

pGn DB2 CLIA÷@Ul -> ⌡µBΘJ db2cmdAA÷@UTwC

5. Y DB2 ñ archival OⁿAh bulkload íóC]Ab

bulkload íºeA"² archival OⁿC

update database configuration for ldapdb2 using LOGRETAIN OFF USEREXIT OFF

6. pGⁿJΩ]t@AK∩úho DB2 @¡εCⁿJΩ

ºßAtKúh@¡εAHΘJºñCs

@A DB2 @¡εC

: pGⁿw@ⁿJF½AtNú DB2

@¡εCoΩTO²b bulkload.log ñC

ykG bulkload -i <ldiffile>[-a <parse_and_load|parseonly|loadonly>] [-A <yes|no>] [-c

| -C<yes|no>] [-d <number>] [-E <number>] [-f <configurationfile>] [-g] [-I

<yes|no>] [-L <path>] [-n | -N] [-?][-p | -P <yes|no>] [-s <character>] [-R

<yes|no>] [-S <yes|no|only>] [-v] [-x|-X <yes|no>]

ⁿOµ∩G

284 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 297: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

-i <ldiffile>ⁿwΘJWAñ]tnⁿJ² LDIF ΩCΣñ]

iα]A⌠C /usr/ldap/examples/sample.ldif ñ]t@πT

µídΩC

-a <parse_and_load|parseonly|loadonly>ⁿwⁿJ@íC

-A <yes|no>ⁿwOnBz LDIF ñ]t ACL ΩTCw]O yesCnoⁿJw] ACLC

-c | -C <yes|no>i⌡L½@CpApGzb⌡µs≥jqⁿJA

BzµbⁿJ@ºí⌡L½@ANiHN@d

ß@jqⁿJºßA⌡µCoXß bulkload ⁿOAⁿw -cyesC

-d <number> -d i]wúBnhAúC∩iHΣXiαDBPσRΩO²Cp÷úhΩ

TA\ 312y°AúízC

: b -d ∩ºeAnTw ldtrc íwAhúTºXCoXⁿO ldtrc onC

-E <number>ⁿwσR°i¡εCϕF¡εAbulkload ⁿON⌠Cw]O infinityC

-f <configurationfile>∩ⁿw slapd tmC

-g ⁿwúnhúµC

-I <yes|no>ⁿwbⁿJºeOnúhCw]O noC

-L <path>ⁿwxsΩ²CxsΘw]⌠OG

v AIX @t /tmp/ldapimport

v Windows @t c:\tmp\ldapimport

v LinuxBSolaris H HP @t /var/ldap/ldapimport

-n | -NⁿwⁿJOúi#C

-? nD bulkload ykíTºC

-p | -P <yes|no>ⁿwOnw∩]t userpassword KXhC

-R <yes|no>ⁿwOnúxsΩ²C²Oⁿw]²A

% -L ⁿw²Cw]O yesC

20 ⁿOµí 285

Page 298: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

: ÷Mw]O yesA²Γ¼pCpGjqⁿJ⌠¼A]¼pAsú]o QRúA]

noiµApG∩ -a parseonly∩A]ⁿJÑqnsAHoúQRúC

-s <character>ⁿwJrΩ!jrC

: Bulkload iαLkⁿJtSw UTF-8 r LDIFCoO

] DB2 LOAD uπbσRw] bulkload rΩjrAτYhrñ½u ( | ) AΣñ@Dy¿C½

sⁿwrΩjr $C

bulkload -i <ldiffile> -s $

-S <yes|no|only> btmñΣ½≤OwqP¼wqAτO²

úOC

⌡dτ½≤OPúwgwqBw∩C@ⁿ

wúX½≤Owqñu"nvPuiⁿvM

µAPGiúOT 64 sXµíC

yes bNΩ[J²ºeA⌡µΩ⌡dC

no bNΩ[J²ºeA⌡µΩ⌡dCo@Φíi

Hú¬αC∩]bΘJñΩúOCo

Ow]∩C

only ⌡µΩ⌡dA²OúNΩ[J²ñC∩iHú

#XP°iC

ΦkO² -S only ∩τΩAÑnNΩⁿJ²AAw] -S noC

-v ⁿwííC∩iHúhC

-x|-X <yes|no>ⁿwOnNΩα½ΩwrXCw]O noC

: YD UTF-8 ΩwA+nC

F∩iαAbulkload uπ]bΘJñΩúOTAΩwgb²eⁿJ@ñdLFCúLAbulkload uπiHw∩ΘJΩ⌡µ@≥dC

ϕ²°A (slapd) b⌡µñAbulkload íNLk⌡µC

úFNΩxsbΩw²ñníAbulkload uπ]n@xsΘA@NΩíJΩwºeA@ΩºCxsΘw]⌠

O ¡x wC\ -L ∩⌠WíCziH -L ∩≤⌠G

bulkload -i <ldiffile> -L /newpath

z"∩²gJ\ivCznxsΘjp."O ldapimport ²

ñ LDIF jp 2.5 CziαnΣLxsΘA°zΩ wC

286 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 299: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Yz¼ⁿpUG

SQL3508N bⁿJⁿJdíAs¼ "SORTDIRECTORY" oC]XG"2"C⌠G"/u/ldapdb2/sqllib/tmp/"C

znN⌠ DB2SORTTMP ]btñA≤híi² bulkload

²]h²CiHⁿwh²AñíHrI ( , ) jApUG

export DB2SORTTMP=/sortdir1,/sortdir2

⌡µ bulkload ANΣΘXTºCY⌡µíoA²iαJúπCziαnúh LDAP ϕµAúhΩw]½@ΩwAMß½s

lCYooípAΩú[J²ñAB"½s⌡µ bulkloadCAϕzúh LDAP ϕµAiααóΩC

/usr/ldap/examples/sample.ldif ñ]t@dΩCziHñΩA

mH bulkload uπjqJΩ²A ldif2db ⁿOµíCúLAbjqΩAldif2db íiα± bulkload íCC

Fα]Abulkload uπúdO½sbCTwzΘJ LDIF

ñS]t½CY½sbAú½C

Y bulkload b DB2 LOAD ÑqóAd db2load.log ñó]CΘ

xb Windows @tW≤ c:\tmp\ldapimportAb AIX @tW≤

/tmp/ldapimportAb LinuxBSolaris M HP @tWh≤ /var/ldap/ldapimportCY

ⁿw -L ∩Ab -L ∩wq²ñMΣC≤DAMß½s⌡µbulkloadCBulkload qeQⁿJ@PIA½sⁿJC

Y bulkload óAΣΩTxsb <installation directory>/etc/bulkload_status ñC

bQⁿJΩºeAúQúCpiTO²ñΩπCp

GzMwn½stmΩwA½slANnΓú bulkload_status AúM

bulkload ,qeQ¿ⁿJIiµC

dbbackdbback ⁿOOb°A≈u ≈zΩwCⁿOe"ε°AC

ykGdbback [-?] [-d <backupdir>] [-w <filename>]

∩G

-? πykµíC

-d <backupdir>ⁿw ≈Ωw²C

-w <filename>ⁿwNΘX½sVΣñºπ⌠WC

dbrestoredbrestore ⁿOOb°A≈uzΩwCⁿOe"ε°AC

20 ⁿOµí 287

Page 300: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ykG

dbrestore [-?] [-d <backupdir> [-n]][-w <filename>]

∩G

-? πykµíC

-d <backupdir>ⁿwnqΣñΩw²C

-n ⁿwún ibmslapd.conf CϕznN Ω½sPBA²Oúµ

∩g°A ibmslapd.conf AYi∩C

-w <filename>ⁿwNΘX½sVΣñºπ⌠WC

db2ldif í

íiNxsb÷píΩwñ²AX LDAP ²µ½µí (LDIF)

σrñC

: íiHH⌡µAúnε°AC

ykG

db2ldif -o <outputfile> [-f <configfile>] [[-s <subtree DN>[-x]]| [-p on|off] [-l]] [-j] | [-?]

∩G∩ú!jpgC

-f <configfile>

∩ⁿw slapd tmC

-l úFX cn=localhost subtree ºAnXr]² cn=pwdpolicy r

úCo∩LkM -s ∩@C

-j ⁿúnN6@]createTimestampBcreatorsNameBmodifiersName M

modifyTimestampX LDIF C

-o <outputfile>ⁿw LDIF ΘXA]t LDIF µí²Cⁿwl≡ñ

úH LDIF µígJΘXñCoO"n∩CpGúsb

µ²ñAh"ⁿwπ⌠PWC

-p on|offúFX cn=pwdpolicy suffix ºAnXr]² cn=localhost l

≡úCw]]wO offCo∩LkM -s ∩@C

-? πⁿOkC

-s <subtree DN> [-x]l≡ DN wqnX LDIF ΘXl≡ºCΣ²Ñ

hUúgJΘXñCYSⁿw∩AhxsbΩwñ

²Aú tmñⁿwrAígJΘXñCYⁿw

-x ∩Aϕnúb -s ∩ⁿwl≡Co∩LkM -l -p ∩@C

288 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 301: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ΣLⁿOµΘJúPykTºAbTºßAπXAϕy

kC

ibmdiradmpGnzníA ibmdiradm ⁿOC

yk

ibmdiradm [-h debug_mask] [-f path_to_configuration_file] [-s ssl_port][-p nonssl_port] [-i servicename | -u servicename]

ízníC

-h debug_mask

ibmdiradm úzníúΘX stdoutCdebug_mask O@

BnAεúΘXAΣ¬ 65535C IBM AH

CpúhΣLΩTA\ 312y°AúízC

-f path_to_configuration_file

ⁿwϕzní°AAtmmCpGzn)q

tmANnCYSⁿwAibmdiradm w]tmw

b¡x mC

-s ssl_port

ⁿw SSL ≡C

-p nonssl_port

ⁿwD SSL ≡C

UCΓA Windows tC

-i servicenamesWzní¿ Windows AC

-u servicenameúzní¿ Windows AC

YnεzníG

v b UNIX ¼tñA⌡µUCⁿOG

ps -ef | grep ibmdiradmkill -p pid_obtained_by_previous_commnand

v b Windows tG

1. zLuεxvAuAv°íC

2. ÷@U Directory Admin DaemonC

3. ÷@U@ -> εC

ibmdirctloOzníεíCzní (ibmdiradm) "b⌡µC\ 13

y²znízPyibmdiradmzC

: ziHíC

20 ⁿOµí 289

Page 302: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

yk

ibmdirctl [-D adminDN] [-h hostname] [-K keyfile] [ -N key_name ][-p port] [-v] [-w adminPW | ?] [-Z] [-?]command -- [ibmslapd options]

Σñ command O start|stop|restart|status|admstop

ízníεí ibmdirctl OBεB½sd IBM Tivoli

Directory Server ¼ACª]iHεzníCYwnD ibmslapd ∩A

o∩ºe"[W --C

Ynπ ibmdirctl ykíAΘJ ibmdirctl -?C

-D adminDN adminDN s LDAP ²CadminDN OHrΩe DN]\

uLDAP OWvC

-h hostnameⁿw LDAP °AM admin ní⌡µbND≈C

-K keyfileⁿw≈C

-N key_nameⁿw≈ñpK≈WC

-p portⁿwzníÑN TCP ≡Cw] LDAP ≡O 3538C

-v ⁿwHí⌡µC

-w adminPW | ? adminPW @OKXC ? iHúKXúCúiH

ε ps ⁿOñKXQC

-? πíeC

ⁿO

v start - °AC

v stop - ε°AC

v restart - εMß°AC

v status - d°A¼AC

v admstop - ε IBM Tivoli Directory Server zníC

: stop ⁿOiHV LDAP °AoXC

-- ibmslapd optionsibmslapd ∩Oⁿ ibmslapd Bzb⌠≤∩AqG

v -a | -A - N°AbtmíC

v -n | -N - pG°ALkMΩwßí@]Dutmv

íAhú°AC

290 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 303: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

:

1. YwnD ibmslapd ∩Ao∩NQ -- NC

2. YoX stop ⁿOAh ibmslapd ∩QñC

d

YnN°AbtmíAoXⁿOG

ibmdirctl -h mymachine -D myDN -w mypassword -p 3538 start -- -a

Ynε°AAoXⁿOG

ibmdirctl -h mymachine -D myDN -w mypassword -p 3538 stop

ldapdiffoO LDAP gPBuπ

yk

ldapdiff -b baseDN - sh host -ch host [-a] [-C countnumber][-cD dn] [-cK keyStore] [-cw password] -[cN keyStoreType][-cp port] [-cP keyStorePwd] [-ct trustStoreType] [-cT trustStore][-cY trustStorePwd] [-cZ] [-F] [-j] [-L filename] [-sD dn][-sK keyStore] [-sw password] -[sN keyStoreType] [-sp port][-sP keyStorePwd] [-st trustStoreType] [-sT trustStore][-sY trustStorePwd] [-sZ] [-v]

ldapdiff -S - sh host -ch host [-a] [-C countnumber][-cD dn][-cK keyStore] [-cw password] -[cN keyStoreType] [-cp port][-cP keyStorePwd] [-ct trustStoreType] [-cT trustStore][-cY trustStorePwd] [-cZ] [-j][-L filename] [-sD dn][-sK keyStore] [-sw password] [-sN keyStoreType] [-sp port][-sP keyStorePwd] [-st trustStoreType] [-sT trustStore][-sY trustStorePwd] [-sZ] [-v]

íuπiN °AMΣD°APBCYnπ ldapdiff ykíAΘJG

ldapdiff -?

∩UC∩A≤ ldapdiff ⁿOC@Γ∩A≤ú°A°AC

-a ⁿw°AzεAεgJ¬ C

-b baseDN

jM≥ª@jMlIA úOw]CYSⁿw - bAhíd LDAP_BASEDN ⌠jM≥ªwqC

-C countnumber

pΓnCYΣúWXⁿwAuπ⌠C

-F ∩CYⁿwAh∩ WeAΣXú°

AeCpGwgⁿw -SANLko∩C

-j ⁿñ LDIF ñ@C

-L YSⁿw -F ∩Ao∩úΘX LDIF CLDIF

iH≤sAH°útºC

20 ⁿOµí 291

Page 304: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

-S ⁿwn±Γí°AW⌡C

-v íAhEgJΘXC

gú∩: UC∩A≤°AAb∩WñHY@ ’s’

ϕC

-sD dn

dn s LDAP ²Cdn OHrΩe DNC

-sh host

ⁿwD≈WC

-sK keyStore

ⁿw SSL ≈ΩwWA]Aw]W kdbCpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWCpGSⁿw

≈ΩwWAí²b SSL_KEYRING ⌠ñAMΣπ

÷pWCpGSwq SSL_KEYRING ⌠Ahw]

≈⌠]pGw]C

w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA

ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow

LDAP Σb⌠CLDAPHOME ]@t¡x úPG

v AIX @t - /usr/ldap

v HP-UX @t - /usr/IBMldap

v Linux @t - /usr/ldap

v Solaris @t - /opt/IBMldaps

v Windows @t - c:\Program Files\IBM\LDAP

: oOw]wmAΩ LDAPHOME Obw@íMwC

po÷w]≈ΩwHw]zñΣlΩTA

\ IBM Directory C-Client SDK Programming ReferenceC

pGΣú≈⌠ΩwAhw]iH⌠zñuw

XvC≈Ωwq]tßH⌠@hzñ

Co X.509 τuiH⌠DnvCp÷z SSL ≈

ΩwΩTA\ 74y gsk7ikmzCτ\ 296

ySSLBTLS NzM 69yw Socket hzñA÷ SSL P

ΩTC

a -sZ /½C

-sN keyStoreType

ⁿwP≈Ωwñß÷pCpG LDAP °Atm

u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ

ßP°AOAhnßCYwⁿww]/pK≈∩

@w]Ahúnⁿw keyStoreTypeCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw keyStoreTypeCpGúSⁿw -sZ M -sKAhQñC

-sp ldapport

ⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CYS

ⁿw -spA²ⁿw -sZAhw] LDAP SSL ≡ 636C

292 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 305: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

-sP keyStorePwd

ⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩTA

ñiα]A@hpK≈CpG≈Ωw÷pKX⌠

AhqKX⌠oKXA]Nún -sP CpGúSⁿw -sZ M -sKAhQñC

-st trustStoreType

ⁿwPH⌠Ωwñß÷pCpG LDAP °Atm

u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ

ßP°AOAhnßCYwⁿww]/pK≈∩

@w]Ahúnⁿw trustStoreTypeCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw trustStoreTypeCpGúSⁿw -sZ M -sTAhQñC

-sT trustStore

ⁿw SSL H⌠ΩwWA]Aw]W tdbCpGH⌠Ωwúsbµ²ñAh"ⁿwπH⌠ΩwWCpGSⁿw

H⌠ΩwWAí²b SSL_KEYRING ⌠ñAMΣπ

÷pWCpGSwq SSL_KEYRING ⌠Ahw]

≈⌠]pGw]C

w]≈⌠]τYAldapkey.tdbH÷pKX⌠]τYA

ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow

LDAP Σb⌠CLDAPHOME ]@t¡x úPG

v AIX @t - /usr/ldap

v HP-UX @t - /usr/IBMldap

v Linux @t - /usr/ldap

v Solaris @t - /opt/IBMldaps

v Windows @t - c:\Program Files\IBM\LDAP

: oOw]wmAΩ LDAPHOME Obw@íMwC

po÷w]≈ΩwHw]zñΣlΩTA

\ IBM Directory C-Client SDK Programming ReferenceC

pGΣú≈⌠ΩwAhw]iH⌠zñuw

XvC≈Ωwq]tßH⌠@hzñ

Co X.509 τuiH⌠DnvCp÷z SSL ≈

ΩwΩTA\ 74y gsk7ikmzCτ\ 296

ySSLBTLS NzM 69yw Socket hzñA÷ SSL P

ΩTC

a -sZ /½C

-sw password | ? password @OKXC ? iHúKXúCúiH

ε ps ⁿOñKXQC

-sY iH⌠ΩwKXC

-sZ w SSL suM LDAP °AqTCbw% IBM GSKit ú

SSL ≤A+iHΣ -Z ∩C

20 ⁿOµí 293

Page 306: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

g∩: UC∩A≤°AAb∩WñHY@ ’c’

ϕC

-cD dn

dn s LDAP ²Cdn OHrΩe DNC

-ch host

ⁿwD≈WC

-cK keyStore

ⁿw SSL ≈ΩwWA]Aw]W kdbCpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWCpGSⁿw

≈ΩwWAí²b SSL_KEYRING ⌠ñAMΣπ

÷pWCpGSwq SSL_KEYRING ⌠Ahw]

≈⌠]pGw]C

w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA

ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow

LDAP Σb⌠CLDAPHOME ]@t¡x úPG

v AIX @t - /usr/ldap

v HP-UX @t - /usr/IBMldap

v Linux @t - /usr/ldap

v Solaris @t - /opt/IBMldaps

v Windows @t - c:\Program Files\IBM\LDAP

: oOw]wmAΩ LDAPHOME Obw@íMwC

po÷w]≈ΩwHw]zñΣlΩTA

\ IBM Directory C-Client SDK Programming ReferenceC

pGΣú≈⌠ΩwAhw]iH⌠zñuw

XvC≈Ωwq]tßH⌠@hzñ

Co X.509 τuiH⌠DnvCp÷z SSL ≈

ΩwΩTA\ 74y gsk7ikmzCτ\ 296

ySSLBTLS NzM 69yw Socket hzñA÷ SSL P

ΩTC

a -cZ /½C

-cN keyStoreType

ⁿwP≈Ωwñß÷pCpG LDAP °Atm

u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ

ßP°AOAhnßCYwⁿww]/pK≈∩

@w]Ahúnⁿw keyStoreTypeCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw keyStoreTypeCpGúSⁿw -cZ M -cKAhQñC

-cp ldapport

ⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CYS

ⁿw -cpA²ⁿw -cZAhw] LDAP SSL ≡ 636C

-cP keyStorePwd

ⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩTA

294 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 307: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ñiα]A@hpK≈CpG≈Ωw÷pKX⌠

AhqKX⌠oKXA]Nún -cP CpGúSⁿw -cZ M -cKAhQñC

-ct trustStoreType

ⁿwPH⌠Ωwñß÷pCpG LDAP °Atm

u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ

ßP°AOAhnßCYwⁿww]/pK≈∩

@w]Ahúnⁿw trustStoreTypeCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw trustStoreTypeCpGúSⁿw -cZ M -cTAhQñC

-cT trustStore

ⁿw SSL H⌠ΩwWA]Aw]W tdbCpGH⌠Ωwúsbµ²ñAh"ⁿwπH⌠ΩwWCpGSⁿw

H⌠ΩwWAí²b SSL_KEYRING ⌠ñAMΣπ

÷pWCpGSwq SSL_KEYRING ⌠Ahw]

≈⌠]pGw]C

w]≈⌠]τYAldapkey.tdbH÷pKX⌠]τYA

ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow

LDAP Σb⌠CLDAPHOME ]@t¡x úPG

v AIX @t - /usr/ldap

v HP-UX @t - /usr/IBMldap

v Linux @t - /usr/ldap

v Solaris @t - /opt/IBMldaps

v Windows @t - c:\Program Files\IBM\LDAP

: oOw]wmAΩ LDAPHOME Obw@íMwC

po÷w]≈ΩwHw]zñΣlΩTA

\ IBM Directory C-Client SDK Programming ReferenceC

pGΣú≈⌠ΩwAhw]iH⌠zñuw

XvC≈Ωwq]tßH⌠@hzñ

Co X.509 τuiH⌠DnvCp÷z SSL ≈

ΩwΩTA\ 74y gsk7ikmzCτ\ 296

ySSLBTLS NzM 69yw Socket hzñA÷ SSL P

ΩTC

a -cZ /½C

-cw password | ? password @OKXC ? iHúKXúCúiH

ε ps ⁿOñKXQC

-cY iH⌠ΩwKXC

-cZ w SSL suM LDAP °AqTCbw% IBM GSKit ú

SSL ≤A+iHΣ -cZ ∩C

20 ⁿOµí 295

Page 308: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

d

ldapdiff -b <baseDN> -sh <supplierhostname> -ch <consumerhostname> [options]

ldapdiff -S -sh <supplierhostname> -ch <consumerhostname> [options]

YSú DN Ah ldapdiff ⁿOÑqΘJ¬ DN MµCYn#Ñ

Ai Ctrl+C Ctrl+DC

SSLBTLS NpGnPí÷p SSL TLS ÷τA"w SSL TLS

íwPuπCSSL TLS íwPuπO% IBM Global Security Kit (GSKit) ú

AΣñ]t% RSA Security Inc. ow@nΘC

: p÷ LDAP í 128 MT½ DES [KtΓkΩTAH

LDAP díA\ IBM Directory C-Client SDK Programming Reference ñ

LDAP_SSLCímdíMzí"nBJAΣαt

ijj[KtΓkº SSLC

\Pdí÷p make Ao÷ LDAP íAΣαs 128

HT½ DES [KtΓkΩTC

ß≈ΩweOH gsk7ikm í[HzCp÷ Java

íΩTA\ 74y gsk7ikmzCgsk7ikm íiwq²

ßH⌠@iH⌠µ (CA)C%qiH⌠ CA oBNx

sb≈ΩwñAMßNuiH⌠vAzNiHM%Σñ@

iH⌠ CA ouiH⌠v LDAP °AAH⌠÷YCgsk7ikm

í]iHoßAHKα⌡µßM°AOC

Yßs LDAP °Au°AOAhb≈ΩwñAunwq

@hiH⌠DnYiCzL°AOAßNiHTH LDAP °A

wo%Σñ@iH⌠ CA oCAbP°Aºí SSL

TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind

ldap_simple_bind_s ú LDAP CpAY LDAP °AO¬iH

VeriSign AzNq VeriSign o@≈ CA BNJz≈Ω

wñAMßNiH⌠CpG LDAP °AO)µ°A

Ah LDAP °AziHú@≈°A1zCN1

Jz≈ΩwñAMßiH⌠C

Yßs LDAP °AßM°AOAh"G

v b≈Ωwñwq@hiH⌠DnCΦíiH²ßTH

LDAP °Aw%Σñ@iH⌠ CA oCAbP°Aºí

SSL TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind

ldap_simple_bind_s ú LDAP C

v gsk7ikm ú≈∩AMßV CA nD@≈ßCbq CA ¼w

ßANxsbß≈ΩwñC

296 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 309: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

EYSoAh⌠¼AO 0CD 0 ⌠¼APAbΘxñ

gJETºC

ldaptracezlí

:

1. uzzs¿iHíC

2. ldaptrace ΩAvT°AαC

yk

ldaptrace -a port -l [on|off|clr|chg|info|dump] --[ldtrc options] -D adminDn-h hostname -K keyfile -m debugLevel -N key_name -o debugFile-p port -P key_pw -t [start|stop] -v -w adminPW -Z -?

ízlí ldaptrace iAε Directory Server l\αC

@]iH]wTºhMⁿwgJΘXWCYwnD LDAP l≈

α (ldtrc) ∩Ao∩ºe"[W --C

Ynπ ldaptrace ykíAΘJGldaptrace -?

: ÷M ldaptrace íiH≤ SSL TLSA²ouαΣ ís≈εC

-a port

ⁿwN TCP ≡A IBM Administration Daemon (ibmdiradm)A D Directory

ServerAѺCw]≡O 3538CYⁿwA²ⁿw -ZAhw]SSL ≡ 3539C

-l [on|off|clr|chg|info|dump] –[ldtrcoptions]

on l≈αCziHⁿwUC⌠≤ ldtrc ∩A∩ºenh@

-C

v [ - m < m a s k > ] w h e r e < m a s k > =

<products>.<events>.<components>.<classes>.<functions>.

v [-p <pid>[.<tid>]] lⁿwBz⌡µⁿC

v [-c <cpid>] lⁿw±HBzC

v [-e <maxSeverErrors>] FjY½ (maxSevereErrors) º

ßεlC

v [-s | -f <fileName>] eΘX@OΘC

v [-l [<bufferSize>] | -i [<bufferSize>]] ⁿwnOsßlO²C

w]wO 1MC

v [-this <thisPointer>] lⁿw½≤C

: l≈α"+αl°AΩC

off ÷¼l≈αC

20 ⁿOµí 297

Page 310: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

clr MúlwC

chg l"O@ñ+α chg ∩≤UC ldtrc ∩G

v [ - m < m a s k > ] w h e r e < m a s k > =

<products>.<events>.<components>.<classes>.<functions>.

v [-p <pid>[.<tid>]] lⁿwBz⌡µⁿC

v [-c <cpid>] lⁿw±HBzC

v [-e <maxSeverErrors>] FjY½ (maxSevereErrors) º

ßεlC

v [-this <thisPointer>] lⁿw½≤C

info o÷≤lΩTCz"ⁿwAiHOGil

lwMCUCO info úΩTdG

C:\>ldtrc infol G 1.00@t G NT@t G 4.0wΘ¡x G 80x86

Bn G *.*.*.*.*.*nl pid.tid G ínl cpid G ínlⁿ G íN rc °t G LjY½ G 1jO²jp G 32768 la G @OΘnOsO² G ßlwjp G 1048576 lΩⁿd G

dump XlΩTCoΩT]ABzΩyΩAH°Aú

TºCziHⁿwnXlWCw]G

b Unix ¼tñG

/var/ldap/ibmslapd.drace.dump.

b Windows ¼tñG

<installationpath>\var\ibmslapd.trace.dump

: ot" ldtrc format ⁿOµíGi ldtrc Ω

C

-h ldaphost

ⁿw Directory Server Mzní⌡µbND≈C

-K keyfile

ⁿw SSL TLS ≈ΩwWA]Aw]W kdbCpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWCpG

Sⁿw≈ΩwWAí²b SSL_KEYRING ⌠

ñAMΣπ÷pWCpGSwq SSL_KEYRING ⌠Ah

w]≈⌠]pGw]C

w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA

ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow

LDAP Σb⌠CLDAPHOME ]@t¡x úPG

v AIX @t - /usr/ldap

298 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 311: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v HP-UX @t - /usr/IBMldap

v Linux @t - /usr/ldap

v Solaris @t - /opt/IBMldaps

v Windows @t - c:\Program Files\IBM\LDAP

: oOw]wmAΩ LDAPHOME Obw@íMwC

po÷w]≈ΩwHw]zñΣlΩTA

\ IBM Directory C-Client SDK Programming ReferenceC

pGΣú≈⌠ΩwAhw]iH⌠zñuw

XvC≈Ωwq]tßH⌠@hzñ

Co X.509 τuiH⌠DnvCp÷z SSL TLS

≈ΩwΩTA\ 74y gsk7ikmzCτ\ 263

ySSLBTLS NzM 69yw Socket hzñA÷ SSL P

ΩTC

a -Z /½C

-m debuglevel

]w°AúTºBnúhCp÷úhΩTA\

312y°AúízC

-N certificatename

ⁿwP≈Ωwñß÷pCpG LDAP °Atm

u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ

ßP°AOAhnßCYwⁿww]/pK≈∩

@w]Ahúnⁿw certificatenameCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw certificatenameCpGúSⁿw -Z M -KAhQñC

-o debugfile

ⁿw°AúTºΘXWC

-p port ⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CY

ⁿwA²ⁿw -ZAhw] LDAP SSL ≡ 636C

-P keyfilepw

ⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩTA

ñiα]A@hpK≈CpG≈Ωw÷pKX⌠

AhqKX⌠oKXA]Nún -P CpG -Z M -KΓúSⁿwAhQñC

-t [start|stop]

start l¼°AlΩC

stop ε¼°AlΩC

-v ⁿwHí⌡µC

-w adminPW | ?

adminPW @OKXC ? iHúKXúCúiH

ε ps ⁿOñKXQC

-? πíeC

20 ⁿOµí 299

Page 312: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

d

pGn ldtrc ≈αAπ 2M lw°AlAoXUCⁿOG

ldaptrace -h <hostname> -D <adminDN> -w <adminpw> -l on -t start -- -| 2000000

pGnε°AlAoXUCⁿOG

ldaptrace -h <hostname> -D <adminDN> -w <adminpw> -t stop

pGn÷¼ ldtrc ≈αAoXUCⁿOG

ldaptrace -h <hostname> -D <adminDN> -w <adminpw> -l off

ldif í

LDAP Ωµ½µí (LDIF) uπ ldif OiHzL shell síAªiN⌠N

Ωα½ LDIFCªqΘJ¬ΘJAMßúAXb LDIF ñ

O²C

ykG ldif [-b ]<attrname>

ⁿOµ∩G

∩ú!jpgC

-b ΘJOµ@lGiCΘXO base64 sXC

<attrname>nα½ΣWCYS -b ∩Aldif NΘJC@µ°OC

p÷ LDIF ΩTA\ 327 ² E, yLDAP Ωµ½µí

(LDIF)zC

d

YnΣX sn ]m≤AΣ smith LDIF µíAbⁿOµWΘJG

1. ΘJ ldif sn

2. ΘJ smith

3. @# sn: smith

4. ÷ Ctrl C ⌠C

-b ∩G

1. ΘJ ldif -b sn

2. ΘJ smith

3. ÷ Ctrl C iµBzC

4. @# sn:: c21pdGgNCg==

ldif2db í

íiNHσr LDAP ²µ½µí (LDIF) ⁿwAⁿJ÷píΩw

²ñCΩw"wsbCldif2db isW²ΩwñAsWwg]tΩwñC

:

1. b°AJíºeA"²ε°AC

300 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 313: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

2. TwSís²ΩwCYís²ΩwANLk⌡µ

°AíC

3. pGzON 5.2 °Awb 5.1 4.1 °AWAhb ldif2db íºeA"²°AAH¿@αBzC

ykG ldif2db -i <inputfile> [-f <configurationfile>] [-g] [-r yes|no] | -?

ⁿOµ∩G

∩úú!jpgC

-i <inputfile>ⁿw LDIF ΘJWAñ]t LDIF µí²C

oO"n∩CpGúsbµ²ñAh"ⁿwπ

⌠PWC

-f <configurationfile>∩ⁿw slapd tmC

-g ⁿwúnhúµC

-r [yes|no]ⁿwOn gCw]O yesAϕn±mb Change ϕµñA

Mßb°A½siµ gC

-? πⁿOkC

ΣLⁿOµΘJúPykTºAbTºßAπXTy

kC

: ldif2db sWO²ßAεD°AAMßY½sC

runstats

ykG runstats [-f configfile]

ⁿOµ∩G

-f configfile∩ⁿw slapd tmC

20 ⁿOµí 301

Page 314: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

302 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 315: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

6 g ²PßO

© Copyright IBM Corp. 2003 303

Page 316: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

304 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 317: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

² A. °

GSKit

pGzqízñ (CA)Ap EntrustAJoHA B

GSKIT oUC óA

qw¼oC

DiαOq Entrust #OAúODnCz"Dn+α

CLkC

pGzSDnAHUOoDnΦkº@C

Dndº@O tb Internet Explorer (IE) 5.5 ñ GTE CybertrustA²O

w]ú]tb GSKit kdb ΩwñCpGnoAz"G

1. q IE H Base64 sXXΣñ@ GTE Cybertrust ] 3 C

2. NªsW¿iH⌠DnC

: F GSKit ∩]wiH⌠DnA"O)µC

3. q Entrust sW CA C

4. q Entrust ¼ SSL C

\iv

b UNIX ¼tñAg]ssΦ≈Ωw úp≤∩F\i

vCoO]o@qOH root ID ¿A]\ivOw∩ root

]wCF² Directory Server QoAz"≤\ivAªiH

² ID ldap ¬Ch Directory Server NLkC

chown ldap:ldap <mykeyring>.*

Kerberos

Kerberos AíW≤

bIBM Directory Server 4.1 ºeALDAP °A LDAP @Σ Kerberos A

íW]LDAP/ldaphost.austin.ibm.comAldaphost O LDAP °Ab≈

D≈WAPΣßM Kerberos KDC iµqTCb 4.1 M≤¬ñAh

pgAíW]ldap/ldapname.austin.ibm.comC%≤o≤Aq 3.x

°AαºßA4.1B5.1 5.2 °AiαLkCoO] 4.1B5.1

5.2 °Ab keytab ñMΣ ldapA LDAP AWbAB%e 3.x °ACpGn≤oípAziH⌡µUC⌠≤@BJG

v sW@pg LDAP Kerberos AíWú@ keytab AMßs

keytab iµqTC

v N⌠ LDAP_KRB_SERVICE_NAME ]w LDAPAMß+°ACo⌠ LDAP °A≥ keytab ñjg LDAP °AAíW

© Copyright IBM Corp. 2003 305

Page 318: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

AMΣßiµqTCbßípUAz"bß]w⌠A

B≥jg LDAP AíWPΣ°AqTC

b Windows W slapd.cat o

b Windows tWAziα¼tUCeTºG

slapd.cat o¼ DATABASE íwQq C:/Program Files/IBM/LDAP/bin/libback-config.dll ⁿJC rdbm.cat o

pGoo¼pAd NLSPATH ⌠CwíN NLSPATH ⌠

]t⌠C²OApGt]N NLSPATH ]⌠Ah

NLSPATH ⌠gt]wC

pGn≤oANt⌠ NLSPATH ΩT[⌠ñ

ΩTC

Web z

b Web zuπñΘJΩl

pGzb Web zuπñHDσyÑΘJΩlA⌡µUCG

b WebSphere Application Server - Express O

sΦUC²ñ server.xml G

WAS_home/appsrv/config/cells/DefaultNode/nodes/DefaultNode/servers/server1

NΘπσr[Jq¿ñG

<processDefinition xmi:type="processexec:JavaProcessDef"xmi:id="JavaProcessDef_1"executableName="$JAVA_HOME/bin/java"executableTarget="com.ibm.ws.runtime.WsServer"executableTargetKind="JAVA_CLASS"workingDirectory="$USER_INSTALL_ROOT">

<execution xmi:id="ProcessExecution_1" processPriority="20" runAsUser=""runAsGroup=""/>

<monitoringPolicy xmi:id="MonitoringPolicy_1" pingInterval="60"maximumStartupAttempts="3" pingTimeout="300" autoRestart="true"nodeRestartState="STOPPED" />

<ioRedirect xmi:id="OutputRedirect_1"stdoutFilename="$SERVER_LOG_ROOT/native_stdout.log"stderrFilename="$SERVER_LOG_ROOT/native_stderr.log"/>

<jvmEntries xmi:id="JavaVirtualMachine_1" classpath="" bootClasspath=""verboseModeClass="false" verboseModeGarbageCollection="false"verboseModeJNI="false" initialHeapSize="0"maximumHeapSize="256" runHProf="false" hprofArguments=""debugMode="false" debugArgs="-Djava.compiler=NONE -Xdebug -Xnoagent-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=7777"genericJvmArguments="">

<systemProperties xmi:id="Property_10"name="client.encoding.override" value="UTF-8" required="false"/>

</jvmEntries>

b WebSphere Application ServerbuWebSphere zDxv≡G

v ∩°AC

v ∩í°AC

306 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 319: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v ∩zn°AFpAserver1C

v ÷@U wqC

v ÷@U Java Virtual MachineC

v ÷@UqeC

v ÷@UAϕ÷súseC

v bWµñAΘJ client.encoding.overrideC

v bµñAΘJ UTF-8C

v ÷@UMC

v εMßA½s WebSphere Application ServerC

ΣLnJeó

Web zuπA<qs²uv∩ñΣLnJeCµ@s

²ΩWu@ Web zΩα≈oº\αCªúα@P CookieCΣL

nJe"qs²sΩñC

b Unix ¼tñG

qⁿOµ & ∩s°íCpG

mozilla &

b Windows ¼tñG

v Internet Explorer - l°íqα Internet Explorer AΣ

L Internet Explorer °íC

v Mozilla - Mozilla Web s²úΣ Windows Wh½ Web zuπÑ

q@C

: Netscape s²wúⁿΣC

ldapmodify ⁿON Web zm≤ú@P¼A

pGzwnJ Web zuπAⁿOµ (ldapmodify) ≤KXAWebzuπ

N°A¼A¿wεCoO] Web zuπbC@ss

uCWeb zuπKXs°AA]ªúDKXwg≤A]

suóCz"nXßAAsKX½snJC

FKo¼pApGz¼≈svAb Web zuπñAe

-> ≤KX∩≤zKXC

b Windows 2003 ¡xW Web z GUI DxJx°

pGXHU°≤Aho Web zG

v Web zObw

v Web zObw Microsoft® Internet Explorer ⌡µ

v Web zw WebSphere Application Server - Express O, V5.0

v IP D≈WOs Web z URL @í≈

FKoG

1. pG WebSphere Application Server - Express O, V5.0 Ob⌡µAN

http://localhost [JH⌠⌠MµC

² A. ° 307

Page 320: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

2. pG WebSphere Application Server - Express O, V5.0 Ob≈W⌡µA

N⌡µ Web í°Aº≈ IP D≈W[JH⌠⌠MµC

http://<IP address> http://<hostname>

n[J Web uH⌠⌠vMµG

1. ÷@Uuπ -> ⌠ ⌠⌠∩ -> w -> H⌠⌠ -> ⌠C

2. bu⌠vµñΘJ Web C

3. ÷@UsWC

4. ÷@UTwC

YnnJ≈WuWeb zuπvA Internet Explorer Web s²b

⌠µñΘJUC⌠G

http://localhost:9080/IDSWebApp/IDSjsp/Login.jsp

nnJ≈WuWeb zuπvA Internet Explorer Web s²b⌠

µñΘJUC⌠G

http://<IP address> or <hostname>:9080/IDSWebApp/IDSjsp/Login.jsp

AIX W Websphere Application Server - Expressb AIX]startServer.sh server1 IBM Websphere Application Server -Express O (WAS) AiαLk@A]≡]9090wgQ,C\

WAS_install_path/logs/server1 ²AHoΩΘxC÷MΣLΘx]iα]t\hΩTAq SystemErr.log M SystemOut.log OC

pGnNIBM Websphere Application Server - Express O≡q 9090

≤ 9091]b AIX ≈W≡AsΦ

WAS_install_path/config/cells/DefaultNode/virtualhosts.xml AN 9090 ≤

9091Cb

WAS_install_path/config/cells/DefaultNode/nodes/DefaultNode/servers/server1/server.xml

ñiµP≤C

: o⌠Γs DefaultNode l²C

bC@ñiµ@≤Ao@NΓ≤sC

Web zuπb HP-UX Wsuñ

pGzb HP-UX @tW Web zuπAh"]wUCAhN

Lktm¼≈⌡µⁿA tOΘ]ú¼C

Uϕ]tw Web zuπºe"]wMC

ϕ 19. HP-UX @ttm

256MB+ ΩΘOΘ

max_thread_proc 1024

maxusers 256

nproc 2068(+)

nkthread 3635(+)

308 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 321: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

: bz≤s max_thread_proc M maxusers ºßATwN nproc ] 2068

HWAN nkthread ] 3635 HWC

UC]wtmG

1. bⁿOúUAΘJGsam

outzzívC

2. ÷ΓUtmC

3. ÷ΓUtmC

4. ÷ΓUnsΦAbΘJsí/µñⁿwsC÷@UTwC

5. ½BJ 4AHBzn]wC@C

6. ÷@U@-->BzsC

7. pGnBz∩A÷@UOC

8. ∩NwßY÷≈/½sAMß÷@UTwC

\ IBM Directory Server 5.1 wPtmΓUAoΣLtm]wΩTC

Web zBϕµYMRAMµπyÑúT

oO HP-UX M AIX @tW gJDAúLΣL UNIX ¼t]iαo

PDC

⌠ L C _ A L L M L A N G "] J a v aΣyÑ⌠Ap

en_US.iso88591CzúαNª]w¿ POSIX CC

export LC_ALL=<new language>export LANG=<new language>

BϕµYMRAMµOH@nJ Web zuπíA

í²yÑxsCpGz≤F≈WyÑ⌠AiαoU

Cº¼pG

java.lang.InternalError: Can’t connect to X11 window server using ’:0.0’as the value of the DISPLAY variable.

at sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)at sun.awt.X11GraphicsEnvironment.<clinit>

(X11GraphicsEnvironment.java:58)at java.lang.Class.forName0(Native Method)at java.lang.Class.forName(Unknown Source)at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment

(GraphicsEnvironment.java:53)at sun.awt.motif.MToolkit.<clinit>(MToolkit.java:63)at java.lang.Class.forName0(Native Method)at java.lang.Class.forName(Unknown Source)at java.awt.Toolkit$2.run(Toolkit.java:507)at java.security.AccessController.doPrivileged(Native Method)at java.awt.Toolkit.getDefaultToolkit(Toolkit.java:498)at java.awt.Toolkit.getEventQueue(Toolkit.java:1171)at java.awt.EventQueue.invokeLater(EventQueue.java:506)at javax.swing.SwingUtilities.invokeLater(SwingUtilities.java:1086)at javax.swing.Timer.post(Timer.java:337)at javax.swing.TimerQueue.postExpiredTimers(TimerQueue.java:190)at javax.swing.TimerQueue.run(TimerQueue.java:226)at java.lang.Thread.run(Unknown Source)

pGn≤oº¼pAz"X DISPLAY Aª¿≈Ap⌡µí°A⌡µ≈CAbíí°A≈W⌡µ xhost +C

² A. ° 309

Page 322: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

bnX DISPLAY ≈WAoXUCⁿOG

export DISPLAY=<valid machine name>:0

b <valid machine name> WAoXUCⁿOG

xhost +

LkTπ HTML Sϕr

)°Aº¬ΩñSϕrLkb HTML ⌠WTπCoO% Web s

²e HTML Φíy¿DCthµrAp ″a b″ π¿ ″a

b″A t ’<’ SϕrrΩhQIAp ″abc<abc″π¿ ″abc″CoπpBUBϕµBÑѵC

Web zb Domino™ °AWn IBM JDKpGznN Web zuπtX Domino°A@Az" IBM 1.3.1 JDKC

Sun ú JDK NPqTºC

HUCX Domino °A¡εG

v z⌡\αLkoº@C

v Domino úΣwqrC

: Domino °AWrO@C]Az"∩Σ[ (+)

ΩsAA÷@UiA+α°C

ú

tmúΘX

btmíAziαJ@ IBM Directory tmíDCt@B

úBJAiH≤UzM IBM ΣñPy¿oD]C

b IBM Directory úñTΣtmíCΣñΓΣíOqⁿOµ⌡µAt@ΣO

GUI ¼íCtmípUG

v ldapcfg - ⁿOµíAtm Admin DN MΩw

v ldapucfg - ⁿOµíAúΩwtm

v ldapxcfg - GUI íAtmuz DNvBΩwH⌡µΣLU@C

÷oíΩTA\ IBM Tivoli Directory Server 5.2 wPtmΓUC

otmíΣΓDn\αG

v tm Admin DN PKX

v tmútmΩwAΓ@A IBM Directory

tm Admin DN @DFϕC@δ ÑAtm Admin DN ó@]

O] IBM Directory tm ( <install dir>/etc/ibmslapd.conf ) \ivQN≤A

ΘJL DN PC

ΩwtmΩwtmPútmOe÷XDí!C]OtmnoA\hA

]Ne÷oCiαvT∩Y]pUG

310 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 323: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v >≥¡xH@tC

v DB2 ≤AwgªwM≤C

: DB2 ú\húP¼AMnΘGPersona l Edi t ionBEnterpr i se

EditionBExtended Enterprise Edition ÑÑCboMnΘñA\hiHΣ

DB2 úP (7.1B7.2)ABC@iαhiM≤sbC

v bⁿvT≈P!ñiíqC

v ≤Ot nΘ≤∩⌠C

YΩwtmóA@DOuóH&p≤MHvC

UCUíiiµtmDúΘXC

ΘX t@uvΩTiG

v ⌡WΘXC

tmíúOqDxⁿOµúe]ldapcfgBldapucfgANO

%IDx]ldapxcfgCϕΩwtm@iµñA¼ATº

]HY¡Tºπb÷pDx°íñCYoDA

NoTºst#K»WAMßxsbñΣHC

v DB2 ΘxC

pGOq DB2 úADB2 qb /tmp ²ñTº/

]b UNIX ¡xWCYb UNIX tWoΩwtmDALn

db /tmp ²ñA≤tm@íúCb Windows tWAh

d≤ DB2 w²UAHzntmΩRW²º⌠≤ DB2

ΘxCpApGzObw] ldapdb2 ΩPΩwABz DB2

Owb D:\sqllib Ahznd D:\sqllib\ldadb2 ²]Y²sb

CSONb² ’db2diag.log’ C

v IBM Directory ΘxG

IBM Directory Njí≈tmOⁿb ’ldacfg.out’ ñCb UNIX ¡xWA

≤ /tmp ²ñCb Windows ¡xWAbz⌡µtm@

≈º ²C

ú!iÑúΘXtΓΘXAiiµtmDúCoΓlΦíúOb⌡

µtmºeA²]w⌠Cboú∩ñA&ÑONDx°í]w

iHApAϕ⌠≤Tº°íA+iH#A½sd%

TºC

JAVA_DEBUGN⌠]w⌠≤DAdG

JAVA_DEBUG=1

b UNIX ¡xWA export JAVA_DEBUG=1CooY Java mb

íXñúΩTAiHπb stdout W]DxC

LDAP_DBGN⌠]w⌠≤DCdG

LDAP_DBG =1

² A. ° 311

Page 324: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

b UNIX ¡xWA export LDAP_DBG=1Cpú² IBM Σ

PoíCW dbg.logC

b Windows NT M Windows 2000 ¡xWA dbg.log b <ldapinstalldir>/var ²ñCb UNIX ¡xWA dbg.log b /var/ldap ²ñC

: oúΘxñ]tíXSwΩTA«b IBM oñA

úOn ßCNH⌠≤ΣLúΩTe IBM Σí

C

ibmslapd ⁿO

ibmslapd ⁿOb UNIX tWΓAb Windows tWt@B

C

-h <debug_mask> ibmslapd úúΘX stdoutCdebug_mask O@BnAεú

ΘXAΣ¬ 65535C IBM AHC

-f <path_to_configuration_file>ⁿwϕ°AAtmmCpGzn)qtmAN

nCYSⁿwAibmslapd w]tmwb¡x mC

Windows tBG

-i <servicename>N IBM Directory w¿°AW@AC

-u <servicename>ú IBM Directory b°AWAC

°Aúí

YΘxúΩTú¼HMDAhiHbSϕúíU⌡µ IBM

Tivoli Directory ServerAHúDΩTC°Ai⌡µ ibmslapd "nqⁿ

Oúe⌡µA+αúΘXCΣykpUG

ldtrc onibmslapd -h bitmask

bΣñⁿw bitmask AMwúúΘXC

ϕ 20. ú

Q)i Qi í

0x0001 1 LDAP_DEBUG_TRACE )íΘJP⌠

0x0002 2 LDAP_DEBUG_PACKETS ]í

0x0004 4 LDAP_DEBUG_ARGS )nDΩ

0x0008 8 LDAP_DEBUG_CONNS suí

0x0010 16 LDAP_DEBUG_BER ΩsXPX

0x0020 32 LDAP_DEBUG_FILTER jMLo°≤

0x0040 64 LDAP_DEBUG_MESSAGE TltíP≤

0x0080 128 LDAP_DEBUG_ACL sεMµí

312 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 325: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ϕ 20. ú (≥)

Q)i Qi í

0x0100 256 LDAP_DEBUG_STATS @pΩ

0x0200 512 LDAP_DEBUG_THREAD ⌡µⁿpΩ

0x0400 1024 LDAP_DEBUG_REPL g@pΩ

0x0800 2048 LDAP_DEBUG_PARSE σRí

0x1000 4096 LDAP_DEBUG_PERFORMANCE ÷píßíαpΩ

0x1000 8192 LDAP_DEBUG_RDBM ÷píßíí (RDBM)

0x4000 16384 LDAP_DEBUG_REFERRAL αí

0x8000 32768 LDAP_DEBUG_ERROR ¼p

0xffff 65535 LDAP_DEBUG_ANY úh

pAYⁿw bitmask ″65535″ANπúΘXA] úπΩTC

¿AbⁿOúeñoXUCⁿOG

ldtrc off

zp IBM AñAΣ≤UúΘXMMDC

gⁿOµ]A≤ Windows ¡x

pGz Windows 2000 Windows NTABtmD°Aiµ gAb≤s

íAziαb ibmslapd ΘxñUCG

[IBM][CLI Driver] CLI0157E LkCSQLSTATE=S1507

oDMΦkONUCsW \sqllib\db2cli.ini ñG

[COMMON]TempDir=x:\<your directory>

Σñ x:\<your directory> ⁿwií≈ñY²CDB2 Ω

wNsgJo²CníqO znsW≤s²

wA²qúWLzn≤sjjpC

² A. ° 313

Page 326: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

314 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 327: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

² B. IBM UUID

ziHN DB2 tm¿jεnD LDAP @Ap IBM Tivoli Directory

Server ñ UIDCotm\h≥DG

ú"xsbC@ LDAP °AWAziHbo°AW≤s

CoϕzúiHb²≡ñⁿVΣL°A]tαCp

GzhD°A]Ph°Ai≤sATwz²zM

íu≤sΣñ@í°AWC±ΦíApGPbΓíPh°A

WíA B UID PANiαo gC

HUOziHjεnD UID @@ ÷CboñAziHbt

UID ϕµñoX SQL »zí]w@ DB2 ¡εCMß DB2 Tw

O@CpGno≥Az"Dp≤]w SQL »zíCo

eΓBJMwo SQL »zíCTBJ SQL ¡εC

1. MwznnD²π @CTwSD@Cbo

dñO UID CΩwiαwgo UID ApGSAho

"úO@CpGΩwñe½ UID AzNLkbBJ 3 ñ

]w¡εAúDzRúD@≤ªAª¿@C

2. Mw@ DB2 ϕµnxsAHϕµñ@µn]w DB2 ¡

εjεnD@Cz"D DB2 nA+αHvΦíjε

nDbµñ@CDB2 úbµ°WL 255 rµñ

CHA

v pGb LDAP ⌡ñⁿw°O 255 r≤.Ah DB2 ϕµñ

tµKiH@¡εssA w]AWM

WO@C

v pG°iαWL 255 rADB2 Núe\boµñC

LDAP °ADo¡εA]MPWt@µA²

ObWß[Wr ″_T″CoBIµ]t°QI¿ 255 r

CDB2 iHboµWAHoOz"@sW¡

εµC

ziHP°W¡AΦkOdªb LDAP ⌡ñwqA±ΦíA

uWeb zuπvCNApGO UID AIBM Tivoli Directory Server

⌡ñw]°O 256C]AoGΦíCbodñAN

"bµ ″UID_T″ ñ]w@@¡εCpGb ″UID″ µW]w¡εASQL ⁿONóAoO]Lk"nC

3. bMwn DB2 jεnD@ϕµMµºßAoX SQL ALTER TABLE»zíi DB2AUID e\@C

a. ⌡ DB2 ⁿOúC

v b Windows ñAb Windows ⁿOúUAΘJ db2cmdCo@

DB2 ⁿO°íC

v b UNIX ¡xWAH root ¡≈nJAMßΘJ su ldapdb2CoⁿO]

wT DB2 ⌠C

© Copyright IBM Corp. 2003 315

Page 328: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

b. b Windows ñAΘJ set db2instance=ldapdb2]b UNIX ¡xWúno

BJC

c. su ldapdb2CoUC≤ϕµ SQL ⁿO∩ LDAP °AΩ

w DB2 suC

d. ΣJUCⁿOG

db2 alter table "ldapdb2.uid" add CONSTRAINT const1 UNIQUE (uid_t)

o SQL »zí¡εCNAUNIQUE O uid_tA] UID

iHWL 255 rCqblApGΩwñe 255 r

úO@ADB2 Núe\ⁿwCbodñAo¡εⁿW

const1A²ziHNªⁿWQn⌠≤WCN¡εWA]ºßziαúh¡εAAe\D@CpGnúh@¡εAoXU

SQL ⁿOG

alter table "ldapdb2.uid" drop constraint const1

ϕísWπ UID ²A P²½A

LDAP °ANo#GX 20FpG

LDAPGX 20 - wgsb

316 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 329: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

² C. X

LDAP XiαúπbUCϕµñG

ϕ 21. @δ#X

Q i

Q )

i

Kní í

00 LDAP_SUCCESS 00 ¿\ nDwQ¿C

00 LDAP_OPERATIONS_ERROR 01 @ @oC

02 LDAP_PROTOCOL_ERROR 02 qT≤w qT≤wHWC

03 LDAP_TIMELIMIT_EXCEEDED 03 wWXí¡ε wWX LDAP í¡

εC

04 LDAP_SIZELIMIT_EXCEEDED 04 wWXjp¡ε wWX LDAP jp¡

εC

05 LDAP_COMPARE_FALSE 05 ± False ±@# FalseC

06 LDAP_COMPARE_TRUE 06 ± True ±@# TrueC

07 LDAP_STRONG_AUTH_NOT_SUPPORTED 07 jOOⁿΣ LDAP °AúΣjO

OC

08 LDAP_STRONG_AUTH_REQUIRED 08 njOO @njOOC

09 LDAP_PARTIAL_RESULTS 09 ¼í!GPα u#í!GC

10 LDAP_REFERRAL 0A w#α w#αC

11 LDAP_ADMIN_LIMIT_EXCEEDED 0B wWXz¡ε wWXz¡εC

12 LDAP_UNAVAILABLE_CRITICAL_EXTENSION 0C YWⁿΣ YWⁿΣC

13 LDAP_CONFIDENTIALITY_REQUIRED 0D n≈K n≈KC

14 LDAP_SASLBIND_IN_PROGRESS 0E SASL siµñ SASL sbiµñC

16 LDAP_NO_SUCH_ATTRIBUTE 10 L ⁿw¼úsb

ñC

17 LDAP_UNDEFINED_TYPE 11 ¼wq ⁿw¼LC

18 LDAP_INAPPROPRIATE_MATCHING 12 ±úT Lo°≤¼ⁿⁿw

ΣC

19 LDAP_CONSTRAINT_VIOLATION 13 ¡εHW ⁿwH#Y¡

ε]pAlHa=h

µAYµ=°C

20 LDAP_TYPE_OR_VALUE_EXISTS 14 ¼wsb ⁿw¼

wsbñC

21 LDAP_INVALID_SYNTAX 15 ykL ⁿwLC

32 LDAP_NO_SUCH_OBJECT 20 L½≤ ⁿw½≤úsb²

ñC

33 LDAP_ALIAS_PROBLEM 21 OWD ²ñOWⁿVúsb

C

34 LDAP_INVALID_DN_SYNTAX 22 DN ykL ⁿw DN ykLC

35 LDAP_IS_LEAF 23 ½≤O¡I ⁿw½≤O¡IC

© Copyright IBM Corp. 2003 317

Page 330: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ϕ 21. @δ#X (≥)

Q i

Q )

i

Kní í

36 LDAP_ALIAS_DEREF_PROBLEM 24 OWD NOWo

DC

48 LDAP_INAPPROPRIATE_AUTH 30 OúT ⁿwOúT]

pAwⁿw

LDAP_AUTH_SIMPLEA

²S userPassword

C

49 LDAP_INVALID_CREDENTIALS 31 L úXL]pA

KXC

50 LDAP_INSUFFICIENT_ACCESS 32 svú¼ S¼≈sv

i⌡µ@C

51 LDAP_BUSY 33 DSA u@ñ DSA bu@ñC

52 LDAP_UNAVAILABLE 34 DSA Lk DSA LkC

53 LDAP_UNWILLING_TO_PERFORM 35 DSA ú@⌡µ DSA ú@⌡µ@C

54 LDAP_LOOP_DETECT 36 jΘ wjΘC

64 LDAP_NAMING_VIOLATION 40 RWHW oRWHWC

65 LDAP_OBJECT_CLASS_VIOLATION 41 ½≤OHW o½≤OHW]

pAñ≥u"n

vC

66 LDAP_NOT_ALLOWED_ON_NONLEAF 42 @úe\bD¡I @úe\bD¡I½

≤W⌡µC

67 LDAP_NOT_ALLOWED_ON_RDN 43 @úe\b RDN @úe\b RDN W⌡

µC

68 LDAP_ALREADY_EXISTS 44 wsb wsbC

69 LDAP_NO_OBJECT_CLASS_MODS 45 Lk∩½≤O úe\∩½≤OC

70 LDAP_RESULTS_TOO_LARGE 46 GLj GLjC

71 LDAP_AFFECTS_MULTIPLE_DSAS 47 vTh½ DSA vTh½ DSAC

80 LDAP_OTHER 50 ú oúC

81 LDAP_SERVER_DOWN 51 LkP LDAP °Aq

T

L D A P íwLkP

LDAP °AqTC

82 LDAP_LOCAL_ERROR 52 oYCoq

OOΘtmóC

83 LDAP_ENCODING_ERROR 53 sX bNne LDAP °A

sXAo

C

84 LDAP_DECODING_ERROR 54 X bN) LDAP °A

GXAoC

85 LDAP_TIMEOUT 55 O ÑGAWXí¡

εC

86 LDAP_AUTH_UNKNOWN 56 OΦkú bs@ⁿwOΦ

kúC

318 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 331: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ϕ 21. @δ#X (≥)

Q i

Q )

i

Kní í

87 LDAP_FILTER_ERROR 57 jMLo°≤ ú ldap_search Lo

°≤L]pAAú

¿∩C

88 LDAP_USER_CANCELLED 58 °@ °F@C

89 LDAP_PARAM_ERROR 59 ú LDAP í

Is LDAP í

]pANULL ld

ⁿC

90 LDAP_NO_MEMORY 5A OΘú¼ b LDAP íwíñ

OΘtm]pA

mallocIsóC

91 LDAP_CONNECT_ERROR 5B su suoC

92 LDAP_NOT_SUPPORTED 5C ⁿΣ ⁿΣC

93 LDAP_CONTROL_NOT_FOUND 5D Σúε ΣúεC

94 LDAP_NO_RESULTS_RETURNED 5E #G #GC

95 LDAP_MORE_RESULTS_TO_RETURN 5F Gn# Gn#C

96 LDAP_URL_ERR_NOTLDAP 60 URL YúO ldap:// URL úOH ldap:// YC

97 LDAP_URL_ERR_NODN 61 URL S DN]"n URL S]t DN]"n

C

98 LDAP_URL_ERR_BADSCOPE 62 URL d≥rΩL URL d≥rΩLC

99 LDAP_URL_ERR_MEM 63 LktmOΘí LktmOΘíC

100 LDAP_CLIENT_LOOP 64 ßjΘ ßjΘC

101 LDAP_REFERRAL_LIMIT_EXCEEDED 65 wWXα¡ε wWXα¡εC

112 LDAP_SSL_ALREADY_INITIALIZED 70 Bzy¡wQIs

ldap_ssl_client_init

bBzy¡wQI

s ldap_ssl_client_initC

113 LDAP_SSL_INITIALIZE_FAILED 71 l]wIsó SSL l]wIsóC

114 LDAP_SSL_CLIENT_INIT_NOT_CALLED 72 SSL suº

eA"²Is

ldap_ssl_client_init

b SSL suº

eA"²Is

ldap_ssl_client_initC

115 LDAP_SSL_PARAM_ERROR 73 ²eⁿw SSL L

²eⁿw SSL L

C

116 LDAP_SSL_HANDSHAKE_FAILED 74 Lks SSL °A Lks SSL °AC

117 LDAP_SSL_GET_CIPHER_FAILED 75 iαúAΣAú

C

118 LDAP_SSL_NOT_AVAILABLE 76 Σú SSL íw Tw GSKit wgwC

128 LDAP_NO_EXPLICIT_OWNER 80 ΣúT ΣúTC

129 LDAP_NO_LOCK 81 LkoΩw ßíwLkΩw"

nΩC

úºAldap.h ñ]wqUCP DNS ÷XG

² C. X 319

Page 332: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ϕ 22. DNS ÷#X

Qi

Q)i

í

133 LDAP_DNS_NO_SERVERS 85 Σú LDAP °A

134 LDAP_DNS_TRUNCATED 86 iGDNS GQI

135 LDAP_DNS_INVALID_DATA 87 DNS ΩL

136 LDAP_DNS_RESOLVE_ERROR 88 LkRt⌠W°A

137 LDAP_DNS_CONF_FILE_ERROR 89 DNS tm

ldap.h ñwqUCP UTF8 ÷XG

ϕ 23. UTF8 ÷#X

Qi

Q )

i

í

160 LDAP_XLATE_E2BIG A0 ΘXw

161 LDAP_XLATE_EINVAL A1 ΘJwQI

162 LDAP_XLATE_EILSEQ A2 ΘJrLk

163 LDAP_XLATE_NO_ENTRY A3 SrXIi∩M

320 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 333: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

² D. Root DSE ñ½≤OX (OID) P

UCUπ OID M≤ IBM Tivoli Directory Server 5.2Co OID M

Ob Root DSE ñCRoot DSE ]t°A¡÷ΩTC

IBM Tivoli Directory Server wq LDAP °Aú root DSE AHúz

÷ LDAP °AΩTCpAziαQnD°AΣ LDAPC

YnCX Root DSE ñ OID MA⌡µUCⁿOG

ldapsearch -D <AdminDN> -w <Adminpw> -s base-b "" objectclass=* * ibm-supportedcapabilitiesibm-enabledcapabilities

pΣLΩTA\ IBM Tivoli Directory Server Version 5.2 C-Client SDK

Programming ReferenceC

Root DSE ñ

UCOb Root DSE ñG

namingcontextsOdb°AñRWwqC

∩°ADδvRWwqCpG°AúDδ

v⌠≤ΩT]pAªO X.500 ² LDAP hDAh.C

pG°AH)v]tπ²Aµ@A BOrΩ]ⁿ

X Root DNCoi0\ßbs°A∩XA≥ª½≤

iµjM]wq≤tmñ¬hrMµC

ibm-configurationnamingcontextxs°AtmrCb 5.2 ñAoO cn=configurationC

subschemasubentry

Ol⌡WA°Abl⌡ñOiⁿw

⌡CªO]w cn=schemaC

security°AÑw SSL ≡Ap 636Cuϕ°AF SSL Ao

+XC

port °AÑDw≡Ap 389Cuϕ°ASw≡Ao

+XC

supportedsaslmechanismsΣ SASL w\αMµC

O°AΣΣ SASL ≈εWCpG°AúΣ⌠≤≈

εAhSC]twn²≤°A⌠≤ SASL ≈εC

supportedldapversionµ°AΩ@ LDAP C

O°AΩ@ LDAP qT≤wC 2 M 3C

© Copyright IBM Corp. 2003 321

Page 334: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ibmdirectoryversionw≤°A IBM Tivoli Directory Server Cµ 5.2C

ibm-enabledcapabilitiesC°AWe°A\αC\ 323yΣP\α

OIDzAHo÷C

ibm-ldapservicenameⁿw°AD≈WCpGwqF K e r b e r o s ΓAΣµíK

hostname@realmnameC

ibm-serverId°AlAⁿw°A@ IDCo ID i≤ gAHP

°AñΓC

vendornameo LDAP úCb IBM Tivoli Directory Server ñAoO]

International Business Machines (IBM)C

vendorversionb IBM Tivoli Directory Server 5.2A O] 5.2C

ibm-sslciphersⁿw°AΣ[KΦkMµCMµµírt∩C

ibm-slapdSizeLimit¡εDzºjM#qC

ibm-slapdTimeLimitⁿw°ABzDzºjMnDßOϕW¡C

ibm-slapdDerefAliasesíp≤tm°AHBzC

ibm-supportedAuditVersionΣfCpAb 5.2 ñA°AΣ 2 fAif

@C

ibm-supportedACIMechanismsC°AΣ ACL íC\ 324yACI ≈ε OIDzAH

o÷C

ibm-supportedcapabilitiesC°AeΣ°A\αC\ 323 yΣP\α

OIDzAHo÷C

ibm-supportedcontrolsC°AiδεC\ 325yε OIDzAHo÷

C

ibm-supportedextensionsC°AΣ@C\ 324y@ OIDzAHo

÷C

322 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 335: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ΣP\α OIDUϕπwΣP\α OIDCziHo OID dOSw°A

Σo\αC

ϕ 24. ΣP\α OID

í ⁿw OID

j gí wq IBM Directory Server 5.1 i gíA

]Al≡MÑíC gC

1.3.18.0.2.32.1

Md ⁿX°AΣ i b m - e n t r y c h e c k s u m M

ibm-entrychecksumop \αC

1.3.18.0.2.32.2

UUID CbΣ ibm-entryuuid ºr

ibm-capabilities lñC

1.3.18.0.2.32.3

Lo ACL wq°AΣ IBM Filter ACL í 1.3.18.0.2.32.4

KXh wq°AΣKXh 1.3.18.0.2.32.5

DN úF@δºAt DN jMC 1.3.18.0.2.32.6

zsNϕ °AΣN°Aze⌠tmßí

ñⁿw@szC

1.3.18.0.2.32.8

²Aw °AΣ²Aw\αA]A¬gOM≥

µ⌡µⁿC

1.3.18.0.2.32.9

OW∩ °AΣw]únOW∩ 1.3.18.0.2.32.10

znífOⁿ °AΣznífC 1.3.18.0.2.32.11

jMLo°≤R °AΣjMLo°≤RC 1.3.18.0.2.32.13

Al °AΣ LDAP @°A@ñl

C

1.3.18.0.2.32.14

Ml≡A≤s °AΣMl≡WAtm≤sC 1.3.18.0.2.32.15

s@ Iµs@°A\αC 1.3.18.0.2.32.16

sSwjM¡ε Σ@sHXRjM¡εC 1.3.18.0.2.32.17

IBMpolicies gl≡ °AΣ cn=IBMpolicies l≡ gC 1.3.18.0.2.32.18

jOd¡≤Θx ⁿw°Aα≈ Od¡Od≤Θx

C

1.3.18.0.2.32.19

Oⁿp °AúTºsW°ABⁿOµMf

ΘxOⁿpC

1.3.18.0.2.32.20

@ñu@íΩT °Aú@ñu@íΩT

(cn=workers,cn=monitor)C

1.3.18.0.2.32.21

su¼p °Aú SSL M TLS susu¼p

C

1.3.18.0.2.32.22

suΩT °Aú I P Dsu I D

(cn=connections, cn=monitor) suΩTC

1.3.18.0.2.32.23

@p °AúwlMw¿@¼s@

pC

1.3.18.0.2.32.24

lΩT °Aúel∩ΩTC 1.3.18.0.2.32.25

¼íl≡jM °A0\¼íl≡jMAjMwq≤°A

ñπ DITC

1.3.18.0.2.32.26

Proxy v °AΣ@suProxy vvC 1.3.18.0.2.32.27

TLS \α ⁿw°AΩiH⌡µ TLSC 1.3.18.0.2.32.28

² D. Root DSE ñ½≤OX (OID) P 323

Page 336: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ϕ 24. ΣP\α OID (≥)

í ⁿw OID

D g °AiHñq] °A¼í

≈Ao@δPwa½sΘ≤

sA¼¿\GNXεC

1.3.18.0.2.32.29

Kerberos \α ⁿw°AiH KerberosC 1.3.18.0.2.32.30

ibm-allMembers M ibm-allGroups

@

ⁿXßíOΣjM ibm-allGroups M

ibm-allMembers @C

1.3.18.0.2.32.31

yÑ °AΣyÑC 1.3.6.1.4.1.4203.1.5.4

GSKit FIPS í ²°Aα≈ ICC FIPS w[KtΓk 1.3.18.0.2.32.32

ACI ≈ε OIDUϕπ ACI ≈ε OIDC

ϕ 25. ACI ≈ε OID

í ⁿw OID

IBM SecureWay V3.2 ACL í ⁿX L D A P °AΣ I B M

SecureWay V3.2 ACL í

1.3.18.0.2.26.2

IBM Lo°≤¼í ACL ≈ε ⁿX LDAP °AΣ IBM Directory

Server v5.1 Lo°≤¼í ACLC

1.3.18.0.2.26.3

t¡εí ACL Σ °AΣtM¡ε ACL ⁿ

wM⌠C

1.3.18.0.2.32.7

@ OIDUϕπ@ OIDC

ϕ 26. @ OID

í ⁿw OID

≤n²nD SecureWay V3.2 Event ñ≤nDn²ΣC 1.3.18.0.2.12.1

≤°n²nD °n²wn²u≤n²nDv≤C 1.3.18.0.2.12.3

lº l SecureWay V3.2 ºíWUσ 1.3.18.0.2.12.5

⌠º ⌠ SecureWay V3.2 ºíWUσ]Tw/# 1.3.18.0.2.12.6

Ñíε g @boX∩H°AW⌡µnD

@Ab gñÑíCΣU

IsC

1.3.18.0.2.12.15

ε g @O%újεY gB g

# gCuϕß∩ g≤w≤sv¡

+0\o@C

1.3.18.0.2.12.16

ε gεC @∩ⁿw≤wuw gvCu

ϕß∩ g≤w≤sv¡+0\o@

C

1.3.18.0.2.12.17

Rε°Rε°A @Nl≡m≤úⁿß≤s¼A]

ε¼AA²O)wO²zX

u°Azvεºß≤súC

1.3.18.0.2.12.19

324 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 337: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ϕ 26. @ OID (≥)

í ⁿw OID

MúΘxnD MúΘxnDC 1.3.18.0.2.12.20

oσrµnD qΘxoσrµnDC 1.3.18.0.2.12.22

µnD nDΘxñµC 1.3.18.0.2.12.24

Bε°AnD Bε½s LDAP °AnDC 1.3.18.0.2.12.26

≤stmnD ≤s IBM Directory Server °AtmnDC 1.3.18.0.2.12.28

DN WnD W DN DN nDC 1.3.18.0.2.12.30

RúsunD Rú°AWºsunDCnDiHORú

suA s DNBIP )Sw IP s

DN RúsuC

1.3.18.0.2.12.35

¼nD owsu¼vnDC 1.3.18.0.2.12.37

ε°Al ε IBM Directory Server ñlC 1.3.18.0.2.12.40

TLS uΘhw (Transport Layer Security)v

nDC

1.3.6.1.4.1.1466.20037

@ ⌡µ@\α 1.3.18.0.2.6.574

¼@ ÷Σ\αG@ByÑB

B@tmC

1.3.18.0.2.12.46

ε OIDUϕπε OIDC

ϕ 27. ε OID

í ⁿw OID

ºíWUσ N@ SecureWay V3.2 ºíWUσ

@í≈C

1.3.18.0.2.10.5

°Az ϕ≤s@@δQípU]°AwR

εB¬ °AÑÑA0\ziµ

@C

1.3.18.0.2.10.15

gúsε pGúOhD°AAεK%ú

sWC

1.3.18.0.2.10.18

wjM 0\ß ≥Mµ¼jMGAΣñ

C≥úNϕ@jMΣC

1.2.840.113556.1.4.319

!jMG 0\jMnD#ΩqzC 1.2.840.113556.1.4.473

≡Rúε oεOsuRúvnDAⁿXnRúⁿ

wMßNC

1.2.840.113556.1.4.805

KXh KXhnD# 1.3.6.1.4.1.42.2.27.8.5.1

z DSAIT π ″ref″ Q°@δA0\

ßi¬M∩oC

2.16.840.1.113730.3.4.2

² D. Root DSE ñ½≤OX (OID) P 325

Page 338: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

326 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 339: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

² E. LDAP Ωµ½µí (LDIF)

σ≤í LDAP Ωµ½µí (LDIF)Aµí≤ ldapmodifyBldapsearch H

ldapadd ÑíñCIBM Directory H°Aí]Σoⁿw

LDIFC

LDIF OHσrµíe LDAP CLDIF ≥µípUG

dn: <OW><attrtype> : <attrvalue><attrtype> : <attrvalue>...

Yn≥U@µAibU@µY@µrApG

dn: cn=John E Doe, o=University of HigherLearning, c=US

h½nbúPµWⁿwApG

cn: John E Doecn: John Doe

Y <attrvalue> ñ]tD US-ASCII rAHµ ’:’ YA<attrtype> º

ßn≥ΓABΣnH base-64 ϕksXCpA ″ begins with a space″nsX¿pG

cn:: IGJlZ2lucyB3aXRoIGEgc3BhY2U=

P@ LDIF ñhºínH@µµ!jChµµQ°ΦW

C

LDIF d

HUO]tTd LDIF C

dn: cn=John E Doe, o=University of Higher Learning, c=UScn: John E Doecn: John Doeobjectclass: personsn: Doe

dn: cn=Bjorn L Doe, o=University of Higher Learning, c=UScn: Bjorn L Doecn: Bjorn Doeobjectclass: personsn: Doe

dn: cn=Jennifer K. Doe, o=University of Higher Learning, c=UScn: Jennifer K. Doecn: Jennifer Doeobjectclass: personsn: Doe

© Copyright IBM Corp. 2003 327

Page 340: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

jpegPhoto:: /9j/4AAQSkZJRgABAAAAAQABAAD/2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVG...

b Jennifer Jensen ñ jpegPhoto OH base-64 sXCσr¼]iH

base-64 µíⁿwCúLAbípUAbase-64 sX"qT≤w wire µí

rX]τYAb LDAP V2 ñO IA5 rAb LDAP V3 ñO UTF-8 sXC

1 LDIF Σ

ßí (ldapmodify M ldapadd) úwg[jiHδ LDIF sAo

O%Y ″version: 1″ OCMl LDIF úPaΦOAs

LDIF ΣH UTF-8 e] úO¡εh US-ASCIIC

úLAYnΓ]t UTF-8 LDIF Aiαx°CF Bz

Atb LDIF µíñΣrXRCXRⁿb LDIF YBAⁿw

IANA rW]MX@CtiΣ@Tw IANA rCpC

@@t¡xΣSwrA\ 329 y¡xΣ IANA r

zC

1 LDIF µí]iHΣ URLC\αúH≤uΦkwqW

µC URL µípUG

attribute:< file:///path ]⌠yk°¡xw

pAUCO⌠G

jpegphoto:< file:///d:\temp\photos\myphoto.jpg ]DOS/Windows ¼⌠jpegphoto:< file:///etc/temp/photos/myphoto.jpg ]UNIX ¼⌠

: úⁿwWµO>≥AIBM Directory íiHPΣs URL

WµH¼í]pA″jpegphoto: /etc/temp/myphoto″C½yíAYSb LDIF ñ[JA]iHs URL µíC

1 LDIF d

ziH∩rAí)Nⁿwr૨ UTF-8ApUCd

G

version: 1charset: ISO-8859-1

dn: cn=Juan Griego, o=University of New Mexico, c=UScn: Juan Griegosn: Griegodescription:: V2hhdCBhIGNhcmVmdWwgcmVhZGVyIHlvdtitle: Associate Deantitle: [title in Spanish]jpegPhoto:> file:///usr/local/photos/jgriego.jpg

bΩñA≥bWHµ@ºßAúq ISO-8859-1 rα½

UTF-8C≥bWMΓºß]p description:: V2hhdCBhIGNhcm...A

"H base-64 sXAB"OGi UTF-8 rΩCq¬Apbe

zdñH⌠ⁿw jpegPhoto A]"OGi UTF-8C∩≤o¼A

tú⌡µqⁿwurvα½ UTF-8 @C

328 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 341: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

bHUoSⁿwr LDIF dñAtwΣeO UTF-8A

base-64 sX UTF-8A base-64 sXGiΩG

# IBM Directorysample LDIF file## The suffix "o=IBM, c=US" should be defined before attempting to load# this data.

version: 1

dn: o=IBM, c=USobjectclass: topobjectclass: organizationo: IBM

dn: ou=Austin, o=IBM, c=USou: Austinobjectclass: organizationalUnitseealso: cn=Linda Carlesberg, ou=Austin, o=IBM, c=US

o]iHú]t version: 1 YΩTApPb IBM Directory ñΦ

íG

# IBM Directorysample LDIF file## The suffix "o=IBM, c=US" should be defined before attempting to load# this data.

dn: o=IBM, c=USobjectclass: topobjectclass: organizationo: IBM

dn: ou=Austin, o=IBM, c=USou: Austinobjectclass: organizationalUnitseealso: cn=Linda Carlesberg, ou=Austin, o=IBM, c=US

: σr¼iH base-64 µíⁿwC

¡xΣ IANA r

UCϕµñ U¡xAwqb 1 LDIF ñrBAiH]w

IANA wqrC¬µñwqibrñⁿwrΩC″X″ ϕb÷p¡xWAiHΣqⁿwrα½ UTF-8AB]b LDIF ñ

rΩeúOHⁿwreC″L″ ϕb÷p¡xWAúΣα½C

rΩewqOⁿ≥bWHµ@ºßC

po÷ IANA n²rΩTA\ IANA Character SetsC

ϕ 28.

r yÑ⌠ DB2 rX

W HP-UX L i n u x ,

Linux_390,

NT AIX Solaris UNIX NT

ISO-8859-1 X X X X X 819 1252

ISO-8859-2 X X X X X 912 1250

ISO-8859-5 X X X X X 915 1251

² E. LDAP Ωµ½µí (LDIF) 329

Page 342: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ϕ 28. (≥)

ISO-8859-6 X X X X X 1089 1256

ISO-8859-7 X X X X X 813 1253

ISO-8859-8 X X X X X 916 1255

ISO-8859-9 X X X X X 920 1254

ISO-8859–15 X L X X X

IBM437 L L X L L 437 437

IBM850 L L X X L 850 850

IBM852 L L X L L 852 852

IBM857 L L X L L 857 857

IBM862 L L X L L 862 862

IBM864 L L X L L 864 864

IBM866 L L X L L 866 866

IBM869 L L X L L 869 869

IBM1250 L L X L L

IBM1251 L L X L L

IBM1253 L L X L L

IBM1254 L L X L L

IBM1255 L L X L L

IBM1256 L L X L L

TIS-620 L L X X L 874 874

EUC-JP X X L X X 954 L

EUC-KR L L L X X* 970 L

EUC-CN L L L X X 1383 L

EUC-TW X L L X X 964 L

Shift-JIS L X X X X 932 943

KSC L L X L L L 949

GBK L L X X L 1386 1386

Big5 X L X X X 950 950

GB18030 L X X X X

HP15CN X (D

GB18030)

* b Solaris 7 ΣC

:

1. q www.sun.com and www.microsoft.com oAϕíßYiΣsñσ

r (GB18030)

2. b Windows 2000 @tWAz"]w⌠ zhCNGB18030=TRUEC

330 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 343: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

² F. IPv6 Σ

Internet Protocol Version 6 (IPv6) O IETF ]pqT≤wAHNµ Internet

qT≤wAIP Version 4 (IPv4)CIPv6 IPv4 ñ\hDApⁿ¡εi

IPv4 CIPv6 d≥± IPv4 s]128 ∩ 32 AB∩

TCP íhy¿vTCªP]∩FpeM⌠⌠)tmÑΓCIPv6 w

ÑÑaN IPv4C

b AIX W IPv6 Σ

AIX ßM°AíwHΣ IPv6CIPv4 P IPv6 º LDAP URL

µípUG

v pGnb URL ñσr¼ IPv4 AΣµí x.x.x.x:portCíA

URL ñ LDAP °AW ldap://9.53.90.21:80C

v pGnϕ RFC 2732AURL ñσr¼ IPv6 "AW [ P ] rCíAURL ñ LDAP °AWG

– ldap://[107:0:0:0:200:7051]:80

– ldap://[::ffff:9.53.96.21]

© Copyright IBM Corp. 2003 331

Page 344: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

332 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 345: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

² G. IBM Tivoli Directory Server 5.2 nwq

attributetypes=( 1.3.18.0.2.4.285NAME ’aclEntry’DESC ’Ossε≤ IBM eNetwork LDAP²’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.285DBNAME( ’aclEntry’ ’aclEntry’ )ACCESS-CLASS restrictedLENGTH 32700 )

attributetypes=( 1.3.18.0.2.4.286NAME ’aclPropagate’DESC ’ⁿX ACL OnM≤l≡C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.286DBNAME( ’aclPropagate’ ’aclPropagate’ )ACCESS-CLASS restrictedLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.287NAME ’aclSource’DESC ’ⁿX ACL OnM≤l≡C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.287DBNAME( ’aclSource’ ’aclSource’ )ACCESS-CLASS systemLENGTH 1000 )

attributetypes=( 2.5.4.1NAME ( ’aliasedObjectName’ ’aliasedentryname’ )DESC ’NϕbOWⁿwⁿVC’EQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 2.5.4.1DBNAME( ’aliasedObject’ ’aliasedObject’ )ACCESS-CLASS normalLENGTH 1000EQUALITY )

attributetypes=( 1.3.6.1.4.1.1466.101.120.6NAME ’altServer’DESC ’OΣL°A URLϕLk°AAYsoΣL°AC’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26USAGE dSAOperation )IBMAttributetypes=( 1.3.6.1.4.1.1466.101.120.6DBNAME( ’altServer’ ’altServer’ )ACCESS-CLASS normalLENGTH 2048 )

attributetypes=( 2.5.21.5NAME ’attributeTypes’DESC ’qObl⌡ñA xs°AwM

© Copyright IBM Corp. 2003 333

Page 346: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

objectClassesC’EQUALITY 2.5.13.30SYNTAX 1.3.6.1.4.1.1466.115.121.1.3USAGE directoryOperation )IBMAttributetypes=( 2.5.21.5DBNAME( ’attributeTypes’ ’attributeTypes’ )ACCESS-CLASS systemLENGTH 30EQUALITY )

attributetypes=( 2.5.4.15NAME ’businessCategory’DESC ’í⌡µC’EQUALITY 2.5.13.2SUBSTR 2.5.13.4SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE userApplications )IBMAttributetypes=( 2.5.4.15DBNAME( ’businessCategory’ ’businessCategory’ )ACCESS-CLASS normalLENGTH 128EQUALITYSUBSTR)

)attributetypes=( 2.16.840.1.113730.3.1.5NAME ’changeNumber’DESC ’]tú°Aⁿw≤XC’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUENO-USER-MODIFICATIONUSAGE userApplications )IBMAttributetypes=( 2.16.840.1.113730.3.1.5DBNAME( ’changeNumber’ ’changeNumber’ )ACCESS-CLASS normalLENGTH 11EQUALITY APPROX )

attributetypes=( 2.16.840.1.113730.3.1.8NAME ’changes’DESC ’wq∩²°A≤Co≤OLDIF µíC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUENO-USER-MODIFICATIONUSAGE userApplications )IBMAttributetypes=( 2.16.840.1.113730.3.1.8DBNAME( ’changes’ ’changes’ )ACCESS-CLASS sensitive )

attributetypes=( 2.16.840.1.113730.3.1.77NAME ’changeTime’DESC ’W≤íC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUENO-USER-MODIFICATIONUSAGE userApplications )IBMAttributetypes=( 2.16.840.1.113730.3.1.77DBNAME( ’changeTime’ ’changeTime’ )ACCESS-CLASS normalLENGTH 30 )

attributetypes=( 2.16.840.1.113730.3.1.7NAME ’changeType’DESC ’í∩⌡µ≤¼Cⁿ

334 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 347: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

]AGaddBdeleteBmodifyBmodrdnC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUENO-USER-MODIFICATIONUSAGE userApplications )IBMAttributetypes=( 2.16.840.1.113730.3.1.7DBNAME( ’changeType’ ’changeType’ )ACCESS-CLASS normalLENGTH 250EQUALITY )

attributetypes=( 2.5.4.3NAME ( ’cn’ ’commonName’ )DESC ’oO X.500 commonName A]t½≤WCpG½≤∩HAqOHWC’SUP 2.5.4.41EQUALITY 2.5.13.2ORDERING 2.5.13.3SUBSTR 2.5.13.4USAGE userApplications )IBMAttributetypes=( 2.5.4.3DBNAME( ’cn’ ’cn’ )ACCESS-CLASS normalLENGTH 256EQUALITYORDERINGSUBSTRAPPROX )

attributetypes=( 2.5.18.1NAME ’createTimestamp’DESC ’]t²íC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 2.5.18.1DBNAME( ’ldap_entry’ ’create_Timestamp’ )ACCESS-CLASS systemLENGTH 26 )

attributetypes=( 2.5.18.3NAME ’creatorsName’DESC ’]t²C’EQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 2.5.18.3DBNAME( ’ldap_entry’ ’creator’ )ACCESS-CLASS systemLENGTH 1000EQUALITY )

attributetypes=( 2.16.840.1.113730.3.1.10NAME ’deleteOldRdn’DESC ’ⁿOnOd RDN ¿X’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUENO-USER-MODIFICATIONUSAGE userApplications )IBMAttributetypes=( 2.16.840.1.113730.3.1.10DBNAME( ’deleteOldRdn’ ’deleteOldRdn’ )ACCESS-CLASS normal

² G. IBM Tivoli Directory Server 5.2 "nwq 335

Page 348: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

LENGTH 5 )

attributetypes=( 2.5.4.13NAME ’description’DESC ’CIM M LDAP ⌡@qAú²½≤°íC’EQUALITY 2.5.13.2SUBSTR 2.5.13.4SYNTAX1.3.6.1.4.1.1466.115.121.1.15USAGE userApplications )IBMAttributetypes=( 2.5.4.13DBNAME( ’description’ ’description’ )ACCESS-CLASS normalLENGTH 1024EQUALITYSUBSTR )

attributetypes=( 2.5.21.2NAME ’ditContentRules’DESC ’\ RFC 2252C’EQUALITY 2.5.13.30SYNTAX 1.3.6.1.4.1.1466.115.121.1.16USAGE directoryOperation )IBMAttributetypes=( 2.5.21.2DBNAME( ’ditContentRules’ ’ditContentRules’ )ACCESS-CLASS systemLENGTH 256EQUALITY )

attributetypes=( 2.5.21.1NAME ’ditStructureRules’DESC ’\ RFC 2252C’EQUALITY 2.5.13.29SYNTAX 1.3.6.1.4.1.1466.115.121.1.17USAGE directoryOperation )IBMAttributetypes=( 2.5.21.1DBNAME( ’ditStructureRules’ ’ditStructureRules’ )ACCESS-CLASS systemLENGTH 256EQUALITY )

attributetypes=( 2.5.4.49NAME ( ’dn’ ’distinguishedName’ )DESC ’¼úO ½≤¡WAOt DN yk≥ª¼CñúiଭC’EQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12USAGE userApplications )IBMAttributetypes=( 2.5.4.49DBNAME( ’dn’ ’dn’ )ACCESS-CLASS normalLENGTH 1000EQUALITY )

attributetypes=( 1.3.18.0.2.4.288NAME ’entryOwner’DESC ’ⁿXOⁿOWO’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.288DBNAME( ’entryOwner’ ’entryOwner’ )

336 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 349: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ACCESS-CLASS restrictedLENGTH 1000 )

attributetypes=( 2.5.18.9NAME ’hasSubordinates’DESC ’ⁿXO⌠≤lhsb≤OsºUC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 2.5.18.9DBNAME( ’hasSubordinates’ ’hasSubordinates’ )ACCESS-CLASS systemLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2244NAME ’ibm-allGroups’DESC ’sCiαOzL memberBuniqueMember memberURL AízL ibm-memberGroup ¿C¬@]ú\≤Lo°≤ñC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12NO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2244DBNAME( ’allGroups’ ’allGroups’ )ACCESS-CLASS normalLENGTH 1000 )

attributetypes=( 1.3.18.0.2.4.2243NAME ’ibm-allMembers’DESC ’s¿CiαOzLmemberBuniqueMember memberURL AízLibm-memberGroup ¿C¬@]ú\≤Lo°≤ñC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12NO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2243DBNAME( ’ibmallMembers’ ’ibmallMembers’ )ACCESS-CLASS normalLENGTH 1000 )

attributetypes=( 1.3.18.0.2.4.1077NAME ’ibm-audit’DESC ’TRUE FALSECfACw] FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1077DBNAME( ’audit’ ’audit’ )ACCESS-CLASS criticalLENGTH 16 )

attributetypes=( 1.3.18.0.2.4.1073NAME ’ibm-auditAdd’DESC ’TRUE FALSECⁿXOnΘxOⁿusWv@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1073DBNAME( ’auditAdd’ ’auditAdd’ )ACCESS-CLASS criticalLENGTH 16 )

² G. IBM Tivoli Directory Server 5.2 "nwq 337

Page 350: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

attributetypes=( 1.3.18.0.2.4.1070NAME ’ibm-auditBind’DESC ’TRUE FALSECⁿXOnΘxOⁿusv@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1070DBNAME( ’auditBind’ ’auditBind’ )ACCESS-CLASS criticalLENGTH 16 )

attributetypes=( 1.3.18.0.2.4.1071NAME ’ibm-auditDelete’DESC ’TRUE FALSECⁿXOnΘxOⁿuRúv@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1071DBNAME( ’auditDelete’ ’auditDelete’ )ACCESS-CLASS criticalLENGTH 16 )

attributetypes=( 1.3.18.0.2.4.1069NAME ’ibm-auditExtOpEvent’DESC ’TRUE FALSECⁿXOnΘxOⁿ LDAP v3 ≤q@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1069DBNAME( ’auditExtOpEvent’ ’auditExtOpEvent’ )ACCESS-CLASS criticalLENGTH 16 )

attributetypes=( 1.3.18.0.2.4.1078NAME ’ibm-auditFailedOpOnly’DESC ’TRUE FALSECⁿXOunΘxOⁿó@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1078DBNAME( ’auditFailedOpOnly’ ’auditFailedOpOnly’ )ACCESS-CLASScritical LENGTH 16 )

attributetypes=( 1.3.18.0.2.4.1079NAME ’ibm-auditLog’DESC ’ⁿwfΘx⌠WC’EQUALITY 2.5.13.5 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1079DBNAME( ’auditLog’ ’auditLog’ )ACCESS-CLASS criticalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.1072NAME ’ibm-auditModify’DESC ’TRUE FALSECⁿXOnΘxOⁿu∩v@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1072DBNAME( ’auditModify’ ’auditModify’ )ACCESS-CLASS criticalLENGTH 16 )

338 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 351: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

attributetypes=( 1.3.18.0.2.4.1075NAME ’ibm-auditModifyDN’DESC ’TRUE FALSECⁿXOnΘxOⁿ ModifyRDN@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1075DBNAME( ’auditModifyDN’ ’auditModifyDN’ )ACCESS-CLASS criticalLENGTH 16 )

attributetypes=( 1.3.18.0.2.4.1074NAME ’ibm-auditSearch’DESC ’TRUE FALSECⁿXOnΘxOⁿujMv@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1074DBNAME( ’auditSearch’ ’auditSearch’ )ACCESS-CLASS criticalLENGTH 16 )

attributetypes=( 1.3.18.0.2.4.1076NAME ’ibm-auditUnbind’DESC ’TRUE FALSECⁿXOnΘxOⁿusv@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1076DBNAME( ’auditUnbind’ ’auditUnbind’ )ACCESS-CLASS criticalLENGTH 16 )

attributetypes=( 1.3.18.0.2.4.2483NAME ’ibm-capabilitiessubentry’DESC ’CX]t½≤ºRWwq\α ibm-capabilitiessubentry ½≤WC’EQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUENO-USER-MODIFICATIONUSAGE dSAOperation )IBMAttributetypes=( 1.3.18.0.2.4.2483DBNAME( ’ibmcapsubentry’ ’ibmcapsubentry’ )ACCESS-CLASS systemLENGTH 1000 )

attributetypes=( 1.3.18.0.2.4.2444NAME ’ibm-effectiveAcl’DESC ’]tpLo°≤¼ísIBM LDAP ²ñ@C’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 NO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2444DBNAME( ’effectiveAcl’ ’effectiveAcl’ )ACCESS-CLASS restrictedLENGTH 32700 )

attributetypes=( 1.3.18.0.2.4.2331NAME ’ibm-effectiveReplicationModel’DESC ’b Root DSE ñi°Añgí OID’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26SINGLE-VALUE NO-USER-MODIFICATIONUSAGE directoryOperation )

² G. IBM Tivoli Directory Server 5.2 "nwq 339

Page 352: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

IBMAttributetypes=( 1.3.18.0.2.4.2331DBNAME( ’effectiveReplicat’ ’effectiveReplicat’ )ACCESS-CLASS systemLENGTH 240 )

attributetypes=( 1.3.18.0.2.4.2482NAME ’ibm-enabledCapabilities’DESC ’CX≤°AW\αC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15NO-USER-MODIFICATIONUSAGE dSAOperation )IBMAttributetypes=( 1.3.18.0.2.4.2482DBNAME( ’ibmenabledcap’ ’ibmenabledcap’ )ACCESS-CLASS systemLENGTH 100 )

attributetypes=( 1.3.18.0.2.4.2325NAME ’ibm-entryChecksum’DESC ’]tMdC’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2325DBNAME( ’entryChecksum’ ’entryChecksum’ )ACCESS-CLASS systemLENGTH 100 )

attributetypes=( 1.3.18.0.2.4.2326NAME ’ibm-entryChecksumOp’DESC ’]tg@MdC’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26SINGLE-VALUE NO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2326DBNAME( ’entryChecksumOp’ ’entryChecksumOp’ )ACCESS-CLASS systemLENGTH 100 )

attributetypes=( 1.3.18.0.2.4.1780NAME ’ibm-entryUuid’DESC ’b²sbí@aOΣ¡≈C’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1780DBNAME( ’ibmEntryUuid’ ’ibmEntryUuid’ )ACCESS-CLASS systemLENGTH 36EQUALITY )

attributetypes=( 1.3.18.0.2.4.2443NAME ’ibm-filterAclEntry’DESC ’]t IBMLDAP ²ñLo°≤¼ísεC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2443DBNAME( ’filterAclEntry’ ’filterAclEntry’ )

340 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 353: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ACCESS-CLASS restrictedLENGTH 32700 )

attributetypes=( 1.3.18.0.2.4.2445NAME ’ibm-filterAclInherit’DESC ’ⁿXLo°≤¼í ACL O pQ≡C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2445DBNAME( ’filterAclInherit’ ’filterAclInherit’ )ACCESS-CLASS restrictedLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2330NAME ’ibm-replicationChangeLDIF’DESC ’úWó@ LDIF ϕk’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2330DBNAME( ’replicationChange’ ’replicationChange’ )ACCESS-CLASS system )

attributetypes=( 1.3.18.0.2.4.2498NAME ’ibm-replicationIsQuiesced’DESC ’ⁿX]tgl≡Onb°AWRεC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUENO-USER-MODIFICATIONUSAGE dSAOperation )IBMAttributetypes=( 1.3.18.0.2.4.2498DBNAME( ’replIsQuiesced’ ’replIsQuiesced’ )ACCESS-CLASS systemLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2338NAME ’ibm-replicationLastActivationTime’DESC ’ⁿXg⌡µⁿßí’SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2338DBNAME( ’replicationLastAc’ ’replicationLastAc’ )ACCESS-CLASS systemLENGTH 32 )

attributetypes=( 1.3.18.0.2.4.2334NAME ’ibm-replicationLastChangeId’DESC ’ⁿXg≤wñ¿\gß≤ id’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2334DBNAME( ’replicationLastCh’ ’replicationLastCh’ )ACCESS-CLASS systemLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2335NAME ’ibm-replicationLastFinishTime’DESC ’ⁿXg⌡µⁿ ¿em

² G. IBM Tivoli Directory Server 5.2 "nwq 341

Page 354: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ßíC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2335DBNAME( ’replicationLastFi’ ’replicationLastFi’ )ACCESS-CLASS systemLENGTH 30 )

attributetypes=( 1.3.18.0.2.4.2448NAME ’ibm-replicationLastGlobalChangeId’DESC ’ⁿX¿\gWs]MπDITAp⌡≤C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2448DBNAME( ’replicationLastGl’ ’replicationLastGl’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2340NAME ’ibm-replicationLastResult’DESC ’ßgGAµíG<time><change id><resultcode> <entry-dn> ’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE NO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2340DBNAME( ’replicationLastRe’ ’replicationLastRe’ )ACCESS-CLASS systemLENGTH 2048 )

attributetypes=( 1.3.18.0.2.4.2332NAME ’ibm-replicationLastResultAdditional’DESC ’b LDAP GTº≤ñAú°°A⌠≤ΣLΩT’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15NO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2332BNAME( ’replicationLastAd’ ’replicationLastAd’ )ACCESS-CLASS systemLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2339NAME ’ibm-replicationNextTime’DESC ’ⁿXU wgí’SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2339DBNAME( ’replicationNextTi’ ’replicationNextTi’ )ACCESS-CLASS systemLENGTH 30 )

attributetypes=( 1.3.18.0.2.4.2333NAME ’ibm-replicationPendingChangeCount’DESC ’ⁿXg≤wm!g≤’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUENO-USER-MODIFICATION

342 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 355: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2333DBNAME( ’replicationPendin’ ’replicationPendin’ )ACCESS-CLASS systemLENGTH 12 )

attributetypes=( 1.3.18.0.2.4.2337NAME ’ibm-replicationPendingChanges’DESC ’!g≤Aµí<change id><operation> <dn>Σñ operation O ADDBDELETEBMODIFYBMODIFYDN’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15NO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2337DBNAME( ’replicationPendch’ ’replicationPendch’ )ACCESS-CLASS systemLENGTH 1100 )

attributetypes=( 1.3.18.0.2.4.2336NAME ’ibm-replicationState’DESC ’ⁿXg⌡µⁿ¼AG@ñBBÑñBw πFY πA NⁿXiq’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2336DBNAME( ’replicationState’ ’replicationState’ )ACCESS-CLASS systemLENGTH 240 )

attributetypes=( 1.3.18.0.2.4.2495NAME ’ibm-replicationThisServerIsMaster’DESC ’ⁿX°AO]tºl≡D°AC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUE NO-USER-MODIFICATIONUSAGE dSAOperation )IBMAttributetypes=( 1.3.18.0.2.4.2495DBNAME( ’replThisSvrMast’ ’replThisSvrMast’ )ACCESS-CLASS systemLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2328NAME ’ibm-serverId’DESC ’b Root DSE ñi ibm-slapdServerId tm]w’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26SINGLE-VALUENO-USER-MODIFICATIONUSAGE dSAOperation )IBMAttributetypes=( 1.3.18.0.2.4.2328DBNAME( ’serverId’ ’serverId’ )ACCESS-CLASS systemLENGTH 240 )

attributetypes=( 1.3.18.0.2.4.2374NAME ’ibm-slapdACLCache’DESC ’ε°AOn ACL ΩT’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )

² G. IBM Tivoli Directory Server 5.2 "nwq 343

Page 356: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

IBMAttributetypes=( 1.3.18.0.2.4.2374DBNAME( ’ACLCache’ ’ACLCache’ )ACCESS-CLASS normalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2373NAME ’ibm-slapdACLCacheSize’DESC ’ACL OΘñiHOsW¡’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SSINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2373DBNAME( ’slapdACLCacheSize’ ’slapdACLCacheSize’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2428NAME ’ibm-slapdAdminDN’DESC ’ibmslapd zs DNApGcn=root’EQUALITY 2.5.13.1ORDERING 1.3.18.0.2.4.405SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2428DBNAME( ’slapdAdminDN’ ’slapdAdminDN’ )ACCESS-CLASS criticalLENGTH 1000EQUALITY ORDERING )

attributetypes=( 1.3.18.0.2.4.2425NAME ’ibm-slapdAdminPW’DESC ’ibmslapd zsKXC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUESAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2425DBNAME( ’slapdAdminPW’ ’slapdAdminPW’ )ACCESS-CLASS critical )

attributetypes=( 1.3.18.0.2.4.2366NAME ’ibm-slapdAuthIntegration’DESC ’ⁿwN LDAP zsvM@tπXCG0 - ún∩M OS LDAPzA1 - NπAϕv¡ OS ∩MzCob OS/400 WΣC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2366DBNAME( ’slapdAuthIntegrat’ ’slapdAuthIntegrat’ )ACCESS-CLASS systemLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2432NAME ’ibm-slapdCLIErrors’DESC ’nN DB2 CLI Tºg ibmslapd D≈≈W⌠mCb Windows WAiⁿuAuºeYS≈r"A]Ow² ²]pG/tmp/cli.errors= D:\Program Files\IBM\ldap\tmp\cli.errors)C’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )

344 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 357: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

IBMAttributetypes=( 1.3.18.0.2.4.2432DBNAME( ’slapdCLIErrors’ ’slapdCLIErrors’ )ACCESS-CLASS normalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2369NAME ’ibm-slapdDB2CP’DESC ’ⁿw²ΩwrXC1208 OUTF-8 ΩwrXC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2369DBNAME( ’slapdDB2CP’ ’slapdDB2CP’ )ACCESS-CLASS normal LENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2431NAME ’ibm-slapdDBAlias’DESC ’DB2 ΩwOWC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2431DBNAME( ’slapdDBAlias’ ’slapdDBAlias’ )ACCESS-CLASS normal LLENGTH 8 )

attributetypes=( 1.3.18.0.2.4.2417NAME ’ibm-slapdDbConnections’DESC ’ⁿw°AM≤ DB2 ßíDB2 suCΣb 5 & 50]tºíCODBCCONS ⌠NCpGibm-slapdDbConnections] ODBCCONSp≤ 5 j≤50Ah°AO 5 50C∩≤gM≤ΘxiHΣLsuC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2417DBNAME( ’DbConnections’ ’DbConnections’ )ACCESS-CLASS criticalLENGTH 2 )

attributetypes=( 1.3.18.0.2.4.2418NAME ’ibm-slapdDbInstance’DESC ’ßí DB2 ΩC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2418DBNAME( ’slapdDbInstance’ ’slapdDbInstance’ )ACCESS-CLASS criticalLENGTH 8 )

attributetypes=( 1.3.18.0.2.4.2382NAME ’ibm-slapdDbLocation’DESC ’ßΩwbt⌠CbUNIX oqO DB2INSTANCE l²]pG/home/ldapdb2Cb Windows WhuO≈ⁿw]pGD:’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2382DBNAME( ’slapdDbLocation’ ’slapdDbLocation’ )

² G. IBM Tivoli Directory Server 5.2 "nwq 345

Page 358: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ACCESS-CLASS criticalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2426NAME ’ibm-slapdDbName’DESC ’ßí DB2 ΩwWC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2426DBNAME( ’slapdDbName’ ’slapdDbName’ )ACCESS-CLASS criticalLENGTH 8 )

attributetypes=( 1.3.18.0.2.4.2422NAME ’ibm-slapdDbUserID’DESC ’ßí s DB2 ΩwWC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2422DBNAME( ’slapdDbUserID’ ’slapdDbUserID’ )ACCESS-CLASS criticalLENGTH 8 )

attributetypes=( 1.3.18.0.2.4.2423NAME ’ibm-slapdDbUserPW’DESC ’ßí s DB2 ΩwKXC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2423DBNAME( ’slapdDbUserPW’ ’slapdDbUserPW’ )ACCESS-CLASS critical )

attributetypes=( OID TBDNAME ’ibm-slapdDerefAliases’DESC ’jMnDjOWhAúbßnDñiαⁿw⌠≤ derefAliasesC\u#úvBuMΣvBujMvMu@wvC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3054DBNAME( ’DerefAliases’ ’DerefAliases’ )ACCESS-CLASS criticalLENGTH 6)

attributetypes=( 1.3.18.0.2.4.2449NAME ’ibm-slapdDN’ DESC ’ DN]LDAPDB2 Ωwñ LDAP_ENTRY.DN µ jMGCEQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUE NO-USER-MODIFICATIONUSAGE dSAOperation )IBMAttributetypes=( 1.3.18.0.2.4.2449DBNAME( ’LDAP_ENTRY’ ’DN’ )ACCESS-CLASS systemLENGTH 1000 )

attributetypes=( 1.3.18.0.2.4.2481NAME ’ibm-supportedCapabilities’DESC ’CX°AΣB²n\αC’

346 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 359: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

QUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15NO-USER-MODIFICATIONUSAGE dSAOperation )IBMAttributetypes=( 1.3.18.0.2.4.2481DBNAME( ’ibmsupportedCap’ ’ibmsupportedCap’ )ACCESS-CLASS systemLENGTH 100 )

attributetypes=( 1.3.18.0.2.4.2421NAME ’ibm-slapdEnableEventNotification’DESC ’Y] FALSEA°A@nDAúe\ΣHG LDAP_UNWILLING_TO_PERFORM n²≤qC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2421 DBNAME( ’enableEvntNotify’ ’enableEvntNotify’)ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2372NAME ’ibm-slapdEntryCacheSize’DESC ’OΘñiHOsW¡’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2372DBNAME( ’slapdRDBMCacheSiz’ ’slapdRDBMCacheSiz’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2424NAME ’ibm-slapdErrorLog’DESC ’nNTºg ibmslapd D≈≈W⌠mCb Windows WAiⁿuAuºeYS≈r"A]Ow² ²]pG/tmp/slapd.errors = D:\Program Files\IBM\ldap\tmp\slapd.errors)C’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2424DBNAME( ’slapdErrorLog’ ’slapdErrorLog’ )ACCESS-CLASS criticalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2371NAME ’ibm-slapdFilterCacheBypassLimit’DESC ’jMLo°≤XYWLNú[JujMLo°≤vOΘñA]XLo°≤ ID Mµw]tbOΘñA]wU≤¡εOΘqC 0 ϕS¡εC’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2371DBNAME( ’slapdRDBMCacheByp’ ’slapdRDBMCacheByp’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2370NAME ’ibm-slapdFilterCacheSize’DESC ’ⁿwujMLo°≤OΘvñOs

² G. IBM Tivoli Directory Server 5.2 "nwq 347

Page 360: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

W¡C’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2370DBNAME( ’slapdFilterCacheS’ ’slapdFilterCacheS’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2378NAME ’ibm-slapdIdleTimeOut’DESC ’Od! C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2378DBNAME( ’SlapdIdleTimeOut’ ’SlapdIdleTimeOut’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2364NAME ’ibm-slapdIncludeSchema’DESC ’ibmslapd D≈W⌠AΣñ]tLDCF ßí⌡wqCG/etc/V3.system.at /etc/V3.system.oc/etc/V3.ibm.at /etc/V3.ibm.oc /etc/V3.user.at /etc/V3.user.oc/etc/V3.ldapsyntaxes /etc/V3.matchingrules /etc/V3.modifiedschemab Windows WAiⁿuAuºeYS≈r"A]Ow² ²]pG/etc/V3.system.at =D:\Program Files\IBM\ldap\etc\V3.system.atC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2364DBNAME( ’slapdIncldeSchema’ ’slapdIncldeSchema’ )ACCESS-CLASS criticalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2365NAME ’ibm-slapdIpAddress’DESC ’ⁿw°AnÑ IP CoiHO IPv4 IPv6 CYSⁿwAh°AwⁿwD≈ IP CoA≤ OS/400C’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2365DBNAME( ’slapdIpAddress’ ’slapdIpAddress’ )ACCESS-CLASS systemLENGTH 32 )

attributetypes=( 1.3.18.0.2.4.2420NAME ’ibm-slapdKrbAdminDN’DESC ’ⁿw LDAP z kerberos ID]pibm-kn=name@realmCϕ kerberos O OnJuWeb zvzCoⁿwΦíN adminDN M adminPWC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2420DBNAME( ’slapdKrbAdminDN’ ’slapdKrbAdminDN’ )ACCESS-CLASS criticalLENGTH 512 )

348 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 361: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

attributetypes=( 1.3.18.0.2.4.2394NAME ’ibm-slapdKrbEnable’DESC ’O TRUE | FALSE º@Cⁿw°AOΣ kerberos OC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2394DBNAME( ’slapdKrbEnable’ ’slapdKrbEnable’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2419NAME ’ibm-slapdKrbIdentityMap’DESC ’Y] TRUEAϕßOHkerberos ID OA°AjMX kerberos AMßN DN [JsusñCoi²H LDAP DN ≥ª ACLAMiHb kerberos OñC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2419DBNAME( ’KrbIdentityMap’ ’KrbIdentityMap’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2416NAME ’ibm-slapdKrbKeyTab’DESC ’ⁿw LDAP °A keytab C]t LDAP °ApK≈A ≈PΣ kerberos bß÷pC [HO@]pP°A SSL ≈ΩwCb Windows WAiⁿuAuºeYS≈r" (D:) ]Ow² ²]pG/tmp/slapd.errors =D:\Program Files\IBM\ldap\tmp\slapd.errorsC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2416DBNAME( ’slapdKrbKeyTab’ ’slapdKrbKeyTab’ )ACCESS-CLASS criticalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2400NAME ’ibm-slapdKrbRealm’ⁿw LDAP °A Kerberos ΓC broot DSE ñoµ ldapservicename CNALDAP°AiH@h½ KDC]MΓbßΩTxswA²OYN LDAP °A@ kerberos °AAuiHOµ@Γ¿C’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2400DBNAME( ’slapdKrbRealm’ ’slapdKrbRealm’ )ACCESS-CLASS criticalLENGTH 256 )

attributetypes=( 1.3.18.0.2.4.2415NAME ’ibm-slapdLdapCrlHost’DESC ’ⁿw LDAP °AD≈WA D≈ñ]t τß x.509v3 u°Mµv(CRL)Cϕ ibm-slapdSslAuth=serverclientauthABwgw∩ CRL τoXßn’

² G. IBM Tivoli Directory Server 5.2 "nwq 349

Page 362: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2415DBNAME( ’LdapCrlHost’ ’LdapCrlHost’ )ACCESS-CLASS criticalLENGTH 256 )

attributetypes=( 1.3.18.0.2.4.2407NAME ’ibm-slapdLdapCrlPassword’DESC ’ⁿw°A SSL N s]tτßx.509v3 u°Mµv(CRL) LDAP°AKXCϕibm-slapdSslAuth=serverclientauth BoXß@ CRL τAnCNGYOs CRL LDAP °A\!gOs CRL]YWsANúnibm-slapdLdapCrlPasswordC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2407DBNAME( ’CrlPassword’ ’CrlPassword’ )ACCESS-CLASS critical )

attributetypes=( 1.3.18.0.2.4.2404 NAME ’ibm-slapdLdapCrlPort’DESC ’ⁿw LDAP °A LDAP ibm-slapdPortA °Añ]t τß x.509v3 u°Mµv(CRL) Cϕ ibm-slapdSslAuth=serverclientauthABoXß@ CRL τAnC]IP ≡OLt 16 πAd≥O 1 - 65535’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )BMAttributetypes=( 1.3.18.0.2.4.2404DBNAME( ’LdapCrlPort’ ’LdapCrlPort’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2403NAME ’ibm-slapdLdapCrlUser’DESC ’ⁿw°A SSL N s]tτßx.509v3 u°Mµv(CRL) LDAP°AKXCϕibm-slapdSslAuth=serverclientauth BoXß@ CRL τAnCNGY CRL LDAP Server \!gOs CRL]τYAWsAhún ibm-slapdLdapCrlUserC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2403DBNAME( ’LdapCrlUser’ ’LdapCrlUser’ )ACCESS-CLASS criticalLENGTH 1000 )

attributetypes=( 1.3.18.0.2.4.2409NAME ’ibm-slapdMasterDN’DESC ’gú°As DNCΣXP°Aºíwqg≤w÷p½≤ñ replicaBindDNCϕ kerberos O°AAibm-slapdMasterDN ⁿw kerberos ID DN ek]p ibm-kn=freddy@realm1CY kerberosAh MasterServerPW Q ñC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12

350 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 363: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2409DBNAME( ’MasterDN’ ’MasterDN’ )ACCESS-CLASS criticalLENGTH 1000 )

attributetypes=( 1.3.18.0.2.4.2411NAME ’ibm-slapdMasterPW’DESC ’gúsKXCΣXP°Aºíwqg≤w÷p½≤º replicaBindPWCY kerberosAMasterServerPW Q ñC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2411DBNAME( ’MasterPW’ ’MasterPW’ )ACCESS-CLASS critical )

attributetypes=( 1.3.18.0.2.4.2401NAME ’ibm-slapdMasterReferral’DESC ’D°A URL]pGldaps://master.us.ibm.com:636’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2401DBNAME( ’MasterReferral’ ’MasterReferral’ )ACCESS-CLASS criticalLENGTH 256 )

attributetypes=( 1.3.18.0.2.4.2412NAME ’ibm-slapdMaxEventsPerConnection’DESC ’Csuin²≤qW¡Cp = 0 (unlimited) j = 2,147,483,647’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2412DBNAME( ’EventsPerCon’ ’EventsPerCon’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2405NAME ’ibm-slapdMaxEventsTotal’DESC ’suin²≤qW¡Cp = 0]ú]¡ j =2,147,483,647’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2405DBNAME( ’MaxEventsTotal’ ’MaxEventsTotal’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2439NAME ’ibm-slapdMaxNumOfTransactions’DESC ’P@í@ñµ÷W¡C0 = ú]¡’EQUALITY 2.5.13.29SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2439DBNAME( ’MaxNumOfTrans’ ’MaxNumOfTrans’ )ACCESS-CLASS criticalLENGTH 11EQUALITY ORDERING SUBSTR APPROX )

² G. IBM Tivoli Directory Server 5.2 "nwq 351

Page 364: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

attributetypes=( 1.3.18.0.2.4.2385NAME ’ibm-slapdMaxOpPerTransaction’DESC ’C@µ÷@W¡C0 = ú]¡’EQUALITY 2.5.13.29SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2385DBNAME( ’MaxOpPerTrans’ ’MaxOpPerTrans’ )ACCESS-CLASS criticalLENGTH 11EQUALITY ORDERING APPROX )

attributetypes=( 1.3.18.0.2.4.2386NAME ’ibm-slapdMaxTimeLimitOfTransactions’DESC ’mµ÷OW¡AHϕµC0 = ú]¡’EQUALITY 2.5.13.29SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2386DBNAME( ’MaxTimeOfTrans’ ’MaxTimeOfTrans’ )ACCESS-CLASS criticalLENGTH 11EQUALITY ORDERING APPROX )

attributetypes=( 1.3.18.0.2.4.2500NAME ’ibm-slapdMigrationInfo’DESC ’ ε≤αΩTC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2500DBNAME( ’slapdMigrationInf’ ’slapdMigrationInf’ )ACCESS-CLASS criticalLENGTH 2048 )

attributetypes=( 1.3.18.0.2.4.2376NAME ’ibm-slapdPagedResAllowNonAdmin’DESC ’°AO e\DzsbjMnDWGnDCYq ibmslapd.conf ¬O TRUEA°ANBz⌠≤ßnDA]AWsúXnDCYq ibmslapd.conf ¬OFALSEAh°AuBzπzv¡úXßnDCYßnDGⁿwjM@½n TRUE FALSEA²Szv¡ABq ibmslapd.conf ¬ FALSEA°ANßX insufficientAccessRights - Nú⌡µ⌠≤jMC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2376DBNAME( ’SlapdPagedNonAdmn’ ’SlapdPagedNonAdmn’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2380NAME ’ibm-slapdPagedResLmt’DESC ’e\Pb@ñ!⌡µGjMnDW¡Cd≥ = 0.... YßnD@GAPewgF!⌡µGW¡Ah°AßAXO busy - ú⌡µjMC’

352 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 365: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2380DBNAME( ’SlapdPagedResLmt’ ’SlapdPagedResLmt’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2379NAME ’ibm-slapdPageSizeLmt’DESC ’ϕⁿwGεAC@ñjMjAúßjMnDñOiαⁿwF⌠≤pagesizeCd≥ = 0.... Yß@jpAhpßMqibmslapd.conf ¬C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2379DBNAME( ’SlapdPageSizeLmt’ ’SlapdPageSizeLmt’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2406NAME ’ibm-slapdPlugin’DESC ’íOAⁿJíwAΣiXR°A\αCibm-slapdPlugin Hⁿw°Anp≤ⁿJPl]wíwCΣykG keyword filename init_function [args...]CC@¡xyk]íwRWD÷YñLúPC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2406DBNAME( ’slapdPlugin’ ’slapdPlugin’ )ACCESS-CLASS criticalLENGTH 2000 )

attributetypes=( 1.3.18.0.2.4.2408NAME ’ibm-slapdPort’DESC ’D SSL su TCP/IP ibm-slapdPortCΣúiP ibm-slapdSecurePort PC]IP ≡OLtA16 πAd≥O 1 - 65535 ºí’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2408DBNAME( ’slapdPort’ ’slapdPort’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2402NAME ’ibm-slapdPwEncryption’DESC ’O none | imask | crypt | sha º@CⁿwKXxs≤²ºesX≈εCYSⁿwAhw] noneCY] none HΣLASASL digest-md5 sNóC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2402DBNAME( ’PwEncryption’ ’PwEncryption’ )ACCESS-CLASS criticalLENGTH 5 )

² G. IBM Tivoli Directory Server 5.2 "nwq 353

Page 366: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

attributetypes=( 1.3.18.0.2.4.2413NAME ’ibm-slapdReadOnly’DESC ’O TRUE | FALSE º@CⁿwOigJßíCYSⁿwAhw] FALSECY] TRUEA°A LDAP_UNWILLING_TO_PERFORM (0x35)@∩≤¬ΩwñΩº⌠≤ßnDC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2413DBNAME( ’ReadOnly’ ’ReadOnly’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2487NAME ’ibm-slapdReferral’DESC ’ⁿwϕrMnDúXAnαLDAP URLC≤Wα]p ibm-slapdSuffix úsb°ARWwqC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2487DBNAME( ’Referral’ ’Referral’ )ACCESS-CLASS criticalLENGTH 32700)

attributetypes=( 1.3.18.0.2.4.2437NAME ’ibm-slapdSchemaAdditions’DESC ’ibmslapd D≈W⌠AΣñ]tLDCF ßíΣL⌡wqCG/etc/V3.modifiedschema b Windows WAiⁿuAuºeYS≈r"A]Ow² ²]pG/etc/V3.system.at=D:\Program Files\IBM\ldap\etc\V3.system.atC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2437DBNAME( ’slapdSchemaAdditi’ ’slapdSchemaAdditi’ )ACCESS-CLASS normalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2363NAME ’ibm-slapdSchemaCheck’DESC ’O V2 | V3 | V3_lenient º@CⁿwsW/∩@⌡d≈εCV2 = ⌡µ LDAP v2dCV3 = ⌡µ LDAP v3 dCV3_lenient = únuv"½≤OC[JAun±½≤OC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2363DBNAME( ’SchemaCheck’ ’SchemaCheck’ )ACCESS-CLASS criticalLENGTH 10 )

attributetypes=( 1.3.18.0.2.4.2398NAME ’ibm-slapdSecurePort’DESC ’SSL su TCP/IP ≡CúiMibm-slapdPort πPC]IP ≡OLt 16 πA≤ 1 - 65535 ºí’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )

354 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 367: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

IBMAttributetypes=( 1.3.18.0.2.4.2398DBNAME( ’SecurePort’ ’SecurePort’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2399NAME ’ibm-slapdSecurity’DESC ’O none | SSL | SSLOnly º@Cⁿw°Aⁿsu¼Cnone - °AuÑD SSL ≡Cssl - °AÑ ssl MD ssl≡Csslonly - °AuÑ ssl ≡C’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2399DBNAME( ’Security’ ’Security’ )ACCESS-CLASS criticalLENGTH 7 )

attributetypes=( 1.3.18.0.2.4.2397NAME ’ibm-slapdSetenv’DESC ’°A≈A⌡µ ibm-slapdSetenv putenv()AH∩Σv⌡µ⌠CShell (%PATH% \24LANG) NúiC@µO]w DB2CODEPAGE=1208ApG UCS-2 (Unicode) ΩwoOnC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2397DBNAME( ’slapdSetenv’ ’slapdSetenv’ )ACCESS-CLASS criticalLENGTH 2000 )

attributetypes=( 1.3.18.0.2.4.2396NAME ’ibm-slapdSizeLimit’DESC ’jMjAúßjMnDñOiαⁿwF⌠≤sizelimitCd≥ = 0.... Yß@¡εAhpßMqibmslapd.conf ¬CYßS¡εABH admin DN sAh°¡εú]¡CYßS¡εA]SH admin DN sAhq ibmslapd.conf ¬¡εC0 = ú]¡C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2396DBNAME( ’SizeLimit’ ’SizeLimit’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2381 NAME ’ibm-slapdSortKeyLimit’DESC ’bµ@jMnDñiHⁿw °≤]ΣW¡Cd≥ = 0.... YßjMnD]A ΣWL¡εe\AB jMε½n] FALSEAh°Aqq ibmslapd.conf ¬AB ñbF¡εºßJ⌠≤ Σ - N⌡µjMM CYßjMnD]AΣWL¡εe\AB jMε½n] TRUEAh°AßX adminLimitExceeded - Nú⌡µjM C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )

² G. IBM Tivoli Directory Server 5.2 "nwq 355

Page 368: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

IBMAttributetypes=( 1.3.18.0.2.4.2381DBNAME( ’SlapdSortKeyLimit’ ’SlapdSortKeyLimit’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2377NAME ’ibm-slapdSortSrchAllowNonAdmin’DESC ’°AO e\DzsiµjMnD CYqibmslapd.conf ¬ TRUEA°ANBz⌠≤ßnDA]AWsúXnDCYq ibmslapd.conf ¬O FALSEAh°AuBzπzv¡úXßnDCYßnD ⁿwjM@½n TRUEA²Szv¡ABq ibmslapd.conf ¬ FALSEAh°AßX insufficientAccessRights - Nú⌡µjM C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2377BNAME( ’SlapdSortNonAdmin’ ’SlapdSortNonAdmin’)ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2395NAME ’ibm-slapdSslAuth’DESC ’O serverauth | serverclientauth º@Cⁿwssl suO¼Cserverauth - bßΣ°AOCserverclientauth - Σ°AMßOC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2395DBNAME( ’slapdSslAuth’ ’slapdSslAuth’ )ACCESS-CLASS criticalLENGTH 16 )

attributetypes=( 1.3.18.0.2.4.2389NAME ’ibm-slapdSslCertificate’DESC ’ⁿw≈ΩwñO°AuHvCϕ°ApK≈MOHikmgui íⁿwoCY!wq ibm-slapdSslCertificateAh LDAP Server wq≤≈Ωww]pK≈ iµ SSL suC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2389DBNAME( ’SslCertificate’ ’SslCertificate’ )ACCESS-CLASS criticalLENGTH 128 )

attributetypes=( 1.3.18.0.2.4.2429NAME ’ibm-slapdSslCipherSpec’ESC ’SSL KXWµA] DES-56BRC2-40-MD5BRC4-128-MD5BRC4-128-SHABRC4-40-MD5BTripleDES-168 AESCªwqb LDAP ßP°Aºí SSL suAiⁿ[K/KΦkC’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26

356 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 369: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2429DBNAME( ’slapdSslCipherSpe’ ’slapdSslCipherSpe’ )ACCESS-CLASS normalLENGTH 30 )

attributetypes=( 1.3.18.0.2.4.2362NAME ’ibm-slapdSslCipherSpecs’DESC ’b ibm-slapdSslCipherSpec ñΣA²úCⁿw@QiAⁿXb LDAP ßP°Aºí SSL suAiH[K/KΦkCNϕ LDAP °AΣ[K/KΦkiCw²wqKXPΣíGSLAPD_SSL_TRIPLE_DES_SHA_US 0x0A 168 ≈ SHA-1 MAC T½ DES [Kk LAPD_SSL_DES_SHA_US0x09DES 56 ≈ SHA-1 MAC DES [KkSLAPD_SSL_RC4_SHA_US 0x05 RC4 128 ≈ SHA-1 MAC RC4 [KkSLAPD_SSL_RC4_MD5_US 0x04 RC4 128 ≈M MD5 MAC [KkSLAPD_SSL_RC4_MD5_EXPORT 0x03 RC4 40 ≈M MD5 MAC [Kk SLAPD_SSL_RC2_MD5_EXPORT 0x06 40 ≈ MD5 MAC RC2 [Kk’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2362DBNAME( ’SslCipherSpecs’ ’SslCipherSpecs’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2375NAME ’ibm-slapdSSLKeyDatabase’DESC ’LDAP °A SSL ≈Ωw⌠C≈ΩwO Bz LDAP ß SSL suAH≤w SSL suLDAP °ACb Windows WAiⁿuAuºeYS≈ⁿw (D:) ]Ow² ²]pG /etc/key.kdb = D:\ProgramFiles\IBM\ldap\etc\key.kdbC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2375DBNAME( ’slapdSSLKeyDataba’ ’slapdSSLKeyDataba’ )ACCESS-CLASS criticalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2438 NAME ’ibm-slapdSSLKeyDatabasePW’DESC ’ⁿwP LDAP °A SSL ≈Ωw÷pKXApPb ibm-slapdSslKeyDatabase ⁿwCY LDAP °A≈Ωw÷pKX⌠AhiHñ ibm-slapdSslKeyDatabasePW A]w ibm-slapdSslKeyDatabasePW = noneCNGKX⌠≤P≈ΩwP²ñABM≈ΩwPWAúLWO .sthAúO .kdb’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2438DBNAME( ’slapdSSLKeyDPW’ ’slapdSSLKeyDPW’ )ACCESS-CLASS normal )

attributetypes=( 1.3.18.0.2.4.2392NAME ’ibm-slapdSslKeyRingFile’DESC ’LDAP °A SSL ≈Ωw⌠C≈ΩwO Bz LDAP ß SSL suA

² G. IBM Tivoli Directory Server 5.2 "nwq 357

Page 370: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

H≤w SSL suLDAP °ACb Windows WAiⁿuAuºeYS≈ⁿw (D:) ]Ow² ²]pG /etc/key.kdb =D:\Program Files\IBM\ldap\etc\key.kdbC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2392DBNAME( ’SslKeyRingFile’ ’SslKeyRingFile’ )ACCESS-CLASS criticalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2390NAME ’ibm-slapdSslKeyRingFilePW’DESC ’ⁿwP LDAP °A SSL ≈Ωw÷pKXApb ibm-slapdSslKeyRingFile ⁿwCY LDAP °A≈Ωw÷pKX⌠AhiHñ ibm-slapdSslKeyRingFilePW A]w ibm-slapdSslKeyRingFilePW = noneCNGKX⌠≤P≈ΩwP²ñABM≈ΩwPWAúLWO .sthAúO .kdbC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2390DBNAME( ’SslKeyRingFilePW’ ’SslKeyRingFilePW’ )ACCESS-CLASS critical )

attributetypes=( 1.3.18.0.2.4.2388NAME ’ibm-slapdSuffix’DESC ’ⁿwnxsbßíñRWwqC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2388DBNAME( ’slapdSuffix’ ’slapdSuffix’ )ACCESS-CLASS criticalLENGTH 1000 )

attributetypes=( 1.3.18.0.2.4.2480NAME ’ibm-slapdSupportedWebAdmVersion’DESC ’wqΣ°Atm webzDxC’EQUALITY 2.5.13.2ORDERING 2.5.13.3SUBSTR 2.5.13.4SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2480DBNAME( ’slapdSupWebAdmVer’ ’slapdSupWebAdmVer’ )ACCESS-CLASS normalLENGTH 256 )

attributetypes=( 1.3.18.0.2.4.2393NAME ’ibm-slapdSysLogLevel’DESC ’O l | m | h º@Cú@pΩOⁿb ibmslapd.log ñhCh - ¬]Am - ñAl - C]nC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2393

358 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 371: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

DBNAME( ’SysLogLevel’ ’SysLogLevel’ )ACCESS-CLASS criticalLENGTH 1 )

attributetypes=( 1.3.18.0.2.4.2391NAME’ibm-slapdTimeLimit’DESC ’bjMnDßϕW¡AúßnDOⁿw⌠≤í¡εCd≥ = 0.... Yß¡εAhpßMqibmslapd.conf ¬CYßS¡εABH admin DN sAh°¡εú]¡CYßS¡εA]SHadmin DN sAhq ibmslapd.conf ¬¡εC0 = ú]¡C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2391DBNAME( ’TimeLimit’ ’TimeLimit’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( ibm-slapdStartupTraceEnabled-oidNAME ’ibm-slapdTraceEnabled’DESC ’O TRUE | FALSE º@CⁿwOnb°A¼lΩT’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( ibm-slapdStartupTraceEnabled-oidACCESS-CLASS normalLENGTH 5 )

attributetypes=( ibm-slapdTraceMessageLevel-oidNAME ’ibm-slapdTraceMessageLevel’DESC ’bⁿOµ -h ∩ºßiⁿ⌠≤A]wúTºh’SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( ibm-slapdTraceMessageLevel-oidACCESS-CLASS normalLENGTH 16 )

attributetypes=( ibm-slapdTraceMessageLog-oidNAME ’ibm-slapdTraceMessageLog’DESC ’nN LDAP C API Mú¿Tºg ibmslapd D≈≈W⌠mCb Windows WAiⁿuABuºeYS≈r"A]Ow² ²]pG /tmp/tracemsg.log = C:\Program Files\IBM\ldap\tmp\tracemsg.logC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( ibm-slapdTraceMessageLog-oidACCESS-CLASS normalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2384NAME ’ibm-slapdTransactionEnable’DESC ’Y FALSEAhπΘµ÷ΣF°A LDAP_UNWILLING_TO_PERFORMA StartTransaction nDC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2384DBNAME( ’TransactionEnable’ ’TransactionEnable’ )

² G. IBM Tivoli Directory Server 5.2 "nwq 359

Page 372: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2499NAME ’ibm-slapdUseProcessIdPW’DESC ’Y] trueA°AP ibmslapd Bz÷pnJ ID sΩwCY] falseAh°A ibm-slapdDbUserID Mibm-slapdDbUserPW Γ sΩwC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2499DBNAME( ’useprocidpw’ ’useprocidpw’ )ACCESS-CLASS normalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2436NAME ’ibm-slapdVersion’DESC ’IBM Slapd X’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2436DBNAME( ’slapdVersion’ ’slapdVersion’ )ACCESS-CLASS normalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2327NAME ’ibm-supportedReplicationModels’DESC ’b Root DSE ñi°AΣgí OID’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26NO-USER-MODIFICATIONUSAGE dSAOperation )IBMAttributetypes=( 1.3.18.0.2.4.2327DBNAME( ’supportedReplicat’ ’supportedReplicat’ )ACCESS-CLASS systemLENGTH 240 )

attributetypes=( 1.3.18.0.2.4.470NAME ’IBMAttributeTypes’DESC ’ ’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.470DBNAME( ’IBMAttributeTypes’ ’IBMAttributeTypes’ )ACCESS-CLASS normalLENGTH 256 )

attributetypes=( 1.3.6.1.4.1.1466.101.120.16NAME ’ldapSyntaxes’DESC ’°AuiHv CΩ@ykCC@∩@ykC’EQUALITY 2.5.13.30SYNTAX 1.3.6.1.4.1.1466.115.121.1.54USAGE directoryOperation )IBMAttributetypes=( 1.3.6.1.4.1.1466.101.120.16DBNAME( ’ldapSyntaxes’ ’ldapSyntaxes’ )ACCESS-CLASS systemLENGTH 256 EQUALITY )

attributetypes=( 2.5.21.4NAME ’matchingRules’

360 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 373: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

DESC ’qObl⌡ñC’EQUALITY 2.5.13.30SYNTAX 1.3.6.1.4.1.1466.115.121.1.30USAGE directoryOperation )IBMAttributetypes=( 2.5.21.4DBNAME( ’matchingRules’ ’matchingRules’ )ACCESS-CLASS systemLENGTH 256EQUALITY )

attributetypes=( 2.5.21.8NAME ’matchingRuleUse’DESC ’qObl⌡ñC’EQUALITY 2.5.13.30SYNTAX 1.3.6.1.4.1.1466.115.121.1.31USAGE directoryOperation )IBMAttributetypes=( 2.5.21.8DBNAME( ’matchingRuleUse’ ’matchingRuleUse’ )ACCESS-CLASS systemLENGTH 256EQUALITY )

attributetypes=( 2.5.4.31NAME ’member’DESC ’wqsC@¿OWC’SUP 2.5.4.49EQUALITY 2.5.13.1USAGE userApplications )IBMAttributetypes=( 2.5.4.31DBNAME( ’member’ ’member’ )ACCESS-CLASS normalLENGTH 1000EQUALITY )

attributetypes=( 2.5.18.4NAME ’modifiersName’DESC ’]t²ß∩C’EQUALITY 2.5.13.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 2.5.18.4DBNAME( ’ldap_entry’ ’modifier’ )ACCESS-CLASS systemLENGTH 1000EQUALITY )

attributetypes=( 2.5.18.2NAME ’modifyTimestamp’DESC ’]t²ß∩íC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 2.5.18.2DBNAME( ’ldap_entry’ ’modify_Timestamp’ )ACCESS-CLASS systemLENGTH 26 )

attributetypes=( 2.5.4.41NAME ’name’ DESC ’W¼OW¼AW¼iα¿q≤RWrΩ¼CñúiαX¼¡C’EQUALITY 1.3.6.1.4.1.1466.109.114.2SUBSTR 2.5.13.4

² G. IBM Tivoli Directory Server 5.2 "nwq 361

Page 374: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE userApplications )IBMAttributetypes=( 2.5.4.41DBNAME( ’name’ ’name’ )ACCESS-CLASS normalLENGTH 32700EQUALITYSUBSTR )

attributetypes=( 2.5.21.7NAME ’nameForms’DESC ’qObl⌡ñC’EQUALITY 2.5.13.30SYNTAX 1.3.6.1.4.1.1466.115.121.1.35USAGE directoryOperation )IBMAttributetypes=( 2.5.21.7DBNAME( ’nameForms’ ’nameForms’ )ACCESS-CLASS normalLENGTH 256EQUALITY )

attributetypes=( 1.3.6.1.4.1.1466.101.120.5NAME ’namingContexts’DESC ’∩°ADδvRWwqC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12USAGE dSAOperation )IBMAttributetypes=( 1.3.6.1.4.1.1466.101.120.5DBNAME( ’namingContexts’ ’namingContexts’ )ACCESS-CLASS normalLENGTH 1000 )

attributetypes=( 2.16.840.1.113730.3.1.11NAME ’newSuperior’DESC ’ⁿwϕBz modDN @AN¿YWWC’EQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUENO-USER-MODIFICATIONUSAGE userApplications )IBMAttributetypes=( 2.16.840.1.113730.3.1.11DBNAME( ’newSuperior’ ’newSuperior’ )ACCESS-CLASS normalLENGTH 1000EQUALITY APPROX )

attributetypes=( 2.5.4.10NAME ( ’o’ ’organizationName’ ’organization’ )DESC ’]tW (organizationName)C’SUP 2.5.4.41EQUALITY 1.3.6.1.4.1.1466.109.114.2SUBSTR 2.5.13.4USAGE userApplications )IBMAttributetypes=( 2.5.4.10DBNAME( ’o’ ’o’ )ACCESS-CLASS normalLENGTH 128 )

attributetypes=( 2.5.4.0NAME ’objectClass’DESC ’objectClass íNϕ½≤C’EQUALITY 2.5.13.0SYNTAX 1.3.6.1.4.1.1466.115.121.1.38USAGE userApplications )

362 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 375: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

IBMAttributetypes=( 2.5.4.0DBNAME( ’objectClass’ ’objectClass’ )ACCESS-CLASS normalLENGTH 128EQUALITY )

attributetypes=( 2.5.21.6NAME ’objectClasses’DESC ’qObl⌡ñC’EQUALITY 2.5.13.30SYNTAX 1.3.6.1.4.1.1466.115.121.1.37USAGE directoryOperation )IBMAttributetypes=( 2.5.21.6DBNAME( ’objectClasses’ ’objectClasses’ )ACCESS-CLASS systemLENGTH 256EQUALITY )

attributetypes=( 1.3.18.0.2.4.289NAME ’ownerPropagate’DESC ’ⁿX entryOwner OnM≤l≡C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.289DBNAME( ’ownerPropagate’ ’ownerPropagate’ )ACCESS-CLASS restrictedLENGTH 5 )

attributetypes=( 2.5.4.11NAME ( ’ou’ ’organizationalUnit’ ’organizationalUnitName’ )DESC ’]tW (organizationName)C’SUP 2.5.4.41EQUALITY 1.3.6.1.4.1.1466.109.114.2SUBSTR 2.5.13.4USAGE userApplications )IBMAttributetypes=( 2.5.4.11DBNAME( ’ou’ ’ou’ )ACCESS-CLASS normalLENGTH 128 )

attributetypes=( 2.5.4.32NAME ’owner’DESC ’wqtdºHOW (DN)C’SUP 2.5.4.49EQUALITY 2.5.13.1USAGE userApplications )IBMAttributetypes=( 2.5.4.32DBNAME( ’owner’ ’owner’ )ACCESS-CLASS normalLENGTH 1000 )

attributetypes=( 1.3.18.0.2.4.290NAME ’ownerSource’DESC ’ⁿXΣ entryOwner nMbºOWC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.290DBNAME( ’ownerSource’ ’ownerSource’ )ACCESS-CLASS systemLENGTH 1000 )

attributetypes=( 1.3.6.1.4.1.42.2.27.8.1.17NAME ’pwdAccountLockedTime’DESC ’ⁿwΩwbßí’

² G. IBM Tivoli Directory Server 5.2 "nwq 363

Page 376: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

EQUALITY 2.5.13.27ORDERING 2.5.13.28SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.6.1.4.1.42.2.27.8.1.17DBNAME( ’pwdAccLockTime’ ’pwdAccLockTime’ )ACCESS-CLASS criticalLENGTH 30 )

attributetypes=( 1.3.6.1.4.1.42.2.27.8.1.16NAME ’pwdChangedTime’DESC ’ⁿw≤KXß¡’EQUALITY 2.5.13.27ORDERING 2.5.13.28SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.6.1.4.1.42.2.27.8.1.16DBNAME( ’pwdChangedTime’ ’pwdChangedTime’ )ACCESS-CLASS criticalLENGTH 30 )

attributetypes=( 1.3.6.1.4.1.42.2.27.8.1.18NAME ’pwdExpirationWarned’DESC ’@iKXYNí’EQUALITY 2.5.13.27ORDERING 2.5.13.28SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.6.1.4.1.42.2.27.8.1.18DBNAME( ’pwdExpireWarned’ ’pwdExpireWarned’ )ACCESS-CLASS criticalLENGTH 30 )

attributetypes=( 1.3.6.1.4.1.42.2.27.8.1.19NAME ’pwdFailureTime’DESC ’ßs≥OóíWO’EQUALITY 2.5.13.27ORDERING 2.5.13.28SYNTAX 1.3.6.1.4.1.1466.115.121.1.24USAGE directoryOperation )IBMAttributetypes=( 1.3.6.1.4.1.42.2.27.8.1.19DBNAME( ’pwdFailureTime’ ’pwdFailureTime’ )ACCESS-CLASS criticalLENGTH 30 )

attributetypes=( 1.3.6.1.4.1.42.2.27.8.1.21NAME ’pwdGraceUseTime’DESC ’bKXße¡nJ@íWO’EQUALITY 2.5.13.27SYNTAX 1.3.6.1.4.1.1466.115.121.1.24USAGE directoryOperation )IBMAttributetypes=( 1.3.6.1.4.1.42.2.27.8.1.21DBNAME( ’pwdGraceUseTime’ ’pwdGraceUseTime’ )ACCESS-CLASS criticalLENGTH 30 )

attributetypes=( 1.3.6.1.4.1.42.2.27.8.1.20NAME ’pwdHistory’DESC ’KX ’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15

364 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 377: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

USAGE directoryOperation )IBMAttributetypes=( 1.3.6.1.4.1.42.2.27.8.1.20DBNAME( ’pwdHistory’ ’pwdHistory’ )ACCESS-CLASS criticalLENGTH 1024 )

attributetypes=( 1.3.6.1.4.1.42.2.27.8.1.22NAME ’pwdReset’DESC ’ⁿXw½]KXC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.6.1.4.1.42.2.27.8.1.22DBNAME( ’pwdReset’ ’pwdReset’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.299NAME ’replicaBindDN’DESC ’LDAP s°AOW’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.299DBNAME( ’replicaBindDN’ ’replicaBindDN’ )ACCESS-CLASS criticalLENGTH 1000 )

attributetypes=( 1.3.18.0.2.4.302NAME ’replicaBindMethod’DESC ’LDAP s°A LDAP s¼C’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.302DBNAME( ’replicaBindMethod’ ’replicaBindMethod’ )ACCESS-CLASS normalLENGTH 100 )

attributetypes=( 1.3.18.0.2.4.300NAME ( ’replicaCredentials’ ’replicaBindCredentials’ )DESC ’LDAP s°A’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.300DBNAME( ’replicaCred’ ’replicaCred’ )ACCESS-CLASS critical )

attributetypes=( 1.3.18.0.2.4.298NAME ’replicaHost’DESC ’°AD≈W’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.298DBNAME( ’replicaHost’ ’replicaHost’ )ACCESS-CLASS normalLENGTH 100 )

attributetypes=( 1.3.18.0.2.4.301NAME ’replicaPort’DESC ’°AÑ TCP/IP ≡C’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )

² G. IBM Tivoli Directory Server 5.2 "nwq 365

Page 378: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

IBMAttributetypes=( 1.3.18.0.2.4.301DBNAME( ’replicaPort’ ’replicaPort’ )ACCESS-CLASS normalLENGTH 10 )

attributetypes=( 1.3.18.0.2.4.304NAME ’replicaUpdateTimeInterval’DESC ’ⁿwqD°A°A≤sΘíjíC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.304DBNAME( ’replicaUpdateInt’ ’replicaUpdateInt’ )ACCESS-CLASS normalLENGTH 20 )

attributetypes=( 1.3.18.0.2.4.303NAME ’replicaUseSSL’DESC ’ϕOn SSL qT O@gΩyC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.303DBNAME( ’replicaUseSSL’ ’replicaUseSSL’ )ACCESS-CLASS normalLENGTH 10 )

attributetypes=( 2.16.840.1.113730.3.1.34NAME ’ref’DESC ’’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.26USAGE userApplications )IBMAttributetypes=( 2.16.840.1.113730.3.1.34DBNAME( ’ref’ ’ref’ )ACCESS-CLASS normalLENGTH 100 )

attributetypes=( 2.5.4.34NAME ’seeAlso’DESC ’wqiα]t÷ΣL²°AC’SUP 2.5.4.49EQUALITY 2.5.13.1USAGE userApplications )IBMAttributetypes=( 2.5.4.34DBNAME( ’seeAlso’ ’seeAlso’ )ACCESS-CLASS normalLENGTH 1000 )

attributetypes=( 2.5.18.10NAME ’subschemaSubentry’DESC ’Ol⌡WA°Abl⌡ñOiⁿw⌡C’EQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 2.5.18.10DBNAME( ’subschemaSubent’ ’subschemaSubent’ )ACCESS-CLASS systemLENGTH 1000

366 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 379: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

EQUALITY )

attributetypes=( 1.3.18.0.2.4.819NAME ’subtreeSpecification’DESC ’wq≤µ@l≡ºIXC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.819DBNAME( ’subtreeSpec’ ’subtreeSpec’ )ACCESS-CLASS systemLENGTH 2024 )

attributetypes=( 1.3.6.1.4.1.1466.101.120.7NAME ’supportedExtension’DESC ’O OBJECT IDENTIFIERAO°AΣΣ@C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.38USAGE dSAOperation )IBMAttributetypes=( 1.3.6.1.4.1.1466.101.120.7DBNAME( ’supportedExtensio’ ’supportedExtensio’ )ACCESS-CLASS normalLENGTH 256 )

attributetypes=( 1.3.6.1.4.1.1466.101.120.15NAME ’supportedLDAPVersion’DESC ’O°AΩ@ LDAPqT≤wC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27USAGE dSAOperation )IBMAttributetypes=( 1.3.6.1.4.1.1466.101.120.15DBNAME( ’supportedLDAPVers’ ’supportedLDAPVers’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.6.1.4.1.1466.101.120.14NAME ’supportedSASLMechanisms’DESC ’O°AΣΣ SASL≈εWC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE dSAOperation )IBMAttributetypes=( 1.3.6.1.4.1.1466.101.120.14DBNAME( ’supportedSASLMech’ ’supportedSASLMech’ )ACCESS-CLASS normal LENGTH 2048)

attributetypes=( 2.16.840.1.113730.3.1.6NAME ’targetDN’DESC ’wqbú°AWsWB∩RúºOWCpGO modrdn @AtargetDn ]tQ∩eOWC’EQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUENO-USER-MODIFICATIONUSAGE userApplications )IBMAttributetypes=( 2.16.840.1.113730.3.1.6DBNAME( ’targetDN’ ’targetDN’ )ACCESS-CLASS normalLENGTH 1000EQUALITY APPROX)

² G. IBM Tivoli Directory Server 5.2 "nwq 367

Page 380: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

368 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 381: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

² H. IBM Tivoli Directory 5.2 tm⌡½≤OM

oO IBM Tivoli Directory Server 5.2 tm½≤OCª≤ etc²U V3config.oc H V3.config.at ΓñCªOwqiXbibmslapd.conf ñ½≤C

tm½≤O

oO IBM Tivoli Directory Server 5.2 ⌡½≤OC

# File generated at 4:07:24 PM on 8/4/2003 from IBM LDAP schema version 1.5

objectclasses=( 1.3.18.0.2.6.489NAME ’ibm-slapdAdmin’DESC ’IBM Admin Daemon stm]w’SUP ( ibm-slapdConfigEntry $ top )STRUCTURALMUST ( cn $ ibm-slapdErrorLog $ ibm-slapdPort )MAY ( ibm-slapdSecurePort ) )

objectclasses=( 1.3.18.0.2.6.556NAME ’ibm-slapdAdminGroupMember’DESC ’≤ IBM Directory Server zsC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( ibm-slapdAdminDN $ ibm-slapdAdminPW )MAY ( ibm-slapdKrbAdminDN $ ibm-slapdDigestAdminUser ) )

objectclasses=( 1.3.18.0.2.6.490NAME ’ibm-slapdConfigBackend’DESC ’IBM Directory tmßítm’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdPlugin $ ibm-slapdSuffix )MAY ( ibm-slapdReadOnly ) )

objectclasses=( 1.3.18.0.2.6.486NAME ’ibm-slapdConfigEntry’DESC ’ibm slapd tm’SUP ’top’ABSTRACTMUST ( cn )MAY ( ibm-slapdInvalidLine ) )

objectclasses=( 1.3.18.0.2.6.560NAME ’ibm-slapdConnectionManagement’DESC ’IBM Directory Server ssu]wC’SUP ( ibm-slapdConfigEntry $ top )STRUCTURALMUST ( cn )MAY ( ibm-slapdAllowAnon $ ibm-slapdAllReapingThreshold$ ibm-slapdAnonReapingThreshold $ ibm-slapdBoundReapingThreshold$ ibm-slapdESizeThreshold $ ibm-slapdEThreadActivate$ ibm-slapdEThreadEnable $ ibm-slapdETimeThreshold$ ibm-slapdWriteTimeout $ ibm-slapdIdleTimeOut ) )

objectclasses=( 1.3.18.0.2.6.493NAME ’ibm-slapdCRL’DESC ’IBM Directory oεMµ]wC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURAL

© Copyright IBM Corp. 2003 369

Page 382: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

MUST ( cn $ ibm-slapdLdapCrlHost $ ibm-slapdLdapCrlPort )MAY ( ibm-slapdLdapCrlPassword $ ibm-slapdLdapCrlUser ) )

objectclasses=( 1.3.18.0.2.6.575NAME ’ibm-slapdDigest’DESC ’IBM Directory DIGEST-MD5 SASL s≈εstmC’SUP ’ibm-slapdConfigEntry’STRUCTURALMAY ( ibm-slapdDigestAdminUser $ ibm-slapdDigestAttr$ ibm-slapdDigestRealm ) )

objectclasses=( 1.3.18.0.2.6.500NAME ’ibm-slapdEventNotification’DESC ’IBM Directory s≤q]wC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdEnableEventNotification )MAY ( ibm-slapdMaxEventsPerConnection $ ibm-slapdMaxEventsTotal ) )

objectclasses=( 1.3.18.0.2.6.501NAME ’ibm-slapdFrontEnd’DESC ’°A≈ⁿJse]wC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn )MAY ( ibm-slapdPlugin $ ibm-slapdSetenv $ ibm-slapdIdleTimeOut $ ibm-slapdACLCache$ ibm-slapdACLCacheSize $ ibm-slapdFilterCacheSize $ ibm-slapdFilterCacheBypassLimit$ ibm-slapdEntryCacheSize $ ibm-slapdDB2CP ) )

objectclasses=( 1.3.18.0.2.6.494NAME ’ibm-slapdKerberos’DESC ’IBM Directory s kerberos O]wC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdKrbAdminDN $ ibm-slapdKrbEnable $ ibm-slapdKrbIdentityMap$ ibm-slapdKrbKeyTab $ ibm-slapdKrbRealm ) )

objectclasses=( 1.3.18.0.2.6.495NAME ’ibm-slapdLdcfBackend’DESC ’IBM Directory LDCF ßítmC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn )MAY ( ibm-slapdSuffix $ ibm-slapdPlugin ) )

objectclasses=( 1.3.18.0.2.6.526NAME ’ibm-slapdPendingMigration’DESC ’ⁿX°A≤niµαC’SUP ’top’AUXILIARYMAY ( ibm-slapdMigrationInfo ) )

objectclasses=( 1.3.18.0.2.6.497NAME ’ibm-slapdRdbmBackend’DESC ’IBM Directory DB2 ΩwßítmC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdDbName $ ibm-slapdDbInstance $ ibm-slapdDbUserID $ibm-slapdDbUserPW )MAY ( ibm-slapdPlugin $ ibm-slapdSuffix $ ibm-slapdReadOnly$ ibm-slapdChangeLogMaxEntries $ ibm-slapdPagedResAllowNonAdmin$ ibm-slapdPagedResLmt $ ibm-slapdPageSizeLmt $ ibm-slapdSortKeyLimit$ ibm-slapdSortSrchAllowNonAdmin $ ibm-slapdDbConnections $ ibm-slapdDbLocation$ ibm-slapdDB2CP $ ibm-slapdReplDbConns $ ibm-slapdCLIErrors$ ibm-slapdBulkloadErrors $ ibm-slapdDBAlias $ ibm-slapdUseProcessIdPW ) )

370 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 383: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

objectclasses=( 1.3.18.0.2.6.485NAME ’ibm-slapdReferral’DESC ’IBM Directory sWαC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdReferral ) )

objectclasses=( 1.3.18.0.2.6.496NAME ’ibm-slapdReplication’DESC ’]tw]sPD°Aα URLCA≤ϕ°A]t@hg⌠wqAΣL°A gΣñC°AiH@Σñ@íD°AA@¬°ACY MasterDNⁿw!]t Master PW Ah kerberos OC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn )MAY ( ibm-slapdMasterDN $ ibm-slapdMasterPW $ ibm-slapdMasterReferral ) )

objectclasses=( 1.3.18.0.2.6.499NAME ’ibm-slapdSchema’DESC ’IBM Directory s⌡]wCeúΣh½⌡AúLApGh½⌡AhC@⌡@ ibm-slapdSchema C’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdSchemaCheck $ ibm-slapdIncludeSchema )MAY ( ibm-slapdSchemaAdditions ) )

objectclasses=( 1.3.18.0.2.6.492NAME ’ibm-slapdSSL’DESC ’IBM Directory s SSL su]wC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdSecurity $ ibm-slapdSecurePort $ ibm-slapdSslAuth )MAY ( ibm-slapdSslCertificate $ ibm-slapdSslCipherSpec$ ibm-slapdSslCipherSpecs $ ibm-slapdSSLKeyDatabase$ ibm-slapdSSLKeyDatabasePW $ ibm-slapdSslKeyRingFilePW ) )

objectclasses=( 1.3.18.0.2.6.488NAME ’ibm-slapdSupplier’DESC ’]tgú°A≤s°AWⁿwl≡AsC½≤OA∩g ibm-slapdReplication ½≤ñⁿww]s’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdReplicaSubtree $ ibm-slapdMasterDN )MAY ( ibm-slapdMasterPW ) )

objectclasses=( 1.3.18.0.2.6.498NAME ’ibm-slapdTop’DESC ’IBM Tivoli Directory Server stm]wC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdAdminDN $ ibm-slapdAdminPW $ ibm-slapdErrorLog$ ibm-slapdPort $ ibm-slapdPwEncryption $ ibm-slapdSizeLimit$ ibm-slapdSysLogLevel $ ibm-slapdTimeLimit ) MAY ( ibm-slapdServerId$ ibm-slapdVersion $ ibm-slapdMaxPendingChangesDisplayed$ ibm-slapdSupportedWebAdmVersion ) )

objectclasses=( 1.3.18.0.2.6.491NAME ’ibm-slapdTransaction’DESC ’IBM Directory sµ÷Σ]wC’SUP ( top $ ibm-slapdConfigEntry )

² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 371

Page 384: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

STRUCTURALMUST ( cn $ ibm-slapdMaxNumOfTransactions $ ibm-slapdMaxOpPerTransaction$ ibm-slapdMaxTimeLimitOfTransactions $ ibm-slapdTransactionEnable ) )

tm

oO IBM Tivoli Directory Server 5.2 tmCpyk OID í

íWA\ etc ²ñ V3.ldapsyntaxes C

# File generated at 4:07:00 PM on 8/4/2003 from IBM LDAP schema version 1.5attributetypes=( 1.3.18.0.2.4.3056NAME ’ibm-auditExtOp’DESC ’TRUE FALSECⁿXOnOⁿuv@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3056DBNAME( ’auditExOp’ ’auditExOp’ )ACCESS-CLASS normalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.3055NAME ’ibm-auditVersion’DESC ’ⁿwnfC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3055DBNAME( ’auditVersion’ ’auditVersion’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.3075NAME ’ibm-replicationignorederrorcount’DESC ’º]wMD LDAP_SUCCESS GAe°A≤s’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE NO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3075DBNAME( ’replicationignore’ ’replicationignore’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.3076NAME ’ibm-replicationskippederrorcount’DESC ’FñLH\g@≥iµD LDAP_SUCCESS GAe°A≤s’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3076DBNAME( ’replicationskippe’ ’replicationskippe’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2485NAME ’ibm-slapdACLAccess’DESC ’pG]w TrueAiH¬⌠≤H]iH¬ ACL CpG]w FalseAuziH¬ ACL C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE userApplications )

372 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 385: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

IBMAttributetypes=( 1.3.18.0.2.4.2485DBNAME( ’slapdACLAccess’ ’slapdACLAccess’ )ACCESS-CLASS normalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2374NAME ’ibm-slapdACLCache’DESC ’ε°AOn ACL ΩT’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2374DBNAME( ’ACLCache’ ’ACLCache’ )ACCESS-CLASS normalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2373NAME ’ibm-slapdACLCacheSize’DESC ’ACL OΘñiHOsW¡’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2373DBNAME( ’slapdACLCacheSize’ ’slapdACLCacheSize’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2428NAME ’ibm-slapdAdminDN’DESC ’²zs DNApGcn=root’EQUALITY 2.5.13.1ORDERING 1.3.18.0.2.4.405SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2428DBNAME( ’slapdAdminDN’ ’slapdAdminDN’ )ACCESS-CLASS criticalLENGTH 1000EQUALITY ORDERING )

attributetypes=( 1.3.18.0.2.4.3013NAME ’ibm-slapdAdminGroupEnabled’DESC ’O TRUE | FALSE º@CⁿwzseOwCYSⁿwAhw] FALSECpG]wTRUEA°AN\zsñnJC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3013DBNAME( ’AdmGroupEnabled’ ’AdmGroupEnabled’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2425NAME ’ibm-slapdAdminPW’DESC ’²zsKX’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2425DBNAME( ’slapdAdminPW’ ’slapdAdminPW’ )ACCESS-CLASS critical )

attributetypes=( 1.3.18.0.2.4.3021NAME ’ibm-slapdAllowAnon’

² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 373

Page 386: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

DESC ’ⁿwOiH\WsC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3021DBNAME( ’slapdAllowAnon’ ’slapdAllowAnon’ )ACCESS-CLASS normalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.3024NAME ’ibm-slapdAllReapingThreshold’DESC ’ⁿwbsuzºeAb°AñsuC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3024DBNAME( ’slapdAllReapingTh’ ’slapdAllReapingTh’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.3022NAME ’ibm-slapdAnonReapingThreshold’DESC ’ⁿwbWsusuzºeAb°AñsuC’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3022DBNAME( ’slapdAnonReapingT’ ’slapdAnonReapingT’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2366NAME ’ibm-slapdAuthIntegration’DESC ’ⁿw LDAP zsvP OS πXCG0 - ún∩M OS LDAP zA1 - NπAϕv¡ OS ∩M LDAP zCA≤OS/400C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2366DBNAME( ’slapdAuthIntegrat’ ’slapdAuthIntegrat’ )ACCESS-CLASS systemLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.3023NAME ’ibm-slapdBoundReapingThreshold’DESC ’ⁿwbWMssusuzºeAb°AñsuC’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3023DBNAME( ’slapdBoundReaping’ ’slapdBoundReaping’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2368NAME ’ibm-slapdBulkloadErrors’DESC ’nNjqⁿJTºg ibmslapd D≈≈W⌠mCb Windows WAiⁿuAuºeYS≈r"A]Ow² ²

374 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 387: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

]pG /tmp/bulkload.errors = D:\Program Files\IBM\ldap\tmp\bulkload.errorsC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE userApplications )IBMAttributetypes=( 1.3.18.0.2.4.2368DBNAME( ’slapdBulkloadErro’ ’slapdBulkloadErro’ )ACCESS-CLASS normalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.3069NAME ’ibm-slapdCachedAttribute’DESC ’]tnbñWA@W@C’EQUALITY 1.3.6.1.4.1.1466.109.114.2ORDERING 2.5.13.3SUBSTR 2.5.13.4SYNTAX 1.3.6.1.4.1.1466.115.121.1.26USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3069DBNAME( ’slapdCachedAttr’ ’slapdCachedAttr’ )ACCESS-CLASS normalLENGTH 256 )

attributetypes=( 1.3.18.0.2.4.3068NAME ’ibm-slapdCachedAttributeSize’DESC ’iHOΘq]HµC0 ϕúC’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3068DBNAME( ’slapdAttrCacheSz’ ’slapdAttrCacheSz’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.3012NAME ’ibm-slapdChangeLogMaxAge’DESC ’ⁿwb÷ßíñiⁿ°Od¡]HpµCC@≤ΘxßíúΣvibm-slapdChangeLogMaxAge CY!wqWXd≥]tAhw] 0CpG0]ú]¡jG2,147,483,647]32 Aatπ’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE USAGE userApplications )IBMAttributetypes=( 1.3.18.0.2.4.3012DBNAME( ’chgLogMaxAge’ ’chgLogMaxAge’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2427NAME ’ibm-slapdChangeLogMaxEntries’DESC ’ⁿwb÷pßíñAiⁿ≤ΘxW¡CC@≤ΘxßíúΣvibm-slapdChangeLogMaxEntries CYSwqWXd≥]tAhw] 0CpG0]ú]¡AjG2,147,483,647]32 Aatπ’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE userApplications )IBMAttributetypes=( 1.3.18.0.2.4.2427DBNAME( ’chgLogMaxEntries’ ’chgLogMaxEntries’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2432NAME ’ibm-slapdCLIErrors’

² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 375

Page 388: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

DESC ’ibmslapd D≈W⌠mADB2 CLITºgJΣñCb Windows WAiⁿuABuºeYS≈r"A]Ow² ²]pG /tmp/cli.errors = D:\Program Files\IBM\ldap\tmp\cli.errorsC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2432DBNAME( ’slapdCLIErrors’ ’slapdCLIErrors’ )ACCESS-CLASS normalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2369NAME ’ibm-slapdDB2CP’DESC ’ⁿw²ΩwrXC1208 O UTF-8 ΩwrXC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2369DBNAME( ’slapdDB2CP’ ’slapdDB2CP’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2431NAME ’ibm-slapdDBAlias’DESC ’DB2 ΩwOWC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2431DBNAME( ’slapdDBAlias’ ’slapdDBAlias’ )ACCESS-CLASS normalLENGTH 8 )

attributetypes=( 1.3.18.0.2.4.2417NAME ’ibm-slapdDbConnections’DESC ’ⁿw°Aú DB2ßí DB2 suCΣO5 ≤jCg@P≤ΘxiHΣLsuC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2417DBNAME( ’DbConnections’ ’DbConnections’ )ACCESS-CLASS criticalLENGTH 2 )

attributetypes=( 1.3.18.0.2.4.2418NAME ’ibm-slapdDbInstance’DESC ’ßí DB2 ΩC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2418DBNAME( ’slapdDbInstance’ ’slapdDbInstance’ )ACCESS-CLASS criticalLENGTH 8 )

attributetypes=( 1.3.18.0.2.4.2382NAME ’ibm-slapdDbLocation’DESC ’ßíΩwbt⌠C

376 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 389: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

b UNIX WAoqO DB2INSTANCE l²]pG/home/ldapdb2Cb Windows WhuO≈ⁿw]pG D:’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2382DBNAME( ’slapdDbLocation’ ’slapdDbLocation’ )ACCESS-CLASS criticalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2426NAME ’ibm-slapdDbName’DESC ’ßí DB2 ΩwWC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2426DBNAME( ’slapdDbName’ ’slapdDbName’ )ACCESS-CLASS criticalLENGTH 8 )

attributetypes=( 1.3.18.0.2.4.2422NAME ’ibm-slapdDbUserID’DESC ’ßí s DB2 ΩwWC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2422DBNAME( ’slapdDbUserID’ ’slapdDbUserID’ )ACCESS-CLASS criticalLENGTH 8 )

attributetypes=( 1.3.18.0.2.4.2423NAME ’ibm-slapdDbUserPW’DESC ’ßí s DB2 ΩwKXC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2423DBNAME( ’slapdDbUserPW’ ’slapdDbUserPW’ )ACCESS-CLASS critical )

attributetypes=( 1.3.18.0.2.4.3054NAME ’ibm-slapdDerefAliases’DESC ’jMnDjOWhAúbßnDñiαⁿw⌠≤ derefAliasesC\ neverBfindBsearch M alwaysC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3054DBNAME( ’slapdDerefAliases’ ’slapdDerefAliases’ )ACCESS-CLASS normalLENGTH 6)

attributetypes=( 1.3.18.0.2.4.3032NAME ’ibm-slapdDigestAdminUser’DESC ’ⁿw LDAP zzs¿ Digest MD5 WCϕ MD5 Digest O OzC’EQUALITY 2.5.13.5

² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 377

Page 390: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3032DBNAME( ’DigestAdminUser’ ’DigestAdminUser’ )ACCESS-CLASS criticalLENGTH 512 )

attributetypes=( 1.3.18.0.2.4.3082NAME ’ibm-slapdDigestAttr’DESC ’m½w] DIGEST-MD5 username C≤DIGEST-MD5 SASL sWd\WCpG!ⁿwA°A uidC’EQUALITY 2.5.13.0SYNTAX 1.3.6.1.4.1.1466.115.121.1.38USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3082DBNAME( ’slapdDigestAttr’ ’slapdDigestAttr’ )ACCESS-CLASS criticalLENGTH 128 )

attributetypes=( 1.3.18.0.2.4.3083NAME ’ibm-slapdDigestRealm’DESC ’m½w] DIGEST-MD5 ΓCpGbúP°AúPWMKXAi²Dn@WMKXrΩCbºWAoOiα]tbßbßXWCrΩ! ]t⌡µOD≈WABiαⁿ[email protected]!ⁿwA°A°A πD≈WC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3083DBNAME( ’slapdDigestRealm’ ’slapdDigestRealm’ )ACCESS-CLASS criticalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2421NAME ’ibm-slapdEnableEventNotification’DESC ’Y] FALSEA°A@nDAúe\ΣHG LDAP_UNWILLING_TO_PERFORM n²≤qC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2421DBNAME( ’enableEvntNotify’ ’enableEvntNotify’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2372NAME ’ibm-slapdEntryCacheSize’DESC ’OΘñiHOsW¡’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2372DBNAME( ’slapdRDBMCacheSiz’ ’slapdRDBMCacheSiz’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2424NAME ’ibm-slapdErrorLog’DESC ’ibmslapd D≈W⌠mATº

378 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 391: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

gJΣñCb Windows WAiⁿuAuºeYS≈r"A]Ow² ²]pG /tmp/slapd.errors = D:\Program Files\IBM\ldap\tmp\slapd.errorsC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2424DBNAME( ’slapdErrorLog’ ’slapdErrorLog’ )ACCESS-CLASS criticalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.3028NAME ’ibm-slapdESizeThreshold’DESC ’ⁿwb≥µ⌡µⁿºeAsbu@εCñu@C’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3028DBNAME( ’slapdESizeThresho’ ’slapdESizeThresho’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.3030NAME ’ibm-slapdEThreadActivate’DESC ’ⁿw¼pN≥µ⌡µⁿC]wUCΣñ@GS - jpAT - íASOT - jpíASAT - jpMíC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3030DBNAME( ’slapdEThreadActiv’ ’slapdEThreadActiv’ )ACCESS-CLASS normalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.3031NAME ’ibm-slapdEThreadEnable’DESC ’ⁿwOiH≥µ⌡µⁿC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3031DBNAME( ’slapdEThreadEnabl’ ’slapdEThreadEnabl’ )ACCESS-CLASS normal LENGTH 5 )

attributetypes=( 1.3.18.0.2.4.3029NAME ’ibm-slapdETimeThreshold’DESC ’ⁿwb≥µ⌡µⁿºeAqu@εCúíjíq]HµC’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3029DBNAME( ’slapdETimeThresho’ ’slapdETimeThresho’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2371NAME ’ibm-slapdFilterCacheBypassLimit’DESC ’jMLo°≤XYWLNú[JujMLo°≤vOΘñA]XLo°≤ ID Mµw]tbOΘñA]wU≤¡εOΘqC 0 ϕS¡εC’

² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 379

Page 392: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2371DBNAME( ’slapdRDBMCacheByp’ ’slapdRDBMCacheByp’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2370NAME ’ibm-slapdFilterCacheSize’DESC ’ⁿwujMLo°≤OΘvñOsW¡C’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2370DBNAME( ’slapdFilterCacheS’ ’slapdFilterCacheS’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2378NAME ’ibm-slapdIdleTimeOut’DESC ’Od! C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2378DBNAME( ’SlapdIdleTimeOut’ ’SlapdIdleTimeOut’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2364NAME ’ibm-slapdIncludeSchema’DESC ’ibmslapd D≈W⌠AΣñ]tLDCF ßí⌡wqCG/etc/V3.system.at /etc/V3.system.oc /etc/V3.ibm.at/etc/V3.ibm.oc /etc/V3.user.at /etc/V3.user.oc/etc/V3.ldapsyntaxes /etc/V3.matchingrules/etc/V3.modifiedschema b Windows WAiⁿuABuºeYS≈r"A]Ow² ²]pG /etc/V3.system.at = D:\Program Files\IBM\ldap\etc\V3.system.atC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2364DBNAME( ’slapdIncldeSchema’ ’slapdIncldeSchema’ )ACCESS-CLASS criticalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2430NAME ’ibm-slapdInvalidLine’DESC ’YLAw²[b tmYCpNiHµjM "ibm-slapdInvalidLine=*"ΦíAOLtm]wC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE userApplications )IBMAttributetypes=( 1.3.18.0.2.4.2430DBNAME( ’slapdInvalidLine’ ’slapdInvalidLine’ )ACCESS-CLASS normalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2365

380 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 393: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

NAME ’ibm-slapdIpAddress’DESC ’ⁿw°AnÑ IP CoiHO IPv4 IPv6 CYSⁿwAh°AwⁿwD≈ IP CoA≤ OS/400C’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2365DBNAME( ’slapdIpAddress’ ’slapdIpAddress’ )ACCESS-CLASS systemLENGTH 32 )

attributetypes=( 1.3.18.0.2.4.2420NAME ’ibm-slapdKrbAdminDN’DESC ’ⁿw LDAP z kerberos ID]p ibm-kn=name@realmCA≤ϕznJ Web AdminA kerberos O OzCⁿwANúⁿw adminDN M adminPWC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2420DBNAME( ’slapdKrbAdminDN’ ’slapdKrbAdminDN’ )ACCESS-CLASS criticalLENGTH 512 )

attributetypes=( 1.3.18.0.2.4.2394NAME ’ibm-slapdKrbEnable’DESC ’O TRUE | FALSE º@Cⁿw°AOΣ kerberos OC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2394DBNAME( ’slapdKrbEnable’ ’slapdKrbEnable’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2419NAME ’ibm-slapdKrbIdentityMap’DESC ’Y] TRUEAϕßOHkerberos ID OA°AjMX kerberos AMßN DN [JsusñCoi²H LDAP DN≥ª ACLAMiHb kerberos OñC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2419DBNAME( ’KrbIdentityMap’ ’KrbIdentityMap’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2416NAME ’ibm-slapdKrbKeyTab’DESC ’ⁿw LDAP °A keytab C]t LDAP °ApK≈AoMΣkerberos bßsC [HO@]pP°A SSL ≈ΩwCb Windows WAiⁿuAuºeYS≈r" (D:)Ah]Ow² ²]pG /tmp/slapd.errors = D:\Program Files\IBM\ldap\tmp\slapd.errorsC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2416DBNAME( ’slapdKrbKeyTab’ ’slapdKrbKeyTab’ )

² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 381

Page 394: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ACCESS-CLASS criticalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2400NAME ’ibm-slapdKrbRealm’DESC ’ⁿw LDAP °A Kerberos ΓC broot DSE ñoµ ldapservicename CNGLDAP °AiH@h½ KDC]HΓbßΩTxswA²OYN LDAP °A@ kerberos°AAuiHOµ@Γ¿C’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2400DBNAME( ’slapdKrbRealm’ ’slapdKrbRealm’ )ACCESS-CLASS criticalLENGTH 256 )

attributetypes=( 1.3.18.0.2.4.3074NAME ’ibm-slapdLanguageTagsEnabled’DESC ’ⁿw²°AO\yÑ@í@í≈Ciα]A TRUE M FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3074DBNAME( ’slapdLanguageTags’ ’slapdLanguageTags’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2415NAME ’ibm-slapdLdapCrlHost’DESC ’ⁿw LDAP °AD≈WA D≈ñ]t τß x.509v3 u°Mµv(CRL)CϕoX ibm-slapdSslAuth=serverclientauth Hß@ CRL τAnC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2415DBNAME( ’LdapCrlHost’ ’LdapCrlHost’ )ACCESS-CLASS criticalLENGTH 256 )

attributetypes=( 1.3.18.0.2.4.2407NAME ’ibm-slapdLdapCrlPassword’DESC ’ⁿw°A SSL s LDAP°AKXA °Añ]t τß x.509v3 u°Mµv(CRL)Cϕ ibm-slapdSslAuth=serverclientauthABwgw∩ CRL τoXßAiαnCNG Y LDAP°AOs CRL e\!gOs CRL]pWsANún ibm-slapdLdapCrlPasswordC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2407DBNAME( ’CrlPassword’ ’CrlPassword’ )ACCESS-CLASS critical )

attributetypes=( 1.3.18.0.2.4.2404 NAME ’ibm-slapdLdapCrlPort’DESC ’ⁿw LDAP °A LDAP ibm-slapdPortA °Añ]t τß x.509v3 u°Mµv(CRL) Cϕ ibm-slapdSslAuth=serverclientauthABwgw∩ CRL τoXß

382 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 395: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

AnoC]IP ≡!A16 πA≤ 1 - 65535 ºí’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2404DBNAME( ’LdapCrlPort’ ’LdapCrlPort’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2403NAME ’ibm-slapdLdapCrlUser’DESC ’ⁿw°A SSL s LDAP °A bindDNA °Añ]t τßx.509v3 u°Mµv(CRL)CϕoX ibm-slapdSslAuth=serverclientauth Hß@ CRL τAiαnCNGY LDAP °AOsCRL e\!gOs CRL]pWsANún ibm-slapdLdapCrlUserC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2403DBNAME( ’LdapCrlUser’ ’LdapCrlUser’ )ACCESS-CLASS criticalLENGTH 1000 )

attributetypes=( 1.3.18.0.2.4.2409NAME ’ibm-slapdMasterDN’DESC ’gú°As DNCΣXP°Aºíwqg≤w÷p½≤ñ replicaBindDNCϕ kerberos OAibm-slapdMasterDNⁿw kerberos ID DN ek]p ibm-kn=freddy@realm1CY kerberosAhMasterServerPW Q ñC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2409DBNAME( ’MasterDN’ ’MasterDN’ )ACCESS-CLASS criticalLENGTH 1000 )

attributetypes=( 1.3.18.0.2.4.2411NAME ’ibm-slapdMasterPW’DESC ’gúsKXCΣXP°Aºíwqg≤w÷p½≤º replicaBindPWCY kerberosAMasterServerPW Q ñC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2411DBNAME( ’MasterPW’ ’MasterPW’ )ACCESS-CLASS critical )

attributetypes=( 1.3.18.0.2.4.2401NAME ’ibm-slapdMasterReferral’DESC ’D°A URL]pGldaps://master.us.ibm.com:636’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2401DBNAME( ’MasterReferral’ ’MasterReferral’ )ACCESS-CLASS criticalLENGTH 256 )

² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 383

Page 396: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

attributetypes=( 1.3.18.0.2.4.2412NAME ’ibm-slapdMaxEventsPerConnection’DESC ’Csuin²≤qW¡Cp = 0 (unlimited) j = 2,147,483,647’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2412DBNAME( ’EventsPerCon’ ’EventsPerCon’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2405NAME ’ibm-slapdMaxEventsTotal’DESC ’suin²≤qW¡Cp = 0 ]ú]¡j = 2,147,483,647’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2405DBNAME( ’MaxEventsTotal’ ’MaxEventsTotal’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2439NAME ’ibm-slapdMaxNumOfTransactions’DESC ’P@í@ñµ÷W¡C0 = ú]¡’EQUALITY 2.5.13.29SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2439DBNAME( ’MaxNumOfTrans’ ’MaxNumOfTrans’ )ACCESS-CLASS criticalLENGTH 11EQUALITYORDERINGSUBSTRAPPROX )

attributetypes=( 1.3.18.0.2.4.2385NAME ’ibm-slapdMaxOpPerTransaction’DESC ’C@µ÷@W¡C0 = ú]¡’EQUALITY 2.5.13.29SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2385DBNAME( ’MaxOpPerTrans’ ’MaxOpPerTrans’ )ACCESS-CLASS criticalLENGTH 11EQUALITYORDERINGAPPROX )

attributetypes=( 1.3.18.0.2.4.2486NAME ’ibm-slapdMaxPendingChangesDisplayed’DESC ’πú°Añ⌠≤wg@≤wnπmg≤sjC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27USAGE userApplications )IBMAttributetypes=( 1.3.18.0.2.4.2486DBNAME( ’slapdMaxPendingCh’ ’slapdMaxPendingCh’ )ACCESS-CLASS normalLENGTH 11 )

384 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 397: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

attributetypes=( 1.3.18.0.2.4.2386NAME ’ibm-slapdMaxTimeLimitOfTransactions’DESC ’mµ÷OW¡AHϕµC0 = ú]¡’EQUALITY 2.5.13.29SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2386DBNAME( ’MaxTimeOfTrans’ ’MaxTimeOfTrans’ )ACCESS-CLASS criticalLENGTH 11EQUALITYORDERINGAPPROX )

attributetypes=( 1.3.18.0.2.4.2500NAME ’ibm-slapdMigrationInfo’DESC ’ ε≤αΩTC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2500DBNAME( ’slapdMigrationInf’ ’slapdMigrationInf’ )ACCESS-CLASS criticalLENGTH 2048 )

attributetypes=( 1.3.18.0.2.4.2376NAME ’ibm-slapdPagedResAllowNonAdmin’DESC ’°AO e\DzsbjMnDWGnDCpGq ibmslapd.conf ¬O TRUEA°ABz⌠≤ßnDA]AWsúXnDCYq ibmslapd.conf ¬O FALSEAh°AuBzπzv¡úXßnDCYßHjM@ TRUE FALSE ½nAnDGA²oSzv¡ABq ibmslapd.conf¬O FALSE A°AßAXOinsufficientAccessRights - ú⌡µjMC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2376DBNAME( ’SlapdPagedNonAdmn’ ’SlapdPagedNonAdmn’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2380NAME ’ibm-slapdPagedResLmt’DESC ’e\Pb@ñ!⌡µGjMnDW¡Cd≥ = 0.... YßnDG@ABj!⌡µGe@ñAh°ANßúLX - ú⌡µ⌠≤jMC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2380DBNAME( ’SlapdPagedResLmt’ ’SlapdPagedResLmt’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2406NAME ’ibm-slapdPlugin’DESC ’íOAⁿJíwAΣiXR°A\αCibm-slapdPlugin Hⁿw

² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 385

Page 398: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

°Anp≤ⁿJPl]wíwCΣykG keyword filename init_function [args...]C@¡xykñLúPAoO]íwRWDúPºGC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2406DBNAME( ’slapdPlugin’ ’slapdPlugin’ )ACCESS-CLASS criticalLENGTH 2000 )

attributetypes=( 1.3.18.0.2.4.2408NAME ’ibm-slapdPort’DESC ’D SSL su TCP/IP ibm-slapdPortCúiHM ibm-slapdSecurePort πPC]IP ≡OLtA16 πA≤ 1 - 65535 ºí’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2408DBNAME( ’slapdPort’ ’slapdPort’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2402NAME ’ibm-slapdPwEncryption’DESC ’O none | imask | crypt | sha º@CⁿwKXxs≤²ºesX≈εCYSⁿwAhw] noneCY] none ºΣLASASL digest-md5 sNóC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2402DBNAME( ’PwEncryption’ ’PwEncryption’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2413NAME ’ibm-slapdReadOnly’DESC ’O TRUE | FALSE º@CⁿwOigJßíCYSⁿwAhw] FALSECY] TRUEA°A LDAP_UNWILLING_TO_PERFORM (0x35)@∩≤¬ΩwñΩº⌠≤ßnDC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2413DBNAME( ’ReadOnly’ ’ReadOnly’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2487NAME ’ibm-slapdReferral’DESC ’ⁿwϕrMnDúXAnαLDAP URLC≤Wα]p ibm-slapdSuffix úsb°ARWwqC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2487DBNAME( ’Referral’ ’Referral’ )ACCESS-CLASS critical LENGTH 32700 )

attributetypes=( 1.3.18.0.2.4.2434NAME ’ibm-slapdReplDbConns’DESC ’g@Ωwsu’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27

386 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 399: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

SINGLE-VALUEUSAGE userApplications )IBMAttributetypes=( 1.3.18.0.2.4.2434DBNAME( ’slapdReplDbConns’ ’slapdReplDbConns’ )ACCESS-CLASS normalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2367NAME ’ibm-slapdReplicaSubtree’DESC ’Ogl≡ DNC’EQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12USAGE userApplications )IBMAttributetypes=( 1.3.18.0.2.4.2367DBNAME( ’slapdReplicaSubtr’ ’slapdReplicaSubtr’ )ACCESS-CLASS normalLENGTH 1000 )

attributetypes=( 1.3.18.0.2.4.2437NAME ’ibm-slapdSchemaAdditions’DESC ’ibmslapd D≈W⌠AΣñ]tLDCF ßí⌡wqCG /etc/V3.modifiedschemaCb Windows WiⁿuAuºeYS≈r"A]Ow² ²]pG /etc/V3.system.at = D:\Program Files\IBM\ldap\etc\V3.system.atC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2437DBNAME( ’slapdSchemaAdditi’ ’slapdSchemaAdditi’ )ACCESS-CLASS normalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2363NAME ’ibm-slapdSchemaCheck’DESC ’O V2 | V3 | V3_lenient º@CⁿwsW/∩@⌡d≈εCV2 = ⌡µ LDAP v2 dCV3 = ⌡µ LDAP v3 dCV3_lenient = ún"½≤OC[JAun±½≤OC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2363DBNAME( ’SchemaCheck’ ’SchemaCheck’ )ACCESS-CLASS criticalLENGTH 10 )

attributetypes=( 1.3.18.0.2.4.2398NAME ’ibm-slapdSecurePort’DESC ’SSL su TCP/IP ≡CúiMibm-slapdPort πPC]IP ≡OLt 16 πA≤ 1 - 65535 ºí’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2398DBNAME( ’SecurePort’ ’SecurePort’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2399NAME ’ibm-slapdSecurity’DESC ’O none | SSL | SSLOnly º@Cⁿw°Aⁿsu¼Cnone - °AuÑD SSL ≡Cssl - °AÑSSL MD SSL ≡Csslonly - °AuÑ SSL ≡C’EQUALITY 2.5.13.2

² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 387

Page 400: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2399DBNAME( ’Security’ ’Security’ )ACCESS-CLASS criticalLENGTH 7 )

attributetypes=( 1.3.18.0.2.4.2433NAME ’ibm-slapdServerId’DESC ’wqg@ñ°A’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26SINGLE-VALUEUSAGE userApplications )IBMAttributetypes=( 1.3.18.0.2.4.2433DBNAME( ’slapdServerId’ ’slapdServerId’ )ACCESS-CLASS normalLENGTH 240 )

attributetypes=( 1.3.18.0.2.4.2397NAME ’ibm-slapdSetenv’DESC ’°A≈A⌡µ ibm-slapdSetenv putenv()AH∩Σv⌡µ⌠CShell (%PATH% \24LANG)NúiCe@kO]w DB2CODEPAGE=1208AoO UCS-2 (Unicode) Ωwn]wC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2397DBNAME( ’slapdSetenv’ ’slapdSetenv’ )ACCESS-CLASS criticalLENGTH 2000 )

attributetypes=( 1.3.18.0.2.4.2396NAME ’ibm-slapdSizeLimit’DESC ’jMnW¡AúbßjMnDñOⁿw⌠≤jp¡εCd≥ = 0.... Yß¡εAhpßMq ibmslapd.conf ¬CYßS¡εABs admin DNAh°¡εú]¡CYßS¡εA]Ss admin DNAhq ibmslapd.conf ¬¡εC0 = ú]¡C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2396DBNAME( ’SizeLimit’ ’SizeLimit’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2381 NAME ’ibm-slapdSortKeyLimit’DESC ’bµ@jMnDñiHⁿw °≤]ΣW¡Cd≥ = 0.... YßjMnD]A ΣWL¡εe\AB jMε½n] FALSEAh°Aqibmslapd.conf ¬AbF¡εºß ñJ⌠≤ Σ - ⌡µjMP CYßjMnD]AΣWL¡εe\AB jMε½n] TRUEAh°AX adminLimitExceeded - Nú⌡µjM C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2381DBNAME( ’SlapdSortKeyLimit’ ’SlapdSortKeyLimit’ )ACCESS-CLASS critical

388 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 401: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

LENGTH 11 )

attributetypes=( 1.3.18.0.2.4.2377NAME ’ibm-slapdSortSrchAllowNonAdmin’DESC ’°AO e\DzsbjMnDW nDCYq ibmslapd.conf ¬O TRUEA°ANBz⌠≤ßnDA]AWsúXnDCYqibmslapd.conf ¬O FALSEAh°AuBzπzv¡úXßnDCYßnD ⁿwjM@½n TRUEA²Szv¡ABq ibmslapd.conf ¬ FALSEAh°AßAX insufficientAccessRights - ú⌡µjM C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2377DBNAME( ’SlapdSortNonAdmin’ ’SlapdSortNonAdmin’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2395NAME ’ibm-slapdSslAuth’DESC ’O serverauth | serverclientauth º@CⁿwSSL suO¼Cserverauth - bßΣ°AOCserverclientauth - Σ°AHßOC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2395DBNAME( ’slapdSslAuth’ ’slapdSslAuth’ )ACCESS-CLASS criticalLENGTH 16 )

attributetypes=( 1.3.18.0.2.4.2389NAME ’ibm-slapdSslCertificate’DESC ’ⁿw O≈Ωwñ°AHCObzL ikmgui í°ApK≈PⁿwCYSwqibm-slapdSslCertificateAh LDAP °A SSL suN≈Ωwñwqw]pK≈C’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2389DBNAME( ’SslCertificate’ ’SslCertificate’ )ACCESS-CLASS criticalLENGTH 128 )

attributetypes=( 1.3.18.0.2.4.2429NAME ’ibm-slapdSslCipherSpec’DESC ’SSL KXWµA] DES-56BRC2-40-MD5BRC4-128-MD5BRC4-128-SHABRC4-40-MD5BTripleDES-168 AESCªwqb LDAP ßP°Aºí SSL suAiⁿ[K/KΦkC’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2429DBNAME( ’slapdSslCipherSpe’ ’slapdSslCipherSpe’ )ACCESS-CLASS normalLENGTH 30 )

² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 389

Page 402: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

attributetypes=( 1.3.18.0.2.4.2362NAME ’ibm-slapdSslCipherSpecs’DESC ’b ibm-slapdSslCipherSpec ñΣA²úCⁿw@QiXAⁿXb LDAP ßP°AºíSSL suAiH[K/KΦkCXNϕLDAP °AΣi[K/KΦkCw²wqKXΣípUGSLAPD_SSL_TRIPLE_DES_SHA_US 0x0A T½ DES tΓkAπ@ 168 ≈

H@ SHA-1 MACSLAPD_SSL_DES_SHA_US 0x09DES 56 ≈M SHA-1 MAC [KSLAPD_SSL_RC4_SHA_US 0x05 RC4 128 ≈M SHA-1 MAC [KSLAPD_SSL_RC4_MD5_US 0x04 RC4 128 ≈M MD5 MAC [KSLAPD_SSL_RC4_MD5_EXPORT 0x03 RC4 40 ≈M MD5 MAC [KSLAPD_SSL_RC2_MD5_EXPORT 0x06 RC2 40 ≈M MD5 MAC [K’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2362DBNAME( ’SslCipherSpecs’ ’SslCipherSpecs’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( 1.3.18.0.2.4.3088NAME ’ibm-slapdSslFIPsModeEnabled’DESC ’Y TRUEAⁿw°AN ICC GSKitAY False h BSAFE C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3088DBNAME( ’slapdSslFIPsModeE’ ’slapdSslFIPsModeE’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2375NAME ’ibm-slapdSSLKeyDatabase’DESC ’LDAP °A SSL ≈Ωw⌠C≈ΩwO Bz LDAP ß SSL suAHs LDAP °Aw SSL suCb Windows WAiⁿuAuºeYS≈ⁿw (D:)Ah]Ow² ²]pG /etc/key.kdb = D:\Program Files\IBM\ldap\etc\key.kdbC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2375DBNAME( ’slapdSSLKeyDataba’ ’slapdSSLKeyDataba’ )ACCESS-CLASS criticalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2438 NAME ’ibm-slapdSSLKeyDatabasePW’DESC ’ⁿwP LDAP °A SSL ≈Ωw÷pKXApb ibm-slapdSslKeyDatabase ⁿwCY LDAP °A≈Ωw÷pKX⌠AhiHñ ibm-slapdSslKeyDatabasePW A]wibm-slapdSslKeyDatabasePW = noneCNGKX⌠≤M≈ΩwP²ñABM≈ΩwPWAúLWO .sthAúO .kdb’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2438DBNAME( ’slapdSSLKeyDPW’ ’slapdSSLKeyDPW’ )ACCESS-CLASS normal )

attributetypes=( 1.3.18.0.2.4.2392NAME ’ibm-slapdSslKeyRingFile’DESC ’LDAP °A SSL ≈Ωw⌠C≈Ωw

390 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 403: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

O Bz LDAP ß SSL suAHs LDAP °Aw SSL suCb Windows WAiⁿuAuºeYS≈ⁿw (D:)Ah]Ow² ²]pG /etc/key.kdb = D:\Program Files\IBM\ldap\etc\key.kdbC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2392DBNAME( ’SslKeyRingFile’ ’SslKeyRingFile’ )ACCESS-CLASS criticalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2390NAME ’ibm-slapdSslKeyRingFilePW’DESC ’ⁿwP LDAP °A SSL ≈Ωw÷pKXApb ibm-slapdSslKeyRingFile ⁿwCY LDAP °A≈Ωw÷pKX⌠AhiHñ ibm-slapdSslKeyRingFilePW A]wibm-slapdSslKeyRingFilePW = noneCNGKX⌠≤M≈ΩwP²ñABM≈ΩwPWAúLWO .sthAúO .kdbC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2390DBNAME( ’SslKeyRingFilePW’ ’SslKeyRingFilePW’ )ACCESS-CLASS critical )

attributetypes=( 1.3.18.0.2.4.3058NAME ’ibm-slapdStartupTraceEnabled’DESC ’O [TRUE|FALSE] Σñº@CⁿwOnb°A¼lΩTC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3058DBNAME( ’slapdStartupTrace’ ’slapdStartupTrace’ )ACCESS-CLASS normalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2388NAME ’ibm-slapdSuffix’DESC ’ⁿwnxsbßíñRWwqC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2388DBNAME( ’slapdSuffix’ ’slapdSuffix’ )ACCESS-CLASS criticalLENGTH 1000 )

attributetypes=( 1.3.18.0.2.4.2480NAME ’ibm-slapdSupportedWebAdmVersion’DESC ’wqΣ°Atm webzDxC’EQUALITY 2.5.13.2ORDERING 2.5.13.3SUBSTR 2.5.13.4SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2480DBNAME( ’slapdSupWebAdmVer’ ’slapdSupWebAdmVer’ )ACCESS-CLASS normalLENGTH 256 )

² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 391

Page 404: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

attributetypes=( 1.3.18.0.2.4.2393NAME ’ibm-slapdSysLogLevel’DESC ’O l | m | h º@Cú@pΩOⁿb ibmslapd.log ñhCh - ¬]Am - ñAl - C]nC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2393DBNAME( ’SysLogLevel’ ’SysLogLevel’ )ACCESS-CLASS criticalLENGTH 1 )

attributetypes=( 1.3.18.0.2.4.2391NAME ’ibm-slapdTimeLimit’DESC ’bjMnDßϕW¡AúßnDOⁿw⌠≤í¡εCd≥ = 0.... Yß@¡εAhpßMqibmslapd.conf ¬CYßS¡εABH admin DN sAh°¡εú]¡CYßS¡εA]SH admin DN sAhq ibmslapd.conf ¬¡εC0 = ú]¡C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2391DBNAME( ’TimeLimit’ ’TimeLimit’ )ACCESS-CLASS criticalLENGTH 11 )

attributetypes=( ibm-slapdStartupTraceEnabled-oidNAME ’ibm-slapdTraceEnabled’DESC ’O TRUE | FALSE º@CⁿwOnb°A¼lΩT’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( ibm-slapdStartupTraceEnabled-oidACCESS-CLASS normalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.3060NAME ’ibm-slapdTraceMessageLevel’DESC ’b ibmslapd -h ⁿOµ∩ºßiⁿ⌠≤A]wúTºh’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3060DBNAME( ’slapdTraceLevel’ ’slapdTraceLevel’ )ACCESS-CLASS normalLENGTH 6)

attributetypes=( 1.3.18.0.2.4.3059NAME ’ibm-slapdTraceMessageLog’DESC ’nN LDAP C API Mú¿Tºg°AD≈W⌠mCb Windows WAiⁿuAuºeYS≈NA]Ow² ²]pG /tmp/tracemsg.log = C:\Program Files\IBM\LDAP\tmp\tracemsg.logC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3059DBNAME( ’slapdTraceMessage’ ’slapdTraceMessage’ )

392 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 405: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

ACCESS-CLASS normalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.2384NAME ’ibm-slapdTransactionEnable’DESC ’Y FALSEAhπΘµ÷ΣF°A LDAP_UNWILLING_TO_PERFORMA StartTransaction nDC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2384DBNAME( ’TransactionEnable’ ’TransactionEnable’ )ACCESS-CLASS criticalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2499NAME ’ibm-slapdUseProcessIdPW’DESC ’Y] trueA°AP ibmslapd Bz÷pnJ ID sΩwCY] falseAh°A ibm-slapdDbUserID M ibm-slapdDbUserPWΓ sΩwC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2499DBNAME( ’useprocidpw’ ’useprocidpw’ )ACCESS-CLASS normalLENGTH 5 )

attributetypes=( 1.3.18.0.2.4.2436NAME ’ibm-slapdVersion’DESC ’IBM Slapd X’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2436DBNAME( ’slapdVersion’ ’slapdVersion’ )ACCESS-CLASS normalLENGTH 1024 )

attributetypes=( 1.3.18.0.2.4.3026NAME ’ibm-slapdWriteTimeout’DESC ’ⁿw²gJOCϕFí¡εANñsuC’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3026DBNAME( ’slapdWriteTimeout’ ’slapdWriteTimeout’ )ACCESS-CLASS normalLENGTH 11 )

A≤

HUCiHA≤MµCo≤Aún½s°ANiH

C

Cn=Configuration

v ibm-slapdadmindn

v ibm-slapdadminpw

v ibm-slapderrorlog

v ibm-slapdpwencryption

² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 393

Page 406: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

v ibm-slapdsizelimit

v ibm-slapdsysloglevel

v ibm-slapdtimelimit

cn=Front End, cn=Configuration

v ibm-slapdaclcache

v ibm-slapdaclcachesize

v ibm-slapdentrycachesize

v ibm-slapdfiltercachebypasslimit

v ibm-slapdfiltercachesize

v ibm-slapdidletimeout

cn=Event Notification, cn=Configuration

v ibm-slapdmaxeventsperconnection

v ibm-slapdmaxeventstotal

cn=Transaction, cn=Configuration

v ibm-slapdmaxnumoftransactions

v ibm-slapdmaxoppertransaction

v ibm-slapdmaxtimelimitoftransactions

c n = C o n f i g D B , c n = C o n f i g B a c k e n d s , c n = I B M D i r e c t o r y ,cn=Schemas,cn=Configuration

v ibm-slapdreadonly

c n = D i r e c t o r y , c n = R D B M B a c k e n d s , c n = I B M D i r e c t o r y ,cn=Schemas,cn=Configuration

v ibm-slapdbulkloaderrors

v ibm-slapdclierrors

v ibm-slapdpagedresallownonadmin

v ibm-slapdpagedreslmt

v ibm-slapdpagesizelmt

v ibm-slapdreadonly

v ibm-slapdsortkeylimit

v ibm-slapdsortsrchallownonadmin

v ibm-slapdsuffix

394 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 407: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

² I. N

ΩTOw∩ IBM bⁿΩúºúPAoXC bΣLΩaañA

IBM úúoúñúUúBA\αCnDzbaOi

oúAAVϕa IBM ANϕdCbú IBM úBí

AAúϕtuα IBM úBíACunI< IBM z

]úvA⌠≤\αϕúBíAúiHN IBM úBíACú

LAΣLD IBM úBíAbB@WPτAΣd⌠≤C

IBM ∩≤σ≤eMQMQ1Cσ≤ú#ezMQº⌠≤

vCziHΦídv÷DAτHG

IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785U.S.A.

pGnd÷ (DBCS) ΩTvyApzΩaa IBM z

]úíAΦíHG

IBM World Trade Asia Corporation Licensing2-31 Roppongi 3-chome, Minato-kuTokyo 106, Japan

UCq¿YPΩºk°ΦAY°úAG IBM H¼úA úú

⌠≤qºO (]A²ú¡≤iΓXSwO)CYab

Yµ÷Wú0\úWzOAhúLC

ñiαNWLΩW"C]AIBM wqFNqß

eJsñCPAIBM oH∩i () ΩTñúú ()

íC

bΩTñAZ∩≤D IBM ⌠zAúuΦKºGAúNϕ∩≤o⌠

⌠≤ Co⌠ú≈Aú≤ IBM ú@í≈FpGnQo⌠

Az")µßIC

IBM oHUAϕΦí¼% Q ßú⌠≤ΩTA L∩ztdC

íº≥vYµo÷ΩAHKUCΩTió IBMCΣUCΩT

ⁿOG(1) WíPΣLí]]Aíºí≤½ΩTΦíF (2)

¼wµ½ºΩTΦkCpG⌠≤DpG

IBM CorporationDepartment LZKS11400 Burnet RoadAustin, TX 78758U.S.A.

WzΩºoΣSϕn≤AbYípU"IOΦoC

© Copyright IBM Corp. 2003 395

Page 408: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

IBM ≥≤ΦºuIBM ßXvBuΩívXv⌠≤PÑXº°A

úσ≤ñzºvíPΣAvΩC

⌠≤B[\⌡µαΩúOb@ⁿε⌠UMwXC]AYbΣ

L@⌠UAoGiαjjúPCwwboÑqtWLAú

LoúOb@δtWXPGCAAwiαwzL Φí

⌠LC²ΩGiαDpC )vSw⌠AdAΩ

C

úºD IBM úΩTAY@%ú AΣXnΣL

DoCIBM LoúA]LkToD IBM ú⌡µαBe

B⌠≤∩úΣLDiOLCpGz∩D IBM úα⌠≤

AwVú dC

÷ IBM V⌠≤»zANϕ IBM wAiα≤²ní

pUM#C

ú IBM ΓNϕ IBM esΓµAiαH≤CgP ú

µiαúPC

UCWⁿO International Business Machines Corporation bⁿΩM/ΣLΩaa

G

v AIX

v DB2

v IBM

v OS/400

v SecureWay

v Tivoli

v WebSphere

v World Registry

v z/OS

Java O Sun Microsystems, Inc. U C

MicrosoftBMS-DOSBWindows H Windows NT O Microsoft Corporation U

UNIX O The Open Group U C

ΣLqBúMAíWOΣLqU AOC

396 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 409: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Wⁿ

iHΣ IBM Directory ú@ⁿJwq

"

±∩Wh (matching rule)±∩Whíp≤⌡µ±CⁿΣ±∩

Wh]AG

caseExactIA5MatchcaseExactMatchcaseExactOrderingMatchcaseExactSubstringsMatchcaseIgnoreIA5MatchcaseIgnoreMatchcaseIgnoreOrderingMatchcaseIgnoreSubstringsMatchdistinguishedNameMatchdistinguishedNameOrderingMatchgeneralizedTimeMatchgeneralizedTimeOrderingMatchintegerFirstComponentMatchintegerMatchobjectIdentifierFirstComponentMatchobjectIdentifierMatchoctetStringMatchtelephoneNumberMatchtelephoneNumberSubstringsMatchuTCTimeMatch

¡

²⌡ (directory schema)²ñUO%@Σ÷p

¿CCiα@h

CYnOñSwA¼W

nM@ⁿwAp ″cn=John Doe″Cou:vt∩CCú]t@

objectClass Awq]tΩ

T¼CΩWA½≤OiHⁿXñ

iα]tΣLC²⌡wq²

ñiαX¼P½≤OC

¼wqwqΣj°Py

kC½≤OwqhⁿwbO½≤ñ

"AHiαC

)

Ph°A (Peer server)ϕwl≡hD°AAíD°

AⁿJCPh°Aú gt@

Ph°Aeª≤F u g

²bªW≤C

h (multiple value)hOⁿw@HWC

iHhepQaM@mCYn

sWhYA÷@UhAMß

C@µ[J@CY]thA

µNπ¿UMµC

r (suffix)rO@ DNAOxsb²

ÑhñWhC%≤ LDAP ñ

∩RW≈εAo DN ]O²ÑhñΣ

LCrCCí²°Aiα

hrAC@r!OOxs

²ÑhC

sεMµ (access control list, ACL)sεMµ (ACL) ú@ΦkO@x

sb LDAP ²ñΩTCziH

ACL ¡ε²úPí≈Sw²

sCLDAP ² ÷YÑhí

≡¼cCC@²]½≤ú

]t½≤OWAH@M∩

C

sεs (access control group)iµsεsCC@sñú

]t%¿ DN ¿h¼Cs

εs½≤O ’AccessGroup’C

s\iv (access permission)s\iv@ΓG

v Aπ½≤\iv

v AsOO\iv

w Socket h (Secure Sockets Layer, SSL)IBM Tivoli Directory Server w Socket

hwAO@ LDAP sC

SSL O@ LDAP P IBM Tivoli Directory

Server ºíqTA SASL O≈

ε]τí≈εO°AA

X.509 OßP°AC

C

OW (alias)LDAP ñiHOW≤²≡

ñA⌠≤mCOWOⁿVΣL²

½≤@ⁿC

© Copyright IBM Corp. 2003 397

Page 410: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

OW½≤O ’½≤O=aliasObject’CO

ñ"n ’aliasedObjectName’ ñA]t

t@²½≤π DN]OW½

≤C

b C API ñAbw]ípUAOW½≤ú

bjM@íCßibⁿO

µWXAnDCbMΣjM

≥ªAiNOWCYⁿw@

≥ª½≤OOW½≤Ah½≤bl

jMºeA²úC

pAY½≤π DN

″cn=personOfTheWeek, o=Corporation,

c=US″AΣ al iasedObjectName:

″cn=personA, o=Corporation,c=US″C]w’deref finding’ AjM≥ª

″cn=personOfTheWeek, o=Corporation, c=US″ ″cn=personA,

o=Corporation,c=US″CobN¿jM≥ªC

t@iαObjMíNOWCb

ípUA@≥ª DN O%ßú

DNA²NbjMíΣOW

C

ΣdO≥ª o=Corporation, c=US″ jM ″cn=*week*″C÷MΣXIO″cn=personOfTheWeek, o=Corporation,

c = U S ″A½≤QAN″cn=personA, o=Corporation,c=US″ #@jMGC

]iH ’all’CoϕOW

bMΣjM≥ªHbjM@íΣ½

≤AiµC

°A (replica) °AOⁿ²°AC

g°AiHOsπ²A

uOs²@²≡C∩ °A

⌠≤≤sAúαD°ACY

D°AóAzb °AW,@≈

²≡C °A]iH∩

#íC

gl≡ (replicated subtree) gl≡OO DIT @í≈AªOq@í°

A gΣL°ACbo]pUAS

wl≡iH gY°AA úα

gΣL°ACl≡iHbw°A

WgJA ΣLl≡hiHO¬C

g≤w (replication agreement) g≤wOⁿ²ñ]tΩTAwqΓí

°Aºíusuvu g⌠vCΣ

ñ@í°Aú]eX≤°A

At@í]¼≤°A

C≤wñ]tqúº

ísuAHw gn

ΩTC

gx (replication site)tmb@ ghD°AM⌠≤D

°ABPh °AC

g⌠⌠ (Replicating network)]ts gx⌠⌠C

g⌠wq (replication context)ⁿX gl≡ CziHN

ibm-replicationContext U½≤OsW

ñANª g CP g

÷tmΩTOs g⌠wqU

@ñC

ñΓ (role)ñΓMsⁿAúLª]t%z

?Sϕ\ivC

K

°A (consumer server)°AOⁿzL g@AqΣL [ú

] °A¼≤°AC

½≤Owq (object class definition)Cú]t@ objectClass A

wq]tΩT¼C½≤OⁿX

ñiα]tΣLC²⌡w

q²ñiHX¼P½≤

OC¼wqwqΣj°P

ykC½≤OwqhⁿwbO½≤

ñ"AHiαC

½≤O¼ (object class type)½≤OiHOcíApA

personFΓH¼ApAtopFU¼ApAePersonC

E

∩OW (relative distinguished name, RDN)∩OW (RDN) OOW (DN)

@≤CpAYπ DN O cn=John

398 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 411: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Doe,ou=Test,o=IBM,c=USAh RDN NO

cn=John DoeC

Q@

As (dynamic group)AsOⁿjMϕíwqsC

ϕsW²ñA

XjMϕíA] )¿s

¿CAt]ú µBv

ΦkßíG

v SwO≤Sws¿

C

v CXSws¿C

v CXSw⌡sC

jMϕíiHMΣLs@C

osi@sεºC

¼l≡ (Nested subtree)¼l≡Ob²ΣLl≡@l

≡C

¼s (nested group)NsX¿¼iHÑhí÷YAH

Kwqs¿ΩµC¼s

wqOⁿ@lsAΣ DN Q)

sñ]tCtwg

wq@sAT!¼s

M@δ¿C

jM (sorted search)jMε²ßiH @≥

¼jMGAΣñC≥Nϕ@j

MΣCpiNd⌠Aqß

í°AA]b°A⌡µ

vCpAziαn m≤BWr

qXAN@≈uMµCú

nmjMMµΓA+αNΣ]@

b°AWAMßÑG#bß

WAm@AunmjMMµ@

AMßbNG#ßíº

eA[HC

QG

ú°A (supplier server)ú°AOⁿe≤ΣL []

°A°AC

ÑíCg (cascading replication)ÑíC gO@ gAΣñhh

°AhCPh/D°A g@p

¬°AAMßA gΣL°AC

oiH!D°A g@t

ⁿC

QT

s (group)sΓ¼G

v @δs

v iµsεsC

@δs½≤O

’GroupOfNames’B’GroupOfUniqueNames’

wqsCsεs½≤

O ’AccessGroup’C

C@s½≤út%¿ DN ¿h

¼Csúi]ts DNC

hD°A (Gateway server)@í°AAqΣb gxAN

gyqα g⌠⌠ñΣLh

DC]¼) g@⌠⌠ΣLhD

°A gyqAAαΣ g

xW°AC

hD°A"OD°A]igJC

Q"

yk (syntax)ykOⁿΩ"nµíCⁿΣyk]

AG

IBM ¼í±∩WhíWµíí¼í½≤OíDIT cWhíDIT eWhíLDAP ykíOID±∩WhíBoolean - TRUE/FALSEBinary - KirΩINTEGER - πrqíIA5 rΩ - jpgrΩ²rΩ - újpgrΩUTC íqXDN - OW

Q)

Rε (quiesce)°AB≤Lkⁿß≤s¼AA

Wⁿ 399

Page 412: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

u%z⌡µ% gzεH

C

QC

Wh (indexing rule)bñ[WhAiH≤t

ΩTCIBM Tivoli Directory Server úUC

WhG

v Ñ

v j

v lrΩ

v fV

\ 114yWhzC

QK

α (referral)αú@Φí²°ANß

ΣL²°ACαAziHG

v NWíΩT!bhí°AW

v iΩOb@÷p°Añ≤

B

v NßnDeAϕ°A

α@δµíG

ldap[s]://hostname:portCαDw°AµíqOG

ldap://hostname:389A αw SSL

°AµíG

ldaps://hostname:636CΣlΩTA\ 58yúαzC

α°A (Forwarding server) gªº≤¬°ACoM

Ph/D°A#Abo°Añª

O¬A BSPh°AC

QE

OW (distinguished names, DN)²ñC@ú@OW

(DN)CDN Ob²ñ@OW

CDN O%hu=vt∩¿AU

t李HrIjApG

cn=Ben Gray,ou=editing,o=New YorkTimes,c=US

cn=Lucille White,ou=editing,o=NewYork Times,c=US

cn=Tom Brown,ou=reporting,o=NewYork Times,c=US

LDAP DN HSO]qOY

WYAß≥sxAq

OHΩaCDN @≤

u∩OWv(RDN)CªiH

O≤MπP)ΣLC

GQ@

sO (attribute access class)nⁿ\iv+αs!bP

@OñCⁿw⌡ñs

OCiH∩TsOG

v @δ

v P

v ½n

A

aclEntryaclEntry O@h¼AΣñ]tis

½≤ΣC@ΩTC

aclEntry CXUCΩT¼G

v ΩΘ½≤vQ]O@d≥C

v iHs>≥O]

sOC

v s>≥vQ]\ivC

aclPropagate²≡ñ⌠≤½≤úiH]w ACLCpP

bσ¼ÑhítñA LDAP s

εMµiHU²ÑhñCo

ACL ACLAΣ aclPropagate

trueC½≤lbúb

Il ACL ]wCYnⁿwMΣ)

úP A C LA"Ta]ws

ACLC

aclSourceC@½≤ú@÷p aclSource

C]twq ACL DNC

O%°AOsAúLAiX@z

C

B

bulkload@ⁿOµíAH LDIF µíj

qⁿJjqΩC

E

entryOwnerC@½≤ú@÷p entryOwner

400 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 413: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

CentryOwner iαO@A

@sAM aclEntry iⁿ½≤ⁿC

úLAentryOwner DΘ∩½≤M

vCbΩWOSw½≤z

CLSw½≤πsvA

ⁿ≤z DNCzΩwñ⌠

≤½≤π\ivC

G

gsk7ikmgsk7ikm íi-pK≈

∩1B¼1≈Ωw

ñHz≈Ωwñ≈Cgsk7ikm

@íCiú⌡

µ@nΩTCYz@Aª

oX@hTºAúz½súΩTC

L

ldapaddLDAP ∩ H LDAP sWuπ

ldapmodify OiHq shell sAIs

ldap_modify M ldap_add Γíw

Cldapadd Ω@ ldapmodify ≤WCϕ ldapadd A-a]sWXN)C

ldapdeleteLDAP Rúuπ ldapdelete OiHq

shell sAsIs ldap_delete íw

Cldapdelete M LDAP °Aºí

suAiµsAMßRú@h

CYú@h DN AhRú

π%OW (DN) CC@

DN OHrΩe DNC

ldapmodifyLDAP ∩ H LDAP sWu

π ldapmodify OiHq shell sAI

s ldap_modify M ldap_add Γíw

Cldapadd Ω@ ldapmodify ≤WCϕ ldapadd A-a]sWXN)C

ldapmodrdnLDAP ∩ RDN uπ ldapmodrdn O

iHq shell sAIs ldap_modrdn

íwC ldapmodrdn M

LDAP °AºísuAiµsAMß

∩ RDNCΩTOqΘJB

]zL -f ∩AqⁿOµDN P RDN t∩¬C

ldapsearchLDAP jMuπ ldapsearch OiHq shell s

AIs ldap_search íwC

ldapsearch M LDAP °Aºí

suAiµsAMßLo°≤⌡µj

MCLo°≤X LDAP Lo°≤r

ΩekC

LDIF L D A P Ωµ½µí ( L D I F )Ab

ldapmodifyBldapadd H ldapsearch ⁿOµíñAHiΓσrµí

Nϕ LDAP C

LDIF uπ ldif OiHzL shell s

íAªiN⌠NΩα½ LDIFC

ªqΘJ¬ΘJAMßúX

LDIF O²C

ldif2dbíiNHσr LDAP ²µ½µí

(LDIF) ⁿwAⁿJ÷píΩw

²ñCΩw"wsbCldif2db isW²ΩwñAsWwg

]tΩwñC

O

ownerPropagateM ACL \αPC

w]AuÑh≡VUA

BΣ] trueCY]

falseAN∩g¿M≤Sw½

≤C

ownerSourceC@½≤ú@÷p ownerSource

C]twq

DNCO%°A@AúLAi

X@zC

Wⁿ 401

Page 414: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

402 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 415: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

HñσrAσrAS

ϕºCC

eGfGi 195

eTfl⌡ 116

l≡

± 291

l≡± 291

lO 102

u@í

°A¼A 34

wLo ACL 201, 211

e"fúe\≤

⌡ 117

í

ß 249

°A 284

ⁿOµ 249

bulkload 284

db2ldif 288

dbback 287

dbrestore 287

ibmdirctl 289

ldapadd 249, 265

ldapchangepwd 250

ldapdelete 253

ldapdiff 291

ldapexop 257

ldapmodify 249, 265

ldapmodrdn 271

ldapsearch 275

ldaptrace 297

ldif 300

ldif2db 300

runstats 301

ldapadd 249, 265

ldapchangepwd 250

ldapdelete 253

ldapdiff 291

ldapexop 257

ldapmodify 249, 265

ldapmodrdn 271

í (≥)

ldapsearch 275

Θx 173

f

zní 183

²°A 173

zní 181, 182

f 175

bulkload 180

DB2 179

±∩Wh 113

e¡fDx 18

qñú°A 22

nJ 18

nX 19

sW°A 21

≤e 22

≤KX 21

≤nJ 21

HAΦí≤ 393

[K

µVsX

crypt 85

SHA-1 85

h 84

VsX

imask 85

ssl 83

iH⌠Dn 80

"n\iv 205

Lo ACL 210

ßí

ldapadd 249, 265

ldapchangepwd 250

ldapdelete 253

ldapdiff 291

ldapexop 257

ldapmodify 249, 265

ldapmodrdn 271

ldapsearch 275

ßO 73

²°A

Θx 173

²°AΘx 173

e)fµ÷

]w 53

µ÷hw 67

@P⌡ 100

Wí 61

r 57

spΓ

ⁿwWh 208

XWh 208

A⌡ 117

sεMµ 201

s\iv

LDAP @ 205

svQ 205

w Sockest h 67

w 74

KXh 86

Kerberos 92

ssl 67

¿Ωµ 197

)µ≈ 78

eCfεC

g 166

°A

ε 24

24

°Aí

bulkload 284

db2ldif 288

dbback 287

dbrestore 287

ibmdirctl 289

ldaptrace 297

ldif 300

ldif2db 300

runstats 301

°A¼A 25

°Aα

]w 47

°A

utmví 15

°APßO 68

°A 71

°AO 67

© Copyright IBM Corp. 2003 403

Page 416: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

@

257

≈ 78

Rú 250, 253

°A 129

g

l≡ 133

D°A 133

εC 166

°AñΓ 131

136

A⌡ 117

165

Ny 129

úΩT 137

g

d 144

gⁿOµ

° 313

ñΓ 224

¡≈∩M

Kerberos 94

eKf≤q 55

55

55

z 243

ⁿOµ 45

π²\α⌠⌠

⌡Σ 125

≤w

g 132

ACL 206

@ 257

g 129

½≤OX 101

½≤O 101

s 223

U 196

IBMAttributeTypes 112

IBMsubschema 116

¼A

°A 25

su 34

74

iH⌠Dn 80

)µ 78

Rú 78

≈ (≥)

pK 74

≈1 81

úiH⌠Dn 81

J 80

X 79

w] 78

≤ΩwKX 77

π÷ΩT 77

≈∩ 74

≈⌠

α 82

eEf÷p

°A, zLα 61

ⁿO 249

bulkload 284

db2ldif 288

dbback 287

dbrestore 287

ibmdirctl 249, 289

ldapadd 249, 265

ldapchangepwd 249

ldapdelete 253

ldapdiff 291

ldapexop 249, 257

ldapmodify 249, 265

ldapmodrdn 271

ldapsearch 275

ldaptrace 249, 297

ldif 300

ldif2db 300

runstats 301

ⁿOµ 45

d

⌡ 116

eQf∩ 271

α 47

í

q 126

UTC 126

317

ú

°A 312

ⁿO 312

tm 310

iÑΘX 311

Ωwtm 310

° 310

ú (≥)

h 312

eQ@fε°A 24

A

⌡ 117

As 219

A⌡

±∩Wh 113

sε 117

g 117

≤ 117

@ 42

KX

Dxz 21

w 86

z 23

z 23

yk≥D 91

≤ 250

KXh 87

¼s 220

jM 51, 278

ldapsearch 278

CΘ 165

Cg 165

°A 24

utmví 15

VXís 221

α

≈⌠ 82

Wh

114

qí 126

q

≤ 55

su 34

e 36

εA 36

eQGfúΩT 137

Ω DN 203

189

Rú 253

∩ 271

jM 275

≤KX 250

w∩⌡ 124

404 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 417: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

eQTfutmví 15

≥D 15

J

≈ 80

X

≈ 79

jM

jp¡ε 49, 225

w 49

! 49

!G 52

Γ 199

ε 50

í¡ε 49, 225

]w 49

iÑ 198

197

÷ 197

jM¡ε

s 225

jM 275

jMLo°≤

47

s 219

¿Ωµ 197

½≤O 223

A 219

¼ 220

VXí 221

jM¡ε 225

z 244

RA 219

Proxy v 229

Ωµ½µí 327

Ωw

≈ 287

287

Ωwsu

47

⌡µWh 8

eQ"f率

g 144

°

gⁿOµ 313

ú 310

í°A 308

\iv 305

GSKit 305

IBM Websphere Application Server -

Express O 308

° (≥)

kerberos AíWW 305

A¼A 30

z

W 23

KX 23

z

zs 38

Γ 235

zní 13

fΘx 183

Θx 181, 182

znífΘx 183

zníΘx 181, 182

zs 38

l⌡ 116

@q 100

Σ 100

½≤O 101

d 116

A

≤ 117

¼ 99

d 124

107

¼ 99

úe\ 117

IBM Tivoli Directory Server 5.2

369

yÑΣ 329

45

45

yk

OW 7

Sϕr 8

115

ACL 202

Backus Naur Form 7

Γ 235

z 239

z 235

eQ¡ff

Θx 175

fΘx 175

sw 74

í

ú 312

d 237

d (≥)

z 240

d

LDIF 327

1 328

eQ)f 74

1 78

zñ 74

OW 80

ldap 317

X 317

RAs 219

eQCfí°A

° 308

apache tomcat 17

IBM WebSphere Application Server -

Express O 17

\iv

° 305

d

124

Ωw 287

eQKfs²²≡ 189

α 58

!Wí 61

°A÷p 61

60

w]

wq 59

eQEfOW 7

Ω 203

°

GSKit 305

eGQf

½≤O 102

405

Page 418: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

eGQ@f 107

Gi 195

HAΦí- ≤ 393

64

@ 42

yk 115

MAY 125

MUST 125

64

¼

⌡ 99

eGQGfO

ß 73

°A 67

°APß 68

eGQTf≤≡ 45

AACL 201

wLo 211

Lo 210

206

Lo°≤¼ 201

yk 202

ACL jp 47

Bbulkload 284

Θx 180

bulkload Θx 180

DDB2

Θx 179

DB2 Θx 179

db2ldif 288

dbback 287

dbrestore 287

DEN 125

DN 7

Ω 203

DN ⌡µr 8

GGSKit 74

° 305

IIANA r 329

IBM Websphere Application Server -

Express O

D 308

IBMAttributeTypes 112

ibmdirctl 249, 289

ibmslapd ∩ 15

ibmslapd.conf 57

IBMsubschema 116

iPlanet

σk 126

e 126

KKerberos 92

kerberos AíWW

° 305

Lldapadd 249, 265

ldapchangepwd 249, 250

ldapdelete 253

ldapdiff 291

ldapexop 249, 257

ldapmodify 45, 249, 265

ldapmodrdn 271

ldapsearch 275

ldaptrace 249, 297

LDIF 327

ldif 300

ldif2db 300

OOID 101

PProxy v

s 229

Rrdn 271

ref 60

referral

½≤O 60

ref 60

runstats 301

SSSL 67

TTLS 67

UUTC í 126

UTF-8 329

uuid 315

WWeb zuπ

nJ 23

Web zDx 18

Θx 173

Web zní 13

406 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU

Page 419: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2
Page 420: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2
Page 421: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2
Page 422: IBM Tivoli Directory Server: IBM Tivoli Directory Server ºÞ²z¤â¥Upublib.boulder.ibm.com/.../IDSadmin52/zh_TW/PDF/admin_gd.pdf · 2003-10-02 · IBM Tivoli Directory Server 5.2

Printed in Denmark by IBM Danmark A/S

SC40-1892-00