ibm tivoli directory server: ibm tivoli directory server...
TRANSCRIPT
IBM Tivoli Directory Server
IBM Tivoli Directory Server zΓU
5.2
SC40-1892-00
IBM Tivoli Directory Server
IBM Tivoli Directory Server zΓU
5.2
SC40-1892-00
bΩTHΣΣúºeA²\¬ 395² I, yNzñ@δΩTC
@]2003 9 δ
úDsñtúAhA≤ IBM Tivoli Directory Server 5.2 AHß≥M∩C
© Copyright International Business Machines Corporation 2003. All rights reserved.
²
eÑ . . . . . . . . . . . . . . . . viiAX∩H . . . . . . . . . . . . . . viiX . . . . . . . . . . . . . . . . vii
IBM Tivoli Directory Server w . . . . . vii÷X . . . . . . . . . . . . . viiuWsX . . . . . . . . . . . . viii
≤Uuπ . . . . . . . . . . . . . . . viiipnΘΣñ . . . . . . . . . . . . viiiD . . . . . . . . . . . . . viiirΘD . . . . . . . . . . . . . ix@ttº . . . . . . . . . . . . . ix
1 g ²º[ . . . . . . . . . . 1
1 wq² . . . . . . . . . . . 3²ßP°A . . . . . . . . . . . . 3²w . . . . . . . . . . . . . . 3
2 IBM Tivoli Directory Server . . 5
3 OW (DN) . . . . . . . . 7OWyk . . . . . . . . . . . . . . 7DN ⌡µWh . . . . . . . . . . . . . . 8wj DN Bz . . . . . . . . . . . 9
2 g °Az . . . . . . . . 11
4 ²zní . . . . . . . 13²zní . . . . . . . . . . . 13ε²zní . . . . . . . . . . . 13
5 utmví . . . . . . . . 15utmvíCD . . . . . . . . . 15p≤butmvíU . . . . . . . . 15 Web zG . . . . . . . . . . . 15ⁿOµG . . . . . . . . . . . . . 15
p≤butmvíUτ°Ab⌡µ . . . 16 Web zG . . . . . . . . . . . 16ⁿOµG . . . . . . . . . . . . . 16
6 Web zuπí
(GUI) . . . . . . . . . . . . . . . 17 Web zuπ. . . . . . . . . . . . 17nJDx . . . . . . . . . . . . . . 17HDxz¡≈nJDx . . . . . . . 17H°Az¡≈nJDx . . . . . . . 18Hzs¿ LDAP ¡≈nJDx 18
DxGm . . . . . . . . . . . . . . 18nXDx . . . . . . . . . . . . . . 19
7 ]wDx . . . . . . . . . 21zDx . . . . . . . . . . . . . . 21≤DxznJ . . . . . . . . . . 21≤DxzKX . . . . . . . . . . 21sWB∩úDxñ°A . . . . . 21zDxe . . . . . . . . . . . . 22
8 ≥°Az@ . . . . . . 23nJ Web zuπ. . . . . . . . . . . . 23≤zOWPKX . . . . . . . . 23 Web zG . . . . . . . . . . . 23ⁿOµG . . . . . . . . . . . . . 24
Pε°A . . . . . . . . . . . . 24 Web zG . . . . . . . . . . . 24ⁿOµ Windows AG . . . . . 25
d°A¼A . . . . . . . . . . . . . 25 Web zG . . . . . . . . . . . 25ⁿOµG . . . . . . . . . . . . . 30
z°Asu . . . . . . . . . . . . . 34 Web zG . . . . . . . . . . . 35ⁿOµG . . . . . . . . . . . . . 36
zsue . . . . . . . . . . . . . . 36 Web zG . . . . . . . . . . . 36ⁿOµG . . . . . . . . . . . . . 38
zs . . . . . . . . . . . . . . 38Mzs . . . . . . . . . . 39sW¿zs . . . . . . . . . . 40∩zs¿ . . . . . . . . . . . 41qzsú¿ . . . . . . . . . . 42
z@ . . . . . . . . . . . . . . 42@s . . . . . . . . . . . 42q@M椣 . . . . . . . 44
9 ]w°Ae . . . . . . . . 45≤°A≡PyÑ . . . . . . . . 45 Web zG . . . . . . . . . . . 46ⁿOµG . . . . . . . . . . . . . 46
]wα . . . . . . . . . . . . . . . 47 Web zG . . . . . . . . . . . 47ⁿOµG . . . . . . . . . . . . . 48
]wjM . . . . . . . . . . . . . . . 48 Web zG . . . . . . . . . . . 49ⁿOµG . . . . . . . . . . . . . 49XRjMε . . . . . . . . . . . . . 50
µ÷Σ . . . . . . . . . . . 53µ÷Σ . . . . . . . . . . . . . 53µ÷Σ . . . . . . . . . . . . . 54
≤q . . . . . . . . . . . 55≤q . . . . . . . . . . . . . 55≤q . . . . . . . . . . . . . 56
sWúr . . . . . . . . . . . . . 57
© Copyright IBM Corp. 2003 iii
sWr . . . . . . . . . . . . 57úr . . . . . . . . . . . . . . 57
úα . . . . . . . . . . . . . 58α . . . . . . . . . . . . . . 59úα . . . . . . . . . . . . . . 59]wαΣL LDAP ² . . . . . . . . 60
bñsWú . . . . . . . 63]wsW . . . . . . . . 64úñ . . . . . . . . . . 65
10 O@² . . . . . . . . . . 67tmw]w . . . . . . . . . . . . . 67 Web zG . . . . . . . . . . . 67ⁿOµG . . . . . . . . . . . . . 68µ÷hw . . . . . . . . . . . . . 69w Socket h . . . . . . . . . . . . 69 gsk7ikm . . . . . . . . . . . . . 74
]w≈Ωw . . . . . . . . . . . . . 82 Web zG . . . . . . . . . . . 83ⁿOµG . . . . . . . . . . . . . 83
]w[Kh . . . . . . . . . . . . . . 83 Web zG . . . . . . . . . . . 83ⁿOµG . . . . . . . . . . . . . 84KX[K . . . . . . . . . . . . . . 85
]wKXh . . . . . . . . . . . . . . 86 Web zG . . . . . . . . . . . 87ⁿOµG . . . . . . . . . . . . . 87KXh . . . . . . . . . . . . . . 88
]wKXΩw . . . . . . . . . . . . . . 89 Web zG . . . . . . . . . . . 89ⁿOµG . . . . . . . . . . . . . 90
]wKXτ . . . . . . . . . . . . . . 90 Web zG . . . . . . . . . . . 90ⁿOµG . . . . . . . . . . . . . 91
]w Kerberos. . . . . . . . . . . . . . 92 Web zG . . . . . . . . . . . 93ⁿOµG . . . . . . . . . . . . . 93 Kerberos. . . . . . . . . . . . . 93Kerberos ¡≈∩M . . . . . . . . . . 94
oετ . . . . . . . . . . . . . . 96 Web zG . . . . . . . . . . . 96ⁿOµG . . . . . . . . . . . . . 96
tm DIGEST-MD5 ≈ε . . . . . . . . . . 97 Web zG . . . . . . . . . . . 97ⁿOµG . . . . . . . . . . . . . 97
11 z IBM Directory ⌡ . . . 99@q⌡Σ . . . . . . . . . . . . . 100½≤OX (OID) . . . . . . . . . . . . 101Bz½≤O . . . . . . . . . . . . . 101wq½≤O . . . . . . . . . . . . 101°½≤O . . . . . . . . . . . . 102sW½≤O . . . . . . . . . . . . 103sΦ½≤O . . . . . . . . . . . . 104s½≤O . . . . . . . . . . . . 105Rú½≤O . . . . . . . . . . . . 106
Bz . . . . . . . . . . . . . . . 107° . . . . . . . . . . . . . . 107sW . . . . . . . . . . . . . . 108sΦ . . . . . . . . . . . . . . 109s . . . . . . . . . . . . . . 110Rú . . . . . . . . . . . . . . 111IBMAttributeTypes ¼ . . . . . . . 112±∩Wh . . . . . . . . . . . . . . 113Wh . . . . . . . . . . . . . . 114yk . . . . . . . . . . . . . . 115
l⌡ . . . . . . . . . . . . . . 116IBMsubschema ½≤O . . . . . . . . . . 116⌡d . . . . . . . . . . . . . . . 116A⌡ . . . . . . . . . . . . . . . 117sε . . . . . . . . . . . . . . 117 g . . . . . . . . . . . . . . . 117
úe\⌡≤ . . . . . . . . . . . . 118½≤O . . . . . . . . . . . . . . 118 . . . . . . . . . . . . . . . 118yk . . . . . . . . . . . . . . . 123±∩Wh . . . . . . . . . . . . . . 124
⌡d . . . . . . . . . . . . . . . 124 ⌡d . . . . . . . . . . 124
DEN ⌡Σ . . . . . . . . . . . . . 125iPlanet e . . . . . . . . . . . . . 126qP UTC í . . . . . . . . . . . . 126
12 g . . . . . . . . . . . 129 g . . . . . . . . . . . . . . . 129 g≤w . . . . . . . . . . . . . . . 132D- °A . . . . . . . . . . 132 Web zG . . . . . . . . . . . 133ⁿOµG . . . . . . . . . . . . 138
D-α- . . . . . . . . . . . 140 Web zG . . . . . . . . . . . 140ⁿOµG . . . . . . . . . . . . 141
° gº[ . . . . . . . . . . 144Ph g]w° . . . . . . . 144 Web zG . . . . . . . . . . . 146ⁿOµG . . . . . . . . . . . . 147
]whD . . . . . . . . . . . . . 152 Web zG . . . . . . . . . . . 154ⁿOµG . . . . . . . . . . . . 155
z g Web z@ . . . . . . . 160z . . . . . . . . . . . . . . 160∩ ge . . . . . . . . . . . . 164 g . . . . . . . . . . . . 165zεC . . . . . . . . . . . . . . 166
z gⁿOµ@ . . . . . . . . . 167ⁿwl≡ú DN MKX . . . . . . . 167° gtmΩT . . . . . . . . . . . 168 g¼A . . . . . . . . . . . . 169hD°A . . . . . . . . . . . . 170
13 Θxí . . . . . . . 173∩ΘxOⁿ . . . . . . . . . . . . 173
iv IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ⁿOµG . . . . . . . . . . . . 174°Θx . . . . . . . . . . . . . 174 Web zG . . . . . . . . . . . 174ⁿOµG . . . . . . . . . . . . 174
fΘx . . . . . . . . . . . . . . . 175fΘx∩fΘx]w . . . . . . 175fΘx . . . . . . . . . . . . 177°fΘx . . . . . . . . . . . . 177
DB2 ΘxOⁿ. . . . . . . . . . . . 179∩ DB2 Θx]w . . . . . . . . . 179° DB2 Θx . . . . . . . . . . 179
bulkload Θx . . . . . . . . . . . . 180∩jqⁿJΘx]w . . . . . . . . 180° bulkload Θx . . . . . . . . . 180
zníΘxOⁿ . . . . . . . . . 181∩zníΘx]w . . . . . . 181°zníΘx . . . . . . . . 182
znífOⁿ . . . . . . . . . . 183znífΘxP∩zfΘx]
w . . . . . . . . . . . . . . . . 183znífΘx . . . . . . . . 184°znífΘx . . . . . . . . 184
3 g ²z . . . . . . . . . 187
14 ² . . . . . . . 189s²²≡ . . . . . . . . . . . . . . 189sW . . . . . . . . . . . . . . . 189yÑ . . . . . . . . . . . . . . . 190]tπyѺ . . . . . 191jM]tπyѺ . . . . . 192qñúyÑyzl . . . . . . . 193
Rú . . . . . . . . . . . . . . . 193∩ . . . . . . . . . . . . . . . 194Gi . . . . . . . . . . . . . . 195s . . . . . . . . . . . . . . . 195sΦsεMµ . . . . . . . . . . . . 196sWU½≤O . . . . . . . . . . . . 196RúUO . . . . . . . . . . . . . 197≤s¿Ωµ . . . . . . . . . . . . 197jM² . . . . . . . . . . . . . 197jMLo°≤ . . . . . . . . . . . . 197∩ . . . . . . . . . . . . . . . 199
15 sεMµ . . . . . . . 201º[ . . . . . . . . . . . . . . . . 201
EntryOwner ΩT . . . . . . . . . . . 201sεΩT . . . . . . . . . . . . 201
sεyk . . . . . . . . . . . . 202DD . . . . . . . . . . . . . . . 203Ω DN . . . . . . . . . . . . . . 203½≤Lo°≤ . . . . . . . . . . . . 205vQ . . . . . . . . . . . . . . . 205
. . . . . . . . . . . . . . . . 206s⌠Γ . . . . . . . . . . . . . . . 207 ACL . . . . . . . . . . . . . . 209
Web zuπíz ACL . . . 209ⁿOµíz ACL . . . . . . 213
l≡ gN . . . . . . . . . . . . 217
16 sñΓ . . . . . . . . 219s . . . . . . . . . . . . . . . . 219RAs . . . . . . . . . . . . . . 219As . . . . . . . . . . . . . . 219¼s . . . . . . . . . . . . . . 220VXís . . . . . . . . . . . . . 221Pws¿Ωµ . . . . . . . . . . . 221s½≤O . . . . . . . . . . . . 223s¼ . . . . . . . . . . . . 224
ñΓ . . . . . . . . . . . . . . . . 224
17 zjM¡εs . . . . . . 225jM¡εs . . . . . . . . . . . . 225 Web zG . . . . . . . . . . . 225ⁿOµG . . . . . . . . . . . . 227
∩jM¡εs . . . . . . . . . . . . 227 Web zG . . . . . . . . . . . 227ⁿOµG . . . . . . . . . . . . 227
sjM¡εs . . . . . . . . . . . . 227°AzG . . . . . . . . . . . 227ⁿOµG . . . . . . . . . . . . 227
újM¡εs . . . . . . . . . . . . 228 Web zG . . . . . . . . . . . 228ⁿOµG . . . . . . . . . . . . 228
18 z Proxy vs . . . . 229 Proxy vs . . . . . . . . . . . 229 Web zG . . . . . . . . . . . 229ⁿOµG . . . . . . . . . . . . 230
∩ Proxy vs . . . . . . . . . . . 231°AzG . . . . . . . . . . . 231ⁿOµG . . . . . . . . . . . . 231
s Proxy vs . . . . . . . . . . . 231°AzG . . . . . . . . . . . 231ⁿOµG . . . . . . . . . . . . 231
ú Proxy vs . . . . . . . . . . . 231 Web zG . . . . . . . . . . . 232ⁿOµG . . . . . . . . . . . . 232
4 g ÷@ . . . . . . 233
19 ΓBdBs 235Γ . . . . . . . . . . . . . . . 235Γz . . . . . . . . . . . . . 235Γzs . . . . . . . . . . . 235z . . . . . . . . . . . . 236sWzzs . . . . . . . . . 236
d . . . . . . . . . . . . . . . 237sWdΓ . . . . . . . . . . . . . 238s . . . . . . . . . . . . . . . 239sWΓ . . . . . . . . . . . . 239zΓ . . . . . . . . . . . . . . . 239
² v
sWΓ . . . . . . . . . . . . . . 239sΦΓ . . . . . . . . . . . . . . 240úΓ . . . . . . . . . . . . . . 240sΦΓW ACL . . . . . . . . . . 240
zd . . . . . . . . . . . . . . . 240sWd . . . . . . . . . . . . 240sΦd . . . . . . . . . . . . . . 242úd . . . . . . . . . . . . . . 242sΦdW ACL . . . . . . . . . . 243
z . . . . . . . . . . . . . . 243sW . . . . . . . . . . . . . 243MΣΓ . . . . . . . . . . 243sΦΩT . . . . . . . . . . . 243s . . . . . . . . . . . . . 244ú . . . . . . . . . . . . . 244
zs . . . . . . . . . . . . . . . 244sWs . . . . . . . . . . . . . . 244MΣΓs . . . . . . . . . . . 245sΦsΩT . . . . . . . . . . . . 245ss . . . . . . . . . . . . . . 245ús . . . . . . . . . . . . . . 245
5 g ⁿOµí . . . . . . 247
20 ⁿOµí. . . . . . . 249ßí . . . . . . . . . . . . . 249
ldapchangepwd . . . . . . . . . . . . 250ldapdelete . . . . . . . . . . . . . . 253ldapexop . . . . . . . . . . . . . . 257ldapmodifyBldapadd . . . . . . . . . . 265ldapmodrdn . . . . . . . . . . . . . 271ldapsearch . . . . . . . . . . . . . . 275
°Aí . . . . . . . . . . . . . 284bulkload í . . . . . . . . . . . 284dbback . . . . . . . . . . . . . . . 287dbrestore . . . . . . . . . . . . . . 287db2ldif í . . . . . . . . . . . 288ibmdiradm. . . . . . . . . . . . . . 289ibmdirctl . . . . . . . . . . . . . . 289ldapdiff . . . . . . . . . . . . . . 291ldaptrace . . . . . . . . . . . . . . 297ldif í . . . . . . . . . . . . 300ldif2db í . . . . . . . . . . . 300runstats . . . . . . . . . . . . . . 301
6 g ²PßO . . . . . . . . 303
² A. ° . . . . . . . . . . 305GSKit . . . . . . . . . . . . . 305\iv . . . . . . . . . . . . . . 305Kerberos . . . . . . . . . . . . . . . 305
Kerberos AíW≤ . . . . . . . . 305b Windows W slapd.cat o . . . . 306Web z. . . . . . . . . . . . . . . 306
b Web zuπñΘJΩl . . . . . 306ΣLnJeó . . . . . . . . . . . 307ldapmodify ⁿON Web zm≤ú@P¼A 307b Windows 2003 ¡xW Web z GUI DxJx° . . . . . . . . . . . . 307AIX W Websphere Application Server -Express . . . . . . . . . . . . . . 308Web zuπb HP-UX Wsuñ . . . . 308Web zBϕµYMRAMµπyÑúT . . . . . . . . . . . . . . . 309LkTπ HTML Sϕr . . . . . . 310Web zb Domino™ °AWn IBMJDK . . . . . . . . . . . . . . . 310
ú . . . . . . . . . . . . . . . . 310tmúΘX . . . . . . . . . . . . 310ibmslapd ⁿO . . . . . . . . . . . 312°Aúí . . . . . . . . . . . . 312
gⁿOµ]A≤ Windows ¡x 313
² B. IBM UUID . . . . . . . . . 315
² C. X . . . . . . . . . . . 317
² D. Root DSE ñ½≤OX
(OID) P . . . . . . . . . . . . 321Root DSE ñ . . . . . . . . . . . 321ΣP\α OID . . . . . . . . . . 323ACI ≈ε OID . . . . . . . . . . . . 324@ OID . . . . . . . . . . . . 324ε OID . . . . . . . . . . . . . . 325
² E. LDAP Ωµ½µí (LDIF) 327LDIF d . . . . . . . . . . . . . . 327 1 LDIF Σ . . . . . . . . . . . 328 1 LDIF d . . . . . . . . . . . 328¡xΣ IANA r . . . . . . . . . 329
² F. IPv6 Σ . . . . . . . . . 331
² G. IBM Tivoli Directory Server5.2 nwq . . . . . . . . . 333
² H. IBM Tivoli Directory 5.2 t
m⌡½≤OM . . . . . . . . 369tm½≤O . . . . . . . . . . . . . 369tm . . . . . . . . . . . . . . . 372A≤ . . . . . . . . . . . . 393
² I. N . . . . . . . . . . 395 . . . . . . . . . . . . . . . . 396
Wⁿ. . . . . . . . . . . . . . 397
. . . . . . . . . . . . . . . 403
vi IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
eÑ
σ≤]tz IBM® Tivoli® Directory Server nΩTC
AX∩H
AXtz\¬C
X
\¬ IBM Tivoli Directory Server wíAHPXiα∩zUC
bzMwnXºßA\uWsXⁿC
IBM Tivoli Directory Server w
IBM Tivoli Directory Server wñX]AG
IBM Tivoli Directory Server Version 5.2 Readme Addendum
Tivoli nΘw⌠s IBM Tivoli Directory Server 5.2 Readme
AddendumAΣñt Readme ñ]t½nΩTCpsuWX
÷ΩTA\ viiiyuWsXzC
IBM Tivoli Directory Server 5.2 ß Readme
]t÷≤ßsΩTC
IBM Tivoli Directory Server 5.2 °A Readme
]t°AsΩTC
IBM Tivoli Directory Server 5.2 Web zuπ Readme
]tuWeb zuπvs÷ΩTC Readme iHquWeb zuπv
DeñoC
IBM Tivoli Directory Server 5.2 wPtmΓU
]tw IBM Tivoli Directory Server ßB°AM Web zuπ
πΩTC]Aq IBM Tivoli Directory Server or SecureWay® Directory i
µα÷ΩTC
IBM Tivoli Directory Server Version 5.2 Tuning Guide
]tπ°AH≥o≤nα÷ΩTC
IBM Tivoli Directory Server 5.2 zΓU
]tzLuWeb zuπvⁿOµ⌡µz@ⁿC
IBM Tivoli Directory Server Version 5.2 Plug-in Reference
]tg°Aí÷ΩTC
IBM Tivoli Directory Server Version 5.2 C-Client SDK Programming Reference
]tg LDAP ßí÷ΩTC
÷X
UCXú÷ IBM Tivoli Directory Server ÷ΩTG
© Copyright IBM Corp. 2003 vii
v IBM Tivoli Directory Server 5.2 Sun Microsystems JNDI ßC÷
J N D I ßΩTA\ S u n M i c r o s y s t e m s ⌠ (
http://java.sun.com/products/jndi/1.2/javadoc/index.html) W Java™ Naming and Directory
Interface™ 1.2.1 SpecificationC
v Tivoli nΘwúU Tivoli XApBΩϕBdB⌡Miτ
ÑCTivoli nΘw≤UC⌠Ghttp://www.ibm.com/software/tivoli/library/
v Tivoli nΘWⁿ]t\h Tivoli nΘ÷NNywqCTivoli nΘWⁿ
úσAΣ≤UC⌠ Tivoli nΘw⌠¬Σ Glossary ñGhttp://www.ibm.com/software/tivoli/library/
uWsX
Tivoli nΘwñuWúúXAuiΓíσ≤µí (PDF)vM]uW
σrOyÑ (HTML)vµíGhttp://www.ibm.com/software/tivoli/libraryC
YnbwñMΣúXA÷@Uuwv¬ΣúΓUC
Ab Tivoli nΘΩTñWMΣ÷@UúWC
ΩTO úA]A READMEBwΓUBΓUBzΓUMoΓ
UC
: YnTOα≈TaCL PDF XA∩ Adobe AcrobatuCLv°íñ
MJi∩]ϕz÷@U →CLXC
≤Uuπ
≤Uuπ\αOU Θ¬]pµúK°O¬Qan
ΘúCúAziHUNÑM²CwºßAz]iH
ΣLN ½@í\αC
pnΘΣñ
bzp IBM Tivoli nΘΣñHMDºeA² IBM tzM Tivoli
nΘ⌠A⌠pUG
http://www.ibm.com/software/sysmgmt/products/support/
pGnB≤UA≤UC⌠º IBM nΘΣΓUñípnΘΣ
ñG
http://techsupport.services.ibm.com/guides/handbook.html
ⁿñúUCΩTG
v ¼ΣUMΩµD
v qXMqll≤A zbΩa w
v s ßΣñºez¼ΩTMµ
D
bSϕNyM@H@t÷ⁿOM⌠ΦFDC
viii IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
rΘD
ñUCrΘDG
Θ °HPP≥σr!pgⁿOVXjpgⁿOB÷ΣrBB∩B
Java OWM½≤íHΘϕC
Θ XDHjSϕrⁿⁿJOHΘϕC
<Θ>
< > ]wH <Θ>ϕC
ÑerΘ
íXdBⁿOµB⌡ΘXB°HPP≥σr!M²WBt
TºB"ΘJσrHⁿO∩OHÑerΘϕC
@ttº
ΓU UNIX® Dⁿw⌠²ϕkCϕz Windows® ⁿO
µAN⌠º $variable N %variable%AN²⌠ñu (/)
N¿#u (\)CpGzb Windows tW Bash ShellAhiH UNIX
DC
eÑ ix
x IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
1 g ²º[
© Copyright IBM Corp. 2003 1
2 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
1 wq²
²OHÑhícC½≤÷ΩT¿CªO@SϕΩwAi²
íΣπ Sw@ºSΩC
pGD½≤WAhiΣSCpGúDYSw½≤WAhijM
²AHΣX@tCXYD½≤CqziH Sw≥jM²A
úuO Jw@ wC
²O@MΩwAΣñ]@S Mq÷píΩwOCΣñ@
²SOΣs]¬jMWvq±≤s]gJWvo¬C%≤²
"α≈Σjq¬nDA@δ ÑAb¬sΦjC%≤²
DnúOnúqΩwδh\αA]bj¼!í⌠ñAi¿H
g¿ú≤híts²ΩC
²iñí!íCpG²ñíAhu@m]@²°A
]°AOAMú²sCpG²!íAh%@HW°A
]qO!bUatdú²sC
ϕ²!íA²ñΩTi! gΦíCpGΩT!ΦíAhC
@²°AñUxs@p@Bú½ΩTCτYA%C@°AUx
s@²C!²NO LDAP α\αCLDAP α\αi²
Nu ²sqT≤w (LDAP) vnD¿t@]P@°AñP
úPWíCϕΩT gΦíAhP@²xsb@HW°A
ñCb!í²ñAΩTiH!AΩTiH gC
²ßP°A
²qOuß/°AvqTísCßP°Aiαúúo
bP≈WC°Aα≈AhßC Q¬]gJ²ñΩT
íúOs²CªIs@\αí]p (API)AHKú@
hTºt@CGNúXnDíAs²ñΩ
TCAAN¬gJ@G#úXnDíC
API wqSwí]pyÑsAí]pCßP°Aíµ½
TºµíPeA"ϕugL PNqT≤wC LDAP wqF@²
ßP²°ATºqT≤wCτú÷p C yÑ LDAP APIA
H@ΦkAHKαq JavaíAH Java RWP² (JNDI) s²C
²w
²iΣΩ@wh@≥\αC²úúoú≥ªw
\αA²iMia⌠⌠wAπXAHú@≥wAC²A
OΦkCOOⁿτOuHCWPKXO≥
OΦíCbgLOºßAh"PLOv∩Sw½≤⌡µnD
@C
© Copyright IBM Corp. 2003 3
vHsεMµ (ACL) ≥ªCACL O@vMµAis²ñ½≤P
CACL wqC@sα≈úα≈s¼CF² ACL
≤δ H≤e÷zAqONsvP!b@C
4 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
2 IBM Tivoli Directory Server
IBM Tivoli Directory Ω@O Internet Engineering Task Force (IETF) LDAP V3 W
µCAªt IBM b\αPαΦK[[j\αC IBM DB2®
≈xswAHúU LDAP @µ÷πXB¬α@HuW ≈P\
αCIBM Tivoli Directory Server MH IETF LDAP V3 ≥ªßµ¼B@C
Dn\αpUG
v iztm IBM Directory (GUI) – ΣzMtm\α
zα≈G
– iµl²]wC
– ≤tmP∩
– z²Θ@AOsWsΦ½≤]pG½≤OBP
ÑC
v AXW²⌡ – τYAziwqsP½≤OAHj²⌡C
Ab@PdεUA]i∩²⌡iµ≤CiHA∩⌡
eA ú"½s²°AC%≤⌡¡O²@í≈A]izL
LDAP API iµ⌡≤s@CLDAPv3 AXW⌡úDn\αpUG
– izL LDAP API d⌡ΩT
– zL LDAP API A≤⌡
– °A Root DSE
v UTF-8]qrα½µí– IBM Tivoli Directory Server iΣUyÑΩA
i²xsBPzϕaytrXΩTC
v ÷OPwh (SASL) – ΣOw∩ΣLO≈ε úCw Socket h
(SSL) X.509v3 ≈úΩ[KPOC°Aitm¿bΣ
úΣ SSL U⌡µC
v g – iΣ g\αFb\αUAiúΣL²¬AHú&²A
αPiaC g]ΣαMhD°AC
v α – iΣ LDAP α\αA²²i!Gbh LDAP °AWA bí
pUA@°Añiαutπ²ΩñlC
v sεí – izL ACL ΣjjB÷≤zsεíC
v ≤Θx
v KXh
v wfΘxOⁿ
v LDAP API A≤tm
© Copyright IBM Corp. 2003 5
6 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
3 OW (DN)
²ñC@ú@OW (DN)CDN Ob²ñ@OWC
DN O%hu=vt∩¿AUt∩ºíHrIjApG
cn=Ben Gray,ou=editing,o=New York Times,c=UScn=Lucille White,ou=editing,o=New York Times,c=UScn=Tom Brown,ou=reporting,o=New York Times,c=US
ZO²⌡ñwqAic¿ DNC≤t∩ϕ½nC
N²ÑhC@h ÑADN Ut@≤ABOq íA@b
ºhεCLDAP DN HSO]qOYWYAß≥sx
AqOHΩaCDN @≤u∩OWv(RDN)Cªi²
O≤ΣLπ P)CbWñARDN ″cn=Ben Gray″ ²@O≤G]Σ RDN ″cn=Lucille White″CúºAoΓd DN @
@CAc¿ RDN u:vt∩τ"XbñC]o∩≤ DN
ΣL≤ ÑúAC
OWyk
°AΣOW (DN) ykAO RFC 2253 CBackus-Naur Form
(BNF) ykwqpUG
<name> ::= <name-component> ( <spaced-separator> )| <name-component> <spaced-separator> <name>
<spaced-separator> ::= <optional-space><separator><optional-space>
<separator> ::= "," | ";"
<optional-space> ::= ( <CR> ) *( " " )
<name-component> ::= <attribute>| <attribute> <optional-space> "+"
<optional-space> <name-component>
<attribute> ::= <string>| <key> <optional-space> "=" <optional-space> <string>
<key> ::= 1*( <keychar> ) | "OID." <oid> | "oid." <oid><keychar> ::= letters, numbers, and space
<oid> ::= <digitstring> | <digitstring> "." <oid><digitstring> ::= 1*<digit><digit> ::= digits 0-9
<string> ::= *( <stringchar> | <pair> )| ’"’ *( <stringchar> | <special> | <pair> ) ’"’| "#" <hex>
<special> ::= "," | "=" | <CR> | "+" | "<" | ">"| "#" | ";"
<pair> ::= "\" ( <special> | "\" | ’"’)<stringchar> ::= any character except <special> or "\" or ’"’
© Copyright IBM Corp. 2003 7
<hex> ::= 2*<hexchar><hexchar> ::= 0-9, a-f, A-F
÷M@δOrI (,) rAúL]i! (;) rjOWñ RDNC
riXbrI!Γñ⌠@CrQñAB!QN
¿rIC
A’+’ ’=’ eßiXµ (’ ’ ASCII 32) rCbσRñoµr
C
iAW (’″’ ACSII 34) rA²rúO@í≈CbAW
iXUCrA úQ¿⌡µrG
v XbrΩYµ ″#″ r
v XbrΩµr
v UC@rG″’″B″=″B″+″B″\″B″<″B″>″ ″;″
Aibn⌡µµ@re[W@#u (’\’ ASCII 92) CΦki⌡µW
zC⌠≤rH (’″’ ASCII 34) rC
oϕkOFαΦK@δWµíCUCdOoϕkg
OWC@OtT≤WC@≤h¼ RDNCh¼ RDN t
@HWu:vt∩Aib µ CN tkúMATOSwG
OU=Sales+CN=J. Smith,O=Widget Inc.,C=US
DN ⌡µWh
DN itSϕrCor ,]rIB=]ÑB+][B<]p≤B>]j≤B#]# OB;]!B\]#uP “”]C
pGnb DN rΩñYñA⌡µoSϕrΣLrAUC⌠≤
@ΦkG
v pGn⌡µroSϕrº@AibΣe[W@#u (’\’ ASCII 92)C
UCdΦkAHbWñ⌡µrIG
CN=L. Eagle,O=Sue\, Grabbit and Runn,C=GB
oOzQΦkC
v hAiNn⌡µr½¿#uHΓQ*irAc¿rrXñ@
µCrrX UTF-8 rXC
CN=L. Eagle,O=Sue\2C Grabbit and Runn,C=GB
v H “”](ASCII 34) AϕπA D@í≈CúF \]#uºA¿∩ñírúaC \]#ui⌡µ#u (ASCII 92) (ASCII 34)BWz⌠≤SϕrBΦk
2 ñúQ*it∩CpAF⌡µ cn=xyz"qrs"abc ñAª¿
cn=xyz\"qrs\"abcAYn⌡µ \ hpUG
"you need to escape a single backslash this way \\"
A@A"\Zoo" úXWwA] ’Z’ bWUσñLk⌡µC
8 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
b°AWAϕ¼µí DN A°A⌡µ≈ε 1 P 2
½sµí DNAHK≤íBzC
wj DN Bz
DN ñX¿ RDN i%h≤¿A o≤íH ‘+’ BΓlC°Aj
Fπ DN ºjMΣCX¿ RDN iH⌠≤ⁿwAjM@
≥ªC
ldapsearch cn=mike+ou=austin,o=ibm,c=us
°Aⁿ DN WXR@CDN WXR@Oⁿ°A⌡² DN
WCXR@∩≤ DN í ÑßUCΩT\ IBM
Tivoli Directory Server 5.2 C-client Programming ReferenceC
3 OW (DN) 9
10 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
2 g °Az
© Copyright IBM Corp. 2003 11
12 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
4 ²zní
²zní (ibmdiradm) i∩ IBM Tivoli Directory Server iµzCz"
NªwbwwB"≥⌡µ IBM Tivoli Directory Server ≈WC²z
níi% LDAP @ⁿnDABiH∩ IBM Tivoli Directory Server
iµBεB½sM¼AC w]AIBM Directory zníi
ÑΓ≡A≡ 3538 O≤D SSL suA ≡ 3539 h≤ SSL su]Y SSL
qTC
pGn²zníAb⌠≤ⁿOúU⌡µ ibmdiradm íC\y
²znízC
: pGz SSL qTAN"εMß½s²zníA+α SSL
C\ 67y Web zGzC
²zní
: w]Aϕzw IBM Tivoli Directory Server AzníN⌡µC
pGnzníA⌡µUC⌠≤@BJG
v b UNIX ¼M Windows ¼tñAoXUCⁿOG
ibmdiradm
v b Windows ¼tñAεx -> AA∩ IBMDirectory zníA
Mß÷@UC
ε²zní
pGnεzníAUCΣñ@ΦkG
v pGzwgtmF²z DN MKXAKi ibmdirctl ⁿOεzníCoⁿODSw¡xMCΣlΩTA\ 289yibmdirctlzC
oXUCⁿOG
ibmdirictl -D <adminDN> -w <adminPW> admstop
v b UNIX ¼tñAoXUCⁿOG
ps -ef | grep ibmdiradmkill -p <pid]e@ⁿOo>
v b Windows ¼tñAεx -> AA∩ IBMDirectory zníA
Mß÷@UεC
© Copyright IBM Corp. 2003 13
14 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
5 utmví
IBM Tivoli Directory Server iΣ∩°Atm]wiµ LDAP sCzi
LDAP qT≤wdP≤s°AtmC%\αAα≈iµzCF²
sΦí≤[PiaA°Aú αΩwßíl]wO¿
\CYu cn=configuration rB≤@ñA]ibutmvíU°AC
½yíAuntmßí,MiA°AKiⁿ LDAP nDCu
tmvíi²zs°AAYbíJC
butmvíUΣ\αpUG
v stmPΘx
v f
v ≤q
v Kerberos
v SASL
v SSL
butmvíUúΣ\αpUG
v sΩw
v ≤Θx
v KXh
v g
v ⌡≤
v µ÷
utmvíCD
v tm"T LDIF µíAB°A"α≈ΣP¬C
v °A"α≈ tmA¬PⁿJ⌡C
v °A"α≈ⁿJtmíC
p≤butmvíU
°A≈í⌠≤óúy¿°AbutmvíUC
Web zG
ϕzzLuWeb zuπv°AA∩utmvíC
ⁿOµG
b°A≈íⁿw -a -AC
ibmslapd -a
© Copyright IBM Corp. 2003 15
ibmdirctl -h <hostname> -D <adminDN> -w <adminpw>-p <portnumber>start -- -a
: pG°ALkMΩwßí@]DutmvíA-n M -N∩h²ε°ACpo ibmslapd ∩÷ΩTA\ 289
yibmdirctlzC
p≤butmvíUτ°Ab⌡µ
pGnP°AObutmvíU⌡µAUCΣñ@ΦkC
Web zG
pG°AwbutmvíUAhεPí || e¬Gπ
C
ⁿOµG
∩ ibm-slapdisconfigurationmode oX root DSE jMCpG] TrueAϕ
°AbutmvíUB≤⌡µñC
ldapsearch -s base -b " " objectclass=* ibm-slapdisconfigurationmode
16 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
6 Web zuπí (GUI)
IBM Tivoli Directory Server 5.2 Web zuπOw≤í°AApO
IBM WebSphere®Application Server - Express (WAS)At≤ IBM Tivoli Directory
ServerAzLDxiµzCZsWDxñ°AizL Web zuπ
zA ú"tbC@í°AWwuπC
z°AnΦkO Web zuπC
l Web zuπz°AºeATwzbtm°Aíwg¿U
C@G
v z"N adminDN MKX]w¿α≈w°AC
v z"NΩwtm¿α≈Nw°AbutmvíH¼AUC
v z"²zní⌡µAHKα≈qBε½sw°A
C
÷o@ΩTA\ IBM Tivoli Directory Server 5.2 wPtmΓUM
13 4 , y²znízC
: pGzwg⌡µΣLí°AATww Web zuπí°
A⌡µ≡MΣLí°A≡úPC
Web zuπ
pGn Web zuπAz"wwuπí°AC
YO IBM WebSphere Application Server - Express OA⌡zw IBM Tivoli
Directory Server ²AMßoXUCⁿOG
UNIX ¼¡x
<IDSinstalldir>/ldap/appsrv/bin/startServer.sh server1
: b Solaris ñAhO opt/ibmldapc/appsrv/bin/startServer.sh server1
Windows ¼¡x
<IDSinstalldir>\ldap\appsrv\bin\startServer.bat server1
nJDx
@ Web s²AMßΣJUC
Ghttp://localhost:9080/IDSWebApp/IDSjsp/Login.jspCπ IBM Tivoli
Directory Server Web znJeC
: pGznJs²D≤w Web zuπP@í°AWAlocalhost K
D≈W IP C
HDxz¡≈nJDx
pGnHDxz¡≈nJG
© Copyright IBM Corp. 2003 17
1. b IBM Tivoli Directory Server Web znJñAHDxz¡≈nJA
oO LDAP D≈Wµw]∩C
2. bWµñAΣJGsuperadminC
3. bKXµñAΣJGsecretC
4. ÷@UnJC
π IBM Tivoli Directory Server Web zuπDxC
H°Az¡≈nJDx
pGnH°Az¡≈nJG
v b IBM Tivoli Directory Server Web znJñAqU\αϕñ∩z≈
LDAP D≈W IP C
v ΘJ°Az DN PKX]τYAzb°AtmBzí]wC
v ÷@UnJC
π IBMTivoli Directory Server Web zuπDxAΣñúU°A
z@Cú°Az@°°A\α ºC
: Web zuπúΣ gúnJw°AC
Hzs¿ LDAP ¡≈nJDx
pGnHzs¿]\ 38yzsz LDAP ¡≈
nJG
v b IBM Tivoli Directory Server Web znJñAqU\αϕñ∩z≈
LDAP D≈W IP C
v ΘJz≤°AW] DN µíMKXC
v ÷@UnJC
π IBMTivoli Directory Server Web zuπDxAΣñúU°A
z@Cú°Az@°zv¡M]°A\α ºC
: Web zuπúΣ gúnJw°AC
DxGm
IBM Tivoli Directory Server Web zuπDxY%¡¿G
X X≤eAΣñ]tíWBIBM Tivoli Directory
ServeruWeb zuπvM IBM xC
² ≤e¬Σ²ñπUDx°A@iXWCi
@°zv¡BznnJº°A\αAΓ ºC
u@ u@ñπzb²ñ∩@÷p@CpA]zb²ñ
∩z°AwAhu@ñπu°AwvM\h
Ao]tP]w°Aw÷@C
°A¼A
: pGzHDxz¡≈nJAoπuDxzvAú@í²sC
18 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
≤u@WΦ°A¼AAⁿXezº°A¼APWC
ΣñΓA@ⁿVu/ε/½svAt@ⁿV
@δíΩTCϕzb²∩X@@Aτπ∩@WB@
ⁿVΘxAH@ⁿV@íC
@¼A
≤u@UΦ@¼Añπµ@¼AC
nXDx
pGnnXDxAb²ñ÷@UnXC
QnXeπUCTºG
pGzúpnXAz÷@UBH½snJC
÷@UohTºñ BorAH# IBM Tivoli Directory Server Web zn
JC
6 Web zuπí (GUI) 19
20 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
7 ]wDx
í°AºßAz"]wDxAHzz²°ACq IBM Tivoli
Directory Server Web znJñAHDxz¡≈nJA⌡µUC@G
zDx
b IBM Tivoli Directory Server Web zuπDxñG
≤DxznJ
pGnN superadmin ≤úPz IDG
1. i²ñDxzC
2. ÷@U≤DxznJC
3. ΘJsz IDC
: zuα@z IDCsuperadmin ID Qzⁿws ID NC
4. ΘJµzKXCsz ID KX secretAz≤KXεC
≤DxzKX
pGnNzKX secret ≤t@KXG
1. i²ñDxzC
2. ÷@U≤DxzKXC
3. ΘJµKXC
4. ΘJsKXC
5. AΘJsKXAHTS,rC
6. ÷@UTwC
sWB∩úDxñ°A
UCsWBsΦRúDxñ°AG
sW°ADxpGnsW°ADxG
1. i²ñDxzC
2. ÷@UzDx°ACπ@≈ϕµACX°AD≈WP≡C
3. ÷@UsWC
4. ΘJ°AD≈W IP Ap servername.austin.ibm.com
5. ⁿw≡ⁿw]C
6. ⁿw°AO SSLCTw¿zDxe@U 22 5 BJC
7. pGnM≤A÷@UTwFpGn⌠e ú⌠≤≤A÷@U
°C
© Copyright IBM Corp. 2003 21
∩Dxñ°A
pGn≤°A≡ SSL \αG
1. i²ñDxzC
2. ÷@UzDx°ACCX°AD≈WP≡C
3. ∩zQ∩º°AΩsC
4. ÷@UsΦC
5. ziH≤≡C
6. ziH≤°AO SSLCpGzn SSLATw¿zDxe
@UBJ 5C
7. pGnM≤A÷@UTwFpGn⌠e ú⌠≤≤A÷@U
°C
qDxú°A
pGnqDxú°AG
1. i²ñDxzC
2. ÷@UzDx°ACCX°AD≈WP≡C
3. ∩zQúº°AΩsC
4. ÷@URúC
5. pGnRú°AA÷@UTwFpGn⌠e ú⌠≤≤A÷@U
°C
zDxe
pGn≤Dxe]wG
1. i²ñDxzC
2. ÷@UzDxeC
3. ÷@U≤z - HⁿwwDxñ°A≤C w]A
≤C
: pGzb°AWSTv¡AO°AS\αAΓúSAYwgz≤AziαOúªΣí≈@C
4. ÷@UÑq@e - H]wDxÑq@O¡εCw] 60 !C
: Ñq@íiα±]wíhXT¡!CoO]I⌡µⁿbí°Añ⌡µLAΣOHpíjΦíB@C
píj°Ñq@OíC
5. ÷@U SSL ≈Ωw - Hb"n]wDxAΣiHuw Socket
hv(SSL) PΣL LDAP °AqTCbAϕµñ]w≈Ωw⌠
MWB≈KXBiH⌠Ωw⌠MWBH⌠KXCΣ¼
jksC÷≈ΩwP SSL ΩTA\ 74y gsk7ikmzP 69
yw Socket hzC
ϕz]wnDxßA÷@UnX⌠C
22 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
8 ≥°Az@
: úDtíAh²zzs¿i⌡µ@G
v ynJ Web zuπz
v y≤zOWPKXz
v 24yPε°Az
v 25yd°A¼Az
v 34yz°Asuz
v 36yzsuez
v 38yzsz
v 42yz@z
nJ Web zuπ
pGnH²zzs¿¡≈nJG
v b IBM Tivoli Directory Server Web znJñAqU\αϕñ∩°A
LDAP D≈W IP C
v ΘJ°Az DN MKXC
v ÷@UnJC
≤zOWPKX
u²z+α⌡µo@C
zWPKXqObwPtm°ABz@í]wCúLAziH
uWeb zuπvⁿOµ≤zWPzKXC
Web zG
÷@UuWeb zuπv²ñeCXΓ∩G
≤znJ
bµñⁿw@sz DNAΘJµKXC÷@UTw÷@U°
#uw∩veA ú⌠≤≤C
: ubzOH²z¡≈nJA+α∩CpGzOHzs¿¡≈nJAhLkªC
≤KX
pGn≤enJ DN KXAbµKXµñΣJzeKXC
MßbsKXµñΣJzsKXABbTsKXµñ½sΣJ@
sKXAMß÷@UTwCpGúQiµ⌠≤≤A÷@U°A#uw
∩veC
© Copyright IBM Corp. 2003 23
ⁿOµG
ziHbⁿOµñ ldapcfg ⁿO ldapxcfg íC
ldapcfg ⁿOG
ldapcfg -u <admindn> -p <adminPW>
pGn ldapxcfg íAbⁿOµñΘJ ldapxcfgCX IBM Tivoli Directory
ServerutmuπveA∩z DN/KXϕⁿC÷ ldapxcfg
íΣLΩTA\ IBM Tivoli Directory Server 5.2 wPtmΓUC
÷OWΩTA\ 7 3 , yOW (DN)zC
Pε°A
ziHUC@ΦkAε°AC
Web zG
: zní (ibmdiradm) "b⌡µC
ziq°A¼A¬WñΘ°Ae¼A]wBwεB
utmvíCbu@@ylñ]íµ¼AAp
Directory Server eb⌡µ
1. pGzpA÷@UuWeb zv²ñ°AzAMßbi
Mµñ÷@U/ε/½s°AC
2. Tºπ°Aµ¼A]wεB⌡µñAHutmví⌡µC
t °A¼A]⌡µñwεAú@÷sz≤°A¼
AC
ϕ 1. °A¼A wi@
°A¼A i÷s
wε B÷¼
⌡µñ εB½sB÷¼
Hutmví⌡µ εB½sB÷¼
v pG°Ab⌡µAzi÷@UεAHε°AA÷@U½sAH
εA°AC
v pG°AwεAzi÷@UAH°AC
v Y÷@U÷¼Ah#u veC
3. ϕ°AQεANπTºC
pGzniµ°Atm@A∩butmvíU/½s∩
CboíUAutz+αs°ACb°A½sA DB2
ßí]°∩butmvíU/½s∩ºeAΣL
suúQCΣlΩT\ 15 5 , yutmvízC
: b°A⌡µíA,iiµtm@C
24 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ⁿOµ Windows AG
UCⁿOAHPε°AG
: zní (ibmdiradm) "b⌡µC
ibmdirctl [-h <hostname>] [-D <adminDN>] [-w <password>] [-p <portnumber>]start|stop|restart|status -- [ibmslapd options]
ΣlΩTA\ 289yibmdirctlzC
Y Windows tAiWzⁿOA⌡µUCBJG
1. qα÷ΓUqúC
2. ÷ΓUεxC
3. ÷ΓUAC
4. pGn°AA∩ IBMTivoliDirectory V5.2AMß÷@UC
5. pGnε°AA∩ IBMTivoliDirectory V5.2AMß÷@UεC
d°A¼A
ziH%jM cn=monitor U½≤OAd°A¼ACΣkOUC
Φkº@G
Web zG
i²ñu°AvzC÷@U°°A¼ACoeπ 9
CziHboeA÷@U½sπzH≤seb°ºWπ
¼AAz]iH÷@U÷¼≡# IBM Tivoli Directory Server w∩eCpG²
°Ab⌡µAhπUCΩTG
@δ
÷@U@δAπUCΩTG
D≈W
LDAP °AD≈WC
°A¼A
°AB≤⌡µñBwεA⌡µutmví¼ACzHiq
°A¼A¬ΣñTAA°A¼AC
lí
°AíCíµípUG
year-month-day hour:minutes:seconds GMT
eí
°AWeíCeíµípUG
year-month-day hour:minutes:seconds GMT
⌡µⁿ
°Au@⌡µⁿC
gJⁿΩ⌡µⁿp
#ß⌡µⁿC
8 ≥°Az@ 25
¬ⁿΩ⌡µⁿp
¬ßΩ⌡µⁿ
su
e@ñsuC
su
)°AHwsupC
SSL sup
)°AH SSL supC
TLS sup
)°AH TLS supC
we
)°AHA°AweC
w±
ewFh.*!±CutmvíñúπoC
wjMLo°≤±
jMLo°≤ewFh.*!±Cutmvíñúπo
C
ACL
Boolean Fⁿw ACL B≤@ñ (TRUE) D@ñ (FALSE)Cu
tmvíñúπoC
ACL jpW¡
ACL ñe\W¡CutmvíñúπoC
ñLOW
ⁿXOiHñLOWBz°A⌡µCpG²ñúsb⌠≤
OW½≤π TrueAY²ñ.sb@OW½≤hπ FalseC
@p÷@U@pAπUCΩTG
wnD@
)°AHwlnDC
w¿@
)°AHw¿nDC
wnDjM@
)°AHwljMC
w¿jM@
)°AHw¿jMC
wnDs@
)°AHsnDC
w¿s@
)°AHw¿snDC
wnDs@
)°AH/snDC
26 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
w¿s@
)°AHw¿/snDC
wnDsW@
)°AHsWnDC
w¿sW@
)°AHw¿sWnDC
wnDRú@
)°AH/snDC
w¿Rú@
)°AHw¿/snDC
wnD∩ RDN @
)°AH∩ RDN nDC
w¿∩ RDN @
)°AHw¿∩ RDN nDC
wnD∩@
)°AH∩nDC
w¿∩@
)°AHw¿∩nDC
wnD±@
)°AH±nDC
w¿±@
)°AHw¿±nDC
wnD±≤@
)°AH±≤nDC
w¿±≤@
)°AHw¿±≤nDC
wnD@
)°AHnDC
w¿@
)°AHw¿nDC
wnDú@
)°AHúnDC
w¿ú@
)°AHw¿únDC
u@εC÷@Uu@εCAπUCG
iu@í⌡µⁿ
iu@u@í⌡µⁿC
u@εC
eu@εCjpC
8 ≥°Az@ 27
u@εCjjp
u@εC FjjpC
suMúí÷¼su
)suMúí÷¼ómsuC
w⌡µsuMúí
w⌡µ)suMúíC
e@ñ≥µ⌡µⁿ
≥µ⌡µⁿO⌡µñⁿC
≥µ⌡µⁿ
≥µ⌡µⁿC
W≥µ⌡µⁿ
W≥µ⌡µⁿC
°u@í¼A÷@U°u@í¼Aiπe@ñu@í⌡µⁿ÷ΩTCϕ°A
pwa⌡µ⌡µ¼púAoΩTUC⌡µjM°
AíA@¿εCtπovTiAí¿@
íO suM@ñu@í⌡µⁿ wC÷@UOiπΩTC
²÷@U²AπUCΩTCeT¼AHϕµµíπC
ϕ 2. ²ϕ
Rñ jp
WC
Rñ
bLo°≤ºßALo°≤QC
jp
OΘqC
pjp]Hdµ
OΘqC
: ]AzBOΘAoúOw∩OpΓC]Aj≤OOΘqC
tmjp
ⁿwOΘqC÷ⁿA\ 63yb
ñsWúzC
²∩
oOHϕµµíπ 10 MµCpGoWvL¬A
ziαnNªsWñC
28 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ϕ 3. ²∩ϕ
Rñ
WC
Rñ
Lo°≤C
≤Θx÷@U≤ΘxAπUCΩTCeT¼AHϕµµíπC
ϕ 4. ≤Θxϕ
Rñ jp
WC
Rñ
bLo°≤ºßALo°≤QC
jp
OΘqC
pjp]Hdµ
OΘqC
: ]AzBOΘAoúOw∩OpΓC]Aj≤OOΘqC
tmjp
ⁿwOΘqC÷ⁿ\ 63ybñsW
úzC
≤Θx∩
oOHϕµµíπ 10 MµCpGoWvL¬A
ziαnNªsWñC
ϕ 5. ≤Θx∩ϕ
Rñ
WC
Rñ
Lo°≤C
lPΘx÷@UulPΘxvi°UCΩTG
8 ≥°Az@ 29
wl
°Ae trace CpGb¼lΩAK TRUEFpGS¼
lΩAh FALSECp÷l\αΩTA\ 297
yldaptracezC
lTºh
°Ae ldap_debug CoQ*iµíApG
0x0=00xffff=65535
lTºΘx
tlΘXWC
: pG stderrAΘXNπb LDAP °AⁿO°íCpG°
AúOqⁿOµAhúπ⌠≤ΩC
sW°AΘxTº
)°AHwO²TºC
sW CLI ΘxTº
)°AHwO² DB2 TºC
sWfΘxTº
)°AH%fΘxO²TºC
sWfΘxTº
%fΘxO²ó@TºC
ⁿOµG
pGnⁿOµP°A¼AA bases cn=monitor M cn=worker,cn=monitor
ldapsearch ⁿOC
cn=monitorldapsearch -h <servername> -p <portnumber> -b cn=monitor -s base objectclass=*
ⁿO#UCΩTG
cn=monitor
version=IBM Tivoli Directory (SSL), Version 5.2
totalconnections)°AHwsupC
total_ssl_connections)°AH SSL supC
total_tls_connections)°AH TLS supC
currentconnections@ñsuC
maxconnectionse\@ñsuW¡C
writewaiters#ß⌡µⁿC
30 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
readwaiters¬ßΩ⌡µⁿ
opsinitiated)°AHnDC
livethreads°Au@⌡µⁿC
opscompleted)°AHw¿nDC
entriessent)°AHA°AweC
searchesrequested)°AHnDjMC
searchescompleted)°AHw¿jMC
bindsrequested)°AHnDs@C
bindscompleted)°AHw¿s@C
unbindsrequested)°AHnD/s@C
unbindscompleted)°AHw¿/s@C
addsrequested)°AHnDsW@C
addscompleted)°AHw¿sW@C
deletesrequested)°AHnDRú@C
deletescompleted)°AHw¿Rú@C
modrdnsrequested)°AHnD∩ RDN @C
modrdnscompleted)°AHw¿∩ RDN @C
modifiesrequested)°AHnD∩@C
modifiescompleted)°AHw¿∩@C
comparesrequested)°AHnD±@C
8 ≥°Az@ 31
comparescompleted)°AHw¿±@C
abandonsrequested)°AHnD±≤@C
abandonscompleted)°AHw¿±≤@C
extopsrequested)°AHnD@C
extopscompleted)°AHw¿@C
unknownopsrequested)°AHnDú@C
unknownopscompleted)°AHw¿ú@C
slapderrorlog_messages)°A⌡µ½]HwO²°ATºC
slapdclierrors_messages)°A⌡µ½]HwO² DB2 TºC
auditlog_messages)°A⌡µ½]HwO²fTºC
auditlog_failedop_messages)°A⌡µ½]HwO²ó@TºC
filter_cache_sizeñe\Lo°≤W¡C
filter_cache_currentñeLo°≤C
filter_cache_hitbñΣLo°≤C
filter_cache_missbñΣLo°≤C
filter_cache_bypass_limitϕjMLo°≤#WL¡εAhúC
entry_cache_sizeñe\W¡C
entry_cache_currentñeC
entry_cache_hitbñΣC
entry_cache_missbñΣC
32 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
acl_cache Boolean Fⁿw ACL B≤@ñ (TRUE) D@ñ (FALSE)C
acl_cache_sizeACL ñW¡C
cached_attribute_total_size²OΘqC
cached_attribute_configured_sizeⁿw²OΘqC
currenttime°AWeíCeíµípUG
year-month-day hour:minutes:seconds GMT
starttime°AíCíµípUG
year-month-day hour:minutes:seconds GMT
trace_enabled°Ae trace CpGb¼lΩAK TRUEFpGS¼
lΩAh FALSECp÷l\αΩTA\ 297
yldaptracezC
trace_message_level°Ae ldap_debug CoQ*iµíApG
0x0=00xffff=65535
trace_message_log°Ae LDAP_DEBUG_FILE ⌠]wC
en_currentregsniµ≤qºeßn²C
en_notificationssent)°AHwß≤qC
bypass_deref_aliasesⁿXOiHñLOWBz°A⌡µCpG²ñúsb⌠≤
OW½≤π TrueAY²ñ.sb@OW½≤hπ FalseC
available_workersiu@u@í⌡µⁿC
current_workqueue_sizeeu@εCC
largest_workqueue_sizeu@εC FjjpC
idle_connections_closedu)suMúív÷¼ómsuC
auto_connection_cleaner_runw⌡µu)suMúívC
8 ≥°Az@ 33
emergency_thread_running≥µ⌡µⁿO⌡µñⁿC
totaltimes_emergency_thread_run≥µ⌡µⁿC
lasttime_emergency_thread_runW≥µ⌡µⁿC
cn=workers,cn=monitorw∩u@í⌡µⁿΩTATwwfAoXUCⁿOG
ldapsearch -D <adminDN> -w <adminpw> -b cn=workers,cn=monitor -s base objectclass=*
oⁿOw∩C@@ñu@íúUC¼ΩTG
cn=workers,cn=monitor
cn=workers
objectclass=container
cn=thread2640,cn=workers,cn=monitor
threadu@í⌡µⁿAp 2640C
ldapversionLDAP hAV1 V2C
binddns°A DNC
clientipß IP C
clientportß≡C
connectionidOsuXC
received¼u@nDΘMíC
workrequest¼u@nD¼H÷≤nDΣLΩTCpApGnDOjMA]
úUCΩTG
base=cn=workers,cn=monitorscope=baseObjectderefaliases=neverDerefAliasestypesonly=falsefilter=(objectclass=*)attributes=all
z°Asu
ziHUCΣñ@Φkd°Asu¼AC
34 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
Web zG
i²ñu°AvzC÷@Uz°AsuCπ@ϕ
µAtC@suUCΩTG
DN ⁿw°Aºßsu DNC
IP
ⁿw°Asuß IP C
lí
ⁿwsuΘMíC
¼A ⁿwsub@ómñCpGsu⌠≤@biµANQ°@
ñC
Ops initiatedⁿw)sußwnD@C
Ops completedⁿwbCsuΦAw¿@C
Type ⁿwsuO% SSL TLS O@ChµKC
:
1. ϕµ@hiπ 20 suC
ziHⁿw DN IP πϕµAieU\αϕ∩π
ΦíCw]∩O DNCPaAz]iHⁿwOnH&¡¡π
ϕµC
÷@U½sπz≤sesuΩTC
pGzOHzzs¿¡≈nJAziHbeW∩/°As
uCo/°Asu\αi²zε²A≡Hε°AsCzi
HiU\αϕ∩ DNBIP ΓAMß÷@Usu/YsuC
z∩AoUC@G
ϕ 6. /suWh
∩ DN ∩ IP @
<DNvalue> L /ⁿw DN s
suC
L <IPvalue> /zLⁿw IP s
uC
<DNvalue> <IPvalue> /ⁿw DN HzLⁿ
w IP suC
L L oOL°≤Cz"ⁿw
DN IP AΓC
UU\αϕw]íLC
Yn/úFúXnDº°AsuA÷@UsuCπT
iC÷@UTw≥/su@÷@U°⌠@≡#z°Asu
eC
8 ≥°Az@ 35
ⁿOµG
pGn°°AsuAoXUCⁿOG
ldapsearch -D<adminDN> -w <adminPW> -h <servername> -p <portnumber>-b cn=connections,cn=monitor -s base objectclass=*
oⁿOHUCµí#ΩTG
cn=connections,cn=monitorconnection=1632 : 9.41.21.31 : 2002-10-05 19:18:21 GMT : 1 : 1 : CN=ADMIN : :connection=1487 : 127.0.0.1 : 2002-10-05 19:17:01 GMT : 1 : 1 : CN=ADMIN : :
: pGAϕAbC@suWsW@ SSL TLS ⁿC
pGn⌠°AsuAoXUCΣñ@ⁿOG
# pGnSw DN suGldapexop -D<adminDN> -w <adminPW> -op unbind -dn cn=john
# pGnSw IP suGldapexop -op unbind -ip 9.182.173.43
#pGnzLSw IP Sw DN suGldapexop -op unbind -D cn=john -ip 9.182.173.43
#pGnsuGldapexop -D<adminDN> -w <adminPW> -op unbind -all
p⌠suΩTA\ 257yldapexopzC
zsu e
zsue\αi²z÷¼UCíßsuAHεßΩϕ°A
G
v eΩwCBeí≈ΩeΩC
v ¬ΩG¬GwCC
v /sC
v WΦísC
P]iHTOϕßtú≤⌡µ°í@Az@α≈s°AC
Web zG
: ubzOHzzs¿¡≈bΣ\α°AWnJA+πo∩C
i²ñu°AvzC÷@UzDxeC
1. ∩u@δvC
2. wgz∩F\Wsu∩AHⁿWsCoOw]]wCzi
H÷@U∩A°∩\Wsu\αC@°A/W
suC
: ú0\WsiαPí≈íóC
3. ]wlMúWsuCziHbWsuMúµñⁿw 0
65535 ºíC
36 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
: Ωjⁿ¡≤Ce\Cb UNIX tWAziH
ulimit -a ⁿOPo¡εCb Windows tWAoOTwC
w] 0AϕWLWsuAY ómOµñ]wómO
¡εMúsuC
4. ]wlMúwOsuCziHbwOsuMúµñⁿ
w 0 65535 ºíC
: Ωjⁿ¡≤Ce\Cb UNIX tWAziH
ulimit -a ⁿOPo¡εCb Windows tWAoOTwC
w] 1100CϕWLwOsuAY ómOµñ]wóm
O¡εMúsuC
5. ]wlMúsuCziHbsuMúµñⁿw 0
65535 ºíC
: Ωjⁿ¡≤Ce\Cb UNIX tWAziH
ulimit -a ⁿOPo¡εCb Windows tWAoOTwC
w] 1200CϕWLsuAY ómOµñ]wómO¡
εMúsuC
6. ]wYsubQMúBz÷¼ºeiHómϕCziHbómO¡
εµñⁿw 0 65535 ºíC
: Ωjⁿ¡≤Ce\Cb UNIX tWAziH
ulimit -a ⁿOPo¡εCb Windows tWAoOTwC
w] 300CϕlMúBzA÷¼WL¡ε⌠≤su]ⁿBz
zC
7. ]w0\gJíjϕCziHbGO¡εµñⁿw 0 65535 º
írCw] 120CWLo¡⌠≤suúQεC
: oA≤ Windows tCWL 30 ϕsu%@t)ñC]A
oGO¡ε]wb 30 ϕºß%@tm½C
8. ∩≥µ⌡µⁿC
9. wgz∩F≥µ⌡µⁿ∩AHi≥µ⌡µⁿCoOw]]
wCziH÷@U∩A°∩≥µ⌡µⁿ\αC@iε≥µ⌡
µⁿQC
10. ]w≥µ⌡µⁿu@nD¡εCbmnDµñⁿw 0
65535 ºíA]wb≥µ⌡µⁿºeiHdbεCñu@nD¡εC
w] 50CϕWLⁿw¡εAY≥µ⌡µⁿC
11. ]wqW@u@)εCñúHiH!CpGεCñu@
BwWLí¡εAY≥µ⌡µⁿCziHbíµñⁿ
w 0 240 ºíCw] 5C
12. qU\αϕñ∩≥µ⌡µⁿ≥CziH∩G
v jp - uϕεCWLⁿwmu@q+≥µ⌡µⁿC
v í - ubQúu@ºíí¡εWLⁿwq+≥µ⌡
µⁿC
v jpí - ϕεCjpíWLⁿwqú≥µ⌡µⁿC
8 ≥°Az@ 37
v jpMí - ϕεCjpMííWLⁿwq+≥µ⌡µ
ⁿC
ujpMívw]C
13. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
ⁿOµG
pGnⁿOµ⌡µP@AoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=Connection Management,cn=Front End, cn=Configurationcn: Connection Management
changetype: modifyreplace: ibm-slapdAllowAnonibm-slapdAllowAnon: TRUE-replace: ibm-slapdAnonReapingThresholdibm-slapdAnonReapingThreshold: 0-replace: ibm-slapdBoundReapingThresholdibm-slapdBoundReapingThreshold: 1100-replace: ibm-slapdAllReapingThresholdibm-slapdAllReapingThreshold: 1200-replace: ibm-slapdIdleTimeOutibm-slapdIdleTimeOut: 300-replace: ibm-slapdWriteTimeoutibm-slapdWriteTimeout: 120-replace: ibm-slapdEThreadEnablibm-slapdEThreadEnable: TRUE-replace: ibm-slapdESizeThresholdibm-slapdESizeThreshold: 50-replace: ibm-slapdETimeThresholdibm-slapdETimeThreshold: 5-#ibm-slapdEThreadActivate iH] S ϕjpAT ϕ#íASOT ϕjpíASAT ϕjpMíCreplace: ibm-slapdEThreadActivateibm-slapdEThreadActivate: S | T | SOT | SAT
pGnA≤s]wAoXUC ldapexop ⁿOG
ldapexop -D cn=root -w root -op readconfig -scope entire
ldapexop ⁿOu≤sACF²ΣL≤Az"ε½s°AC\ 393yA≤zAHoiAΦí≤sMµC
zs
zsú 24 pz\αA únUzí@@ ID MKXCzs
¿π)v@ ID MKXCzs¿ DN úi A B]úαP
IBM Tivoli Directory Server z DN C#aAIBM Tivoli Directory Server
z DN úαP⌠≤zs¿ DN CoWhτA≤ IBM
38 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
TivoliDirectory Server zMzs¿ Kerberos Digest-MD5 IDCo DN
úαP⌠≤ IBM Tivoli Directory Server gú DN Co]ϕ IBM
TivoliDirectory Server gú DN úαP⌠≤zs¿ DN IBM Tivoli
Directory Server z DN C
: IBM Tivoli Directory Server gú DN iH .
zs¿π²zαOA²UCαOúG
v u IBM Tivoli Directory Server ziHsWúzsñ¿CA
u IBM Tivoli Directory Server ziH∩⌠≤zs¿ DNBKXB
Kerberos ID Digest-MD5 IDCM Azs¿iH∩)vKXA²O
Lk∩)v DNBKerberos ID Digest-MD5 IDCzs¿úαd⌠≤
ΣLzs¿ IBM Tivoli Directory Server zKXC
v u IBM Tivoli Directory Server ziHsWútmßíñ
cn=Keberos,cn=Configuration M cn=Digest,cn=Configuration Czs¿iH
∩oñA²²z Keberos ID M Digest-MD5 ID úC
v u IBM Tivoli Directory Server ziH∩≤s⌠≤fΘx]wCz
s¿uα°fΘxMfΘx]wC
v u IBM Tivoli Directory Server ziHMúfΘxC
Mzs
z"O IBM Tivoli Directory Server z+α⌡µ@C
: b@PUuzzsv@ñA∩zs¿@÷sCzs¿uα°zzseñ zs¿ϕµC
Web zGi²ñu°AvzC÷@UzzsC
1. YnzsA÷@UzsΣ∩CpGΦw
∩AhwgzsC
2. ÷@UTwC
: pGzzsAwnJ⌠≤¿úiH≥iµz@AnD¿½ssεCYnεwgszs¿⌠≤ΣL@A⌡µ/
s@CΩTA\ 34yz°AsuzC
ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=Configurationcn: Configuration
changetype: modifyreplace: ibm-slapdAdminGroupEnabled#ⁿw TRUE ϕ FALSE ϕzs#ww²∩ TRUECibm-slapdAdminGroupEnabled: TRUEobjectclass: topobjectclass: ibm-slapdConfigEntryobjectclass: ibm-slapdTop
8 ≥°Az@ 39
pGnA≤s]wAoXUC ldapexop ⁿOG
ldapexop -D cn=root -w root -op readconfig -scope singlecn=Configuration ibm-slapdAdminGroupEnabled
sW¿zs
z"O IBM Tivoli Directory Server z+α⌡µ@C
Web zGpGnsW¿zsAbzzseñ÷@UsWC
bsWzs¿eñG
1. ΘJ¿z DN]"O DN ykC
2. ΘJ¿KXC
3. AΘJ¿KXiµTC
4. ziH∩aΘJ¿ Kerberos IDCKerberos ID "O ibm-kn
ibm-KerberosName µíCoú!jpgAp
[email protected] P [email protected]
PC
: µuαb AIX® M WindowsNT® M Windows2000 ¡xWCub°
AWΣ Kerberos Σ\α OID (1.3.18.0.2.32.30) Aª+πC
5. ziH∩aΘJ¿ Digest-MD5 WC
6. ÷@UTwC
: Digest-MD5 W!jpgC
∩znsWzsC@¿A½C
¿z DNBDigest-MD5 W]pGⁿwM Kerberos ID]pGⁿw
Aúπbzs¿MµñC
: Kerberos Σuαb AIX M WindowsNTBWindows2000 M Windows 2003 ¡x
ñCub°AWΣ Kerberos Σ\α OID (1.3.18.0.2.32.30) A
Kerberos ID µ+πbzs¿MµñC
ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG
ldapadd -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=AdminGroup, cn=Configurationcn: AdminGroupobjectclass: topobjectclass: container
dn: cn=admin1, cn=AdminGroup, cn=Configurationcn: admin1ibm-slapdAdminDN: <memberDN>ibm-slapdAdminPW: <password>#ibm-slapdKrbAdminDN M ibm-slapdDigestAdminUser O∩Cibm-slapdKrbAdminDN: <KerberosID>
40 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ibm-slapdDigestAdminUser: <DigestID>objectclass: topobjectclass: ibm-slapdConfigEntryobjectclass: ibm-slapdAdminGroupMember
: pGzwgbzsñF¿Añ@C
pGnA≤s]wAoXUC ldapexop ⁿOG
ldapexop -D cn=root -w root -op readconfig -scope subtreecn=AdminGroup,cn=Configuration
∩zs¿
z"O IBM Tivoli Directory Server z+α⌡µ@C
Web zGpGn∩zs¿ΩTAbuzzsveñ⌡µUC@G
1. ∩n∩ΣΩT¿C
2. ÷@UsΦC
3. ΘJ¿z DN]"O DN ykC
4. ≤¿KXC
5. AΘJ¿KXiµTC
6. ΘJ≤¿ Kerberos IDCKerberos ID "O ibm-kn
ibm-KerberosName µíCoú!jpgAp
[email protected] P [email protected]
PC
: µuαb AIX M WindowsNT M Windows2000 ¡xWCub°A
WΣ Kerberos Σ\α OID (1.3.18.0.2.32.30) Aª+πC
7. ΘJ≤¿ Digest-MD5 WCDigest-MD5 W!jp
gC
8. ÷@UTwC
: pGzOzs¿AiHe-> ≤KXe≤KXC
∩zsñn∩C@¿A½C
ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=admin1, cn=AdminGroup, cn=Configurationcn: admin1
changetype: modifyreplace: ibm-slapdAdminDNibm-slapdAdminDN: cn=<memberDN>-replace: ibm-slapdAdminPWibm-slapdAdminPW: <password>-replace: ibm-slapdKrbAdminDN
8 ≥°Az@ 41
ibm-slapdKrbAdminDN: <KerberosID>-replace: ibm-slapdDigestAdminUseribm-slapdDigestAdminUser: <DigestID>
pGnA≤s]wAoXUC ldapexop ⁿOG
ldapexop -D cn=root -w root -op readconfig -scope subtreecn=AdminGroup,cn=Configuration
qzsú¿
z"O IBM Tivoli Directory Server z+α⌡µ@C
°AzGpGnúzs¿Abuzzsveñ⌡µUC@G
1. ∩nú¿C
2. ÷@URúC
3. úzTú@C
4. ÷@UTwHRú¿F÷°≡#uzzsve ú⌠≤≤C
∩≤znqzsñúC@¿A½C
ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG
ldapdelete -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
#bBCXΣL DNACµ@dn: cn=admin1, cn=AdminGroup, cn=Configuration
Ynúh¿ACX DNCC@ DN "bO@µC
pGnA≤s]wAoXUC ldapexop ⁿOG
ldapexop -D cn=root -w root -op readconfig -scope subtreecn=AdminGroup,cn=Configuration
z@
u@v\αiTOⁿwb²@wπ@Couαb
cn=uniqueattribute,cn=localhost M cn=uniqueattribute,cn=IBMpolicies ΓñⁿwC
@xsbNⁿw@°AWC@jMGu∩°
AΩw+O@CtαñºGjMGiαúO@C
: GiB@BtmM½≤Oúúαⁿw@C
@s
: YHOAyÑP@¼-CpGzⁿwSw@AªNúαPª÷yÑC
Web zGi²ñu°AvzC÷@Uz@C
42 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
1. qi\αϕñ∩znsW@CCXiiHⁿw
@Ap snC
: bQP±J cn=localhost M cn=IBMpolicies xsºeA@d
biMµñC
2. ÷@UsW cn=localhost sW cn=IBMpoliciesCoΓxstºOcn=IBMpolicies O gA cn=localhost húOCπbAϕM
µñCziHNPCboΓxsC
: pGb cn=localhost M cn=IBMpolicies ΓUYAoΓ
GpYΣ@MµXCpApG cn M employeeNumber b
cn=localhost ñⁿw@A B cn M telephoneNumber b cn=IBMploicies
Wⁿw@A°AKN cnBemployeeNumber M telephoneNumber ϕ
@C
3. ∩≤znsW@C@A½BzC
4. ÷@UTwHxsz≤AO÷@U°H⌠oe ú⌠≤≤C
ⁿOµGpGnⁿwY"@AoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=uniqueattributes,cn=localhostchangetype: addcn: uniqueattributesibm-UniqueAttributeTypes: snobjectclass: topobjectclass: ibm-UniqueAttributeTypes
pGnsWΣLAoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=uniqueattributes,cn=localhostcn: uniqueattributes
changetype: modifyadd: ibm-UniqueAttributeTypesibm-UniqueAttributeTypes: AIXAdminUserId
-add: ibm-UniqueAttributeTypesibm-UniqueAttributeTypes: adminGroupNamessW∩@ApG⌠≤CX@@¡εúA
Núb²ñsWCz"²MoDA]"½soXsW
∩ⁿOCpAbsW@²ñApGbΣñ@¼ϕ
µW@¡εó]τYA%≤bΩwñ½AhúN@
sW²ñCoX DSA ú@⌡µC
: pGb cn=localhost M cn=IBMpolicies ΓUYAoΓGp
YΣ@MµXCpApG cn M employeeNumber b
cn=localhost ñⁿw@A B cn M telephoneNumber b cn=IBMploicies
Wⁿw@A°AKN cnBemployeeNumber M telephoneNumber ϕ
@C
8 ≥°Az@ 43
ϕísWπ²A P²½A
LDAP °ANoX#GX 20]LDAPG X 20 - sbC
ϕ°AAªd@MµAPC@@Oú DB2 ¡ε
sbCpGY¡ε]wQ bulkload íA]wΓNªú úsbAªNq@MµñúA Θx ibmslapd.log ñ]O²@
hTºCpApGb cn=uniqueattributes,cn=localhost ñN cn ⁿw¿@
A Bª]S⌠≤ DB2 ¡εAtKO²UCTºG
CN úO@C CN wqUC@úGCN=UNIQUEATTRIBUTES,CN=LOCALHOST
q@M椣
Ynq@MµñúAUCΣñ@ΦkC
: pG@sb cn=uniqueattribute,cn=localhost M cn=uniqueattribute,cn=IBMpolicies
ΓA Buq@NªúA°A≥N°@CqΓ
ñNúßAªN¿D@C
Web zGi²ñu°AvzC÷@Uz@C
1. ÷@UAϕMµñA∩znq@MµñúCpe@
ñ AIXAdminUserIdC
2. ÷@UúC
3. ∩≤znqMµñúC@A½BzC
4. ÷@UTwHxsz≤AO÷@U°H⌠oe ú⌠≤≤C
: pGzq cn=localhost cn=IBMpolicies Mµñúß@@AK)
RúMµ cn=uniqueattribute,cn=localhost cn=uniqueattribute,cn=IBMpolicies
xsC
ⁿOµGpGnⁿOµú@MµñAoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> tG
dn: cn=uniqueattributes,cn=localhostcn: uniqueattributes
changetype: modifycn: uniqueattributesibm-UniqueAttributeTypes: AIXAdminUserIdpGnúxsb cn=localhost ñ@AoXUCⁿOG
ldapdelete -D <adminDN> -w <Adminpw> "cn=uniqueattributes,cn=localhost"
q²ñRú ″cn=uniqueattributes″ AYúhIµ≤@W@¡εA SiH0\D@C
44 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
9 ]w°A e
ziH]w°AUCeG
v y≤°A≡PyÑz
v 48y]wjMz
v 53yµ÷Σz
v 55y≤qz
v 57ysWúrz
v 58yúαz
v 63ybñsWúz
÷M Web zuπOzQΦkAúLz]iHQ LDAP í≤s°A
tmCioX LDAP ∩nDG
v IBM Tivoli Directory Server úº C-client C-íC
v JNDI Java í
v ΣL⌠≤ú V3 LDAP C
UCd ldapmodify ⁿOµíC
ldapmodify ⁿOiHb¼íU⌡µAOñⁿwΘJ⌡µCNΓUjí!d ÑAúúiHM ldapmodify ⁿO@eCqoⁿOµíG
ldapmodify -D <adminDN> —w <password> —i <filename>
pGnHAΦí≤s°Atm]wAz"oXUC ldapexop ⁿOCⁿO≤sAtm]wG
ldapexop -D cn=root -w root -op readconfig -scope entire
ⁿO≤sµ@]wC
ldapexop -D cn=root -w root -op readconfig -scope single <entry DN><attribute>
ldapexop ⁿOu≤sACF²ΣL≤Az"ε½s°AC\ 393yA≤zAHoiAΦí≤sMµC
÷ ldapmodify P ldapexop ⁿOΩTA\ 249 20 , yⁿ
OµízC
: uzMzs¿+α≤s°Atm]wC
≤°A≡PyÑ
: OoApGz≤°A≡]wAN"P≤Dxñ°A≡]wC\ 21yzDxzC
© Copyright IBM Corp. 2003 45
Web zG
b Web z²ñ÷@Uz°AeAπuz°AeveC
eñw²∩@δCu@δveΓ¬ΩTµAΣñπ°A
D≈WAHwb≈W IBM Tivoli Directory Server hC
oe]]tTi∩"nµA]ADwqT≡]w] 389Bw
qT≡]w] 636)]eG!Oπe≡AHiyÑΣ
∩CpGzQ≤≡]wyÑAΓC
: ≡ 0 1023Fn²≡ 1024 49151FApK≡h 49152
65535C
1. ÷@UDwqT≡AMßΘJ 49152 65535 d≥Cp 399C
2. ÷@UwqT≡AMßΘJ 49152 65535 d≥Cp 699C
3. ÷@UyÑΣ∩AyÑΣCw]]wC
ΩTA\ 190yyÑzC
4. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
pGz≤F≡Ah"ε°AA≤+C\ 24yP
ε°AzCε°AºßAz"bεAMßAzníA+
α½s∩≡iµPBC\ 13 4 , y²znízC½s
°AC
ⁿOµG
pGnPOwyÑ\αAoX r o o t D S E jMAⁿw
″ibm-enabledCapabilities″C
ldapsearch -b "" -s base objectclass=* ibm-enabledCapabilities
pG# OID ″1.3.6.1.4.1.4203.1.5.4″Aϕw\αC
pGSyÑΣA⌠≤NyÑ÷p LDAP @úQA
#UCTºG
unrecognized attribute
pGnⁿOµⁿwúOw]≡AyÑAoXUCⁿOG
ldapmodify -D <adminDN> —w <password> —i <filename>
Σñ <filename> ]tG
dn: cn=configurationchangetype: modify
replace: ibm-slapdPortibm-slapdPort: 399-replace: ibm-slapdSecurePortibm-slapdSecurePort: 699-dn: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationreplace: ibm-slapdLanguageTagsEnabledibm-slapdLanguageTagsEnabled: TRUE
46 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
z"ε°AA≤+C\ 24yPε°AzCε°
AºßAz"bεAMßAzníA+α½s∩≡iµPB
C\ 13 4 , y²znízC
ibmdirctl -D <AdminDN> -w <Adminpw> -p 389 stop
ibmdirctl -D<AdminDN> -w <Adminpw> admstop
ibmdiradm
ibmdirctl -D<AdminDN> -w <Adminpw> start
]wα
: ÷sπΩTA\ IBMTivoli Directory Server Version 5.2 Tuning GuideA
ΓUib TivoliSoftware Library ⌠WΣCpsuWX÷ΩTA
\ viiiyuWsXzC
ziH≤jM¡εPsu]wAHjαC
Web zG
iuWeb zuπv²ñz°AeAMß∩ αC
1. ⁿwΩwsuCoO]w°A DB2 suCz"ⁿwp
5Cw] 15CpGz LDAP °A¼jqßnDA
ß¼usuDvAziHW[°Aα DB2 su]
wA\iHozQGCjsuO%z DB2 Ωwñ]wM
wCúLA÷MbⁿwsuΦúA°A]¡AΩWACsuú
ΩCd\ IBM Tivoli Directory Server Version 5.2 Tuning GuideAHoz
tAsπC
2. ⁿwg@ΩwsuCo]w°Aiµ g@ DB2 su
Cz"ⁿwp 1Cw]]wO 4Cd\ IBMTivoli Directory
Server Version 5.2 Tuning GuideAHoztAsπC
: ⁿwΩwsuM g@ΩwsusuúiWL DB2ΩwC
3. ∩ ACL ΩTAHUC ACL ]wCz"∩o∩Ae
ñΣL]w∩+αC
4. ⁿw ACL ñW¡Cw] 25,000C
5. ⁿwñW¡Cw] 25,000C
6. ⁿwjMLo°≤ñW¡Cw] 25,000CjMLo°≤]
tnDLo°≤WΩdAHúOXCb≤s@
ñALo°≤ú¿LC
7. ⁿwqµ@jMñisWjMLo°≤ñW¡CpGz∩
Ah"ΘJ@Cw] 100Ch∩ú]¡CjM
pGWXBⁿwAhúNªsWjMLo°≤ñC
8. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
9. pGzn]wΩwsuAz"½s°AA≤+CpGz
uO∩]wAhú"½s°AC
9 ]w°Ae 47
ⁿOµG
pGnⁿOµ⌡µP@AoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=Directory,cn=RDBM Backends,cn=IBM Directory,cn=Schemas,cn=Configurationchangetype: modify
replace: ibm-slapdDbConnectionsibm-slapdDbConnections: 15-replace: ibm-slapdReplDbConnsibm-slapdReplDbConns: 4
dn: cn=Front End, cn=Configurationchangetype: modify
replace: ibm-slapdACLCacheibm-slapdACLCache: TRUE-replace: ibm-slapdACLCacheSizeibm-slapdACLCacheSize: 25000-replace: ibm-slapdEntryCacheSizeibm-slapdEntryCacheSize: 25000-replace: ibm-slapdFilterCacheSizeibm-slapdFilterCacheSize: 25000-replace: ibm-slapdFilterCacheBypassLimitibm-slapdFilterCacheBypassLimit: 100
pGnA≤s]wAoXUC ldapexop ⁿOG
ldapexop -D cn=root -w root -op readconfig -scope entire
ldapexop ⁿOu≤sACF²ΣL≤Az"ε½s°AC\ 393yA≤zAHoiAΦí≤sMµC
]wjM
ziH]wjMεjMαOAp!MjMC
!Gi²zzqjMnD#ΩqCziHnDl]
A únP¼GCß≥jMnDπU@GA@
°#ßGεCjMi²ß ≥Mµ¼jMGA
ΣñC≥úNϕ@jMΣCo∩iNd⌠Aqßí
°AA]b°A⌡µ±vC
t ’alias’ ’aliasObject’ ½≤O²]t ’aliasedObjectName’ AoO
²ñΣLCujMnDiHⁿwOnOWCϕn
lOW#lCpGOWsb≤²ñAϕOW∩]w@w
jMAIBM Tivoli Directory Server jM#íAPOW∩]ú
jM#í±πoϕ°C
°A∩iH]wúBMΣBjM@wCo∩PΦ AND
@ºjMnDñⁿw∩XCúhϕjM@ñ
∩C
48 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
Web zG
iuWeb zuπv²ñz°AeAMß∩jM]wC
1. ]wjMjp¡εCzi÷@Uú]¡ΩsCpGz∩Ah"
bµñⁿwjM#W¡Cw] 500CpGXjM≥
WL¡AhXhú#Co¡εúA≤zC
2. ]wjMí¡εCzi÷@Uϕú]¡ΩsCpGz∩ϕAh"bµ
ñⁿw°AhiHßh.íBznDCw] 900Co¡εúA≤
zC
3. pGnNjM\α¡εzA∩e\zNjM ∩
C
4. pGnNjM!\α¡εzA∩e\zNjM∩
C
5. pGn]wOWhAiOWU\αϕAMß∩UC@
Cw]@wC
ú /úOW
MΣ ϕMΣjMIOWA²OblºUjMhú
C
jM ϕMΣjMIºUOWA²ObMΣlhú
C
@w ϕMΣjMIHjMlºUú@wOWC
u@wvOw]C
: uϕz°AΣOW+αo∩C
6. ⁿwb!jMñnÑϕ]ómOC!jMnb LDAP °AM
xs LDAP Ω DB2 Ωwºí@suCuómOvoz
¡εDnOn!GjMnD O DB2 ΩwsuOC
7. ⁿwb⌠≤wíA°Aie\µ!jMW¡Cw] 3C
8. ⁿwbjMñαW¡Cw] 3C
9. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
\ 50yXRjMεzAHo÷≤jMΣLΩTC
ⁿOµG
pGnⁿOµ⌡µP@AoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=Configurationchangetype: modify
replace: ibm-slapdTimeLimitibm-slapdTimeLimit: 900-replace : ibm-slapdDerefAliasesibm-slapdDerefAliases: never|find|search|always-replace: ibm-slapdSizeLimitibm-slapdSizeLimit: 500
9 ]w°Ae 49
dn: cn=Directory,cn=RDBM Backends,cn=IBM Directory,cn=Schemas,cn=Configurationchangetype: modify
replace: ibm-slapdPagedResAllowNonAdminibm-slapdPagedResAllowNonAdmin: false-replace: ibm-slapdPagedResLmtibm-slapdPagedResLmt: 3-replace: ibm-slapdSortKeyLimitibm-slapdSortKeyLimit: 3-replace:ibm-slapdSortSrchAllowNonAdmin: false
dn: cn=Front End, cn=Configurationchangetype: modify
replace: ibm-slapdIdleTimeOutibm-slapdIdleTimeOut: 300
pGnA≤s]wAoXUC ldapexop ⁿOG
ldapexop -D cn=root -w root -op readconfig -scope entire
\ 275yldapsearchzAHAp≤ⁿOµiµjMC
XRjMε
pGSAhjM\αube 240 ñAMΣLo°
≤CApGjMnDñⁿwAh°Aue 240
jM@ΣC@δßí"NG°ϕµñO
S wApGjMLo°≤Obe 240 ßY
ñAhiαúN#ßC
: ¡ε IBM Tivoli Directory Server SCΣL¡x]]A z/OS™ P
OS/400®W IBM LDAP °AAhiαúP¡εC\U¡xσ≤A
HAΣ¡εC
zib Web zuπ]⌡z -> z -> <attributename> -> sΦ ->IBMXROñdwqAd cn=schema jM@#wqAHPw
OwSCb Web zuπñ°wqAIBM XRO
πUCG
Wh
[] Equality[] Ordering[] Approximate[] Substring[] Reverse
t∩AWhCpG ldapsearch íAh ibmattributetypes
]tUC÷ΣrGAPPROXBEQUALITYBORDERINGBSUBSTR REVERSEC
pA’cn’ tUCwwqG
attributetypes=( 2.5.4.3 NAME ( ’cn’ ’commonName’ ) DESC ’This is the X.500commonName attribute, which contains a name of an object.If the object corresponds to a person, it is typically thepersons full name.’ SUP 2.5.4.41 EQUALITY 2.5.13.2ORDERING 2.5.13.3 SUBSTR 2.5.13.4 )
ibmattributetypes=( 2.5.4.3 DBNAME ( ’cn’ ’cn’ ) ACCESS-CLASS NORMAL LENGTH256 EQUALITY ORDERING SUBSTR APPROX )
50 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
\ 114yWhzC
jMε
jMGiπ ¡S\α LDAP ßAú\αCj
MGi² LDAP ß¼ @≥]ΣñC@≥UNϕ@Σ
jMGC≥]AG¼B±∩WhP¡C°A²
o≥jMGAMßA#CoNd⌠qßíα°A
A °Ab⌡µW≤vCpAßíQ um≤BWr
MqXAqº Grand Cayman ⌠WuMµCúnmjMMµ
ΓA+αNΣ]@b°AWAMßÑG#bßWAm@
AunmjMMµ@AMßbNG#ßíºeA[H
C
°A jMA w]AbC@jM@ñhe\T
Σ]WCpGn≤z¡εAb ibmslapd.conf ñ≤
ibm-slapdSortKeyLimit: 3 @µC\ 48y]wjMzAHop≤⌡µo
BJ÷ΩTCpGµúsbAsW]wsj]pGµúsbA
h°Aw]C
w]A°ABzDzsunDA]AHWsC%≤²jM
GA#A°AΩ±uµ#hA]ziHN°Atm¿u
Bzszv¡ºoXnDCpGnBzuzsúX
jMnDAb ibmslapd.conf ñAN ibm-slapdSortSrchAllowNonAdmin: true
@µ∩¿ ibm-slapdSortSrchAllowNonAdmin: falseC\ 48y]wjMzC
pGµúsbAsWµN]w falseAΣue\zsC\ 53
ysWjMdzC
ϕjMnD⌠ALDAP °ANNα#ßCAN%ß
AíMwOn]wjMnD≥nA íbA
ϕípUABzα°AWoεΣΦóCALDAP °AúαTO
α°AOΣjMεC#ßíMµiαh≈A
hSCßíN)µMwΩTe@δnΦíCiα
MΦíG²XαGAMßAe@δFπh≈MµP
∩α°AD≈WFútµΣLBJA NGπb@δ
eApPO%°A#δCßí"αA+αo@≈
uΩMµAhpGObⁿwjMεUlαAiαoLk
wGC
bz°AjMGA"NUCUIG
v °AOQ≥ª DB2 ΩwA⌡µjMGCoN²AjMG
iα]ΩwΩrXúP úP]SOOpGzΩwrX UTF-8
C
v °AñⁿwΣ±∩WhCe°AúΣ±∩WhC
v úΣh°A]αC°AúαOαß°AOΣj
MGC
÷°AºjMεΩTAib RFC 2891 ñΣCjMG
ε OID 1.2.840.113556.1.4.473AB Root DSE ΩTñ@ΣεC
9 ]w°Ae 51
÷G
÷!GiuQ¼@pjMG]@ D@π≈Mµ LDAP ßA
ú!\αCCϕßß≥úX@!GjMnDAY#U@
ßíA@°#ßGεCpGjpj≤Ñ≤°A
sizeLimit AFXµ@@ñnDA°ANñ ÷!GnDC
%≤jMG!Sbπ ÷!GnDLñA,°AΩA]
@sz¡εAHTOb ÷!GnDíA°AΩú
QC
ibm-slapdPagedResAllowNonAdmin w]A°ABzDzsunDA]AHWsCpGµ°
AuBzszv¡ºúX ÷!GjMnDAz"
b ibmslapd.conf ñAN ibm-slapdPagedResAllowNonAdmin: true @µ∩¿
ibm-slapdPagedResAllowNonAdmin: falseC\ 48y]wjMzCp
GµúsbAsWµN]w falseAΣue\zsC
\ 53ysWjMdzC
ibm-slapdPagedResLmt w]Ab⌠≤wí°Ahe\iT¿ ÷!G@
CFTOαHt#ß≥ ÷!GnDAbjMnD
íA°A≥@°ΩwsuA° ÷!G
nDAßGw#ßíεCz¡ε«bTO°A
bBzΣL@Aú]ΩwsuQ¿ ÷!Gj
MnD,A QACDG@PAN ibm-slapdPagedResLmt ]wp≤z°AΩwsuW¡CpGn≤z¡εAb
ibmslapd.conf ñ≤ ibm-slapdPagedResLmt: 3 @µC\ 48y]
wjMzCpGµúsbAsW]wsj]pGµúsbAh
°Aw]C\ 53ysWjMdzC
ibm-slapdPagedSizeLmt w]A°AC@h# 50 ºjMGCpGzQ]wúPjp
W¡Azib ibmslapd.conf ñ≤ ibm-slapdPagedSizeLmt: 50 @µC
: IBM Directory Server 4.1 M 5.1 Σ ibm-slapdPagedSizeLmtCIBM Tivoli
Directory Server 5.2 úΣ ibm-slpadPagedSizeLmtC
ibm-slapdIdleTimeOutuómOvoz¡εADnOw∩ ÷!GjMnDA²Σ
¼A DB2 ΩwsuOC ÷!GnDw]ómí 500
ϕCpA]ßíbΓºíyF 510 ϕA°A²Σn
DOAHKXΩwsuA²ΣL°A@CϕßíU
úX ÷!GnDA°A#AϕíA
ßí"½s ÷!GnDCbC#@ß
íßAY½sp ÷!GnDómíC°AC 5 ϕY
d@ ÷!GnDOOA]NΓz ibm-slapdIdleTimeOut C≤ 5 ϕAz,oÑ 5 ϕA ÷!GnD+ΓOCpGn≤
z¡εAb ibmslapd.conf ñ≤ ibm-slapdIdleTimeOut: 300 @µC
\ 48y]wjMzCpGµúsbAsW]wsj
]pGµúsbAh°Aw]C\ 53ysWjM
dzC
52 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
bjMnD⌠ALDAP °ANα#ßApPú⌠≤ε
iµjM@CoN²ApG°A 10 Gn#Aα±b 10
ñ#A úO±bC@#CblαíAßí"b
N Cookie ]ípUAe@l!GnDC@α°ACA
ßAíNMwb÷!GΣΦOn]w≥nA
íbAϕípUABzα°AWεΣΦóCA
LDAP °AúαTOα°AOΣ!GεC#ßíM
µiαh≈AhS!CßíN)µMwΩTe@δ
nΦíCiαMΦíG²XαGAMßAe@δ
Fπh≈MµP∩α°AD≈WFútµΣLBJA N
Gπb@δeApPO%°A#δCßí"
αA+αo@≈uΩ!MµAhpGObⁿw!GjMεUl
αAiαoLkwGC
÷°Aº ÷!GεΩTAib RFC 2686 ñΣC ÷!G
ε OID 1.2.840.113556.1.4.319AB Root DSE ΩTñ@ΣεC
sWjMd
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=Directory,cn=RDBM Backends,cn=IBM Directory,cn=Schemas,cn=Configurationchangetype: addadd: ibm-slapdSortSrchAllowNonAdminibm-slapdSortSrchAllowNonAdmin: TRUE-add: ibm-slapdSortKeyLimitibm-slapdSortKeyLimit: 3-add: ibm-slapdPagedResAllowNonAdminibm-slapdPagedResAllowNonAdmin: TRUE-add: ibm-slapdPagedResLmtibm-slapdPagedResLmt: 3-add: ibm-slapdPagedSizeLmtibm-slapdPagedSizeLmt: 50-add: ibm-slapdIdleTimeOutibm-slapdIdleTimeOut: 300
pGnA≤s]wAoXUC ldapexop ⁿOG
ldapexop -D cn=root -w root -op readconfig -scope entire
µ÷Σ
µ÷Bzi²íN@≤s±b@@ñCqC@ LDAP @
A!OQ°MΩwíOµ÷CϕY@Mt@@ AN@s
b@OUAoO]ϕΣñ@@óAπµ÷KóCµ÷]
wOMw°AWαe\µ÷í¡εC
µ÷Σ
pGnµ÷ΣAUCΣñ@C
9 ]w°Ae 53
Web zGiuWeb zuπv²ñz°AeAMß∩µ÷C
1. ∩µ÷Bz ∩Aµ÷BzCpGµ÷Bz
Ah°AñeñΣL∩ApCµ÷@W¡H
mí¡εC
2. ]wµ÷W¡Czi÷@Uµ÷ú]¡ΩsCpGz∩µ÷Ah"b
µñⁿwµ÷W¡Cµ÷W¡ 2,147,483,647Cw] 20 µ÷C
3. ]wCµ÷@W¡Czi÷@U@ú]¡ΩsCpGz∩@
Ah"bµñⁿwC@µ÷e\@W¡C@W¡
2,147,483,647CV.AαVnCw] 5 @C
4. ]wmí¡εC∩O]wmñµ÷OW¡]HϕpCzi÷
@Uϕú]¡ΩsCpGz∩ϕAh"bµñⁿwC@µ÷e\
ϕW¡CϕW¡ 2,147,483,647CpGµ÷¿¼AíWL
íAhQ°]#Cw] 300 ϕC
5. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
6. pGzwgµ÷ΣAh"½s°AA≤+CpGzuO
∩]wAhú"½s°AC
ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=Transaction,cn=Configurationchangetype: modify
replace: ibm-slapdTransactionEnableibm-slapdTransactionEnable: TRUE-replace: ibm-slapdMaxNumOfTransactionsibm-slapdMaxNumOfTransactions: 20-replace: ibm-slapdMaxOpPerTransactionibm-slapdMaxOpPerTransaction: 5-replace: ibm-slapdMaxTimeLimitOfTransactionsibm-slapdMaxTimeLimitOfTransactions: 300pGnA≤s]wAoXUC ldapexop ⁿOG
ldapexop -D cn=root -w root -op readconfig -scope entire
ldapexop ⁿOu≤sACF²ΣL≤Az"ε½s°AC\ 393yA≤zAHoiAΦí≤sMµC
µ÷Σ
pGnµ÷BzAUCΣñ@C
Web zGiuWeb zuπv²ñz°AeAMß∩µ÷C
1. °∩µ÷Bz ∩Aµ÷BzC
54 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
2. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
3. z"½s°AA≤+αC
ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=Transaction,cn=Configurationchangetype: modify
replace: ibm-slapdTransactionEnableibm-slapdTransactionEnable: Falsez"½s°AA≤+αC
pµ÷ΣΣL÷ΩTA\ IBM Tivoli Directory Server Version 5.2
C-Client SDK Programming ReferenceC
≤q
zL≤q\αA°Aiqwn²ßAw≤BsWRú²≡ñ
CqíuDDTºvC
ϕo≤A°ANTºϕ¿@huLDAP v3 DDqvßCΣ
messageID 0ABTº@@#íCresponseName µ]nO
OIDCb#µñAπ@nO ID P@ⁿX≤o≈íWOC
íµ UTC íµíC
: ϕiµµ÷Abπµ÷¿eAúeµ÷BJ÷≤qC
≤q
pGn≤qAUCΣñ@C
Web zGiuWeb zuπv²ñz°AeAMß∩≤qC
1. ∩≤q∩AH≤qCpG≤qA°A
ñeñΣL∩C
2. ]wCsun²W¡Czi÷@Un²ú]¡ΩsCpGz∩n²
Ah"bµñⁿwCsue\n²W¡Cµ÷W¡
2,147,483,647Cw] 100 n²C
3. ]wn²W¡C∩O]w°AL≤αn²Czi÷@
Un²ú]¡ΩsCpGz∩n²Ah"bµñⁿwCsue\
n²W¡Cµ÷W¡ 2,147,483,647Cw]n²Oú]¡C
4. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
5. pGz≤qAh"½s°AA≤+CpGzuO∩
]wAhú"½s°AC
9 ]w°Ae 55
ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=Event Notification,cn=Configurationchangetype: modify
replace: ibm-slapdEnableEventNotificationibm-slapdEnableEventNotification: TRUE-replace: ibm-slapdMaxEventsPerConnectionibm-slapdMaxEventsPerConnection: 100-replace: ibm-slapdMaxEventsTotalibm-slapdMaxEventsTotal: 0
pGz≤qAh"½s°AA≤+CpGzuO∩]
wAhú"½s°AC
pGnA≤s]wAoXUC ldapexop ⁿOG
ldapexop -D cn=root -w root -op readconfig -scope entire
ldapexop ⁿOu≤sACF²ΣL≤Az"ε½s°AC\ 393yA≤zAHoiAΦí≤sMµC
≤q
pGn≤qAUCΣñ@C
Web zGiuWeb zuπv²ñz°AeAMß∩≤qC
1. °∩≤q∩AHµ÷BzC
2. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
3. z"½s°AA≤+αC
ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=Event Notification,cn=Configurationchangetype: modify
replace: ibm-slapdEnableEventNotificationibm-slapdEnableEventNotification: FALSEz"½s°AA≤+αC
p≤qΣL÷ΩTA\ IBM Tivoli Directory Server Version 5.2
C-Client SDK Programming ReferenceC
56 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
sWúr
rO@ DNAOxsb²ÑhñWhC%≤ LDAP ñ
∩RW≈εAo DN ]O²ÑhñΣLCrC²°Aihr
ACrUO@Od²ÑhFpAo=ibm,c=usC
: XrSw"sW²ñC
sW²ñΣr"X DN AOG’ou=Marketing,o=ibm,c=us’CpG
dñrMtmΩw⌠≤rúAhdw]α
ⁿ LDAP °ACpGⁿw LDAP w]αAh#GⁿX½≤ús
bC
sWr
pGnsWrAUCΣñ@ΦkC
Web zG
: LksWúwwqrAp cn=localhostBcn=pwdpolicy M cn=ibmpoliciesC
]AªúπbeñC
iuWeb zuπv²ñz°AeAMß∩rC
1. ΘJr DNFp c=Italyr°W¡ 1000 rC
2. ÷@UsWC
3. w∩znsWr]ú¡A!O½BzC
4. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
ⁿOµGpGnⁿOµsWrAoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
DN: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationchangetype: modify
add: ibm-slapdSuffixibm-slapdSuffix: <suffixname>ibm-slapdSuffix: <suffix2>ibm-slapdSuffix: <suffix3>
pGnA≤s]wAoXUC ldapexop ⁿOG
ldapexop -D cn=root -w root -op readconfig -scope single "cn=Directory,cn=RDBM Backends,cn=IBM Directory,cn=Schemas,cn=Configuration" ibm-slapdSuffix
úr
pGnúrAUCΣñ@ΦkC
Web zG
: LksWúwwqrAp cn=localhostBcn=pwdpolicy M cn=ibmpoliciesC
]AªúπbeñC
9 ]w°Ae 57
iuWeb zuπv²ñz°AeAMß∩rC
1. qµr DN MµñA∩znúrC
2. ÷@UúC
3. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
ⁿOµG
: úΣútwqrAp cn=localhostBcn=pwdpolicy M cn=ibmpoliciesC
pGnⁿOµ⌡µP@AoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
DN: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationchangetype: modify
delete: ibm-slapdSuffixibm-slapdSuffix: <suffixname>ibm-slapdSuffix: <suffix2>ibm-slapdSuffix: <suffix3>
z"½s°AA≤+C
pGnA≤s]wAoXUC ldapexop ⁿOG
ldapexop -D cn=root -w root -op readconfig -scope single "cn=Directory,cn=RDBM Backends,cn=IBM Directory,cn=Schemas,cn=Configuration" ibm-slapdSuffix
: z]iHtmí ldapcfgBldapucfg M ldapxcfg sWMúrC÷oíΩTA\ IBM Tivoli Directory Server 5.2 wPtm
ΓUC
úα
αú@Φí²°ANßΣL²°ACαⁿwN LDAP °
A URLCoN°ABzbµ LDAP °A⌠≤l≡ñúΣú½
≤nDCαAziHG
v NWíΩT!bhí°AW
v iΩO≤@÷p°Añ≤B
v NßnDeAϕ°A
αuIG
v !BztßAHú≥tⁿ¡
v b¡!Ωz
v úWL¡º¡τbsj¼p⌠C
: b LinuxBSolaris HP-UX ¡xWApGßblαí\ATw
zt⌠ñ] LDAP_LOCK_REC ⌠Cú⌠≤SwC
set LDAP_LOCK_REC=anyvalue
58 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
α
pGnPúαAz Web zíC
Web zGiuWeb zuπv²ñz°AeAMß∩αC
1. ΘJ@α URLAΣY"l ldap://C° 32700 rC
2. ÷@UsWC
3. w∩C@zQsWαA!O½BzC
4. ziH∩αA÷@UWUA≤ªbαMµñmCC÷@UA
∩αNbMµñ@mCziHh÷XUA∩α
≤nmεCoOαxsbtmñC
5. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
z"½s°AA≤+αC
ⁿOµGwq@w]αAHt@°AW²Cw]αiⁿVG
v °AW@h]bÑhñ
v uΩT≤sv°AAOÑhñWh°A
v iBzWíºHí≈uΩT≤sv°A
: w]α LDAP URL út DN í≈C ut ldap:// identifier P hostname:port
í≈C
pG
ldapadd -D <adminDN> -w <adminpw> -i <filename>
Σñ <filename> ]tG
# referraldn: cn=Referral, cn=Configurationcn: Referralibm-slapdReferral: ldap://dcecds3.endicott.ibm.com:389ibm-slapdReferral: ldap://<additional hostname:port>ibm-slapdReferral: ldap://<additional hostname:port>ibm-slapdReferral: ldap://<additional hostname:port>objectclass: ibm-slapdReferralobjectclass: topobjectclass: ibm-slapdConfigEntry
úα
pGnúαAUCΣñ@ΦkC
Web zGiuWeb zuπv²ñz°AeAMß∩αC
1. qµαqñA∩znúαC
2. ÷@UúC
3. XTeC÷@UTwHúαF÷@U°#e@eA ú⌠
≤≤C
4. w∩C@zQúαA!O½BzC
9 ]w°Ae 59
5. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
z"½s°AA≤+αC
ⁿOµGpGnRú@w]αAp austin.ibm.com:389AoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -f <filename>
Σñ <filename> ]tG
dn: cn=referral, cn= configurationchangetype: modify
delete: ibm-slapdReferralibm-slapdReferral: ldap://referral.austin.ibm.com:398
pGnRúw]αG
ldapdelete -D <adminDN> -w <adminPW> "cn=referral,cn=configuration"
]wαΣL LDAP ²
íp≤ referral ½≤OP ref AbtΣL LDAP ²º
Y LDAP ²ñcC]íp≤αh°Aí÷p
Aú÷dC
referral ½≤OP ref referral ½≤OP ref U≤!íWRAU≤bh°AíjMC
ref OXboXº°AñⁿWCref hⁿVQ°Añ
@C
: UCdtmO ref kC
bñA°A A sUCΓGo=ABC, c=US P o=XYZ, c=USCb
o=ABC, c=US ΦA°A A s°A B Ab o=XYZ, c=US Φ
A°A A s°A C C
Σñ@α]wΦíOA °Azl≡AN°AcÑhñCM
ßqs¬]±Ñh íΩT°AúuαvαANw]α
]#YⁿVΣ)°AC
1. αd
60 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
Qα°Aí÷p: pGnzLαA°Aí÷pG
v α½≤ⁿVΣL°AAHiµlhC
v wqw]αHⁿVn⌠≤@B]qOⁿV)°AC
: ziqⁿOµ LDAP íA%ⁿw -M ∩Adα½≤C
ⁿVΣL°A: ziα½≤ⁿVΣL°AAHiµlhAτYA°AUAWíí≈C
NΣL½≤δAα½≤[Jßí (DB2) ñCα½≤%UC¿G
dn: ⁿwOWCQº°ABzWíí≈C
objectclass:ⁿw ″referral″ ½≤OC
ref: ⁿw°A LDAP Web C Web %UC¿G ldap: / /
identifierBhostname:port H@ DNCidentifier iHOD≈WrΩ TCP/IP
CDN ºe"@°u (/) Hj DN P hostname:portAB DN "
Mα½≤ DN Cαñⁿw DN Mα½≤ DN
C@δ ÑAoXº°AOdºRWwqñ]ΣUºY
RWwqC
dn: o=IBM,c=USobjectclass: referralref: ldap://9.130.25.51:389/o=IBM,c=US
síWíϕ⌡µjMAzsnJl°A DNAsQ°AA
úD IBM Directory íQ]p¿∩s DN PCz"P DN
]wTsvA+αsoΓ°AAHKlαCΣlΩTA\ 23
ynJ Web zuπzC
zLαWídíHUOϕα!WíAABJC
1. WzWíÑhC
Ωa - USq - IBM, Lotusµ - IBM Austin, IBM Endicott, IBM Raleigh, IBM HQ
2. ]wh°AAC@°AtWí@í≈C
2. ]w°A
9 ]w°Ae 61
°AíG
°A A°AHMΣⁿΩñΣL°ACßbSΣL⌠≤ΩTUA
i²oMΣbⁿΩº⌠≤H÷ΩTC
°A BMⁿΩ IBM ÷ºΩs±ñCΣOsΣL IBM Ωb
m÷ΩT]αC
°A COs IBM Austin ΩTC
°A DOs IBM Endicott ΩTC
°A EOs Lotus® ΩTC
3. ]wα½≤AHⁿVΣL°AñUhC
°A]iHwq@w]αAHⁿVuΩT≤sv°A]∩≤bW
íñúOb°AU⌠≤ ÑC
: w]α LDAP Web út DN í≈C
HUOPo¡°ACAΣñπΩwñα½≤AHiµWh
w]αC
3. °A A Ωw]LDIF ΘJ
62 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
bñsWú
uIOα≈bOΘñRLoA úObΩwñCt@uI
NOúLo@AbC⌡µ LDA sWBRúB∩ modrdn @ßú
nMúC
bMwnxsbOΘñAnUCG
v °AiOΘq
v ²jp
4. αdKn
9 ]w°Ae 63
v íqjMLo°≤¼
@δ ÑA]OΘ¡εAu±J¡ñCYn≤U
PnA°u²v∩MµMu≤Θxv∩MµA
ΣXzí 10 jMLo°≤CΩTA\ 25
yd°A¼AzC
]wsW
pGn]wsWAUCΣñ@Φk
Web zGiuWeb zuπv²ñz°AeAMß∩C
1. ziH≤²iOΘq]HµCw]O 16384000 d
(16 KB)C
2. ziH≤≤ΘxiOΘq]HµCw]O 16384000
d (16 KB)C
: pG≤ΘxStmAo∩K¼AC
3. qi\αϕñ∩znsW@Co\αϕuπiH
ⁿw@Cp snC
: bQP±J cn=directory M cn=changelog xsºeA@db
iMµñC
4. ÷@UsW cn=directory sW cn=changelogCπbAϕMµñCziHNPCboΓxsC
: pG≤ΘxStmAsW cn=changelog K¼AC
5. ∩≤znsWC@A½BzC
6. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
ⁿOµGYnP²M≤ΘxAoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> tG
dn: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationchangetype: modify
add: ibm-slapdCachedAttributeibm-slapdCachedAttribute: sn-add: ibm-slapdCachedAttributeibm-slapdCachedAttribute: cn-add: ibm-slapdcachedattributesizeibm-slapdcachedattributesize: 16384000
dn: CN=CHANGE LOG, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationchangetype: modify
add: ibm-slapdCachedAttributeibm-slapdCachedAttribute: sn-add: ibm-slapdCachedAttribute
64 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ibm-slapdCachedAttribute: cn-add: ibm-slapdcachedattributesizeibm-slapdcachedattributesize: 16384000
úñ
pGnqúA⌡µUCΣñ@@C
Web z
1. ÷@UAϕMµñA∩znqñúCpe@ñ
AIXAdminGroupIdC
2. ÷@UúC
3. ∩≤znqMµñúC@A½BzC
4. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
ⁿOµGpGnⁿOµ⌡µP@AoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
DN: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationchangetype: modify
delete: ibm-slapdCachedAttributeibm-slapdCachedAttribute: sn
DN: cn=Changelog, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationchangetype: modify
delete: ibm-slapdCachedAttributeibm-slapdCachedAttribute: sn
9 ]w°Ae 65
66 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
10 O@²
í@z²ΩwBJC
tmw]w
%≤ IBM Tivoli Directory Server uw Socket h (SSL)vwuµ÷hw
(TLS)vΓ[KΩA]αOO@ LDAP sCϕ SSL TLS
O@ LDAP M IBM Directory íqTwAiPΣ°AeOMß
OΦíCpGn SSL TLSAztñ"w GSKitC\ 69yw
Socket hzB 69yµ÷hwzP 74y gsk7ikmzAHo
ΩTC
Web zG
i Web zuπ²ñzweAMß∩]wC
1. wsu¼A∩UCΣñ@ΩsG
L °Auα¼)ßúwqTCw]≡ 389C
SSL °A¼)ßw]w]≡ 636úw]w]≡ 389
qTCw]≡O 636C
SSL°Auα¼)ßwqTCoOtm°AwΦ
kCw]≡O 636C
TLS °Ai¼)ßzLw]≡ 389 wMúwqTCYw
qTAß" TLS @CΩTA\ 69yµ
÷hwzC
SSL M TLS°Ai¼)ßzLw]≡ 389 wMúwqTCYw
]≡WwqTAß" TSL @C°A]¼zL
SSL ≡ 636 wqTCΩTA\ 69yµ÷hwzC
:
a. TLSBSSL M TLS ∩uϕz°AΣ TLS +αC
b. TLS M SSL ú¼@CzLw≡e TLS nDP@
C
2. ∩OΦkC
: z"N°A!eC@ßCpGniµ°APßOAz"b°A≈ΩwñsWC@ßC
∩UCΩsG
°AO
pGniµ°AOΦíAIBM Tivoli Directory Server °Abl
SSL Tºµ½íAú IBM Tivoli Directory Server X.509 CpG
© Copyright IBM Corp. 2003 67
ßτL°AAhb IBM Tivoli Directory Server Mß
íºíA@w[KqTqDC
F²°AO@AIBM Tivoli Directory Server b°A≈Ω
wñA"πpK≈H÷p°AC
°APßO
O¼iú LDAP ßP LDAP °AíVOC
ßOALDAP ß"π] X.509 Co
OV IBM Tivoli Directory Server O LDAP ßC
\ 73yßOzC
3. ⁿwnw≡Cw]≡O 636C
4. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
5. z"ε½s IBM Tivoli Directory Server MzníA+α≤
C
a. ε°AC
b. UCΣñ@ΦkεzníC
v oXUCⁿOG
ibmdirictl -D <adminDN> -w <adminPW> admstop
v b UNIX ¼tñAoXUCⁿOG
ps -ef | grep ibmdiradmkill -p <pid]e@ⁿOo>
v b Windows ¼tñAεx -> AA∩ IBMDirectory zn
íAMß÷@UεC
c. zníC
v b UNIX ¼tñAoXUCⁿOG
ibmdiradm
v b Windows ¼tñAεx -> AA∩ IBMDirectory zn
íAMß÷@UC
d. °AC
ⁿOµG
pGnⁿOµtm SSL qTAoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> ]tG
dn: cn=SSL,cn=Configurationchangetype: modify
replace: ibm-slapdSslAuthibm-slapdSslAuth: serverAuth | serverClientAuth-replace: ibm-slapdSecurityibm-slapdSecurity: none | SSL | SSlOnly | TLS | SSLTLS
z"½s°AMzníA≤+αC
68 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
µ÷hw
uΘhw (TLS)vOTOßP°AºíbiµqTpKPΩπ
@qT≤wC
TLS %Γh¿G
TLS O²qT≤w
HΩ[KΦkApuΩ[K (DES)v RC4 ú[KAúsuw
Co∩í[Kk≈bC@suñú@aúA uTLS T
ºµ½qT≤wvK≤CuO²qT≤wv]iHú[KkC
TLS Tºµ½qT≤w
°AMßA OM≤[KtΓk[K≈ºßAAiµΩ
µ½C
TLS Obßí -Y ∩IsC
: TLS M SSL úα¼@CzL SSL ≡oX TLS nD]-Y ∩P
@C
w Socket h
%≤ IBM Tivoli Directory Server uw Socket h (SSL)vw[KΩA
]αOO@ LDAP sCϕ SSL O@ LDAP M IBM Directory íq
TwAiPΣ°AOPßOΦíC
°AOAIBM Tivoli Directory Server "π] X.509
CVßí]pGu²zuπv ldapsearchHíoM≤m í]HKzL SSL iµ LDAP sAO
IBM Tivoli Directory ServerC
pGniµ°AOΦíAIBM Tivoli Directory Server °Abl SSL Tºµ
½íAú IBM Tivoli Directory Server X.509 CpGßτL°A
Ahb IBM Tivoli Directory Server MßíºíA@w[K
qTqDC
F²°AO@AIBM Tivoli Directory Server b°A≈ΩwñA
"πpK≈H÷p°AC
ßOΦíib LDAP ß LDAP °AºíúVOC
ßOALDAP ß"π] X.509 Co
OV IBM Tivoli Directory Server O LDAP ßC\ 73yß
OzC
pGnb Internet Wiµ íAziH VeriSign ÑsHzñ
(CA)AHo¬iH°AC
SSL O@z°A
pGnb IBM Directory °AOΦ SSL ΣAh"⌡µUC¬ÑB
JCoBJ]zwwPtm IBM Tivoli Directory ServerG
10 O@² 69
1. w IBM Directory GSKit M≤ApGwC÷w GSKit M≤ΩTA
\ IBM Tivoli Directory Server 5.2 wPtmΓUC
2. gsk7ikm í]H GSKit @wú IBM Tivoli Directory Server
pK≈P°AC°Ai% VeriSign o CA Ai
gsk7ikm uπ)µCCA ])µ]"!tß
í≈ΩwC
3. N°A≈ΩwP÷pKX⌠xsb°AñC≈Ωw
w]⌠]...\ldap\etc ²σ¼mC
4. s Web ¼ LDAP zAHtm LDAP °AC÷BzíA
\ 67y Web zGzC
pGz]QbDn IBM Tivoli Directory Server P@h °AíwqTA
z"t¿UCBJG
1. tm ²°AC
: ϕWzw∩D°ABJiµAúF∩C@ °A⌡µªHCϕN °Atm¿ SSL Ahb SSL íA °AñΓ
MD°AⁿCϕD°A SSL M °AqTAΣP@
LDAP ßC
2. tmD²°AG
a. bD²°A≈ΩwñsW °Aw°AA
iH⌠DnCbípUADn²ΩWO@ LDAP ßCpG
)µAz"qC °A IBM Tivoli Directory Server ñA
X)µAMßNºsWD°A≈ΩwñAT
woQiH⌠DnCΩΦWAzOND°Atm¿
°A SSL ßC
b. ND IBM Tivoli Directory Server tm¿ °ACOo]w replicaPort
AH °A IBM Tivoli Directory Server iµ SSL qTº≡C
3. ½sD°APC@ °AC
: C@ LDAP °Aue\@≈ΩwC
]w°AO: Yn°AOAziHb ibmslapd.conf ñ cn=SSL,
cn=Configuration Uiµ∩CpGnuWeb zuπvA\ 67
y Web zGzC
ⁿOµG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> ]tG
dn: cn=SSL,cn=Configurationchangetype: modify
replace: ibm-slapdSSLAuthibm-slapdSSLAuth: serverAuth
z"½s°AMzníA≤+αC
70 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ízñ]CAo°A
pGnb IBM Directory PΣßíúwsuA°A"π@≈ X.509
PpK≈C
úpK≈AVí CA o"n°AAH H IBM Directory
BJpUG
1. Hz root ¡≈nJC
2. /½zQ≈ΩwHxspK≈P²C
3. ⌡µ gsk7ikmAHs≈ΩwCb≈ΩwWΦAiH⌠≤CúzW≤AbzN LDAP °Atm¿ SSL A"
úWCúπ⌠WCgsk7ikm íúpK-≈
∩H@1CΣlΩTA\ 74y gsk7ikmzC
: w]A°ALk¬ GSKit s KDBCz"N≤
ldapC
chown ldap:ldap <mykeyring>.*
í\ 305yKerberoszC
4. ]zí CA O VeriSignA÷pUV VeriSign oG
a. sUC VeriSign ⌠Ghttp://digitalid.verisign.com/server_ids.html
b. ÷@U IBM internet connection serversC
c. b⌠WΩTßA÷@U BeginC
d. ú"nΩTA÷"nBJiµH1°ACboíúº¬
iH°AΦAVeriSign iíODnΣzñC
5. pGzQúP CAAϕ CA ⁿAN1eúµ
CAC
ϕz¼ CA oG
1. Hz°A¡≈nJC
2. /½≈Ωw²C
3. N CA ow±b²ñ@CbUBJñC
4. bP@²U⌡µ gsk7ikmAHKN¼≈ΩwñC
5. s LDAP °A Web zAtmU SSL A]A≈Ωw
WµC\ 67y Web zGzC
6. pG≈Ωwñ@≈HWAzQb IBM Directory ñA"
Ow]C
7. IBM DirectoryC
: pGzⁿ gsk7ikm NKXxsbKX⌠ñAhú"b ibmslapd.conf ñ
≤]wKXC
µ°A
pGzb°⌠⌠⌠ñ IBM DirectoryA gsk7ikm z)v°A
Cz]iH gsk7ikm t SSL IBM DirectoryA LR VeriSign
¬iH°ACo¼Y)µC
10 O@² 71
ϕUCBJAH)µ≈ΩwC
1. bC@°AWG
a. /½zQ≈ΩwHxspK≈P²C
b. s≈ΩwAH)µ1AHz CA C
v ji≈jpC
v w°AA DCiHC
c. o1Cgsk7ikm uπ)N±b≈ΩwñC
2. pGzOw∩ßíAbC@íß≈W⌡µUCB
JG
a. N CA 1m≤ß≈W@ismñC
b. N CA 1¼ß≈ΩwñC
c. N¼iH⌠DnC
ΣlΩTA\ 74y gsk7ikmzC
:
1. z"Tw²N CA ¼°A≈ΩwñANºiH⌠
DnAMßAN°A¼°A≈ΩwñC
2. unzO gsk7ikm z IBM Tivoli Directory Server ≈ΩwA
Oo/½≈Ωwb²C
3. C IBM Tivoli Directory Server ")vpK≈PCpG²h IBM
Tivoli Directory Server @#@≈pK≈PAuW[wIC²C°A
úPPpK≈Aib@3°A≈ΩwDaA
N¬KípCC
]wz LDAP ßHs IBM DirectoryUC"nBJt@h≈)µBQßiH⌠°A
LDAP ßA@≈ΩwC]iJΣL]p
VeriSign CA Am≤ß≈ΩwñAHiH⌠DnC
iH⌠DnπHOΩΘ]p VeriSign )µº°A
X.509 ABOJß≈ΩwñABiH⌠
C
1. N°A (cert.arm) szßu@ñC
2. ⌡µ gsk7ikm sß≈ΩwAs≈ΩwCYnsß≈ΩwA∩@ipQßWAHΦK
zCíApG LDAP ßOb Fred ≈W⌡µAiRW FRED.KDB
C
3. pGnN°AsWß≈ΩwG
a. ÷@U≈ΩwAMß∩C
b. ΘJ≈Ωw⌠PWA÷@UTwC
c. ΘJKXC
d. Twwg∩C÷@UsWC
e. ΘJ°AWPmC
f. ΘJ°Abß≈Ωwñ]p Corporate Directory
ServerAMß÷@UTwC
72 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
4. pGznsß≈ΩwG
a. ÷@U≈ΩwAMß∩sC
b. ΘJsß≈ΩwWMmA÷@UTwC
c. ΘJKXC
d. bsß≈ΩwßA½WzBJAHKN°AsW
≈ΩwñC
5. ⌠ gsk7ikmC
ΣlΩT\ 74y gsk7ikmzC
b LDAP ßM°Aíw SSL suAª°A)µ
AτΣsOAϕ°AC
w∩ LDAP ßnbwíUsC@ IBM Tivoli Directory ServerA½
WzBJC
N≈⌠α≈ΩwpGnαH MKKF í≈⌠G
1. gsk7ikmC
2. ÷@U≈ΩwAMß∩C
3. ΘJz≈⌠⌠PWA÷@UTwC
4. ΘJ≈⌠KXCpG≈⌠SKXAz" MKKF
Σⁿw@KXC
5. b≈⌠ßA÷@U≈ΩwAMß∩tssC
6. Tw≈Ωw¼O] CMS ≈ΩwC±≈ΩwWP
mA÷@UTwC
ßO
ßOΦíib LDAP ß LDAP °AºíúVOC
ßOALDAP ß"π] X.509 Co
OV IBM Tivoli Directory Server O LDAP ßC
÷OPwh (SASL) ibsuqT≤wñ[JOΣCqT≤wt@
ⁿOAHOAV°AOCªiH∩a≤X@w
hAHiµß≥qT≤wµC
b°A¼OⁿO⌠≤ß#ßAªioX@hLdAⁿXó
¿CpGß¼@hLdAioX#⌠µ½]°qT≤w]w
wC
bOqT≤wµ½íASASL ≈ε⌡µOANßv¡≈]Y
IDΘ°AAMß≤X≈εSwhC
ϕ LDAP °A¼ßoX LDAP snDA÷UCBznDG
1. °AσR LDAP snDAUCΩTG
v ßO DNC
v OΦkC
10 O@² 73
v ⌠≤AOnDñtKXC
v pGOΦk SASLA°Aτ LDAP snDñ SASL ≈ε
WC
2. °A²)nDñ DN XGC
3. °A⌠≤H LDAP snD@ú LDAP εC
4. pGOΦk SASLA°APOΣ SASL ≈ε]ⁿw≤nDñCp
G°AúΣ SASL ≈εA°Ae@#XßA⌠s
BzC
5. pGΣ SASL ≈ε (=EXTERNAL)AB SSL O¼°APßOA
h°AτßOAOW CA oATwß
ñSLwoεCpG ldap_sasl_bind ñⁿwß DN PK
X NULLAhbß≥ LDAP @ñߺ x.509v3 ñt DN
gLO¡≈ChAHWΦíOß]pG DN PKX
NULLA ßúsΩTOßC
6. pGOΦku ÷vAh°Ad DN OrΩOSC
7. pG DN rΩAⁿw⌠≤Ah°A]ßOHWΦís
A#nGßCsu DN POΦk!OOd NULL P
LDAP_AUTH_NONEC
8. pGßS²sABbs@íSXAhsuC
]wßO: YnßOAziHb ibmslapd.conf ñ cn=SSL,
cn=Configuration Uiµ∩CpGnuWeb zuπvA\ 67
y Web zGzC
ⁿOµG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> ]tG
dn: cn=SSL,cn=Configurationcn: SSL
changetype: modifyreplace: ibm-slapdSSLAuthibm-slapdSSLAuth: serverClientAuth
z"½s°AMzníA≤+αC
gsk7ikmUC≈zí gsk7ikm H≤ IBM Global Security Kit (GSKit)CªO@
z≈H GUIAH Java Applet ΦíΩ@C
: b AIX @tWA pGtúz]w JAVA_HOMEAziHNº]t
w Java IBM Tivoli Directory Server Java CpGz IBM
Tivoli Directory Server Azn]w LIBPATH ⌠pUG
export LIBPATH=/usr/ldap/java/bin:/usr/ldap/java/bin/classic:$LIBPATH
gsk7ikm -pK≈∩H1BN1¼≈Ωw
ñAHz≈Ωwñ≈C
ziQ gsk7ikm ⌡µ@G
74 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v ≈∩AVzñ1
v N¼≈Ωwñ
v z≈P
– ≤≈ΩwKX
– π≈÷ΩT
– Rú≈
– ²≈¿≈Ωwñw]≈
– ≈∩P1AH)µ
– X≈
– N≈J≈Ωwñ
– N≈ⁿwiH⌠Dn
– úiH⌠Dn≈ⁿw
– ≈1
v N≈⌠α¿≈Ωwµí
≈∩AVzñ
pGzßís LDAP °AnDiµßP°AOAz"
@-pK≈∩P@≈C
pGßís LDAP °AunDiµ°AOAhú"-
pK≈∩PCzubß≈Ωwñ±m@≈iH⌠
DnYiCpGo°Azñ (CA) wqbzß≈
ΩwñAh"V CA 1 CA A¼z≈ΩwñAMßNº
iH⌠C\ 80yN≈ⁿwiH⌠DnzC
zßΣpK≈n°ATºC°ANΣ≈
ßA²ßi[KTº°AA°AHΣpK≈[HKC
FNΣ≈°AAßn@≈Cñtß≈
BMß÷pOWBHΘCO% CA
oAHτß¡≈C
CA º≥BJpUG
1. gsk7ikm nDC
2. N1úµ CACiQqll≤Aq CA ⌠iµuWúµC
3. N CA #¼z°AºtWYismñC
4. N¼≈ΩwñC
: pGznVCbw]iH⌠ CA Mµñ CA owßA
z"o CA ANº¼z≈ΩwñAiH⌠Cz
"²¿@A+αNwß¼≈ΩwñC
pGn-pK≈∩A1G
1. ΘJUCⁿOAH gsk7ikm Java íG
gsk7ikm
2. ∩≈ΩwC
10 O@² 75
3. ∩s]ApG≈ΩwwsbC
4. ⁿw≈ΩwWPmC÷@UTwC
: ≈Ωw@Aß°Axs@h≈≈∩PC
5. ϕXúAú≈ΩwKXC÷@UTwC
6. ∩C
7. ∩sC
8. ≈∩úⁿwCHb≈ΩwñO≈∩P
C
9. pGz1OCiHßAΘJ@δWC"O@AB
WC
10. pGz1O¬iHw°AG
v ΘJ°A X.500 qWCqO TCP/IP πD≈WAp
www.ibm.comCY VeriSign °AAh"OπD≈WC
v ΘJWCzWCY VeriSign w°AA]zw
@ VeriSign bßAhµñW"MbßWWC
v ΘJµWC∩µC
v ΘJ°Aba/½C∩µC
v ΘJ°Abº/ (ñ/½) Yg]3 rC
v ΘJ°AbalC
v ΘJ°AbaΩX]2 rC
11. ÷@UTwC
12. π@hTºAΣñⁿX1WPmC÷@UTwC
13. e1 CAC
pGO1 VeriSign CiHw°AAz"zLqll≤N
1 VeriSignC
pGOCiH1AiYlH VeriSignCpGOw°A1A
hni@Bσ≤íCpGQAb1w°AAVeriSign nD
AeUC URLGhttp://www.verisign.com/ibmC
14. ϕz¼ CA A gsk7ikm Nº¼xs≈∩≈Ωw
ñC\yN¼≈ΩwñzC
: g≤≈ΩwKXCpGzⁿw@ΘAz"HlAHA≤≤KXCpGKXbz≤eKLA≈ΩwNLk
Az≤KXεC
N ¼≈Ωwñbz¼ CA #ßAz"N¼≈ΩwñC
pGnN¼≈ΩwñG
1. ΘJ gsk7ikmA Java íC
2. ∩≈ΩwC
3. ∩C
4. ⁿw≈ΩwWPmC÷@UTwC
76 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
5. ϕXúAú≈ΩwKXC÷@UTwC
6. ∩C
7. bñí°íñ∩HC
8. ÷@U ¼C
9. ΘJtw]) CA oºWPmC÷@UTwC
≤≈ΩwKXpGn≤≈ΩwKXG
1. ΘJ gsk7ikmA Java íC
2. ∩≈ΩwC
3. ∩C
4. ⁿw≈ΩwWPmC÷@UTwC
5. ϕXúAú≈ΩwKXC÷@UTwC
6. ∩≈ΩwC
7. ∩≤KXC
8. ΘJ<sKX>C
9. T<sKX>C
10. ∩]w∩KXíC
11. pGzQ[KKXxsbWA∩NKX⌠bñHC
12. ÷@UTwC
13. X@hTºAΣñⁿX⌠KXWPmC÷@UTwC
: KXϕ½nA]ªiO@pK≈CpK≈@≈Aiσ≤AKH≈[KTºC
π≈÷ΩT
pGnπ≈÷ΩTApGΣWBjpOiH⌠DnG
1. ΘJ gsk7ikmA Java íC
2. ∩≈ΩwC
3. ∩C
4. ⁿw≈ΩwWPmC÷@UTwC
5. ϕXúAú≈ΩwKXC÷@UTwC
6. pGndⁿwuHv≈÷ΩTG
v ∩≈Ωwe°íHC
v ∩C
v ÷@U°/sΦAHπ∩≈÷ΩTC
v ÷@UTwA#uHvMµC
7. pGndⁿwuvº≈÷ΩTG
v ∩≈Ωwe°íC
v ∩C
v ÷@U°/sΦAHπ∩≈÷ΩTC
v ÷@UTwA#uvMµC
10 O@² 77
Rú≈pGnRú≈G
1. ΘJ gsk7ikmA Java íC
2. ∩≈ΩwC
3. ∩C
4. ⁿw≈ΩwWPmC÷@UTwC
5. ϕXúAú≈ΩwKXC÷@UTwC
6. b≈Ωwe°íA∩zQRú≈¼]HB
H1C
7. ∩C
8. ÷@URúC
9. ÷@UO[HTC
²≈¿≈⌠ñw]≈w]≈"O°AiµΣwqTpK≈C
pGn²≈¿≈⌠ñw]≈G
1. ΘJ gsk7ikmA Java íC
2. ∩≈ΩwC
3. ∩C
4. ⁿw≈ΩwWPmC÷@UTwC
5. ϕXúAú≈ΩwKXC÷@UTwC
6. ∩≈Ωwe°íHC
7. ∩nC
8. ÷@U°/sΦC
9. ∩N]w]C÷@UTwC
≈∩PAHµ wqAw°A"@≈-pK≈∩PC
°AΣpK≈AnßTºC°ANΣ≈
ßA²ßi[KTº°AA°AHΣpK≈[HKC
°An@≈AHKNΣ≈ßCñt°A≈
BM°A÷pOWBHΘCO% CA
oAHτ°A¡≈C
ziH1UC@G
v VeriSign oCiHAAXbD WAOzw⌠ Beta
C
v VeriSign ΣL CA o°AAHiµ íC
v )µ°A]pGz¡QΩtYpH Web ⌠⌠ CA
÷ VeriSign Ñ CA °AΩTA\ 75y≈
∩AVzñ1zC
78 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
)µ≥BJpUG
1. ΘJ gsk7ikmA Java íC
2. ∩≈ΩwC
3. ∩s]pG≈ΩwwsbC
4. ⁿw≈ΩwWPmC÷@UTwC
: ≈Ωw@Aß°Axs@h≈≈∩PC
5. ϕXúAú≈ΩwKXC÷@UTwC
6. ÷@UsµC
7. úUCΩTG
v ≈∩ⁿwCHb≈ΩwñO≈∩PC
v nC
v n≈jpC
v °A X.500 qWCqO TCP/IP πD≈WAp www.ibm.comC
v WCzWC
v µWC∩µC
v °Aba/½C∩µC
v °Abº/]ñ/½Yg]TrC
v °AbalC
v °AbaΩX]2 rC
v C
8. ÷@UTwC
X≈pGznαe≈∩t@íqúAziHqΣ≈ΩwX≈∩
ñCMßb≤t@íqúWAN≈∩J≈⌠ñC
pGnX≈Ωwñ≈G
1. ΘJ gsk7ikmA Java íC
2. ∩≈ΩwC
3. ∩C
4. ⁿw≈ΩwWPmC÷@UTwC
5. ϕXúAú≈ΩwKXC÷@UTwC
6. ∩≈Ωwe°íHC
7. ∩nC
8. ÷@UJ/XC
9. b@¼ñA∩X≈C
10. ∩≈¼G
v PKCS12
v CMS ≈Ωw
v ≈⌠] mkkf
v SSLight ≈ΩwO
10 O@² 79
11. ⁿwWC
12. ⁿwmC
13. ÷@UTwC
14. ΘJnKXC÷@UTwC
J≈pGnN≈J≈⌠ñG
1. ΘJ gsk7ikmA Java íC
2. ∩≈ΩwC
3. ∩C
4. ⁿw≈ΩwWPmC÷@UTwC
5. ϕXúAú≈ΩwKXC÷@UTwC
6. ∩≈Ωwe°íHC
7. ∩nC
8. ÷@UJ/XC
9. b@¼ñA∩J≈C
10. ∩n≈¼C
11. ΘJWPmC
12. ÷@UTwC
13. ΘJnKXC÷@UTwC
N≈ⁿwiH⌠Dn
iH⌠DnO@≈ABM CA OW÷pCUCiH⌠Dn
)wqbC@s≈ΩwñG
v Integrion Certification Authority Root
v IBM World Registry™ Certification Authority
v Thawte Personal Premium CA
v Thawte Personal Freeemail CA
v Thawte Personal Basic CA
v Thawte Premium Server CA
v VeriSign Test CA Root Certificate
v RSA Secure Server Certification Authority
v VeriSign Class 1 Public Primary Certification Authority
v VeriSign Class 2 Public Primary Certification Authority
v VeriSign Class 3 Public Primary Certification Authority
v VeriSign Class 4 Public Primary Certification Authority
: w]AoiH⌠Dn@l]iH⌠DnC
pGnN≈ⁿwiH⌠DnG
1. ΘJ gsk7ikmA Java íC
2. ∩≈ΩwC
80 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
3. ∩C
4. ⁿw≈ΩwWPmC÷@UTwC
5. ϕXúAú≈ΩwKXC÷@UTwC
6. ∩≈Ωwe°íC
7. ∩nC
8. ÷@U°/sΦC
9. ∩N]iH⌠Dn A÷@UTwC
10. ∩≈ΩwAMß∩÷¼C
úuiH⌠Dnv≈iH⌠DnO@≈ABM CA OW÷pCUCiH⌠Dn
)wqbC@s≈ΩwñG
v Integrion Certification Authority Root
v IBM World Registry Certification Authority
v Thawte Personal Premium CA
v Thawte Personal Freeemail CA
v Thawte Personal Basic CA
v Thawte Premium Server CA
v VeriSign Test CA Root Certificate
v RSA Secure Server Certification Authority
v VeriSign Class 1 Public Primary Certification Authority
v VeriSign Class 2 Public Primary Certification Authority
v VeriSign Class 3 Public Primary Certification Authority
v VeriSign Class 4 Public Primary Certification Authority
: w]AoiH⌠Dn@l]iH⌠DnC
pGnú≈uiH⌠Dnv¼AG
1. ΘJ gsk7ikmA Java íC
2. ∩≈ΩwC
3. ∩C
4. ⁿw≈ΩwWPmC÷@UTwC
5. ϕXúAú≈ΩwKXC÷@UTwC
6. ∩≈Ωwe°íC
7. ∩nC
8. ÷@U°/sΦC
9. MúN]iH⌠DnC÷@UTwC
10. ∩≈ΩwAMß∩÷¼C
≈
pGn≈1G
1. ΘJ gsk7ikmA Java íC
10 O@² 81
2. ∩≈ΩwC
3. ∩C
4. ⁿw≈ΩwWPmC÷@UTwC
5. ϕXúAú≈ΩwKXC÷@UTwC
6. ∩≈Ωwe°íHC
7. ∩nC
8. ÷@UJ/XC
9. b@¼ñA∩X≈C
10. ∩nΩ¼G
v ≥ 64 sX ASCII Ω
v Gi DER Ω
v SSLight ≈ΩwO
11. ΘJWPWC
12. ÷@UTwC
13. ∩≈ΩwAMß∩÷¼C
e1 CAC
pGO1 VeriSign CiHw°AAz"zLqll≤N1
VeriSignC
pGOCiH1AiYlH VeriSignCpGOw°A1Ah
ni@Bσ≤íCpGQAb1w°AAVeriSign nDA
eUC URLGhttp://www.verisign.com/ibmC
N≈⌠α¿≈Ωwµígsk7ikm íiN≈⌠]H mkkf α¿ gsk7ikm
µíC
pGnα≈⌠G
1. ΘJ gsk7ikmA Java íC
2. ∩≈ΩwC
3. ∩C
4. ⁿw≈ΩwWPmC÷@UTwC
5. ϕXúAú≈⌠KXC÷@UTwC
6. ∩≈ΩwC
7. ∩tss...C
8. ∩ CMS ≈Ωw≈Ωw¼C
9. ⁿwWC
10. ⁿwmC
11. ÷@UTwC
]w≈Ωw
pGn]w≈ΩwAUCΣñ@C
82 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
Web zG
i Web zuπ²ñzweAMß∩≈ΩwC
1. ⁿw≈Czwq≈AHⁿwn≈Ωwñ
í≈C
2. ⁿw≈Ωw⌠MWC≈ΩwπWµCpGwqK
X⌠Ah]OPWµAΣW .sthC
3. ⁿw≈KXCpGSKX⌠Ah"bⁿw≈ΩwK
XCMßbTKXµñA½sⁿwKXC
4. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
: F²°AoA ID ldap "α≈¬ªC\ 305
y\ivzC
ⁿOµG
pGnⁿOµ]w SSL M TLS ≈ΩwAoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> ]tG
dn: cn=SSL,cn=Configurationchangetype: modify
replace: ibm-slapdSSLKeyDatabaseibm-slapdSSLKeyDatabase: <databasename>-replace: ibm-slapdSSLKeyDatabasePWibm-slapdSSLKeyDatabasePW: <password>-replace: ibm-slapdSslKeyRingFileibm-slapdSslKeyRingFile: <filename>-replace: ibm-slapdSslKeyRingFilePWibm-slapdSslKeyRingFilePW: <password>
z"½s°AMzníA≤+αC
]w[Kh
w]ASSL M TLS IBM Tivoli Directory Server bPß⌡µKX≤]b
SSL TLS Tºµ½íUCKXC
: ÷MKXh\αúαbutmvíUA²OzoiHbutmvíU≤KX[KhC
Web zG
i Web zuπ²ñu°AzvC
1. ÷@UzweC
2. ÷@U[KC
3. ns°AßA∩zn[KΦkCpGz∩h[KΦ
kA w]A¬[KhAúLAz∩C[Khß,
is°AC
10 O@² 83
: IBM Tivoli Directory Server 5.2 ΣuiÑ[K (AES)v[KhC
p AES ÷ΩTA\ NIST ⌠AΣ⌠
http://csrc.nist.gov/encryption/aes/C
ϕ 7. Σ[Kh
[Kh
168 ≈ SHA-1 MAC T½ DES [
Kk
ibm-slapdSslCipherSpec: TripleDES-168
56 ≈ SHA-1 MAC DES [Kk ibm-slapdSslCipherSpec: DES-56
128 ≈ SHA-1 MAC RC4 [K
k
ibm-slapdSslCipherSpec: RC4-128-SHA
128 ≈ MD5 MAC RC4 [Kk ibm-slapdSslCipherSpec: RC4-128-MD5
40 ≈ MD5 MAC RC2 [Kk ibm-slapdSslCipherSpec: RC2-40-MD5
40 ≈ MD5 MAC RC4 [Kk ibm-slapdSslCipherSpec: RC4-40-MD5
AES 128 [Kk ibm-slapdSslCipherSpec: AES-128
AES 256 [Kk ibm-slapdSslCipherSpec: AES
∩KX ibm-slapdsslCipherSpec ÷ΣrH)WzϕµwqxstmñApApGzuQuT½ DESvA∩ 168 ≈
SHA-1 MAC T½ DES [KkCb ibmslapd.conf ñsWibm-slapdSslCipherSpec: TripleDES-168 CbíUAuPΣuT½ DESvßA+α≈P°Aí SSL suCziH∩h½KXC
4. pGz°AΣupXΩTBz (FIPS)ví\αAbuΩ@vYU
Kπww²∩ FIPS Ω@∩Coo°Aα≈ ICC
FIPS w[KtΓkCpGz°∩o∩AhD FIPS w
[KtΓkC
5. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
ⁿOµG
pGnⁿOµ]w SSL [Kh]bñ 168 ≈M SHA-1 MAC
T½ DES [KAoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> ]tG
dn: cn=SSL,cn=Configurationchangetype: modify
replace: ibm-slapdSslCipherSpecibm-slapdSslCipherSpec: TripleDES-168
\ϕ 7 HoΣL[KC
YnsW@hHW[KkAz <filename> iα]tG
dn: cn=SSL,cn=Configurationchangetype: modify
replace: ibm-slapdSslCipherSpecibm-slapdSslCipherSpec: RC2-40-MD5ibm-slapdSslCipherSpec: AESibm-slapdSslCipherSpec: RC4-128-MD5
84 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ibm-slapdSslCipherSpec: RC4-128-SHAibm-slapdSslCipherSpec: TripleDES-168ibm-slapdSslCipherSpec: DES-56ibm-slapdSslCipherSpec: RC4-40-MD5
pGnⁿOµ FIPS íAoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> ]tG
dn: cn=SSL,cn=Configurationchangetype: modify
replace: ibm-slapdSslFIPSModeEnabledibm-slapdSslFIPSModeEnabled: false
z"½s°AMzníA≤+αC
KX[K
IBM Directory i²zε≥vsKXípoCKXisXx
sb²ñApiεσKXD⌠≤]]AtzsC
ziN°Atm¿µVsXµíVsXµíAsX userPassword
C
µVsXµíG
v SHA-1
v crypt
btm°AßA⌠≤sKX]s∩LKX]bx
s²ΩwºeAúgLsXCgsXKXHsXtΓkW[HOA
pi²úPµísXKX]α@sb²ñCϕsXtmAwsX
KX,úBα≥B@C
bnσKXíΦ]pGñíhONzíA²z
"N°Atm¿⌡µVsXú[KKXCbípUAxsb²
ñσKXNzL² ACL ≈εO@C
VsXµíG
v imask
imask O@VBn∩AiN userPassword sXb²ñAHlσ
µíAϕ¿@í≈Cí]pGñíhO°AnD
HσµíKXAúLAqwhiαTεNσKXxsbn
/[xsΘñC∩iPí¼oΓDC
unsnDñúKXAMh userPassword ñ⌠≤@AYΓO
÷s¿\C
ϕz Web ztm°AAziH∩UC6[K∩º@G
L ú[KCKXOHσσrµíxsC
crypt bNKXxs²ºeA²H UNIX crypt sXtΓksXC
SHA-1 bNKXxs²ºeA²H SHA-1 sXtΓksXC
10 O@² 85
imask bNKXxs²ºeA²H imask tΓksXAHσµíAN
ºϕ¿Y@í≈C
w]∩O imaskC≤n²b°AtmKX[KεⁿOñC
ibm-SlapdPwEncryption: imask
°Atm≤G
<w⌠>\etc\ibmslapd.conf
úF userPassword AsecretKey ϕH ″imask″ sXb²ñCúuserPasswordAsXOMw∩ secretKey ΩICSΣL∩CsecretKey
O@ IBM wq⌡Cíixs"TwsXb²ñ
PΩAHQ²sεσµíΩC
÷tmΣLΩTA\wPtmΓUC
pGnⁿOµ≤[K¼Ap≤ cryptAoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -f <filename>
Σñ <filename> tG
dn: cn=configurationchangetype: modify
replace: ibm-slapdPWEncryptionibm-slapdPWEncryption: crypt
pGnA≤s]wAoXUC ldapexop ⁿOG
ldapexop -D <adminDN> -w <adminPW> -op readconfig -scope single"cn=configuration" ibm-slapdPWEncryption
:
1. pGzH imask °AKX[KΦkAhzΘJKXñue 46 r
C 46 rß⌠≤rQñ°CPaApG
UNIX crypt ΦkAhue 8 rCA%≤ SecretKey H
imask [KΦí[KbΩwñAWL 46 r SecretKey τúOdC
2. µVsXKXiiµKX±∩A²LkKCbnJíAsX
nJKXAMxs±AHiµ±∩τC
]wKXh
KXhO@εp≤b IBM Directory ñzKXWhCoWh«
bTOw≤ΣKXAHKXXnDKXykCAo
Whτ¡εKX½AHTw@3WLwqóßY
QΩwC
pKXΣL÷ΩTA\ 88yKXhzC
úF²zMzs¿HA"ϕuKXhCz
Mzs¿KX/úA Bbß]/úQΩwC²zM
zs¿¼≈sεv∩KXPKXhC
86 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
Web zG
iuWeb zuπv²ñzweAMß∩KXhCe
πúisΦKXµAΣñ]tKXhWC
1. qUMµñ∩KX[K¼G
v L
v imask
v crypt
v sha
ΣlΩT\ 85yKX[KzC
2. ∩KXh∩KXhC
: pGSKXhAoeñΣL\αΣLKXeúNLkA∩εC w]AKXhOC
3. ∩i≤KX∩AHⁿwi≤KXC
4. ∩b½]ß≤KX∩AHⁿwb½]KXnJ
ßAO"≤KXC
5. ∩b≤KXe∩AHⁿwbnJßAO"
²AⁿwKXA+α≤KXC
6. ]wKX¡C÷@UKXúLΩsAhϕKXú"Cj@qSw
íY≤F÷@UΩsAhiⁿwKX"½]ííj]6C
7. ⁿwtbKXLeAOnoX@hKXiCpGz÷@Uúi
ΩsAhbe@KXLeAúúiCbzsKXeA
NLks²CpGz÷@UeΩsAⁿw@6]nAh
bKXLe n 6lACϕnJAú¼@hiAú
≤KXC,is²AKXLεC
8. ⁿwbKXLßA,inJ]YC∩i²
LKXs²C
9. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
ⁿOµG
pGnⁿOµ⌡µP@AoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=pwdpolicychangetype: modify
replace: ibm-pwdpolicyibm-pwdpolicy: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace:pwdallowuserchangepwdallowuserchange: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace:pwdmustchangepwdmustchange: TRUE|FALSE#∩ TRUE HA∩ FALSE H
10 O@² 87
-replace:pwdmaxagepwdmaxage: 5-replace:pwdexpirewarningpwdexpirewarning: 7-replace:pwdgraceloginlimitpwdgraceloginlimit: 2z"½s°AA≤+αC
KXh
Uú IBM Tivoli Directory Server ñ IBM Tivoli Directory Server
(IDS) KXΣΩTAHz LDAP ⌠bßCΣñ]ún
KrhAHε.b⌡µ Directory Server ⁿOµuπM C-API
VcC
Directory Server Γbß¼G
v zbß]LDAP z(cn=root)Azs¿A LDAP DB2 A
xsb /etc/ibmslapd.conf ñC
v (iNetOrgPerson) AΣπKXA≤ Directory Server C M Java
(JNDI) APICoOí]p Policy Director M WebSphereC¿
Directory Server ΣsxUKXΘJAz,ndííσ≤
TAh¡εC
HUz IBM Tivoli Directory Server 5.2 ΣKXC
(InetOrgPerson) KX 5.2 AuserPasswordµiΣUCrH C M Java API xsb
Directory Server ñC Directory Server í]p Policy DirectorBWebSphere
ÑÑiα÷≤KXΣL¡εCpíA\oSwúú
íσ≤C
v jgMpgσr)MrC
v ΣΣL ASCII σrC
v IBM Tivoli Directory Server 5.2 Níσ≤ñⁿwºyÑΣ
rC
v KX!jpgC]pApGKX = TeStA TEST test KXNóC
ujpgX TeSt +αqLC
LDAP ibmslapd.conf G 5.2 A <LDAP_DIR>/etc/ibmslapd.conf ñKXiΣUCrG
v ΣjgMpgσr)MrrC
v ΣΣL ASCII µrC
v KX!jpgC]pApGKX = TeStA TEST test KXNóC
ujpgX TeSt +αqLC
:
1. ibmslapd.conf ñuviH]tUCG
v LDAP z (cn=root)
v zs¿
88 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v g@Dn ID (cn=MASTER)
v LDAP DB M≤ΘxΩw LDAP DB2 (LDAPDB2)
2. zKXñúΣrC
uIDS Web zuπv∩KXG 5.2 Web zuπAiΣUCrsW∩KXµG
v ΣjgMpgσr)MrrC
v ΣΣL ASCII µrC
v KX!jpgC]pApGKX = TeStA TEST test KXNóC
ujpgX TeSt +αqLC
:
1. zKXúΣrC
2. KXΣrC
SϕrKUCrA]@ Shell iαNªuSϕvrG
`’\"|
pA 5.2 Web zuπⁿwKXG
"\"test\’
nbⁿOµñUCKXG
-w\"\\\"test\’
oOdjMG
ldapsearch -b" " -sbase -Dcn=newEntry,o=ibm,c=us -w\"\\\"test\’ objectclass=*
: blKX ú⌡µrº Web zuπ Java íñiHK
XCb²edñAuWeb zuπvsKXPuWeb zuπvñⁿwKX
ΘJKXPG
"\"test\’
]wKXΩw
pGn]wΩwKX¼pAUCΣñ@C
: pG°AKXhAKXΩw\αNúC
Web zG
iuWeb zuπv²ñz°AeAMß∩KXΩwC
: pG°AKXhAoeñ\αNúC
1. ⁿw"LXϕBX!BXpX6ºßA+α≤KXC
2. ⁿwpGnJAOnNKXΩwC
10 O@² 89
v pGze\L¡εnJA∩KXúΩwΩsCo∩
KXΩw\αC
v ∩ΩsAⁿwbΩwKXee\nJCo∩
KXΩw\αC
3. ⁿwΩwC∩Ωw[ Ωsⁿwtz"½]KXA∩ϕ
ΩsⁿwΩwLXϕºß+α#nJC
4. ⁿwnJCzi÷@UKXT!MúnJΩsAⁿw
¿\nJß+αMúnJF÷@UϕΩsAⁿw"LFXϕßA+
NónJqOΘñMúC
: ubKXΩwípUA∩+α@C
5. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
ⁿOµG
pGnⁿOµ⌡µP@AoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=pwdpolicychangetype: modify
replace: pwdlockoutpwdlockout: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace:pwdmaxfailurepwdmaxfailure: 3-replace:pwdlockoutdurationpwdlockoutduration: 15-replace:pwdfailurecountintervalpwdfailurecountinterval: 30-replace:pwdexpirewarningpwdexpirewarning: 7-replace:pwdgraceloginlimitpwdgraceloginlimit: 2
]wKXτ
pGn]wτKX≥DM¡εAUCΣñ@C
Web zG
iuWeb zuπv²ñz°AeAMß∩KXτC
: pG°AKXhAoeñ\αNúC
1. ]w"LXKXßA+αA½P@KXCΘJ 0 30 í@
rCpGzΘJ 0AϕKXi½ S¡εC
2. qU\αϕñA∩OHUCΘJµñwqykdKXCziH∩
G
90 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
údyk
ú⌡µykdC
dyk]w[KKXú
∩[KKXiµykdC
dyk
∩KXiµykdC
3. ⁿw@AH]wKX°U¡CY]sAhúiµykdC
v ⁿw@AH]wKXñ.XσrC
v ⁿw@AH]wKXñ.XPSϕrC
: σBrMSϕrrU¡"Ñ≤p≤zⁿwKX°U¡C
4. ⁿwKXñr½W¡C∩O¡εP@SwrbKXñαX
CY]sAhúd½rC
5. ⁿw.oXrMeKXHKX½epíjµñⁿwX
eKXúPCY]sAhúdúPrC
6. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
ⁿOµG
pGnⁿOµ⌡µP@AoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=pwdpolicychangetype: modify
replace: pwdinhistorypwdinhistory: 8-replace:pwdchecksyntaxpwdchecksyntax: 0|1|2# 0=údyk#1=dyk]w[Kú#2=dyk-replace:pwdminlengthpwdminlength: 6-replace:passwordminalphacharspasswordminalphachars: 3-replace:passwordminothercharspasswordminotherchars: 3-replace:passwordmaxrepeatedcharspasswordmaxrepeatedchars: 2-replace:passwordmindiffcharspasswordmindiffchars: 4
10 O@² 91
]w KerberosIBM Tivoli Directory °AibΣ AIX °AP AIX 64 ßWΣ
Kerberos 1.3 °AAp IBM Network Authentication ServiceC@t
tABA≤ AIX 32 ßBWindows NT P Windows 2000 Kerberos
C
: z"w Kerberos ßA+α Kerberos OΦíC
b Network Authentication Service UAße@h²o≈!tñ (KDC)
qµnDCKDC ß@≈uqµPqµ (TGT)vAß
KXNº[K¿≈ANw[K TGT #ßCAßi
ΣKXK TGTCpGK¿\AßiOdK TGTAHß¡≈
C
TGT @3FⁿwíYLA Σe\ßoiúSwAº\ivΣL
qµCboΣLqµ1PPLñAúnJC
Network Authentication Service ≤⌠⌠WΓIíOH∩[KqTCª
i²íú@PßOb⌡≡@L÷whCbípUA
Network Authentication Service ibz⌠⌠wñΩtúiñΓC
znDΘW ldap/<hostname>.<mylocation>.<mycompany>.comAb≈!eñ
]KDCñ@ LDAP °AAíWC
: ziH⌠ ″LDAP_KRB_SERVICE_NAME″ P LDAP Kerberos A
íWjpgCpGO]w¿ ’LDAP’Ahjg LDAP Kerberos
AíWCpGS]wAhpg ldapCLDAP ßM°Aú
o⌠Cbw]ípUAú]woCΩT\
305yKerberoszC
Network Authentication Service ú≤pUG
≈eñ
KDC O@iH⌠°AAvsΓñDΘpK≈CKDC %
UCΓí≈¿GuO°A (AS)vPuqµP°A (TGS)v¿C
AS %o TGTABzlßOCTGS tdoAqµA
HKßVAO¡C
z°A
z°Aiú Network Authentication Service ΩwzsvCΩ
wt@DΘB≈BhHΓΣLzΩTCz°Ae\s
WB∩BRúP°DΘPhC
KX≤A
KX≤Ai²≤ΣKXCKX≤A%z°AúC
ßí
ßíi@]qµB@ keytab B≤KXAH⌡
µΣL≥ Network Authentication Service @C
í]p]APIiúíwPYAHiµw!ííoC÷úº API
íA\ Application Development ReferenceC
92 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
Web zG
b°AzUAi Web zuπ²ñzweCpGz°A
Σ Kerberos]τYªΣ kerberos \α OID - 1.3.18.0.2.32.30A∩
Kerberos CpGz°AúΣ KerberosAoNúπC
1. ∩ Kerberos O∩AH Kerberos OC
: z"w Kerberos ßA+α Kerberos OΦíC
2. ∩N Kerberos ID ∩M LDAP DN ∩A²²zB Kerberos
OΦk ACL ΩCΩTA\ 94yKerberos ¡≈∩
MzC
3. hostName.domainName µíΘJ Kerberos ΓAp TEST.AUSTIN.IBM.COMC
oµí!jpgC
4. ΘJ Kerberos keytab ⌠MWCo]t LDAP °ApK≈A
≈PΣ kerberos bß÷pCoM SSL ≈ΩwúⁿO@C
5 . pGzOH²z¡≈nJA i b m - k n = v a l u e @ r e a l m
i b m - K e r b e r o s N a m e = v a l u e @ r e a l m I f µíΘJNz I DAp
[email protected]¿úαsΦoµC
: ID "O Kerberos Γñ IDCo ID !jpgC
6. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
ⁿOµG
pGn Kerberos AoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -f <filename>
Σñ <filename> tG
dn: cn=Kerberos, cn=Configurationcn: Kerberosibm-slapdKrbAdminDN: [email protected]: trueibm-slapdKrbIdentityMap: trueibm-slapdKrbKeyTab: /keytabs/mykeytab.keytabibm-slapdKrbRealm: MYREALM.AUSTIN.IBM.COMobjectclass: ibm-slapdKerberosobjectclass: ibm-slapdconfigEntryobjectclass: top
pGn∩ Kerberos Ap≤ keytab AoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -f <filename>
Σñ <filename> ]tG
dn: cn=Kerberos, cn=Configurationchangetype: modify
replace: ibm-slapdKrbKeyTabibm-slapdKrbKeyTab: /keytabs/mynewkeytab.keytab
KerberosbzⁿOµ⌡µ Kerberos OºeAz"⌡µ Kerberos l]w@Co
XUCⁿOG
10 O@² 93
kinit <kerberos_principlename>@<realm_name>
pGn Kerberos OAz"b ldapadd P ldapsearch ⁿOñAⁿw -m ∩P
GSSAPI CpG
ldapsearch -V 3 -m GSSAPI -b <"cn=us"> objectclass=*
Kerberos ¡≈∩M
¡≈∩Mi²²zB Kerberos OΦk ACL ΩCIBM
Directory ACL OHⁿws²°AºßOW (DN) ≥ªCs
vN°P DN \iv wAH° DN º⌠≤s\iv wCpG
GSSAPI sΦk]τYA Kerberos V°AO¡Ah DN
I IBM-KN=your_principal@YOUR_REALM_NAMEC DN ¼is ID
ss¿Cz]iHuKerberos ¡≈∩Mv\αAN DN svP
²ñC
pApG²ñ@ Reginald Bender G
dn: cn=Reginald Bender, ou=internal users, o=ibm.com, c=USobjectclass: top
objectclass: personobjectclass: organizationalpersoncn: Reginald Bendersn: Benderaclentry: access-id:CN=THIS:critical:rwscaclentry: group:CN=ANYBODY:normal:rscuserpassword: cL1eNt
svi²H DN ″cn=Reginald Bender, ou=internal users, o=ibm.com, c=US″s⌠≤H°KXѽnΩA²ΣLHhúµC
pG R e g i n a l d B e n d e r K e r b e r o s s°AAΣ D N hI
[email protected]_1CpG°AWS¡≈∩M\αANúe\Σ
°¡KXC
pG¡≈∩MAunw∩¿pUAhΣi°KXG
dn: cn=Reginald Bender, ou=internal users, o=ibm.com, c=US...objectclass: ibm-securityidentitiesaltsecurityidentities: Kerberos:[email protected]_1
ϕ Reginald Bender s²°AA°A²jMπ²AHP²O
KDC]≈!tñbßn²CYúOA°AjM²AαΣ⌠≤t
altsecurityidentities BΣM Kerberos DΘPΓCbñA
DΘ rbenderAΓO SW.REALM_1C Kerberos ¡≈∩Mw]CpG
π @HWAhsóC∩M"O@∩@CpG∩M¿\A
Reginald Bender N ″cn=Reginald Bender, ou=internal users, o=ibm.com, c=US″ svA]A⌠≤t¿ssC
IBM Tivoli Directory Server i]t Kerberos bßΩT (krbRealmName-V2 =
<realm_name> M krbPrincipalName = <princ_name>@<realm_name>)AH KDC
xswC
pG°A Kerberos ¡≈∩M\αAh²jM²AHΣXΣ½≤O
krbRealm-V2 M krbRealmName-V2 =<realm_name> AOG
94 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
dn: krbRealmName-V2=SW.REALM_1, o=ibm.com, c=USobjectclass: krbRealm-V2krbReamlName-V2: SW.REALM_1
pGΣú⌠≤A°AWzw] Kerberos ¡≈∩MCpGΣW
L@AhsóC
úLApG²ñtUC@G
dn: krbRealmName-V2=SW.REALM_1, ou=Group, o=ibm.com, c=USobjectclass: krbRealm-V2krbRealmName-V2: SW.REALM_1krbPrincSubtree: ou=internal users,o=ibm.com, c=USkrbPrincSubtree: ou=external users,o=ibm.com, c=US
°AjMC@H krbPrincSubtree CXl≡AHMΣt krbPrincipalName
C
bñAF² Reginald Bender ¡≈∩Mα@Az"b ″cn=Reginal
Bender, ou=internal users, o=ibm.com, c=US″ ñ[JUCΓG
objectclass: extensibleObjectkrbPrincipalName: [email protected]_1
°²O KDC bßn² wAG
dn: cn=Reginald Bender, ou=internal users, o=ibm.com, c=US...objectclass: ibm-securityidentitiesaltsecurityidentities: Kerberos:[email protected]_1...
AY KDC bßn²hG
dn: cn=Reginald Bender, ou=internal users, o=ibm.com, c=US ...objectclass: extensibleObjectkrbPrincipalName: [email protected]_1
úWzípAßú∩M ″cn=Reginald Bender, ou=internal users,
o=ibm.com, c=US″C
pG]SΣ ∩M DNAh∩MóA²s,Γ¿\CúLApGO∩M
@HW DNAhsóC
¡≈∩Mi² ACL ft Kerberos OCπ@∩M¡≈º Kerberos
ßAπΓIMúP¡≈A bPsv⌠oΓ¡≈C
¡≈∩MAIX@NCsíjMvTαAB¡≈∩M⌡
µΣL]wAHsWAϕn∩MñC
bñApGw]¡≈∩MAhz]Kerberos LDAP"Tw KDC
ñΩM LDAP °AñΩPBCpGΩúPBAh] ACL ⌠úTA
#GiαOC
: ½≤O]p K r b P r i n c i p a lP]p K r b P r i n c S u b t r e eBKRbAliasedObjectName P KrbHintAliasesHN IBM Directory wq¿
Kerberos KDCCΩT\ Kerberos íσ≤C
10 O@² 95
oετ
pGb SSL ]wñz∩n°APßOΦíAziαN°Atm¿
dOwoεLC
ϕßegOnD°AA°A¬Ae@hdt
woεMµ LDAP °ACpGbMµñΣúßAhe\ßP°
Ag% SSL qTCpGΣAhúe\qTC
pGntm SSL oετAUC@ΦkG
Web zG
b°AzUAiuWeb zuπv²ñzweA∩o
εC
1. ΘJtwoε°AWC°AO%zPñ (CA) ⁿ
wAp V e r i S i g nCD≈Wµí h o s t N a m e . d o m a i n N a m eAp
myserver.ibm.comC
2. ΘJM°AqT≡Ap 389C
3. ΘJsτ°A DNAp cn=rootCpGτ°Ae\WjM
oεMµ (CRL)Ah∩C
4. ΘJs DN ÷pKXCpGzⁿw DNAh"ΘJC
5. ½sΘJsKXAHTS,rC
6. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
: LúXbMµñA]¡tΘC
ⁿOµG
pGnⁿOµtm SSL oετAoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> ]tG
dn: cn=CRL,cn=SSL,cn=Configurationchangetype: modify
replace: ibm-slapdCrlHostibm-slapdCrlHost: <newhostname>-replace: ibm-slapdCrlPasswordibm-slapdCrlPassword: <password>-replace: ibm-slapdCrlPortibm-slapdCrlPort: <portnumber>-replace: ibm-slapdCrlUseribm-slapdCrlUser: <username>
z"½s°AMzníA≤+αC
96 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
tm DIGEST-MD5 ≈ε
DIGEST-MD5 O@ SASL O≈εCϕß Digest-MD5 AKXúH
σµíΘA BqT≤wε½e≡C
pGntm DIGEST-MD5 ≈εAUCΣñ@ΦkC
Web zG
b°AzUAiuWeb zuπv²ñzweA∩
DIGEST-MD5 C
: uϕz°AΣ DIGEST-MD5 Ao+πC
1. b°AΓºUAziHw²∩w]]wAoO°AπD≈W
AziH÷@UΓΘJntm°A¿ΓWC
: pG]wtmñ ibm-slapdDigestRealm A°A ú
Γw]CbípUAuΓv÷sQw²∩AΓπ
bµñC
ΓWO%ßMwn@WMKXC
ϕ g@AzQn²°AtmPΓC
2. bWºUAziHw²∩w]]w (uid)AziH÷@
UΘJzn°Ab DIGEST-MD5 SASL sí@O
WC
: pG]wtmñ ibm-slapdDigestAttr A°A ú
uWvw]CbípUAuv÷sQw²∩A
πbµñC
3. pGzOH²z¡≈nJAbzWºUAΘJz
WCzs¿úαsΦoµCpGⁿw≤ DIGEST-MD5 SASL s
WXrΩANOzC
: zW!jpgC
4. ϕz¿A÷@UMAxsz≤²ú⌠F÷@UTwAMz
≤⌠F÷@U°A⌠eA ú⌠≤≤C
ⁿOµG
Yn cn=Digest,cn=configuration AΘJⁿOG
ldapadd -D <adminDN> -w <adminpw> -i <filename>
Σñ <filename> ]tG
dn: cn=Digest,cn=configurationcn: Digestibm-slapdDigestRealm: <realm name>ibm-slapdDigestAttr: <uuid>ibm-slapdDigestAdminUser: <Adminuser>objectclass: topobjectclass: ibm-slapdConfigEntryobjectclass: ibm-slapdDigest
Yn≤ DIGEST-MD5 ]wAoXUCⁿOG
10 O@² 97
ldapmodify -D <adminDN> -w <adminpw> -i <filename>
Σñ <filename> ]tG
dn: cn=Digest,cn=configurationchangetype: modify
replace: ibm-slapdDigestRealmibm-slapdDigestRealm: <newrealmname>-replace: ibm-slapdDigestAttribm-slapdDigestAttr: <newattribute>-replace: ibm-slapdDigestAdminUseribm-slapdDigestAdminUser: <newAdminuser>
98 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
11 z IBM Directory ⌡
⌡@WhAHΣtΩp≤xsb²ñC⌡wqe\¼BΣ
cHykC
: °AH⌡ΩT]p½≤OíPykíσCoΩTC
ΩOH²Φíxsb²ñCO%@"n½≤OHΣ
¿Ci"n∩C½≤OHⁿXíºΩTAwqΣ
t@CC@@h÷pC÷ΣLΩTA\
189 14 , y²zC
IBM Directory 5.2 ⌡Ow²wqnAúLApGzΣLDAz,MiH
∩⌡C
IBM Tivoli Directory Server 5.2 tA⌡ΣC⌡OH²ΩT@GAB
ibl⌡ (Subschema) (DN=″cn=schema″) ñΣCziH ldap_search() API
d⌡AH ldap_modify() ∩C÷o API ΩTA\ IBM
Directory Client SDK Programming ReferenceC
⌡ttmΩTA± LDAP 3 Request For Comments (RFC) Wµ
ohCpANYw ÑAziH»z"@CbAϕípUA
BtmΩT@≤l⌡ñCtAl⌡ IBMsubschema hwqF
@½≤OAΣtH±mXR⌡ΩT ″MAY″ C
IBM Tivoli Directory Server nDw∩RWwqwq⌡A"xsbSϕ
² ″cn=schema″ ñCtw∩°Awq⌡CpGn⌡ΩTAziHΘJUCAH⌡µ ldap_searchG
DN: "cn=schema", search scope: base, filter: objectclass=subschemaor objectclass=*
⌡úUC¼G
v objectClasses]\ 101yBz½≤OzC
v attributeTypes]\ 107yBzzC
v IBMAttributeTypes]\ 112yIBMAttributeTypes ¼zC
v ±∩Wh]\ 113y±∩WhzC
v ldap yk]\ 115yykzC
o⌡wqykOH LDAP 3 RFC C
d⌡itG
objectclasses=( 1.3.6.1.4.1.1466.101.120.111NAME ’extensibleObject’SUP top AUXILIARY )
objectclasses=( 2.5.20.1NAME ’subschema’AUXILIARY MAY
© Copyright IBM Corp. 2003 99
( dITStructureRules$ nameForms$ ditContentRules$ objectClasses$ attributeTypes$ matchingRules$ matchingRuleUse ) )
objectclasses=( 2.5.6.1NAME ’alias’SUP top STRUCTURALMUST aliasedObjectName )
attributeTypes ( 2.5.18.10 NAME ’subschemaSubentry’ EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATIONSINGLE-VALUE USAGE directoryOperation )
( 2.5.21.5 NAME ’attributeTypes’EQUALITY objectIdentifierFirstComponentMatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )
( 2.5.21.6 NAME ’objectClasses’EQUALITY objectIdentifierFirstComponentMatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation )
ldapSyntaxes ( 1.3.6.1.4.1.1466.115.121.1.5 DESC ’Binary’ )( 1.3.6.1.4.1.1466.115.121.1.7 DESC ’Boolean’ )( 1.3.6.1.4.1.1466.115.121.1.12 DESC ’DN’ )( 1.3.6.1.4.1.1466.115.121.1.15 DESC ’Directory String’ )( 1.3.6.1.4.1.1466.115.121.1.24 DESC ’Generalized Time’ )( 1.3.6.1.4.1.1466.115.121.1.26 DESC ’IA5 String’ )( 1.3.6.1.4.1.1466.115.121.1.27 DESC ’INTEGER’ )( 1.3.6.1.4.1.1466.115.121.1.50 DESC ’Telephone Number’ )( 1.3.6.1.4.1.1466.115.121.1.53 DESC ’UTC Time’ )
matchingRules ( 2.5.13.2 NAME ’caseIgnoreMatch’
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )( 2.5.13.0 NAME ’objectIdentifierMatch’
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )( 2.5.13.30 NAME ’objectIdentifierFirstComponentMatch’
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )( 2.5.13.4 NAME ’caseIgnoreSubstringsMatch’
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
pPWzdAbµ@úñAzú"úYw¼C
⌡ΩTizL ldap_modify API ∩CΣLΩT\ Client SDK Programming
ReferenceC% DN ″cn=schema″AziHsWBRúm½¼½≤OCpGnRú⌡ΩΘAúAWA oid (oid)Cz]iHúπíCziHs
W≤½¿ LDAP 3 wq IBM XRwqoΓwq⌡C
@q⌡Σ
IBM Directory iΣpUwq²⌡G
v Internet Engineering Task Force]IETF LDAP 3 RFCAp RFC 2252 M
2256C
v Directory Enabled Network (DEN)
100 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v Desktop Management Task Force (DMTF) Common Information Model (CIM)
v Network Application Consortium Lightweight Internet Person Schema (LIPS)
LDAP N LDAP 3 wq⌡]tbw]⌡tmñCAτ]t
DEN ⌡wqC
IBM τú@XR@q⌡wqAiΣL IBM úbB LDAP ²@#C
o]AG
v White Page í½≤AOGepersonBsBΩaBBµPB
baB/Ñ
v ΣLlt½≤AOGbßBAPsIBvBOBwhÑ
½≤OX (OID)½≤OX (OID) O@QirΩAH@OY½≤C@δ ÑAo½≤
@½≤OCoXiq IANA]⌠⌠⌠ⁿúX≈coCIANA ⌠
⌠O http://www.iana.org/iana/C
pGzS OIDAziHⁿw@½≤OWAßA[W -oidCpApGz tempID AziHN OID ⁿw tempID-oidC
Bz½≤O
½≤OHⁿw@í½≤CíApGz½≤O
tempEmployeeAhOñitYu÷pAO idNumberBdateOfHire assignmentLengthCziHw∩zDAsW)q½≤OCIBM Tivoli Directory Server ⌡úY≥¼½≤OA]AG
v s
v m
v
v H
: IBM Tivoli Directory Server S½≤Oú ’ibm-’ @rC
wq½≤O
½≤OO%¼SBHwq ¿C
½≤O¼
½≤OiUCT¼º@G
cG C@"⌡≤úαWL@c½≤OUAΣñwqF
≥ªeC½≤OqNϕ@uΩ@½≤C%≤⌡
bc½≤OUA]iíOú½≤O¼C
ΓHG ¼HΣL]c½≤OWOdCΣwq@i
Yc½≤O@Co½≤OpGOwq¿ΓHOl
OAhΣwqCzú"w∩C@lh½≤OA!Owq
C
11 z IBM Directory ⌡ 101
UG ¼ⁿXΣLAoiM⌡≤Swc½≤OUY
÷pC÷M@uα⌡≤@c½≤OA²i⌡≤h
U½≤OC
½≤O IBM Tivoli Directory Server ib½≤OPwqWΣ½≤Cs½≤
Oi)O]hH[g≤wq ¿C
C@t@µ@c½≤OC½≤OΓH½≤O
topCª]iHΣL½≤OC½≤OcMwSw"nPe\MµC½≤OAM≤½≤Owq wC½≤Ouα
bΣe½≤OCpAb LDIF ñAperson ½≤Ociwq
G
objectClass: topobjectClass: person
objectClass: organizationalPerson
bcñAorganizationalPerson person P top ½≤OA person ½≤
Ou top ½≤OC]AϕzN organizationalPerson ½≤OⁿwY
A)Wѽ≤O]bñAⁿO person ½≤O"n
Pe\C
t ⌡OÑhd⌡≤s@AO@PAMßAiµBzPT
wC
C@½≤Ot@"nP∩C"nOⁿ"Xb½
≤OºñC∩OⁿiXb½≤OºñC
°½≤O
ziH Web zuπBNΦkⁿOµA°⌡ñ½≤OC
Web zGi²ñ⌡zA÷@Uz½≤OC
π@¬eA²z°⌡ñ½≤OHΣSC½≤O÷r
)πCziH÷@UuW@vuU@veßCo÷sµ
ⁿXzbC
z]iHµU\αϕA⌡SwCñC@½≤
OWXAH≤UzΣn°½≤OCpApGzQMΣ person ½≤OAziHiU\αϕAU 14/16 nsLiServer P 15/16
printerLPRC%≤÷r) person ≤ nsLiServer P printerLPR íAzi∩
14 A÷@UC
z]iH ¼π½≤OCqπ½≤OU\αϕñA∩¼A
Mß÷@U C½≤O Σ¼]ΓHBUcA÷r)
CPaAziHNMµ#LAΦkO∩ ¡AMß÷@U C
bΣXzn½≤OßAziH°Σ¼BB"nP∩Ci
B"nP∩U\αϕAHdC@SπMµC
102 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ziHqkuπC∩n⌡µ½≤O@ApG
v sW
v sΦ
v s
v Rú
ϕz¿A÷@U÷¼≡# IBM Tivoli Directory Server w∩eC
ⁿOµGpGn°⌡ñt½≤OAoXUCⁿOG
ldapsearch -b cn=schema -s base objectclass=* objectclasses
sW½≤O
Web zGpGzpAi²ñ⌡zA÷@Uz½≤OCpGn
s½≤OG
1. ÷@UsWC
: z]iHi²ñ⌡zAMß÷@UsW½≤OAsoe
C
2. b@δeñG
v ΘJ½≤OWC"nµAHyz½≤O\αCpA
tempEmployee ϕlu½≤OC
v ΘJ½≤OíFpA≤u½≤OC
v ΘJ½≤O OIDC"nµC\ 101y½≤OX (OID)zC
pGzS OIDAi½≤OWßA[W -oidCpApG½≤OW tempEmployeeAh OID Y tempEmployee-oidCziH≤@µC
v q\αϕñ∩@hWѽ≤OCo∩MwΣLn)
]½≤OC@δ ÑAWѽ≤O topA²]iHOt@½≤OAtXΣL½≤OCpAtempEmployee Wѽ≤OiαO top M ePersonC
v ∩½≤O¼C÷½≤O¼ΣLΩTA\ 101y½≤
O¼zC
v ÷@UAHⁿw½≤O"nP∩A° F
÷@UTwAsWs½≤OF÷@U°A#z½≤O ú⌠≤
≤C
3. bñG
v q÷r)CiMµñ∩@AMß÷@UsWn
A²¿"nA÷@UsW∩AH¿½≤O∩
CXb∩AϕMµñC
v w∩zQ∩A½BzC
v ziHbMµíANq∩MµñRúAΦkO∩zn
A÷@UAϕú÷sC
11 z IBM Directory ⌡ 103
v ziH° "nP∩MµC O zb@δ
ñ∩Wѽ≤O CzLk≤ CúLApGz≤
∩F@δñWѽ≤OAhπt@ C
4. ÷@UTwAsWs½≤OF÷@U°A#z½≤O ú⌠≤
≤C
: pGzb@δñ÷@UTwA SsW⌠≤AziH%sΦs½
≤OsWC
ⁿOµGpGnⁿOµsW½≤OAoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> tG
dn: cn=Schemachangetype: modify
add: objectclassesobjectclasses: ( <myobjectClass-oid> NAME ’<myObjectClass>’ DESC ’<An object class
I defined for my LDAP application>’ SUP ’<objectclassinheritance>’<objectclasstype> MUST (<attribute1> $ <attribute2>)
MAY (<attribute1> $ <attribute2>) )
sΦ½≤O
b⌡≤WADiH⌠N C÷≤W¡εA\ 118yúe
\⌡≤zC
Web zGpGzpAi²ñ⌡zA÷@Uz½≤OCpGns
Φ½≤OG
1. ÷@UzQsΦº½≤OΩsC
2. ÷@UsΦC
3. ∩@G
v b@δñziHG
– ∩íC
– ≤Wѽ≤OCq\αϕñ∩@hWѽ≤OCoMwΣ
Ln)]½≤OC@δ ÑAWѽ≤O topA²]iHOt@½≤OAtXΣL½≤OCpA
tempEmployee Wѽ≤OiαO top M ePersonC
– ≤½≤O¼C∩@½≤O¼C÷½≤O¼ΣLΩ
TA\ 101y½≤O¼zC
– ÷@UuvAH≤½≤O"nP∩A°
F÷@UTwAMz≤F÷@U°A#z½≤O
ú⌠≤≤C
v bñziHG
q÷r)CiMµñ∩@AMß÷@UsWn
A²¿"nA÷@UsW∩AH¿½≤O∩
CXb∩AϕMµñC
w∩zQ∩A½BzC
104 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ziHbMµíANq∩MµñRúAΦkO∩Xzn
A÷@UAϕRú÷sC
ziH° "nP∩MµC O zb@δ
ñ∩Wѽ≤O CzLk≤ CúLApGz≤
∩F@δñWѽ≤OAhπt@ C
4. ÷@UTwAHM≤F÷@U°A#z½≤O ú⌠≤≤C
ⁿOµGpGn°⌡ñt½≤OAoXUCⁿOG
ldapsearch -b cn=schema -s base objectclass=* objectclasses
pGnⁿOµsΦ½≤OAoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> tG
dn: cn=schemachangetype: modify
replace: objectclassesobjectclasses: ( <myobjectClass-oid> NAME ’<myObjectClass>’ DESC ’<An object class
I defined for my LDAP application>’ SUP ’<newsuperiorclassobject>’<newobjectclasstype> MUST (<attribute1> $ <attribute2>)MAY (<attribute1> $ <attribute2>) )
s½≤O
Web zGpGzpAi²ñ⌡zA÷@Uz½≤OCpGn
s½≤OG
1. ÷@UzQsº½≤OΩsC
2. ÷@UsC
3. ∩@G
v b@δñziHG
– ΘJs½≤OWCpAziHN t e m p P e r s o n s¿
tempPersonCOPYC
– ∩íC
– ΘJs OIDCpGSs OID i≤zs½≤OAziH
OIDAA[ COPY orCpAziH <tempPerson-oid> Nªs¿ <tempPerson-oid>COPYC
– ≤Wѽ≤OCq\αϕñ∩@hWѽ≤OCoMwΣ
Ln)]½≤OC@δ ÑAWѽ≤O topA²]iHOt@½≤OAtXΣL½≤OCpA
tempEmployeeCOPY Wѽ≤OiαO top M ePersonC
– ≤½≤O¼C∩@½≤O¼C÷½≤O¼ΣLΩ
TA\ 101y½≤O¼zC
– ÷@U≤½≤O"n∩A°A
÷@UTwMz≤A÷@U°≡#z½≤OA úiµ
⌠≤≤C
v bñziHG
11 z IBM Directory ⌡ 105
q÷r)CiMµñ∩@AMß÷@UsWn
A²¿"nA÷@UsW∩AH¿½≤O∩
CXb∩AϕMµñC
w∩zQ∩A½BzC
ziHbMµíANq∩MµñRúAΦkO∩Xzn
A÷@UAϕRú÷sC
ziH° "nP∩MµC O zb@δ
ñ∩Wѽ≤O CzLk≤ CúLApGz≤
∩F@δñWѽ≤OAhπt@ C
4. ÷@UTwAHM≤F÷@U°A#z½≤O ú⌠≤≤C
ⁿOµGpGn°⌡ñt½≤OAoXUCⁿOG
ldapsearch -b cn=schema -s base objectclass=* objectclasses
∩ns½≤OCziHsΦ≤÷ΩTABN≤xs
<filename>CoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> tG
dn: cn=schemachangetype: modify
replace: objectclassesobjectclasses: ( <mynewobjectClass-oid> NAME ’<mynewObjectClass>’
DESC ’<A new object class I copied for my LDAP application>’SUP ’<superiorclassobject>’<objectclasstype>MUST (<attribute1> $ <attribute2>)MAY (>attribute1> $ <attribute2> $ <attribute3>) )
Rú½≤O
b⌡≤WADiH⌠N C÷≤W¡εA\ 118yúe
\⌡≤zC
Web zGpGzpAi²ñ⌡zA÷@Uz½≤OCpGnR
ú½≤OG
1. ÷@UzQRúº½≤OΩsC
2. ÷@URúC
3. úzTOnRú½≤OC÷@UTwAhRú½≤OF÷@U
°Ah#z½≤O ú⌠≤≤C
ⁿOµGpGn°⌡ñt½≤OAoXUCⁿOG
ldapsearch -b cn=schema -s base objectclass=* objectclasses
∩znRú½≤OCoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> tG
106 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
dn: cn=schemachangetype: modify
delete: objectclassesobjectclasses: ( <myobjectClass-oid> NAME ’<myObjectClass>’
DESC ’<An object class I defined for my LDAP application>’SUP ’<objectclassinheritance>’ <objectclasstype >MUST (<attribute1> $ <attribute2>) >MAY (<attribute1> $ <attribute2>) )
Bz
C@²bΣ½≤OñU@÷pC½≤OOít
ΩT¼A ΩΩhOtbñCOH@huW-vt∩ϕ
AtSwΩAOGWBqXCIBM Tivoli Directory Server
HuW-vt∩Bí]p commonName (cn)HSwΩT]
p John DoeeΩC
íAJohn Doe it@uW-vt∩C
dn: uid=jdoe, ou=people, ou=mycompany, c=us,objectClass: top
objectClass: personobjectClass: organizationalPerson
cn: John Doesn: Doe
givenName: JackgivenName: John
÷M⌡ñwwq@Az,i zDABsΦBs
RúC
°
ziH Web zuπBNΦkⁿOµA°⌡ñC
Web zGi²ñ⌡zA÷@UzCπ@¬eA²z°
⌡ñHΣSCO÷r)πCziH÷@UuW@vuU
@veßCo÷sµⁿXzbCz]iHµ
U\αϕA⌡SwCñC@½≤OWXAH≤U
zΣn°½≤OCpApGzQMΣ authenticationUserID AziiU\αϕAU 3 /62 app lSys temHin t P 4 /62
authorityRevocatonListC%≤÷r) authenticationUserID ≤ applSystemHint
P authorityRevocatonList íAzi∩ 3 A÷@UC
z]iHπ ykC∩ykA÷@U CbΣykñN÷
r)C÷yk¼MµA\ 115yykzCPaAzi
HNMµ#LAΦkO∩ ¡AMß÷@U C
bΣXznßAziH°Σyk]úΣOh¼H]t
½≤OCi½≤OU\αϕAHd½≤OC
ϕz¿A÷@U÷¼≡# IBM Tivoli Directory Server w∩eC
11 z IBM Directory ⌡ 107
ⁿOµGpGn°⌡ñtAoXUCⁿOG
ldapsearch -b cn=schema -s base objectclass=* attributeTypes IBMAttributeTypes
sW
ziHUC@ΦkAsCnΦkO Web zuπC
Web zGpGzpAi²ñ⌡zA÷@UzCpGns
G
1. ÷@UsWC
: z]iHi²ñ⌡zAMß÷@UsWAsoe
C
2. ΘJWApAtempIdC"nµABΣY"Oσr)C
3. ΘJíApAúu ID XC
4. ΘJ OIDC"nµC\ 101y½≤OX (OID)zCpG
zS OIDAiWß[W -oidCpApGW tempIDAhw] OID tempID-oidCziH≤@µC
5. ∩UMµñWÑCWÑOMwneC
6. ∩UMµñykC÷ykΣLΩTA\ 115 yy
kzC
7. ΘJ°AHⁿw°W¡C°OHϕC
8. ∩e\h∩A²ihC÷hΣLΩTA\Wⁿ
C
9. !OquÑvBuvPulrΩv±∩WhU\αϕñAU∩@
±∩WhC÷π±∩WhMµA\ 113y±∩WhzC
10. ÷@U IBM XROⁿwΣLXROA÷@UTwsWA
÷@U°≡#zA ú⌠≤≤C
11. b IBM XROñG
v ∩ DB2 ϕµWCpGµdAh°Aú DB2 ϕµWCpG
zΘJ@ DB2 ϕµWAz]"ΘJ@ DB2 µWC
v ∩ DB2 µWCpGµdAh°Aú DB2 µWCpG
zΘJ@ DB2 µWAz]"ΘJ@ DB2 ϕµWC
v qUMµñ∩@δBPYAH]wwOCpwO
÷ΩTA\ 209 uwOv@C
v ∩@hWhAH]wWhC÷WhΣLΩTA\
114yWhzC
: zbjMLo°≤ñ⌠≤WA.ⁿwuÑ≤vΦíC
12. ÷@UTwAsWsF÷@U°A#z ú⌠≤≤C
: pGzbu@δvñ÷UuTwvA sW⌠≤XROAYnsWXROAhi%sΦsF¿C
108 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ⁿOµGUCd ″myAttribute″ osW@¼wqAu²rΩvyk]\ 115 yykzMuñjpgÑv±∩Wh]\
113 y±∩WhzCbwqñAIBM Sí≈ⁿXΩOxsb
″myAttrTable″ ϕµ ″myAttrColumn″ µñCpGⁿwoWAhNµPϕµWw] ″myAttribute″CⁿwsO ″normal″AΣ°W¡ 200
C
ldapmodify -D <admindn> -w <adminpw> -i myschema.ldif
Σñ myschema.ldif tG
dn: cn=schemachangetype: modify
add: attributetypesattributetypes: ( myAttribute-oid NAME ( ’myAttribute’ )
DESC ’An attribute I defined for my LDAP application’EQUALITY 2.5.13.2 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
USAGE userApplications )-add: ibmattributetypesibmattributetypes: ( myAttribute-oid DBNAME ( ’myAttrTable’ ’myAttrColumn’ )
ACCESS-CLASS normal LENGTH 200 )
÷ⁿOΩTA\ 265yldapmodifyBldapaddzC
sΦ
b⌡≤WADiH⌠N C÷≤W¡εA\ 118yúe
\⌡≤zC
bzsWeAi²≤wqñ⌠≤@í≈CziHUC@
ΦkAsΦCnΦkO Web zuπC
Web zGpGzpAi²ñ⌡zA÷@UzCpGnsΦ
G
1. ÷@UzQsΦºΩsC
2. ÷@UsΦC
3. ∩@G
v b@δñziHG
– ∩UC@G
- b@δñziHG
v ∩í
v ≤yk
v ]w°
v ≤h]w
v ∩@±∩Wh
v ≤WÑ
- ÷@U IBM XROsΦXROA÷@UTwMz
≤A÷@U°≡#zA ú⌠≤≤C
11 z IBM Directory ⌡ 109
- IBM XRO]pGzws IBM Tivoli Directory ServerA
v ≤wOC
: zLk≤πtⁿ¡w!wOC
v ≤WhC
– ÷@UTwAMz≤F÷@U°A#z ú⌠≤
≤C
4. ÷@UTwAMz≤F÷@U°A#z ú⌠≤≤C
ⁿOµGObñsWA²ΣjMt[Cb ldapmodify ⁿOP LDIF
≤wqG
ldapmodify -D <admindn> -w <adminpw> -i myschemachange.ldif
Σñ myschemachange.ldif tG
dn: cn=schemachangetype: modify
replace: attributetypesattributetypes: ( myAttribute-oid NAME ( ’myAttribute’ ) DESC ’An attribute
I defined for my LDAP application’ EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )
-replace: ibmattributetypesibmattributetypes: ( myAttribute-oid DBNAME ( ’myAttrTable’ ’myAttrColumn’ )
ACCESS-CLASS normal LENGTH 200 EQUALITY SUBSTR )
: b≤½@ñ"]twqñoΓí≈] a t t r i b u t e t y p e s P
ibmattributetypesAYzu≤ ibmattributetypes qC@≤Obwq[J ″EQUALITY SUBSTR″AHnDuÑvPulrΩv±∩C
÷ⁿOΩTA\ 265yldapmodifyBldapaddzC
s
ziHUC@ΦkAsCnΦkO Web zuπC
Web zGpGzpAi²ñ⌡zA÷@UzCpGns
G
1. ÷@UzQsºΩsC
2. ÷@UsC
3. ∩WCw]WsºWAßA[W COPY rCpA
tempID s¿ tempIDCOPYC
4. ∩íFpAtu ID XC
5. ∩ OIDCw] OID Ozsº OID ßA[W COPYOIDCp
tempID-oid s¿ tempID-oidCOPYOIDC
6. ∩UMµñWÑCWÑOMwneC
7. ∩UMµñykC÷ykΣLΩTA\ 115 yy
kzC
8. ΘJ°AHⁿw°W¡C°OHϕC
110 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
9. ∩e\h∩A²ihC÷hΣLΩTA\Wⁿ
C
10. !OquÑvBuvPulrΩv±∩WhU\αϕñAU∩@
±∩WhC÷π±∩WhMµA\ 113y±∩WhzC
11. ÷@U IBM XRO∩ΣLXROF÷@UTwMz
≤F÷@U°≡#zA ú⌠≤≤C
12. b IBM XROñG
v ∩ DB2 ϕµWCpGµdAh°Aú DB2 ϕµWCpG
zΘJ@ DB2 ϕµWAz]"ΘJ@ DB2 µWC
v ∩ DB2 µWCpGµdAh°Aú DB2 µWCpG
zΘJ@ DB2 µWAz]"ΘJ@ DB2 ϕµWC
v qUMµñ∩@δBPYAH∩wOC
: zLk≤πtⁿ¡w!wOC
v ∩@hWhAH∩WhC÷WhΣLΩTA\
114yWhzC
: zbjMLo°≤ñ⌠≤ΦA.ⁿwuÑ≤vΦíC
13. ÷@UTwAMz≤F÷@U°A#z ú⌠≤≤C
: pGzb@δñ÷@UTwA SsW⌠≤XROAziH%sΦs
sW∩XROC
ⁿOµGpGn°⌡ñtAoXUCⁿOG
ldapsearch -b cn=schema -s base objectclass=* attributeTypes IBMAttributeTypes
∩znsCziHsΦ≤÷ΩTABN≤xs
<filename>CMßoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> tG
dn: cn=schemachangetype: modify
add: attributetypesattributetypes: ( <mynewAttribute-oid> NAME ’<mynewAttribute>’ DESC ’<A new
attribute I copied for my LDAP application> EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )
-add: ibmattributetypesibmattributetypes: ( myAttribute-oid DBNAME ( ’myAttrTable’ ’myAttrColumn’ )
ACCESS-CLASS normal LENGTH 200 )
Rú
b⌡≤WADiH⌠N C÷≤W¡εA\ 118yúe
\⌡≤zC
ziHUC@ΦkARúCnΦkO Web zuπC
11 z IBM Directory ⌡ 111
Web zGpGzpAi²ñ⌡zA÷@UzCpGnRú
G
1. ÷@UzQRúºΩsC
2. ÷@URúC
3. úzTOnRúC÷@UTwAhRúF÷@U°A#
z ú⌠≤≤C
ⁿOµG
ldapmodify -D <admindn> -w <adminpw> -i myschemadelete.ldifΣñ myschemadelete.ldif tG
dn: cn=schemachangetype: modify
delete: attributetypesattributetypes: ( myAttribute-oid NAME ( ’myAttribute’ ) DESC ’An attribute
I defined for my LDAP application’ EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )
-delete: ibmattributetypesibmattributetypes: ( myAttribute-oid DBNAME ( ’myAttrTable’ ’myAttrColumn’ )
ACCESS-CLASS normal LENGTH 200 EQUALITY SUBSTR )÷ⁿOΩTA\ 265yldapmodifyBldapaddzC
IBMAttributeTypes ¼
IBMAttributeTypes iwq LDAP 3 ñ[\⌡ΩTC
IBMAttributeTypes "ϕUCσkG
IBMAttributeTypesDescription = "(" whspnumericoid whsp
[ "DBNAME" qdescrs ] ; at most 2 names (table, column)[ "ACCESS-CLASS" whsp IBMAccessClass whsp ][ "LENGTH" wlen whsp ] ; maximum length of attribute[ "EQUALITY" [ IBMwlen ] whsp ] ; create index for matching rule[ "ORDERING" [ IBMwlen ] whsp ] ; create index for matching rule[ "APPROX" [ IBMwlen ] whsp ] ; create index for matching rule[ "SUBSTR" [ IBMwlen ] whsp ] ; create index for matching rule[ "REVERSE" [ IBMwlen ] whsp ] ; reverse index for substringwhsp ")"
IBMAccessClass ="NORMAL" / ; this is the default"SENSITIVE" /"CRITICAL" /"RESTRICTED" /"SYSTEM" /
IBMwlen = whsp len
Numericoid attributetypes M IBMAttributeTypes í÷pC
DBNAMEzhiú 2 W]pGu 2 WC@W
ϕµWCGϕµñiµWµWC
pGzuú@WAhPϕµWPµWCpGzú⌠
≤ DBNAMEAh uW]) attributetypesC
112 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ACCESS-CLASSnⁿs\iv÷Osb@C∩Mªb²⌡
ñOCoOOús≥FsYOútiHst@
OC\iv]wOPπΘsO÷CbSϕOW]w
\ivMsOAúDⁿwFOs\i
vC
IBM wqF¡OApΓsvG@δBPBY
BtM¡εCpAcommonName ≤@δOAuserPassword≤YOCwq≤@δsOAúDtⁿwC
ΩTA\ 205yvQzC
pGñ ACCESS-CLASSAhw] normalC
LENGTH°W¡C°OHϕCIBM Directory 5.2 ñú
°ⁿwCb attributetypes ñArΩG
( attr-oid ... SYNTAX syntax-oidlen ... )
ϕ oid attr-oid attributetype π°W¡C
EQUALITYBORDERINGBAPPROXBSUBSTRBREVERSEun⌠≤oAY∩º±∩WhC∩°H
ⁿwµeCb\hykΦAziH@@AΩ@h
±∩WhCIBM Tivoli Directory Server QΦíCϕú°A
ªⁿw@CSLAPD ]iH±nDu°ApGoO
NqCíAϕ°WL°W¡Ahñ
°C
±∩Wh
±∩WhibjM@íúrΩ±hCoWhi!¿UCTG
v Ñ
v
v lrΩ
ϕ 8.
uÑv±∩Wh
±∩Wh OID yk
caseExactIA5Match 1.3.6.1.4.1.1466.109.114.1 u²rΩvyk
caseExactMatch 2.5.13.5 u²rΩvyk
caseIgnoreIA5Match 1.3.6.1.4.1.1466.109.114.2 uIA5 rΩvyk
caseIgnoreMatch 2.5.13.2 u²rΩvyk
distinguishedNameMatch 2.5.13.1 DN - OW
generalizedTimeMatch 2.5.13.27 uqívyk
ibm-entryUuidMatch 1.3.18.0.2.22.2 u²rΩvyk
integerFirstComponentMatch 2.5.13.29 uπvyk - π
integerMatch 2.5.13.14 uπvyk - π
11 z IBM Directory ⌡ 113
ϕ 8. (≥)
uÑv±∩Wh
±∩Wh OID yk
objectIdentifierFirstComponentMatch 2.5.13.30 t OID rΩCOID
@tr]0-9
PpI].rΩ.
objectIdentifierMatch 2.5.13.0 t OID rΩCOID
@tr]0-9
PpI].rΩ
octetStringMatch 2.5.13.17 u²rΩvyk
telephoneNumberMatch 2.5.13.20 uqXvyk
uTCTimeMatch 2.5.13.25 UTC íyk
ϕ 9.
u v±∩Wh
±∩Wh OID yk
caseExactOrderingMatch 2.5.13.6 u²rΩvyk
caseIgnoreOrderingMatch 2.5.13.3 u²rΩvyk
distinguishedNameOrderingMatch 1.3.18.0.2.4.405 DN - OW
generalizedTimeOrderingMatch 2.5.13.28 uqívyk
ϕ 10.
ulrΩv±∩Wh
±∩Wh OID yk
caseExactSubstringsMatch 2.5.13.7 u²rΩvyk
caseIgnoreSubstringsMatch 2.5.13.4 u²rΩvyk
telephoneNumberSubstringsMatch 2.5.13.21 uqXvyk
: UTC í ASN.1 wqírΩµíC\ ISO 8601 P X680Cp
GnH UTC íµíxsíAykC\ 126yqP
UTC ízC
Wh
bñ[WhAiH≤tΩTCpGuúAhúOd⌠≤
CIBM Directory úWhpUG
v Ñ
v
v j
v lrΩ
v fV
114 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
WhWµⁿw@WhAiεñºSϕP@Coijjú&
toºLo°≤jM@#íCMjMLo°≤ñMº@
÷Wh¼UC 5 G
Ñ MUCjM@G
v equalityMatch ’=’
pG
"cn = John Doe"
MUCjM@G
v greaterOrEqual ’>=’
v lessOrEqual ’<=’
pG
"sn >= Doe"
j MUCjM@G
v approxMatch ’~=’
pG
"sn ~= doe"
lrΩ MlrΩykjM@G
v substring ’*’
pG
"sn = McC*""cn = J*Doe"
fV MUCjM@G
v ’*’ substring
pG
"sn = *baugh"
zbjMLo°≤ñ⌠≤WA.ⁿwuÑ≤vΦíC
yk
ziH r) OID πykC∩yk OIDA÷@U CPaA
ziHNMµ#LAΦkO∩ ¡AMß÷@U C
ϕ 11.
yk OID
u¼ívyk 1.3.6.1.4.1.1466.115.121.1.3
Binary - KirΩ 1.3.6.1.4.1.1466.115.121.1.5
Boolean - TRUE/FALSE 1.3.6.1.4.1.1466.115.121.1.7
u²rΩvyk 1.3.6.1.4.1.1466.115.121.1.15
uDIT eWhívyk 1.3.6.1.4.1.1466.115.121.1.16
uDITStructure Whívyk 1.3.6.1.4.1.1466.115.121.1.17
DN - OW 1.3.6.1.4.1.1466.115.121.1.12
11 z IBM Directory ⌡ 115
ϕ 11. (≥)
yk OID
uqívyk 1.3.6.1.4.1.1466.115.121.1.24
uIA5 rΩvyk 1.3.6.1.4.1.1466.115.121.1.26
IBM ¼í 1.3.18.0.2.8.1
uπvyk - π 1.3.6.1.4.1.1466.115.121.1.27
uLDAP ykívyk 1.3.6.1.4.1.1466.115.121.1.54
±∩Whí 1.3.6.1.4.1.1466.115.121.1.30
±∩Whí 1.3.6.1.4.1.1466.115.121.1.31
W桡 1.3.6.1.4.1.1466.115.121.1.35
u½≤Oívyk 1.3.6.1.4.1.1466.115.121.1.37
t OID rΩCOID @tr
]0-9PpI].rΩ. \ 101
y½≤OX (OID)zC
1.3.6.1.4.1.1466.115.121.1.38
uqXvyk 1.3.6.1.4.1.1466.115.121.1.50
UTC íyk UTC í ASN.1 w
qírΩµíC\ ISO 8601 P
X680CpGnH UTC íµíxsí
AykC\ 126yq
P UTC ízC
1.3.6.1.4.1.1466.115.121.1.53
l⌡
C@°Aú@l⌡C²ñ@⌠t
subschemaSubentry ¼CsubschemaSubentry ¼O∩ºl⌡
D NCP@°AU@P@l⌡A Σ
subschemaSubentry ¼PCl⌡πwX DN ’cn=schema’C
l⌡⌡b½≤O ’top’B’subschema’ P ’IBMsubschema’ UC’IBMsubschema’
½≤OS MUST A @ MAY ¼ (’IBMattributeTypes’)C
IBMsubschema ½≤O
pUCAIBMsubschema ½≤Ouαbl⌡ñG
( <objectClass-oid-TBD> NAME ’IBMsubschema’ AUXILIARYMAY IBMattributeTypes )
⌡d
ldap_search() API idl⌡FúUCdG
DN : "cn=schema"search scope : basefilter : objectclass=subschema or objectclass=*
dπ⌡CpGn∩¼Ab ldap_search ñ
attrs CzúαuSw¼YSwC
116 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
÷ ldap_search API ΩTA\ IBM Directory Version 5.2: Client SDK
Programming ReferenceC
A⌡
pGn⌡µA⌡≤A ldap_modify API P DN ″cn=schema″Cz@uαsWBRú≤½@⌡ΩΘ]pG¼½≤OC
pGnRú⌡ΩΘAúAWA oidG
( oid )
z]iHúπíCú≤ípAMΣnRúº⌡ΩΘ±∩Wh
objectIdentifierFirstComponentMatchC
pGnsW≤½⌡ΩΘAz"ú@ LDAP 3 wqABziú IBM
wqCbípUAz"uúzQvTº⌡ΩΘwqC
pApGnRú¼ ’cn’]Σ OID 2.5.4.3A÷pU
ldap_modify()G
LDAPMod attr;LDAPMod *attrs[] = &attr, NULL ;char *vals [] = "( 2.5.4.3 )", NULL ;attr.mod_op = LDAP_MOD_DELETE;attr.mod_type = "attributeTypes";attr.mod_values = vals;ldap_modify_s(ldap_session_handle, "cn=schema", attrs);
pGnsW¼ barABΣ OID 20.20.20ANAME ° 20 rG
char *vals1[] = "( 20.20.20 NAME ’bar’ SUP NAME )", NULL ;char *vals2[] = "( 20.20.20 LENGTH 20 )", NULL ;LDAPMod attr1;LDAPMod attr2;LDAPMod *attrs[] = &attr1, &attr2, NULL ;attr1.mod_op = LDAP_MOD_ADD;attr1.mod_type = "attributeTypes";attr1.mod_values = vals1;attr2.mod_op = LDAP_MOD_ADD;attr2.mod_type = "IBMattributeTypes";attr2.mod_values = vals2;ldap_modify_s(ldap_session_handle, "cn=schema", attrs);
: zLk≤Σ ″system″ ″restricted″ ACCESS-CLASS ¼C
\ 107yBzzAHouWeb zuπvM ldapmodify ⁿOdC
÷ ldap_modify API ΩTA\ IBM Directory Version 5.2: Client SDK
Programming ReferenceC
sε
u gúz DN +α⌡µA⌡≤C
g
ϕ⌡µA⌡≤AhMΣL⌠≤ ldap_modify @ⁿANiµ gC
11 z IBM Directory ⌡ 117
úe\⌡≤
b⌡≤WADiH⌠N C≤W¡ε]AG
v úzp≤≤⌡A⌡"@P¼AC
v pG¼t@¼W¼AhúúoαRúCpG¼Y
½≤O ″MAY″ ″MUST″ ¼AhúúoαRúC
v pG½≤Ot@½≤OWOAhúúoαRúC
v pG¼½≤OOúsbΩΘ]pAyk½≤OAh
úαRúC
v pG¼½≤OOúsbΩΘ]pAyk½≤
OAhúα∩C
úe\∩⌡iµ¼HvT°AB@≤C²°A⌡wqpUC
oí≈úo≤C
½≤O
úi∩UC½≤OwqG
v accessGroup
v accessRole
v alias
v referral
v replicaObject
v top
úi∩UCwqG
@∩²°A ÑSϕNqA@CoO%°A
@A#°Az÷ΩTvT°A@CoSϕΦG
v úDbjMnDñSOnD] WAhjM@ú#C
v oúαRúC
v úO⌠≤½≤O@í≈C°AεπC
IBM Tivoli Directory Server ΣUC@MµG
v aclEntry
v aclPropagate
v aclSource
v aliasedObjectName, aliasedentryName
v createTimestamp
v creatorsName
v entryOwner
v hasSubordinates
v ibm-allGroups
118 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v ibm-allMembers
v ibm-capabilitiessubentry
v ibm-effectiveAcl
v ibm-entryChecksum
v ibm-entryChecksumOp
v ibm-entryUuid
v ibm-filterAclEntry
v ibm-filterAclInherit
v ibm-replicationChangeLDIF
v ibm-replicationIsQuiesced
v ibm-replicationLastActivationTime
v ibm-replicationLastChangeId
v ibm-replicationLastFinishTime
v ibm-replicationLastGlobalChangeId
v ibm-replicationLastResult
v ibm-replicationLastResultAdditional
v ibm-replicationNextTime
v ibm-replicationPendingChangeCount
v ibm-replicationPendingChanges
v ibm-replicationState
v ibm-replicationThisServerIsMaster
v modifiersName
v modifyTimestamp
v ownerPropagate
v ownerSource
v pwdAccountLockedTime
v pwdChangedTime
v pwdExpirationWarned
v pwdFailureTime
v pwdGraceUseTime
v pwdHistory
v pwdReset
v subschemaSubentry
v subtreeSpecification
po÷ΩTA\ 333² G, yIBM Tivoli Directory Server
5.2 "nwqzC
¡εIBMTivoli Directory Server ΣUC¡εMµG
v aclEntry
11 z IBM Directory ⌡ 119
v aclPropagate
v entryOwner
v ibm-filterAclEntry
v ibm-filterAclInherit
v ownerPropagate
Root DSE UCP Root DSE ÷A BúαQ∩G
v altServer
v ibm-effectiveReplicationModel
v ibm-enabledCapabilities
v ibm-serverId
v ibm-supportedCapabilities
v ibm-supportedReplicationModels
v namingContexts
po÷ΩTA\ 333² G, yIBM Tivoli Directory Server
5.2 "nwqzC
⌡wqUCPu⌡vwq÷A BúαQ∩G
v attributeTypes
v ditContentRules
v ditStructureRules
v IBMAttributeTypes
v ldapSyntaxes
v matchingRules
v matchingRuleUse
v nameForms
v objectClasses
v supportedExtension
v supportedLDAPVersion
v supportedSASLMechanisms
po÷ΩTA\ 333² G, yIBM Tivoli Directory Server
5.2 "nwqzC
tmUCOvT°AtmCiH∩ΣA²°ATB@Aúα≤o
wq
v ibm-audit
v ibm-auditAdd
v ibm-auditBind
v ibm-auditDelete
120 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v ibm-auditExtOpEvent
v ibm-auditFailedOpOnly
v ibm-auditLog
v ibm-auditModify
v ibm-auditModifyDN
v ibm-auditSearch
v ibm-auditUnbind
v ibm-slapdAclCache
v ibm-slapdAclCacheSize
v ibm-slapdAdminDN
v ibm-slapdAdminPW
v ibm-slapdAuthIntegration
v ibm-slapdCLIErrors
v ibm-slapdDB2CP
v ibm-slapdDBAlias
v ibm-slapdDbConnections
v ibm-slapdDbInstance
v ibm-slapdDbLocation
v ibm-slapdDbName
v ibm-slapdDbUserID
v ibm-slapdDbUserPW
v ibm-slapdDerefAliases
v ibm-slapdDN
v ibm-slapdsupportedCapabilities
v ibm-slapdEnableEventNotification
v ibm-slapdEntryCacheSize
v ibm-slapdErrorLog
v ibm-slapdFilterCacheBypassLimit
v ibm-slapdFilterCacheSize
v ibm-slapdIdleTimeOut
v ibm-slapdIncludeSchema
v ibm-slapdIpAddress
v ibm-slapdKrbAdminDN
v ibm-slapdKrbEnable
v ibm-slapdKrbIdentityMap
v ibm-slapdKrbKeyTab
v ibm-slapdKrbRealm
v ibm-slapdLdapCrlHost
v ibm-slapdLdapCrlPassword
v ibm-slapdLdapCrlPort
11 z IBM Directory ⌡ 121
v ibm-slapdLdapCrlUser
v ibm-slapdMasterDN
v ibm-slapdMasterPW
v ibm-slapdMasterReferral
v ibm-slapdMaxEventsPerConnection
v ibm-slapdMaxEventsTotal
v ibm-slapdMaxNumOfTransactions
v ibm-slapdMaxOpPerTransaction
v ibm-slapdMaxTimeLimitOfTransactions
v ibm-slapdMigrationInfo
v ibm-slapdPagedResAllowNonAdmin
v ibm-slapdPagedResLmt
v ibm-slapdPageSizeLmt
v ibm-slapdPlugin
v ibm-slapdPort
v ibm-slapdslapdPwEncryption
v ibm-slapdReadOnly
v ibm-slapdReferral
v ibm-slapdSchemaAdditions
v ibm-slapdSchemaCheck
v ibm-slapdSecurePort
v ibm-slapdSecurity
v ibm-slapdSetenv
v ibm-slapdSizeLimit
v ibm-slapdSortKeyLimit
v ibm-slapdSortSrchAllowNonAdmin
v ibm-slapdSslAuth
v ibm-slapdSslCertificate
v ibm-slapdSslCipherSpec
v ibm-slapSslCipherSpecs
v ibm-slapdSslKeyDatabase
v ibm-slapdSslKeyDatabasePW
v ibm-slapdSslKeyRingFile
v ibm-slapdSslKeyRingFilePW
v ibm-slapdSuffix
v ibm-slapdSupportedWebAdmVersion
v ibm-slapdSysLogLevel
v ibm-slapdTimeLimit
v ibm-slapdTraceEnabled
v ibm-slapdTraceMessageLevel
122 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v ibm-slapdTraceMessageLog
v ibm-slapdTransactionEnable
v ibm-slapdUseProcessIdPW
v ibm-slapdVersion
v replicaBindDN
v replicaBindMethod
v replicaCredentials, replicaBindCredentials
v replicaHost
v replicaPort
v replicaUpdateTimeInterval
v replicaUseSSL
po÷ΩTA\ 333² G, yIBM Tivoli Directory Server
5.2 "nwqztmC
ítAíwqúαQ∩G
v businessCategory
v cn, commonName
v changeNumber
v ≤
v changeTime
v changeType
v deleteOldRdn
v description
v dn, distinguishedName
v member
v name
v newSuperior
v o, organizationName, organization
v objectClass
v ou, organizationalUnit, organizationalUnitName
v owner
v ref
v seeAlso
v targetDN
po÷ΩTA\ 333² G, yIBM Tivoli Directory Server
5.2 "nwqzC
yk
ú0\∩⌠≤ykC
11 z IBM Directory ⌡ 123
±∩Wh
ú0\∩⌠≤±∩WhC
⌡d
ϕl]w°AA¬⌡dO@PPTCpGdóAh°A
Lkl]wABoXTºCb⌠≤A⌡≤íAτdú
⌡O@PPTCpGdóAh#AB≤óCd≤σ
k@í≈]pA¼hi@W¼A½≤OiL¡W
OC
b¼ΦAdUCUG
v ΓúP¼íW OID úα@C
v ¼Ñhúα⌠C
v ¼W¼τ"wqA÷MΣwqiαIXObO
ñC
v pG¼t@¼W¼AhΣ USAGE PC
v ¼@yk]wq C
v u@+α NO-USER-MODIFICATIONC
b½≤OΦAdUCUG
v ΓúP½≤OíW OID úα@C
v ½≤OÑhúα⌠C
v ½≤OWOτ"wqA÷MΣwqiαIXObO
ñC
v ½≤O ″MUST″ P ″MAY″ ¼τ"wqA÷MΣwqiαIXObOñC
v C@c½≤O top ílOC
v pGΓH½≤OπWOAhoWOτ"OΓHC
⌡d
ϕzzL LDAP @sW∩A ⌡dC w]A⌡µ
ñCdCúLAziH∩aΣñYdAkOb
ibmslapd.conf εⁿOñú@ ibm-slapdSchemaCheck C÷⌡tmΩ
TA\ IBM Tivoli Directory Server 5.2 wPtmΓUC
FX⌡AdOXUC°≤G
½≤OΦG
v ¼ ″objectClass″ .@C
v U½≤Oú¡]sCoúO@dA OßMíC
S∩iC
v ΓH½≤Oú¡A²ΘOOC]NOíAb
C@ΓH½≤OΦAτ@íΓH½≤
OcU½≤OC
v .@c½≤OC
124 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v "T/@≥≥ªc½≤OC]NOíAú
c½≤OA"OªΣñ@WOC:hl½≤
Ou≥vu≥ªcv½≤OA u
cv½≤OC
v Lk≤Σ≥c½≤O]b ldap_modify ñC
v búC@½≤OΦApΓΣPíWO
FunúoWOñ⌠≤@AY)sWC
º¼ PAM≤pUG
v º MUST ¼ϕ¿Σ½≤Oº MUST ¼p
pΓA]A⌠tº ½≤OCpG MUST ¼
úOtº¼lAhC
v º MAY ¼ϕ¿Σ½≤Oº MAY ¼p
pΓA]A⌠tº ½≤OCpGt¼Aú
Oº MUST P MAY ¼ºplAhC
v pGwq¼ñA¼Q
NO-USER-MODIFICATIONAYC
º¼ PAM≤pUG
v btC@¼ΦApG¼µ¼A]
WL@AhC
v btºC@¼C@ΦApGΣykúX
ykyÑdíAhC
v btºC@¼C@ΦApGΣ°WLⁿw
¼°W¡AhC
DN dΦípUG
v dykOX DistinguishedNames BNFCpGúXAh
C
v τ RDN TΩ%¼¿C
v τñTΩ RDN ñ¼sbC
DEN ⌡Σ
uπ²\α⌠⌠ (DEN)vWµOεw@⌡µíAHxsPíU½≤
]NϕBíB⌠⌠P⌠⌠Aí÷YC
FΣ DENAIBM Tivoli Directory Server úFUC\αG
v lO]OCOwqizLlOqwq CsO
wq)OwqeC½≤Owqñ SUP ∩ⁿw)]W½
≤OC
v DEN LDAP ykA]AG
– Boolean
– DN
– ²rΩ
– qí
– UTC í
11 z IBM Directory ⌡ 125
– IA5 rΩ
– π
iPlanet e
IBM Tivoli Directory Server σRlAe\ iPlanet σkⁿw⌡
¼]objectClasses M attributeTypesCpAiⁿwAWµ descrs P
numeric-oids]Nº°p qdescrs δCúLA⌡ΩTúOzL ldap_search sC
unz∩ñYiµµ@A≤] ldap_modifyAYNπ
N¿Σñϕ IBM Directory 5.2 WµC%≤ñ
σRlM ldap_modify nDñPAY ldap_modify bΦO
iPlanet σkAταBzTC
ϕzd iPlanet °Al⌡AhdGbw OID Φiα@
HWCpApGY¼ΓW]p ’cn’ P ’commonName’Ah
úΓ¼í]@W@CY⌡ñY¼½≤
OíXhAIBM Tivoli Directory Server bσR⌡iNº°Pí
]NAME M DESCR úCúLAϕ IBM Tivoli Directory Server G⌡Ah
OCXW]²CX úo¼µ@íCpAiPlanet HU
CΦíí@δWG
( 2.5.4.3 NAME ’cn’DESC ’Standard Attribute’SYNTAX ’1.3.6.1.4.1.1466.115.121.1.15’ )
( 2.5.4.3 NAME ’commonName’DESC ’Standard Attribute, alias for cn’SYNTAX ’1.3.6.1.4.1.1466.115.121.1.15’ )
HUO IBM Tivoli Directory Server íΦíG
( 2.5.4.3 NAME ( ’cn’ ’commonName’ ) SUP name )
IBM Tivoli Directory Server iΣl¼CpGzúQ² ’cn’ ¿Wl¼]τ
YAµ≈AziHipUG
( 2.5.4.3 NAME ( ’cn’ ’commonName’ )DESC ’Standard Attribute’SYNTAX ’1.3.6.1.4.1.1466.115.121.1.15’ )
@W (’cn’) °NW A’cn’ ßΣLWh°NWCq
IlArΩ ’2.3.4.3’B’cn’ P ’commonName’]HΣú!jpgPqrb
⌡ñiµ¼BAbnsW²ñWC
qP UTC í
UúPϕkiⁿwΘPí÷ΩTCpA1999 0 2 δ 4 Θig
¿G
2/4/994/2/9999/2/44.2.199904-FEB-1999
ΣLUúPϕkC
126 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
IBM Tivoli Directory Server %nD LDAP °AΣUCΓykA²íWO
ϕC
v Nuqívyk ÑAµípUG
YYYYMMDDHHMMSS[.|,fraction][(+|-HHMM)|Z]
ΣñA0≈ 4 AδBΘBB!Pϕ!O 2 Ati∩a[Wϕ
pCpGSi@B[AhNΘPí°ϕaCpGnⁿX
íO@í (UTC)AbYíß[W@jgr) Z Pϕa
ítCpG
"19991106210627.3"
ⁿϕaí 1999 0 11 δW 9 I 6 ! 27.3 ϕC
"19991106210627.3Z"
oO@íC
"19991106210627.3-0500"
ⁿϕaí]M@d@A M@í (UTC) t 5 pC
pGznⁿw∩pϕAhtyIrICpGnⁿXMϕaí
tAh"b hour-minute ºe[W@ ’+’ ’-’
v N Universal Time yk ÑAµípUG
YYMMDDHHMM[SS][(+ | -)HHMM)|Z]
ΣñA0BδBΘBB!H∩ϕµ!O 2 CpGOuq
ívAhiⁿw∩tCpApGϕaí 1999 0 1 δ 2 ΘW:A@
í (UTC) 1999 0 1 δ 2 Θñ: 12 IAh UTC íiG
"9901021200Z""9901020700-0500"
pGϕaí 2001 0 1 δ 2 ΘW:A@í (UTC) 2001 0 1 δ 2
Θñ: 12 IAh UTC íiG
"0101021200Z""0101020700-0500"
%≤ UTC íb0≈Φue\ 2 A]úC
Σ±∩Wh generalizedTimeMatch]YÑíP generalizedTimeOrderingMatch
]YúÑíCúe\lrΩjMCpAUCLo°≤G
generalized-timestamp-attribute=199910061030utc-timestamp-attribute>=991006generalized-timestamp-attribute=*
UCLo°≤LG
generalized-timestamp-attribute=1999*utc-timestamp-attribute>=*1010
11 z IBM Directory ⌡ 127
128 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
12 g
gO@²²°A∩αiaNC gBzNh²
ñΩOPBC
gúΓDnnBG
v ΩT - ≈ªú°AeC
v ≤tjM - jMnDiH!GbúP°AºíA úObµ@°A
WA o°AeiHPCo∩nD¿#íC
g
IBM Tivoli Directory Server 5.2 sΦkz gCbí g@
ⁿJpUG
Ñíg
πhh°A gCqPh/D°A g@¬]α°
AAßA gΣL°ACoiH!D°A g@t
ⁿC
°A
zLqt@]ú°A g¼≤°AC
ⁿXúsΦkM"nΩTCb ÷sñAo]t
DN MKXCOxsb g≤wñwⁿwΣ DN ñC
α°A
gªº≤¬°ACoMPh/D°A#Abo°
AñªO¬A BSPh°AC
hD°A
@í°AAqΣb gxAN gyqα g⌠⌠ñ
ΣLhDC]¼) g@⌠⌠ΣLhD°A gyqAAα
Σ gxW°AC
hD°A"OD°A]igJC
D°A
wl≡igJ]i≤s°AC
¼l≡
² gl≡l≡C
Ph°A
ϕwl≡hD°AAíD°AⁿJCPh°Aú
gt@Ph°Aeª≤F u g²bªW
≤C
s
b g⌠wqU@π½≤O ibm-replicaGroupAB
NϕP g°A¿Cªú@KQm]w ACLAHO@
© Copyright IBM Corp. 2003 129
gΩTCzuπeibC@ g⌠wqUΣ@ sA
NªⁿW ibm-replicagroup=defaultC
l
b sUAiH@hπ½≤O ibm-replicaSubentry
FC@P g@ú°AU@C liO°A
b gñΩtñΓGDn¬C¬°AiHΣÑíC g
g≤wC
wgl≡
DIT ñqY°A gt@°Aí≈Cbo]pUASwl≡
iH gY°AA úα gΣL°ACl≡iHbw°A
WgJA ΣLl≡hiHO¬C
g⌠⌠
]ts gx⌠⌠C
g≤w
²ñtΩTAHwqΓ°Aºíusuvu g⌠vC
Σñ@í°Aú]eX≤°AAt@í]¼
≤°AC≤wts@qúsuAH g
íΩTC
g⌠wq
ⁿX gl≡ CziHN ibm-replicationContext U½≤OsW
ñANª g CP g÷tmΩTOs g⌠wq
U@ñC
gx
tmb@ ghD°AM⌠≤D°ABPh °AC
ziHN gwbSwíoABNú≤[HpAMßHσ
ΦíeC ≤w]tú DNC
ú°A
e≤t@]°A°AC
²ñSwiϕ@ gl≡ AΦkOsW ibm-replicationContext ½≤O
oñCC@l≡úOO gCl≡≥VU²ΩT≡]DITA
ΦF¡IΣL gl≡εCsW gl≡ UΦAH]t g
tmΩTCoO@h sAΣUhOn lCPC
@ l÷pO g≤wAªiOC@°Aú] g
°AAHwqΩTC
zL gA∩Y²≤@hΣL²CΩWA∩Y
²≤πbhúP²WC IBM Directory ΣiDq gíC
giH]AG
v gu²ΩT²≡ (DIT)vl≡Sw°A
v Ñí ghh
v %l≡ⁿú°AñΓ]D °AC
v hD°AA∩Ñí gC
v ≤⌠⌠hD g@C
130 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
%l≡ guIb≤ ún gπ²CªiHO²í≈l≡
C
ií∩FD°A °AºCoⁿJúAA≤°AA O
A≤°A∩≤Sϕ gl≡πñΓC@°AiHPRϕYl≡
D°AA SRϕΣLl≡ °ACuD°AvoⁿJO≤ⁿ
gl≡ºß≤sΩ°ACu °AvoⁿJhO≤ⁿ)
ΣL°A]ⁿw gl≡úº≤sΩ°AC
\αwqA²6¼GD/PhBhDBα]ÑíCM ]
¬C
ϕ 12. °AñΓ
D/Ph D/Ph°AtDn²ΩTAΣñ≤ °AC
≤úObD°AWs@oA BD°AtdNo≤
°AC
iH°ARϕ²ΩTD°AAC@D°Atd≤sΣLD
°A °ACoºPh gCPh giH∩αia
Cα∩O]úF@°ABzsG⌠⌠ñ≤sΩC
ia∩hO]úFpGDnD°AGAYiY
≈D°AC
:
1. D°A gß≤sΩA²ú gqΣLD°A¼
≤sΩC
2. Ph°Aºí≤siHY⌡µ ⌡µCΩTA\
165y gzC
3. h°AY∩P@iµ≤sAiαP²Ωú@PA]
S≡MΦC\ 291yldapdiffzAHo½sPB°
A÷ΩTC
α]Ñí
C
αÑíC°AO@ °AAtd g≤CoúP
≤D/Ph°AA]D/Ph°A gs°Aºß
≤CÑíC°AiHεD°A gu@qAo°A≤
t\h!6B ⌠⌠ñC
hD hD g@hD°A≤ g⌠⌠ºía¼M! gΩTCh
D gDnnBOC⌠⌠yqC
°A
]¬
t²ΩTΣL°AC °AOD°A]ªOΣ °A
l≡C °AúF gl≡ ≈C
ziHnD °AW≤sA²≤sΩWαD°AAΦkONα
#ßCpG≤sQ¿AD°Ae≤s °ACD°A
¿F≤sΩ gA≤+#Mb²nDª °AWCpG gó
AN½⌡µAY½sD°A]O@C g≤O bD°
AWiµ≤C
pGúA °AAhz"qúú ≤wCdUwqP°A
εC≤A] ún²íCAú]≥p≥
A½seΩC
12 g 131
g≤w
g≤wO²ñ@AΣ½≤O ibm-replicationAgreement Ob lºUAHwqqlNϕ°At@°A g@Co½≤
P²e Directory Server replicaObject ⁿC g≤wO%UC
¿G
v ÷OWA@≤wRWC
v ⁿw°AB≡HO SSL LDAP URLC
v °A IDAYD --uúvNϕΣ°A ID ú°A]pP
ñ⌡µ°A@δC
v tús½≤ DNC
v t gΩTº½≤∩ DN ⁿCpGeANY g≤C
÷OWiHO°AWΣLyzrΩC
F[jΩδTAϕúsAªq root DSE °A IDA
MßP≤wñ±CpG°A ID úANOⁿiC
°A ID OQz GUI MXC@3wF°A IDAGUI
NiHMΣ∩lΣ≤wC
%≤ g≤wiH gAH½≤ DNCoiH²xsb²D
gC g½≤]uσv"iHqooNϕτ±w
Ccn=localhost rO½≤Aϕw]mCO½≤]oΣúP
OΦk≤e÷@FziHs½≤OA ú"Yz∩N
qC
½≤OOw∩C@ΣOΦk wqG
v ÷s
v t SSL SASL EXTERNAL ≈ε
v Kerberos O
ziH%sW ibm-replicationContext UOl≡ rootAⁿwún gí!
gl≡A ú"wq⌠≤ lC
: uWeb zuπvb\@bÑn w≤w g≤A]N
≤w ’εC’C
HUUⁿOµíM LDIF ]w gdCodí°
¬G
v @D°AM@ °A
v @D°AA@α°AM@ °A
v ΓPh/D°AAΓα°AAM6 °AC
D-°A
pGnwqD- °AAz"G
132 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
1. D°AwqΣñeC∩n gl≡AN°AⁿwD°A
C
2. únC
3. °AC
4. NΩX °AC
Web zG
:
pGznsWúO°AñrAbziHsWl≡\αºeAz
"TwΣ ACL wqpUG
Lo ACLG
ownersource: <P DN>ownerpropagate: TRUE
aclsource: <P DN>aclpropagate: TRUE
Lo ACLG
ibm-filteraclinherit: FALSE
Fí¼ ACL DApGúO°AñrAbzeñsΦ
ACLC∩÷@UsΦ ACLCpGznsWLo ACLA∩
AMßP ACL MsW@ cn=this H access-id ñΓCTwwg∩ ACL MCpGznsWwLo ACLA∩
AMßP ACL MsW@ cn=this H access-id ñΓCTwwg°∩ pLo ACLA²Ow∩CΩT\
209y ACLzC
D°A]gl≡
: °A"b⌡µA+α⌡µ@C
o@NⁿwO gl≡ rootAB@ ibm-replicasubentryANo°Aϕ¿l≡µ@D°ACYn gl≡Az"ⁿwn°A
gl≡C
: b LinuxBSolaris HP-UX ¡xWApG]α°A⌡µ Pαó
ATwzt⌠ñwg]w⌠ LDAP_LOCK_RECCú⌠≤Sw
C
set LDAP_LOCK_REC=anyvalue
is²ñu gvzAA÷@UzC
1. ÷@UsWl≡C
2. ΘJzn gl≡ DNA÷@Us²iAH∩n@l≡ root
C
3. D°Aα URL OH LDAP URL µíπApG
ldap://<myservername>.<mylocation>.<mycompany>.com
12 g 133
: D°Aα URL O∩CubUCípU+ªG
v pG°A]t]YN]t⌠≤¬l≡C
v n∩°AW⌠≤¬l≡wq@n#iµ≤sα URLC
4. ÷@UTwC
5. s°AπbuzveWA≤Ywgl≡ºUC
iuWeb zuπvs²ñu gvzAA÷@UzC
1. qul≡vMµñ∩nxsmCuWeb zuπvi²zbT
mñwqG
v cn=replication,cn=localhostAubµ°AWOsC
: bjí! g¼pñA±n@kOMΣ cn=replication,cn=localhost ñ
A]ªúw±≤l≡W g¬C²OAYSw
ípoLk≤ cn=replication,cn=localhost C
pGzb°A]p serverAºUsW °AA Bzw Web
zuπsúP°A s e r v e r BAh∩µúπ
cn=replication,cn=localhost ∩CoO]zLkbs serverB A
¬≤s serverA º cn=localhost U⌠≤ΩTC
uϕzbΣñsW °AO Web zuπsP@í
°AA+α cn=replication,cn=localhostC
v YϕzbΣñsW °AúO Web zuπsP@í°
AA]α cn=replication,cn=IBMpoliciesC±bmºU g°AC
: uϕ IBMpolicies Σ OID (1.3.18.0.2.32.18) sb≤ DSE
ibm-supportedcapabilities ºUA+α cn=replication,cn=IBMpolicies
mC
v b gl≡ñCbípUA gΣll≡CN±mb gl
≡ñANbl≡ ibm-replicagroup=default UC
: pGπ⌠≤l≡A 133yD°A] gl≡zA
Hop≤n gºl≡ⁿC
2. ÷@UsWC
3. ΘJznWAp mycredsFµñ cn= wgw²±C
4. ∩nOΦk¼AA÷@UU@BC
v pGz∩ ÷sOG
a. ΘJ°As °A DNApAcn=any
b. ΘJϕªs °AKXApAsecretC
c. AΘJKXAHTS,C
d. pGQnAΘJ uíC
e. ÷@U¿C
134 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
: ziαnO²s DN MKXAHΘßCzb ≤w
noKXC
v pGz∩ Kerberos OG
a. ΘJz Kerberos s DNC
b. ΘJsKXC
c. ½sΘJsKXiµTC
d. pGQnAΘJ uíCúnΣLΩTC\ 92
y]w KerberoszAHoΣLΩTC
e. ÷@U¿C
w]Aú¡ADΘsCpApGúW
m a s t e r . o u r . o r g . c o mA ΓO S O M E . R E A L MAh D N O
ibm-Kn=ldap/[email protected]Γ!jpgCpG@HWúAz"ⁿwúnDΘMKXC
bz°AWG
a. i²z÷@UzC
b. ∩zxsl≡ApAcn=localhostAMß÷@UiC
c. ∩ cn=replication ÷@UiC
d. ∩ kerberos ]ibm-replicationCredentialsKerberos÷@UsΦ
C
e. ÷@UΣLC
f. ΘJ [email protected]
g. ΘJ replicaCredentialsCoO myprincipal KDC KXC
: oDΘMKXMzqⁿOµ⌡µ kinit DΘMKXPC
b°AW
a. ÷@Us²ñzgeC
b. qúΩTU\αϕñ∩@úAΘJzntmú
gl≡WC
c. ÷@UsΦC
d. ΘJ g bindDNCbdñAhO
e. ΘJTgsKXCoO myprincipal KDC KXC
v pG∩FtO SSLAhb°AAzNúnú⌠≤
ΣLΩTCpGz∩núO°AA⌡µUC@G
a. ΘJ≈WC
b. ΘJ≈KXC
c. ½sΘJ≈KXiµTC
d. ΘJ≈C
e. pGQnAΘJ uíC
f. ÷@U¿C
\ 69yw Socket hzAHoΣLΩTC
12 g 135
°A
: °A"b⌡µA+α⌡µ@C
i²ñgzAA÷@UzC
1. ∩n gl≡AA÷@UπC
2. ÷@Ug∩bYAiú°AMµC
3. ∩ú°AAA÷@UsWC
bsW°í°AWG
v ΘJzn D≈W≡Cw]≡O 389ANϕD SSLA 636 hNϕ
SSLCoúO"nµC
v ∩On SSL qTC
v ΘJ WANoµdD≈WC
v ΘJ IDCpGznbΣñ °Ab⌡µñA÷@Uo ID)w²±goµCpGznsW°AN¿Phα°AAh
oO"nµCz∩ IBM Tivoli Directory Server 5.2 °A⌡
µo@C
v ΘJ °AíC
bΣLWG
1. ⁿw °APD°AqTC
: uWeb zuπvi²zbΓaΦñwqG
v cn=replication,cn=localhostAub°AWOs
v YϕzbΣñsW °AúO Web zuπsP@
í°AA]α cn=replication,cn=IBMpoliciesC±bmºU g°AC
: uϕ IBMpolicies Σ OID (1.3.18.0.2.32.18) sb≤ DSE
ibm-supportedcapabilities ºUA+α cn=replication,cn=IBMpolicies
mC
v b gl≡ñCbípUA gΣll≡CN±mb g
l≡ñANbl≡ ibm-replicagroup=default UC
N±mb cn=replication,cn=localhost ñ±wC
a. ÷@U∩C
b. ∩nmCnO cn=replication,cn=localhostC
c. ÷@UπC
d. iMµAMß∩nC
e. ÷@UTwC
\ 134yzAHo÷≤≤wΣLΩTC
2. qUMµⁿw gA÷@UsW@C\ 165y
gz
3. qú\αMµñAziH°∩⌠≤ún g\αC
136 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
pGz⌠⌠VUúP°AAßi\αb¡ñi
αLkC\α]pLo ACL MKXhOQ%ΣL≤ g
@Cbjí!ípUApGo\αAzµ°AúαΣ
ªCpGúO°AúαΣY\αAzNúnªCpAzb
C@°AWúnúP ACL b@CM AziαnbΣY\α
°AWo\αA²OSúnbúΣo\α°AW gP\α
÷≤CbípUAziH\αMµún gSw\αC
4. ÷@UTw C
5. oπ@hTºAⁿX"B@C÷@UTwC
: pGznsWhí°A@ΣL °AAOn°Abz¿wqD°AWºeA<⌡µysΩ zysWú
ΩT zCpGzÑ¿ºß+ masterfile.ldifAªN]tD°A
M≤wπCϕzbC@í°AWⁿJoºßAC@í°
ANPΩTC
sΩ
b ßAz"YND°AñX CoOΓC
bD°AWAΩ LDIF CpGnsD°AWΩAoXUC
ⁿOG
db2ldif -o <masterfile.ldif>
pGunsµ@l≡ΩAoXUCⁿOG
db2ldif -o <masterfile.ldif> -s <subtreeDN>
: úDⁿw -j ∩AhN6@]createTimestampBcreatorsNameB
modifiersName M modifyTimestampX LDIF C
bn ≈WG
1. Tw ibmslapd.conf ñwwqD°ArC
2. ε C
3. N <masterfile.ldif> s AMßoXUCⁿOG
ldif2db -r no -i <masterfile.ldif>
g≤wBB]pGxsb gl≡ñHΩⁿJ
ñC
4. °AC
sWúΩT
zn≤ tmAHⁿXQv gtm≤HABsWαD°A
C
bn ≈WG
1. i²ñgzAMß÷@UzgeC
2. ÷@UsWC
3. qgl≡U\αϕñ∩@úAΘJzntmú gl
≡WCpGznsΦúANLksΦoµC
12 g 137
4. ΘJ g bindDNCbodñO cn=anyC
: ziHoΓ∩⌠≤@A°z¼p wC
v ’w]Mα’A g°Al≡]w gs DN]MK
XHw]αCqP@ú gl≡Aiαo
\αC
v C@ gl≡!O]w gs DN MKXAΦkOC@l≡s
WúΩTCϕC@l≡úúPú]τYC@l≡D°
AúPAiαo\αC
5. °¼ wAΘJTKXC]zºewgO²oKXHΘß
C
v ÷s - ⁿw DN MKX
v Kerberos - pGúLkODΘMKXA]τYA°A¡
ADΘAhs DN O ibm-kn=ldap/<yourservername@yourrealm>CpG
@ⁿ <myprincipal@myrealm> DΘWAª@ DNCb⌠≤
@ípUAúúnKXC
v SSL H/ EXTERNAL s - ⁿwDD DNA²úⁿwKX
\ 134yzC
6. ÷@UTwC
7. z"½s A≤+αC
ΣlΩTA\ 164y∩ gezC
B≤¼AAS⌠≤ g@oC¿ g]wºßAz"÷@
UzεCA∩ AMß÷@U/ gCΩT\ 166
yzεCzC biHqD°A¼≤sC
ⁿOµG
dí]zns gl≡C
:
dn: o=ibm,c=usobjectclass: organizationobjectclass: ibm-replicationContext
Oznl≡CpGowgsbA∩ªsW
objclass=ibm-replicationContextA únsWπC
pGnl≡ AznbD°AM ºí@ ≤wA\
132y g≤wzCo≤w"ⁿJD°AM WC
Γ°Aºí÷YOGun°AO úA OD°A
C
l≡ o=ibm,c=us D°A]masterM ]replicalG
1 . bD°Ab≈WA@]t≤wΩTApA
myreplicainfofileAΣñ myreplicainfofile ]tG
138 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
: NUCñX <master-uuid> N¿D°A cn=Configurationñ ibm-slapdServerId CoOb@°A%°AúCziH∩ cn=Configuration ⌡µ ldapsearchApGzUNIX tAziH∩ ibmslapd.conf grep ⁿOCPAz"NX <replica1-uuid> N °A cn=Configuration ibm-slapdServerId C
###g⌠wq - búMWdn: cn=replication,cn=localhostobjectclass: container
dn: o=ibm,c=usobjectclass: organizationobjectclass: ibm-replicationContext
###NUCes V5.1 ≤¬°AWC###sdn: ibm-replicaGroup=default, o=IBM, c=USobjectclass: topobjectclass: ibm-replicaGroupibm-replicaGroup: default
###N/Φks°A - g≤w###ⁿVBCdn: cn=replica1 BindCredentials,cn=replication,cn=localhostobjectclass: ibm-replicationCredentialsSimplecn: replica1 BindCredentialsreplicaBindDN: cn=masterreplicaCredentials: masterdescription: Bindmethod of master to replica1
### SubEntrydn: ibm-replicaServerId=<master-uuid>,ibm-replicaGroup=default,o=IBM, c=USobjectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <master-uuid>ibm-replicationServerIsMaster: truecn: masterdescription: master server
###∩°Ag≤wdn: cn=replica1,ibm-replicaServerId=<master-uuid>,
ibm-replicaGroup=default,o=IBM,c=USobjectclass: topobjectclass: ibm-replicationAgreementcn: replica1ibm-replicaConsumerId: <replica1-uuid>ibm-replicaUrl: ldap://<replicahostname:replicaport>ibm-replicaCredentialsDN: cn=replica1 BindCredentials,cn=replication,
cn=localhostdescription: replica server number one
2. εD°A]YεC
3. oXUCⁿOG
ldif2db -r no -i <myreplicainfofile>
4. oXUCⁿOG
db2ldif -o <masterfile.ldif>
ΩTA\ 288ydb2ldif ízC
5. N <masterfile.ldif> s replica1 b≈C
6. ε ]pGb⌡µñC
12 g 139
7. z"N replica1 tm¿ °ACsΦNUC[J replica1
ibmslapd.conf ñG
dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Serveribm-slapdMasterDN: <cn=masterbndn>ibm-slapdMasterPW: <masterbnpw>ibm-slapdMasterReferral: ldap://<masterhostname>:<masterport>/
8. xs ibmslapd.conf C
9. oXUCⁿOG
ldif2db -r no -i <masterfile.ldif>
10. master M replica1C
: pGzNl≡s v4.1 ≤¡°AAzúiHs
ibm-replicagroup=default l≡A B"ú ibm-replicationcontext UOA] 4.1 ⌡úΣHWΓC
D-α-
pGnwqD-α- Az"G
1. wD°AM °AC\ 132yD- °AzC
2. l °As °AC
3. NΩs °AñC\ 137ysΩ zC
Web zG
pGzw]w g]\ 133yD°A] gl≡zAH
D°A (server1) M °A (server2)AziH≤ server2 ñΓα°AC
YnpAb server2 Us °A (server3)C
1. sD°A (server1) uWeb zv
2. is²ñu gvzAA÷@UzC
3. ∩n gl≡AA÷@UπC
4. ÷@Ug∩bYAiú°AMµC
5. ÷@U server1 ∩bYAi°AMµC
6. ∩ server2 A÷@UsWC
7.
bsW°í°AWG
v ΘJzn (server3) D≈W≡Cw]≡O 389ANϕD SSLA
636 hNϕ SSLCoúO"nµC
v ∩On SSL qTC
v ΘJ WANoµdD≈WC
v ΘJ IDCpGznbΣñ °Ab⌡µñA÷@Uo
ID )w²±goµCpGznsW°AN¿Phα°AAhoO"nµCz∩ IBM Tivoli Directory Server 5.2
°A⌡µo@C
v ΘJ °AíC
140 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
bΣLWG
a. ⁿw °APD°AqTC
: uWeb zuπvi²zbΓaΦñwqG
v cn=replication,cn=localhostAub°AWOsC
v b gl≡ñCbípUA gΣll≡C
N±mb cn=replication,cn=localhost ñ±wCN±mb g
l≡ñANbl≡ ibm-replicagroup=default UC
1) ÷@U∩C
2) ∩nmCnO cn=replication,cn=localhostC
3) ÷@UπC
4) iMµAMß∩nC
5) ÷@UTwC
\ 134yzAHo÷≤≤wΣLΩTC
b. qUMµⁿw gA÷@UsW@C\ 165y
gzC
c. qú\αMµñAziH°∩⌠≤ún g\αC
pGz⌠⌠VUúP°AAßi\αb¡
ñiαLkC\α]pLo ACL MKXhOQ%ΣL≤
g@Cbjí!ípUApGo\αAzµ
°AúαΣªCpGúO°AúαΣY\αAzNún
ªCpAzbC@°AWúnúP ACL b@CM Az
iαnbΣY\α°AWo\αA²OSúnbúΣo\
α°AW gP\α÷≤CbípUAziH\αMµ
ún gSw\αC
d. ÷@UTw C
8. NΩq server2 ss (server3)C\ 137ysΩ
zAHop≤⌡µBJ÷ΩTC
9. sW server3 ú≤wA² server2 ¿ server 3 ú server3 ¿
server2 C\ 137ysWúΩT zAHop≤⌡µ
oBJ÷ΩTC
°AñΓ% Web zuπñNϕCzNpUG
v server1]D°A
– server2]α°A
- server3] °A
ⁿOµG
dí]zns gl≡C
:
dn: o=ibm,c=usobjectclass: organizationobjectclass: ibm-replicationContext
12 g 141
Oznl≡CpGowgsbA∩ªsW
objclass=ibm-replicationContextA únsWπC
oPµ@D°A °AⁿA²"Nπ[JC@
°AñA B≤wΩTe≤°Cb]tα°AΩTHú
-ΩTC
oΩú-÷YG
v D°AOα°AúC
v α°AΓñΓG
1. D°A
2. ú
v Oα°AC
l≡ o=ibm,c=us D°A]masterBα°A]forwarder1M
]replica1°AG
1 . bD°Ab≈WA@]t≤wΩTApA
myreplicainfofileAΣñ myreplicainfofile ]tG
: NUCñX <master-uuid> N¿D°A cn=Configurationñ ibm-slapdServerId CoOb@°A%°AúCziH∩ cn=Configuration ⌡µ ldapsearchApGzUNIX tAziH∩ ibmslapd.conf grep ⁿOCPAz"NX <forwarder1-uuid> M <replica1-uuid> N¿÷°A
cn=Configuration ibm-slapdServerId C
dn: cn=replication,cn=localhostobjectclass: container
dn: o=ibm,c=usobjectclass: organizationobjectclass: ibm-replicationContext
dn: ibm-replicaGroup=default, o=ibm,c=usobjectclass: topobjectclass: ibm-replicaGroupibm-replicaGroup: default
dn: cn=forwarder1 BindCredentials,cn=replication,cn=localhostobjectclass: ibm-replicationCredentialsSimple
# ibm-replicationCredentialsExternal #ibm-replicationCredentialsKerberos
cn: forwarder1 BindCredentialsreplicaBindDN: <cn=forw1bnddn>replicaCredentials: <forw1bndpw>cn:forwarder1 BindCredentialsdescription: Bindmethod of master to forwarder1
dn: cn=replica1 BindCredentials,cn=replication,cn=localhostobjectclass: ibm-replicationCredentialsSimplecn: replica1 BindCredentialsreplicaBindDN: <cn=rep1bnddn>replicaCredentials: <rep1bndpw>description: Bindmethod of forwarder1 to replica1
dn: ibm-replicaServerId=<master-uuid>,ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicaSubentry
142 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ibm-replicaServerId: <master-uuid> #tmñ IDibm-replicationServerIsMaster: true#YD°AAh trueAYα°AAh falsecn: masterdescription: master ibm-replicaSubentry
dn: ibm-replicaServerId=<forwarder1-uuid>,ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <forwarder1-uuid>ibm-replicationServerIsMaster: falsecn: forwarder1description: forwarder1 ibm-replicaSubentry
dn: cn=forwarder1,ibm-replicaServerId=<master-uuid>,ibm-replicaGroup=default,o=ibm,c=us
objectclass: topobjectclass: ibm-replicationAgreementcn: forwarder1ibm-replicaConsumerId: <forwarder1-uuid>ibm-replicaUrl: ldap://<forwarder1hostname:forwarder1port>ibm-replicaCredentialsDN: cn=forwarder1 BindCredentials,cn=replication,
cn=localhostdescription: master1 to forwarder1 agreement
dn: cn=replica1,ibm-replicaServerId=<forwarder1-uuid>,ibm-replicaGroup=default,o=ibm,c=us
objectclass: topobjectclass: ibm-replicationAgreementcn: replica1ibm-replicaConsumerId: <replica1-uuid>-uuidibm-replicaUrl: ldap://<replica1hostname:replica1port>ibm-replicaCredentialsDN: cn=replica1 BindCredentials,cn=replication,
cn=localhostdescription: forwarder1 to replica1 agreement
2. εD°A]YεC
3. oXUCⁿOG
ldif2db -r no -i <myreplicainfofile>
4. oXUCⁿOG
db2ldif -o <masterfile.ldif>
ΩTA\ 288ydb2ldif ízC
5. N <masterfile.ldif> s forwarder1 b≈C
6. ε forwarder1]pGb⌡µñC
7. z"N forwarder1 tm¿α°ACsΦNUC[J forwarder1
ibmslapd.conf ñG
dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Serveribm-slapdMasterDN: <cn=masterbnddn>ibm-slapdMasterPW: <masterbndp>wibm-slapdMasterReferral: ldap://masterhostname:masterport/
#bsWαD°AC#α]iH[J replicaContextABu²#dªO°AC
8. xs ibmslapd.conf C
9. N <masterfile.ldif> s replica1 b≈C
10. ε replica1]pGb⌡µñC
12 g 143
11. z"N replica1 tm¿ °ACsΦNUC[J replica1
ibmslapd.conf ñG
dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Serveribm-slapdMasterDN: <cn=forw1bndn>ibm-slapdMasterPW: <forw1bnpw>ibm-slapdMasterReferral: ldap://forw1hostname:forw1port/
12. xs ibmslapd.conf C
13. b forwarder1 M replica1 b≈WAoXUCⁿOG
ldif2db -r no -i <masterfile.ldif>
14. masterBforward1 M replica1C
°gº[
ziHo¬Ñº[@]w° gⁿC
1. iαPhD°AMYN@ °AANªm≤ut
mvíC
2. ’@’ D°AANªtm¿⌠ñD°AC
3. ⁿJnb ’@’ D°AW gl≡Ω]YⁿJΩC
4. ∩n gl≡C
5. sWiαPhD°A@u@vD°A C
6. sWΣL C
7. ΣLPhD°Aú&ªC
8. sW ≤wC@PhD°AC
: pGnbcn=replication,cn=localhost ñAN"b½sC@°AºßAbC@°AWCb½≤ºeAPh°
A gúóC
9. sWΣLD°A ≤wC@PhD°AC’@’ D°Awg
ΩTC
10. Rε gl≡C
11. uεCvz⌡LC@εCC
12. q ’@’ D°AX gl≡ΩC
13. °Rεl≡C
14. N gl≡ΩJC@ MPhD°AC
15. zC@ MPhD°AW geAN]w¿%úC
16. ϕC@ MPhD°A AY½sªC
Phg]w°
Ph gO@ gAΣñh°AOD°ACM APhD°A
⌠úPOAPh°Aºíú"⌡µ≡MΦCLDAP °AⁿPh
°Aú≤sAMß≤s¡ΩC¼≤sSSw
qAh≤sO≡]SSϕqC
144 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
pGnsWΣLD]Ph°AAz"²N°AsWD°A
¬ ]\ 136y °AzAl]w²ΩAMßN°A
ú&D°A]\ 161yú&°AzC
ΦlAo ibm-replicagroup ½≤ gl≡ root
ACLCo ACL iαúAXε∩²ñ gΩTiµsC
F²usWvl≡@Q¿ApGzsW DN úO°AñrAN"
πT ACLC
Lo ACLG
v ownersource : < DN>
v ownerpropagate : TRUE
v aclsource : < DN>
v aclpropagate: TRUE
Lo ACLG
v ownersource : < DN>
v ownerpropagate : TRUE
v ibm-filteraclinherit: FALSE
v ibm-filteraclentry : <⌠≤>
Web zuπsΦ ACL \αAPΦº gl≡÷p gΩT]w ACL]\ 163ysΦsεMµzC
B≤¼AAS⌠≤ g@oC¿ g]wºßAz"÷@
UzεCA∩ AMß÷@U/ gCΩT\ 166
yzεCzC biHqD°A¼≤sC
ubw≤sVq⌠ñA+Ph gC∩²ñSw½≤
≤s"%YPh°A⌡µCoOFεbY°ARú½≤ºßAt
@°Ao∩½≤CoΩ]iαb∩ⁿOºßAPh°Ao¼R
úⁿOAoNú≡C
pGnwqPh-α- AΣ]tΓíPh-D°ABΓíα°A
M6í °Az"G
1. wD°AM °AC\ 132yD- °AzC
2. D°AΓíB °AC\ 136y °AzC
3. bΦΓí °AºU!OΓí °AC
4. N °Aú&D°AC
: znú&D°A°A"O@¡ AS⌠≤lh °AC
5. ND°AΩssD°AM °AñC\ 137ys
Ω zC
12 g 145
Web zG
ziHb 140y Web zGz ñαAN°Aú&P
h°ACbdñAzNΓ °A (server3) ú&D°A (server1)
Ph°AC
1. sD°A (server1) uWeb zvC
2. is²ñu gvzAA÷@UzC
3. ∩n gl≡AA÷@UπC
4. ÷@Ug∩bYAi°AMµC
5. ÷@U server1 ∩bYAi°AMµC
6. ÷@U server2 ∩bYAi°AMµC
7. ÷@U server1AA÷@UsWC server4C\ 136y
°AzCϕP server5C°AñΓ% Web zuπñ
NϕCzNpUG
v server1]D°A
– server2]α°A
- server3] °A
– server4] °A
– server5] °A
8. ÷@U server2AA÷@UsW server6C
9. ÷@U server4AA÷@UsW server7CϕP
server8CbzNpUG
v server1]D°A
– server2]α°A
- server3] °A
- server6] °A
– server4]α°A
- server7] °A
- server8] °A
– server5] °A
10. ∩ server5AA÷@UC
: zn°A"O@¡ AS⌠≤lh C
11. ∩nN ú&D°AgC÷@UC
12. oπΣLú≤weCPh gnDC@íD°AúO
ñΣLD°AH@h °A]Y server2 M server4úM
CServer5 wgO server1 Abª"¿ server1Bserver2 M server4
úCTw∩UCUúX∩G
ϕ 13.
ú
U server5 server1
U server5 server2
146 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ϕ 13. (≥)
ú
U server5 server4
÷@U≥C
: bYípUAu∩ve⌡XAnDúúbcn=rep l i ca t ion ,cn= loca lhos t CbípUAz"ú≤
cn=replication,cn=localhost HaΦ½≤Cq∩l≡N
AsC\ 134yz
.
13. ÷@UTwCbzNpUG
v server1]D°A
– server2]α°A
- server3] °A
- server6] °A
– server4]α°A
- server7] °A
- server8] °A
– server5]D°A
v server5]D°A
– server1]D°A
– server2]α°A
– server4]α°A
14. N server1 Ωs°AñC\ 137ysΩ zA
Hop≤⌡µBJ÷ΩTC
ⁿOµG
dí]zns gl≡C
:
dn: o=ibm,c=usobjectclass: organizationobjectclass: ibm-replicationContext
Oznl≡CpGowgsbA∩ªsW
objclass=ibm-replicationContextA únsWπC
bodñ≤°Cª]tΓPhD°A]peer1 M peer2AΓ
α°A] fo rwarder1 M fo rwarder2H6 °A] rep l i ca1B
replica2Breplica3 M replica4Co°Aºí÷YpUG
v peer1 M peer2 OPh-D°ACoϕϕª¼) ≤sAu g
qß¼CϕΓD°Aúπ PeAu¼ß
nD°A gCoΓ°AúO úMA]Oα
°AúC
12 g 147
v forwarder1 M forwarder 2 ΩtΓñΓCªPO peer1 M peer2 A
]O÷ úCªú⌡µ⌠≤ß≤sCªN g≤se
ªCboΩñ
– forwarder1 O replica1 M replica2 ú
– forwarder2 O replica3 M replica4 ú
forwarder1 M forwarder2 ºíS¼C
v 1 M 2 O forwarder1 Areplica3 M replica4 O forwarder2
C
pGnPh-D]peer1 M peer2Bα°A]forwarder1 M forwarder2M
°A]replica1Breplica2Breplica3 M replica4
Peer1<------->Peer2| \ / || X |↓ / \ ↓
Forwarder1 Forwarder2/ | | \
Replica1 Replica2 Replica3 Replica4
Hl≡ o=ibm,c=usG
1. ε°A peer1 M peer2C
2. z"N peer1 M peer2 tm¿Ph°ACsΦNUC[J
peer1 M peer2 ibmslapd.conf ñG
dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Serveribm-slapdMasterDN: cn=masteribm-slapdMasterPW: master
: oboΓí°Añ@wnPA]od½≤Ob°AW@C
3. xs ibmslapd.conf C
4. bD°A peer 1 b≈WA@]t≤wΩTApA
mycredentialsfileAΣñ mycredentialsfile ]tG
dn: cn=replication,cn=localhostobjectclass: container
dn: cn=simple,cn=replication,cn=localhostobjectclass: ibm-replicationCredentialsSimplecn: simplereplicaBindDN: cn=masterreplicaCredentials: masterdescription: Bindmethod for topology
5. oXUCⁿOG
ldif2db -r no -i <mycredentialsfile>
6. N <mycredentialsfile> s peer2Bforwarder1 M forwarder2 b≈WAM
ßbC@í≈WoXUCⁿOG
ldif2db -r no -i <mycredentialsfile>
148 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
7. b peer1 b≈WA@ <mytopologyfile>AΣñ <mytopologyfile> ]
AG
: NUCñX <master-uuid> N¿D°A cn=Configurationñ ibm-slapdServerId CoOb@°A%°AúCziH∩ cn=Configuration ⌡µ ldapsearchApGzUNIX tAziH∩ ibmslapd.conf grep ⁿOCPAz"NX <peerx-uuid>B<forwarderx-uuid> M <replicax-uuid>]Σñ
x Nϕ@rN¿÷°A cn=Conf igurat ion
ibm-slapdServerId C
dn: o=ibm,c=uso: ibmobjectclass: topobjectclass: organizationobjectclass: ibm-replicationContext
dn: ibm-replicaGroup=default, o=ibm,c=usobjectclass: topobjectclass: ibm-replicaGroupibm-replicaGroup: default
dn: ibm-replicaServerId=<peer1-uuid>,ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <peer1-uuid>ibm-replicationServerIsMaster: truecn: peer1description: peer1 server
dn: ibm-replicaServerId=<peer2-uuid>,ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <peer2-uuid>ibm-replicationServerIsMaster: truecn: peer2description: peer2 server
dn: ibm-replicaServerId=<forwarder1-uuid>,ibm-replicaGroup=default,o=ibm,c=us
objectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <forwarder1-uuid>ibm-replicationServerIsMaster: falsecn: forwarder1description: forwarder server number one
dn: ibm-replicaServerId=<forwarder2-uuid>,ibm-replicaGroup=default,o=ibm,c=us
objectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <forwarder2-uuid>ibm-replicationServerIsMaster: falsecn: forwarder2description: forwarder server number two
#peer1 ∩ peer2 ≤wdn: cn=peer2,ibm-replicaServerId=<peer1-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: peer2ibm-replicaConsumerId: <peer2-uuid>ibm-replicaUrl: ldap://<peer2hostname:peer2port>
12 g 149
ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: peer2 server
#peer1 ∩ forwarder1 ≤wdn: cn=forwarder1,ibm-replicaServerId=<peer1-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: forwarder1ibm-replicaConsumerId: <forwarder1-uuid>ibm-replicaUrl: ldap://<forwarder1hostname:forwarder1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: forwarder server one
#peer1 ∩ forwarder2 ≤wdn: cn=forwarder2,ibm-replicaServerId=<peer1-uuid>
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: forwarder2ibm-replicaConsumerId: <forwarder2-uuid>ibm-replicaUrl: ldap://<forwarder2hostname:forwarder2port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: forwarder server two
#peer2 ∩ peer1 ≤wdn: cn=peer1,ibm-replicaServerId=<peer2-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: peer1ibm-replicaConsumerId: <peer1-uuid>ibm-replicaUrl: ldap://<peer1hostname:peer1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: peer server one
#peer2 ∩ forwarder1 ≤wdn: cn=forwarder1,ibm-replicaServerId=<peer2-uuid>
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: forwarder1ibm-replicaConsumerId: forwarder1-uidibm-replicaUrl: ldap://<forwarder1hostname:forwarder1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: forwarder server one
#peer2 ∩ forwarder2 ≤wdn: cn=forwarder2,ibm-replicaServerId=<peer2-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: forwarder2ibm-replicaConsumerId: <forwarder2-uuid>ibm-replicaUrl: ldap://$<forwarder2hostname:forwarder2port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: forwarder server two
#forwarder1 ∩ replica1 ≤wdn: cn=replica1,ibm-replicaServerId=<forwarder1-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: replica1ibm-replicaConsumerId: <replica1-uuid>ibm-replicaUrl: ldap://<replica1hostname:replica1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhost
150 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
description: replica server number one
#forwarder1 ∩ replica2 ≤wdn: cn=replica2,ibm-replicaServerId=<forwarder1-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: replica2ibm-replicaConsumerId: <replica2-uuid>ibm-replicaUrl: ldap://<replica2hostname:replica2port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: replica server number two
#forwarder2 ∩ replica3 ≤wdn: cn=replica3,ibm-replicaServerId=<forwarder2-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: replica3ibm-replicaConsumerId: <replica3-uuid>ibm-replicaUrl: ldap://<replica3hostname:replica3port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: replica server number three
#forwarder2 ∩ replica4 ≤wdn: cn=replica4,ibm-replicaServerId=<forwarder2-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: replica4ibm-replicaConsumerId: <replica4-uuid>ibm-replicaUrl: ldap://<replica4hostname:replica4port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: replica server number four
8. pGnⁿJoAoXUCⁿOG
ldif2db -r no -i <mytopologyfile>
Σñ -r no iε gC
9. oAziαnⁿJzl≡ΣLΩC
10. ¿ΩⁿJApGnXHJΣL°AAoXUCⁿOG
db2ldif -s"o=ibm,c=us" -o <mymasterfile.ldif>
ΩTA\ 288ydb2ldif ízC
11. N <masterfile.ldif> s peer2 b≈WC
12. b peer2 Mb≈WAoXUCⁿOG
ldif2db -r no -i <masterfile.ldif>
13. Tw forwarder1 M forwarder2 wgεC
14. z"N forwarder1 M forwarder2 tm¿α°ACsΦNUC
[J forwarder1 M forwarder2 ibmslapd.conf ñG
dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Serveribm-slapdMasterDN: cn=masteribm-slapdMasterPW: masteribm-slapdMasterReferral: ldap://peer1hostname:peer1port/
: oiTO)ß≤súQ peer1C
15. N <masterfile.ldif> s forwarder1 M forwarder2 b≈WC
12 g 151
16. bC@í≈WoXUCⁿOG
ldif2db -r no -i <masterfile.ldif>
17. Tw replica1Breplica2Breplica3 M replica4 wgεC
18. z"N replica1Breplica2Breplica3 M replica4 tm¿ °ACsΦ
NUC[JC@í °A ibmslapd.conf ñG
dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Serveribm-slapdMasterDN: cn=masteribm-slapdMasterPW: masteribm-slapdMasterReferral: ldap://peer1hostname:peer1port/
19. xs ibmslapd.conf C
20. N <masterfile.ldif> s replica1Breplica2Breplica3 M replica4 b≈WC
21. bC@í≈WoXUCⁿOG
ldif2db -r no -i <masterfile.ldif>
22. peer1Bpeer2Bforwarder1Bforwarder2Breplica1Breplica2Breplica3 M replica4C
]whD
: hD°A"O IBM Tivoli Directory Server 5.2 °AAOtΣhD g
@ºí IBM Directory Server 5.1 °AC
hD g@hD°A≤ g⌠⌠ºía¼M! gΩTChD g
DnnBOC⌠⌠yqC
hD°A"OD°A]igJCUíhD g@B@ΦíG
152 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
5 ñ g⌠⌠]t6 gxAC@]t@íhD°AChD°AG
v qb gxñPh/D°A¼ g≤sAe≤s g⌠⌠
ΣLhD°AC
v q g⌠⌠ñΣLhD°A¼ g≤sAe≤sΣb gxñ
Ph/D°AM °AC
hD°A°A ids M ids Mw≤sne g⌠⌠ΣLhD
°AA≤sne gx°AC
Yn]whD g@Az".ΓhD°AChD°Ai
gxCz"bhDM⌠≤D/PhHnJhD gxñ °Aº
íA g≤wC
hD°A"OD°A]igJCpGzsWhD½≤O
ibm-replicaGateway úOD°A lAh#TºC
ΓΦkiHhD°ACziHG
v shD°A
v α½Ph°AhD°A
: SONAzuαbC@ gxWⁿw@íhD°AC
5. πhD°A g⌠⌠
12 g 153
Web zG
pGnte@díPh g°]whDG
v NPh°A (peer1) ૨hD°AH gx 1C
v gx 2 shD°AAH peer1 ≤wC
v gx 2 ]dñíC
v ND°AΩsñ≈ñC
1. sD°A (server1) uWeb zvC
2. is²ñu gvzAA÷@UzC
3. ∩n gl≡AA÷@UπC
4. ÷@Ug∩bYAi°AMµC
5. pGnN°A૨hD°AA∩ server1 ΣPh server5Cd server1C
6. ÷@UsΦ°AC
7. Tw∩°AOD°AA∩°AOhDC
8. ÷@UTwC
: pGznhD°AwgOD°AAª"OSlh ¡ °AAziH²Nªú&D°AAMßANªⁿw¿hDC
9. pGnshD°AA∩ server1AA÷@UsWC
10. s °A server9C\ 136y °AzC
11. ∩ server9AA÷@UC
12. ∩nN ú&D°AgC÷@UC
13. oπΣLú≤weCTwu∩ server1 ú≤w∩
C
ϕ 14.
ú
U server9 server1
server9 server2
server9 server4
server9 server5
÷@U≥C
: bYípUAu∩ve⌡XAnDúúbcn=rep l i ca t ion ,cn= loca lhos t CbípUAz"ú≤
cn=replication,cn=localhost HaΦ½≤Cq∩l≡N
AsC\ 134yzC
.
14. ÷@UTwC°AñΓ% Web zuπñNϕCbzNpUG
v server1] gx 1 D-hD
– server2]α°A
- server3] °A
- server6] °A
154 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
– server4]α°A
- server7] °A
- server8] °A
– server5]D°A
– server9] gx 2 D-hD
v server5]D°A
– server1]D°A
– server2]α°A
– server4]α°A
v server9]D-hD
– server1]D-hD
15. sW °A server9AH gx 2 C
16. ½WzAHΣL gxCNAzuαbC@ gxWⁿ
w@íhD°AC
17. ¿ºßAN server1 Ωs gxñ°AWC
\ 137ysΩ zAHop≤⌡µBJ÷ΩTC
ⁿOµG
bdíñAzN@s gl≡AΣPI∩Idñ
PC
:
dn: o=ibm,c=usobjectclass: organizationobjectclass: ibm-replicationContext
Oznl≡CpGowgsbA∩ªsW
objclass=ibm-replicationContextA únsWπC
bodñAzN≤eΓíPh°ABΓíα°AAH6í °A
AHKG
v N peer1 ñΓ∩¿ΣhD°A] gx 1C
v gx 2 shD°A gate2C
: gx 2 ª)vAH gate2 ΣhD°ACdNúí
gCziH gx 1 ϕ@¼C²OAú"
JΩ]wñ gxC
Gate2 <-------------->Peer1(G)<---->Peer2| \ / || X |↓ / \ ↓
Forwarder1 Forwarder2/ | | \
Replica1 Replica2 Replica3 Replica4
1. ε°A gate2Bpeer1 M peer2C
2. z"N gate2Bpeer1 M peer2 tm¿Ph°ACsΦNUC
[J peer1 M peer2 ibmslapd.conf ñG
12 g 155
dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Serveribm-slapdMasterDN: cn=masteribm-slapdMasterPW: master
: ob°Añ@wnPA]od½≤Ob°AW@C
3. xs ibmslapd.conf C
4. bD°A peer 1 b≈WA@]t≤wΩTApA
mycredentialsfileAΣñ mycredentialsfile ]tG
dn: cn=replication,cn=localhostobjectclass: container
dn: cn=simple,cn=replication,cn=localhostobjectclass: ibm-replicationCredentialsSimplecn: simplereplicaBindDN: cn=masterreplicaCredentials: masterdescription: Bindmethod for topology
5. oXUCⁿOG
ldif2db -r no -i <mycredentialsfile>
6. N <mycredentialsfile> s gate2Bpeer2Bforwarder1 M forwarder2 b≈
WAMßoXUCⁿOG
ldif2db -r no -i <mycredentialsfile>
7. b peer1 b≈WA@ <mytopologyfile>AΣñ <mytopologyfile> ]
AG
: NUCñX <peer1-uuid> N¿D°A cn=Configurationñ ibm-slapdServerId CoOb@°A%°AúCziH∩ cn=Configuration ⌡µ ldapsearchApGzUNIX tAziH∩ ibmslapd.conf grep ⁿOCPaAz"NX <peerx-uuid>B<forwarderx-uuid>B<replicax-uuid M
< g a t e 2 - u u i d >]Σñ x Nϕ@rN¿÷°A
cn=Configuration ibm-slapdServerId CíXdñPezPhⁿOµdúP≤BíHΘπC
dn: o=ibm,c=uso: ibmobjectclass: topobjectclass: organizationobjectclass: ibm-replicationContext
dn: ibm-replicaGroup=default, o=ibm,c=usobjectclass: topobjectclass: ibm-replicaGroupibm-replicaGroup: default
#Make peer1 a gateway server for site 1dn: ibm-replicaServerId=<peer1-uuid>,ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicaSubentryobjectclass: ibm-replicaGatewayibm-replicaServerId: <peer1-uuid>ibm-replicationServerIsMaster: true
156 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
cn: peer1description: gateway server from replication site 1 to replication site 2
#Add gate2 as a gateway server for site 2dn: ibm-replicaServerId=<gate2-uuid>,ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicaSubentryobjectclass: ibm-replicaGatewayibm-replicaServerId: <gate2-uuid>ibm-replicationServerIsMaster: truecn: gate2description: gateway server from replication site 2 to replication site 1
dn: ibm-replicaServerId=<peer2-uuid>,ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <peer2-uuid>ibm-replicationServerIsMaster: truecn: peer2description: peer2 server
dn: ibm-replicaServerId=<forwarder1-uuid>,ibm-replicaGroup=default,o=ibm,c=us
objectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <forwarder1-uuid>ibm-replicationServerIsMaster: falsecn: forwarder1description: forwarder server number one
dn: ibm-replicaServerId=<forwarder2-uuid>,ibm-replicaGroup=default,o=ibm,c=us
objectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <forwarder2-uuid>ibm-replicationServerIsMaster: falsecn: forwarder2description: forwarder server number two
#peer1 to gate2 agreementdn: cn=gate2,ibm-replicaServerId=<peer1-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: gate2ibm-replicaConsumerId: <gate2-uuid>ibm-replicaUrl: ldap://<gate2hostname:gate2port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: supplier agreement from replication site1 to replication site2
#gate2 to peer1 agreementdn: cn=gate1,ibm-replicaServerId=<gate2-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: peer1ibm-replicaConsumerId: <peer1-uuid>ibm-replicaUrl: ldap://<peer1hostname:peer1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: supplier agreement from replication site2 to replication site 1
#peer1 ∩ peer2 ≤wdn: cn=peer2,ibm-replicaServerId=<peer1-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: peer2
12 g 157
ibm-replicaConsumerId: <peer2-uuid>ibm-replicaUrl: ldap://<peer2hostname:peer2port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: peer2 server
#peer1 ∩ forwarder1 ≤wdn: cn=forwarder1,ibm-replicaServerId=<peer1-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: forwarder1ibm-replicaConsumerId: <forwarder1-uuid>ibm-replicaUrl: ldap://<forwarder1hostname:forwarder1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: forwarder server one
#peer1 ∩ forwarder2 ≤wdn: cn=forwarder2,ibm-replicaServerId=<peer1-uuid>
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: forwarder2ibm-replicaConsumerId: <forwarder2-uuid>ibm-replicaUrl: ldap://<forwarder2hostname:forwarder2port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: forwarder server two
#peer2 ∩ peer1 ≤wdn: cn=peer1,ibm-replicaServerId=<peer2-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: peer1ibm-replicaConsumerId: <peer1-uuid>ibm-replicaUrl: ldap://<peer1hostname:peer1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: peer server one
#peer2 ∩ forwarder1 ≤wdn: cn=forwarder1,ibm-replicaServerId=<peer2-uuid>
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: forwarder1ibm-replicaConsumerId: forwarder1-uidibm-replicaUrl: ldap://<forwarder1hostname:forwarder1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: forwarder server one
#peer2 ∩ forwarder2 ≤wdn: cn=forwarder2,ibm-replicaServerId=<peer2-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: forwarder2ibm-replicaConsumerId: <forwarder2-uuid>ibm-replicaUrl: ldap://$<forwarder2hostname:forwarder2port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: forwarder server two
#forwarder1 ∩ replica1 ≤wdn: cn=replica1,ibm-replicaServerId=<forwarder1-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: replica1ibm-replicaConsumerId: <replica1-uuid>
158 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ibm-replicaUrl: ldap://<replica1hostname:replica1port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: replica server number one
#forwarder1 ∩ replica2 ≤wdn: cn=replica2,ibm-replicaServerId=<forwarder1-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: replica2ibm-replicaConsumerId: <replica2-uuid>ibm-replicaUrl: ldap://<replica2hostname:replica2port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: replica server number two
#forwarder2 ∩ replica3 ≤wdn: cn=replica3,ibm-replicaServerId=<forwarder2-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: replica3ibm-replicaConsumerId: <replica3-uuid>ibm-replicaUrl: ldap://<replica3hostname:replica3port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: replica server number three
#forwarder2 ∩ replica4 ≤wdn: cn=replica4,ibm-replicaServerId=<forwarder2-uuid>,
ibm-replicaGroup=default,o=ibm,c=usobjectclass: topobjectclass: ibm-replicationAgreementcn: replica4ibm-replicaConsumerId: <replica4-uuid>ibm-replicaUrl: ldap://<replica4hostname:replica4port>ibm-replicaCredentialsDN: cn=simple,cn=replication,cn=localhostdescription: replica server number four
8. pGnⁿJoAoXUCⁿOG
ldif2db -r no -i <mytopologyfile>
Σñ -r no iε gC
9. oAziαnⁿJzl≡ΣLΩC
10. ¿ΩⁿJApGnXHJΣL°AAoXUCⁿOG
db2ldif -s"o=ibm,c=us" -o <mymasterfile.ldif>
ΩTA\ 288ydb2ldif ízC
11. N <masterfile.ldif> s gate2 b≈WC
12. b gate2 b≈WAoXUCⁿOG
ldif2db -r no -i <masterfile.ldif>
13. N <masterfile.ldif> s peer2 b≈WC
14. b peer2 Mb≈WAoXUCⁿOG
ldif2db -r no -i <masterfile.ldif>
15. Tw forwarder1 M forwarder2 wgεC
16. z"N forwarder1 M forwarder2 tm¿α°ACsΦNUC
[J forwarder1 M forwarder2 ibmslapd.conf ñG
dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Server
12 g 159
ibm-slapdMasterDN: cn=masteribm-slapdMasterPW: masteribm-slapdMasterReferral: ldap://peer1hostname:peer1port/
: oiTO)ß≤súQ peer1C
17. N <masterfile.ldif> s forwarder1 M forwarder2 b≈WC
18. bC@í≈WoXUCⁿOG
ldif2db -r no -i <masterfile.ldif>
19. Tw replica1Breplica2Breplica3 M replica4 wgεC
20. z"N replica1Breplica2Breplica3 M replica4 tm¿ °ACsΦ
NUC[JC@í °A ibmslapd.conf ñG
dn: cn=Master Server, cn=configurationobjectclass: ibm-slapdReplicationcn: Master Serveribm-slapdMasterDN: cn=masteribm-slapdMasterPW: masteribm-slapdMasterReferral: ldap://peer1hostname:peer1port/
21. xs ibmslapd.conf C
22. N <masterfile.ldif> s replica1Breplica2Breplica3 M replica4 b≈WC
23. bC@í≈WoXUCⁿOG
ldif2db -r no -i <masterfile.ldif>
24. gate2Bpeer1Bpeer2Bforwarder1Bforwarder2Breplica1Breplica2Breplica3 M
replica4C
zg Web z@
Web zuπ⌡µUC@C
z
O gl≡SC
°
: °A"b⌡µA+α⌡µ@C
i²ñgzAA÷@UzC
1. ∩zn°l≡AMß÷@UπC
πbu gvMµñC÷@UΓTñiCqoMµAz
iHG
v sW C
v sΦ ÷ΩTC
v ≤ úPDnú°AAN ú&D°A
v Rú C
sW
\ 136y °AzC
160 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
sΦ≤wziH≤ UCΩTG
b°AWAzuα≤UCG
v D≈W
v ≡
v SSL
v í
bΣLWAziH≤UCG
v - \ 134yzC
v g - \ 165y gzC
v ≤ g \αCqú\αMµñAziH°∩⌠≤ún
g\αC
v ϕz¿A÷@UTwC
sΦ°A
: hD°A"O IBM Tivoli Directory Server 5.2 °AAOtΣhD g
@ºí IBM Directory Server 5.1 °AC
ziHⁿwD°AO gxWhD°AñΓC
pGnND°Aⁿw¿hD°AG
1. ∩°AOhD∩C
2. ÷@UTwC
pGnND°AhD°AñΓúG
1. °∩°AOhD∩C
2. ÷@UTwC
ΩTA\ 152y]whDzC
ú%°A
1. ∩°AAA÷@UC
2. ∩nN @°AA∩nN ú&D°AgC÷
@UC
3. bYípUAu∩ve⌡XAnDúúb cn=replication,cn=localhost
CbípUAz"ú≤ cn=replication,cn=localhost HaΦ
½≤Cq∩l≡NAsC\ 134
yzC
4. oπΣLú≤wC∩°AñΓAú≤wCpAp
GnN °AúPh°AAz"∩PΣL°AΣ
@h ú≤wCo≤w²ú&°Aα≈¿ΣL°AΣ
úCΣL°APΦú&º°Aú≤w,MAún½C
5. ÷@UTwC
12 g 161
≡ñ≤#MX°AC
ΩTA\ 144yPh g]w°zC
ND°A
YnND°AñΓ≤ °AA⌡µUCBJG
1. szn°A Web zuπC
2. ÷@UzC
3. ∩l≡÷@UπC
4. RúzQ°A≤wC
5. ∩zQ°AA÷@UC
6. ∩°A]znN°Am≤ΣUAMß÷@UC
7. pPznsW @Ab°AMΣúºíAsú≤
wC÷ⁿA\ 136y °AzC
gl≡
: °A"b⌡µA+α⌡µ@C
i²ñgzAA÷@UzC
v ÷@UsWl≡C
v ΘJzn gl≡ DNA÷@Us²iAH∩n@l≡ root
C
v ΘJD°Aα URLCo"H LDAP URL µíϕApG
ldap://<myservername>.<mylocation>.<mycompany>.com
v ÷@UTwC
v s°AπbuzveWA≤Ywgl≡ºUC
: b LinuxBSolaris HP-UX ¡xWApGαóATwwbzt⌠ñ
]wF⌠ LDAP_LOCK_RECCú⌠≤SwC
set LDAP_LOCK_REC=anyvalue
sΦl≡
o∩≤D°A URLAol≡Σ Ne≤sΩo°A
CpGz≤D°A≡D≈WBND°A≤úP°AAz
n⌡µUCBJ
1. ∩nsΦl≡C
2. ÷@UsΦl≡C
3. ΘJD°Aα URLCo"H LDAP URL µíϕApG
ldap://<mynewservername>.<mylocation>.<mycompany>.com
°°Abol≡WΩtñΓ w]DnB αAeWXúP
M÷sC
v ϕl≡ñΓ °AAⁿX°A α°AH°
A¿D°A÷s@πCpG÷@Uo÷sAhuWeb zuπvs
°AN¿D°AC
162 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v %sWUONl≡tm¿⌡µ g]Sw]sMlsbA
h l≡gH÷sgl≡@πXCpG÷@Uo÷sA
NsWw]sMlAuWeb zuπvs°A¿D°AC
v pGΣú⌠≤D°AlA l≡wq⌠≤D°ANH
°A¿D°A÷s@πXCpG÷@Uo÷sANsW.l
AuWeb zuπvs°A¿D°AC
úl≡
1. ∩núl≡C
2. ÷@URúl≡C
3. ϕnDzTRúA÷@UTwC
l≡qgl≡MµñúC
: uϕ ibm-replicaGroup=default OAo@+Q¿C
Rεl≡
ϕzQn∩⌡µ@iµ≤AoτCªNiH∩°A
≤sCCRε°AúⁿßnDCªu°Azv
εAⁿ)znDC
oτO BooleanC
1. ÷@URε/°RεRεl≡C
2. ϕnDT@A÷@UTwC
3. ÷@URε/°Rε°Rεl≡C
4. ϕnDT@A÷@UTwC
sΦsεMµ
gΩT] lB g≤wBBiαOxsbSϕ½≤
ibm-replicagroup=default UCibm-replicagroup ½≤O≤ gl≡ root UC
w]Aol≡q gl≡ root ACLCo ACL iαúAX
ε∩ gΩTsC
"nv¡G
v ε g - z"π ibm-replicagroup=default ½≤gJsv]¡/
zC
v ÑíCε g - z"π ibm-replicagroup=default ½≤gJsv]¡
/zC
v εεC - z"π g≤wgJsvC
YnQuWeb zuπví° ACL eH ACLA\ 209
y ACLzC
ΣlΩTA\ 201 15 , ysεMµzC
12 g 163
∩ge
i²ñgzAMß÷@UzgeC
qoeñAziHG
v ∩q g¼Ad#m≤W¡Cw]O 200C
v sWBsΦRúúΩTC
sWúΩT
1. ÷@UsWC
2. qU\αϕñ∩@úAΘJznsWú gl≡WC
3. ΘJ gs DNC
: ziHoΓ∩⌠≤@A°z¼p wC
v ’w]Mα’A g°Al≡]w gs DN]MK
XHw]αCqP@ú gl≡Aiαo
\αC
v C@ gl≡!O]w gs DN MKXAΦkOC@l≡s
WúΩTCϕC@l≡úúPú]τYC@l≡D°
AúPAiαo\αC
4. °¼ wAΘJTKXC]zºewgO²oKXHΘß
C
v ÷s - ⁿw DN MKX
v Kerberos - ’ibm-kn=LDAP-service-name@realm’ µíⁿwΩ DNA
BúⁿwKX
v SSL H/ EXTERNAL s - ⁿwDD DNA²úⁿwKX
\ 134yzC
5. ÷@UTwC
úl≡[JuúvΩTMµñC
sΦúΩT
1. ∩znsΦúl≡C
2. ÷@UsΦC
3. pGznsΦw]Mα]b cn=configuration U cn=Master Server
Abuw]ú LDAP URLvµñAΘJßn¼ ≤s
°A URLCª"O LDAP URL]ldap://ChA⌡BJ 4C
4. ΘJzns gs DNC
5. ΘJTKXC
6. ÷@UTwC
úúΩT
1. ∩znúúl≡C
2. ÷@URúC
3. ϕnDzTRúA÷@UTwC
164 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
l≡NquúvΩTMµñúC
g
ziH∩wq AN gwbSwíAOúnbSwí⌡µ
gCpGzSACiµ≤A°ANw gCoÑ≤Oⁿw@
AbC6 12:00 AM l gC
i²ñgzAMß÷@UzC
bCgñA∩znl≡AMß÷@UπCpG⌠≤
sbAªπbCgΦ⌠ñCYnsWG
1. ÷@UsWC
2. ΘJWCpAschedule1C
3. ∩≤@gñC@6]P6P*ACΘⁿw¿LCoϕ⌠≤
g≤s≤CW g≤]pG,MC]oOs AH
S²e g≤A]Nw]Y gC
4. ziH∩@gñ@6AA÷@UsWCΘªCΘ gCpG
zCΘAªN¿@gñC@6w]CziHG
v NCΘOC@6w]A∩SwΘAMßN#uLvCO
ϕA∩≤Sw g≤%@6AWo g≤,C
v ∩@ΘAA÷@UsΦCΘA∩CΘCOϕACΘ≤
vTΘA úuvTz∩%@ΘC
v ∩@ΘAA÷@UsWCΘAúPCΘCbFo
ßAªNsWCΘU\αϕC∩≤zQnC@6Az"∩
oC
\yCΘzAHop≤]wCΘΩTC
5. ϕz¿A÷@UTwC
CΘi²ñgzAMß÷@UzC
bCΘñA∩znl≡AMß÷@UπCpG⌠≤
sbAªπbCΘΦ⌠ñCYnsWG
1. ÷@UsWC
2. ΘJWCpAmonday1C
3. ∩]wGUTC ϕaC
4. qU\αϕ∩ g¼G
Y ⌡µ⌠≤qW g≤ßm≤sAMß≥≤sAU
@w≤s≤FεC
@ blíºeA⌡µm≤sC⌠≤blíß≤sN
ÑU@w g≤C
5. ∩ g≤líC
6. ÷@UsWCoπ g≤¼íC
7. sWú≤¿zC≤Mµ í½sπzC
12 g 165
8. ϕz¿A÷@UTwC
pG
ϕ 15.
g¼ lí
Y 12:00 AM
@ 10:00 AM
@ 2:00 PM
Y 4:00 PM
@ 8:00 PM
boñA@ g≤ob:]A B≤s⌠≤bíem
≤Cϕ g≤soAª≥ 10:00 AMC10:00 AM P 2:00 PM ºí
≤sÑ 2:00 PM + gC⌠≤b 2:00 PM P 4:00 PM ºí≤sNÑ
wb 4:00 PM g≤AºßA g≤s≥U@wb 8:00 PM
g≤C⌠≤b 8:00 PM ºß≤sNÑU@w g≤C
: pG g≤wí=±AhbwU@≤ApG)²e≤≤s,biµñAhiα≥ó g≤C
zεC
o@i²z°°AC@ g≤w]εC g¼AC
i²ñgzAMß÷@UzεCC
∩znzεC C
v ° ¼A wAziH÷@U/ε gC
v ÷@UjógAúwU@ gO>≥Aú gmñ
≤C
v ÷@UεCHo÷ εCπΩTCz]iHqo∩zε
CC
v ÷@U½sπz≤sεCHMú°ATºC
εCpGz÷@UεCANπTG
v ¼A
v e
v m≤
¼Aπ WB l≡B ¼AM g÷²CboeñA
ziH÷@U# gCziH÷@U½sπz≤sεCΩTC
eúe≤s÷ΩTCpGLkⁿJA÷U⌡L²
≥ gU@mCziH÷@U½sπz≤sεCΩTC
m≤π m≤CpG gQ²AziH÷@Uí⌡L
Rúm≤CziH÷@U½sπz≤sm≤MµAH#Mwg
Bz⌠≤s≤sC
166 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
: pGz∩n⌡L²≤AN"Tw°AßQ≤sCΩTA\ 291yldapdiffzC
zgⁿOµ@
ⁿwl≡ú DN MKX
ziHSwl≡ⁿwú DN M PWCpGno≥Ah MD°AWn
UCΩTC
pGnl≡ AznbD°AM ºí@ ≤wA\
132y g≤wzCo≤w"ⁿJD°AM WCΓ°Aºí÷
YOGun°AO úA OD°AC
1 . bD°Ab≈WA@]t≤wΩTApA
mysupplierinfofileAΣñ mysupplierinfofile ]tG
#Replication data on the master:
dn: o=IBM,c=USobjectclass: organization
dn: ou=Test,o=IBM,c=USobjectclass: organizationalunitobjectclass: ibm-replicationContextaclentry: access-id:CN=this:object:a:normal:rwsc:sensitive:rwsc:critical:rwscentryowner: access-id:CN=this
dn: ibm-replicaGroup=default, ou=Test,o=IBM,c=USobjectclass: topobjectclass: ibm-replicaGroupibm-replicaGroup: default
dn: cn=replica1 BindCredentials, cn=localhostobjectclass: ibm-replicationCredentialsSimplecn: replica1 BindCredentialsreplicaBindDN: cn=s1replicaCredentials: s1description: Bindmethod of master to replica1
dn: ibm-replicaServerId=<master-uuid>,ibm-replicaGroup=default,ou=Test,o=IBM,c=US
#master uuid is whatever the server ID is set to in your ibmslapd.conf#on the master.objectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <master-uuid>ibm-replicationServerIsMaster: truecn: masterdescription: master server
dn: cn=replica1,ibm-replicaServerId=<master-uuid>,ibm-replicaGroup=default,ou=Test,o=IBM,c=US
objectclass: topobjectclass: ibm-replicationAgreementcn: replica1ibm-replicaConsumerId: <replica1-uuid>#<replica1-uuid> is whatever the server ID is set to in your#replica ibmslapd.conf file.ibm-replicaUrl: ldap://<replica1hostname:replica1port>ibm-replicaCredentialsDN: cn=replica1 BindCredentials, cn=localhostdescription: replica server number one
2. εD°A]YεC
12 g 167
3. oXUCⁿOG
ldif2db -r no -i <mysupplierinfofile>
4. oXUCⁿOG
db2ldif -o <masterfile.ldif>
ΩTA\ 288ydb2ldif ízC
5. N <masterfile.ldif> s replica1 b≈C
6. ε ]pGb⌡µñC
7. z"N replica1 tm¿ °ACsΦNUC[J replica1
ibmslapd.conf ñG
dn: cn=Master Server, cn=configurationcn: Master Serveribm-slapdMasterDN: cn=masteribm-slapdMasterPW: <masterserverpassword>ibm-slapdMasterReferral: ldap://<masterhostname:masterport>objectclass: ibm-slapdReplication
dn: cn=Supplier s1, cn=configurationcn: Supplier s1ibm-slapdMasterDN: cn=s1ibm-slapdMasterPW: s1ibm-slapdReplicaSubtree: ou=Test, o=IBM, c=USobjectclass: ibm-slapdSupplier
8. xs ibmslapd.conf C
9. oXUCⁿOG
ldif2db -r no -i <masterfile.ldif>
10. master M replica1C
°gtmΩT
jMAiHΣϕhP gí÷ΩTCpGndPSw gl≡
÷ gΩTAziH⌡µµ@hjMAN≥ª]wl≡ DNANLo°
≤]]objectclass=ibm-replicaGroupAMΣ@ΩT≥ªlCpGo g⌠wqOzL W e b zAhWNO
ibm-replicaGroup=defaultC
ldapsearch -D <adminDN> -w <adminPW> -b <suffixentryDN> (objectclass=*)
#½≤]t s¡AtUCG
v g⌠wqΩC@°Aú@π
objectclass=ibm-replicaSubentry ½≤C l]t@°A ID H
°AΩtñΓⁿ]ibm-replicationServerIsMasterC
v bC@ lñAC@q lí°A¼ g≤s
°AAú@ g≤w½≤CC@ g≤wú]tUCΩTG
– ibm-replicaConsumerIdG°A°A IDC
– ibm-replicaURLG°A LDAP URLC
– ibm-replicaCredentialsDNG]tsº DNC
≤wiα]tUCG
168 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
– ibm-replicaScheduleDNGP≤nN g≤seo DNCpGⁿwAh gw]O ″Y″ íC
– ibm-replicationOnHoldGⁿX∩ gOw BooleanC
– ibm-replicationExcludedCapabilityGúΣ\αoMµ OID
Ce≤sNPo\α÷@úbC
g¼A
AbjMYTnDA\h@iúz g¼AΩTCP÷Σ
ñ@O gl≡≥ªAτYA[J ibm-replicationContext ½≤OCpGz∩⌡µ≥jMABnDn#∩ibm-replicationIsQuiesced CoOⁿXl≡OwgRε Boolean CpGl≡wgRεANúe\⌠
≤ß≤s]uⁿ) gú≤sCoO@XR@AiRεl
≡A\ 257yldapexopzC
ΣLP¼A÷@úP g≤w½≤ú÷pCubjMTnDA
+#oCipUG
v ibm-replicationLastActivationTimeGúPºíe gÑq@íC
v ibm-replicationLastFinishTimeGúMºee¿ gÑq@íC
v ibm-replicationLastChangeIdGee≤s≤ IDC
v ibm-replicationLastGlobalChangeIdGees≤s≤ IDCsOⁿA≤ DIT πeAp cn=schema
cn=pwdpolicyC
v ibm-replicationStateG g@µ¼ACiα]AG
@ñ be≤s≤s]iαO]o ½C
B≤Y gíA e≤sC
Ññ bÑU@w gíC
sñ bsC
s ñ bsC
OnHold g≤wwg ″Od″C
v ibm-replicationLastResult e@≤soGAΣµíG
<íWO> <≤ ID> <GX> <@> < DN>
v ibm-replicationLastResultAdditionalGe≤sq#⌠≤ΣLΩTC
v ibm-replicationPendingChangeCountGbεCñJn go≤sC
v ibm-replicationPendingChangesGoC@úúΣñ@m≤÷ΩTAΣµíG
<≤ ID> <@> < DN>
nDoAiα#\hCbnDoºeAd≤pC
12 g 169
v ibm-replicationChangeLDIFGú LDIF ñeó≤sπC
hD°A
shD°A
: bhD°AºßAz"s g≤w#MsCΩT\ 132y g≤wzC
b DIT ñs ⌠wqB sP lC l"]t
ibm-replicaSubentry ½≤OM ibm-replicaGateway U½≤OCibm-replicaSubentry
½≤OM ibm-replicaGateway U½≤ObUCdñOHΘϕG
dn: o=sandboxobjectclass: topobjectclass: organizationobjectclass: ibm-replicationContext
dn: ibm-replicagroup=default,o=sandboxobjectclass: topobjectclass: ibm-replicaGroupibm-replicagrpoup: default
dn: ibm-replicaServerId=<serverid>,ibm-replicagroup=default,o=sandboxobjectclass: topobjectclass: ibm-replicaSubentryobjectclass: ibm-replicaGatewayibm-replicaServerId:<serverid>ibm-replicationServerIsMaster: TRUEcn: <servername>
Σñ <servername> O°AWA<serverid> Ob@°Aⁿw 37
rrΩCbⁿOúUΘJUCⁿOiΣ°A IDG
ldapsearch -b "" -s base objectclass=*
α½Ph°AhD°A
: bhD°AºßAz"°ún g≤ws g≤wH#MsCp g≤wΣL÷ΩTA\ IBM Directory Server 5.1 z
ΓUC
bα½Ph°AhD°AºeATwl≡ORε BSmñ
≤CUCdπuúOvtmhD°A lC
dn: o=sandboxobjectclass: topobjectclass: organizationobjectclass: ibm-replicationContext
dn: ibm-replicagroup=default,o=sandboxobjectclass: topobjectclass: ibm-replicaGroupibm-replicagrpoup: default
dn: ibm-replicaServerId=<serverid>,ibm-replicagroup=default,o=sandboxobjectclass: topobjectclass: ibm-replicaSubentryibm-replicaServerId: <serverid>ibm-replicationServerIsMaster: TRUEcn: <servername>
170 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
pGnNPhα½hDAN ibm-replicaGateway auxiliary ½≤OsW DIT
ñ lñCibm-replicaGateway U½≤ObUCdñHΘϕC
dn: ibm-replicaServerId=<serverid>,ibm-replicagroup=default,o=sandboxchangetype: modify
add: objectclassobjectclass: ibm-replicaGateway
Σñ <servername> O°AWA<serverid> Ob@°Aⁿw 37
rrΩCbⁿOúUΘJUCⁿOiΣ°A IDG
ldapsearch -b "" -s base objectclass=*
12 g 171
172 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
13 Θxí
IBM Tivoli Directory Server 5.2 úFizLuWeb zuπvtⁿOµ
°ΘxOⁿíC
:
1. buWeb zuπvñA@DCñΘxµisuWeb zD
xvΘxCziUCUñⁿwAs IBM Tivoli Directory Server
ΘxC
2. b Windows ¼tñApG⌠YO≈r)MANQOπ⌠
C⌠pGút≈r)ANNϕΣYw≡¼cCdG
c:\tmp\mylog O@π⌠A \tmp\mylog ¿ c:\program
files\ibm\ldap\tmp\mylogC
uzzs¿iH°sΘxΩTC
∩ΘxOⁿ
bw]ípUAΘx ibmslapd.log ∩Θx]wG
1. i²ñu°AvzA÷@UΘxAMß÷@U∩Θx]wC
2. ΘJΘx⌠WCTw⌠OCpGúsbA
CΘx]iHVHFΦApAµíLϕ≈C
: pGzⁿwOLkⁿ]pAykL°AS/
∩vQAhNóA BXUCG LDAP Server ú@
N⌡µ@C
3. Θxh∩uCvBuñvu¬vC
v uCvOⁿ.qΩTApG
Mar 29 11:03:23 2002 IBM Directory, Version 5.2slapd started.
v uñvOⁿñqΩTApG
Mar 29 11:07:51 2002 Configuration read securePort 636.Mar 29 11:07:51 2002 Plugin of type PREOPERATION is successfully
loaded from libDSP.dll.Mar 29 11:07:51 2002 Plugin of type DATABASE is successfully loaded from
C:\Program Files\IBM\LDAP/bin/libback-rdbm.dll.Mar 29 11:08:11 2002 Non-SSL port initialized to 389.Mar 29 11:08:12 2002 IBM Directory, Version 5.2slapd started.
v u¬vOⁿjqΩTApG
Mar 29 11:04:05 2002 Configuration read securePort 636.Mar 29 11:04:05 2002 Configuration read cipher specifications
mask to be 12288.Mar 29 11:04:05 2002 Plugin of type PREOPERATION is successfully
loaded from libDSP.dll.Mar 29 11:04:05 2002 Plugin of type DATABASE is successfully loaded from
C:\Program Files\IBM\LDAP/bin/libback-rdbm.dll
© Copyright IBM Corp. 2003 173
Mar 29 11:04:24 2002 Configuration file successfully read.Mar 29 11:04:24 2002 Non-SSL port initialized to 389.Mar 29 11:04:25 2002 IBM Directory, Version 5.2slapd started.
4. ÷@UTwMz≤A÷@U°≡# IBM Tivoli Directory Server Web
zw∩eA ú⌠≤≤C
5. ÷@UTw≡# IBM Tivoli Directory Server Web zw∩eC
ⁿOµG
oXUCⁿOG
ldapmodify -D <adminDN < -w >adminPW> -i <filename>
Σñ <filename> ]tG
dn: cn=Configurationchangetype: modify
replace: ibm-slapdErrorLogibm-slapdErrorLog: <newpathname>-replace: ibm-slapdSysLogLevelibm-slapdSysLogLevel: l | m | h
pGnA≤s]wAoXUC ldapexop ⁿOG
ldapexop -D cn=root -w root -op readconfig -scope entire
ldapexop ⁿOu≤sACF²ΣL≤Az"ε½s°AC\ 393yA≤zAHoiAΦí≤sMµC
°Θx
UC°ΘxC
Web zG
1. i²ñΘxAMß÷@U°ΘxC
2. eπΘx@A Bes²bYi²zUA
WCziHq\αϕñ∩SwAp 6/16 AMß÷@UAπ
Θx%@C
ziHG
v ÷@U½sπz≤sΘxñC
v ÷@UMúΘxRúzníΘxñC
v ÷@U÷¼i≡# IBM Tivoli Directory Server Web zw∩eC
ⁿOµG
Yn°ΘxAoXUCⁿOG
more /var/ldap/ibmslapd.log
Σñ var/ldap/ibmslapd.log OzΘxC
: v a r / l d a p / i b m s l a p d . l o g O U N I X tw]ΘxA
installpath\var\ibmslapd.log O Windows tw]ΘxC
174 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
YnAa°MúΘxG
ldapexop -D cn=root -w root -op readlog -log slapd -lines allldapexop -D cn=root -w root -op clearlog -log slapd
fΘx
fΘxO∩²°AwC°AHw]fíC f
tmAoíiα∩°ABzC@ LDAP @ANfOⁿ
bw]ⁿwfΘxCtziHfΘxñxsíAdO
i¼íAbwHWCpGH#wAhfΘxi
PwDp≤≤oAHiαy¿laCΩTODU≤qHW
AHiαU≤o≤nwIAεDCz]iHg)
vfíANw]fíAsW≤hBzw]f
íC
w]AfΘxOC
: zs¿iH°fΘxM]wA²Oúα∩Cu Root ziH
sB≤MúfΘxC
fΘx∩fΘx]w
YnfΘxG
1. is²ñΘxAA÷@U∩fΘx]wC
2. ∩fΘxfΘxíC
3. ∩znfC 1 ²efOⁿ\αH⌠≤σRfΘx
íC 2 i²zOⁿ@AM Aziαn∩σRf
ΘxíC
4. ∩Oⁿw∩@óAOⁿw∩@C
5. ΘJfΘx⌠MWCfΘx]iHVHFΦApAµí
Lϕ≈C
6. ∩nOⁿ@Cd\µíAHo÷ziHOⁿU@ΣLΩ
TC
v s - O²°Asu
v s - O²P°Añsu
v jM - O²%⌠≤ß⌡µ LDAP jM@
v sW - O² LDAP sW
v ∩ - O² LDAP ∩
v Rú - O²q LDAP Rú
v ∩ RDN - O² RDN ∩
v ≤q - O²≤q
v @- O²∩°A⌡µ@
: pGz∩f 1 A∩@ú\αCz"∩f
2 +αf@B@C
7. ÷@UTwMz≤A÷@U°≡# IBM Tivoli Directory Server Web
zw∩eA ú⌠≤≤C
13 Θxí 175
ⁿOµGoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> ]tG
dn: cn=audit, cn=localhostchangetype: modify
replace: ibm-auditibm-audit: true
-replace: ibm-auditaddibm-auditadd: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace: ibm-auditbindibm-auditbind: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace: ibm-auditdeleteibm-auditdelete: TRUE|FALSE-replace: ibm-auditextopeventibm-auditextopevent: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace: ibm-auditfailedoponlyibm-auditfailedoponly: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace: ibm-auditlogibm-auditlog: <newpathname>-replace: ibm-auditmodifyibm-auditmodify: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace: ibm-auditmodifydnibm-auditmodifydn: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace: ibm-auditsearchibm-auditsearch: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace: ibm-auditunbindibm-auditunbind: TRUE|FALSE#∩ TRUE HA∩ FALSE H-replace: ibm-auditversionibm-auditversion: 1|2#pGn@fA∩ 2-replace: ibm-auditExtOpibm-auditExtOp: TRUE|FALSE#∩ TRUE HA∩ FALSE H
: pGzbutmvíñfΘxOⁿA ⁿw DN O dn: cn=audit,
cn=configurationCb@δíU°AA∩ DN ⌠≤≤úQg
¿ dn: cn=audit, cn=localhost C
176 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
fΘx
YnfΘxG
Web zG
1. is²ñΘxAA÷@U∩fΘx]wC
2. °∩fΘxC
3. ÷@UTwMz≤A÷@U°≡# IBM Tivoli Directory Server Web
zw∩eA ú⌠≤≤C
ⁿOµGoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> ]tG
dn: cn=audit, cn=localhostchangetype: modify
replace: ibm-auditibm-audit: flase
: pGzbutmvíñfΘxOⁿA ⁿw DN O dn: cn=audit,
cn=configurationCb@δíU°AA∩ DN ⌠≤≤úQg
¿ dn: cn=audit, cn=localhost C
°fΘx
fΘx í²ßπfΘxCC@DTºút@δΩTYAß
≥@SΩCpA
2000-03-23-16:01:01.345-06:00--V3 Bind--bindDN:cn=root--client:9.1.2.3:12345--
ConnectionID:12--received:2000-03-23-16:01:01.330-06:00--success
name: cn=rootauthenticationChoice: simple
pGfO 2 AYK]t ″AuditV2--″C
AuditV2--2003-07-22-09:39:54.421-06:00DST--V3 Bind--bindDN: cn=root--client: 127.0.0.1:8196--connectionID: 3--received: 2003-07-22-09:39:54.421-06:00DST--Success
YπUCµíG
íWO 1 ″--″OⁿϕaíA½ÑºABznDíCíWOOHµí
YYYY-MM-DD-HH:MM:SS.mmm=(or-)HH:MM ϕC=(or=)HH:MM O UTC
tCmmm O@ϕC
X+[SSL]+[gOW] @″--″πw¼Bz LDAP nDCXO V2 V3Cb SSL ≤s
uA+π SSLCgOWπHⁿXnDO)gO
WßCpGnD)wOßAhJúπgO
ßA]úπWßC
bindDN:πs D NC∩≤ V 3 gOWnDAoµO
<*CN=NULLDN*>C
13 Θxí 177
ß:ß IP :≡ ″--″πß IP ≡C
ConnectionID: xxxx ″--″sbP@su]ϕbsP/sºíñ@¼C
w¼GíWO 2 ″--″O¼nDϕaíA≤SwíAYBznDlíCªµí
P≤uíWO 1vC
G¼ArΩ
π LDAP @G¼AC∩≤GrΩANOⁿσrµí LDAP
resultCodeApAsuccess operationsErrorA úO 0 1C
@SΩ≥bYºßAπ@SΩC
v s@
name: Y249bWFuYWdlcg0KauthenticationChoice: simple
v sW@
entry: cn=Jim Brown, ou=sales,o=ibm_us,c=usattributes: objectclass, cn, sn, telphonenumber
v Rú@
entry: cn=Jim Brown, ou=sales,o=ibm_us,c=us
v ∩@
object: cn=Jim Brown, ou=sales,o=ibm_us,c=usadd: maildelete: telephonenumber
UC°fΘxG
Web zGYn°fΘxG
1. is²ñΘxAA÷@U°fΘxC
2. eπfΘx@A Bes²bYi²zUA
WCziHq\αϕñ∩SwAp 6/16 AMß÷@Uπf
Θx%@C
ziHG
v ÷@U½sπz≤sΘxñC
v ÷@UMúΘxRúfΘxñC
v ÷@U÷¼i≡# IBM Tivoli Directory Server Web zw∩eC
ⁿOµGYn°ΘxAoXUCⁿOG
more /var/ldap/audit.log
Σñ /var/ldap/audit.log OzΘxC
: /var/ldap/audit.log O UNIX tw]fΘxA
installpath\var\audit.log O Windows tw]fΘxC
178 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
YnAa°MúfΘxG
ldapexop -D cn=root -w root -op readlog -log audit -lines allldapexop -D cn=root -w root -op clearlog -log audit
DB2 ΘxOⁿ
∩ DB2 Θx]w
1. i²ñΘxAMß÷@U∩ DB2 Θx]wC
2. ΘJΘx⌠WCqAoO≤ /var/ldap ²ñ db2cli.log C
Tw⌠OCpGúsbAC
: var/ldap/db2cli.log O U N I X tw] D B 2 ΘxA
installpath\var\db2cli.log O Windows tw] DB2 ΘxC
3. ÷@UTwMz≤A÷@U°≡# IBM Tivoli Directory Server Web
zw∩eA ú⌠≤≤C
4. ÷@UTw≡# IBM Tivoli Directory Server Web zw∩eC
ⁿOµGoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> ]tG
dn: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationchangetype: modify
replace: ibm-slapdCLIErrorsibm-slapdCLIErrors: <newpathname>
pGnA≤s]wAoXUC ldapexop ⁿOG
ldapexop -D cn=root -w root -op readconfig -scope single"cn=Directory,cn=RDBM Backends,cn=IBM Directory,cn=Schemas,cn=Configuration"ibm-slapdCLIErrors
ldapexop ⁿOu≤sACF²ΣL≤Az"ε½s°AC\ 393yA≤zAHoiAΦí≤sMµC
° DB2 Θx
ziHUC° DB2 ΘxC
Web zG
1. i²ñΘxAMß÷@U° DB2 ΘxC
2. eπ DB2 Θx@A Bes²bYi²zUA
WCziHq\αϕñ∩Sw]p 6/16 AMß÷@UAπ DB2
Θx%@C
ziHG
v ÷@U½sπz≤sΘxñC
v ÷@UMúΘxRú DB2 ΘxñC
v ÷@U÷¼i≡# IBM Tivoli Directory Server Web zw∩eC
13 Θxí 179
ⁿOµGpGn° DB2 ΘxAoXUCⁿOG
more /var/ldap/db2cli.log
Σñ var/ldap/db2cli.log Oz DB2 ΘxC
: v a r / l d a p / d b 2 c l i . l o g O U N I X tw] D B 2 ΘxA
installpath\var\db2cli.log O Windows tw] DB2 ΘxC
HAΦí°Mú DB2 ΘxG
ldapexop -D cn=root -w root -op readlog -log cli -lines allldapexop -D cn=root -w root -op clearlog -log cli
bulkload Θx
∩jqⁿJΘx]w
1. is²ñΘxAA÷@U∩ bulkload Θx]wC
2. ΘJΘx⌠WCqAoO≤ /var/ldap ²ñ bulkload.log
CTwsb≤ ldap °AWA B⌠C
: var/ldap/bulkload.log O UNIX tw]jqⁿJΘxA
installpath\var\bulkload.log O Windows tw]jqⁿJΘxC
3. ÷@UTwMz≤A÷@U°≡# IBM Tivoli Directory Server Web
zw∩eA ú⌠≤≤C
4. pGz÷@UTwANπ@hTºAú⌠zn½s°AC÷@UTw
≡# IBM Tivoli Directory Server Web zw∩eC
ⁿOµGoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> ]tG
dn: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configurationchangetype: modify
replace: ibm-slapdBulkloadErrorsibm-slapdBulkloadErrors: <newpathname>
pGnA≤s]wAoXUC ldapexop ⁿOG
ldapexop -D cn=root -w root -op readconfig -scope single"cn=Directory,cn=RDBM Backends,cn=IBM Directory,cn=Schemas,cn=Configuration"ibm-slapdBulkloadErrors
ldapexop ⁿOu≤sACF²ΣL≤Az"ε½s°AC\ 393yA≤zAHoiAΦí≤sMµC
° bulkload Θx
UC° bulkload ΘxC
Web zG
1. i²ñΘxAMß÷@U°jqⁿJΘxC
180 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
2. eπjqⁿJΘx@A Bes²bYi²zUA
WCziHq\αϕñ∩SwAp 6/16 AMß÷@Uπ
jqⁿJΘx%@C
ziHG
v ÷@U½sπz≤sΘxñC
v ÷@UMúΘxRújqⁿJΘxñC
v ÷@U÷¼i≡# IBM Tivoli Directory Server Web zw∩eC
ⁿOµGYn° bulkload ΘxAoXUCⁿOG
more /var/ldap/bulkload.log
Σñ var/ldap/bulkload.log Oz bulkload ΘxC
: v a r / l d a p / b u l k l o a d . l o g O U N I X tw]ΘxA
installpath\var\bulkload.log hO Windows tw] bulkload ΘxC
YnAa°Mú bulkload ΘxG
ldapexop -D cn=root -w root -op readlog -log bulkload -lines allldapexop -D cn=root -w root -op clearlog -log bulkload
zníΘxOⁿ
∩zníΘx]w
1. is²ñΘxAA÷@U∩zníΘx]wC
2. ΘJzníΘx⌠MWCqAoO≤ /var/ldap ²ñibmdiradm.log CTwsb≤ ldap °AWA B⌠C
: var/ldap/ibmdiradm.log O UNIX tw]zníΘxA
installpath\var\ibmdiradm.log O Windows tw]zníΘ
xC
3. ÷@UTwMz≤A÷@U°≡# IBM Tivoli Directory Server Web
zw∩eA ú⌠≤≤C
4. pGz÷@UTwANπ@hTºAú⌠zn½s°AC÷@UTw
≡# IBM Tivoli Directory Server Web zw∩eC
5. z"ε°AA≤+C\ 24yPε°AzC
ε°AºßAz"naεMßAzníA+α½s∩≡i
µPBC
v b UNIX tñG
ibmdirctl -D <AdminDN> -w <Adminpw> admstop
ibmdiradm
v b Windows tG
a. zLuεxvAuAv°íC
b. ÷@U Directory Admin DaemonC
c. ÷@U@ -> εC
13 Θxí 181
½s°AC
ⁿOµGoXUCⁿOG
ldapmodify -D <adminDN> -w >adminPW> -i <filename>
Σñ <filename> ]tG
dn: cn=Admin, cn=Configurationchangetype: modify
replace: ibm-slapdErrorLogibm-slapdErrorLog: <newpathname>
z"ε°AA≤+Cε°AºßAz"bεAMßA
zníA+α½s∩≡iµPBC°AC
ibmdirctl -D <AdminDN> -w <AdminPW> -p 389 stop
ibmdirctl -D <AdminDN> -w <AdminPW> admstop
ibmdiradm
ibmdirctl -D <AdminDN> -w <AdminPW> start
°zníΘx
UC°zníΘxC
Web zG
1. i²ñΘxAMß÷@U°zníΘxC
2. eπzníΘx@A Bes²bYi²zU
AWCziHq\αϕñ∩SwAp 6/16 AMß÷@U
AπzníΘx%@C
ziHG
v ÷@U½sπz≤sΘxñC
v ÷@UMúΘxRúzníΘxñC
v ÷@U÷¼i≡# IBM Tivoli Directory Server Web zw∩eC
ⁿOµGYn°zníΘxAoXUCⁿOG
more /var/ldap/ibmdiradm.log
Σñ var/ldap/ibmdiradm.log OzuWeb zvΘxC
: var/ldap/ibmdiradm.log O UNIX tw]uWeb zvΘxA
installpath\var\ibmdiradm.log hO Windows tw]uWeb zvΘ
xC
YnAa°MúuWeb zvΘxG
ldapexop -D >adminDN> -w >adminPW> -op readlog -log ibmdiradm -lines allldapexop -D >adminDN> -w >adminPW> -op clearlog -log ibmdiradm
182 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
znífOⁿ
: zs¿iH°znífΘxM]wA²Oúα∩Cu Root
ziHsB≤MúznífΘxC
znífΘxP∩zfΘx]w
1. is²ñΘxAA÷@U∩znífΘx]wC
2. ∩znífOⁿAHfΘxí≤zníC
: w]CpGz²eznífΘx+n∩∩C
3. ΘJznífΘx⌠MWCqAoO≤ /var/ldap ²ñadminAudit.log CTwsb≤ ldap °AWA B⌠C
: var/ldap/adminAudit.log O UNIX tw]znífΘxA
installpath\var\adminAudit.log O Windows tw]zníf
ΘxC
4. ÷@UTwMz≤A÷@U°≡# IBM Tivoli Directory Server Web
zw∩eA ú⌠≤≤C
5. pGz÷@UTwANπ@hTºAú⌠zn½s°AC÷@UTw
≡# IBM Tivoli Directory Server Web zw∩eC
6. z"ε°AA≤+C\ 24yPε°AzC
ε°AºßAz"naεMßAzníA+α½s∩≡i
µPBC
v b UNIX tñG
ibmdirctl -D <AdminDN> -w <Adminpw> admstop
ibmdiradm
v b Windows tG
a. zLuεxvAuAv°íC
b. ÷@U Directory Admin DaemonC
c. ÷@U@ -> εC
d. ÷@U Directory Admin DaemonC
e. ÷@U@ -> C
½s°AC
ⁿOµGoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> ]tG
dn: cn=Admin Audit, cn=Configurationchangetype: modify
replace: ibm-auditibm-audit: true-replace: ibm-auditLogibm-auditLog: <newpathname>
13 Θxí 183
z"ε°AA≤+Cε°AºßAz"bεAMßA
zníA+α½s∩≡iµPBC½s°AC
ibmdirctl -D <AdminDN> -w <adminPW> -p 389 stop
ibmdirctl -D <AdminDN> -w <adminPW> admstop
ibmdiradm
ibmdirctl -D <AdminDN> -w <adminPW> start
znífΘx
YnfΘxG
Web zG
1. is²ñΘxAA÷@U∩znífΘx]wC
2. °∩znífOⁿC
3. ÷@UTwMz≤A÷@U°≡# IBM Tivoli Directory Server Web
zw∩eA ú⌠≤≤C
ⁿOµGoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> ]tG
cn=Admin Audit, cn=Configurationchangetype: modify
replace: ibm-auditibm-audit: flase
: pGzbutmvíñznífΘxOⁿAⁿw DN O dn:
cn=audit, cn=configurationCb@δíU°AA∩ DN ⌠≤≤
úQg¿ dn: cn=audit, cn=localhost C
°znífΘx
UC°znífΘxC
Web zG
1. i²ñΘxAMß÷@U°znífΘxC
2. eπznífΘx@A Bes²bYi²z
UAWCziHq\αϕñ∩SwAp 6/16 AMß÷@U
AπznífΘx%@C
ziHG
v ÷@U½sπz≤sΘxñC
v ÷@UMúΘxRúznífΘxñC
v ÷@U÷¼i≡# IBM Tivoli Directory Server Web zw∩eC
ⁿOµGYn°znífΘxAoXUCⁿOG
more /var/ldap/adminAudit.log
184 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
Σñ var/ldap/adminAudit.log OzzníΘxC
: var/ldap/adminAudit.log O UNIX tw]zníΘxA
installpath\var\adminAudit.log O Windows tw]zníΘxC
YnAa°MúzníΘxG
ldapexop -D <adminDN> -w <adminPW> -op readlog -log adminAudit -lines allldapexop -D <adminDN> -w <adminPW> -op clearlog -log adminAudit
13 Θxí 185
186 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
3 g ²z
© Copyright IBM Corp. 2003 187
188 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
14 ²
iuWeb zuπv²ñ²zCzQn⌡µ²@úi
H%∩zsCww∩sWMΣ]jMSw@s
WΓ°²C
ziHQ²⌡µUC@G
v s²²≡
v sW
v sWU½≤OqñRúª
v sΦ
v s
v sΦ ACL
v jM
s²²≡
pGzoAis²ñ²zAA÷@UzCziH
iUl≡AMß∩nb@Wu@CziHqkuπC∩n⌡µ
@C
sW
pGzoAis²ñ²zC
1. ÷@UsWC
2. qMµñ∩@c&½≤OC
3. ÷@UU@BC
4. quivΦ⌠ñ∩⌠≤zQnU½≤OAA÷@UsWC∩
≤C@znsWU½≤O½oCziHquw∩vΦ⌠
ñRúU½≤OAΦk∩ªAA÷@UúC
5. ÷@UU@BC
6. b∩ DN µñAΘJznsW∩OW (RDN)ApAcn=John
DoeC
7. b DN µñAΘJzw∩²≡OWApAou=Austin,
o=IBMCz]iH÷@Us²AqMµ∩u) DNvCz]iHi∩A
°l≡UhñΣL∩Cⁿwz∩AA÷@U∩ⁿwzn
u) DNvC DN w]²≡ñ∩C
: pGzwqzeF@Ahw²z±goµC∩
F DN ßA÷@UsWsWC
8. bnWAΘJ"nC
© Copyright IBM Corp. 2003 189
9. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz
¿sWhA÷@UTwCpoK[JπbUΦ\αϕ
ñC
10. pGz°AFyÑAziH÷@UyÑsWúyÑ
yzlCΩTA\yyÑzC
11. ÷@UΣLC
12. bΣLWAΣLΘJAϕC÷sWGiΩTA
\ 195yGizC
13. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz
¿sWhA÷@UTwCpoK[JπbUΦ\αϕ
ñC
14. pGz°AFyÑAziH÷@UyÑsWúyÑ
yzlCΩTA\yyÑzC
15. ÷@UuTwvC
16. ÷@U ACL ÷s∩osεMµC\ 209 y
ACLzAHo ACL ÷ΩTC
17. b.¿"nµßA÷@UsWsWA÷@U°#s²²
≡Aú∩²⌠≤≤C
yÑ
: F²yÑTB@Az"NΩwtm¿ UTF-8 ΩwC
uyÑv@ⁿOwq@²²N)MyÑXPOsb²ñú÷p≈
εAB²ßiHd²oXSw)MyÑDCyÑO
í≤CªOr lang- rΩAßσrDnlAΣßA∩a[Wu (-) sß≥lCß≥liHO⌠NrXAuDn
l"Oσr)CliH⌠N°A@¡εO°úαW
L 240 rCyÑú!jpgFen-usBen-US M EN-US úOPCDN
RDN ≤ñú0\yÑCC@íuα@yÑC
: YHOAyÑP@¼-CpGzⁿwFSw@AªNúαPª÷yÑC
pGNΩ[J²JFyÑAªNi≤jM@AH∩aS
wyÑñCpGbjMºnDMµñíñúyÑAhu
#πPúPyѺ²C]AbpUjMñG
ldapsearch -b "o=ibm,c=us" (objectclass=organization) description;lang-en
°A# ″discription;lang-en″ A ú# ″description″ ″description;lang-fr″ C
pGQⁿwΦí@XnDA úyÑNXAh#]ú
ªyÑNX≤C
¼MyÑñíH! (;) rjC
190 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
: RFC2252 0\b AttributeType ″NAME″ í≈ñ!rC²OA%≤orOj AtrributeType MyÑA]wúAe\ªb AttributeType
″NAME″ í≈ñk]p draft-ietf-ldapbis-models-07.txt ñⁿwC
pApGßnD ″description″ A X]tG
objectclass: topobjectclass: organizationo: Software GmbHdescription: softwaredescription;lang-en: software productsdescription;lang-de: SoftwareproduktepostalAddress: Berlin 8001 GermanypostalAddress;lang-de: Berlin 8001 Deutschland
°A#G
description: softwaredescription;lang-en: software productsdescription;lang-de: Softwareprodukte
pGjMnD ″description;lang-de″ Ah°A#G
description;lang-de: Softwareprodukte
oie\]thΩyÑΩ²AHΣUyÑ@ßCpGΩ@
TAwσßuw∩ lang-de ΘJΩA kσßuw∩
lang-fr ΘJΩC
pGnPOwyÑ\αAoX r o o t D S E jMAⁿw
″ibm-enabledCapabilities″C
ldapsearch -b "" -s base objectclass=* ibm-enabledCapabilities
pG# OID ″1.3.6.1.4.1.4203.1.5.4″Aϕw\αC
pGSyÑΣA⌠≤NyÑ÷p LDAP @úQA
#UCTºG
unrecognized attribute
]tπyѺ
UC⌠≤@Φk]tπyѺG
Web zGqz -> sΦ⌠sW -> ∩c&½≤O -> ∩U½≤
O -> ΘJ⌠G
1. ∩znyÑC
2. ÷@UyÑ÷ssuyÑveC
3. byѵñAΘJnºWCOo"H lang- YC
4. buvµñΘJC
5. ÷@UsWCyÑPΣπb\αϕMµñC
6. ziH½BJ 3B4 M 5AΣLyÑA∩yÑ
CFnyѺßA÷@UTwCC
14 ² 191
7. ziHiyÑπ\αϕAA∩yÑC÷@U≤°ApN
πzyÑΘJCzHoΦkbo°eñsWs
Φ⌠≤AúuA≤∩yÑC
8. ϕz¿A÷@UTwC
ⁿOµGpGnsWtP cn ÷pyÑAΘJUCⁿOG
ldapadd -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=Mark Anthony, o=IBM, c=USobjectclass: person
cn: Mark Anthonycn;lang-spanish: Mark Antoniosn: Anthony
∩]tπyѺ: pGn∩]tπyѺAoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> ]tG
dn: cn=Mark Anthony, o=IBM, c=USchangetype: modify
add: sn;lang-spanishsn;lang-spanish: Antonio-replace: cn;spanishcn;spanish: Marco Antonio-delete: cn;spanish
oⁿONí-t∩ ″sn;lang-spanish=Antonio″ sWñCªm½″cn;spanish″ ARú ″cn;spanish″ ΣC
: m½Rú ″cn;spanish″ úvTí-t∩ ″cn=Mark Anthony″C
jM]tπyѺ
oXⁿOG
ldapsearch -b "o=ibm,c=us" "cn=Mark Anthony" sn
#UCGG
cn=Mark Anthony,o=IBM,c=USsn=Anthonysn;lang-spanish=Antonio
: ″sn″ úπbΘXñC
oXⁿOG
ldapsearch -b "o=ibm,c=us" "cn=Mark Anthony" sn;lang-spanish
#UCGC
cn=Mark Anthony,o=IBM,c=USsn;lang-spanish=Antonio
192 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
: ΘXñuπ ″sn;lang-spanish″C
oXⁿOG
ldapsearch -b "o=ibm,c=us" "sn;lang-spanish=Antonio"
#πG
cn=Mark Anthony,o=IBM,c=USobjectclass=personobjectclass=topcn=Mark Anthonysn=Anthonysn;lang-spanish=Antonio
qñúyÑyzl
UC⌠≤@ΦkAúyÑyzlµíMG
Web zGqz -> sΦ⌠sW -> ∩c&½≤O -> ∩U½≤
O -> ΘJ⌠G
1. ∩znúyÑC
2. ÷@UyÑ÷ssuyÑveC
3. byѵñA÷@UnúyÑC
4. ÷@UúCyÑPΣq\αϕMµñúC
5. ∩znúC@yѽBJ 3 M 4C
6. ϕz¿A÷@UTwC
ⁿOµGoXUCⁿOG
ldapmodify -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> ]tG
dn: cn=Mark Anthony, o=IBM, c=USchangetype: modify
delete:sn;lang-spanish: Antonio
oqñú sn;lang-spanish]Σ ″Antonio″C
pGzQRúπA\yRúzC
Rú
: ϕznJDxAWeb zuπú0\zRúnJCpApGz
user cn=John Doe,ou=mylocale,o=mycompany,c=mycountry nJAq
²≡ñRú cn=John DoeAK¼TºCz"HΣL¡≈nJA
+αRú John Doe C
pGzoAis²ñ²zAA÷@UzCziH
iUl≡AMß∩nl≡BrCqkuπC÷@URúC
v zQnDTRúC÷@UTwC
14 ² 193
v oqRúA Bz#MµC
∩
pGzoAis²ñ²zAA÷@UzCziH
iUl≡AMß∩nb@Wu@CqkuπC÷@UsΦC
1. bnWAΘJ"nC÷sWGiΩTA\
195yGizC
2. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz
¿sWhA÷@UTwCpoK[JπbUΦ\αϕ
ñC
3. pGz°AFyÑAziH÷@UyÑsWúyÑ
yzlCΩTA\ 190yyÑzC
4. ÷@UΣLC
5. bΣLWAΣLΘJAϕC
6. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz
¿sWhA÷@UTwCpoK[JπbUΦ\αϕ
ñC
7. pGz°AFyÑAziH÷@UyÑsWúyÑ
yzlCΩTA\ 190yyÑzC
8. ÷@U¿ΩµC
9. pGzF⌠≤sAb¿ΩµñG
v qisñ∩@sAMß÷@UsWA²¿w∩RAs
¿Ωµ¿C
v qRAs¿Ωµñ∩@sAMß÷@UúANq∩s
úC
10. pGOsANiH¿C¿πw∩ws¿
CziHbsñsWú¿C
v sW¿sG
a. bnWA÷@U¿µhAOb¿WA÷
@U¿µ¿C
b. bu¿vµñAΘJznsW DNC
c. ÷@UsWC
d. ÷@UTwC
v qsñú¿G
a. bnΣLWA÷@U¿µhAOb¿
WA÷@U¿C
b. ∩núC
c. ÷@UúC
d. ÷@UTwC
v pGn½sπzµ¿MµAb¿W÷@U≤sC
11. ÷@UuTwv∩C
194 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
Gi
pGnDGiΩAhµπ@GiΩ÷sCpG
SΩAhµC%≤GiLkπApGtGiΩAµ
ñπGiΩ 1CpGthAhµHUMµΦíπC
÷@UGiΩ÷sGiC
ziHJBXRúGiΩC
pGnsWGiΩñG
1. ÷@UGiΩ÷sC
2. ÷@UJC
3. ziHΘJn⌠WA÷@Us²AHMΣP∩GiC
4. ÷@UúXCX@hwWⁿTºC
5. ÷@U÷¼CGiΩUπGiΩ 1C
6. w∩znsWGi]ú¡A!O½JBzCß≥h
HGiΩ 2BGiΩ 3 ÑCXC
7. ϕzsWGiΩßA÷@UTwC
pGnXGiΩG
1. ÷@UGiΩ÷sC
2. ÷@UXC
3. ÷@UnUⁿGiΩC
4. ÷zδFⁿiµAHπGixssmC
5. ÷@U÷¼C
6. w∩znXGi]ú¡A!O½JBzC
7. ϕzXGiΩßA÷@UTwC
pGnRúGiΩG
1. ÷@UGiΩ÷sC
2. ∩zQRúGiΩCi∩hC
3. ÷@URúC
4. ϕúzTRúA÷@UTwCQRúGiΩqMµñ
úC
5. ϕzRúΩßA÷@UTwC
: GiOLkjMC
s
pGzbⁿAoτClCz
n@∩RWsC
pGzoAis²ñ²zAA÷@UzCziH
iUl≡AMß∩nb@Wu@Ap John DoeCqkuπC÷@U
sC
14 ² 195
v ≤ DN µñ RDN CpAN cn=John Doe ≤ cn=Jim SmithC
v b"nWAN cn ≤s RDNCbodñAⁿO Jim
SmithC
v NΣL"n≤AϕCbodñAN sn q Doe ≤ SmithC
v ϕzF"n≤A÷@UTwsC
v s Jim Smith sWMµC
: osCls¿ΩµússCusΦvτsW¿ΩµC
sΦsεMµ
YnQuWeb zuπví° ACL eH ACLA\ 209
y ACLzC
ΣlΩTA\ 201 15 , ysεMµzC
sWU½≤O
uπCWsWUO÷sAsWU½≤O²≡ñC
U½≤OúΣL[JªC
pGzoAis²ñ²zAA÷@UzCziH
iUl≡AMß∩nb@Wu@Ap John DoeCqkuπC÷@U
sWUOC
1. quivΦ⌠ñ∩⌠≤zQnU½≤OAA÷@UsWC∩
≤C@znsWU½≤O½oCziHquw∩vΦ⌠
ñRúU½≤OAΦk∩ªAA÷@UúC
2. bnWAΘJ"nC
3. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz
¿sWhA÷@UTwCpoK[JπbUΦ\αϕ
ñC
4. pGz°AFyÑAziH÷@UyÑsWúyÑ
yzlCΩTA\ 190yyÑzC
5. ÷@UΣLC
6. bΣLWAΣLΘJAϕC
7. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz
¿sWhA÷@UTwCpoK[JπbUΦ\αϕ
ñC
8. pGz°AFyÑAziH÷@UyÑsWúyÑ
yzlCΩTA\ 190yyÑzC
9. ÷@U¿ΩµC
10. pGzF⌠≤sAb¿ΩµñG
v qisñ∩@sAMß÷@UsWA²¿w∩RAs
¿Ωµ¿C
196 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v qRAs¿Ωµñ∩@sAMß÷@UúANq∩s
úC
11. ÷@UTw∩C
RúUO
÷MziHbsWUOíRúUOA²OpGzNqRúµ@
UOAhRúUOτ≤[e÷CM ApGzNqRúhU
OAhsWUOiα≤[ΦKC
1. pGzoAis²ñ²zAA÷@UzCzi
HiUl≡AMß∩nb@Wu@Ap John DoeCqkuπC
÷@URúUOC
2. qUOMµ∩nRúUOAA÷UTwC
3. nDzTRúA÷@UTwC
4. oUOqRúA Bz#MµC
∩≤C@znRúUO½oBJC
≤s¿Ωµ
pGzoAis²ñ²zC
1. ÷@UzC
2. q²≡∩@AMß÷@UuπCWsΦC
3. ÷@U¿ΩµC
4. ∩¿ΩµCu≤¿ΩµveπiH[Jis
AHRAs¿ΩµC
v qis∩@sAMß÷@UsWA²¿w∩s¿
C
v qRAs¿Ωµ∩@sAMß÷@UúANqw∩s
úC
5. ÷@UTwxsz≤A÷@U°#²eeAúxsz≤C
jM²
TjM²≡∩G
v w²wqjM≥ ÷jM
v wqjM≥iÑjM
v ΓjM
ziHis²ñ²zAA÷@UMΣAsjM∩C∩
UCΣñ@G
: Gi]pKXOLkjMC
jMLo°≤
∩UCΣñ@jMG
14 ² 197
÷jM ÷jMw]jM≥G
v ≥ DN Or
v jMd≥Ol≡
v jMjpOú]¡
v í¡εOú]¡
v OWOqú
v lαO°∩]÷¼
Yn⌡µ ÷jMG
1. bjMLo°≤WA÷@U÷jMC
2. qUMµ∩@½≤OC
3. pGz°AFyÑAzYiⁿwyÑCΩTA\ 190
yyÑzC
4. ∩¼∩@SwCpGz∩njMSwAqU
Mµ∩@AMßbÑ≤Φ⌠ñΘJCpGzⁿwAhjM@
N#w∩¼²C
iÑjMiÑjMi²zⁿwjM¡εjMLo°≤C ÷jMw]jM≥
C
v ⌡µiÑjMG
1. bjMLo°≤WA÷@UiÑjMC
2. qUMµ∩@C
3. pGz°AFyÑAzYiⁿwyÑCΩTA\
190yyÑzC
4. ∩@±BΓlC
– = Ñ≤C
– ! úÑ≤C
– < p≤Ñ≤C
– > j≤Ñ≤C
– ~ XGÑ≤C
5. ΘJ≤±C
6. ∩°djMBΓl÷sC
– pGzwsW.@jMLo°≤AⁿwΣL≥AA÷@U ANDCAND ⁿO#XoΓjM≥C
– pGzwsW.@jMLo°≤AⁿwΣL≥AA÷@U ORCORⁿO#X⌠@jM≥C
7. ÷@UsWANjMLo°≤≥sWiÑjMC
8. ÷@U∩A∩znbjMñC@Lo°≤C
9. ≤∩ñ⌠≤w]]wC\ 199y∩zC
10. ÷@UTwAljMC
198 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
11. °jMGºßA÷@UTw#uMΣveC
: pGnújMLo°≤G
– ÷@U∩A∩znúC@Lo°≤C
– ÷@URúAqiÑjMújMLo°≤≥C
– ÷@U½]MújMLo°≤C
ΓjMoΦkjMLo°≤CpAYnjMOWAbµñΘJ sn=*CpG
znjMhAh"jMLo°≤ykCpAYnjMSϕíO
WAΘJG
(&(sn=*)(dept=<departmentname>))
∩
b∩ñG
v jM≥ª - qUMµñ∩@rAHKbrñjMC
: pGzwqzeF@Ahw²z±goµC∩
F DN ßA÷@UsWsWC
z]iH∩rjMπ²≡C
v jMd≥
– ∩½≤AHb∩½≤jMC
– ∩µ@hAHb∩½≤YljMC
– ∩l≡AHjM∩UNC
v jMjp¡ε - ΘJnjMW¡A∩ú]¡C
v jMí¡ε - ΘJjMϕW¡A∩ú]¡C
v qUMµ∩@OW¼C
– qú - pG∩OOWANúªiµjMAτYAjM@
ñOWC
– MΣ - pG∩OWAhjMOWAbOWmñjMC
– jM - ú∩A²ZObjMñΣC
– - bjM@ñJOWC
v ∩lα∩AHKpGbjM@ñ#αAϕαt@°A
CϕαjM@t@°AA°AsuµCp
GzOHW (anonymous) ΦínJAhiαnwO DN nJ°A
C
pGb°AWΣAjMGeuπ DNCΣLµA
p½≤OB∩íWOÑÑúúπCzLkbαW⌡µsΦ
ACLBRúBsWURúUo@@C
\ 23ynJ Web zuπzAHonJ÷ΩTC\ 58
yúαzAHo÷≤αΩTC
\ 48y]wjMzAHo÷≤jMΣLΩTC
14 ² 199
200 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
15 sεMµ
UCUíusεMµ (ACL)vHp≤zªC
º[
sεMµ (ACL) ú@O@ LDAP ²ñxsΩTΦkCziH
ACL ¡ε²úPí≈Sw²sCLDAP ² ÷YÑ
hí≡¼cCC@²]½≤ú]t½≤OWAH@
M∩C
sεíwqΓG
v entryOwner ΩT
v sεΩT (ACI)
ϕq LDAP íAACI ΩT entryOwner ΩTH-t∩ϕCiH
LDIF ykzoC
EntryOwner ΩT
entryOwner ΩTεDDiHwq ACICuv]o½≤π
svCwqvpUG
v entryOwner - TawqC
v ownerPropagate - ⁿw\ivOnl≡UNC
úO aclEntryAúπb½≤⌡µ⌠≤@π\ivCA
O@Qe\z½≤ aclEntries CEntryOwner OsεDDAªi
HwqHBsñΓC
: w]A²zMzs¿O²ñ½≤ entryOwnersA B
entryOwnership úαq⌠≤½≤úC
sεΩT
ACI SOwqDD\ivAH∩Y LDAP ½≤⌡µw@C
Lo ACL¼ ACL TaMtª²A²iαúª
UNCDLo ACL w]µOCwqDLo ACL pUG
v aclEntry - wq\ivC
v aclPropagate - ⁿw\ivOnl≡UNC
wLo ACLLo°≤¼ ACL OúPA]ªQⁿw½≤Lo°≤Lo°≤¼±
A½≤PMªsvC
÷Mª⌡µP\αA²OoΓ ACL ¼WhjúPCLo°≤¼
ACL ΦíPDLo°≤¼ ACL eΦíúPC÷ΦAª)Ma
© Copyright IBM Corp. 2003 201
÷pl≡ñ⌠≤±½≤C≥≤oz%AaclPropagate ]
εDLo°≤ ACLúA≤sLo°≤¼ ACLC
Lo°≤¼ ACL w]µNOqCtAuWNVWAn DIT
ñ¬tCsvpΓ%¿WNPºsv
pCoµ@C≥≤Pl≡ g\αeAHe\≤jz
εAceiling ϕ@@ΦkAb]tªñεnC
t@sεSO≤Lo°≤¼ ACL ΣA úONLo°≤¼ΦX
DLo°≤¼ ACLCpUG
v ibm-filterAclEntry
v ibm-filterAclInherit
ibm-filterAclEntry µíP≤ aclEntryAuOh[F½≤Lo°≤≤C÷p
ceiling O ibm-filterAclInheritC w]Aª]¿ trueCϕ]¿ false Aª
εnC
sεyk
ziH LDIF ϕkzoC@CsLo°≤¼ ACL yk
OµDLo°≤¼ ACL ∩CHU baccus naur µí]BNFw
q ACI entryOwner ykC
<aclEntry> ::= <subject> [ ":" <rights> ]
<aclPropagate> ::= "true" | "false"
<ibm-filterAclEntry> ::= <subject> ":" <object filter> [ ":" <rights> ]
<ibm-filterAclInherit> ::= "true" | "false"
<entryOwner> ::= <subject>
<ownerPropagate> ::= "true" | "false"
<subject> ::= <subjectDnType> ’:’ <subjectDn> |<pseudoDn>
<subjectDnType> ::= "role" | "group" | "access-id"
<subjectDn> ::= <DN>
<DN> ::= distinguished name as described in RFC 2251, section 4.1.3.
<pseudoDn> ::= "group:cn=anybody" | "group:cn=authenticated" |"access-id:cn=this"
<object filter> ::= string search filter as defined in RFC 2254, section 4(extensible matching is not supported).
<rights> ::= <accessList> [":" <rights> ]
<accessList> ::= <objectAccess> | <attributeAccess> |<attributeClassAccess>
<objectAccess> ::= "object:" [<action> ":"] <objectPermissions>
<action> ::= "grant" | "deny"
<objectPermisssions> ::= <objectPermission> [ <objectPermissions> ]
<objectPermission> ::= "a" | "d" | ""
202 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
<attributeAccess> ::= "at." <attributeName> ":" [<action> ":"]<attributePermissions>
<attributeName> ::= attributeType name as described in RFC 2251, section 4.1.4.(OID or alpha-numeric string with leadingalphabet, "-" and ";" allowed)
<attributePermissions> ::= <attributePermission>[<attributePermissions>]
<attributePermission> ::= "r" | "w" | "s" | "c" | ""
<attributeClassAccess> ::= <class> ":" [<action> ":"]<attributePermissions>
<class> ::= "normal" | "sensitive" | "critical" | "system" | "restricted"
DD
DD]nDvb½≤W⌡µ@ΩΘO% DN]OW¼ DN X
¿C DN ¼OGaccess IdBGroup RoleC
DN HOSϕ access-idBrole groupCpADDiαO ″access-id: cn=personA,
o=IBM group: cn=deptXYZ, o=IBM″C
]µjrO ( : )AHt DN "H ( “” ) AϕCp
G DN wtπrAhor"Q#u (\) ⌡µC
²súiHbsεñC
: AccessGroupBGroupOfNamesBGroupofUniqueNames groupOfURLs c½≤O ibm-dynamicGroupBibm-staticGroup U½≤O⌠≤súiH≤sεC
t@bsεí DN ¼O roleC¿ñΓsbΩ@ΦíOⁿ
A²b[WAªOúPCϕⁿw@ñΓA@⌠twA
Yw]wF"nv¡A⌡µPñΓ÷pu@C≤s¿ΩµAS
]AⁿXwP]¿s¿\ivC
ñΓⁿ≤sA]ªb²ñúOH½≤ϕCAñΓiHt DN s
CsεññΓ"π AccessRole ½≤OC
Ω DNΩ DN ≤sεwqP⌠ñCLDAP/DB2 ²t@Ω DN]p
″group:cn=Anybody″ M ″access-id:cn=this″Ah@FY@qS DNA
qMn⌡µ@÷AM@⌡µ½≤∩H÷C
LDAP 3 ΣUCTΩ DNG
access-id:cn=thisN DN ⁿw ACL @í!A DN O bindDNAoP⌡µ@
b DN CpApG@Ow∩½≤ ″cn=personA, ou=IBM, c=US″
15 sεMµ 203
⌡µA bindDn ″cn=personA, ou=IBM, c=US″AhP\ivAOú ″cn=this″ \ivA[Wú ″cn=personA, ou=IBM, c=US″ \ivC
group:cn=anybodyϕⁿw ACL @í≈A DN OAY%
gLOCLkqsñúABsLkqΩwñúC
group: cn=Authenticated DN ⌠≤wgL²O DNCúOΦkC
: ″cn=Authenticated″ Owb°AWgLO DNA úNϕ DN
½≤≤≤BCúLAh[pCpAbr ″cn=Secret″UAi@ ″cn=Confidential Material″ IA Σ@ ACL
″group:cn=Authenticated:normal:rsc″Cbt@r ″cn=Common″ UAi@ ″cn=Public Material″ IC]oΓ²≡≤P@°AWAh″cn=Public Material″ sQ°wOA io ″cn= Confidential
Material″ ½≤ñº@δO\ivC
Ω DN d
HUO@Ω DN dG
d 1UC½≤ ACLGcn=personA, c=US AclEntry:
access-id: cn = this:critical:rwscAclEntry: group: cn=Anybody: normal:rscAclEntry: group: cn=Authenticated: sensitive:rcs
ϕ 16.
s N¼
cn=personA, c=US normal:rsc:sensitive:rcs:critical:rwsc
cn=personB, c=US normal:rsc:sensitive:rsc
NULL (unauth.) normal:rsc
bñApersonA i¼P ″cn=this″ ID \ivAH¼ú″cn=Anybody″ P ″cn=Authenticated″ oΓΩ DN s\ivC
d 2NUC½≤ ACLGcn=personA, c=US AclEntry: access-id:cn=personA,
c=US: object:ad
AclEntry: access-id: cn = this:critical:rwscAclEntry: group: cn=Anybody: normal:rscAclEntry: group: cn=Authenticated: sensitive:rcs
∩≤w∩ cn=personA, c=US ⌡µ@ ÑG
ϕ 17.
s N¼
cn=personA, c=US object:ad:critical:rwsc
cn=personB, c=US normal:rsc:sensitive:rsc
NULL (unauth.) normal:rsc
204 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
bñApersonA i¼P ″cn=this″ ID \ivAH¼ú DN¡ ″cn=personA, c=US″ \ivCNA%≤s DN (″cn=personA,c=US″) ≤πΘ ACL (″access-id:cn=personA, c=US″)A]úús\ivC
½≤Lo°≤
oA≤Lo°≤ ACLCwqb RFC 2254 rΩjMLo°≤Oϕ@½≤
Lo°≤µíC]wD½≤AHrΩú⌡µujMC
#aA∩D½≤⌡µLo°≤¼±AHPwOw@
ibm-filterAclEntry MªC
vQ
sviHMπ½≤½≤CLDAP svOús≥CYvQút
t@vQCvQiHX@AHúQnvQMµAúLAª"ϕyß
QWhCvQiHOⁿwAⁿXPsv½≤WDDCv
QO%Tí≈¿G
@G
wqO grant denyCpGeoµAw]N]¿ grantC
\ivG
*iHb²½≤W⌡µ≥@Cqo@A≥ ACI \
ivCoOGsWBRúB¬BgJBjM
AH±C
iα\ivOG¬ ( r )BgJ ( w )BjM ( s ) ± ( c )C
A½≤\ivMπCo\ivOsWl ( a ) Rú
o ( d )C
UCϕµJ⌡µC@ LDAP @\ivC
ϕ 18.
@ \iv
ldapadd sW]b)
ldapdelete Rú]b½≤
ldapmodify gJ]bn∩
ldapsearch v jMB¬]b RDN ñ
v jM]bjMLo°≤ñⁿw
v jM]bHW#
v jMB¬]bH#
ldapmodrdn gJ]b RDN
ldapcompare ±]b±
: ∩≤jM@ADDA+α∩jMLo°≤ñπjMvAúMú#⌠≤C∩≤qjM@#ADDA+
α∩# RDN ñπjM (s) ¬ (r) vC
15 sεMµ 205
sG
o\iviHMπ½≤]sWlBRúBM
OAiHMUCñís]sOC
nⁿs\iv÷Osb@C∩Mªb²⌡
ñOCoOOús≥FsYOútiHst@
OC\iv]wOPπΘsO÷CbSϕOW]w
\ivMsOAúDⁿwFOs\i
vC
IBM wqF¡OApΓsvG@δBPBY
BtM¡εCpAcommonName ≤@δOAuserPassword≤YOCwq≤@δsOAúDtⁿwC
AsεtOpUG
v aclSource
v ibm-effectiveAcl
v ownerSource
oO% LDAP °A@A²MzᬪC
OwnerSource aclSource íb@ñC
wqsεⁿ¡OpUG
v aclEntry
v aclPropagate
v entryOwner
v ibm-filterAclEntry
v ibm-filterAclInherit
v ownerPropagate
w]Aúα¬ⁿ¡A² entryOwners iHB∩RúoC
w±m aclEntry Q°πT aclEntryCPaApG entryOwner w]wbSϕWAhπTCoΓú±AπT
iHúiHπT aclEntryA πT aclEntry iHπTCpGo⌠@TaebWAh≥Oº)²≡ñ
WNIC
C@T aclEntry entryOwner Mª]wbCAiHMST]wUNCoQ°FªzL²≡
CSϕ≥t@FεC
: Lo°≤¼ ACL ΦíPDLo°≤¼ ACL ΦíúPCª
÷pl≡ñ⌠≤±½≤C\ 201ywLo ACLzAH
otºΩTC
206 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ziH]w AclEntry entryOwnerAM] ″false″ SϕA] ″true″ Σl≡C÷M aclEntry entryOwner úiHA²OLp≤ªúúb@C
aclEntry entryOwner 0\P@hAM A aclPropagate ownerPropagate bPuαµ@C
t aclSource ownerSource tI DNAaclEntry entryOwnerO!OqoIDCpGSpIsbANⁿw defaultC
½≤sεwqiH%UCΦlG
v pG½≤ñ@TsεAh%NO½≤sεwqC
v pGSTwqsεAhVWMX²≡AFπ@s
εWNIεC
v pGΣúpWNIAhys⌠Γzíw]svPDDC
s⌠Γ
Sϕ@svO ½≤W@DDs DN [HPC@3i
HPwsvANεC
dOsvkO²MΣ entryOwnership ACI wqBdOvAMßpΓ½≤ ACI C
Lo°≤¼ ACL OqCtAuWNVWAn DIT ñ¬t
CsvpΓ%¿WNPºsvpC
ⁿwXWhO⌠ΓLo°≤¼ ACL svC
bt²µ@ALo°≤¼DLo°≤¼O¼-CNoΓ
±JP@Oúe\A]oO¡εHWCpGo¼pAP≤s
²÷p@NóC
ϕpΓsvANb½≤WNñ@ ACL ¼]wpΓ
íCbLo°≤¼íñAbsvpΓññDLo°≤¼ ACLCP
aAbDLo°≤¼íñAbsvpΓññLo°≤¼ ACLC
Yn¡εbpΓsLo°≤¼ ACL pAiHN]¿ ″false″ ibm-filterAclInherit m≤wl≡ñAibm-filterAclEntry ohP.ºí⌠≤CoP½≤WNñbªºW ibm-filterAclEntry lDñC
YnbpΓsúLo°≤¼ A C L nA]¿ ″ f a l s e ″ ibm-filterAclInherit iαm≤wl≡ñb.o ibm-filterAclEntry ºU⌠≤CoP½≤WNñbªºW ibm-filterAclEntry DñCúsvRw]Lo°≤ ACL C
w]A²zBzs¿D°A]≤ gPh°Ao
²ñ½≤πsvA²tgJvúCΣL entryOwners obªvU½≤πsvA²OtgJvúC w]A
15 sεMµ 207
∩≤@δBtⁿ¡úπ¬vCpGnDDDπ
entryOwnershipAhsvO%Ww]]wPwA BsBzε⌡µC
pGnDDDúO entryOwnerANd½≤ ACI C½≤ ACI ñwq
svO%ⁿwXWhpΓXC
ⁿwWh
Sw aclEntry wqNObpΓP/\ivwqC
ⁿwhpUG
v Access-id ± group role ≤[SwCsñΓObP@hC
v bP@ dnType hAOh\iv±Oh\iv≤[SwC
v bP@OhAdeny ± grant ≤[SwC
XWh
PÑ≤ⁿwDD\ivXb@CpGLkbP@ⁿwhPw
svAN≤.SwhsvwqCbMwq ACI ßApG
PwúXsvANsC
: bsvpΓñΣ access-id h aclEntry ßAshaclEntries ú]AbsvpΓñC@ANOpG access-id
h aclEntries úwqb cn=this ºUAhsh
aclEntries ]bpΓñXC
½ÑºAb½≤ApGwq ACI tXs DN access-id DD
DNAh² aclEntry pΓ\ivCbP@DD DN UApGwqF
h\ivAhªN⌠≤bOUwq\ivCbP@
OhwqUApGe≡\ivAh\ivm½P\ivC
: wq\iv²ε]A.Sw\ivwqC
pGsv,LkPwA BΣ aclEntries úwqb ″cn=this″ ºUANpΓs¿ΩµCpG≤hsAhqos¼X\
ivCA)≤ cn=Anybody sAHpGu⌡µFwO
sAhiα≤ cn=Authenticated sCpGwwq\iv%sAh
¼ⁿw\ivC
: usvuñΓv¿ΩµObsPwA B@≥t@soA¼/snDεC¼sñΓ]Y@sñΓwqt
@sñΓ¿Júb¿ΩµPwñA]úbsvpΓñ[H
RC
pA] attribute1 ObPOñA cn=Person A, o=IBM P≤
group1 group2Ah aclEntries wqpUG
1. aclEntry: access-id: cn=Person A, o=IBM: at.attributel:grant:rsc:sensitive:deny:rsc
2. aclEntry: group: cn=group1,o=IBM:critical:deny:rwsc
3. aclEntry: group: cn=group2,o=IBM:critical:grant:r:normal:grant:rsc
oG
208 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v is attribute1 ’rsc’]) 1ChwqNOhwqC
v Lks½≤ñΣLPO]) 1C
v PΣLvQ]2 3 ]AbsvpΓñC
∩≤t@dAaclEntries pUG
1. aclEntry: access-id: cn=this: sensitive
2. aclEntry: group: cn=group1,o=IBM:sensitive:grant:rsc:normal:grant:rsc
G
v LksPO]) 1Cwqb access-id U²ε]A) group1
PO\ivC
v His@δO ’rsc’]) 2C
ACLUCUíziH⌡µz ACL U@C
Web zuπíz ACLYnQuWeb zuπví° ACL eAHYn ACLG
1. ∩²CpAcn=John Doe,ou=Advertising,o=ibm,c=USC
2. ÷@UsΦ ACLCoπusΦ Ac1veABw²∩ ACL C
oeπ 5 G
v ACL
v
v Lo ACL
v wLo ACL
v
ACL M ]t÷ ACL ¬ΩTC
ACLu ACLvOw∩T ACLCziH°Sw ACL s
vAΦk∩ª÷@U°÷sCou°svveC
°sv:
v vQqπDDsWvRúvC
– sWlPDDbw∩UsW²vQC
– RúPDDRúw∩vQCbedñAªP
cn=Marketing Group Rú cn=John Doe αOC
v wOqwqwO\ivC!¿wOsG
– @δ - @δnCwApA commonNameC
– P - PnñÑwApAhomePhoneC
– Y - Yn¬wApA userpasswordC
– t - tO%°A@¬C
– ¡ε - ¡εOwqsεC
15 sεMµ 209
C@wOúπPª÷p\ivC
– ¬ - DDiH¬C
– gJ - DDiH∩C
: tOúigJC
– jM - DDiHjMC
– ± - DDiH±C
÷@UTw#u ACLvC
÷@U°#usΦ ACLveC
uvOw∩TC
Lo ACL
ziHsWLo ACL AsΦLo ACLC
Lo ACL iHCoϕwqYsεΩTiHA≤ª
lhCACL NOw∩µ ACL CpGS ACLAª
)½≤ ACL ]wAq)½≤ ACLC
bLo ACL ñΘJUCΩTG
v ACL - ∩ ∩AHe\STwq ACL UNα≈qo
CpG∩∩AUNNqo ACLAYwglTwq
ACLAhº)) ACL QsW ACL NCpG∩∩AS
Twq ACL UNNqo]wo∩) ACLC
v DN]OW- ΘJnDv∩∩⌡µ@ΩΘ (DN) OWA
pAcn=Marketing GroupC
v ¼ - ΘJ DN ¼CpApG DN OA∩ access-idC
sWsΦsv: ÷@UsW÷sAN DN]OWµñ DN sW ACL
MµA÷@UusΦv÷sA∩ DN ACLC
sWsvsΦsvei²z]wsusεMµ (ACL)vs
vC¼µw]OzbsΦ ACL eñ∩¼CpGzbsW ACLA
hΣLµúw]CpGzbsΦ ACLAhµtW∩ ACL
]wC
ziHG
v ≤ ACL ¼
v ]wsWvRúv
v ]wwO\iv
Yn]wsvG
1. ∩ ACL ¼CpApG DN OA∩ access-idC
2. vQqπDDsWvRúvC
210 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v sWlPDDbw∩UsW²vQC
v RúPDDRúw∩vQC
3. wOqtdwqO\ivC!¿wOsG
v @δ - @δnCwApA commonNameC
v P - PnñÑwApAhomePhoneC
v Y - Yn¬wApA userpasswordC
v t - tO%°A@¬C
v ¡ε - ¡εY≤wqsεC
C@wOúπPª÷p\ivC
v ¬ - DDiH¬C
v gJ - DDiH∩C
: tOúigJC
v jM - DDiHjMC
v ± - DDiH±C
AziH A úOwOⁿw\ivCqO
bYwOºUC
v qwqUMµñ∩@C
v ÷@UwqCoπ\ivϕµC
v ⁿwOnP6P÷pwO\ivC@C
v ziH∩h½oC
v YnúA∩AA÷@URúC
v ϕz¿A÷@UTwC
ú ACL: ziHΓΦkº@ú ACLG
v ∩nRú ACL ΩsC÷@UúC
v ÷@UíúAqMµñRú DNC
wLo ACLziHsWwLo ACL AsΦwLo ACLC
Lo°≤¼ ACL Qⁿw½≤Lo°≤Lo°≤¼±A½≤PM
ªsvC
Lo°≤¼ ACL w]µNOqCtAuWNVWAn DIT
ñ¬tCsvpΓ%¿WNPºsv
pCoµ@C≥≤Pl≡ g\αeAHe\≤jz
εAceiling ϕ@@ΦkAb]tªñεnC
buLo ACLvñΘJUCΩTG
v pLo ACL -
– ∩ⁿwΩsAN ibm-filterACLInherit q∩ñúC
– ∩ True ΩsA²∩ ACL qlpAuWNV
WA@ DIT ñ]t¬Lo°≤ ACLC
15 sεMµ 211
– ∩ False ΩsAiHb∩WεLo°≤ ACL pC
v DN]OW- ΘJnDv∩∩⌡µ@ΩΘ]DNOWA
pAcn=Marketing GroupC
v ¼ - ΘJ DN ¼CpApG DN OA∩ access-idC
sWsΦsv: ÷@UsW÷sAN DN]OWµñ DN sW ACL
MµA÷@UusΦv÷sA∩ DN ACLC
sWsvsΦsvei²z]wsusεMµ (ACL)vs
vCu¼vµw]zbusΦ ACLveW∩¼CpGzbsW
ACLAhΣLµúw]CpGzbsΦ ACLAhµtW∩
ACL ]wC
ziHG
v ≤ ACL ¼
v ]wsWvRúv
v ]wwLo ACL ½≤Lo°≤
v ]wwO\iv
Yn]wsvG
1. ∩ ACL ¼CpApG DN OA∩ access-idC
2. vQqπDDsWvRúvC
v sWlPDDbw∩UsW²vQC
v RúPDDRúw∩vQC
3. ]w≤Lo°≤¼±½≤Lo°≤Cb½≤Lo°≤µñA∩ ACL
ΘJn½≤Lo°≤C÷@UsΦLo°≤÷s≤UzgjMLo°≤r
ΩCµLo ACL ÷pl≡ñ⌠≤XoµñLo°≤UN
½≤C
4. wOqtdwqO\ivC!¿wOsG
v @δ - @δnCwApA commonNameC
v P - PnñÑwApAhomePhoneC
v Y - Yn¬wApA userpasswordC
v t - tO%°A@¬C
v ¡ε - ¡εY≤wqsεC
C@wOúπPª÷p\ivC
v ¬ - DDiH¬C
v gJ - DDiH∩C
: tOúigJC
v jM - DDiHjMC
v ± - DDiH±C
AziH A úOwOⁿw\ivCqO
bYwOºUC
v qwqUMµñ∩@C
212 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v ÷@UwqCoπ\ivϕµC
v ⁿwOnP6P÷pwO\ivC@C
v ziH∩h½oC
v YnúA∩AA÷@URúC
v ϕz¿A÷@UTwC
ú ACL: ziHΓΦkº@ú ACLG
v ∩nRú ACL ΩsC÷@UúC
v ÷@UíúAqMµñRú DNC
πb½≤⌡µ⌠≤@π\ivCiHOT
]C
bñΘJUCΩTG
v ∩∩AHe\STwqUNα≈qoC
pG∩∩ASTwqUNNqo]wo
∩)C
v DN]OW- ΘJnDv∩∩⌡µ@ΩΘ (DN) OWA
pAcn=Marketing GroupC
v ¼ - ΘJ DN ¼CpApG DN OA∩ access-idC
sW: ÷@UsWAN DN]OWµñ DN sWMµñC
ú: ziHΓΦkº@úG
v ∩nRú DN ΩsC÷@UúC
v ÷@UíúAqMµñRú DNC
ⁿOµíz ACLUCUíp≤ LDIF íz ACL
wq ACI M
UΓdπnzlΓC@dπnⁿwπΓ
entryOwner µ@CGdhπⁿw entryOwner sC
entryOwner: access-id:cn=Person A,o=IBMownerPropagate: true
entryOwner: group:cn=System Owners, o=IBMownerPropagate: true
U@dπp≤P access id ″cn=Person 1, o=IBM″ ¬BjM± attribute1
\ivC\ivMπl≡]bto ACI IñºUñ⌠≤
X ″(objectclass=groupOfNames)″ ±Lo°≤ICwN ibm-filterAclInherit ]
″false″AεF⌠≤WNIñ ibm-filteraclentry nC
ibm-filterAclEntry: access-id:cn=Person 1,o=IBM:(objectclass=groupOfNames):at.attribute1:grant:rsc
ibm-filterAclInherit: false
15 sεMµ 213
U@dπp≤Ps ″cn=Dept XYZ, o=IBM″ ¬BjM± attribute1
\ivC\ivM≤to ACI IºUπl≡C
aclEntry: group:cn=Dept XYZ,o=IBM:at.attribute1:grant:rscaclPropagate: true
Udπp≤PñΓ ″cn=System Admins,o=IBM″ boIUsW½≤\ivAH¬BjM± attribute2 MYO\ivC\ivMt
o ACI IC
aclEntry: role:cn=System Admins,o=IBM:object:grant:a:at.attribute2:grant:rsc:critical:grant:rsc
aclPropagate: false
∩ ACI M
Modify-replaceModify-replace B@ΦíP≤ΣLCpGúsbAN
CpGsbANNC
wUC ACIG
aclEntry: group:cn=Dept ABC,o=IBM:normal:grant:rscaclPropagate: true
⌡µUC≤G
dn: cn=some entrychangetype: modify
replace: aclEntryaclEntry: group:cn=Dept XYZ,o=IBM:normal:grant:rsc
ú ACI pUG
aclEntry: group:cn=Dept XYZ,o=IBM:normal:grant:rscaclPropagate: true
Dept ABC ACI zLN óhC
wUC ACIG
ibm-filterAclEntry: group:cn=Dept ABC,o=IBM:(cn=Manager ABC):normal:grant:rsc
ibm-filterAclInherit: true
⌡µUC≤G
dn: cn=some entrychangetype: modify
replace: ibm-filterAclEntryibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):normal
:grant:rsc
dn: cn=some entrychangetype: modify
replace: ibm-filterAclInheritibm-filterAclInherit: false
ú ACI pUG
ibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):normal:grant:rsc
ibm-filterAclInherit: false
Dept ABC ACI zLN óhC
214 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
Modify-addb ldapmodify-add íApG ACI entryOwner úsbANπSw
ACI entryOwnerCpG ACI entryOwner sbANsWⁿw
w ACI entryOwnerCpAw ACIG
aclEntry: group:cn=Dept XYZ,o=IBM:normal:grant:rsc
πUC∩G
dn: cn=some entrychangetype: modify
add: aclEntryaclEntry: group:cn=Dept ABC,o=IBM:at.attribute1:grant:rsc
NúpUh¼ aclEntryG
aclEntry: group:cn=Dept XYZ,o=IBM:normal:grant:rscaclEntry: group:cn=Dept ABC,o=IBM:at.attribute1:grant:rsc
pAw ACIG
Ibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):normal:grant:rsc
πUC∩G
dn: cn=some entrychangetype: modify
add: ibm-filterAclEntryibm-filterAclEntry: group:cn=Dept ABC,o=IBM:(cn=Manager ABC)
:at.attribute1:grant:rsc
NúpUh¼ aclEntryG
Ibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):normal:grant:rsc
ibm-filterAclEntry: group:cn=Dept ABC,o=IBM:(cn=Manager ABC):at.attribute1:grant:rsc
bP@OU\ivQ°≥m⌠A @hQ°
¡wCpGP@\ivsWFhAxs@CpGP@\iv
sWFhA²πúP@Ahß@@CpGú\
ivµO (″″)Ao\iv]¿A @h]¿ grant.pAwUC ACIG
aclEntry: group:cn=Dept XYZ,O=IBM:normal:grant:rsc
πUC∩G
dn: cn=some entrychangetype: modify
add: aclEntryaclEntry: group:cn=Dept XYZ,o=IBM:normal:deny:r:critical:deny::sensitive
:grant:r
úpU aclEntryG
aclEntry: group:cn=Dept XYZ,O=IBM:normal:grant:sc:normal:deny:r:critical:grant::sensitive:grant:r
pAwUC ACIG
Ibm-filterAclEntry: group:cn=Dept XYZ,O=IBM:(cn=Manager XYZ):normal:grant:rsc
πUC∩G
15 sεMµ 215
dn: cn=some entrychangetype: modify
add: ibm-filterAclEntryibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):normal
:deny:r:critical:deny::sensitive:grant:r
úpU aclEntryG
ibm-filterAclEntry: group:cn=Dept XYZ,O=IBM:(cn=Manager XYZ):normal:grant:sc:normal:deny:r:critical:grant::sensitive:grant:r
Modify-deleteYnRúSϕ ACI A@δ ldapmodify-delete ykC
wpU ACIG
aclEntry: group:cn=Dept XYZ,o=IBM:object:grant:adaclEntry: group:cn=Dept XYZ,o=IBM:normal:grant:rwsc
dn: cn = some entrychangetype: modify
delete: aclEntryaclEntry: group:cn=Dept XYZ,o=IBM:object:grant:ad
b°AWúpUl ACIG
aclEntry: group:cn=Dept XYZ,o=IBM:normal:grant:rwscwpU ACIG
ibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):object:grant:ad
ibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):normal:grant:rwsc
dn: cn = some entrychangetype: modify
delete: ibm-filterAclEntryibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):object
:grant:ad
b°AWúpUl ACIG
ibm-filterAclEntry: group:cn=Dept XYZ,o=IBM:(cn=Manager XYZ):normal:grant:rwsc
Rúúsb ACI entryOwner P≤ ACI entryOwnerA
BP@#XAⁿwúsbC
Rú ACI/Q ldapmodify-delete @AziHⁿwUCRú entryOwner
dn: cn = some entrychangetype: modify
delete: entryOwner
boípñANST entryOwnerCownerPropagate ])úCo
NϕWhAq²≡ñWNIª entryOwnerC
ziHP@ΦíπaRú aclEntryG
dn: cn = some entrychangetype: modify
delete: aclEntry
216 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
qRúß@ ACI entryOwner úP≤Rú ACI entryOwnerCi
αtS ACI entryOwnerCboípñAϕd ACI entryOwner A
ú#ß⌠≤FΦA B]wUNIAªQm½εCYn
εSHiHsa\A²z/úππsvAY
π ACI entryOwner A]OpC
ACI/ziHbjMñⁿwQn ACL entryOwner A ACI
entryOwner ApA
ldapsearch -b "cn=object A, o=ibm" -s base "objectclass=*"aclentry aclpropagate aclsource entryowner ownerpropagate ownersourceibm-filterAclEntry ibm-filterAclInherit ibm-effectiveAcl
#b½≤ A WsvpΓñ ACL entryOwner ΩTCNA#
iαúP≤ªb@wqlCoµíP≤lµíC
µWjM ibm-filterAclEntry A#tSwC
¬@ ibm-effectiveAcl OπnsvCibm-effectiveAcl jM
nD DLo°≤ ACL Lo°≤ ACLA#A≤½≤sv°
p≤b DIT ñ!eª wC
]Lo°≤¼ ACL iα)WNAHjM aclSource ú÷p
MµC
l≡gN
∩≤nbl≡ g@ñ]ADLo°≤¼svA⌠≤ aclEntry ú"n
b÷p ibm-replicationContext ñC]svLkq gl≡ºWW
NAH aclPropagate "]¿ true C
∩≤nbl≡ g@ñ]ALo°≤¼svA⌠≤ ibm-filterAclEntry "
nb÷p ibm-replicationContext ñºUC]svLkq gl≡
ºWWNnAH ibm-filterAclInherit attribute "]¿ false A B"nb÷p ibm-replicationContext ñC
15 sεMµ 217
218 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
16 sñΓ
s
sO@MµAWXCsiHb aclentryBibm-filterAclEntry entryowner ñεsAbíSkñAplHMµF\ 201 15 , ysεMµzCsiHwq¿RABA¼C
RAs
RAsc½≤O groupOfNamesBgroupOfUniqueNamesBaccessGroup accessRole OwqC@¿FOU½≤Oibm-staticgroup OwqC@¿Co½≤On member]bgroupOfUniqueNames ípñAn uniqueMemberCoc½≤OR
As"π.@¿FªúαOCRAs]iHU½≤O
[HwqGibm=staticGroupAªún member A]iHOC
σ¼sG
DN: cn=Dev.Staff,ou=Austin,c=USobjectclass: accessGroupcn: Dev.Staffmember: cn=John Doe,o=IBM,c=USmember: cn=Jane Smith,o=IBM,c=USmember: cn=James Smith,o=IBM,c=US
C@s½≤út%¿ DN ¿h¼C
RússAss]qMª ACL ñúC
As
AsHúP≤RA¿Φíwqª¿CúOOCªAAsO
LDAP jMwqª¿CAsc½≤O groupOfURLs]U½≤O ibm-dynamicGroup memberURLA LDAP URL
ykwqjMC
ldap:///<base DN of search> ? ? <scope of search> ? <searchfilter>
: pPdzAD≈WúoebykñClpP≤@δ ldap URL y
kCYⁿwAC@µ]"H ? jCípUA#
MµN]Ab≥ DN PjMd≥ºíCϕPwA¿ΩµA°A]ú
oA]iHñªAM ,"e!jr ?CΣñG
base DN of searchO²ñljMICªiHO²r Ap ou=AustinCoO"nC
scope of searchⁿwjMd≥Cw]d≥O baseC
base #b URL ñⁿw≥ DN ÷ΩT
© Copyright IBM Corp. 2003 219
one #b URL ñⁿw≥ DN U@h÷ΩTCªú]
A≥C
sub #bhU÷ΩTA]A≥ DNC
searchfilterOnMjMd≥Lo°≤C\ 280yldapsearch Lo°
≤∩zAHojMLo°≤yk÷ΩTCw] objectclass=*
A¿jM/úb°AíAHúP≤π ldap URLAqúⁿwD≈W
≡A BqT≤w/úO ldap]qúO ldapsCmemberURL iHt⌠≤ URLA²O°AH ldap:/// Y memberURLAPwA¿ΩµC
d
bd≥w] base Lo°≤w] objectclass=* µ@ñG
ldap:///cn=John Doe, cn=Employees, o=Acme, c=US
b cn=Employees U@hAHLo°≤w] objectclass=*G
ldap:///cn=Employees, o=Acme, c=US??one
bt objectclass=person o-Acme ºUG
ldap:///o=Acme, c=US??sub?objectclass=person
zwq½≤OA%iαS]tAX≤Pws¿
ΩµCziHU½≤O ibm-dynamicMemberAzH]A ibm-group Coi²zsWHNARϕzAsLo°≤CpG
oAs¿Obπ ibm-group GROUP1 cn=users,ou=Austin
ºUG
dn: cn=GROUP1,ou=Austinobjectclass: groupOfURLscn: GROUP1memberURL: ldap:///cn=users,ou=Austin??one?(ibm-group=GROUP1)
UO cn=GROUP1,ou=Austin d¿G
dn: cn=Group 1 member, cn=users, ou=austinobjectclass: person
objectclass: ibm-dynamicMembersn: memberuserpassword: memberpasswordibm-group: GROUP1
¼s
¼si²zÑhí÷YAwqs¿ΩµC¼swqO
ⁿ@lsAΣ DN Q)sñ]tC)sΦk
Σñ@cs½≤O]groupOfNamesBgroupOfUniqueNamesBaccessGroupBaccessRole groupOfURLsAA[W ibm-nestedGroup U½≤OCb¼sßAiαsWsh ibm-memberGroup Aª]¼ls DNCpG
220 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
dn: cn=Group 2, cn=Groups, o=IBM, c=USobjectclass: groupOfNamesobjectclass: ibm-nestedGroupobjectclass: topcn: Group 2description: Group composed of static, and nested members.member: cn=Person 2.1, cn=Dept 2, cn=Employees, o=IBM, c=USmember: cn=Person 2.2, cn=Dept 2, cn=Employees, o=IBM, c=USibm-memberGroup: cn=Group 8, cn=Nested Static, cn=Groups, o=IBM, c=US
úe\b¼sÑhñi⌠CpG¼s@úOHΦízL
@wúú⌠AhªQ°¡εHWA]Lk≤sC
VXís
⌠≤úcs½≤OúiHAHKαHRABA¼¿¼
Xís¿ΩµCpG
dn: cn=Group 10, cn=Groups, o=IBM, c=USobjectclass: groupOfURLsobjectclass: ibm-nestedGroupobjectclass: ibm-staticGroupobjectclass: topcn: Group 10description: Group composed of static, dynamic, and nested members.memberURL: ldap:///cn=Austin, cn=Employees, o=IBM, c=US??one?objectClass=personibm-memberGroup: cn=Group 9, cn=Nested Dynamic, cn=Groups, o=IBM, c=USmember: cn=Person 10.1, cn=Dept 2, cn=Employees, o=IBM, c=USmember: cn=Person 10.2, cn=Dept 2, cn=Employees, o=IBM, c=US
Pws¿Ωµ
Γ@idEs¿ΩµC∩≤wsAibm-allMembers @÷¼sÑhzACEs¿ΩµA]ARABA
¼¿C∩≤wAibm-allGroups @CEsA]A∩Σπ¿ΩµWNsC
nDα¼nDΩlAM≤ ACL p≤bΩW]w wC⌠≤Húi
HnD ibm-allMembers ibm-allGroups @A²O#ΩtnDvs LDAP ΩCnD ibm-allMembers ibm-allGroups "vss¼s member uniquemember A+αRA¿A B"α≈⌡µ memberURL ñⁿwjMA+αA¿CpG
16 sñΓ 221
Ñhd
∩≤odAm1 m2 úb g2 member ñCg2 ACL e\ user1 ¬ member A² user 2 Lvs member C g2 LDIF pUG
dn: cn=g2,cn=groups,o=ibm,c=usobjectclass: accessGroupcn: g2member: cn=m1,cn=users,o=ibm,c=usmember: cn=m2,cn=users,o=ibm,c=usaclentry: access-id:cn=user1,cn=users,o=ibm,c=us:normal:rscaclentry: access-id:cn=user2,cn=users,o=ibm,c=us:normal:rsc:at.member:deny:rsc
g4 w] aclentryAe\ user1 user2 ⪦ member C g4 LDIF pUG
dn: cn=g4, cn=groups,o=ibm,c=usobjectclass: accessGroupcn: g4member: cn=m5, cn=users,o=ibm,c=us
g5 O@AsANq memberURL oªΓ¿Cg5 LDIF
pUG
dn: cn=g5, cn=groups,o=ibm,c=usobjectclass: containerobjectclass: ibm-dynamicGroupcn: g5memberURL: ldap:///cn=users,o=ibm,c=us??sub?(|(cn=m3)(cn=m4))
m3 m4 úOs g5 ¿A]ªX memberURLCm3 ACL
e\ user1 user2 ΓjMªCm4 ACL úe\ user2 jMªC m4 LDIF pUG
dn: cn=m4, cn=users,o=ibm,c=usobjectclass:personcn: m4
222 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
sn: fouraclentry: access-id:cn=user1,cn=users,o=ibm,c=us:normal:rscaclentry: access-id:cn=user2,cn=users,o=ibm,c=us
d 1G 1 ⌡µjMos g1 ¿C 1 vs¿
AHN#ªíC
ldapsearch -D cn=user1,cn=users,o=ibm,c=us -w user1pwd -s base -b cn=g1,cn=groups,o=ibm,c=us objectclass=* ibm-allmembers
cn=g1,cn=groups,o=ibm,c=usibm-allmembers: CN=M1,CN=USERS,O=IBM,C=USibm-allmembers: CN=M2,CN=USERS,O=IBM,C=USibm-allmembers: CN=M3,CN=USERS,O=IBM,C=USibm-allmembers: CN=M4,CN=USERS,O=IBM,C=USibm-allmembers: CN=M5,CN=USERS,O=IBM,C=US
d 2G 2 ⌡µjMos g1 ¿C 2 Lvs¿ m1 m2A]LLvss g2 member C 2 vs g4 member A]vs¿ m5C 2 iHb m3 sg5 memberURL ñ⌡µjMAH¿CXA²OLk∩ m4 ⌡µjMC
ldapsearch -D cn=user2,cn=users,o=ibm,c=us -w user2pwd -s base -b cn=g1,cn=groups,o=ibm,c=us objectclass=* ibm-allmembers
cn=g1,cn=groups,o=ibm,c=usibm-allmembers: CN=M3,CN=USERS,O=IBM,C=USibm-allmembers: CN=M5,CN=USERS,O=IBM,C=US
d 3G 2 ⌡µjMd m3 Os g1 ¿C 2 v⌡µ
ojMAHjM@π m3 Os g1 ¿C
ldapsearch -D cn=user2,cn=users,o=ibm,c=us -w user2pwd -s base -b cn=m3,cn=users,o=ibm,c=us objectclass=* ibm-allgroups
cn=m3,cn=users,o=ibm,c=usibm-allgroups: CN=G1,CN=GROUPS,O=IBM,C=US
d 4G 2 ⌡µjMd m1 Os g1 ¿C 2 Lvs
member AHjM@úπ m1 Os g1 ¿C
ldapsearch -D cn=user2,cn=users,o=ibm,c=us -w user2pwd -s base -bcn=m1,cn=users,o=ibm,c=us objectclass=* ibm-allgroups
cn=m1,cn=users,o=ibm,c=us
s½≤O
ibm-dynamicGroupoUOe\∩ memberURL CªPcO]pgroupOfNamesftAiπRAA¿VXísC
16 sñΓ 223
ibm-dynamicMemberoUOe\∩ ibm-group Cª@As filter
C
ibm-nestedGroupoUOe\∩ ibm-memberGroup CªPcO]pgroupOfNamesftAi²lsα≈b)s¿¼C
ibm-staticGroupoUOe\∩ member CªPcO]pgroupOfURLsftAiπRAA¿VXísC
: ibm-staticGroup O@Σ member O∩OAΣLmember Oún.@¿C
s¼
ibm-allGroupsπísCiHOH memberBuniqueMember memberURL ϕ¿AOíH ibm-memberGroup ϕ¿CjMLo°≤ñúe\o¬@C
ibm-allMembersπs¿CiHOH memberBuniqueMember memberURL ϕ¿AOíH ibm-memberGroup ϕ¿CjMLo°≤ñúe\o¬@C
ibm-groupOUO ibm-dynamicMember CªwqHNAHεAsñ¿ΩµCpAsW ″Bowling Team″ ]A⌠≤memberURL ñπLo°≤ ″ibm-group=Bowling Team″ C
ibm-memberGroupOUO ibm-nestedGroup CªOO)slsCϕBz ACL ibm-allMembers ibm-allGroups @Apls¿ú°)s¿Cls¡úO¿C
¼¿ΩµOjC
ñΓ
ñΓ¼vOs¼vjA BbYípñC@ñΓ¿Az
v⌡µñΓAHK¿u@CúP≤sAñΓ⌠t\ivC
S]AⁿXwP]óh¿s¿\ivC
ñΓⁿ≤sA]ªb²ñúOH½≤ϕCAñΓiHt DN s
CsεñNñΓ"π ’AccessRole’ ½≤OC ’Accessrole’ ½≤
OO ’GroupOfNames’ ½≤OlOC
pApG@p ’sys admin’ DN XAhz@#iαNªQ¿
’sys admin group’]]sOMvú¼CM A]
@zwH ’sys admin’ ¿¡!¼\ivAH DN Xiα≤δT
awq ’sys admin role’C
224 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
17 zjM¡εs
b IBM Tivoli Directory Server ñAFεjMnDO=hΩ C°
AαAHbo∩⌠N°AnD[WjM¡εCϕtm°AA
z]w÷jMjpMíjM¡εCΩTA\ 48y]wj
MzC
uzMzs¿iHKúAΣLojM¡εCM A
zDAiHjM¡εs ±@δ≤IujM¡εC∩
jM¡εsñ]tºO¿sAPbjM¡εsñⁿwjM¡εC
ϕljMA²djMnD¡εCpGOjM¡εs¿A
K±¡εCpGjM¡εs¡ε¬≤ojMnDAhjMnD¡
εCpGjMnD¡ε¬≤ojM¡εsAhjM¡εs¡εCpGΣ
újM¡εsAh∩°AjM¡ε⌡µP±CpG]w⌠≤°
AjM¡εAh∩w]°A]w⌡µ±C¡ε@wO±ñC]
wC
pG≤hjM¡εsAhP¬hjMαOCpA
]≤PjMjp 2000 jMí 4000 ϕjMs 1A≤j
Mjpú¡jMí 3000 ϕjMs 2ANL¡εjMjp
jMí 4000 ϕjM¡εC
jM¡εsiHxsb localhost IBMpolicies ºUCb IBMpolicies ºUjM
¡εsQ gAb localhost UjM¡εhú gCziHNPjM¡εs
xsb localhost M IBMpolicies ºUCpGjM¡εsSxsbez⌠≤@
DN ºUA°AKñsjM¡εí≈ANª°sC
ϕljMA²d localhost ºUjM¡εsCpGΣú
AhjM IBMpolicies ºUjM¡εsCpGb localhost ºUΣ
Ahúd IBMpolicies ºUjM¡εsClocalhost ºUjM¡ε
su²¬≤ IBMpolicies ºUC
jM¡εs
pGnjM¡εsAz" Web zuπⁿOµsC
Web zG
pGzoAis²ñ²zC
1 . ÷@UsWA÷@UzAA∩m]cn=ibmPol ic ies
cn=localhostAMß÷@UsWC
2. qc&½≤O\αϕñ∩Σñ@s½≤OC
v accessGroup
v accessRole
v AIXaccessGroup
© Copyright IBM Corp. 2003 225
v eNTGroup
v groupofNames
v groupofUniqueNames
v groupofURLs
v ibm-nestedGroup
v ibm-proxyGroup
v ibm-staticGroup
v ibm-dynamicGroup
3. ÷@UU@BC
4. qi\αϕñ∩zn ibm-searchLimits U½≤OAA÷@UsWC½ezABzC@znsWΣLU½≤OCz]iHq
w∩\αϕñRúU½≤OAΦkO∩ªAA÷@UúC
5. ÷@UU@BC
6. b∩ DN µñAΘJznsWºs∩OW (RDN)Ap cn=Search
Group1C
7. b DN µñAΘJzn∩²≡OWAp cn=localhostC
z]iH÷@Us²AqMµ∩u) DNvC∩z∩AA÷@U∩
ⁿwzQnu) DNvC DN w]²≡ñ∩C
: pGzwqzeF@Ahw²z±goµC∩
F DN ßA÷@UsWsWC
8. bnWAΘJ"nC
v cn Ozy¡ⁿw∩ DNC
v b ibm-searchSizeLimit µñAⁿwwqjMjpCd≥Ob 0 2,147,483,647 ºíC]w 0 Pú]¡PC
v b ibm-searchTimeLimit µñAⁿwwqjMíϕCd≥Ob 0 2,147,483,647 ºíC]w 0 Pú]¡PC
v ∩½≤O wAz¿ uniqueMember µCoOznºs¿Co D N µíAp c n = B o b
Garcia,ou=austin,o=ibm,c=usC
9. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz
¿sWhA÷@UTwCpoK[JπbñiXR\
αϕñC
10. pGz°AFyÑAziH÷@UyÑsWúyÑ
yzlCΩTA\ 190yyÑzC
11. ÷@UΣLC
12. bΣLWAΘJAXC÷sWGiΩTA\
195yGizC
13. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz
¿sWhA÷@UTwCpoK[JπbñiXR\
αϕñC
14. pGz°AFyÑAziH÷@UyÑsWúyÑ
yzlCΩTA\ 190yyÑzC
226 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
15. ÷@U¿C
ⁿOµG
pGnⁿOµ⌡µP@AoXUCⁿOG
ldapmodify -a -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
Dn: cn=Search1, cn=localhostCn: Search1member: cn=user1,o=ibmmember: cn=user2,o=ibmibm-searchTimeLimit: 4000ibm-searchSizeLimit: 2000objectclass: topobjectclass: ibm-searchLimitsobjectclass: groupofNames
∩jM¡εs
ziHQ Web zuπⁿOµ∩jM¡εsAp≤jMjpí
¡εAOsWRúsC
Web zG
pGn∩jM¡εsA\ 194y∩zC
ⁿOµG
pGnⁿOµ∩jM¡εsAoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=Search1, cn=localhostnchangetype: modify
replace: ibm-searchTimeLimitibm-searchTimeLimit: 3000-replace: ibm-searchSizeLimitibm-searchSizeLimit: 0
add: membermember: cn=Bob Garcia,ou=austin,o=ibm,c=us
sjM¡εs
pGzn²PjM¡εs±b localhost M IBMpolicies ºUAsjM¡εs
DCϕznPsⁿΩTBptºss]C
°AzG
pGnsjM¡εsA \ 195yszC
ⁿOµG
pGn° localhost ñ]tjMsAoXⁿOG
ldapsearch -b cn=localhost objectclass=ibm-searchLimits
17 zjM¡εs 227
∩nsjM¡εsCziHsΦ≤÷ΩTABN≤xs
<filename>CoXUCⁿOG
ldapmodify -a -D <adminDN> -w <adminPW> -i <filename>
Σñ <filename> tG
Dn: cn=NewSearch1, cn=localhostCn: NewSearch1member: cn=user1,o=ibmmember: cn=user2,o=ibmibm-searchTimeLimit: 4000ibm-searchSizeLimit: 2000objectclass: topobjectclass: ibm-searchLimitsobjectclass: groupofNames
újM¡εs
pGnújM¡εsAziH Web zuπⁿOC
Web zG
pGnújM¡εsA\ 193yRúzC
ⁿOµG
pGnⁿOµújM¡εsAoXUCⁿOG
ldapdelete -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
#bBCXΣL DNACµ@cn=Search1, cn=localhost
pGnúhjM¡εsAC DNCC@ DN "bO@µC
228 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
18 z Proxy vs
Proxy vOSϕOíC Proxy v≈εAßíiH)v
¡≈Os²A²O0\NΣL⌡µ@s²C@i
H⌠íiNh½s Directory ServerC
Proxy vsñ¿iH⌠≤wO¡≈OA²zzs¿
úC
Proxy vsiHxsb localhost IBMpolicies ºUCIBMpolicies ºU Proxy
vsOiH gA²O localhost ºU Proxy vshCziHN Proxy
vsPxsb localhost M IBMpolicies ºUCpG Proxy vsSxsbe
z⌠≤@ DN ºUA°AKñs Proxy í≈ANª°sC
pAYßí client1AiH¬hs\ivs Directory
ServerC¡\iv UserA enDßíCpGßO Proxy
vs¿AΣúH client1 ¡≈nD Directory ServerA Oⁿ¡ε
\ihAH UserA ¡≈nDCoNϕúOH client1 ⌡µnDAí
°Auαs⌡µ UserA α≈s⌡µΩT@CoONHNz UserA
Φí⌡µnDC
: ¿"π)v DN íCh#L DN ykTºCs
DN ú0\¿ Proxy vs¿C
zMzs¿ú0\¿ Proxy vs¿C
fΘxO² Proxy v⌡µºC@@s DN M proxy DNC
Proxy vs
pGn Proxy vsAz" Web zuπⁿOµsC
Web zG
pGzoAis²ñ²zC
1 . ÷@UsWA÷@UzAA∩m]cn=ibmPol ic ies
cn=localhostAMß÷@UsWC
2. qc&½≤O\αϕñA∩ groupof Names ½≤OC
3. ÷@UU@BC
4. qi\αϕñ∩ ibm-proxyGroup U½≤OAA÷@UsWC½
ezABzC@znsWΣLU½≤OCz]iHq∩\
αϕñRúU½≤OAΦkO∩ªAA÷@UúC
5. ÷@UU@BC
6. b∩ DN µñAΘJ cn=proxyGroupC
© Copyright IBM Corp. 2003 229
7. b DN µñAΘJzn∩²≡OWAp cn=localhostC
z]iH÷@Us²AqMµ∩u) DNvC∩z∩AA÷@U∩
ⁿwzQnu) DNvC DN w]²≡ñ∩C
: pGzwqzeF@Ahw²z±goµC∩
F DN ßA÷@UsWsWC
8. bnWAΘJ"nC
v cn O proxyGroupC
v ¿ DN µíAp cn=Bob Garcia,ou=austin,o=ibm,c=usC
÷sWGiΩTA\ 195yGizC
9. pGzQnsWhSϕA÷@UhAMß@sW@C
: < cn hCProxy vs"úW proxyGroupC
ϕz¿sWhA÷@UTwCpoK[Jπbñi
XR\αϕñC
10. pGz°AFyÑAziH÷@UyÑsWúyÑ
yzlCΩTA\ 190yyÑzC
11. ÷@UΣLC
12. bΣLWAΘJAXC÷sWGiΩTA\
195yGizC
13. pGzQnsWhSϕA÷@UhAMß@sW@Cϕz
¿sWhA÷@UTwCpoK[JπbñiXR\
αϕñC
14. pGz°AFyÑAziH÷@UyÑsWúyÑ
yzlCΩTA\ 190yyÑzC
15. ÷@U¿C
ⁿOµG
Yntl¿ proxy OsAoXUCⁿOG
ldapadd -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=proxyGroup,cn=localhostcn: proxyGroupmember: cn=client1, ou=austin, o=ibm, c=usobjectclass: topobjectclass: containerobjectclass: groupOfNamesobjectclass: ibm-proxyGroup
YnsWΣL¿AoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=proxyGroup,cn=localhostcn: proxyGroup
changetype: modifyadd: membermember: cn=client2, ou=austin, o=ibm, c=us
230 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
∩ Proxy vs
°AzG
pGn∩ Proxy vsApsWRús¿A\ 194y∩
zC
ⁿOµG
pGnⁿOµ∩ Proxy vsAoXUCⁿOG
ldapmodify -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> ]tG
dn: cn=proxyGroup,cn=IBMpolicieschangetype: modify
delete: membermember: cn=client1, ou=austin, o=ibm, c=us-add: membermember: cn=client2, ou=austin, o=ibm, c=us-add: membermember: cn=client3, ou=austin, o=ibm, c=us
s Proxy vs
°AzG
pGznNP Proxy vs±b localhost M IBMpolicies ºUAs Proxy
vsKiúW⌡C
pGns Proxy vsA\ 195yszC
ⁿOµG
pGn° localhost ñ]t Proxy vsAoXUCⁿOG
ldapsearch -D <adminDN> -w <adminPW> -b cn=localhost objectclass=ibm-proxyGroup
∩ Proxy vsCziHsΦ≤÷ΩTABN≤xs
<filename>CoXUCⁿOG
ldapmodify -a -D <adminDN> -w<adminPW> -i<filename>
Σñ <filename> tG
Dn: cn=proxyGroup, cn=ibmpoliciesCn: proxyGroupobjectclass: ibm-proxyGroupobjectclass: groupOfNamesmember: cn=client1, ou=austin, o=ibm, c=usmember: cn=client2, ou=austin, o=ibm, c=usmember: cn=client3, ou=austin, o=ibm, c=us
ú Proxy vs
pGnq Proxy vsñú¿AUCΣñ@ΦkC
18 z Proxy vs 231
Web zG
pGnú Proxy vsA\ 193yRúzC
ⁿOµG
pGnú Proxy vsAoXⁿOG
ldapdelete -D <adminDN> -w <adminpw> -s "cn=ProxyGroup,cn=IBMpolicies"
÷M Proxy vsiH% Web zuπzA²OΣL⌠≤ Web zuπ\
αoúLkδ Proxy vsC]AuProxy vεv LDAP @
LDAP ⁿO -y ∩ú Peoxy v\αCpG
ldapsearch -D "cn=client1,ou=austin,o=ibm,c=us" -w <client1password>-y "cn=userA,o=ibm,c=us" -b "o=ibm,c=us" -s sub ou=austin
Wz ldapsearch ⁿwAú userA >≥¬\ivAclient1 úiH¬
²C
232 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
4 g ÷@
© Copyright IBM Corp. 2003 233
234 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
19 ΓBdBs
ΓOªsXCpAqBOyñíúiHO
ΓC
ΓΦíObRWwqñ⌠≤aΦ½≤O ″ibm-realm″ ]úb cn=localhostBcn=schema cn=configuration UCibm-realm ½≤wqΓW
(cn)BΓzs (ibm-realmAdminGroup)BⁿwΓñ½≤O
d½≤ (ibm-realmUserTemplate)AHsbΣUxsxs
m]ibm-realmUserContainer ibm-realmGroupContainerC²zM
zs¿tdzdBΓΓzsCbΓßAΓ
zs¿]ΓztdzΓsC
Γ
iuWeb zuπv²ñΓdC
1. ÷@UsWΓC
v ΘJΓWCpArealm1C
v ΘJHOΓmu) DNvCoOHrµíϕApA
o=ibm,c=usCz]iH÷@Us²A∩zQnl≡mC
2. ÷U@B≥C
3. dΩTCAzΩWΓAHiHñdjM
Lo°≤C
4. ÷@U¿ΓC
Γz
YnΓzA²z"ΓzsC
Γzs
iuWeb zuπv²ñ²zC
1. ÷@UzC
2. i²≡AMß∩zΦ+Γ cn=realm1,o=ibm,c=usC
3. ÷@UsΦ ACLC
4. ÷@UC
5. Tww∩C
6. ΘJΓ DN cn=realm1,o=ibm,c=usC
7. N¼≤sC
8. ÷@UsWC
9. ÷@UTwC
© Copyright IBM Corp. 2003 235
z
pGSzAhz"@C
iuWeb zuπv²ñ²zC
1. ÷@UzC
2. N²≡izQnznmC
: Nz±bΓAHKzNRúªCbodñAmiαO o=ibm,c=usC
3. ÷@UsWC
4. ∩c&½≤OApAinetOrgPersonC
5. ÷@UU@BC
6. ∩⌠≤nsWU½≤OC
7. ÷@UU@BC
8. ΘJ"nCpA
v RDN cn=John Doe
v DN o=ibm,c=us
v cn John Doe
v sn Doe
9. bΣLWATwzwⁿwKXC
10. ϕz¿A÷@U¿C
sWzzs
iuWeb zuπv²ñ²zC
1. ÷@UzC
2. i²≡AMß∩zΦ+Γ cn=realm1,o=ibm,c=usC
3. ÷@UsΦC
4. ÷@U¿C
5. ÷@U¿C
6 . b¿µñAΘJz D NAbodñAhO c n = J o h nDoe,o=ibm,c=usC
7. ÷@UsWCo DN πb¿MµñC
8. ÷@UTwC
9. ÷@U≤sCo DN πbµ¿MµñC
10. ÷@UTwC
zwiHzΓzC
236 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
d
bΓßAzU@BNOdCdiH≤UznΘJΩ
TCiuWeb zuπv²ñΓdC
1. ÷@UsWdC
v ΘJdWApAtemplate1C
v ΘJdNnmC≥≤ gAΓd±bNodΓl
≡ñCpAb²e@ñΓ cn=realm1,o=ibm,c=usCz]iH÷@Us²A∩dmúPl≡C
2. ÷@UU@BCziH÷@U¿AdCyßziHsWΩTd
A\ 242ysΦdzC
3. pG÷@UFU@BA∩dc½≤OApAinetOrgPersonCz]iHsW⌠≤zQnU½≤OC
4. ÷@UU@BC
5. nwbdWCziH∩oW]tΩTC
a. ∩\αϕñnAA÷@UsΦCoπusΦveC
znWAH½≤O inetOrgPerson w∩G
v *sn - m≤
v *cn - @δW
: * ϕ"nΩTC
b. pGzQnsWΣLΩToAq\αϕ∩CpA∩
departmentNumberAA÷@UsWC∩ employeeNumberAA÷@Us
WC∩ titleAA÷@UsWC∩\αϕb¿G
v title
v employeeNumber
v departmentNumber
v *sn
v *cn
c. ziH½sCoµXbdΦíAΦk¬Gπw∩
AA÷@UWUCoWU@mC½oA
z²÷QnCεCpA
v *sn
v *cn
v title
v employeeNumber
v departmentNumber
d. z]iH∩C@∩C
1) ¬Gπw∩Φ⌠ñAA÷@UsΦC
2 ) ziH≤bdWµπWCpApGzQn
departmentNumber π Department numberANWΘJπW
µñC
19 ΓBdBs 237
3) z]iHúw]Aw²±gdñµCpApGjí≈N
ΘJúOuí 789v¿AhziHΘJ 789 @w]Cd
Wµw²±J 789CϕzsWΩΩTANiH≤
C
4) ÷@UTwC
e. ÷@UTwC
6. YnΣLΩTt@A÷@UsWC
v ΘJsWCpAAddress informationC
v ∩≤oAq\αϕ∩CpA∩ homePostalAddressAA÷@UsWC∩ postOfficeBoxAA÷@UsWC∩ telephoneNumberAA÷@UsWC∩ homePhoneAA÷@UsWC∩
facsimileTelephoneNumberAA÷@UsWC∩\αϕ¿G
– homePostalAddress
– postOfficeBox
– telephoneNumber
– homePhone
– facsimileTelephoneNumber
v ziH½sCoµXbdΦíAΦk¬Gπw∩A
A÷@UWUCoWU@mC½oAz²
÷QnCεCpA
– homePostalAddress
– postOfficeBox
– telephoneNumber
– facsimileTelephoneNumber
– homePhone
v ÷@UTwC
7. ½oAzQnCϕz¿A÷@U¿d
C
sWdΓ
bFΓdßAznsWdΓCiuWeb zuπv²ñΓ
dC
1. ÷@UzΓC
2. ∩n[JdΓAbodñAcn=realm1,o=ibm,c=usAA÷@Us
ΦC
3. VUdAAiU\αϕC
4. ∩dAbodñAcn=template1,cn=realm1,o=ibm,c=usC
5. ÷@UTwC
6. ÷@U÷¼C
238 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
s
iuWeb zuπv²ñMsC
1. ÷@UsWsC
2. ΘJnsWCpAgroup1C
3. qU\αϕ∩n[JΓCbípUAhO realm1C
4. ÷@U¿sCpGzbΓñwAhiH÷@UU@BA∩
nsW group1 CMßA÷@U¿C
ΣlΩTA\ 219yszC
sWΓ
iuWeb zuπv²ñMsC
1. ÷@UsWC
2. qU\αϕ∩n[JΓCbípUAhO realm1C
3. ÷@UU@BCoπzΦdAtemplate1C±"nµ][P
* HñΣL⌠≤µCpGzwbΓsAhz]iHs
W@hsC
4. ϕz¿A÷@U¿C
zΓ
b]wJzlΓßAziHsW≤hΓ∩ΓC
i²ñΓdAMß÷@UzΓCoπΓM
µCqoeAziHsWΓBsΦΓBúΓAsΦΓsεM
µ (ACL)C
sWΓ
iuWeb zuπv²ñΓdC
1. ÷@UsWΓC
v ΘJΓWCpArealm2C
v pGπw²sbΓApArealm1AziH∩@ΓANª]wszbΓC
v ΘJHOΓmu) DNvCoOHrµíϕApA
o=ibm,c=usCz]iH÷@Us²A∩zQnl≡mC
2. ÷@UU@B≥iµA÷@U¿C
3. pGz÷@UFU@BAdΩTC
4. qU\αϕ∩dCpGzqw²sbΓsF]wAhbo
µñw²±gªdC
5. ΘJjMLo°≤C
6. ÷@U¿ΓC
19 ΓBdBs 239
sΦΓ
iuWeb zuπv²ñΓdC
v ÷@UzΓC
v qΓMµ∩nsΦΓC
v ÷@UsΦC
– ziHs²÷s≤
- zs
- sxs
- xs
– ziHqU\αϕ∩úPdC
– ÷@UsΦ∩jMLo°≤C
v ϕz¿A÷@UTwC
úΓ
iuWeb zuπv²ñΓdC
1. ÷@UzΓC
2. ∩núΓC
3. ÷@URúC
4. ϕúzTRúA÷@UTwC
5. oΓqΓMµúC
sΦΓW ACLYnQuWeb zuπví° ACL eH ACLA\ 209
y ACLzC
ΣlΩTA\ 201 15 , ysεMµzC
zd
bFzldßAziHsW≤hdA∩dC
i²ñΓdAMß÷@UzdCoπd
MµCqoeAziHsWdBsΦdBúdAsΦds
εMµ (ACL)C
sWd
iuWeb zuπv²ñΓdC
1. ÷@UsWdA÷@UzdAA÷@UsWC
v ΘJsdWCpAtemplate2C
v pGzw²sbdApAtemplate1AziH∩@dANª]wszbdC
v ΘJHOdmu) DNvCoOHrµíϕApA
cn=realm1,o=ibm,c=usCz]iH÷@Us²A∩zQnl≡mC
240 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
2. ÷@UU@BCziH÷@U¿AdCyßziHsWΩTd
A\ 242ysΦdzC
3. pG÷@UFU@BA∩dc½≤OApAinetOrgPersonCz]iHsW⌠≤zQnU½≤OC
4. ÷@UU@BC
5. qRWU\αϕñA∩dºΓñAC@ RDN A
CoRW]p employeeNumberA∩dºΓñC
@¿ ÑAú"OW@LGCoRWNOMs@
MµñAπWCpApG employeeNumber ORWA
BΘJF 1234abcAhbAϕMµñKπ¿ 1234abcC
6. nwbdWCziH∩oW]tΩTC
a. ∩\αϕñnAA÷@UsΦCoπusΦveC
znWAH½≤O inetOrgPerson w∩G
v *sn - m≤
v *cn - @δW
: * ϕ"nΩTC
b. pGzQnsWΣLΩToAq\αϕ∩CpA∩
departmentNumberAA÷@UsWC∩ employeeNumberAA÷@Us
WC∩ titleAA÷@UsWC∩\αϕb¿G
v title
v employeeNumber
v departmentNumber
v *sn
v *cn
c. ziH½sCoµXbdΦíAΦk¬Gπw∩
AA÷@UWUCoWU@mC½oA
z²÷QnCεCpA
v *sn
v *cn
v title
v employeeNumber
v departmentNumber
d. z]iH∩C@∩C
1) ¬Gπw∩Φ⌠ñAA÷@UsΦC
2 ) ziH≤bdWµπWCpApGzQn
departmentNumber π Department numberANWΘJπW
µñC
3) z]iHúw]Aw²±gdñµCpApGjí≈N
ΘJúOuí 789v¿AhziHΘJ 789 @w]Cd
Wµw²±J 789CϕzsWΩΩTANiH≤
C
4) ÷@UTwC
19 ΓBdBs 241
e. ÷@UTwC
7. YnΣLΩTt@A÷@UsWC
v ΘJsWCpAAddress informationC
v ∩≤oAq\αϕ∩CpA∩ homePostalAddressAA÷@UsWC∩ postOfficeBoxAA÷@UsWC∩ telephoneNumberAA÷@UsWC∩ homePhoneAA÷@UsWC∩
facsimileTelephoneNumberAA÷@UsWC∩\αϕ¿G
– homePostalAddress
– postOfficeBox
– telephoneNumber
– homePhone
– facsimileTelephoneNumber
v ziH½sCoµXbdΦíAΦk¬Gπw∩A
A÷@UWUCoWU@mC½oAz²
÷QnCεCpA
– homePostalAddress
– postOfficeBox
– telephoneNumber
– facsimileTelephoneNumber
– homePhone
v ÷@UTwC
8. ½oAzQnCϕz¿A÷@U¿d
C
sΦd
iuWeb zuπv²ñΓdC
v ÷@UzdC
v qΓMµ∩nsΦΓC
v ÷@UsΦC
v pGzπw²sbdApAtemplate1AziH∩@dA²ª]w
szbsΦdC
v ÷@UU@BC
– ziHU\αϕA≤dc½≤OC
– ziHsWúU½≤OC
v ÷@UU@BC
v ziH∩dñ]tC\ 241 6AHop≤∩
÷ΩTC
v ϕz¿A÷@U¿C
úd
iuWeb zuπv²ñΓdC
1. ÷@UzdC
242 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
2. ∩núdC
3. ÷@URúC
4. ϕúzTRúA÷@UTwC
5. odqdMµúC
sΦdW ACLiuWeb zuπv²ñΓdC
1. ÷@UzdC
2. ∩n@dsΦ ACLC
3. ÷@UsΦ ACLC
YnQuWeb zuπví° ACL eH ACLA\ 209
y ACLzC
ΣlΩTA\ 201 15 , ysεMµzC
z
bz]wFΓdßAziHbΣñJC
sW
iuWeb zuπv²ñMsC
1. ÷@UsWA÷@UzAA÷@UsWC
2. qU\αϕ∩n[JΓC
3. ÷@UU@BCoπPΓ÷pdC±"nµ][P *
HñΣL⌠≤µCpGzwbΓsAhz]iHsW
@hsC
4. ϕz¿A÷@U¿C
MΣΓ
iuWeb zuπv²ñMsC
1. ÷@UMΣA÷@UzAA÷@UMΣC
2. q∩Γµ∩njMd≥C
3. bRWµñΘJjMrΩCΣUrApApGzΘJF *smithAhGOπRW smith C
4. ziH∩∩⌡µUC@G
v sΦ - \ysΦΩTzC
v s - \ 244yszC
v Rú - \ 244yúzC
5. ϕz¿A÷@UTwC
sΦΩT
iuWeb zuπv²ñMsC
1. ÷@UzC
19 ΓBdBs 243
2. qU\αϕ∩@ΓCpGπbΦ⌠A÷@U°
C
3. ∩nsΦAA÷@UsΦC
4. ∩WΩTA∩s¿ΩµC
5. ϕz¿A÷@UTwC
s
pGzn@ΣΩTjí≈PAziHsl∩Ω
TAΣLC
iuWeb zuπv²ñMsC
1. ÷@UzC
2. qU\αϕ∩@ΓCpGπbΦ⌠A÷@U°
C
3. ∩nsAA÷@UsC
4. ∩sAϕΩTApAOSw"nΩTAp sn cnCoΓ
@ΩTún≤C
5. ϕz¿A÷@UTwC
ú
iuWeb zuπv²ñMsC
1. ÷@UzC
2. qU\αϕ∩@ΓCpGπbΦ⌠A÷@U°
C
3. ∩núAA÷@URúC
4. ϕúzTRúA÷@UTwC
5. oqMµúC
zs
b]wFΓdßAzNiHsC
sWs
iuWeb zuπv²ñMsC
1. ÷@UsWsA÷@UzsAA÷@UsWC
2. ΘJnsWC
3. qU\αϕ∩n[JΓC
4. ÷@U¿sCpGzbΓñwAhiH÷@UU@BA∩
nsWsCMßA÷@U¿C
ΣlΩTA\ 219yszC
244 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
MΣΓs
iuWeb zuπv²ñMsC
1. ÷@UMΣsA÷@UzsAA÷@UMΣC
2. q∩Γµ∩njMd≥C
3. bRWµñΘJjMrΩCΣUrApApGzΘJF *clubAhGOπRW club sApAbook clubBchess clubBgarden club Ñ
ÑC
4. ziH∩∩s⌡µUC@G
v sΦ - \ysΦsΩTzC
v s - \ysszC
v Rú - \yúszC
5. ϕz¿A÷@U÷¼C
sΦsΩT
iuWeb zuπv²ñMsC
1. ÷@UzsC
2. qU\αϕ∩@ΓCpGsπbsΦ⌠A÷@U°sC
3. ∩nsΦsAA÷@UsΦC
4. ziH÷@ULo°≤A¡εiCpAbum≤vµñΘJ
*smithANi¡εΣWH smith Ap Ann SmithBBob SmithBJoe
Goldsmith ÑÑC
5. ziHqssWúC
6. ϕz¿A÷@UTwC
ss
pGzn@Σ¿jí≈PsAziHsls∩ΩTA
ΣLsC
iuWeb zuπv²ñMsC
1. ÷@UzsC
2. qU\αϕ∩@ΓCpGπbsΦ⌠A÷@U°sC
3. ∩nssAA÷@UsC
4. ≤sWµñsWCssPls@πP¿C
5. ziH∩s¿C
6. ϕz¿A÷@UTwCossA BªPls@tP
¿AúLAbiµsíAFsWú∩@C
ús
iuWeb zuπv²ñMsC
1. ÷@UzsC
2. qU\αϕ∩@ΓCpGsπbsΦ⌠A÷@U°sC
3. ∩núsAA÷@URúC
19 ΓBdBs 245
4. ϕúzTRúA÷@UTwC
5. osqsMµúC
246 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
5 g ⁿOµí
ziHoí@z IBM Tivoli Directory Server NΦkC
© Copyright IBM Corp. 2003 247
248 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
20 ⁿOµí
íiHqⁿOúe⌡µíC
ßí
v 250yldapchangepwdz
v 253yldapdeletez
v 257yldapexopz
v 265yldapmodifyBldapaddz
v 271yldapmodrdnz
v 275yldapsearchz
°Aí
v 284ybulkload íz
v 287ydbbackz
v 287ydbrestorez
v 288ydb2ldif íz
v 289yibmdiradmz
v 289yibmdirctlz
v 291yldapdiffz
v 297yldaptracez
v 300yldif íz
v 300yldif2db íz
v 301yrunstatsz
ßíú ldap_sasl_bind APICYIssAiα#hGCH
UOUúP ID PKXXAúsGC
v pGⁿw admin DNAh"ⁿwTKXAúMNLkQsC
v pGⁿw DNAⁿw° 0 DNANogOsvAúDz
ís (SASL)Ap KerberosC
v pGⁿw DNAB DN úOAh"PⁿwKXAúM#C
v pGⁿw DN PKXA²Ooú≤²ñ⌠≤rUAh#αC
v pGⁿwT DN PKXANP¡≈OsC
v pGⁿw DN PKXA²Oⁿw DN úsbAh?gOsvC
v pGⁿw DN PKXABⁿw DN sbA²OΣ½≤SKXAh
#@hTºC
ßí
ú÷ßííCIBM Tivoli Directory Server Version 5.2: Client
SDK Programming Reference u 2 LDAP ívñ]íC
© Copyright IBM Corp. 2003 249
ldapchangepwdoO LDAP ∩KXuπC
yk
ldapchangepwd -D binddn -w passwd | ? -n newpassword | ?[-C charset] [-d debuglevel][-G realm][-h ldaphost][-K keyfile] [-m mechanism] [-M] [-N certificatename][-O maxhops] [-p ldapport] [-P keyfilepw] [-R][-U username] [-v] [-V version] [-y proxydn] [-Y] [-Z] [-?]
íe∩KXnD LDAP °AC
∩
-C charset
ⁿwú@ ldapdelete íΘJ DNAOH charset ⁿwr
eC -C charset iH∩gw]AΣñrΩ"H UTF-8 úCp
C@@t¡xΣSwrA\ 329y¡xΣ
IANA rzCNAiΣrOM 1 LDIF ñA∩w
qrPC
-d debuglevel
N LDAP úh] debuglevelCp÷úhΩTA\ 312
y°AúízC
-D binddn
binddn s LDAP ²Cbinddn OHrΩe DNCϕtX -m
DIGEST-MD5 Aªⁿwv IDCªiHO DN H ″u:″ ″dn:″ Y authzId rΩC
-G realm
ⁿwΓWCϕtX -m DIGEST-MD5 Absí°
AC
-h ldaphost
ⁿw LDAP °A⌡µbND≈C
-K keyfile
ⁿw SSL TLS ≈ΩwWA]Aw]W kdbCpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWCpG
Sⁿw≈ΩwWAí²b SSL_KEYRING ⌠
ñAMΣπ÷pWCpGSwq SSL_KEYRING ⌠Ah
w]≈⌠]pGw]C
w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA
ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow
LDAP Σb⌠CLDAPHOME ]@t¡x úPG
v AIX @t - /usr/ldap
v HP-UX @t - /usr/IBMldap
v Linux @t - /usr/ldap
v Solaris @t - /opt/IBMldapc
v Windows @t - c:\Program Files\IBM\LDAP
250 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
: oOw]wmAΩ LDAPHOME Obw@íMwC
po÷w]≈ΩwHw]zñΣlΩTA
\ IBM Directory C-Client SDK Programming ReferenceC
pGΣú≈⌠ΩwAhw]iH⌠zñuw
XvC≈Ωwq]tßH⌠@hzñ
Co X.509 τuiH⌠DnvCp÷z SSL TLS
≈ΩwΩTA\ 74y gsk7ikmzCτ\ 252
ySSLBTLS NzM 69yw Socket hzñA÷ SSL P
ΩTC
a -Z /½C
-m mechanism
mechanismAⁿws°A S A S L ≈εCN
ldap_sasl_bind_s() APICY]w -V 2Ah -m QñCYSⁿw
-mAh ÷OC
-M Nα½≤ϕ@@δzC
-n newpassword | ?ⁿwsKXC ? iHúKXúCúiHε ps ⁿOñKXQC
-N certificatename
ⁿwP≈Ωwñß÷pCpG LDAP °Atm
u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ
ßP°AOAhnßCYwⁿww]/pK≈∩
@w]Ahúnⁿw certificatenameCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw certificatenameCpGúSⁿw -Z M -KAhQñC
-O maxhops
ⁿw maxhops i]wßíwblαAiHDW¡Cw]⌡DO 10 C
-p ldapport
ⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CYS
ⁿw -pA²ⁿw -ZAhw] LDAP SSL ≡ 636C
-P keyfilepw
ⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩTA
ñiα]A@hpK≈CpG≈Ωw÷pKX⌠
AhqKX⌠oKXA]Nún -P CpG -Z M -KΓúSⁿwAhQñC
-R ⁿwún)αC
-U username
ⁿwWC -m DIGEST-MD5 O"nAϕΣL≈εh
ñCusername °Atm wCiαO uid O
MΣ⌠≤ΣLC
-v íAhEgJΘXC
20 ⁿOµí 251
-V version
ⁿwϕ ldapdchangepwd s LDAP °AAn LDAP C
w]A LDAP V3 suCYnTa∩ LDAP V3Aⁿw -V3Cⁿw -V 2 ⌡µ@ LDAP V2 íC ldapdchangepwd ºíA ldap_initA∩H LDAP V3 @"nqT≤wA ú
ldap_openC
-w passwd | ? passwd @OKXC ? iHúKXúCúiH
ε ps ⁿOñKXQC
-y proxydn
ⁿw≤ Proxy v DNC
-Y w TSL suM LDAP °AqTCubwF IBM GSKit +
Σ -Y ∩C
-Z w SSL suM LDAP °AqTCbw% IBM GSKit ú
SSL ≤A+iHΣ -Z ∩C
-? π ldapchangepwd ykíC
d
UCⁿOA
ldapchangepwd -D cn=John Doe -w a1b2c3d4 -n wxyz9876
NW commonName ″John Doe″ KXA% a1b2c3d4 ∩ wxyz9876
SSLBTLS NpGnPí÷p SSL TLS ÷τA"w SSL TLS
íwPuπCSSL TLS íwPuπO% IBM Global Security Kit (GSKit) ú
AΣñ]t% RSA Security Inc. ow@nΘC
: p÷ LDAP í 128 MT½ DES [KtΓkΩTAH
LDAP díA\ IBM Directory C-Client SDK Programming Reference ñ
LDAP_SSLCímdíMzí"nBJAΣαt
ijj[KtΓkº SSLC
\Pdí÷p make Ao÷ LDAP íAΣαs 128
HT½ DES [KtΓkΩTC
ß≈ΩweOH gsk7ikm í[HzCp÷ Java
íΩTA\ 74y gsk7ikmzCgsk7ikm íiwq²
ßH⌠@iH⌠µ (CA)C%qiH⌠ CA oBNx
sb≈ΩwñAMßNuiH⌠vAzNiHM%Σñ@
iH⌠ CA ouiH⌠v LDAP °AAH⌠÷YCgsk7ikm
í]iHoßAHKα⌡µßM°AOC
Yßs LDAP °Au°AOAhb≈ΩwñAunwq
@hiH⌠DnYiCzL°AOAßNiHTH LDAP °A
wo%Σñ@iH⌠ CA oCAbP°Aºí SSL
TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind
ldap_simple_bind_s ú LDAP CpAY LDAP °AO¬iH
VeriSign AzNq VeriSign o@≈ CA BNJz≈Ω
252 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
wñAMßNiH⌠CpG LDAP °AO)µ°A
Ah LDAP °AziHú@≈°A1zCN1
Jz≈ΩwñAMßiH⌠C
Yßs LDAP °AßM°AOAh"G
v b≈Ωwñwq@hiH⌠DnCΦíiH²ßTH
LDAP °Aw%Σñ@iH⌠ CA oCAbP°Aºí
SSL TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind
ldap_simple_bind_s ú LDAP C
v gsk7ikm ú≈∩AMßV CA nD@≈ßCbq CA ¼w
ßANxsbß≈ΩwñC
EYSoAh⌠¼AO 0CD 0 ⌠¼APAbΘxñ
gJETºC
t\
ldapaddBldapdeleteBldapexopBldapmodifyBldapmodrdnBldapsearch
ldapdeleteLDAP RúuπC
yk
ldapdelete [-c] [-C charset] [-d debuglevel][-D binddn] [-f file][-G realm] [-h ldaphost] [-i file] [-k] [-K keyfile] [-m mechanism][-M] [-n] [-N certificatename] [-O maxops] [-p ldapport][-P keyfilepw] [-R] [-s][-U username [-v] [-V version][-w passwd | ?] [-y proxydn][-Y] [-Z] [dn]...
íldapdelete O ldap_delete íwIsⁿOµC
ldapdelete M LDAP °AºísuBiµsAMßRú@hC
Yú@hOW (DN) AhRúπ% DN CC@ DN O
HrΩe DNCYSú DN AhqΘJ¬ DN MµAY
-i XAhOq¬ DN MµC
Ynπ ldapdelete ykíAΘJG
ldapdelete -?
.
∩
-c ≥@íC÷°iAúL ldapdelete ,≥iµ∩ChAw]@Ob°iAY⌠@C
-C charset
ⁿwú@ ldapdelete íΘJ DNAOH charset ⁿwr
eC -C charset iH∩gw]AΣñrΩ"H UTF-8 úCp
20 ⁿOµí 253
C@@t¡xΣSwrA\ 329y¡xΣ
IANA rzCNAiΣrOM 1 LDIF ñA∩w
qrPC
-d debuglevel
N LDAP úh] debuglevelCp÷úhΩTA\ 312
y°AúízC
-D binddn
binddn s LDAP ²Cbinddn OHrΩe DNCϕtX -m
DIGEST-MD5 Aªⁿwv IDCªiHO DN H ″u:″ ″dn:″ Y authzId rΩC
-f file q¬s≥µAMßw∩ñC@µ⌡µ@ LDAP RúCñ
C@µu]t@OWC
-G realm
ⁿwΓWCϕtX -m DIGEST-MD5 Absí°
AC
-h ldaphost
ⁿw LDAP °A⌡µbND≈C
-i file q¬s≥µAMßw∩ñC@µ⌡µ@ LDAP RúCñ
C@µu]t@OWC
-k ⁿw°AzεC
-K keyfile
ⁿw SSL TLS ≈ΩwWA]Aw]W kdbCpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWCpG
Sⁿw≈ΩwWAí²b SSL_KEYRING ⌠
ñAMΣπ÷pWCpGSwq SSL_KEYRING ⌠Ah
w]≈⌠]pGw]C
w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA
ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow
LDAP Σb⌠CLDAPHOME ]@t¡x úPG
v AIX @t - /usr/ldap
v HP-UX @t - /usr/IBMldap
v Linux @t - /usr/ldap
v Solaris @t - /opt/IBMldapc
v Windows @t - c:\Program Files\IBM\LDAP
: oOw]wmAΩ LDAPHOME Obw@íMwC
po÷w]≈ΩwHw]zñΣlΩTA
\ IBM Directory C-Client SDK Programming ReferenceC
pGΣú≈⌠ΩwAhw]iH⌠zñuw
XvC≈Ωwq]tßH⌠@hzñ
Co X.509 τuiH⌠DnvCp÷z SSL TLS
254 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
≈ΩwΩTA\ 74y gsk7ikmzCτ\ 256
ySSLBTLS NzM 69yw Socket hzñA÷ SSL P
ΩTC
a -Z /½C
-m mechanism
mechanismAⁿws°A S A S L ≈εCN
ldap_sasl_bind_s() APICY]w -V 2Ah -m QñCYSⁿw
-mAh ÷OC
-M Nα½≤ϕ@@δzC
-n πN⌡µ>≥@A²OúΩ∩CM -v tXA∩ú@C
-N certificatename
ⁿwP≈Ωwñß÷pCpG LDAP °Atm
u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ
ßP°AOAhnßCYwⁿww]/pK≈∩
@w]Ahúnⁿw certificatenameCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw certificatenameCpGúSⁿw -Z M -KAhQñC
-O maxhops
ⁿw maxhops i]wßíwblαAiHDW¡Cw]⌡DO 10 C
-p ldapport
ⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CYS
ⁿw -pA²ⁿw -ZAhw] LDAP SSL ≡ 636C
-P keyfilepw
ⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩTA
ñiα]A@hpK≈CpG≈Ωw÷pKX⌠
AhqKX⌠oKXA]Nún -P CpG -Z M -KΓúSⁿwAhQñC
-R ⁿwún)αC
-s ∩iHRú≤ⁿwUl≡C
-U username
ⁿwWC -m DIGEST-MD5 O"nAϕΣL≈εh
ñCusername °Atm wCiαO uid O
MΣ⌠≤ΣLC
-v íAhEgJΘXC
-V ⁿwϕ ldapdelete s LDAP °AAn LDAP C w]
A LDAP V3 suCYnTa∩ LDAP V3Aⁿw -V 3Cⁿw-V 2 ⌡µ@ LDAP V2 íC ldapdelete ºíA ldap_initA∩H LDAP V3 @"nqT≤wA ú ldap_openC
-w passwd | ? passwd @OKXC ? iHúKXúCúiH
ε ps ⁿOñKXQC
20 ⁿOµí 255
-y proxydn
ⁿw≤ Proxy v DNC
-Y w TSL suM LDAP °AqTCubwF IBM GSKit +
Σ -Y ∩C
-Z w SSL suM LDAP °AqTCbw% IBM GSKit ú
SSL ≤A+iHΣ -Z ∩C
-dn ⁿw@h DN CC@ DN OHrΩe DNC
d
UCⁿOA
ldapdelete "cn=Delete Me, o=University of Life, c=US"
RúW commonName ″Delete Me″A≤ University of Life
ºUCiαnú binddn M passwd +αiµRú]\ -D M -w ∩C
YSú DN Ah ldapdelete ⁿOÑqΘJ¬ DN MµCYn#
ÑAi Ctrl+C Ctrl+DC
SSLBTLS NpGnPí÷p SSL TLS ÷τA"w SSL TLS
íwPuπCSSL TLS íwPuπO% IBM Global Security Kit (GSKit) ú
AΣñ]t% RSA Security Inc. ow@nΘC
: p÷ LDAP í 128 MT½ DES [KtΓkΩTAH
LDAP díA\ IBM Directory C-Client SDK Programming Reference ñ
LDAP_SSLCímdíMzí"nBJAΣαt
ijj[KtΓkº SSLC
\Pdí÷p make Ao÷ LDAP íAΣαs 128
HT½ DES [KtΓkΩTC
ß≈ΩweOH gsk7ikm í[HzCp÷ Java
íΩTA\ 74y gsk7ikmzCgsk7ikm íiwq²
ßH⌠@iH⌠µ (CA)C%qiH⌠ CA oBNx
sb≈ΩwñAMßNuiH⌠vAzNiHM%Σñ@
iH⌠ CA ouiH⌠v LDAP °AAH⌠÷YCgsk7ikm
í]iHoßAHKα⌡µßM°AOC
Yßs LDAP °Au°AOAhb≈ΩwñAunwq
@hiH⌠DnYiCzL°AOAßNiHTH LDAP °A
wo%Σñ@iH⌠ CA oCAbP°Aºí SSL
TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind
ldap_simple_bind_s ú LDAP CpAY LDAP °AO¬iH
VeriSign AzNq VeriSign o@≈ CA BNJz≈Ω
wñAMßNiH⌠CpG LDAP °AO)µ°A
Ah LDAP °AziHú@≈°A1zCN1
Jz≈ΩwñAMßiH⌠C
256 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
Yßs LDAP °AßM°AOAh"G
v b≈Ωwñwq@hiH⌠DnCΦíiH²ßTH
LDAP °Aw%Σñ@iH⌠ CA oCAbP°Aºí
SSL TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind
ldap_simple_bind_s ú LDAP C
v gsk7ikm ú≈∩AMßV CA nD@≈ßCbq CA ¼w
ßANxsbß≈ΩwñC
EYSoAh⌠¼AO 0CD 0 ⌠¼APAbΘxñ
gJETºC
t\
ldapaddBldapchangepwdBldapexopBldapmodifyBldapmodrdnBldapsearch
ldapexopoO LDAP @uπ
yk
ldapexop [-C charset] [-d debuglevel][-D binddn][-e] [-G realm][-h ldaphost] [-help][-K keyfile] [-m mechanism] [-N certificatename][-p ldapport] [-P keyfilepw] [-?] [-U username] [-v] [-w passwd | ?][-Y] [-Z]-op cascrepl | clearlog | controlqueue | controlrepl | getAttributes |getlogsize | getusertype | quiesce | readconfig | readlog | stopserver |unbind | uniqueattr
íldapexop íO@ⁿOµAiús²\αABH¿@⌠≤Ω@oX@µ@@C
ldapexop íiΣ LDAP ßíD≈B≡B
SSLBTLS MO∩CAªwq@∩Aⁿwn⌡µ@AHC
@@C
Ynπ ldapexop ykíAΘJG
ldapexop -?
ldapexop -help
∩ldapexop ⁿO∩i!¿ΓOG
1. @δ∩Aⁿwp≤s²°ACo∩"b@Sw∩ºeⁿwC
2. @∩AⁿXn⌡µ@C
@δ∩: o∩ⁿws°AΦkAB"b -op ∩ºeⁿwC
-C charset
ⁿwú@ ldapexop íΘJ DN OHrⁿwreC
-C charset iH∩gw]AΣñrΩ"H UTF-8 úCpC@
20 ⁿOµí 257
@t¡xΣSwrA\ 329y¡xΣ IANA
rzCNAiΣrOM 1 LDIF ñA∩wqr
PC
-d debuglevel
N LDAP úh] debuglevelCp÷úhΩTA\ 312
y°AúízC
-D binddn
binddn s LDAP ²Cbinddn OHrΩe DNCϕtX -m
DIGEST-MD5 Aªⁿwv IDCªiHO DN H ″u:″ ″dn:″ Y authzId rΩC
-e π LDAP íwΩTAMß⌠C
-G realm
ⁿwΓWCϕtX -m DIGEST-MD5 Absí°
AC
-h ldaphost
ⁿw LDAP °A⌡µbND≈C
-help πk
-K keyfile
ⁿw SSL TLS ≈ΩwWA]Aw]W kdbCpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWCpG
Sⁿw≈ΩwWAí²b SSL_KEYRING ⌠
ñAMΣπ÷pWCpGSwq SSL_KEYRING ⌠Ah
w]≈⌠]pGw]C
w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA
ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow
LDAP Σb⌠CLDAPHOME ]@t¡x úPG
v AIX @t - /usr/ldap
v HP-UX @t - /usr/IBMldap
v Linux @t - /usr/ldap
v Solaris @t - /opt/IBMldapc
v Windows @t - c:\Program Files\IBM\LDAP
: oOw]wmAΩ LDAPHOME Obw@íMwC
po÷w]≈ΩwHw]zñΣlΩTA
\ IBM Directory C-Client SDK Programming ReferenceC
pGΣú≈⌠ΩwAhw]iH⌠zñuw
XvC≈Ωwq]tßH⌠@hzñ
Co X.509 τuiH⌠DnvCp÷z SSL TLS
≈ΩwΩTA\ 74y gsk7ikmzCτ\ 263
ySSLBTLS NzM 69yw Socket hzñA÷ SSL P
ΩTC
a -Z /½C
258 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
-m mechanism
mechanismAⁿws°A S A S L ≈εCN
ldap_sasl_bind_s() APICY]w -V 2Ah -m QñCYSⁿw
-mAh ÷OC
-N certificatename
ⁿwP≈Ωwñß÷pCpG LDAP °Atm
u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ
ßP°AOAhnßCYwⁿww]/pK≈∩
@w]Ahúnⁿw certificatenameCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw certificatenameCpGúSⁿw -Z M -KAhQñC
-p ldapport
ⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CYS
ⁿw -pA²ⁿw -ZAhw] LDAP SSL ≡ 636C
-P keyfilepw
ⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩTA
ñiα]A@hpK≈CpG≈Ωw÷pKX⌠
AhqKX⌠oKXA]Nún -P CpG -Z M -KΓúSⁿwAhQñC
-? πkC
-U username
ⁿwWC -m DIGEST-MD5 O"nAϕΣL≈εh
ñCusername °Atm wCiαO uid O
MΣ⌠≤ΣLC
-v íAhEgJΘXC
-w passwd | ? passwd @OKXC ? iHúKXúCúiH
ε ps ⁿOñKXQC
-Y w TSL suM LDAP °AqTCubwF IBM GSKit +
Σ -Y ∩C
-Z w SSL suM LDAP °AqTCbw% IBM GSKit ú
SSL ≤A+iHΣ -Z ∩C
@∩: -op @∩AⁿXn⌡µ@C@iHOUCΣñ@G
v cascrepl -action<actionvalue> -rc<contextDN> [options]GÑíCε g@CnD@Mⁿw°AWA B@ewl≡
CpG⌠≤°Abα ANN@@eΣ C@
HÑíΦíCπ gWC
-action quiesce | unquiesce | replnow | waitoO"nAⁿwn⌡µ@C
Rε (quiesce)ú gAúe\i@B≤sC
20 ⁿOµí 259
unquiesce#@δ@Aⁿß≤sC
replnowú≤ANJεC≤ g °A
C
wait ÑN≤s g ñC
-rc contextDn
oO"nAⁿwl≡ C
options
-timeout secs
oO∩AYⁿwAhOHϕµⁿwOíCYS
ⁿwA 0A@L¡εaÑC
dG
ldapexop -op cascrepl -action -quiesce -rc "o=acme,c=us" -timeout 60
v clearlog -log<logname>GMúΘx@
-log audit | bulkload | cli | slapd | ibmdiradm | adminDaemon| debugoO"nAⁿwnMúΘxC
dG
ldapexop -op clearlog -log audit
v controlqueue -skip<skipvalue> -ra<agreementDN>GεεC@
-skip all | change-idoO"nC
– all ϕ⌡L≤wm≤C
– change-id ⁿXn⌡Lµ@≤CY°AeSb g≤AhnDóC
-ra agreementDN
oO"nAⁿw g≤w DNC
dG
ldapexop -op controlqueue -skip all -ra "cn=server3,ibm-replicaSubentry=master1-id,ibm-replicaGroup=default,o=acme,c=us"
ldapexop -op controlqueue -skip 2185 -ra "cn=server3,ibm-replicaSubentry=master1-id,ibm-replicaGroup=default,o=acme,c=us"
v controlrepl -action<actionvalue> -rc<contextDN> | -ra<agreementDN>Gε g@
-action suspend | resume | replnowoO"nAⁿwn⌡µ@C
-rc contextDn | -ra agreementDn
-rc contextDn O g⌠wq DNCo@w∩⌠wq≤
w⌡µC-ra agreementDn O g≤w DNCo@w∩ⁿw g
≤w⌡µC
260 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
dG
ldapexop -op controlrepl -action suspend -ra "cn=server3,ibm-replicaSubentry=master1-id,ibm-replicaGroup=default,o=acme,c=us"
v getattributes -attrType<type> -matches bool <value>
-attrType operational | language_tag | attribute_cache | unique|configuration
oO"nAⁿwnD¼C
-matchess bool true | falseⁿw#MµOX -attrType< ∩ⁿw¼C
dG
ldapexop -op getattributes -attrType unique -matches bool true
#wⁿw@MµC
ldapexop -op getattributes -attrType unique -matches bool false
#ⁿw@MµC
v getlogsize -log<logname>GnDΘxjp@
-log audit | bulkload | cli | slapd | ibmdiradm | adminDaemon| debugoO"nAⁿwndΘxCΘxjp]Hµµg
JΘXC
dG
ldapexop -op getlogsize -log slapd2000 lines
v getusertypeGnD¼@
@ s DN #¼C
dG
ldapexop - D <AdminDN> -w <Adminpw> -op getusertype
#G
G root_administratorñΓ G server_config_administrator directory_administrator
ΩTA\ 264y@¼PñΓzC
v quiesce -rc <contextDN>[options]GRε°Rεl≡@
-rc contextDN
oO"nAⁿwnRε°Rε g⌠wq]l≡ DNC
options
-end oO∩AYⁿwAhOⁿwn°Rεl≡CYS
ⁿwAw]ORεl≡C
dG
ldapexop -op quiesce -rc "o=acme,c=us"
ldapexop -op quiesce -end -rc "o=ibm,c=us"
v readconfig -scope<scopevalue>: ½s¬tm@
20 ⁿOµí 261
-scope entire | single<entry DN><attribute> | entry <entry DN> | subtree <entry
DN> oO"nC
– entire ϕ½s¬πtmC
– single entry DN><attribute ϕ¬ⁿwµ@MC
– entry <entry DN> ϕ¬ⁿwC
– subtree <entry DN> ϕ¬PΣUπl≡C
dG
ldapexop -op readconfig -scope entire
ldapexop -op readconfig -scope single "cn=configuration" ibm-slapdAdminPW
v readlog -log <logname> -lines <value>GnDoΘxµº@
-log audit | bulkload | cli | slapd | ibmdiradm | debugoO"nAⁿwndΘxC
-lines <first><last> | alloO"nAⁿwnq¬@µMß@µAµCµ
sq 0 lCⁿwµgJΘXC
dG
ldapexop -op readlog -log audit -lines 10 20
ldapexop -op readlog -log slapd -lines all
v stopserverGε IBM Tivoli Directory Server
dG
ldapexop -op stopserver
v unbind -dn<specificDN> | -ip<sourceIP> | -dn<specificDN> -ip<sourceIP> | allG DNBIPBDN/IP /su/suCS⌠≤@suH
bu@εCñ@suúY⌠CpGu@íe∩Ysuu@
ñAϕu@í¿@Y⌠C
-dn<specificDN> DN oXnD⌠suConDMúⁿw DN Wss
uC
-ip<sourceIP> IP oXnD⌠suConDMú)ⁿw IP s
uC
-dn<specificDN> -ip<sourceIP> DN/IP t∩oXnD⌠t∩MwsuConDMúⁿw
DN WsH)ⁿw IP suC
-all oXnD⌠suConDMúúFoXnDsuº
suCoLkM -D -IP @C
dG
ldapexop -op unbind -dn cn=john
ldapexop -op unbind -ip 9.182.173.43
262 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ldapexop -op unbind -dn cn=john -ip 9.182.173.43
ldapexop -op unbind -all
v uniqueattr -a <attributeType>: identify all nonunique values for a particular attribute.
-a <attribute>ⁿwCXΣ≡C
: úπGiB@BtmÑM½≤O½CoúO@Σ@C
dG
ldapexop -op uniqueattr -a "uid"
Uo@µN[J ″cn=Directory,cn=RDBM Backends,cn=IBM Directory,cn=s º
Utmñ
v Schema,cn=Configuration″ entry for this extended operation
ibm-slapdPlugin:extendedop /bin/libback-rdbm.dll initUniqueAttr
YSú DN Ah ldapdexop ⁿOÑqΘJ¬ DN MµCYn#
ÑAi Ctrl+C Ctrl+DC
SSLBTLS NpGnPí÷p SSL TLS ÷τA"w SSL TLS
íwPuπCSSL TLS íwPuπO% IBM Global Security Kit (GSKit) ú
AΣñ]t% RSA Security Inc. ow@nΘC
: p÷ LDAP í 128 MT½ DES [KtΓkΩTAH
LDAP díA\ IBM Directory C-Client SDK Programming Reference ñ
LDAP_SSLCímdíMzí"nBJAΣαt
ijj[KtΓkº SSL TLSC
\Pdí÷p make Ao÷ LDAP íAΣαs 128
HT½ DES [KtΓkΩTC
ß≈ΩweOH gsk7ikm í[HzCp÷ Java
íΩTA\ 74y gsk7ikmzCgsk7ikm íiwq²
ßH⌠@iH⌠µ (CA)C%qiH⌠ CA oBNx
sb≈ΩwñAMßNuiH⌠vAzNiHM%Σñ@
iH⌠ CA ouiH⌠v LDAP °AAH⌠÷YCgsk7ikm
í]iHoßAHKα⌡µßM°AOC
Yßs LDAP °Au°AOAhb≈ΩwñAunwq
@hiH⌠DnYiCzL°AOAßNiHTH LDAP °A
wo%Σñ@iH⌠ CA oCAbP°Aºí SSL
TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind
ldap_simple_bind_s ú LDAP CpAY LDAP °AO¬iH
VeriSign AzNq VeriSign o@≈ CA BNJz≈Ω
wñAMßNiH⌠CpG LDAP °AO)µ°A
Ah LDAP °AziHú@≈°A1zCN1
Jz≈ΩwñAMßiH⌠C
20 ⁿOµí 263
Yßs LDAP °AßM°AOAh"G
v b≈Ωwñwq@hiH⌠DnCΦíiH²ßTH
LDAP °Aw%Σñ@iH⌠ CA oCAbP°Aºí
SSL TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind
ldap_simple_bind_s ú LDAP C
v gsk7ikm ú≈∩AMßV CA nD@≈ßCbq CA ¼w
ßANxsbß≈ΩwñC
EYSoAh⌠¼AO 0CD 0 ⌠¼APAbΘxñ
gJETºC
@¼PñΓUCO@PΣñΓC
Root z: zt SSL TSL íM External sOxsb
cn=Configuration ºUC Kerberos s]∩Oxsb
cn=Kerberos,cn=Configuration ºUC Digest-MD5 s]∩O
xsb cn=Digest,cn=Configuration ºUCA¼iHsuz
nívC
ñΓ:
°Atmz
iHL¡εastmßíñΩTA BiH/
ε°ACiHoXAtm≤sC
²z
iL¡εstmßí]⌡M RDBM ßíº
²ΩCiHjMtmßíñ@ΓC
iαS⌠≤v¡iH@Swßí]OS/400 tδgß
íBz/OS RACF® SDBMC
zs¿: z íBt SSL TLS ExternalBKerberos]∩M
Digest-MD5]∩Oxsb cn=Admingroup,cn=Configuration l≡ñºUC
A¼iHsuznívC
ñΓ:
°Atms¿
iHsúFzMzsºtmΩTC
α≈Mε°ACúαsWúzsñ¿Cú
α∩ cn=AdminGroup,cn=Configuration U⌠≤zs¿ DNBK
XBKerberos ID Digest-MD5 IDCpGOuzs¿vA
iH∩)vKXA²úiH∩)v DNBKerberos ID Digest-MD5
IDC]úαdΣL⌠≤zs¿ IBM Tivoli Directory Server
zKXCAúαsWBRú∩fΘx]w]π
cn=Audit,cn=Configuration MúfΘxCúαsWRú
cn=Kerberos,cn=Configuration cn=Digest,cn=Configuration A²OiHj
MoºUCiH∩oºUúF Kerberos M
264 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
Digest-MD5 Root zsºCoúαjM∩
cn=Configuration ºU ibm-slapdAdminDNBibm-slapdAdminGroupEnabled
ibm-slapdAdmin PW r8
²z
iL¡εstmßí]⌡M RDBM ßíº
²ΩCiHjMtmßíñ@ΓC
iαS⌠≤v¡iH@Swßí]OS/400 tδgß
íBz/OS RACF SDBMC
LDAP ¼: @δ LDAP Oxsb LDAP Server DIT
ñC íMt SSL TLS External s DN O DIT ñ DNC
KXOxsb userpassword ñC
ñΓ:
LDAP ñΓ
XGúαstmßíCiHjMtmßí
ñ@ΓC²Ω]⌡M RDBM ßísv
O% ACL εC
t\
ldapaddBldapchangepwdBldapdeleteBldapmodifyBldapmodrdnBldapsearch
ldapmodifyBldapaddLDAP ∩H LDAP sWuπ
yk
ldapmodify [-a] [-b] [-c] [-C charset] [-d debuglevel][-D binddn][-g][-G realm] [-h ldaphost] [-i file] [-k] [-K keyfile] [-m mechanism] [-M][-N certificatename] [-O maxhops] [-p ldapport] [-P keyfilepw] [-r] [-R][-U username] [-v] [-V] [-w passwd | ?] [-y proxydn] [-Y] [-Z]
ldapadd [-a] [-b] [-c] [-C charset] [-d debuglevel][-D binddn][-g][-G realm] [-h ldaphost] [-i file] [-k] [-K keyfile] [-m mechanism] [-M][-N certificatename] [-O maxhops] [-p ldapport] [-P keyfilepw] [-r] [-R][-U username] [-v] [-V] [-w passwd | ?] [-y proxydn] [-Y] [-Z]
íldapmodify O ldap_modify M ldap_add ΓíwIsⁿOµCldapadd Ω@ ldapmodify ≤WCϕ ldapadd A-a ]sWXN)C
ldapmodify M LDAP °AºísuAMßs°ACziH
ldapmodify ∩[JCΩTOqΘJ¬AY -i ∩Ahq¬C
Ynπ ldapmodify ldapadd ykíAΘJ
ldapmodify -?
ldapadd -?
20 ⁿOµí 265
∩
-a [JsCldapmodify w]@O∩CY ldapaddAhϕ]wXC
-b ]H `/’ l⌠≤OGiABΣΩObYñA
⌠OH valuer ⁿwC
-c ≥@íC÷°iAúL ldapmodify ,≥iµ∩ChAw]@Ob°iAY⌠@C
-C charset
ⁿwú@ ldapmodify H ldapadd ΓΣíΘJrΩAOHcharset ⁿwreA]"α½ UTF-8CϕqΘJ¼
ldapmodify M ldapadd O²ANⁿwrAα½ⁿwrΩAτYA≥b@ºß¼CpGO²Oqtr
LDIF ¼Ah LDIF ñr∩gⁿOµWⁿwr
CpC@@t¡xΣSwrA\ 329y¡x
Σ IANA rzCNAiΣrOM 1 LDIF ñA
∩wqrPC
-d debuglevel
N LDAP úh] debuglevelCp÷úhΩTA\ 312
y°AúízC
-D binddn
binddn s LDAP ²Cbinddn OHrΩe DNCϕtX -m
DIGEST-MD5 Aªⁿwv IDCªiHO DN H ″u:″ ″dn:″ Y authzId rΩC
: -D binddn -w passwd úw∩ superuser DN IssτC
-g ⁿwúnhúµC
-G realm
ⁿwΓWCϕtX -m DIGEST-MD5 Absí°
AC
-h ldaphost
ⁿw LDAP °A⌡µbND≈C
-i file q LDIF ¬∩ΩTA úOqΘJ¬CpGSⁿw LDIF
Az"ΘJⁿw LDIF µí≤sO²C
-k ⁿw°AzεC
-K keyfile
ⁿw SSL TLS ≈ΩwWA]Aw]W kdbCpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWCpG
Sⁿw≈ΩwWAí²b SSL_KEYRING ⌠
ñAMΣπ÷pWCpGSwq SSL_KEYRING ⌠Ah
w]≈⌠]pGw]C
w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA
ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow
LDAP Σb⌠CLDAPHOME ]@t¡x úPG
266 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v AIXBLinux @t- /usr/ldap
v HP-UX @t- /usr/IBMldap
v Solaris @t - /opt/IBMldapc
v Windows @t - c:\Program Files\IBM\LDAP
: oOw]wmAΩ LDAPHOME Obw@íMwC
po÷w]≈ΩwHw]zñΣlΩTA
\ IBM Directory C-Client SDK Programming ReferenceC
pGΣú≈⌠ΩwAhw]iH⌠zñuw
XvC≈Ωwq]tßH⌠@hzñ
Co X.509 τuiH⌠DnvCp÷z SSL TLS
≈ΩwΩTA\ 74y gsk7ikmzCτ\ 270
ySSLBTLS NzM 69yw Socket hzñA÷ SSL P
ΩTC
a -Z /½C
-m mechanism
mechanismAⁿws°A S A S L ≈εCN
ldap_sasl_bind_s() APICY]w -V 2Ah -m QñCYSⁿw
-mAh ÷OC
-M Nα½≤ϕ@@δzC
-N certificatename
ⁿwP≈Ωwñß÷pCpG LDAP °Atm
u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ
ßP°AOAhnßCYwⁿww]/pK≈∩
@w]Ahúnⁿw certificatenameCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw certificatenameCpGúSⁿw -Z M -KAhQñC
-O maxhops
ⁿw maxhops i]wßíwblαAiHDW¡Cw]⌡DO 10 C
-p ldapport
ⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CYS
ⁿw -pA²ⁿw -ZAhw] LDAP SSL ≡ 636C
-P keyfilepw
ⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩTA
ñiα]A@hpK≈CpG≈Ωw÷pKX⌠
AhqKX⌠oKXA]Nún -P CpG -Z M -KΓúSⁿwAhQñC
-r Hw]NµC
-R ⁿwún)αC
20 ⁿOµí 267
-U username
ⁿwWC -m DIGEST-MD5 O"nAϕΣL≈εh
ñCusername °Atm wCiαO uid O
MΣ⌠≤ΣLC
-v íAhEgJΘXC
-V ⁿwϕ ldapmodify s LDAP °AAn LDAP C w]
A LDAP V3 suCYnTa∩ LDAP V3Aⁿw -V 3Cⁿw-V 2 ⌡µ@ LDAP V2 íC ldapmodify ºíA ldap_initA∩H LDAP V3 @"nqT≤wA ú ldap_openC
-w passwd | ? passwd @OKXC ? iHúKXúCúiH
ε ps ⁿOñKXQC
-y proxydn
ⁿw≤ Proxy v DNC
-Y w TSL suM LDAP °AqTCubwF IBM GSKit +
Σ -Y ∩C
-Z w SSL suM LDAP °AqTCbw% IBM GSKit ú
SSL ≤A+iHΣ -Z ∩C
ΘJµíe]pGⁿOµWSú -i XAhOΘJ"X LDIF µíC
NΘJµíFP ldapmodify eAtΣ@NΘJµíCµíO%@h¿AºíHµ!jAΣñC@µⁿpUG
OW (DN)
=
[= ...]
ΣñOWA OΣC
w]AQ[JCpGú -r ⁿOµXAh w]AOHsNµCP@iHXhApAn[JhCz]iHH
`\\’Ab≤µºß≥[JAsµu]t¡C
Ynú@Aºen@ε (-)CYnúπAhñ = H
C
b -r XsbAYn[J@Aºe[W +C
d
] /tmp/entrymods sbABπUCeG
dn: cn=Modify Me, o=University of Higher Learning, c=US
changetype: modify
replace: mail
268 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
mail: [email protected]
-
add: title
title: Grand Poobah
-
add: jpegPhoto
jpegPhoto: /tmp/modme.jpeg
-
delete: description
-
HUⁿOG
ldapmodify -b -r -i /tmp/entrymods
N Modify Me l≤eN¿ [email protected] oAsW
@ Grand Poobah DA /tmp/modme.jpeg e¿ jpegPhotoAMß
ú description Cz]iH ldapmodify ΘJµíA⌡µMWzP
∩G
cn=Modify Me, o=University of Higher Learning, c=US
+title=Grand Poobah
+jpegPhoto=/tmp/modme.jpeg
-description
[WHUⁿOG
ldapmodify -b -r -i /tmp/entrymods
] /tmp/newentry sbABπUCeG
dn: cn=John Doe, o=University of Higher Learning, c=US
objectClass: person
cn: John Doe
cn: Johnny
sn: Doe
title: the world’s most famous mythical person
mail: [email protected]
uid: jdoe
20 ⁿOµí 269
HUⁿOG
ldapadd -i /tmp/entrymods
/tmp/newentry John Doe sW@C
] /tmp/newentry sbABπUCeG
dn: cn=John Doe, o=University of Higher Learning, c=US
changetype: delete
HUⁿOG
ldapmodify -i /tmp/entrymods
ú John Doe C
YSzL -i ∩AqúΩTAldapmodify ⁿOÑqΘJ¬CYn#ÑAi Ctrl+C Ctrl+DC
SSLBTLS NpGnPí÷p SSL TLS ÷τA"w SSL TLS
íwPuπCSSL TLS íwPuπO% IBM Global Security Kit (GSKit) ú
AΣñ]t% RSA Security Inc. ow@nΘC
: p÷ LDAP í 128 MT½ DES [KtΓkΩTAH
LDAP díA\ IBM Directory C-Client SDK Programming Reference ñ
LDAP_SSLCímdíMzí"nBJAΣαt
ijj[KtΓkº SSL TLSC
\Pdí÷p make Ao÷ LDAP íAΣαs 128
HT½ DES [KtΓkΩTC
ß≈ΩweOH gsk7ikm í[HzCp÷ Java
íΩTA\ 74y gsk7ikmzCgsk7ikm íiwq²
ßH⌠@iH⌠µ (CA)C%qiH⌠ CA oBNx
sb≈ΩwñAMßNuiH⌠vAzNiHM%Σñ@
iH⌠ CA ouiH⌠v LDAP °AAH⌠÷YCgsk7ikm
í]iHoßAHKα⌡µßM°AOC
Yßs LDAP °Au°AOAhb≈ΩwñAunwq
@hiH⌠DnYiCzL°AOAßNiHTH LDAP °A
wo%Σñ@iH⌠ CA oCAbP°Aºí SSL
TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind
ldap_simple_bind_s ú LDAP CpAY LDAP °AO¬iH
VeriSign AzNq VeriSign o@≈ CA BNJz≈Ω
wñAMßNiH⌠CpG LDAP °AO)µ°A
Ah LDAP °AziHú@≈°A1zCN1
Jz≈ΩwñAMßiH⌠C
Yßs LDAP °AßM°AOAh"G
270 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v b≈Ωwñwq@hiH⌠DnCΦíiH²ßTH
LDAP °Aw%Σñ@iH⌠ CA oCAbP°Aºí
SSL TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind
ldap_simple_bind_s ú LDAP C
v gsk7ikm ú≈∩AMßV CA nD@≈ßCbq CA ¼w
ßANxsbß≈ΩwñC
EYSoAh⌠¼AO 0CD 0 ⌠¼APAbΘxñ
gJETºC
t\
ldapchangepwdBldapdeleteBldapexopBldapmodrdnBldapsearch
ldapmodrdnoO LDAP ∩ RDN uπ
yk
ldapmodrdn [-c] [-C charset] [-d debuglevel][-D binddn][-G realm] [-h ldaphost] [-i file] [-k] [-K keyfile][-m mechanism] [-M] [-n] [-N certificatename] [-O hopcount][-p ldapport] [-P keyfilepw] [-r] [-R] [-U username] [-v] [-V][-w passwd | ?] [-y proxydn] [-Y] [-Z] [dn newrdn | [-i file]]
íldapmodrdn O ldap_modrdn íwIsⁿOµC
ldapmodrdn M LDAP °AºísuBiµsAMß∩ RDNC
ΩTOqΘJ¬AY -f ∩AOq¬AqⁿOµ DN P
RDN t∩¬C
\uLDAP OWvAo÷ RDN]Relative Distinguished NamesA∩O
WH DN]Distinguished NamesAOWΩTC
Ynπ ldapmodrdn ykíAΘJG
ldapmodrdn -?
∩
-c ≥@íC÷°iAúL ldapmodrdn ,≥iµ∩ChAw]@Ob°iAY⌠@C
-C charset
ⁿwú@ ldapmodrdn íΘJrΩAOH charset ⁿwr
eC -C charset iH∩gw]AΣñrΩ"H UTF-8 úC
pC@@t¡xΣSwrA\ 329y¡xΣ
IANA rzCNAiΣrOM 1 LDIF ñA∩
wqrPC
-d debuglevel
N LDAP úh] debuglevelCp÷úhΩTA\ 312
y°AúízC
20 ⁿOµí 271
-D binddn
binddn s LDAP ²Cbinddn OHrΩe DNCϕtX -m
DIGEST-MD5 Aªⁿwv IDCªiHO DN H ″u:″ ″dn:″ Y authzId rΩC
-G realm
ⁿwΓWCϕtX -m DIGEST-MD5 Absí°
AC
-h ldaphost
ⁿw LDAP °A⌡µbND≈C
-i file q¬∩ΩTA úOqΘJⁿOµ]ⁿw rdn M
newrdnCΘJ]iHqú (″< file″)C
-k ⁿw°AzεC
-K keyfile
ⁿw SSL TLS ≈ΩwW]]Aw]W ″kdb″CpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWC
pGSⁿw≈ΩwWAí²b SSL_KEYRING ⌠
ñAMΣπ÷pWCpGSwq SSL_KEYRING ⌠A
hw]≈⌠]pGw]C
w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA
ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow
LDAP Σb⌠CLDAPHOME ]@t¡x úPG
v AIXBLinux @t - /usr/ldap
v HP-UX @t - /usr/IBMldap
v Solaris @t - /opt/IBMldapc
v Windows @t - c:\Program Files\IBM\LDAP]NGoOw]w
mCΩ LDAPHOME Obw@íMwC
po÷w]≈ΩwHw]zñΣlΩTA
\ IBM Directory C-Client SDK Programming ReferenceC
pGΣú≈⌠ΩwAhw]iH⌠zñuw
XvC≈Ωwq]tßH⌠@hzñ
Co X.509 τuiH⌠DnvCp÷z SSL TLS
≈ΩwΩTA\ 74y gsk7ikmzCτ\ 274
ySSLBTLS NzM 69yw Socket hzñA÷ SSL P
ΩTC
a -Z /½C
-m mechanism
mechanismAⁿws°A S A S L ≈εCN
ldap_sasl_bind_s() APICY]w -V 2Ah -m QñCYSⁿw
-mAh ÷OC
-M Nα½≤ϕ@@δzC
-n πN⌡µ>≥@A²OúΩ∩CM -v tXA∩ú@C
272 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
-N certificatename
ⁿwP≈Ωwñß÷pCNGpG LDAP °A
tmu⌡µ°AOAhúnßCpG LDAP °Atm
n⌡µßP°AOAhnßCYwⁿww]/pK
≈∩@w]Ahúnⁿw certificatenameCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw certificatenameCpGúSⁿw -Z M -KAhQñC
-O hopcount
ⁿw hopcount i]wßíwblαAiHDW¡Cw]⌡DO 10 C
-p ldapport
ⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CYS
ⁿw -pA²Oⁿw -ZAhw] LDAP SSL ≡ 636C
-P keyfilepw
ⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩT]
ñiα]A@hpK≈CpG≈Ωw÷pKX⌠
AhqKX⌠oKXA]Nún -P CpG -Z M -KΓúSⁿwAhQñC
-r úñ RDN Cw]@OOdC
-R ⁿwún)αC
-U username
ⁿwWC -m DIGEST-MD5 O"nAϕΣL≈εh
ñCusername °Atm wCiαO uid O
MΣ⌠≤ΣLC
-v íAhEgJΘXC
-V ⁿwϕ ldapmodrdn s LDAP °AAn LDAP C w
]A LDAP V3 suCYnTa∩ LDAP V3Aⁿw -V 3Cⁿw -V 2 ⌡µ@ LDAP V2 íC ldapmodrdn ºíA ldap_initA∩H LDAP V3 @"nqT≤wA ú
ldap_openC
-w passwd | ? passwd @OKXC ? iHúKXúCúiH
ε ps ⁿOñKXQC
-y proxydn
ⁿw≤ Proxy v DNC
-Y w TSL suM LDAP °AqTCubwF IBM GSKit +
Σ -Y ∩C
-Z w SSL suM LDAP °AqTCbw% IBM GSKit ú
SSL ≤A+iHΣ -Z ∩C
dn newrdn\U@ 274ydn newrdn ΘJµízAoΩTC
20 ⁿOµí 273
dn newrdn ΘJµíYúⁿOµ dn M newrdnAh newrdn N% DN, dn ⁿwº RDNC
úMAe]YSú - i XAhOΘJ]t@hG
OW (DN)
∩OW (RDN)
i@hµ!jC@ DN M RDN t∩C
d
] /tmp/entrymods sbABπUCeG
cn=Modify Me, o=University of Life, c=UScn=The New Me
HUⁿOG
ldapmodrdn -r -i /tmp/entrymods
N Modify Me RDNAq Modify Me ∩ The New MeAMßú cn Modify
MeC
YSzL -i ∩AqúΩT]qⁿOµW dn H rdn t∩ú
ΩTAldapmodify ⁿOÑqΘJ¬CYn#ÑAiCtrl+C Ctrl+DC
SSLBTLS NpGnPí÷p SSL TLS ÷τA"w SSL TLS
íwPuπCSSL TLS íwPuπO% IBM Global Security Kit (GSKit) ú
AΣñ]t% RSA Security Inc. ow@nΘC
: p÷ LDAP í 128 MT½ DES [KtΓkΩTAH
LDAP díA\ IBM Directory C-Client SDK Programming Reference ñ
LDAP_SSLCímdíMzí"nBJAΣαt
ijj[KtΓkº SSLC
\Pdí÷p make Ao÷ LDAP íAΣαs 128
HT½ DES [KtΓkΩTC
ß≈ΩweOH gsk7ikm í[HzCp÷ Java
íΩTA\ 74y gsk7ikmzCgsk7ikm íiwq²
ßH⌠@iH⌠µ (CA)C%qiH⌠ CA oBNx
sb≈ΩwñAMßNuiH⌠vAzNiHM%Σñ@
iH⌠ CA o LDAP °AAH⌠÷YCgsk7ikm í]
iHoßAHKα⌡µßM°AOC
Yßs LDAP °Au°AOAhb≈ΩwñAunwq
@hiH⌠DnYiCzL°AOAßNiHTH LDAP °A
wo%Σñ@iH⌠ CA oCAbP°Aºí SSL
TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind
ldap_simple_bind_s ú LDAP CpAY LDAP °AO¬iH
VeriSign AzNq VeriSign o@≈ CA BNJz≈Ω
274 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
wñAMßNiH⌠CpG LDAP °AO)µ°A
Ah LDAP °AziHú@≈°A1zCN1
Jz≈ΩwñAMßiH⌠C
Yßs LDAP °AßM°AOAh"G
v b≈Ωwñwq@hiH⌠DnCΦíiH²ßTH
LDAP °Aw%Σñ@iH⌠ CA oCAbP°Aºí
SSL TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind
ldap_simple_bind_s ú LDAP C
v gsk7ikm ú≈∩AMßV CA nD@≈ßCbq CA ¼w
ßAN¼ß≈ΩwñC
EYSoAh⌠¼AO 0CD 0 ⌠¼APAbΘxñ
gJETºC
t\
ldapaddBldapchangepwdBldapdeleteBldapexopBldapmodifyBldapsearch
ldapsearchoO LDAP jMuπPdí
yk
ldapsearch [-a deref] [-A] [-b searchbase] [-B] [-C charset] [-d debuglevel][-D binddn] [-F sep] [-G realm] [-h ldaphost] [-i file] [-K keyfile][-l timelimit] [-L] [-m mechanism] [-M] [-n] [-N certificatename][-o attr_type] [-O maxhops] [-p ldapport] [-P keyfilepw] [-q pagesize][-R] [-s scope ] [-t] [-T seconds] [-U username] [-v] [-V version][-w passwd | ?] [-z sizelimit] [-y proxydn] [-Y] [-Z]filter [-9 p] [-9 s] [attrs...]
íldapsearch O ldap_search íwIsⁿOµC
ldapsearch M LDAP °AºísuBiµsAMßLo°≤⌡µj
MCΣLo°≤"X LDAP Lo°≤rΩek]\ IBM Tivoli Directory
Server Version 5.2 C-Client SDK Programming Reference ñ ldap_searchAo÷
Lo°≤ΩTC
Y ldapsearch Σ@hANH attrs ⁿwAMßNMC
LΘXCYSCX attrsAh#C
Ynπ ldapsearch ykíAΘJ ldapsearch -?C
∩
-a derefⁿwp≤⌡µOWCderef O neverBalwaysBsearch findAⁿw
OWú (never) Bϕn (always) BjM (search) A
bΣjM≥ª½≤ (find) +Cw]Oú (never) NOW
C
20 ⁿOµí 275
-A u]ú]tCϕzundñOsbAún
DAo∩C
-b searchbasejM≥ª@jMlIA úOw]CYSⁿw -bAhíd LDAP_BASEDN ⌠jM≥ªwqCYΓúS]wA
hNw]≥ª] ″″AoϕjMCjM#πu²ΩT≡(DIT)vñCojMn -s l≡∩AhKπTºCdNA¼íjMnDO\hΩC
-B únϕεD ASCII πCbBzHNrAp ISO-8859.1Ae
Ao∩DC∩O% -L ∩tⁿC
-C charsetⁿwú@ ldapsearch íΘJrΩAOHr]% charset ⁿ
weCnrΩΘJ∩]ALo°≤Bs DN H≥ª DNCP
aAbπΩAldapsearch Nq LDAP °A¼ΩAα½ⁿ
wrC ″-C charset″ iH∩gw]AΣñrΩ"H UTF-8 ú
CtApGⁿw -C ∩M -L ∩Ah]ΘJOⁿwrAúLAldapsearch ΘX@wOdΣ UTF-8 ekFYLkCL
rAhOdΩ base-64 sXekCoO] LDIF u
]trΩΩ UTF-8] base-64 sX UTF-8ekCpC@@t
¡xΣSwrA\ 329y¡xΣ IANA rzC
NAiΣrOM 1 LDIF ñA∩wqr
PC
-d debuglevelN LDAP úh] debuglevelCp÷úhΩTA\ 312
y°AúízC
-D binddn
binddn s LDAP ²Cbinddn OHrΩe DNCϕtX -m
DIGEST-MD5 Aªⁿwv IDCªiHO DN H ″u:″ ″dn:″ Y authzId rΩC
-e π LDAP íwΩTAMß⌠C
-F sep sep @WMºíµ!jrCúDⁿw -L XAúMAw]!jrO `=’FYⁿw -L XA∩QñC
-G realm
ⁿwΓWCϕtX -m DIGEST-MD5 Absí°
AC
-h ldaphostⁿw LDAP °A⌡µbND≈C
-i file q¬s≥µAMßw∩C@µ⌡µ@ LDAP jMCbípUAq
ⁿOµúLo°≤Q°¼A@X %s Hñ@µ
NCpGO@µ@ ″-″ rAhqΘJ¬µC
pAb ldapsearch -V3 -v -b ″o=ibm,c=us″ -D ″cn=admin″ -w ldap -ifilter.input %s dn ⁿOñAfilter.input iα]tUCLoΩTG
276 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
(cn=*Z)(cn=*Z*)(cn=Z*)(cn=*Z*)(cn~=A)(cn>=A)(cn<=B)
: C@Lo°≤"ⁿw≤O@µC
ⁿOjMY cn=*Z C@Lo°≤l≡ o=ibm,c=usCϕ¿jMAjMlU@Lo°≤ cn=*Z*AH A¿jMß@Lo°≤ cn<=BC
: -i < file> ∩N -f< file> ∩C÷M -f ∩wgúAA²,M
Σ∩C
-K keyfileⁿw SSL TLS ≈ΩwW]]Aw]W ″kdb″CpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWC
pGSⁿw≈ΩwWAí²b SSL_KEYRING ⌠
ñAMΣπ÷pWCpGSwq SSL_KEYRING ⌠A
hw]≈⌠]pGw]C
w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA
ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow
LDAP Σb⌠CLDAPHOME ]@t¡x úPG
v AIXBLinux @t - /usr/ldap
v HP-UX @t - /usr/IBMldap
v Solaris @t - /opt/IBMldapc
v Windows @t - c:\Program Files\IBM\LDAP]NGoOw]w
mCΩ LDAPHOME Obw@íMwC
\ IBM C-Client SDK Programming Reference ñALDAP_SSL API
uw]≈⌠PKXvpAo÷w]≈ΩwHw]z
ñΩTC
pGΣú≈⌠ΩwAhw]iH⌠zñuw
XvC≈Ωwq]tßH⌠@hzñ
Co X.509 τuiH⌠DnvCp÷z SSL TLS
≈ΩwΩTA\ 74y gsk7ikmzCτ\HU
283ySSLBTLS NzH LDAP SSL TLS APIAo÷
SSL PΩTC
a -Z /½C
-l timelimithÑ timelimit ϕA¿jMC
-L H LDIF µíπjMGC∩] -B ∩AP -F ∩QñC
20 ⁿOµí 277
-m mechanism m e c h a n i s m ⁿws°A S A S L ≈εCN
ldap_sasl_bind_s() APICY]w -V 2Ah -m QñCYSⁿw
-mAh ÷OC
-M Nα½≤ϕ@@δzC
-n πN⌡µ>≥@A²OúΩ∩CM -v tXA∩ú@C
-N certificatenameⁿwP≈Ωwñß÷pC
: pG LDAP °Atmu⌡µ°AOAhúnßCpG
LDAP °Atmn⌡µßP°AOAhnßCYw
ⁿww]/pK≈∩@w]Ahúnⁿw certificatenameCP
aAYⁿw≈Ωwñwg@/pK≈∩A]ún
ⁿw certificatenameCpGúSⁿw -Z M -KAhQñC
-o attr_type
YnⁿwY@jMG≥AiH -o (order) C
ziHh -o A≤i@BwqCbUCdñAjMG
² m≤ (sn) AMß WrAWr (givenname) fV]U
AoO%rε ( - ) ⁿwG
-o sn -o -givenname
]AykOpUG
[-]<attribute name>[:<matching rule OID>]
Σñ
v attribute name OniµWC
v matching rule OID Ozn∩±∩Wh OIDC
v ε ( - ) ⁿXG"HfVC
v ½n/½nC
w] ldapsearch @OúN#GC
-O maxhopsⁿw maxhops i]wßíwblαAiHDW¡C
w]⌡DO 10 C
-p ldapportⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CYS
ⁿw -pA²Oⁿw -ZAhw] LDAP SSL ≡ 636C
-P keyfilepwⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩT]
ñiα]A@hpK≈CpG≈Ωw÷pKX⌠
AhqKX⌠oKXA]Nún -P CpG -Z M -KΓúSⁿwAhQñC
-q pagesize
ⁿwjMG!AΓsiHG -q ]djpP -T]j
MºííjíAHϕµCbUCdñAjMG@#@
278 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
]25 ACj 15 ϕ@A#jMGCldapsearch
ßbjM@RgABzC@!GnDsu≥
C
-q 25 -T 15
Yⁿw -v (verbose) Abq°A#C@ºßAldapsearch
CXewg#h.ApAwg 30 C
iHh -q AHKbP@jM@RgAⁿwúP
jpCbUCdñA@O 15 AGO 20 AT
ε!/jM@G
-q 15 -q 20 -q 0
bUCdñA@O 15 AΣlO 20 AjM
@¿úO≥ßⁿw -q C
-q 15 -q 20
w] ldapsearch @ONbP@nDñ#Cw] ldapsearch
@ú⌡µ!C
-R ⁿwún)αC
-s scopeⁿwjMd≥Cd≥O baseBone subAHⁿwnjM≥ª½≤B@
Ñhl≡Cw]O subC
: pGzHúⁿw -b ∩ⁿw -b ″″ ΦíⁿwjMAz"ⁿw -s ∩CjMw]d≥OC
-t NgJ@sñCbBzD ASCII Ap jpegPhoto audio
Ao∩C
-T seconds
jMºííjí]HϕµCⁿw -q ∩A+Σ -T ∩C
-U username
ⁿwWC -m DIGEST-MD5 O"nAϕΣL≈εh
ñCusername °Atm wCiαO uid O
MΣ⌠≤ΣLC
-v íAhEgJΘXC
-V ⁿwϕ ldapmodify s LDAP °AAn LDAP C w]
A LDAP V3 suCYnTa∩ LDAP V3Aⁿw -V 3Cⁿw
″-V 2″ ⌡µ@ LDAP V2 íC ldapmodify ºíA
ldap_initA∩H LDAP V3 @"nqT≤wA ú ldap_openC
-w passwd | ? passwd @OKXC ? iHúKXúCúiH
ε ps ⁿOñKXQC
-y proxydn
ⁿw≤ Proxy v DNC
20 ⁿOµí 279
-Y w TSL suM LDAP °AqTCubwF IBM GSKit +
Σ -Y ∩C
-z sizelimitNjMG¡εh]t sizelimit CpiHw∩jM@#
A]w@W¡C
-Z w SSL suM LDAP °AqTCbw% IBM GSKit ú
SSL ≤A+iHΣ -Z ∩C
-9 p ]w!½n FalseCjMúBz!C
-9 s ]w½n FalseCjMúBzC
Lo°≤
ⁿwnbjMñMLo°≤NϕrΩC µLo°≤iHⁿw¿ ’
¼=’C°Lo°≤hiH UC Backus Naur Form (BNF)A
rϕkⁿwG
<filter> ::=’(’<filtercomp>’)’<filtercomp> ::= <and>|<or>|<not>|<simple><and> ::= ’&’ <filterlist><or> ::= ’|’ <filterlist><not> ::= ’!’ <filter><filterlist> ::= <filter>|<filter><filtertype><simple> ::= <attributetype><filtertype><attributevalue><filtertype> ::= ’=’|’~=’|’<=’|’>=’
’~=’ cOⁿw±ⁿXC÷ <attributetype> P <attributevalue>
ekí≤ ″RFC 2252, LDAP V3 Attribute Syntax Definitions″CA<attributevalue> iHOµ@ * HiµsbA]iH]t!σr
PP ( * ) HiµlrΩ±∩C
pALo°≤ ″mail=*″ ΣXπ mail ⌠≤CLo°≤
″mail=*@student.of.life.edu″ ΣXπ mail ABHⁿwrΩ⌠
≤CYnbLo°≤ñAAH#u (\) rNΣ⌡µC
: ⁿ "cn=Bob *" oLo°≤AΣñb Bob MP ( * ) ºí@
µAX ″Bob Carter″A²úX IBM Directory ñ ″Bobby
Carter″C≤ ″Bob″ PUr ( * ) ºíµAvTLo°≤
jMGC
piLo°≤πíA\ uRFC 2254ALDAP jMLo°≤r
Ωϕk (RFC 2254, A String Representation of LDAP Search Filters)C
ΘXµíYΣ@hAC@úHUCígJΘXG
OW (DN)
W=
W=
W=
...
280 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
UºíH@µµ!jCY -F ∩ⁿw!jrAhrA ú `=’ rCY -t ∩AhsWNΩCYú -A ∩AhugJuWví≈C
d
UCⁿOG
ldapsearch "cn=john doe" cn telephoneNumber
⌡µl≡jM]w]jM≥ªAjM commonName ″john doe″ C commonName M telephoneNumber ΓAMßCLΘXCYΣΓ
AhΘXiαⁿpUG
cn=John E Doe, ou="College of Literature, Science, and the Arts",ou=Students, ou=People, o=University of Higher Learning, c=US
cn=John Doe
cn=John Edward Doe
cn=John E Doe 1
cn=John E Doe
telephoneNumber=+1 313 555-5432
cn=John B Doe, ou=Information Technology Division,ou=Faculty and Staff, ou=People, o=University of Higher Learning, c=US
cn=John Doe
cn=John B Doe 1
cn=John B Doe
telephoneNumber=+1 313 555-1111
UCⁿOG
ldapsearch -t "uid=jed" jpegPhoto audio
w]jM≥ª⌡µl≡jMAjM ID ″jed″ CjpegPhoto M audio AMßgJsCYΣñ@XnDA
hΘXiαⁿpUG
cn=John E Doe, ou=Information Technology Division,
ou=Faculty and Staff,
ou=People, o=University of Higher Learning, c=US
audio=/tmp/ldapsearch-audio-a19924
jpegPhoto=/tmp/ldapsearch-jpegPhoto-a19924
UCⁿOG
ldapsearch -L -s one -b "c=US" "o=university*" o description
20 ⁿOµí 281
b organizationName Y university ñAbΣ c=US h⌡µ@h
jMCjMGH LDIF µíπ]\uLDAP Ωµ½µívC
organizationName H description ΓAMßCLΘXAΣΘXiα
ⁿpUG
dn: o=University of Alaska Fairbanks, c=US
o: University of Alaska Fairbanks
description: Preparing Alaska for a brave new tomorrow
description: leaf node only
dn: o=University of Colorado at Boulder, c=US
o: University of Colorado at Boulder
description: No personnel information
description: Institution of education and research
dn: o=University of Colorado at Denver, c=US
o: University of Colorado at Denver
o: UCD
o: CU/Denver
o: CU-Denver
description: Institute for Higher Learning and Research
dn: o=University of Florida, c=US
o: University of Florida
o: UFl
description: Shaper of young minds
...
UCⁿOG
ldapsearch -b "c=US" -o ibm-slapdDN "objectclass=person" ibm-slapdDN
b c=US h⌡µl≡hjMAMΣHCϕoSϕbjMñ
AjMG OW (DN) rΩekCΣΘXiαⁿp
UG
cn=Al Edwards,ou=Widget Division,ou=Austin,o=IBM,c=US
cn=Al Garcia,ou=Home Entertainment,ou=Austin,o=IBM,c=US
cn=Amy Nguyen,ou=In Flight Systems,ou=Austin,o=IBM,c=US
282 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
cn=Arthur Edwards,ou=Widget Division,ou=Austin,o=IBM,c=US
cn=Becky Garcia,ou=In Flight Systems,ou=Austin,o=IBM,c=US
cn=Ben Catu,ou=In Flight Systems,ou=Austin,o=IBM,c=US
cn=Ben Garcia Jr,ou=Home Entertainment,ou=Austin,o=IBM,c=US
cn=Bill Keller Jr.,ou=In Flight Systems,ou=Austin,o=IBM,c=US
cn=Bob Campbell,ou=In Flight Systems,ou=Austin,o=IBM,c=US
SSLBTLS NpGnPí÷p SSL TLS ÷τA"w SSL TLS
íwPuπCSSL TLS íwPuπO% IBM Global Security Kit (GSKit) ú
AΣñ]t% RSA Security Inc. ow@nΘC
: p÷ 128 MT½ DES [KtΓkΩTAH LDAP díA
\ SSL TLS ukvCímdí]Mzí
"nBJAΣαtijj[KtΓkº SSL TLSC
\Pdí÷p make Ao÷ LDAP íAΣαs 128
HT½ DES [KtΓkΩTC
ß≈ΩweOH gsk7ikm í[HzCp÷ Java
íΩTA\ 74y gsk7ikmzCgsk7ikm íiwq²
ßH⌠@iH⌠µ (CA)C%qiH⌠ CA oBNx
sb≈ΩwñAMßNiH⌠AzNiHM%Σñ@
iH⌠ CA o LDAP °AAH⌠÷YCgsk7ikm í
]iHoßAHKα⌡µßM°AOC
Yßs LDAP °Au°AOAhb≈ΩwñAunwq
@hiH⌠DnYiCzL°AOAßNiHTH LDAP °A
wo%Σñ@iH⌠ CA oCAbP°Aºí SSL
TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind
ldap_simple_bind_s ú LDAP ]\ LDAP_Bind APIC
pAY LDAP °AO¬iH VeriSign AzNq VeriSign o
@≈ CA BNJz≈ΩwñAMßNiH⌠Cp
G LDAP °AO)µ°AAh LDAP °AziHú@
≈°A1zCN1Jz≈ΩwñAMß
iH⌠C
Yßs LDAP °AßM°AOAh"G
v b≈Ωwñwq@hiH⌠DnCΦíiH²ßTH
LDAP °Aw%Σñ@iH⌠ CA oCAbP°Aºí
SSL TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind
ldap_simple_bind_s ú LDAP ]\ LDAP_Bind APIC
v gsk7ikm ú≈∩AMßV CA nD@≈ßCbq CA ¼w
ßAN¼ß≈ΩwñC
20 ⁿOµí 283
EYSoAh⌠¼AO 0CD 0 ⌠¼APAbΘxñ
gJETºC
t\
ldapaddBldapchangepwdBldapdeleteBldapexopBldapmodifyBldapmodrdn
°Aí
í°AíC
:
1. úF ldif M db2ldif ºAb°AíºeA"²ε°AC
2. TwSís²ΩwCYís²ΩwANLk⌡µ
°AíC
bulkload í
bulkload íOq LDIF ⁿJ²ΩCoO± ldif2db ≤tNΦkABijqⁿJ LDIF µíjqΩC
:
1. b°AJíºeA"²ε°AC
2. TwSís²ΩwCYís²ΩwANLk⌡µ
°AíC
3. jqⁿJ⌠Ab IBM Tivoli Directory Server 5.2 ñwúAC
A C L C H E C KBA C T I O NB L D A P I M P O R TB S C H E M A C H E C K H
STRING_DELIMITER Ñ⌠Aúwg!OⁿOµ∩ -AB-aB-LB-SB-s
NCbAⁿOµ/½újpgC
4. Yn⌡µ bulkload íAz"π dbadm sysadm MvCY
Windows tAz"b DB2 ⁿOµ (CLI) ñ⌡µ bulkload íC
pGn DB2 CLIA÷@Ul -> ⌡µBΘJ db2cmdAA÷@UTwC
5. Y DB2 ñ archival OⁿAh bulkload íóC]Ab
bulkload íºeA"² archival OⁿC
update database configuration for ldapdb2 using LOGRETAIN OFF USEREXIT OFF
6. pGⁿJΩ]t@AK∩úho DB2 @¡εCⁿJΩ
ºßAtKúh@¡εAHΘJºñCs
@A DB2 @¡εC
: pGⁿw@ⁿJF½AtNú DB2
@¡εCoΩTO²b bulkload.log ñC
ykG bulkload -i <ldiffile>[-a <parse_and_load|parseonly|loadonly>] [-A <yes|no>] [-c
| -C<yes|no>] [-d <number>] [-E <number>] [-f <configurationfile>] [-g] [-I
<yes|no>] [-L <path>] [-n | -N] [-?][-p | -P <yes|no>] [-s <character>] [-R
<yes|no>] [-S <yes|no|only>] [-v] [-x|-X <yes|no>]
ⁿOµ∩G
284 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
-i <ldiffile>ⁿwΘJWAñ]tnⁿJ² LDIF ΩCΣñ]
iα]A⌠C /usr/ldap/examples/sample.ldif ñ]t@πT
µídΩC
-a <parse_and_load|parseonly|loadonly>ⁿwⁿJ@íC
-A <yes|no>ⁿwOnBz LDIF ñ]t ACL ΩTCw]O yesCnoⁿJw] ACLC
-c | -C <yes|no>i⌡L½@CpApGzb⌡µs≥jqⁿJA
BzµbⁿJ@ºí⌡L½@ANiHN@d
ß@jqⁿJºßA⌡µCoXß bulkload ⁿOAⁿw -cyesC
-d <number> -d i]wúBnhAúC∩iHΣXiαDBPσRΩO²Cp÷úhΩ
TA\ 312y°AúízC
: b -d ∩ºeAnTw ldtrc íwAhúTºXCoXⁿO ldtrc onC
-E <number>ⁿwσR°i¡εCϕF¡εAbulkload ⁿON⌠Cw]O infinityC
-f <configurationfile>∩ⁿw slapd tmC
-g ⁿwúnhúµC
-I <yes|no>ⁿwbⁿJºeOnúhCw]O noC
-L <path>ⁿwxsΩ²CxsΘw]⌠OG
v AIX @t /tmp/ldapimport
v Windows @t c:\tmp\ldapimport
v LinuxBSolaris H HP @t /var/ldap/ldapimport
-n | -NⁿwⁿJOúi#C
-? nD bulkload ykíTºC
-p | -P <yes|no>ⁿwOnw∩]t userpassword KXhC
-R <yes|no>ⁿwOnúxsΩ²C²Oⁿw]²A
% -L ⁿw²Cw]O yesC
20 ⁿOµí 285
: ÷Mw]O yesA²Γ¼pCpGjqⁿJ⌠¼A]¼pAsú]o QRúA]
noiµApG∩ -a parseonly∩A]ⁿJÑqnsAHoúQRúC
-s <character>ⁿwJrΩ!jrC
: Bulkload iαLkⁿJtSw UTF-8 r LDIFCoO
] DB2 LOAD uπbσRw] bulkload rΩjrAτYhrñ½u ( | ) AΣñ@Dy¿C½
sⁿwrΩjr $C
bulkload -i <ldiffile> -s $
-S <yes|no|only> btmñΣ½≤OwqP¼wqAτO²
úOC
⌡dτ½≤OPúwgwqBw∩C@ⁿ
wúX½≤Owqñu"nvPuiⁿvM
µAPGiúOT 64 sXµíC
yes bNΩ[J²ºeA⌡µΩ⌡dC
no bNΩ[J²ºeA⌡µΩ⌡dCo@Φíi
Hú¬αC∩]bΘJñΩúOCo
Ow]∩C
only ⌡µΩ⌡dA²OúNΩ[J²ñC∩iHú
#XP°iC
ΦkO² -S only ∩τΩAÑnNΩⁿJ²AAw] -S noC
-v ⁿwííC∩iHúhC
-x|-X <yes|no>ⁿwOnNΩα½ΩwrXCw]O noC
: YD UTF-8 ΩwA+nC
F∩iαAbulkload uπ]bΘJñΩúOTAΩwgb²eⁿJ@ñdLFCúLAbulkload uπiHw∩ΘJΩ⌡µ@≥dC
ϕ²°A (slapd) b⌡µñAbulkload íNLk⌡µC
úFNΩxsbΩw²ñníAbulkload uπ]n@xsΘA@NΩíJΩwºeA@ΩºCxsΘw]⌠
O ¡x wC\ -L ∩⌠WíCziH -L ∩≤⌠G
bulkload -i <ldiffile> -L /newpath
z"∩²gJ\ivCznxsΘjp."O ldapimport ²
ñ LDIF jp 2.5 CziαnΣLxsΘA°zΩ wC
286 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
Yz¼ⁿpUG
SQL3508N bⁿJⁿJdíAs¼ "SORTDIRECTORY" oC]XG"2"C⌠G"/u/ldapdb2/sqllib/tmp/"C
znN⌠ DB2SORTTMP ]btñA≤híi² bulkload
²]h²CiHⁿwh²AñíHrI ( , ) jApUG
export DB2SORTTMP=/sortdir1,/sortdir2
⌡µ bulkload ANΣΘXTºCY⌡µíoA²iαJúπCziαnúh LDAP ϕµAúhΩw]½@ΩwAMß½s
lCYooípAΩú[J²ñAB"½s⌡µ bulkloadCAϕzúh LDAP ϕµAiααóΩC
/usr/ldap/examples/sample.ldif ñ]t@dΩCziHñΩA
mH bulkload uπjqJΩ²A ldif2db ⁿOµíCúLAbjqΩAldif2db íiα± bulkload íCC
Fα]Abulkload uπúdO½sbCTwzΘJ LDIF
ñS]t½CY½sbAú½C
Y bulkload b DB2 LOAD ÑqóAd db2load.log ñó]CΘ
xb Windows @tW≤ c:\tmp\ldapimportAb AIX @tW≤
/tmp/ldapimportAb LinuxBSolaris M HP @tWh≤ /var/ldap/ldapimportCY
ⁿw -L ∩Ab -L ∩wq²ñMΣC≤DAMß½s⌡µbulkloadCBulkload qeQⁿJ@PIA½sⁿJC
Y bulkload óAΣΩTxsb <installation directory>/etc/bulkload_status ñC
bQⁿJΩºeAúQúCpiTO²ñΩπCp
GzMwn½stmΩwA½slANnΓú bulkload_status AúM
bulkload ,qeQ¿ⁿJIiµC
dbbackdbback ⁿOOb°A≈u ≈zΩwCⁿOe"ε°AC
ykGdbback [-?] [-d <backupdir>] [-w <filename>]
∩G
-? πykµíC
-d <backupdir>ⁿw ≈Ωw²C
-w <filename>ⁿwNΘX½sVΣñºπ⌠WC
dbrestoredbrestore ⁿOOb°A≈uzΩwCⁿOe"ε°AC
20 ⁿOµí 287
ykG
dbrestore [-?] [-d <backupdir> [-n]][-w <filename>]
∩G
-? πykµíC
-d <backupdir>ⁿwnqΣñΩw²C
-n ⁿwún ibmslapd.conf CϕznN Ω½sPBA²Oúµ
∩g°A ibmslapd.conf AYi∩C
-w <filename>ⁿwNΘX½sVΣñºπ⌠WC
db2ldif í
íiNxsb÷píΩwñ²AX LDAP ²µ½µí (LDIF)
σrñC
: íiHH⌡µAúnε°AC
ykG
db2ldif -o <outputfile> [-f <configfile>] [[-s <subtree DN>[-x]]| [-p on|off] [-l]] [-j] | [-?]
∩G∩ú!jpgC
-f <configfile>
∩ⁿw slapd tmC
-l úFX cn=localhost subtree ºAnXr]² cn=pwdpolicy r
úCo∩LkM -s ∩@C
-j ⁿúnN6@]createTimestampBcreatorsNameBmodifiersName M
modifyTimestampX LDIF C
-o <outputfile>ⁿw LDIF ΘXA]t LDIF µí²Cⁿwl≡ñ
úH LDIF µígJΘXñCoO"n∩CpGúsb
µ²ñAh"ⁿwπ⌠PWC
-p on|offúFX cn=pwdpolicy suffix ºAnXr]² cn=localhost l
≡úCw]]wO offCo∩LkM -s ∩@C
-? πⁿOkC
-s <subtree DN> [-x]l≡ DN wqnX LDIF ΘXl≡ºCΣ²Ñ
hUúgJΘXñCYSⁿw∩AhxsbΩwñ
²Aú tmñⁿwrAígJΘXñCYⁿw
-x ∩Aϕnúb -s ∩ⁿwl≡Co∩LkM -l -p ∩@C
288 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ΣLⁿOµΘJúPykTºAbTºßAπXAϕy
kC
ibmdiradmpGnzníA ibmdiradm ⁿOC
yk
ibmdiradm [-h debug_mask] [-f path_to_configuration_file] [-s ssl_port][-p nonssl_port] [-i servicename | -u servicename]
ízníC
∩
-h debug_mask
ibmdiradm úzníúΘX stdoutCdebug_mask O@
BnAεúΘXAΣ¬ 65535C IBM AH
CpúhΣLΩTA\ 312y°AúízC
-f path_to_configuration_file
ⁿwϕzní°AAtmmCpGzn)q
tmANnCYSⁿwAibmdiradm w]tmw
b¡x mC
-s ssl_port
ⁿw SSL ≡C
-p nonssl_port
ⁿwD SSL ≡C
UCΓA Windows tC
-i servicenamesWzní¿ Windows AC
-u servicenameúzní¿ Windows AC
YnεzníG
v b UNIX ¼tñA⌡µUCⁿOG
ps -ef | grep ibmdiradmkill -p pid_obtained_by_previous_commnand
v b Windows tG
1. zLuεxvAuAv°íC
2. ÷@U Directory Admin DaemonC
3. ÷@U@ -> εC
ibmdirctloOzníεíCzní (ibmdiradm) "b⌡µC\ 13
y²znízPyibmdiradmzC
: ziHíC
20 ⁿOµí 289
yk
ibmdirctl [-D adminDN] [-h hostname] [-K keyfile] [ -N key_name ][-p port] [-v] [-w adminPW | ?] [-Z] [-?]command -- [ibmslapd options]
Σñ command O start|stop|restart|status|admstop
ízníεí ibmdirctl OBεB½sd IBM Tivoli
Directory Server ¼ACª]iHεzníCYwnD ibmslapd ∩A
o∩ºe"[W --C
Ynπ ibmdirctl ykíAΘJ ibmdirctl -?C
∩
-D adminDN adminDN s LDAP ²CadminDN OHrΩe DN]\
uLDAP OWvC
-h hostnameⁿw LDAP °AM admin ní⌡µbND≈C
-K keyfileⁿw≈C
-N key_nameⁿw≈ñpK≈WC
-p portⁿwzníÑN TCP ≡Cw] LDAP ≡O 3538C
-v ⁿwHí⌡µC
-w adminPW | ? adminPW @OKXC ? iHúKXúCúiH
ε ps ⁿOñKXQC
-? πíeC
ⁿO
v start - °AC
v stop - ε°AC
v restart - εMß°AC
v status - d°A¼AC
v admstop - ε IBM Tivoli Directory Server zníC
: stop ⁿOiHV LDAP °AoXC
-- ibmslapd optionsibmslapd ∩Oⁿ ibmslapd Bzb⌠≤∩AqG
v -a | -A - N°AbtmíC
v -n | -N - pG°ALkMΩwßí@]Dutmv
íAhú°AC
290 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
:
1. YwnD ibmslapd ∩Ao∩NQ -- NC
2. YoX stop ⁿOAh ibmslapd ∩QñC
d
YnN°AbtmíAoXⁿOG
ibmdirctl -h mymachine -D myDN -w mypassword -p 3538 start -- -a
Ynε°AAoXⁿOG
ibmdirctl -h mymachine -D myDN -w mypassword -p 3538 stop
ldapdiffoO LDAP gPBuπ
yk
ldapdiff -b baseDN - sh host -ch host [-a] [-C countnumber][-cD dn] [-cK keyStore] [-cw password] -[cN keyStoreType][-cp port] [-cP keyStorePwd] [-ct trustStoreType] [-cT trustStore][-cY trustStorePwd] [-cZ] [-F] [-j] [-L filename] [-sD dn][-sK keyStore] [-sw password] -[sN keyStoreType] [-sp port][-sP keyStorePwd] [-st trustStoreType] [-sT trustStore][-sY trustStorePwd] [-sZ] [-v]
ldapdiff -S - sh host -ch host [-a] [-C countnumber][-cD dn][-cK keyStore] [-cw password] -[cN keyStoreType] [-cp port][-cP keyStorePwd] [-ct trustStoreType] [-cT trustStore][-cY trustStorePwd] [-cZ] [-j][-L filename] [-sD dn][-sK keyStore] [-sw password] [-sN keyStoreType] [-sp port][-sP keyStorePwd] [-st trustStoreType] [-sT trustStore][-sY trustStorePwd] [-sZ] [-v]
íuπiN °AMΣD°APBCYnπ ldapdiff ykíAΘJG
ldapdiff -?
∩UC∩A≤ ldapdiff ⁿOC@Γ∩A≤ú°A°AC
-a ⁿw°AzεAεgJ¬ C
-b baseDN
jM≥ª@jMlIA úOw]CYSⁿw - bAhíd LDAP_BASEDN ⌠jM≥ªwqC
-C countnumber
pΓnCYΣúWXⁿwAuπ⌠C
-F ∩CYⁿwAh∩ WeAΣXú°
AeCpGwgⁿw -SANLko∩C
-j ⁿñ LDIF ñ@C
-L YSⁿw -F ∩Ao∩úΘX LDIF CLDIF
iH≤sAH°útºC
20 ⁿOµí 291
-S ⁿwn±Γí°AW⌡C
-v íAhEgJΘXC
gú∩: UC∩A≤°AAb∩WñHY@ ’s’
ϕC
-sD dn
dn s LDAP ²Cdn OHrΩe DNC
-sh host
ⁿwD≈WC
-sK keyStore
ⁿw SSL ≈ΩwWA]Aw]W kdbCpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWCpGSⁿw
≈ΩwWAí²b SSL_KEYRING ⌠ñAMΣπ
÷pWCpGSwq SSL_KEYRING ⌠Ahw]
≈⌠]pGw]C
w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA
ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow
LDAP Σb⌠CLDAPHOME ]@t¡x úPG
v AIX @t - /usr/ldap
v HP-UX @t - /usr/IBMldap
v Linux @t - /usr/ldap
v Solaris @t - /opt/IBMldaps
v Windows @t - c:\Program Files\IBM\LDAP
: oOw]wmAΩ LDAPHOME Obw@íMwC
po÷w]≈ΩwHw]zñΣlΩTA
\ IBM Directory C-Client SDK Programming ReferenceC
pGΣú≈⌠ΩwAhw]iH⌠zñuw
XvC≈Ωwq]tßH⌠@hzñ
Co X.509 τuiH⌠DnvCp÷z SSL ≈
ΩwΩTA\ 74y gsk7ikmzCτ\ 296
ySSLBTLS NzM 69yw Socket hzñA÷ SSL P
ΩTC
a -sZ /½C
-sN keyStoreType
ⁿwP≈Ωwñß÷pCpG LDAP °Atm
u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ
ßP°AOAhnßCYwⁿww]/pK≈∩
@w]Ahúnⁿw keyStoreTypeCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw keyStoreTypeCpGúSⁿw -sZ M -sKAhQñC
-sp ldapport
ⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CYS
ⁿw -spA²ⁿw -sZAhw] LDAP SSL ≡ 636C
292 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
-sP keyStorePwd
ⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩTA
ñiα]A@hpK≈CpG≈Ωw÷pKX⌠
AhqKX⌠oKXA]Nún -sP CpGúSⁿw -sZ M -sKAhQñC
-st trustStoreType
ⁿwPH⌠Ωwñß÷pCpG LDAP °Atm
u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ
ßP°AOAhnßCYwⁿww]/pK≈∩
@w]Ahúnⁿw trustStoreTypeCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw trustStoreTypeCpGúSⁿw -sZ M -sTAhQñC
-sT trustStore
ⁿw SSL H⌠ΩwWA]Aw]W tdbCpGH⌠Ωwúsbµ²ñAh"ⁿwπH⌠ΩwWCpGSⁿw
H⌠ΩwWAí²b SSL_KEYRING ⌠ñAMΣπ
÷pWCpGSwq SSL_KEYRING ⌠Ahw]
≈⌠]pGw]C
w]≈⌠]τYAldapkey.tdbH÷pKX⌠]τYA
ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow
LDAP Σb⌠CLDAPHOME ]@t¡x úPG
v AIX @t - /usr/ldap
v HP-UX @t - /usr/IBMldap
v Linux @t - /usr/ldap
v Solaris @t - /opt/IBMldaps
v Windows @t - c:\Program Files\IBM\LDAP
: oOw]wmAΩ LDAPHOME Obw@íMwC
po÷w]≈ΩwHw]zñΣlΩTA
\ IBM Directory C-Client SDK Programming ReferenceC
pGΣú≈⌠ΩwAhw]iH⌠zñuw
XvC≈Ωwq]tßH⌠@hzñ
Co X.509 τuiH⌠DnvCp÷z SSL ≈
ΩwΩTA\ 74y gsk7ikmzCτ\ 296
ySSLBTLS NzM 69yw Socket hzñA÷ SSL P
ΩTC
a -sZ /½C
-sw password | ? password @OKXC ? iHúKXúCúiH
ε ps ⁿOñKXQC
-sY iH⌠ΩwKXC
-sZ w SSL suM LDAP °AqTCbw% IBM GSKit ú
SSL ≤A+iHΣ -Z ∩C
20 ⁿOµí 293
g∩: UC∩A≤°AAb∩WñHY@ ’c’
ϕC
-cD dn
dn s LDAP ²Cdn OHrΩe DNC
-ch host
ⁿwD≈WC
-cK keyStore
ⁿw SSL ≈ΩwWA]Aw]W kdbCpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWCpGSⁿw
≈ΩwWAí²b SSL_KEYRING ⌠ñAMΣπ
÷pWCpGSwq SSL_KEYRING ⌠Ahw]
≈⌠]pGw]C
w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA
ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow
LDAP Σb⌠CLDAPHOME ]@t¡x úPG
v AIX @t - /usr/ldap
v HP-UX @t - /usr/IBMldap
v Linux @t - /usr/ldap
v Solaris @t - /opt/IBMldaps
v Windows @t - c:\Program Files\IBM\LDAP
: oOw]wmAΩ LDAPHOME Obw@íMwC
po÷w]≈ΩwHw]zñΣlΩTA
\ IBM Directory C-Client SDK Programming ReferenceC
pGΣú≈⌠ΩwAhw]iH⌠zñuw
XvC≈Ωwq]tßH⌠@hzñ
Co X.509 τuiH⌠DnvCp÷z SSL ≈
ΩwΩTA\ 74y gsk7ikmzCτ\ 296
ySSLBTLS NzM 69yw Socket hzñA÷ SSL P
ΩTC
a -cZ /½C
-cN keyStoreType
ⁿwP≈Ωwñß÷pCpG LDAP °Atm
u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ
ßP°AOAhnßCYwⁿww]/pK≈∩
@w]Ahúnⁿw keyStoreTypeCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw keyStoreTypeCpGúSⁿw -cZ M -cKAhQñC
-cp ldapport
ⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CYS
ⁿw -cpA²ⁿw -cZAhw] LDAP SSL ≡ 636C
-cP keyStorePwd
ⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩTA
294 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ñiα]A@hpK≈CpG≈Ωw÷pKX⌠
AhqKX⌠oKXA]Nún -cP CpGúSⁿw -cZ M -cKAhQñC
-ct trustStoreType
ⁿwPH⌠Ωwñß÷pCpG LDAP °Atm
u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ
ßP°AOAhnßCYwⁿww]/pK≈∩
@w]Ahúnⁿw trustStoreTypeCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw trustStoreTypeCpGúSⁿw -cZ M -cTAhQñC
-cT trustStore
ⁿw SSL H⌠ΩwWA]Aw]W tdbCpGH⌠Ωwúsbµ²ñAh"ⁿwπH⌠ΩwWCpGSⁿw
H⌠ΩwWAí²b SSL_KEYRING ⌠ñAMΣπ
÷pWCpGSwq SSL_KEYRING ⌠Ahw]
≈⌠]pGw]C
w]≈⌠]τYAldapkey.tdbH÷pKX⌠]τYA
ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow
LDAP Σb⌠CLDAPHOME ]@t¡x úPG
v AIX @t - /usr/ldap
v HP-UX @t - /usr/IBMldap
v Linux @t - /usr/ldap
v Solaris @t - /opt/IBMldaps
v Windows @t - c:\Program Files\IBM\LDAP
: oOw]wmAΩ LDAPHOME Obw@íMwC
po÷w]≈ΩwHw]zñΣlΩTA
\ IBM Directory C-Client SDK Programming ReferenceC
pGΣú≈⌠ΩwAhw]iH⌠zñuw
XvC≈Ωwq]tßH⌠@hzñ
Co X.509 τuiH⌠DnvCp÷z SSL ≈
ΩwΩTA\ 74y gsk7ikmzCτ\ 296
ySSLBTLS NzM 69yw Socket hzñA÷ SSL P
ΩTC
a -cZ /½C
-cw password | ? password @OKXC ? iHúKXúCúiH
ε ps ⁿOñKXQC
-cY iH⌠ΩwKXC
-cZ w SSL suM LDAP °AqTCbw% IBM GSKit ú
SSL ≤A+iHΣ -cZ ∩C
20 ⁿOµí 295
d
ldapdiff -b <baseDN> -sh <supplierhostname> -ch <consumerhostname> [options]
ldapdiff -S -sh <supplierhostname> -ch <consumerhostname> [options]
YSú DN Ah ldapdiff ⁿOÑqΘJ¬ DN MµCYn#Ñ
Ai Ctrl+C Ctrl+DC
SSLBTLS NpGnPí÷p SSL TLS ÷τA"w SSL TLS
íwPuπCSSL TLS íwPuπO% IBM Global Security Kit (GSKit) ú
AΣñ]t% RSA Security Inc. ow@nΘC
: p÷ LDAP í 128 MT½ DES [KtΓkΩTAH
LDAP díA\ IBM Directory C-Client SDK Programming Reference ñ
LDAP_SSLCímdíMzí"nBJAΣαt
ijj[KtΓkº SSLC
\Pdí÷p make Ao÷ LDAP íAΣαs 128
HT½ DES [KtΓkΩTC
ß≈ΩweOH gsk7ikm í[HzCp÷ Java
íΩTA\ 74y gsk7ikmzCgsk7ikm íiwq²
ßH⌠@iH⌠µ (CA)C%qiH⌠ CA oBNx
sb≈ΩwñAMßNuiH⌠vAzNiHM%Σñ@
iH⌠ CA ouiH⌠v LDAP °AAH⌠÷YCgsk7ikm
í]iHoßAHKα⌡µßM°AOC
Yßs LDAP °Au°AOAhb≈ΩwñAunwq
@hiH⌠DnYiCzL°AOAßNiHTH LDAP °A
wo%Σñ@iH⌠ CA oCAbP°Aºí SSL
TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind
ldap_simple_bind_s ú LDAP CpAY LDAP °AO¬iH
VeriSign AzNq VeriSign o@≈ CA BNJz≈Ω
wñAMßNiH⌠CpG LDAP °AO)µ°A
Ah LDAP °AziHú@≈°A1zCN1
Jz≈ΩwñAMßiH⌠C
Yßs LDAP °AßM°AOAh"G
v b≈Ωwñwq@hiH⌠DnCΦíiH²ßTH
LDAP °Aw%Σñ@iH⌠ CA oCAbP°Aºí
SSL TLS suWyq LDAP µ÷úgL[KAo]A% ldap_bind
ldap_simple_bind_s ú LDAP C
v gsk7ikm ú≈∩AMßV CA nD@≈ßCbq CA ¼w
ßANxsbß≈ΩwñC
296 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
EYSoAh⌠¼AO 0CD 0 ⌠¼APAbΘxñ
gJETºC
ldaptracezlí
:
1. uzzs¿iHíC
2. ldaptrace ΩAvT°AαC
yk
ldaptrace -a port -l [on|off|clr|chg|info|dump] --[ldtrc options] -D adminDn-h hostname -K keyfile -m debugLevel -N key_name -o debugFile-p port -P key_pw -t [start|stop] -v -w adminPW -Z -?
ízlí ldaptrace iAε Directory Server l\αC
@]iH]wTºhMⁿwgJΘXWCYwnD LDAP l≈
α (ldtrc) ∩Ao∩ºe"[W --C
Ynπ ldaptrace ykíAΘJGldaptrace -?
: ÷M ldaptrace íiH≤ SSL TLSA²ouαΣ ís≈εC
∩
-a port
ⁿwN TCP ≡A IBM Administration Daemon (ibmdiradm)A D Directory
ServerAѺCw]≡O 3538CYⁿwA²ⁿw -ZAhw]SSL ≡ 3539C
-l [on|off|clr|chg|info|dump] –[ldtrcoptions]
on l≈αCziHⁿwUC⌠≤ ldtrc ∩A∩ºenh@
-C
v [ - m < m a s k > ] w h e r e < m a s k > =
<products>.<events>.<components>.<classes>.<functions>.
v [-p <pid>[.<tid>]] lⁿwBz⌡µⁿC
v [-c <cpid>] lⁿw±HBzC
v [-e <maxSeverErrors>] FjY½ (maxSevereErrors) º
ßεlC
v [-s | -f <fileName>] eΘX@OΘC
v [-l [<bufferSize>] | -i [<bufferSize>]] ⁿwnOsßlO²C
w]wO 1MC
v [-this <thisPointer>] lⁿw½≤C
: l≈α"+αl°AΩC
off ÷¼l≈αC
20 ⁿOµí 297
clr MúlwC
chg l"O@ñ+α chg ∩≤UC ldtrc ∩G
v [ - m < m a s k > ] w h e r e < m a s k > =
<products>.<events>.<components>.<classes>.<functions>.
v [-p <pid>[.<tid>]] lⁿwBz⌡µⁿC
v [-c <cpid>] lⁿw±HBzC
v [-e <maxSeverErrors>] FjY½ (maxSevereErrors) º
ßεlC
v [-this <thisPointer>] lⁿw½≤C
info o÷≤lΩTCz"ⁿwAiHOGil
lwMCUCO info úΩTdG
C:\>ldtrc infol G 1.00@t G NT@t G 4.0wΘ¡x G 80x86
Bn G *.*.*.*.*.*nl pid.tid G ínl cpid G ínlⁿ G íN rc °t G LjY½ G 1jO²jp G 32768 la G @OΘnOsO² G ßlwjp G 1048576 lΩⁿd G
dump XlΩTCoΩT]ABzΩyΩAH°Aú
TºCziHⁿwnXlWCw]G
b Unix ¼tñG
/var/ldap/ibmslapd.drace.dump.
b Windows ¼tñG
<installationpath>\var\ibmslapd.trace.dump
: ot" ldtrc format ⁿOµíGi ldtrc Ω
C
-h ldaphost
ⁿw Directory Server Mzní⌡µbND≈C
-K keyfile
ⁿw SSL TLS ≈ΩwWA]Aw]W kdbCpG≈Ωwúsbµ²ñAh"ⁿwπ≈ΩwWCpG
Sⁿw≈ΩwWAí²b SSL_KEYRING ⌠
ñAMΣπ÷pWCpGSwq SSL_KEYRING ⌠Ah
w]≈⌠]pGw]C
w]≈⌠]τYAldapkey.kdbH÷pKX⌠]τYA
ldapkey.sthúOwb LDAPHOME U /lib ²ñALDAPHOME Ow
LDAP Σb⌠CLDAPHOME ]@t¡x úPG
v AIX @t - /usr/ldap
298 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v HP-UX @t - /usr/IBMldap
v Linux @t - /usr/ldap
v Solaris @t - /opt/IBMldaps
v Windows @t - c:\Program Files\IBM\LDAP
: oOw]wmAΩ LDAPHOME Obw@íMwC
po÷w]≈ΩwHw]zñΣlΩTA
\ IBM Directory C-Client SDK Programming ReferenceC
pGΣú≈⌠ΩwAhw]iH⌠zñuw
XvC≈Ωwq]tßH⌠@hzñ
Co X.509 τuiH⌠DnvCp÷z SSL TLS
≈ΩwΩTA\ 74y gsk7ikmzCτ\ 263
ySSLBTLS NzM 69yw Socket hzñA÷ SSL P
ΩTC
a -Z /½C
-m debuglevel
]w°AúTºBnúhCp÷úhΩTA\
312y°AúízC
-N certificatename
ⁿwP≈Ωwñß÷pCpG LDAP °Atm
u⌡µ°AOAhúnßCpG LDAP °Atmn⌡µ
ßP°AOAhnßCYwⁿww]/pK≈∩
@w]Ahúnⁿw certificatenameCPaAYⁿw≈Ωwñwg@/pK≈∩A]únⁿw certificatenameCpGúSⁿw -Z M -KAhQñC
-o debugfile
ⁿw°AúTºΘXWC
-p port ⁿw LDAP °AÑN TCP ≡Cw] LDAP ≡O 389CY
ⁿwA²ⁿw -ZAhw] LDAP SSL ≡ 636C
-P keyfilepw
ⁿw≈ΩwKXCKX+αs≈Ωwñ[KΩTA
ñiα]A@hpK≈CpG≈Ωw÷pKX⌠
AhqKX⌠oKXA]Nún -P CpG -Z M -KΓúSⁿwAhQñC
-t [start|stop]
start l¼°AlΩC
stop ε¼°AlΩC
-v ⁿwHí⌡µC
-w adminPW | ?
adminPW @OKXC ? iHúKXúCúiH
ε ps ⁿOñKXQC
-? πíeC
20 ⁿOµí 299
d
pGn ldtrc ≈αAπ 2M lw°AlAoXUCⁿOG
ldaptrace -h <hostname> -D <adminDN> -w <adminpw> -l on -t start -- -| 2000000
pGnε°AlAoXUCⁿOG
ldaptrace -h <hostname> -D <adminDN> -w <adminpw> -t stop
pGn÷¼ ldtrc ≈αAoXUCⁿOG
ldaptrace -h <hostname> -D <adminDN> -w <adminpw> -l off
ldif í
LDAP Ωµ½µí (LDIF) uπ ldif OiHzL shell síAªiN⌠N
Ωα½ LDIFCªqΘJ¬ΘJAMßúAXb LDIF ñ
O²C
ykG ldif [-b ]<attrname>
ⁿOµ∩G
∩ú!jpgC
-b ΘJOµ@lGiCΘXO base64 sXC
<attrname>nα½ΣWCYS -b ∩Aldif NΘJC@µ°OC
p÷ LDIF ΩTA\ 327 ² E, yLDAP Ωµ½µí
(LDIF)zC
d
YnΣX sn ]m≤AΣ smith LDIF µíAbⁿOµWΘJG
1. ΘJ ldif sn
2. ΘJ smith
3. @# sn: smith
4. ÷ Ctrl C ⌠C
-b ∩G
1. ΘJ ldif -b sn
2. ΘJ smith
3. ÷ Ctrl C iµBzC
4. @# sn:: c21pdGgNCg==
ldif2db í
íiNHσr LDAP ²µ½µí (LDIF) ⁿwAⁿJ÷píΩw
²ñCΩw"wsbCldif2db isW²ΩwñAsWwg]tΩwñC
:
1. b°AJíºeA"²ε°AC
300 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
2. TwSís²ΩwCYís²ΩwANLk⌡µ
°AíC
3. pGzON 5.2 °Awb 5.1 4.1 °AWAhb ldif2db íºeA"²°AAH¿@αBzC
ykG ldif2db -i <inputfile> [-f <configurationfile>] [-g] [-r yes|no] | -?
ⁿOµ∩G
∩úú!jpgC
-i <inputfile>ⁿw LDIF ΘJWAñ]t LDIF µí²C
oO"n∩CpGúsbµ²ñAh"ⁿwπ
⌠PWC
-f <configurationfile>∩ⁿw slapd tmC
-g ⁿwúnhúµC
-r [yes|no]ⁿwOn gCw]O yesAϕn±mb Change ϕµñA
Mßb°A½siµ gC
-? πⁿOkC
ΣLⁿOµΘJúPykTºAbTºßAπXTy
kC
: ldif2db sWO²ßAεD°AAMßY½sC
runstats
ykG runstats [-f configfile]
ⁿOµ∩G
-f configfile∩ⁿw slapd tmC
20 ⁿOµí 301
302 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
6 g ²PßO
© Copyright IBM Corp. 2003 303
304 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
² A. °
GSKit
pGzqízñ (CA)Ap EntrustAJoHA B
GSKIT oUC óA
qw¼oC
DiαOq Entrust #OAúODnCz"Dn+α
CLkC
pGzSDnAHUOoDnΦkº@C
Dndº@O tb Internet Explorer (IE) 5.5 ñ GTE CybertrustA²O
w]ú]tb GSKit kdb ΩwñCpGnoAz"G
1. q IE H Base64 sXXΣñ@ GTE Cybertrust ] 3 C
2. NªsW¿iH⌠DnC
: F GSKit ∩]wiH⌠DnA"O)µC
3. q Entrust sW CA C
4. q Entrust ¼ SSL C
\iv
b UNIX ¼tñAg]ssΦ≈Ωw úp≤∩F\i
vCoO]o@qOH root ID ¿A]\ivOw∩ root
]wCF² Directory Server QoAz"≤\ivAªiH
² ID ldap ¬Ch Directory Server NLkC
chown ldap:ldap <mykeyring>.*
Kerberos
Kerberos AíW≤
bIBM Directory Server 4.1 ºeALDAP °A LDAP @Σ Kerberos A
íW]LDAP/ldaphost.austin.ibm.comAldaphost O LDAP °Ab≈
D≈WAPΣßM Kerberos KDC iµqTCb 4.1 M≤¬ñAh
pgAíW]ldap/ldapname.austin.ibm.comC%≤o≤Aq 3.x
°AαºßA4.1B5.1 5.2 °AiαLkCoO] 4.1B5.1
5.2 °Ab keytab ñMΣ ldapA LDAP AWbAB%e 3.x °ACpGn≤oípAziH⌡µUC⌠≤@BJG
v sW@pg LDAP Kerberos AíWú@ keytab AMßs
keytab iµqTC
v N⌠ LDAP_KRB_SERVICE_NAME ]w LDAPAMß+°ACo⌠ LDAP °A≥ keytab ñjg LDAP °AAíW
© Copyright IBM Corp. 2003 305
AMΣßiµqTCbßípUAz"bß]w⌠A
B≥jg LDAP AíWPΣ°AqTC
b Windows W slapd.cat o
b Windows tWAziα¼tUCeTºG
slapd.cat o¼ DATABASE íwQq C:/Program Files/IBM/LDAP/bin/libback-config.dll ⁿJC rdbm.cat o
pGoo¼pAd NLSPATH ⌠CwíN NLSPATH ⌠
]t⌠C²OApGt]N NLSPATH ]⌠Ah
NLSPATH ⌠gt]wC
pGn≤oANt⌠ NLSPATH ΩT[⌠ñ
ΩTC
Web z
b Web zuπñΘJΩl
pGzb Web zuπñHDσyÑΘJΩlA⌡µUCG
b WebSphere Application Server - Express O
sΦUC²ñ server.xml G
WAS_home/appsrv/config/cells/DefaultNode/nodes/DefaultNode/servers/server1
NΘπσr[Jq¿ñG
<processDefinition xmi:type="processexec:JavaProcessDef"xmi:id="JavaProcessDef_1"executableName="$JAVA_HOME/bin/java"executableTarget="com.ibm.ws.runtime.WsServer"executableTargetKind="JAVA_CLASS"workingDirectory="$USER_INSTALL_ROOT">
<execution xmi:id="ProcessExecution_1" processPriority="20" runAsUser=""runAsGroup=""/>
<monitoringPolicy xmi:id="MonitoringPolicy_1" pingInterval="60"maximumStartupAttempts="3" pingTimeout="300" autoRestart="true"nodeRestartState="STOPPED" />
<ioRedirect xmi:id="OutputRedirect_1"stdoutFilename="$SERVER_LOG_ROOT/native_stdout.log"stderrFilename="$SERVER_LOG_ROOT/native_stderr.log"/>
<jvmEntries xmi:id="JavaVirtualMachine_1" classpath="" bootClasspath=""verboseModeClass="false" verboseModeGarbageCollection="false"verboseModeJNI="false" initialHeapSize="0"maximumHeapSize="256" runHProf="false" hprofArguments=""debugMode="false" debugArgs="-Djava.compiler=NONE -Xdebug -Xnoagent-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=7777"genericJvmArguments="">
<systemProperties xmi:id="Property_10"name="client.encoding.override" value="UTF-8" required="false"/>
</jvmEntries>
b WebSphere Application ServerbuWebSphere zDxv≡G
v ∩°AC
v ∩í°AC
306 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v ∩zn°AFpAserver1C
v ÷@U wqC
v ÷@U Java Virtual MachineC
v ÷@UqeC
v ÷@UAϕ÷súseC
v bWµñAΘJ client.encoding.overrideC
v bµñAΘJ UTF-8C
v ÷@UMC
v εMßA½s WebSphere Application ServerC
ΣLnJeó
Web zuπA<qs²uv∩ñΣLnJeCµ@s
²ΩWu@ Web zΩα≈oº\αCªúα@P CookieCΣL
nJe"qs²sΩñC
b Unix ¼tñG
qⁿOµ & ∩s°íCpG
mozilla &
b Windows ¼tñG
v Internet Explorer - l°íqα Internet Explorer AΣ
L Internet Explorer °íC
v Mozilla - Mozilla Web s²úΣ Windows Wh½ Web zuπÑ
q@C
: Netscape s²wúⁿΣC
ldapmodify ⁿON Web zm≤ú@P¼A
pGzwnJ Web zuπAⁿOµ (ldapmodify) ≤KXAWebzuπ
N°A¼A¿wεCoO] Web zuπbC@ss
uCWeb zuπKXs°AA]ªúDKXwg≤A]
suóCz"nXßAAsKX½snJC
FKo¼pApGz¼≈svAb Web zuπñAe
-> ≤KX∩≤zKXC
b Windows 2003 ¡xW Web z GUI DxJx°
pGXHU°≤Aho Web zG
v Web zObw
v Web zObw Microsoft® Internet Explorer ⌡µ
v Web zw WebSphere Application Server - Express O, V5.0
v IP D≈WOs Web z URL @í≈
FKoG
1. pG WebSphere Application Server - Express O, V5.0 Ob⌡µAN
http://localhost [JH⌠⌠MµC
² A. ° 307
2. pG WebSphere Application Server - Express O, V5.0 Ob≈W⌡µA
N⌡µ Web í°Aº≈ IP D≈W[JH⌠⌠MµC
http://<IP address> http://<hostname>
n[J Web uH⌠⌠vMµG
1. ÷@Uuπ -> ⌠ ⌠⌠∩ -> w -> H⌠⌠ -> ⌠C
2. bu⌠vµñΘJ Web C
3. ÷@UsWC
4. ÷@UTwC
YnnJ≈WuWeb zuπvA Internet Explorer Web s²b
⌠µñΘJUC⌠G
http://localhost:9080/IDSWebApp/IDSjsp/Login.jsp
nnJ≈WuWeb zuπvA Internet Explorer Web s²b⌠
µñΘJUC⌠G
http://<IP address> or <hostname>:9080/IDSWebApp/IDSjsp/Login.jsp
AIX W Websphere Application Server - Expressb AIX]startServer.sh server1 IBM Websphere Application Server -Express O (WAS) AiαLk@A]≡]9090wgQ,C\
WAS_install_path/logs/server1 ²AHoΩΘxC÷MΣLΘx]iα]t\hΩTAq SystemErr.log M SystemOut.log OC
pGnNIBM Websphere Application Server - Express O≡q 9090
≤ 9091]b AIX ≈W≡AsΦ
WAS_install_path/config/cells/DefaultNode/virtualhosts.xml AN 9090 ≤
9091Cb
WAS_install_path/config/cells/DefaultNode/nodes/DefaultNode/servers/server1/server.xml
ñiµP≤C
: o⌠Γs DefaultNode l²C
bC@ñiµ@≤Ao@NΓ≤sC
Web zuπb HP-UX Wsuñ
pGzb HP-UX @tW Web zuπAh"]wUCAhN
Lktm¼≈⌡µⁿA tOΘ]ú¼C
Uϕ]tw Web zuπºe"]wMC
ϕ 19. HP-UX @ttm
256MB+ ΩΘOΘ
max_thread_proc 1024
maxusers 256
nproc 2068(+)
nkthread 3635(+)
308 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
: bz≤s max_thread_proc M maxusers ºßATwN nproc ] 2068
HWAN nkthread ] 3635 HWC
UC]wtmG
1. bⁿOúUAΘJGsam
outzzívC
2. ÷ΓUtmC
3. ÷ΓUtmC
4. ÷ΓUnsΦAbΘJsí/µñⁿwsC÷@UTwC
5. ½BJ 4AHBzn]wC@C
6. ÷@U@-->BzsC
7. pGnBz∩A÷@UOC
8. ∩NwßY÷≈/½sAMß÷@UTwC
\ IBM Directory Server 5.1 wPtmΓUAoΣLtm]wΩTC
Web zBϕµYMRAMµπyÑúT
oO HP-UX M AIX @tW gJDAúLΣL UNIX ¼t]iαo
PDC
⌠ L C _ A L L M L A N G "] J a v aΣyÑ⌠Ap
en_US.iso88591CzúαNª]w¿ POSIX CC
export LC_ALL=<new language>export LANG=<new language>
BϕµYMRAMµOH@nJ Web zuπíA
í²yÑxsCpGz≤F≈WyÑ⌠AiαoU
Cº¼pG
java.lang.InternalError: Can’t connect to X11 window server using ’:0.0’as the value of the DISPLAY variable.
at sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)at sun.awt.X11GraphicsEnvironment.<clinit>
(X11GraphicsEnvironment.java:58)at java.lang.Class.forName0(Native Method)at java.lang.Class.forName(Unknown Source)at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment
(GraphicsEnvironment.java:53)at sun.awt.motif.MToolkit.<clinit>(MToolkit.java:63)at java.lang.Class.forName0(Native Method)at java.lang.Class.forName(Unknown Source)at java.awt.Toolkit$2.run(Toolkit.java:507)at java.security.AccessController.doPrivileged(Native Method)at java.awt.Toolkit.getDefaultToolkit(Toolkit.java:498)at java.awt.Toolkit.getEventQueue(Toolkit.java:1171)at java.awt.EventQueue.invokeLater(EventQueue.java:506)at javax.swing.SwingUtilities.invokeLater(SwingUtilities.java:1086)at javax.swing.Timer.post(Timer.java:337)at javax.swing.TimerQueue.postExpiredTimers(TimerQueue.java:190)at javax.swing.TimerQueue.run(TimerQueue.java:226)at java.lang.Thread.run(Unknown Source)
pGn≤oº¼pAz"X DISPLAY Aª¿≈Ap⌡µí°A⌡µ≈CAbíí°A≈W⌡µ xhost +C
² A. ° 309
bnX DISPLAY ≈WAoXUCⁿOG
export DISPLAY=<valid machine name>:0
b <valid machine name> WAoXUCⁿOG
xhost +
LkTπ HTML Sϕr
)°Aº¬ΩñSϕrLkb HTML ⌠WTπCoO% Web s
²e HTML Φíy¿DCthµrAp ″a b″ π¿ ″a
b″A t ’<’ SϕrrΩhQIAp ″abc<abc″π¿ ″abc″CoπpBUBϕµBÑѵC
Web zb Domino™ °AWn IBM JDKpGznN Web zuπtX Domino°A@Az" IBM 1.3.1 JDKC
Sun ú JDK NPqTºC
HUCX Domino °A¡εG
v z⌡\αLkoº@C
v Domino úΣwqrC
: Domino °AWrO@C]Az"∩Σ[ (+)
ΩsAA÷@UiA+α°C
ú
tmúΘX
btmíAziαJ@ IBM Directory tmíDCt@B
úBJAiH≤UzM IBM ΣñPy¿oD]C
b IBM Directory úñTΣtmíCΣñΓΣíOqⁿOµ⌡µAt@ΣO
GUI ¼íCtmípUG
v ldapcfg - ⁿOµíAtm Admin DN MΩw
v ldapucfg - ⁿOµíAúΩwtm
v ldapxcfg - GUI íAtmuz DNvBΩwH⌡µΣLU@C
÷oíΩTA\ IBM Tivoli Directory Server 5.2 wPtmΓUC
otmíΣΓDn\αG
v tm Admin DN PKX
v tmútmΩwAΓ@A IBM Directory
tm Admin DN @DFϕC@δ ÑAtm Admin DN ó@]
O] IBM Directory tm ( <install dir>/etc/ibmslapd.conf ) \ivQN≤A
ΘJL DN PC
ΩwtmΩwtmPútmOe÷XDí!C]OtmnoA\hA
]Ne÷oCiαvT∩Y]pUG
310 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
v >≥¡xH@tC
v DB2 ≤AwgªwM≤C
: DB2 ú\húP¼AMnΘGPersona l Edi t ionBEnterpr i se
EditionBExtended Enterprise Edition ÑÑCboMnΘñA\hiHΣ
DB2 úP (7.1B7.2)ABC@iαhiM≤sbC
v bⁿvT≈P!ñiíqC
v ≤Ot nΘ≤∩⌠C
YΩwtmóA@DOuóH&p≤MHvC
UCUíiiµtmDúΘXC
ΘX t@uvΩTiG
v ⌡WΘXC
tmíúOqDxⁿOµúe]ldapcfgBldapucfgANO
%IDx]ldapxcfgCϕΩwtm@iµñA¼ATº
]HY¡Tºπb÷pDx°íñCYoDA
NoTºst#K»WAMßxsbñΣHC
v DB2 ΘxC
pGOq DB2 úADB2 qb /tmp ²ñTº/
]b UNIX ¡xWCYb UNIX tWoΩwtmDALn
db /tmp ²ñA≤tm@íúCb Windows tWAh
d≤ DB2 w²UAHzntmΩRW²º⌠≤ DB2
ΘxCpApGzObw] ldapdb2 ΩPΩwABz DB2
Owb D:\sqllib Ahznd D:\sqllib\ldadb2 ²]Y²sb
CSONb² ’db2diag.log’ C
v IBM Directory ΘxG
IBM Directory Njí≈tmOⁿb ’ldacfg.out’ ñCb UNIX ¡xWA
≤ /tmp ²ñCb Windows ¡xWAbz⌡µtm@
≈º ²C
ú!iÑúΘXtΓΘXAiiµtmDúCoΓlΦíúOb⌡
µtmºeA²]w⌠Cboú∩ñA&ÑONDx°í]w
iHApAϕ⌠≤Tº°íA+iH#A½sd%
TºC
JAVA_DEBUGN⌠]w⌠≤DAdG
JAVA_DEBUG=1
b UNIX ¡xWA export JAVA_DEBUG=1CooY Java mb
íXñúΩTAiHπb stdout W]DxC
LDAP_DBGN⌠]w⌠≤DCdG
LDAP_DBG =1
² A. ° 311
b UNIX ¡xWA export LDAP_DBG=1Cpú² IBM Σ
PoíCW dbg.logC
b Windows NT M Windows 2000 ¡xWA dbg.log b <ldapinstalldir>/var ²ñCb UNIX ¡xWA dbg.log b /var/ldap ²ñC
: oúΘxñ]tíXSwΩTA«b IBM oñA
úOn ßCNH⌠≤ΣLúΩTe IBM Σí
C
ibmslapd ⁿO
ibmslapd ⁿOb UNIX tWΓAb Windows tWt@B
C
-h <debug_mask> ibmslapd úúΘX stdoutCdebug_mask O@BnAεú
ΘXAΣ¬ 65535C IBM AHC
-f <path_to_configuration_file>ⁿwϕ°AAtmmCpGzn)qtmAN
nCYSⁿwAibmslapd w]tmwb¡x mC
Windows tBG
-i <servicename>N IBM Directory w¿°AW@AC
-u <servicename>ú IBM Directory b°AWAC
°Aúí
YΘxúΩTú¼HMDAhiHbSϕúíU⌡µ IBM
Tivoli Directory ServerAHúDΩTC°Ai⌡µ ibmslapd "nqⁿ
Oúe⌡µA+αúΘXCΣykpUG
ldtrc onibmslapd -h bitmask
bΣñⁿw bitmask AMwúúΘXC
ϕ 20. ú
Q)i Qi í
0x0001 1 LDAP_DEBUG_TRACE )íΘJP⌠
0x0002 2 LDAP_DEBUG_PACKETS ]í
0x0004 4 LDAP_DEBUG_ARGS )nDΩ
0x0008 8 LDAP_DEBUG_CONNS suí
0x0010 16 LDAP_DEBUG_BER ΩsXPX
0x0020 32 LDAP_DEBUG_FILTER jMLo°≤
0x0040 64 LDAP_DEBUG_MESSAGE TltíP≤
0x0080 128 LDAP_DEBUG_ACL sεMµí
312 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ϕ 20. ú (≥)
Q)i Qi í
0x0100 256 LDAP_DEBUG_STATS @pΩ
0x0200 512 LDAP_DEBUG_THREAD ⌡µⁿpΩ
0x0400 1024 LDAP_DEBUG_REPL g@pΩ
0x0800 2048 LDAP_DEBUG_PARSE σRí
0x1000 4096 LDAP_DEBUG_PERFORMANCE ÷píßíαpΩ
0x1000 8192 LDAP_DEBUG_RDBM ÷píßíí (RDBM)
0x4000 16384 LDAP_DEBUG_REFERRAL αí
0x8000 32768 LDAP_DEBUG_ERROR ¼p
0xffff 65535 LDAP_DEBUG_ANY úh
pAYⁿw bitmask ″65535″ANπúΘXA] úπΩTC
¿AbⁿOúeñoXUCⁿOG
ldtrc off
zp IBM AñAΣ≤UúΘXMMDC
gⁿOµ]A≤ Windows ¡x
pGz Windows 2000 Windows NTABtmD°Aiµ gAb≤s
íAziαb ibmslapd ΘxñUCG
[IBM][CLI Driver] CLI0157E LkCSQLSTATE=S1507
oDMΦkONUCsW \sqllib\db2cli.ini ñG
[COMMON]TempDir=x:\<your directory>
Σñ x:\<your directory> ⁿwií≈ñY²CDB2 Ω
wNsgJo²CníqO znsW≤s²
wA²qúWLzn≤sjjpC
² A. ° 313
314 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
² B. IBM UUID
ziHN DB2 tm¿jεnD LDAP @Ap IBM Tivoli Directory
Server ñ UIDCotm\h≥DG
ú"xsbC@ LDAP °AWAziHbo°AW≤s
CoϕzúiHb²≡ñⁿVΣL°A]tαCp
GzhD°A]Ph°Ai≤sATwz²zM
íu≤sΣñ@í°AWC±ΦíApGPbΓíPh°A
WíA B UID PANiαo gC
HUOziHjεnD UID @@ ÷CboñAziHbt
UID ϕµñoX SQL »zí]w@ DB2 ¡εCMß DB2 Tw
O@CpGno≥Az"Dp≤]w SQL »zíCo
eΓBJMwo SQL »zíCTBJ SQL ¡εC
1. MwznnD²π @CTwSD@Cbo
dñO UID CΩwiαwgo UID ApGSAho
"úO@CpGΩwñe½ UID AzNLkbBJ 3 ñ
]w¡εAúDzRúD@≤ªAª¿@C
2. Mw@ DB2 ϕµnxsAHϕµñ@µn]w DB2 ¡
εjεnD@Cz"D DB2 nA+αHvΦíjε
nDbµñ@CDB2 úbµ°WL 255 rµñ
CHA
v pGb LDAP ⌡ñⁿw°O 255 r≤.Ah DB2 ϕµñ
tµKiH@¡εssA w]AWM
WO@C
v pG°iαWL 255 rADB2 Núe\boµñC
LDAP °ADo¡εA]MPWt@µA²
ObWß[Wr ″_T″CoBIµ]t°QI¿ 255 r
CDB2 iHboµWAHoOz"@sW¡
εµC
ziHP°W¡AΦkOdªb LDAP ⌡ñwqA±ΦíA
uWeb zuπvCNApGO UID AIBM Tivoli Directory Server
⌡ñw]°O 256C]AoGΦíCbodñAN
"bµ ″UID_T″ ñ]w@@¡εCpGb ″UID″ µW]w¡εASQL ⁿONóAoO]Lk"nC
3. bMwn DB2 jεnD@ϕµMµºßAoX SQL ALTER TABLE»zíi DB2AUID e\@C
a. ⌡ DB2 ⁿOúC
v b Windows ñAb Windows ⁿOúUAΘJ db2cmdCo@
DB2 ⁿO°íC
v b UNIX ¡xWAH root ¡≈nJAMßΘJ su ldapdb2CoⁿO]
wT DB2 ⌠C
© Copyright IBM Corp. 2003 315
b. b Windows ñAΘJ set db2instance=ldapdb2]b UNIX ¡xWúno
BJC
c. su ldapdb2CoUC≤ϕµ SQL ⁿO∩ LDAP °AΩ
w DB2 suC
d. ΣJUCⁿOG
db2 alter table "ldapdb2.uid" add CONSTRAINT const1 UNIQUE (uid_t)
o SQL »zí¡εCNAUNIQUE O uid_tA] UID
iHWL 255 rCqblApGΩwñe 255 r
úO@ADB2 Núe\ⁿwCbodñAo¡εⁿW
const1A²ziHNªⁿWQn⌠≤WCN¡εWA]ºßziαúh¡εAAe\D@CpGnúh@¡εAoXU
SQL ⁿOG
alter table "ldapdb2.uid" drop constraint const1
ϕísWπ UID ²A P²½A
LDAP °ANo#GX 20FpG
LDAPGX 20 - wgsb
316 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
² C. X
LDAP XiαúπbUCϕµñG
ϕ 21. @δ#X
Q i
Q )
i
Kní í
00 LDAP_SUCCESS 00 ¿\ nDwQ¿C
00 LDAP_OPERATIONS_ERROR 01 @ @oC
02 LDAP_PROTOCOL_ERROR 02 qT≤w qT≤wHWC
03 LDAP_TIMELIMIT_EXCEEDED 03 wWXí¡ε wWX LDAP í¡
εC
04 LDAP_SIZELIMIT_EXCEEDED 04 wWXjp¡ε wWX LDAP jp¡
εC
05 LDAP_COMPARE_FALSE 05 ± False ±@# FalseC
06 LDAP_COMPARE_TRUE 06 ± True ±@# TrueC
07 LDAP_STRONG_AUTH_NOT_SUPPORTED 07 jOOⁿΣ LDAP °AúΣjO
OC
08 LDAP_STRONG_AUTH_REQUIRED 08 njOO @njOOC
09 LDAP_PARTIAL_RESULTS 09 ¼í!GPα u#í!GC
10 LDAP_REFERRAL 0A w#α w#αC
11 LDAP_ADMIN_LIMIT_EXCEEDED 0B wWXz¡ε wWXz¡εC
12 LDAP_UNAVAILABLE_CRITICAL_EXTENSION 0C YWⁿΣ YWⁿΣC
13 LDAP_CONFIDENTIALITY_REQUIRED 0D n≈K n≈KC
14 LDAP_SASLBIND_IN_PROGRESS 0E SASL siµñ SASL sbiµñC
16 LDAP_NO_SUCH_ATTRIBUTE 10 L ⁿw¼úsb
ñC
17 LDAP_UNDEFINED_TYPE 11 ¼wq ⁿw¼LC
18 LDAP_INAPPROPRIATE_MATCHING 12 ±úT Lo°≤¼ⁿⁿw
ΣC
19 LDAP_CONSTRAINT_VIOLATION 13 ¡εHW ⁿwH#Y¡
ε]pAlHa=h
µAYµ=°C
20 LDAP_TYPE_OR_VALUE_EXISTS 14 ¼wsb ⁿw¼
wsbñC
21 LDAP_INVALID_SYNTAX 15 ykL ⁿwLC
32 LDAP_NO_SUCH_OBJECT 20 L½≤ ⁿw½≤úsb²
ñC
33 LDAP_ALIAS_PROBLEM 21 OWD ²ñOWⁿVúsb
C
34 LDAP_INVALID_DN_SYNTAX 22 DN ykL ⁿw DN ykLC
35 LDAP_IS_LEAF 23 ½≤O¡I ⁿw½≤O¡IC
© Copyright IBM Corp. 2003 317
ϕ 21. @δ#X (≥)
Q i
Q )
i
Kní í
36 LDAP_ALIAS_DEREF_PROBLEM 24 OWD NOWo
DC
48 LDAP_INAPPROPRIATE_AUTH 30 OúT ⁿwOúT]
pAwⁿw
LDAP_AUTH_SIMPLEA
²S userPassword
C
49 LDAP_INVALID_CREDENTIALS 31 L úXL]pA
KXC
50 LDAP_INSUFFICIENT_ACCESS 32 svú¼ S¼≈sv
i⌡µ@C
51 LDAP_BUSY 33 DSA u@ñ DSA bu@ñC
52 LDAP_UNAVAILABLE 34 DSA Lk DSA LkC
53 LDAP_UNWILLING_TO_PERFORM 35 DSA ú@⌡µ DSA ú@⌡µ@C
54 LDAP_LOOP_DETECT 36 jΘ wjΘC
64 LDAP_NAMING_VIOLATION 40 RWHW oRWHWC
65 LDAP_OBJECT_CLASS_VIOLATION 41 ½≤OHW o½≤OHW]
pAñ≥u"n
vC
66 LDAP_NOT_ALLOWED_ON_NONLEAF 42 @úe\bD¡I @úe\bD¡I½
≤W⌡µC
67 LDAP_NOT_ALLOWED_ON_RDN 43 @úe\b RDN @úe\b RDN W⌡
µC
68 LDAP_ALREADY_EXISTS 44 wsb wsbC
69 LDAP_NO_OBJECT_CLASS_MODS 45 Lk∩½≤O úe\∩½≤OC
70 LDAP_RESULTS_TOO_LARGE 46 GLj GLjC
71 LDAP_AFFECTS_MULTIPLE_DSAS 47 vTh½ DSA vTh½ DSAC
80 LDAP_OTHER 50 ú oúC
81 LDAP_SERVER_DOWN 51 LkP LDAP °Aq
T
L D A P íwLkP
LDAP °AqTC
82 LDAP_LOCAL_ERROR 52 oYCoq
OOΘtmóC
83 LDAP_ENCODING_ERROR 53 sX bNne LDAP °A
sXAo
C
84 LDAP_DECODING_ERROR 54 X bN) LDAP °A
GXAoC
85 LDAP_TIMEOUT 55 O ÑGAWXí¡
εC
86 LDAP_AUTH_UNKNOWN 56 OΦkú bs@ⁿwOΦ
kúC
318 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ϕ 21. @δ#X (≥)
Q i
Q )
i
Kní í
87 LDAP_FILTER_ERROR 57 jMLo°≤ ú ldap_search Lo
°≤L]pAAú
¿∩C
88 LDAP_USER_CANCELLED 58 °@ °F@C
89 LDAP_PARAM_ERROR 59 ú LDAP í
Is LDAP í
]pANULL ld
ⁿC
90 LDAP_NO_MEMORY 5A OΘú¼ b LDAP íwíñ
OΘtm]pA
mallocIsóC
91 LDAP_CONNECT_ERROR 5B su suoC
92 LDAP_NOT_SUPPORTED 5C ⁿΣ ⁿΣC
93 LDAP_CONTROL_NOT_FOUND 5D Σúε ΣúεC
94 LDAP_NO_RESULTS_RETURNED 5E #G #GC
95 LDAP_MORE_RESULTS_TO_RETURN 5F Gn# Gn#C
96 LDAP_URL_ERR_NOTLDAP 60 URL YúO ldap:// URL úOH ldap:// YC
97 LDAP_URL_ERR_NODN 61 URL S DN]"n URL S]t DN]"n
C
98 LDAP_URL_ERR_BADSCOPE 62 URL d≥rΩL URL d≥rΩLC
99 LDAP_URL_ERR_MEM 63 LktmOΘí LktmOΘíC
100 LDAP_CLIENT_LOOP 64 ßjΘ ßjΘC
101 LDAP_REFERRAL_LIMIT_EXCEEDED 65 wWXα¡ε wWXα¡εC
112 LDAP_SSL_ALREADY_INITIALIZED 70 Bzy¡wQIs
ldap_ssl_client_init
bBzy¡wQI
s ldap_ssl_client_initC
113 LDAP_SSL_INITIALIZE_FAILED 71 l]wIsó SSL l]wIsóC
114 LDAP_SSL_CLIENT_INIT_NOT_CALLED 72 SSL suº
eA"²Is
ldap_ssl_client_init
b SSL suº
eA"²Is
ldap_ssl_client_initC
115 LDAP_SSL_PARAM_ERROR 73 ²eⁿw SSL L
²eⁿw SSL L
C
116 LDAP_SSL_HANDSHAKE_FAILED 74 Lks SSL °A Lks SSL °AC
117 LDAP_SSL_GET_CIPHER_FAILED 75 iαúAΣAú
C
118 LDAP_SSL_NOT_AVAILABLE 76 Σú SSL íw Tw GSKit wgwC
128 LDAP_NO_EXPLICIT_OWNER 80 ΣúT ΣúTC
129 LDAP_NO_LOCK 81 LkoΩw ßíwLkΩw"
nΩC
úºAldap.h ñ]wqUCP DNS ÷XG
² C. X 319
ϕ 22. DNS ÷#X
Qi
Q)i
í
133 LDAP_DNS_NO_SERVERS 85 Σú LDAP °A
134 LDAP_DNS_TRUNCATED 86 iGDNS GQI
135 LDAP_DNS_INVALID_DATA 87 DNS ΩL
136 LDAP_DNS_RESOLVE_ERROR 88 LkRt⌠W°A
137 LDAP_DNS_CONF_FILE_ERROR 89 DNS tm
ldap.h ñwqUCP UTF8 ÷XG
ϕ 23. UTF8 ÷#X
Qi
Q )
i
í
160 LDAP_XLATE_E2BIG A0 ΘXw
161 LDAP_XLATE_EINVAL A1 ΘJwQI
162 LDAP_XLATE_EILSEQ A2 ΘJrLk
163 LDAP_XLATE_NO_ENTRY A3 SrXIi∩M
320 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
² D. Root DSE ñ½≤OX (OID) P
UCUπ OID M≤ IBM Tivoli Directory Server 5.2Co OID M
Ob Root DSE ñCRoot DSE ]t°A¡÷ΩTC
IBM Tivoli Directory Server wq LDAP °Aú root DSE AHúz
÷ LDAP °AΩTCpAziαQnD°AΣ LDAPC
YnCX Root DSE ñ OID MA⌡µUCⁿOG
ldapsearch -D <AdminDN> -w <Adminpw> -s base-b "" objectclass=* * ibm-supportedcapabilitiesibm-enabledcapabilities
pΣLΩTA\ IBM Tivoli Directory Server Version 5.2 C-Client SDK
Programming ReferenceC
Root DSE ñ
UCOb Root DSE ñG
namingcontextsOdb°AñRWwqC
∩°ADδvRWwqCpG°AúDδ
v⌠≤ΩT]pAªO X.500 ² LDAP hDAh.C
pG°AH)v]tπ²Aµ@A BOrΩ]ⁿ
X Root DNCoi0\ßbs°A∩XA≥ª½≤
iµjM]wq≤tmñ¬hrMµC
ibm-configurationnamingcontextxs°AtmrCb 5.2 ñAoO cn=configurationC
subschemasubentry
Ol⌡WA°Abl⌡ñOiⁿw
⌡CªO]w cn=schemaC
security°AÑw SSL ≡Ap 636Cuϕ°AF SSL Ao
+XC
port °AÑDw≡Ap 389Cuϕ°ASw≡Ao
+XC
supportedsaslmechanismsΣ SASL w\αMµC
O°AΣΣ SASL ≈εWCpG°AúΣ⌠≤≈
εAhSC]twn²≤°A⌠≤ SASL ≈εC
supportedldapversionµ°AΩ@ LDAP C
O°AΩ@ LDAP qT≤wC 2 M 3C
© Copyright IBM Corp. 2003 321
ibmdirectoryversionw≤°A IBM Tivoli Directory Server Cµ 5.2C
ibm-enabledcapabilitiesC°AWe°A\αC\ 323yΣP\α
OIDzAHo÷C
ibm-ldapservicenameⁿw°AD≈WCpGwqF K e r b e r o s ΓAΣµíK
hostname@realmnameC
ibm-serverId°AlAⁿw°A@ IDCo ID i≤ gAHP
°AñΓC
vendornameo LDAP úCb IBM Tivoli Directory Server ñAoO]
International Business Machines (IBM)C
vendorversionb IBM Tivoli Directory Server 5.2A O] 5.2C
ibm-sslciphersⁿw°AΣ[KΦkMµCMµµírt∩C
ibm-slapdSizeLimit¡εDzºjM#qC
ibm-slapdTimeLimitⁿw°ABzDzºjMnDßOϕW¡C
ibm-slapdDerefAliasesíp≤tm°AHBzC
ibm-supportedAuditVersionΣfCpAb 5.2 ñA°AΣ 2 fAif
@C
ibm-supportedACIMechanismsC°AΣ ACL íC\ 324yACI ≈ε OIDzAH
o÷C
ibm-supportedcapabilitiesC°AeΣ°A\αC\ 323 yΣP\α
OIDzAHo÷C
ibm-supportedcontrolsC°AiδεC\ 325yε OIDzAHo÷
C
ibm-supportedextensionsC°AΣ@C\ 324y@ OIDzAHo
÷C
322 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ΣP\α OIDUϕπwΣP\α OIDCziHo OID dOSw°A
Σo\αC
ϕ 24. ΣP\α OID
í ⁿw OID
j gí wq IBM Directory Server 5.1 i gíA
]Al≡MÑíC gC
1.3.18.0.2.32.1
Md ⁿX°AΣ i b m - e n t r y c h e c k s u m M
ibm-entrychecksumop \αC
1.3.18.0.2.32.2
UUID CbΣ ibm-entryuuid ºr
ibm-capabilities lñC
1.3.18.0.2.32.3
Lo ACL wq°AΣ IBM Filter ACL í 1.3.18.0.2.32.4
KXh wq°AΣKXh 1.3.18.0.2.32.5
DN úF@δºAt DN jMC 1.3.18.0.2.32.6
zsNϕ °AΣN°Aze⌠tmßí
ñⁿw@szC
1.3.18.0.2.32.8
²Aw °AΣ²Aw\αA]A¬gOM≥
µ⌡µⁿC
1.3.18.0.2.32.9
OW∩ °AΣw]únOW∩ 1.3.18.0.2.32.10
znífOⁿ °AΣznífC 1.3.18.0.2.32.11
jMLo°≤R °AΣjMLo°≤RC 1.3.18.0.2.32.13
Al °AΣ LDAP @°A@ñl
C
1.3.18.0.2.32.14
Ml≡A≤s °AΣMl≡WAtm≤sC 1.3.18.0.2.32.15
s@ Iµs@°A\αC 1.3.18.0.2.32.16
sSwjM¡ε Σ@sHXRjM¡εC 1.3.18.0.2.32.17
IBMpolicies gl≡ °AΣ cn=IBMpolicies l≡ gC 1.3.18.0.2.32.18
jOd¡≤Θx ⁿw°Aα≈ Od¡Od≤Θx
C
1.3.18.0.2.32.19
Oⁿp °AúTºsW°ABⁿOµMf
ΘxOⁿpC
1.3.18.0.2.32.20
@ñu@íΩT °Aú@ñu@íΩT
(cn=workers,cn=monitor)C
1.3.18.0.2.32.21
su¼p °Aú SSL M TLS susu¼p
C
1.3.18.0.2.32.22
suΩT °Aú I P Dsu I D
(cn=connections, cn=monitor) suΩTC
1.3.18.0.2.32.23
@p °AúwlMw¿@¼s@
pC
1.3.18.0.2.32.24
lΩT °Aúel∩ΩTC 1.3.18.0.2.32.25
¼íl≡jM °A0\¼íl≡jMAjMwq≤°A
ñπ DITC
1.3.18.0.2.32.26
Proxy v °AΣ@suProxy vvC 1.3.18.0.2.32.27
TLS \α ⁿw°AΩiH⌡µ TLSC 1.3.18.0.2.32.28
² D. Root DSE ñ½≤OX (OID) P 323
ϕ 24. ΣP\α OID (≥)
í ⁿw OID
D g °AiHñq] °A¼í
≈Ao@δPwa½sΘ≤
sA¼¿\GNXεC
1.3.18.0.2.32.29
Kerberos \α ⁿw°AiH KerberosC 1.3.18.0.2.32.30
ibm-allMembers M ibm-allGroups
@
ⁿXßíOΣjM ibm-allGroups M
ibm-allMembers @C
1.3.18.0.2.32.31
yÑ °AΣyÑC 1.3.6.1.4.1.4203.1.5.4
GSKit FIPS í ²°Aα≈ ICC FIPS w[KtΓk 1.3.18.0.2.32.32
ACI ≈ε OIDUϕπ ACI ≈ε OIDC
ϕ 25. ACI ≈ε OID
í ⁿw OID
IBM SecureWay V3.2 ACL í ⁿX L D A P °AΣ I B M
SecureWay V3.2 ACL í
1.3.18.0.2.26.2
IBM Lo°≤¼í ACL ≈ε ⁿX LDAP °AΣ IBM Directory
Server v5.1 Lo°≤¼í ACLC
1.3.18.0.2.26.3
t¡εí ACL Σ °AΣtM¡ε ACL ⁿ
wM⌠C
1.3.18.0.2.32.7
@ OIDUϕπ@ OIDC
ϕ 26. @ OID
í ⁿw OID
≤n²nD SecureWay V3.2 Event ñ≤nDn²ΣC 1.3.18.0.2.12.1
≤°n²nD °n²wn²u≤n²nDv≤C 1.3.18.0.2.12.3
lº l SecureWay V3.2 ºíWUσ 1.3.18.0.2.12.5
⌠º ⌠ SecureWay V3.2 ºíWUσ]Tw/# 1.3.18.0.2.12.6
Ñíε g @boX∩H°AW⌡µnD
@Ab gñÑíCΣU
IsC
1.3.18.0.2.12.15
ε g @O%újεY gB g
# gCuϕß∩ g≤w≤sv¡
+0\o@C
1.3.18.0.2.12.16
ε gεC @∩ⁿw≤wuw gvCu
ϕß∩ g≤w≤sv¡+0\o@
C
1.3.18.0.2.12.17
Rε°Rε°A @Nl≡m≤úⁿß≤s¼A]
ε¼AA²O)wO²zX
u°Azvεºß≤súC
1.3.18.0.2.12.19
324 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ϕ 26. @ OID (≥)
í ⁿw OID
MúΘxnD MúΘxnDC 1.3.18.0.2.12.20
oσrµnD qΘxoσrµnDC 1.3.18.0.2.12.22
µnD nDΘxñµC 1.3.18.0.2.12.24
Bε°AnD Bε½s LDAP °AnDC 1.3.18.0.2.12.26
≤stmnD ≤s IBM Directory Server °AtmnDC 1.3.18.0.2.12.28
DN WnD W DN DN nDC 1.3.18.0.2.12.30
RúsunD Rú°AWºsunDCnDiHORú
suA s DNBIP )Sw IP s
DN RúsuC
1.3.18.0.2.12.35
¼nD owsu¼vnDC 1.3.18.0.2.12.37
ε°Al ε IBM Directory Server ñlC 1.3.18.0.2.12.40
TLS uΘhw (Transport Layer Security)v
nDC
1.3.6.1.4.1.1466.20037
@ ⌡µ@\α 1.3.18.0.2.6.574
¼@ ÷Σ\αG@ByÑB
B@tmC
1.3.18.0.2.12.46
ε OIDUϕπε OIDC
ϕ 27. ε OID
í ⁿw OID
ºíWUσ N@ SecureWay V3.2 ºíWUσ
@í≈C
1.3.18.0.2.10.5
°Az ϕ≤s@@δQípU]°AwR
εB¬ °AÑÑA0\ziµ
@C
1.3.18.0.2.10.15
gúsε pGúOhD°AAεK%ú
sWC
1.3.18.0.2.10.18
wjM 0\ß ≥Mµ¼jMGAΣñ
C≥úNϕ@jMΣC
1.2.840.113556.1.4.319
!jMG 0\jMnD#ΩqzC 1.2.840.113556.1.4.473
≡Rúε oεOsuRúvnDAⁿXnRúⁿ
wMßNC
1.2.840.113556.1.4.805
KXh KXhnD# 1.3.6.1.4.1.42.2.27.8.5.1
z DSAIT π ″ref″ Q°@δA0\
ßi¬M∩oC
2.16.840.1.113730.3.4.2
² D. Root DSE ñ½≤OX (OID) P 325
326 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
² E. LDAP Ωµ½µí (LDIF)
σ≤í LDAP Ωµ½µí (LDIF)Aµí≤ ldapmodifyBldapsearch H
ldapadd ÑíñCIBM Directory H°Aí]Σoⁿw
LDIFC
LDIF OHσrµíe LDAP CLDIF ≥µípUG
dn: <OW><attrtype> : <attrvalue><attrtype> : <attrvalue>...
Yn≥U@µAibU@µY@µrApG
dn: cn=John E Doe, o=University of HigherLearning, c=US
h½nbúPµWⁿwApG
cn: John E Doecn: John Doe
Y <attrvalue> ñ]tD US-ASCII rAHµ ’:’ YA<attrtype> º
ßn≥ΓABΣnH base-64 ϕksXCpA ″ begins with a space″nsX¿pG
cn:: IGJlZ2lucyB3aXRoIGEgc3BhY2U=
P@ LDIF ñhºínH@µµ!jChµµQ°ΦW
C
LDIF d
HUO]tTd LDIF C
dn: cn=John E Doe, o=University of Higher Learning, c=UScn: John E Doecn: John Doeobjectclass: personsn: Doe
dn: cn=Bjorn L Doe, o=University of Higher Learning, c=UScn: Bjorn L Doecn: Bjorn Doeobjectclass: personsn: Doe
dn: cn=Jennifer K. Doe, o=University of Higher Learning, c=UScn: Jennifer K. Doecn: Jennifer Doeobjectclass: personsn: Doe
© Copyright IBM Corp. 2003 327
jpegPhoto:: /9j/4AAQSkZJRgABAAAAAQABAAD/2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVG...
b Jennifer Jensen ñ jpegPhoto OH base-64 sXCσr¼]iH
base-64 µíⁿwCúLAbípUAbase-64 sX"qT≤w wire µí
rX]τYAb LDAP V2 ñO IA5 rAb LDAP V3 ñO UTF-8 sXC
1 LDIF Σ
ßí (ldapmodify M ldapadd) úwg[jiHδ LDIF sAo
O%Y ″version: 1″ OCMl LDIF úPaΦOAs
LDIF ΣH UTF-8 e] úO¡εh US-ASCIIC
úLAYnΓ]t UTF-8 LDIF Aiαx°CF Bz
Atb LDIF µíñΣrXRCXRⁿb LDIF YBAⁿw
IANA rW]MX@CtiΣ@Tw IANA rCpC
@@t¡xΣSwrA\ 329 y¡xΣ IANA r
zC
1 LDIF µí]iHΣ URLC\αúH≤uΦkwqW
µC URL µípUG
attribute:< file:///path ]⌠yk°¡xw
pAUCO⌠G
jpegphoto:< file:///d:\temp\photos\myphoto.jpg ]DOS/Windows ¼⌠jpegphoto:< file:///etc/temp/photos/myphoto.jpg ]UNIX ¼⌠
: úⁿwWµO>≥AIBM Directory íiHPΣs URL
WµH¼í]pA″jpegphoto: /etc/temp/myphoto″C½yíAYSb LDIF ñ[JA]iHs URL µíC
1 LDIF d
ziH∩rAí)Nⁿwr૨ UTF-8ApUCd
G
version: 1charset: ISO-8859-1
dn: cn=Juan Griego, o=University of New Mexico, c=UScn: Juan Griegosn: Griegodescription:: V2hhdCBhIGNhcmVmdWwgcmVhZGVyIHlvdtitle: Associate Deantitle: [title in Spanish]jpegPhoto:> file:///usr/local/photos/jgriego.jpg
bΩñA≥bWHµ@ºßAúq ISO-8859-1 rα½
UTF-8C≥bWMΓºß]p description:: V2hhdCBhIGNhcm...A
"H base-64 sXAB"OGi UTF-8 rΩCq¬Apbe
zdñH⌠ⁿw jpegPhoto A]"OGi UTF-8C∩≤o¼A
tú⌡µqⁿwurvα½ UTF-8 @C
328 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
bHUoSⁿwr LDIF dñAtwΣeO UTF-8A
base-64 sX UTF-8A base-64 sXGiΩG
# IBM Directorysample LDIF file## The suffix "o=IBM, c=US" should be defined before attempting to load# this data.
version: 1
dn: o=IBM, c=USobjectclass: topobjectclass: organizationo: IBM
dn: ou=Austin, o=IBM, c=USou: Austinobjectclass: organizationalUnitseealso: cn=Linda Carlesberg, ou=Austin, o=IBM, c=US
o]iHú]t version: 1 YΩTApPb IBM Directory ñΦ
íG
# IBM Directorysample LDIF file## The suffix "o=IBM, c=US" should be defined before attempting to load# this data.
dn: o=IBM, c=USobjectclass: topobjectclass: organizationo: IBM
dn: ou=Austin, o=IBM, c=USou: Austinobjectclass: organizationalUnitseealso: cn=Linda Carlesberg, ou=Austin, o=IBM, c=US
: σr¼iH base-64 µíⁿwC
¡xΣ IANA r
UCϕµñ U¡xAwqb 1 LDIF ñrBAiH]w
IANA wqrC¬µñwqibrñⁿwrΩC″X″ ϕb÷p¡xWAiHΣqⁿwrα½ UTF-8AB]b LDIF ñ
rΩeúOHⁿwreC″L″ ϕb÷p¡xWAúΣα½C
rΩewqOⁿ≥bWHµ@ºßC
po÷ IANA n²rΩTA\ IANA Character SetsC
ϕ 28.
r yÑ⌠ DB2 rX
W HP-UX L i n u x ,
Linux_390,
NT AIX Solaris UNIX NT
ISO-8859-1 X X X X X 819 1252
ISO-8859-2 X X X X X 912 1250
ISO-8859-5 X X X X X 915 1251
² E. LDAP Ωµ½µí (LDIF) 329
ϕ 28. (≥)
ISO-8859-6 X X X X X 1089 1256
ISO-8859-7 X X X X X 813 1253
ISO-8859-8 X X X X X 916 1255
ISO-8859-9 X X X X X 920 1254
ISO-8859–15 X L X X X
IBM437 L L X L L 437 437
IBM850 L L X X L 850 850
IBM852 L L X L L 852 852
IBM857 L L X L L 857 857
IBM862 L L X L L 862 862
IBM864 L L X L L 864 864
IBM866 L L X L L 866 866
IBM869 L L X L L 869 869
IBM1250 L L X L L
IBM1251 L L X L L
IBM1253 L L X L L
IBM1254 L L X L L
IBM1255 L L X L L
IBM1256 L L X L L
TIS-620 L L X X L 874 874
EUC-JP X X L X X 954 L
EUC-KR L L L X X* 970 L
EUC-CN L L L X X 1383 L
EUC-TW X L L X X 964 L
Shift-JIS L X X X X 932 943
KSC L L X L L L 949
GBK L L X X L 1386 1386
Big5 X L X X X 950 950
GB18030 L X X X X
HP15CN X (D
GB18030)
* b Solaris 7 ΣC
:
1. q www.sun.com and www.microsoft.com oAϕíßYiΣsñσ
r (GB18030)
2. b Windows 2000 @tWAz"]w⌠ zhCNGB18030=TRUEC
330 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
² F. IPv6 Σ
Internet Protocol Version 6 (IPv6) O IETF ]pqT≤wAHNµ Internet
qT≤wAIP Version 4 (IPv4)CIPv6 IPv4 ñ\hDApⁿ¡εi
IPv4 CIPv6 d≥± IPv4 s]128 ∩ 32 AB∩
TCP íhy¿vTCªP]∩FpeM⌠⌠)tmÑΓCIPv6 w
ÑÑaN IPv4C
b AIX W IPv6 Σ
AIX ßM°AíwHΣ IPv6CIPv4 P IPv6 º LDAP URL
µípUG
v pGnb URL ñσr¼ IPv4 AΣµí x.x.x.x:portCíA
URL ñ LDAP °AW ldap://9.53.90.21:80C
v pGnϕ RFC 2732AURL ñσr¼ IPv6 "AW [ P ] rCíAURL ñ LDAP °AWG
– ldap://[107:0:0:0:200:7051]:80
– ldap://[::ffff:9.53.96.21]
© Copyright IBM Corp. 2003 331
332 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
² G. IBM Tivoli Directory Server 5.2 nwq
attributetypes=( 1.3.18.0.2.4.285NAME ’aclEntry’DESC ’Ossε≤ IBM eNetwork LDAP²’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.285DBNAME( ’aclEntry’ ’aclEntry’ )ACCESS-CLASS restrictedLENGTH 32700 )
attributetypes=( 1.3.18.0.2.4.286NAME ’aclPropagate’DESC ’ⁿX ACL OnM≤l≡C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.286DBNAME( ’aclPropagate’ ’aclPropagate’ )ACCESS-CLASS restrictedLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.287NAME ’aclSource’DESC ’ⁿX ACL OnM≤l≡C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.287DBNAME( ’aclSource’ ’aclSource’ )ACCESS-CLASS systemLENGTH 1000 )
attributetypes=( 2.5.4.1NAME ( ’aliasedObjectName’ ’aliasedentryname’ )DESC ’NϕbOWⁿwⁿVC’EQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 2.5.4.1DBNAME( ’aliasedObject’ ’aliasedObject’ )ACCESS-CLASS normalLENGTH 1000EQUALITY )
attributetypes=( 1.3.6.1.4.1.1466.101.120.6NAME ’altServer’DESC ’OΣL°A URLϕLk°AAYsoΣL°AC’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26USAGE dSAOperation )IBMAttributetypes=( 1.3.6.1.4.1.1466.101.120.6DBNAME( ’altServer’ ’altServer’ )ACCESS-CLASS normalLENGTH 2048 )
attributetypes=( 2.5.21.5NAME ’attributeTypes’DESC ’qObl⌡ñA xs°AwM
© Copyright IBM Corp. 2003 333
objectClassesC’EQUALITY 2.5.13.30SYNTAX 1.3.6.1.4.1.1466.115.121.1.3USAGE directoryOperation )IBMAttributetypes=( 2.5.21.5DBNAME( ’attributeTypes’ ’attributeTypes’ )ACCESS-CLASS systemLENGTH 30EQUALITY )
attributetypes=( 2.5.4.15NAME ’businessCategory’DESC ’í⌡µC’EQUALITY 2.5.13.2SUBSTR 2.5.13.4SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE userApplications )IBMAttributetypes=( 2.5.4.15DBNAME( ’businessCategory’ ’businessCategory’ )ACCESS-CLASS normalLENGTH 128EQUALITYSUBSTR)
)attributetypes=( 2.16.840.1.113730.3.1.5NAME ’changeNumber’DESC ’]tú°Aⁿw≤XC’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUENO-USER-MODIFICATIONUSAGE userApplications )IBMAttributetypes=( 2.16.840.1.113730.3.1.5DBNAME( ’changeNumber’ ’changeNumber’ )ACCESS-CLASS normalLENGTH 11EQUALITY APPROX )
attributetypes=( 2.16.840.1.113730.3.1.8NAME ’changes’DESC ’wq∩²°A≤Co≤OLDIF µíC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUENO-USER-MODIFICATIONUSAGE userApplications )IBMAttributetypes=( 2.16.840.1.113730.3.1.8DBNAME( ’changes’ ’changes’ )ACCESS-CLASS sensitive )
attributetypes=( 2.16.840.1.113730.3.1.77NAME ’changeTime’DESC ’W≤íC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUENO-USER-MODIFICATIONUSAGE userApplications )IBMAttributetypes=( 2.16.840.1.113730.3.1.77DBNAME( ’changeTime’ ’changeTime’ )ACCESS-CLASS normalLENGTH 30 )
attributetypes=( 2.16.840.1.113730.3.1.7NAME ’changeType’DESC ’í∩⌡µ≤¼Cⁿ
334 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
]AGaddBdeleteBmodifyBmodrdnC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUENO-USER-MODIFICATIONUSAGE userApplications )IBMAttributetypes=( 2.16.840.1.113730.3.1.7DBNAME( ’changeType’ ’changeType’ )ACCESS-CLASS normalLENGTH 250EQUALITY )
attributetypes=( 2.5.4.3NAME ( ’cn’ ’commonName’ )DESC ’oO X.500 commonName A]t½≤WCpG½≤∩HAqOHWC’SUP 2.5.4.41EQUALITY 2.5.13.2ORDERING 2.5.13.3SUBSTR 2.5.13.4USAGE userApplications )IBMAttributetypes=( 2.5.4.3DBNAME( ’cn’ ’cn’ )ACCESS-CLASS normalLENGTH 256EQUALITYORDERINGSUBSTRAPPROX )
attributetypes=( 2.5.18.1NAME ’createTimestamp’DESC ’]t²íC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 2.5.18.1DBNAME( ’ldap_entry’ ’create_Timestamp’ )ACCESS-CLASS systemLENGTH 26 )
attributetypes=( 2.5.18.3NAME ’creatorsName’DESC ’]t²C’EQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 2.5.18.3DBNAME( ’ldap_entry’ ’creator’ )ACCESS-CLASS systemLENGTH 1000EQUALITY )
attributetypes=( 2.16.840.1.113730.3.1.10NAME ’deleteOldRdn’DESC ’ⁿOnOd RDN ¿X’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUENO-USER-MODIFICATIONUSAGE userApplications )IBMAttributetypes=( 2.16.840.1.113730.3.1.10DBNAME( ’deleteOldRdn’ ’deleteOldRdn’ )ACCESS-CLASS normal
² G. IBM Tivoli Directory Server 5.2 "nwq 335
LENGTH 5 )
attributetypes=( 2.5.4.13NAME ’description’DESC ’CIM M LDAP ⌡@qAú²½≤°íC’EQUALITY 2.5.13.2SUBSTR 2.5.13.4SYNTAX1.3.6.1.4.1.1466.115.121.1.15USAGE userApplications )IBMAttributetypes=( 2.5.4.13DBNAME( ’description’ ’description’ )ACCESS-CLASS normalLENGTH 1024EQUALITYSUBSTR )
attributetypes=( 2.5.21.2NAME ’ditContentRules’DESC ’\ RFC 2252C’EQUALITY 2.5.13.30SYNTAX 1.3.6.1.4.1.1466.115.121.1.16USAGE directoryOperation )IBMAttributetypes=( 2.5.21.2DBNAME( ’ditContentRules’ ’ditContentRules’ )ACCESS-CLASS systemLENGTH 256EQUALITY )
attributetypes=( 2.5.21.1NAME ’ditStructureRules’DESC ’\ RFC 2252C’EQUALITY 2.5.13.29SYNTAX 1.3.6.1.4.1.1466.115.121.1.17USAGE directoryOperation )IBMAttributetypes=( 2.5.21.1DBNAME( ’ditStructureRules’ ’ditStructureRules’ )ACCESS-CLASS systemLENGTH 256EQUALITY )
attributetypes=( 2.5.4.49NAME ( ’dn’ ’distinguishedName’ )DESC ’¼úO ½≤¡WAOt DN yk≥ª¼CñúiଭC’EQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12USAGE userApplications )IBMAttributetypes=( 2.5.4.49DBNAME( ’dn’ ’dn’ )ACCESS-CLASS normalLENGTH 1000EQUALITY )
attributetypes=( 1.3.18.0.2.4.288NAME ’entryOwner’DESC ’ⁿXOⁿOWO’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.288DBNAME( ’entryOwner’ ’entryOwner’ )
336 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ACCESS-CLASS restrictedLENGTH 1000 )
attributetypes=( 2.5.18.9NAME ’hasSubordinates’DESC ’ⁿXO⌠≤lhsb≤OsºUC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 2.5.18.9DBNAME( ’hasSubordinates’ ’hasSubordinates’ )ACCESS-CLASS systemLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2244NAME ’ibm-allGroups’DESC ’sCiαOzL memberBuniqueMember memberURL AízL ibm-memberGroup ¿C¬@]ú\≤Lo°≤ñC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12NO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2244DBNAME( ’allGroups’ ’allGroups’ )ACCESS-CLASS normalLENGTH 1000 )
attributetypes=( 1.3.18.0.2.4.2243NAME ’ibm-allMembers’DESC ’s¿CiαOzLmemberBuniqueMember memberURL AízLibm-memberGroup ¿C¬@]ú\≤Lo°≤ñC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12NO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2243DBNAME( ’ibmallMembers’ ’ibmallMembers’ )ACCESS-CLASS normalLENGTH 1000 )
attributetypes=( 1.3.18.0.2.4.1077NAME ’ibm-audit’DESC ’TRUE FALSECfACw] FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1077DBNAME( ’audit’ ’audit’ )ACCESS-CLASS criticalLENGTH 16 )
attributetypes=( 1.3.18.0.2.4.1073NAME ’ibm-auditAdd’DESC ’TRUE FALSECⁿXOnΘxOⁿusWv@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1073DBNAME( ’auditAdd’ ’auditAdd’ )ACCESS-CLASS criticalLENGTH 16 )
² G. IBM Tivoli Directory Server 5.2 "nwq 337
attributetypes=( 1.3.18.0.2.4.1070NAME ’ibm-auditBind’DESC ’TRUE FALSECⁿXOnΘxOⁿusv@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1070DBNAME( ’auditBind’ ’auditBind’ )ACCESS-CLASS criticalLENGTH 16 )
attributetypes=( 1.3.18.0.2.4.1071NAME ’ibm-auditDelete’DESC ’TRUE FALSECⁿXOnΘxOⁿuRúv@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1071DBNAME( ’auditDelete’ ’auditDelete’ )ACCESS-CLASS criticalLENGTH 16 )
attributetypes=( 1.3.18.0.2.4.1069NAME ’ibm-auditExtOpEvent’DESC ’TRUE FALSECⁿXOnΘxOⁿ LDAP v3 ≤q@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1069DBNAME( ’auditExtOpEvent’ ’auditExtOpEvent’ )ACCESS-CLASS criticalLENGTH 16 )
attributetypes=( 1.3.18.0.2.4.1078NAME ’ibm-auditFailedOpOnly’DESC ’TRUE FALSECⁿXOunΘxOⁿó@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1078DBNAME( ’auditFailedOpOnly’ ’auditFailedOpOnly’ )ACCESS-CLASScritical LENGTH 16 )
attributetypes=( 1.3.18.0.2.4.1079NAME ’ibm-auditLog’DESC ’ⁿwfΘx⌠WC’EQUALITY 2.5.13.5 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1079DBNAME( ’auditLog’ ’auditLog’ )ACCESS-CLASS criticalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.1072NAME ’ibm-auditModify’DESC ’TRUE FALSECⁿXOnΘxOⁿu∩v@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1072DBNAME( ’auditModify’ ’auditModify’ )ACCESS-CLASS criticalLENGTH 16 )
338 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
attributetypes=( 1.3.18.0.2.4.1075NAME ’ibm-auditModifyDN’DESC ’TRUE FALSECⁿXOnΘxOⁿ ModifyRDN@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1075DBNAME( ’auditModifyDN’ ’auditModifyDN’ )ACCESS-CLASS criticalLENGTH 16 )
attributetypes=( 1.3.18.0.2.4.1074NAME ’ibm-auditSearch’DESC ’TRUE FALSECⁿXOnΘxOⁿujMv@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1074DBNAME( ’auditSearch’ ’auditSearch’ )ACCESS-CLASS criticalLENGTH 16 )
attributetypes=( 1.3.18.0.2.4.1076NAME ’ibm-auditUnbind’DESC ’TRUE FALSECⁿXOnΘxOⁿusv@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1076DBNAME( ’auditUnbind’ ’auditUnbind’ )ACCESS-CLASS criticalLENGTH 16 )
attributetypes=( 1.3.18.0.2.4.2483NAME ’ibm-capabilitiessubentry’DESC ’CX]t½≤ºRWwq\α ibm-capabilitiessubentry ½≤WC’EQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUENO-USER-MODIFICATIONUSAGE dSAOperation )IBMAttributetypes=( 1.3.18.0.2.4.2483DBNAME( ’ibmcapsubentry’ ’ibmcapsubentry’ )ACCESS-CLASS systemLENGTH 1000 )
attributetypes=( 1.3.18.0.2.4.2444NAME ’ibm-effectiveAcl’DESC ’]tpLo°≤¼ísIBM LDAP ²ñ@C’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 NO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2444DBNAME( ’effectiveAcl’ ’effectiveAcl’ )ACCESS-CLASS restrictedLENGTH 32700 )
attributetypes=( 1.3.18.0.2.4.2331NAME ’ibm-effectiveReplicationModel’DESC ’b Root DSE ñi°Añgí OID’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26SINGLE-VALUE NO-USER-MODIFICATIONUSAGE directoryOperation )
² G. IBM Tivoli Directory Server 5.2 "nwq 339
IBMAttributetypes=( 1.3.18.0.2.4.2331DBNAME( ’effectiveReplicat’ ’effectiveReplicat’ )ACCESS-CLASS systemLENGTH 240 )
attributetypes=( 1.3.18.0.2.4.2482NAME ’ibm-enabledCapabilities’DESC ’CX≤°AW\αC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15NO-USER-MODIFICATIONUSAGE dSAOperation )IBMAttributetypes=( 1.3.18.0.2.4.2482DBNAME( ’ibmenabledcap’ ’ibmenabledcap’ )ACCESS-CLASS systemLENGTH 100 )
attributetypes=( 1.3.18.0.2.4.2325NAME ’ibm-entryChecksum’DESC ’]tMdC’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2325DBNAME( ’entryChecksum’ ’entryChecksum’ )ACCESS-CLASS systemLENGTH 100 )
attributetypes=( 1.3.18.0.2.4.2326NAME ’ibm-entryChecksumOp’DESC ’]tg@MdC’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26SINGLE-VALUE NO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2326DBNAME( ’entryChecksumOp’ ’entryChecksumOp’ )ACCESS-CLASS systemLENGTH 100 )
attributetypes=( 1.3.18.0.2.4.1780NAME ’ibm-entryUuid’DESC ’b²sbí@aOΣ¡≈C’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.1780DBNAME( ’ibmEntryUuid’ ’ibmEntryUuid’ )ACCESS-CLASS systemLENGTH 36EQUALITY )
attributetypes=( 1.3.18.0.2.4.2443NAME ’ibm-filterAclEntry’DESC ’]t IBMLDAP ²ñLo°≤¼ísεC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2443DBNAME( ’filterAclEntry’ ’filterAclEntry’ )
340 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ACCESS-CLASS restrictedLENGTH 32700 )
attributetypes=( 1.3.18.0.2.4.2445NAME ’ibm-filterAclInherit’DESC ’ⁿXLo°≤¼í ACL O pQ≡C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2445DBNAME( ’filterAclInherit’ ’filterAclInherit’ )ACCESS-CLASS restrictedLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2330NAME ’ibm-replicationChangeLDIF’DESC ’úWó@ LDIF ϕk’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2330DBNAME( ’replicationChange’ ’replicationChange’ )ACCESS-CLASS system )
attributetypes=( 1.3.18.0.2.4.2498NAME ’ibm-replicationIsQuiesced’DESC ’ⁿX]tgl≡Onb°AWRεC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUENO-USER-MODIFICATIONUSAGE dSAOperation )IBMAttributetypes=( 1.3.18.0.2.4.2498DBNAME( ’replIsQuiesced’ ’replIsQuiesced’ )ACCESS-CLASS systemLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2338NAME ’ibm-replicationLastActivationTime’DESC ’ⁿXg⌡µⁿßí’SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2338DBNAME( ’replicationLastAc’ ’replicationLastAc’ )ACCESS-CLASS systemLENGTH 32 )
attributetypes=( 1.3.18.0.2.4.2334NAME ’ibm-replicationLastChangeId’DESC ’ⁿXg≤wñ¿\gß≤ id’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2334DBNAME( ’replicationLastCh’ ’replicationLastCh’ )ACCESS-CLASS systemLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2335NAME ’ibm-replicationLastFinishTime’DESC ’ⁿXg⌡µⁿ ¿em
² G. IBM Tivoli Directory Server 5.2 "nwq 341
ßíC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2335DBNAME( ’replicationLastFi’ ’replicationLastFi’ )ACCESS-CLASS systemLENGTH 30 )
attributetypes=( 1.3.18.0.2.4.2448NAME ’ibm-replicationLastGlobalChangeId’DESC ’ⁿX¿\gWs]MπDITAp⌡≤C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2448DBNAME( ’replicationLastGl’ ’replicationLastGl’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2340NAME ’ibm-replicationLastResult’DESC ’ßgGAµíG<time><change id><resultcode> <entry-dn> ’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE NO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2340DBNAME( ’replicationLastRe’ ’replicationLastRe’ )ACCESS-CLASS systemLENGTH 2048 )
attributetypes=( 1.3.18.0.2.4.2332NAME ’ibm-replicationLastResultAdditional’DESC ’b LDAP GTº≤ñAú°°A⌠≤ΣLΩT’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15NO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2332BNAME( ’replicationLastAd’ ’replicationLastAd’ )ACCESS-CLASS systemLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2339NAME ’ibm-replicationNextTime’DESC ’ⁿXU wgí’SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2339DBNAME( ’replicationNextTi’ ’replicationNextTi’ )ACCESS-CLASS systemLENGTH 30 )
attributetypes=( 1.3.18.0.2.4.2333NAME ’ibm-replicationPendingChangeCount’DESC ’ⁿXg≤wm!g≤’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUENO-USER-MODIFICATION
342 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2333DBNAME( ’replicationPendin’ ’replicationPendin’ )ACCESS-CLASS systemLENGTH 12 )
attributetypes=( 1.3.18.0.2.4.2337NAME ’ibm-replicationPendingChanges’DESC ’!g≤Aµí<change id><operation> <dn>Σñ operation O ADDBDELETEBMODIFYBMODIFYDN’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15NO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2337DBNAME( ’replicationPendch’ ’replicationPendch’ )ACCESS-CLASS systemLENGTH 1100 )
attributetypes=( 1.3.18.0.2.4.2336NAME ’ibm-replicationState’DESC ’ⁿXg⌡µⁿ¼AG@ñBBÑñBw πFY πA NⁿXiq’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2336DBNAME( ’replicationState’ ’replicationState’ )ACCESS-CLASS systemLENGTH 240 )
attributetypes=( 1.3.18.0.2.4.2495NAME ’ibm-replicationThisServerIsMaster’DESC ’ⁿX°AO]tºl≡D°AC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUE NO-USER-MODIFICATIONUSAGE dSAOperation )IBMAttributetypes=( 1.3.18.0.2.4.2495DBNAME( ’replThisSvrMast’ ’replThisSvrMast’ )ACCESS-CLASS systemLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2328NAME ’ibm-serverId’DESC ’b Root DSE ñi ibm-slapdServerId tm]w’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26SINGLE-VALUENO-USER-MODIFICATIONUSAGE dSAOperation )IBMAttributetypes=( 1.3.18.0.2.4.2328DBNAME( ’serverId’ ’serverId’ )ACCESS-CLASS systemLENGTH 240 )
attributetypes=( 1.3.18.0.2.4.2374NAME ’ibm-slapdACLCache’DESC ’ε°AOn ACL ΩT’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )
² G. IBM Tivoli Directory Server 5.2 "nwq 343
IBMAttributetypes=( 1.3.18.0.2.4.2374DBNAME( ’ACLCache’ ’ACLCache’ )ACCESS-CLASS normalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2373NAME ’ibm-slapdACLCacheSize’DESC ’ACL OΘñiHOsW¡’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SSINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2373DBNAME( ’slapdACLCacheSize’ ’slapdACLCacheSize’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2428NAME ’ibm-slapdAdminDN’DESC ’ibmslapd zs DNApGcn=root’EQUALITY 2.5.13.1ORDERING 1.3.18.0.2.4.405SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2428DBNAME( ’slapdAdminDN’ ’slapdAdminDN’ )ACCESS-CLASS criticalLENGTH 1000EQUALITY ORDERING )
attributetypes=( 1.3.18.0.2.4.2425NAME ’ibm-slapdAdminPW’DESC ’ibmslapd zsKXC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUESAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2425DBNAME( ’slapdAdminPW’ ’slapdAdminPW’ )ACCESS-CLASS critical )
attributetypes=( 1.3.18.0.2.4.2366NAME ’ibm-slapdAuthIntegration’DESC ’ⁿwN LDAP zsvM@tπXCG0 - ún∩M OS LDAPzA1 - NπAϕv¡ OS ∩MzCob OS/400 WΣC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2366DBNAME( ’slapdAuthIntegrat’ ’slapdAuthIntegrat’ )ACCESS-CLASS systemLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2432NAME ’ibm-slapdCLIErrors’DESC ’nN DB2 CLI Tºg ibmslapd D≈≈W⌠mCb Windows WAiⁿuAuºeYS≈r"A]Ow² ²]pG/tmp/cli.errors= D:\Program Files\IBM\ldap\tmp\cli.errors)C’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )
344 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
IBMAttributetypes=( 1.3.18.0.2.4.2432DBNAME( ’slapdCLIErrors’ ’slapdCLIErrors’ )ACCESS-CLASS normalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2369NAME ’ibm-slapdDB2CP’DESC ’ⁿw²ΩwrXC1208 OUTF-8 ΩwrXC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2369DBNAME( ’slapdDB2CP’ ’slapdDB2CP’ )ACCESS-CLASS normal LENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2431NAME ’ibm-slapdDBAlias’DESC ’DB2 ΩwOWC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2431DBNAME( ’slapdDBAlias’ ’slapdDBAlias’ )ACCESS-CLASS normal LLENGTH 8 )
attributetypes=( 1.3.18.0.2.4.2417NAME ’ibm-slapdDbConnections’DESC ’ⁿw°AM≤ DB2 ßíDB2 suCΣb 5 & 50]tºíCODBCCONS ⌠NCpGibm-slapdDbConnections] ODBCCONSp≤ 5 j≤50Ah°AO 5 50C∩≤gM≤ΘxiHΣLsuC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2417DBNAME( ’DbConnections’ ’DbConnections’ )ACCESS-CLASS criticalLENGTH 2 )
attributetypes=( 1.3.18.0.2.4.2418NAME ’ibm-slapdDbInstance’DESC ’ßí DB2 ΩC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2418DBNAME( ’slapdDbInstance’ ’slapdDbInstance’ )ACCESS-CLASS criticalLENGTH 8 )
attributetypes=( 1.3.18.0.2.4.2382NAME ’ibm-slapdDbLocation’DESC ’ßΩwbt⌠CbUNIX oqO DB2INSTANCE l²]pG/home/ldapdb2Cb Windows WhuO≈ⁿw]pGD:’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2382DBNAME( ’slapdDbLocation’ ’slapdDbLocation’ )
² G. IBM Tivoli Directory Server 5.2 "nwq 345
ACCESS-CLASS criticalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2426NAME ’ibm-slapdDbName’DESC ’ßí DB2 ΩwWC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2426DBNAME( ’slapdDbName’ ’slapdDbName’ )ACCESS-CLASS criticalLENGTH 8 )
attributetypes=( 1.3.18.0.2.4.2422NAME ’ibm-slapdDbUserID’DESC ’ßí s DB2 ΩwWC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2422DBNAME( ’slapdDbUserID’ ’slapdDbUserID’ )ACCESS-CLASS criticalLENGTH 8 )
attributetypes=( 1.3.18.0.2.4.2423NAME ’ibm-slapdDbUserPW’DESC ’ßí s DB2 ΩwKXC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2423DBNAME( ’slapdDbUserPW’ ’slapdDbUserPW’ )ACCESS-CLASS critical )
attributetypes=( OID TBDNAME ’ibm-slapdDerefAliases’DESC ’jMnDjOWhAúbßnDñiαⁿw⌠≤ derefAliasesC\u#úvBuMΣvBujMvMu@wvC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3054DBNAME( ’DerefAliases’ ’DerefAliases’ )ACCESS-CLASS criticalLENGTH 6)
attributetypes=( 1.3.18.0.2.4.2449NAME ’ibm-slapdDN’ DESC ’ DN]LDAPDB2 Ωwñ LDAP_ENTRY.DN µ jMGCEQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUE NO-USER-MODIFICATIONUSAGE dSAOperation )IBMAttributetypes=( 1.3.18.0.2.4.2449DBNAME( ’LDAP_ENTRY’ ’DN’ )ACCESS-CLASS systemLENGTH 1000 )
attributetypes=( 1.3.18.0.2.4.2481NAME ’ibm-supportedCapabilities’DESC ’CX°AΣB²n\αC’
346 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
QUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15NO-USER-MODIFICATIONUSAGE dSAOperation )IBMAttributetypes=( 1.3.18.0.2.4.2481DBNAME( ’ibmsupportedCap’ ’ibmsupportedCap’ )ACCESS-CLASS systemLENGTH 100 )
attributetypes=( 1.3.18.0.2.4.2421NAME ’ibm-slapdEnableEventNotification’DESC ’Y] FALSEA°A@nDAúe\ΣHG LDAP_UNWILLING_TO_PERFORM n²≤qC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2421 DBNAME( ’enableEvntNotify’ ’enableEvntNotify’)ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2372NAME ’ibm-slapdEntryCacheSize’DESC ’OΘñiHOsW¡’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2372DBNAME( ’slapdRDBMCacheSiz’ ’slapdRDBMCacheSiz’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2424NAME ’ibm-slapdErrorLog’DESC ’nNTºg ibmslapd D≈≈W⌠mCb Windows WAiⁿuAuºeYS≈r"A]Ow² ²]pG/tmp/slapd.errors = D:\Program Files\IBM\ldap\tmp\slapd.errors)C’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2424DBNAME( ’slapdErrorLog’ ’slapdErrorLog’ )ACCESS-CLASS criticalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2371NAME ’ibm-slapdFilterCacheBypassLimit’DESC ’jMLo°≤XYWLNú[JujMLo°≤vOΘñA]XLo°≤ ID Mµw]tbOΘñA]wU≤¡εOΘqC 0 ϕS¡εC’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2371DBNAME( ’slapdRDBMCacheByp’ ’slapdRDBMCacheByp’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2370NAME ’ibm-slapdFilterCacheSize’DESC ’ⁿwujMLo°≤OΘvñOs
² G. IBM Tivoli Directory Server 5.2 "nwq 347
W¡C’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2370DBNAME( ’slapdFilterCacheS’ ’slapdFilterCacheS’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2378NAME ’ibm-slapdIdleTimeOut’DESC ’Od! C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2378DBNAME( ’SlapdIdleTimeOut’ ’SlapdIdleTimeOut’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2364NAME ’ibm-slapdIncludeSchema’DESC ’ibmslapd D≈W⌠AΣñ]tLDCF ßí⌡wqCG/etc/V3.system.at /etc/V3.system.oc/etc/V3.ibm.at /etc/V3.ibm.oc /etc/V3.user.at /etc/V3.user.oc/etc/V3.ldapsyntaxes /etc/V3.matchingrules /etc/V3.modifiedschemab Windows WAiⁿuAuºeYS≈r"A]Ow² ²]pG/etc/V3.system.at =D:\Program Files\IBM\ldap\etc\V3.system.atC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2364DBNAME( ’slapdIncldeSchema’ ’slapdIncldeSchema’ )ACCESS-CLASS criticalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2365NAME ’ibm-slapdIpAddress’DESC ’ⁿw°AnÑ IP CoiHO IPv4 IPv6 CYSⁿwAh°AwⁿwD≈ IP CoA≤ OS/400C’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2365DBNAME( ’slapdIpAddress’ ’slapdIpAddress’ )ACCESS-CLASS systemLENGTH 32 )
attributetypes=( 1.3.18.0.2.4.2420NAME ’ibm-slapdKrbAdminDN’DESC ’ⁿw LDAP z kerberos ID]pibm-kn=name@realmCϕ kerberos O OnJuWeb zvzCoⁿwΦíN adminDN M adminPWC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2420DBNAME( ’slapdKrbAdminDN’ ’slapdKrbAdminDN’ )ACCESS-CLASS criticalLENGTH 512 )
348 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
attributetypes=( 1.3.18.0.2.4.2394NAME ’ibm-slapdKrbEnable’DESC ’O TRUE | FALSE º@Cⁿw°AOΣ kerberos OC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2394DBNAME( ’slapdKrbEnable’ ’slapdKrbEnable’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2419NAME ’ibm-slapdKrbIdentityMap’DESC ’Y] TRUEAϕßOHkerberos ID OA°AjMX kerberos AMßN DN [JsusñCoi²H LDAP DN ≥ª ACLAMiHb kerberos OñC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2419DBNAME( ’KrbIdentityMap’ ’KrbIdentityMap’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2416NAME ’ibm-slapdKrbKeyTab’DESC ’ⁿw LDAP °A keytab C]t LDAP °ApK≈A ≈PΣ kerberos bß÷pC [HO@]pP°A SSL ≈ΩwCb Windows WAiⁿuAuºeYS≈r" (D:) ]Ow² ²]pG/tmp/slapd.errors =D:\Program Files\IBM\ldap\tmp\slapd.errorsC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2416DBNAME( ’slapdKrbKeyTab’ ’slapdKrbKeyTab’ )ACCESS-CLASS criticalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2400NAME ’ibm-slapdKrbRealm’ⁿw LDAP °A Kerberos ΓC broot DSE ñoµ ldapservicename CNALDAP°AiH@h½ KDC]MΓbßΩTxswA²OYN LDAP °A@ kerberos °AAuiHOµ@Γ¿C’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2400DBNAME( ’slapdKrbRealm’ ’slapdKrbRealm’ )ACCESS-CLASS criticalLENGTH 256 )
attributetypes=( 1.3.18.0.2.4.2415NAME ’ibm-slapdLdapCrlHost’DESC ’ⁿw LDAP °AD≈WA D≈ñ]t τß x.509v3 u°Mµv(CRL)Cϕ ibm-slapdSslAuth=serverclientauthABwgw∩ CRL τoXßn’
² G. IBM Tivoli Directory Server 5.2 "nwq 349
EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2415DBNAME( ’LdapCrlHost’ ’LdapCrlHost’ )ACCESS-CLASS criticalLENGTH 256 )
attributetypes=( 1.3.18.0.2.4.2407NAME ’ibm-slapdLdapCrlPassword’DESC ’ⁿw°A SSL N s]tτßx.509v3 u°Mµv(CRL) LDAP°AKXCϕibm-slapdSslAuth=serverclientauth BoXß@ CRL τAnCNGYOs CRL LDAP °A\!gOs CRL]YWsANúnibm-slapdLdapCrlPasswordC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2407DBNAME( ’CrlPassword’ ’CrlPassword’ )ACCESS-CLASS critical )
attributetypes=( 1.3.18.0.2.4.2404 NAME ’ibm-slapdLdapCrlPort’DESC ’ⁿw LDAP °A LDAP ibm-slapdPortA °Añ]t τß x.509v3 u°Mµv(CRL) Cϕ ibm-slapdSslAuth=serverclientauthABoXß@ CRL τAnC]IP ≡OLt 16 πAd≥O 1 - 65535’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )BMAttributetypes=( 1.3.18.0.2.4.2404DBNAME( ’LdapCrlPort’ ’LdapCrlPort’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2403NAME ’ibm-slapdLdapCrlUser’DESC ’ⁿw°A SSL N s]tτßx.509v3 u°Mµv(CRL) LDAP°AKXCϕibm-slapdSslAuth=serverclientauth BoXß@ CRL τAnCNGY CRL LDAP Server \!gOs CRL]τYAWsAhún ibm-slapdLdapCrlUserC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2403DBNAME( ’LdapCrlUser’ ’LdapCrlUser’ )ACCESS-CLASS criticalLENGTH 1000 )
attributetypes=( 1.3.18.0.2.4.2409NAME ’ibm-slapdMasterDN’DESC ’gú°As DNCΣXP°Aºíwqg≤w÷p½≤ñ replicaBindDNCϕ kerberos O°AAibm-slapdMasterDN ⁿw kerberos ID DN ek]p ibm-kn=freddy@realm1CY kerberosAh MasterServerPW Q ñC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
350 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2409DBNAME( ’MasterDN’ ’MasterDN’ )ACCESS-CLASS criticalLENGTH 1000 )
attributetypes=( 1.3.18.0.2.4.2411NAME ’ibm-slapdMasterPW’DESC ’gúsKXCΣXP°Aºíwqg≤w÷p½≤º replicaBindPWCY kerberosAMasterServerPW Q ñC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2411DBNAME( ’MasterPW’ ’MasterPW’ )ACCESS-CLASS critical )
attributetypes=( 1.3.18.0.2.4.2401NAME ’ibm-slapdMasterReferral’DESC ’D°A URL]pGldaps://master.us.ibm.com:636’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2401DBNAME( ’MasterReferral’ ’MasterReferral’ )ACCESS-CLASS criticalLENGTH 256 )
attributetypes=( 1.3.18.0.2.4.2412NAME ’ibm-slapdMaxEventsPerConnection’DESC ’Csuin²≤qW¡Cp = 0 (unlimited) j = 2,147,483,647’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2412DBNAME( ’EventsPerCon’ ’EventsPerCon’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2405NAME ’ibm-slapdMaxEventsTotal’DESC ’suin²≤qW¡Cp = 0]ú]¡ j =2,147,483,647’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2405DBNAME( ’MaxEventsTotal’ ’MaxEventsTotal’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2439NAME ’ibm-slapdMaxNumOfTransactions’DESC ’P@í@ñµ÷W¡C0 = ú]¡’EQUALITY 2.5.13.29SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2439DBNAME( ’MaxNumOfTrans’ ’MaxNumOfTrans’ )ACCESS-CLASS criticalLENGTH 11EQUALITY ORDERING SUBSTR APPROX )
² G. IBM Tivoli Directory Server 5.2 "nwq 351
attributetypes=( 1.3.18.0.2.4.2385NAME ’ibm-slapdMaxOpPerTransaction’DESC ’C@µ÷@W¡C0 = ú]¡’EQUALITY 2.5.13.29SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2385DBNAME( ’MaxOpPerTrans’ ’MaxOpPerTrans’ )ACCESS-CLASS criticalLENGTH 11EQUALITY ORDERING APPROX )
attributetypes=( 1.3.18.0.2.4.2386NAME ’ibm-slapdMaxTimeLimitOfTransactions’DESC ’mµ÷OW¡AHϕµC0 = ú]¡’EQUALITY 2.5.13.29SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2386DBNAME( ’MaxTimeOfTrans’ ’MaxTimeOfTrans’ )ACCESS-CLASS criticalLENGTH 11EQUALITY ORDERING APPROX )
attributetypes=( 1.3.18.0.2.4.2500NAME ’ibm-slapdMigrationInfo’DESC ’ ε≤αΩTC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2500DBNAME( ’slapdMigrationInf’ ’slapdMigrationInf’ )ACCESS-CLASS criticalLENGTH 2048 )
attributetypes=( 1.3.18.0.2.4.2376NAME ’ibm-slapdPagedResAllowNonAdmin’DESC ’°AO e\DzsbjMnDWGnDCYq ibmslapd.conf ¬O TRUEA°ANBz⌠≤ßnDA]AWsúXnDCYq ibmslapd.conf ¬OFALSEAh°AuBzπzv¡úXßnDCYßnDGⁿwjM@½n TRUE FALSEA²Szv¡ABq ibmslapd.conf ¬ FALSEA°ANßX insufficientAccessRights - Nú⌡µ⌠≤jMC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2376DBNAME( ’SlapdPagedNonAdmn’ ’SlapdPagedNonAdmn’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2380NAME ’ibm-slapdPagedResLmt’DESC ’e\Pb@ñ!⌡µGjMnDW¡Cd≥ = 0.... YßnD@GAPewgF!⌡µGW¡Ah°AßAXO busy - ú⌡µjMC’
352 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2380DBNAME( ’SlapdPagedResLmt’ ’SlapdPagedResLmt’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2379NAME ’ibm-slapdPageSizeLmt’DESC ’ϕⁿwGεAC@ñjMjAúßjMnDñOiαⁿwF⌠≤pagesizeCd≥ = 0.... Yß@jpAhpßMqibmslapd.conf ¬C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2379DBNAME( ’SlapdPageSizeLmt’ ’SlapdPageSizeLmt’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2406NAME ’ibm-slapdPlugin’DESC ’íOAⁿJíwAΣiXR°A\αCibm-slapdPlugin Hⁿw°Anp≤ⁿJPl]wíwCΣykG keyword filename init_function [args...]CC@¡xyk]íwRWD÷YñLúPC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2406DBNAME( ’slapdPlugin’ ’slapdPlugin’ )ACCESS-CLASS criticalLENGTH 2000 )
attributetypes=( 1.3.18.0.2.4.2408NAME ’ibm-slapdPort’DESC ’D SSL su TCP/IP ibm-slapdPortCΣúiP ibm-slapdSecurePort PC]IP ≡OLtA16 πAd≥O 1 - 65535 ºí’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2408DBNAME( ’slapdPort’ ’slapdPort’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2402NAME ’ibm-slapdPwEncryption’DESC ’O none | imask | crypt | sha º@CⁿwKXxs≤²ºesX≈εCYSⁿwAhw] noneCY] none HΣLASASL digest-md5 sNóC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2402DBNAME( ’PwEncryption’ ’PwEncryption’ )ACCESS-CLASS criticalLENGTH 5 )
² G. IBM Tivoli Directory Server 5.2 "nwq 353
attributetypes=( 1.3.18.0.2.4.2413NAME ’ibm-slapdReadOnly’DESC ’O TRUE | FALSE º@CⁿwOigJßíCYSⁿwAhw] FALSECY] TRUEA°A LDAP_UNWILLING_TO_PERFORM (0x35)@∩≤¬ΩwñΩº⌠≤ßnDC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2413DBNAME( ’ReadOnly’ ’ReadOnly’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2487NAME ’ibm-slapdReferral’DESC ’ⁿwϕrMnDúXAnαLDAP URLC≤Wα]p ibm-slapdSuffix úsb°ARWwqC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2487DBNAME( ’Referral’ ’Referral’ )ACCESS-CLASS criticalLENGTH 32700)
attributetypes=( 1.3.18.0.2.4.2437NAME ’ibm-slapdSchemaAdditions’DESC ’ibmslapd D≈W⌠AΣñ]tLDCF ßíΣL⌡wqCG/etc/V3.modifiedschema b Windows WAiⁿuAuºeYS≈r"A]Ow² ²]pG/etc/V3.system.at=D:\Program Files\IBM\ldap\etc\V3.system.atC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2437DBNAME( ’slapdSchemaAdditi’ ’slapdSchemaAdditi’ )ACCESS-CLASS normalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2363NAME ’ibm-slapdSchemaCheck’DESC ’O V2 | V3 | V3_lenient º@CⁿwsW/∩@⌡d≈εCV2 = ⌡µ LDAP v2dCV3 = ⌡µ LDAP v3 dCV3_lenient = únuv"½≤OC[JAun±½≤OC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2363DBNAME( ’SchemaCheck’ ’SchemaCheck’ )ACCESS-CLASS criticalLENGTH 10 )
attributetypes=( 1.3.18.0.2.4.2398NAME ’ibm-slapdSecurePort’DESC ’SSL su TCP/IP ≡CúiMibm-slapdPort πPC]IP ≡OLt 16 πA≤ 1 - 65535 ºí’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )
354 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
IBMAttributetypes=( 1.3.18.0.2.4.2398DBNAME( ’SecurePort’ ’SecurePort’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2399NAME ’ibm-slapdSecurity’DESC ’O none | SSL | SSLOnly º@Cⁿw°Aⁿsu¼Cnone - °AuÑD SSL ≡Cssl - °AÑ ssl MD ssl≡Csslonly - °AuÑ ssl ≡C’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2399DBNAME( ’Security’ ’Security’ )ACCESS-CLASS criticalLENGTH 7 )
attributetypes=( 1.3.18.0.2.4.2397NAME ’ibm-slapdSetenv’DESC ’°A≈A⌡µ ibm-slapdSetenv putenv()AH∩Σv⌡µ⌠CShell (%PATH% \24LANG) NúiC@µO]w DB2CODEPAGE=1208ApG UCS-2 (Unicode) ΩwoOnC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2397DBNAME( ’slapdSetenv’ ’slapdSetenv’ )ACCESS-CLASS criticalLENGTH 2000 )
attributetypes=( 1.3.18.0.2.4.2396NAME ’ibm-slapdSizeLimit’DESC ’jMjAúßjMnDñOiαⁿwF⌠≤sizelimitCd≥ = 0.... Yß@¡εAhpßMqibmslapd.conf ¬CYßS¡εABH admin DN sAh°¡εú]¡CYßS¡εA]SH admin DN sAhq ibmslapd.conf ¬¡εC0 = ú]¡C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2396DBNAME( ’SizeLimit’ ’SizeLimit’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2381 NAME ’ibm-slapdSortKeyLimit’DESC ’bµ@jMnDñiHⁿw °≤]ΣW¡Cd≥ = 0.... YßjMnD]A ΣWL¡εe\AB jMε½n] FALSEAh°Aqq ibmslapd.conf ¬AB ñbF¡εºßJ⌠≤ Σ - N⌡µjMM CYßjMnD]AΣWL¡εe\AB jMε½n] TRUEAh°AßX adminLimitExceeded - Nú⌡µjM C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )
² G. IBM Tivoli Directory Server 5.2 "nwq 355
IBMAttributetypes=( 1.3.18.0.2.4.2381DBNAME( ’SlapdSortKeyLimit’ ’SlapdSortKeyLimit’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2377NAME ’ibm-slapdSortSrchAllowNonAdmin’DESC ’°AO e\DzsiµjMnD CYqibmslapd.conf ¬ TRUEA°ANBz⌠≤ßnDA]AWsúXnDCYq ibmslapd.conf ¬O FALSEAh°AuBzπzv¡úXßnDCYßnD ⁿwjM@½n TRUEA²Szv¡ABq ibmslapd.conf ¬ FALSEAh°AßX insufficientAccessRights - Nú⌡µjM C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2377BNAME( ’SlapdSortNonAdmin’ ’SlapdSortNonAdmin’)ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2395NAME ’ibm-slapdSslAuth’DESC ’O serverauth | serverclientauth º@Cⁿwssl suO¼Cserverauth - bßΣ°AOCserverclientauth - Σ°AMßOC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2395DBNAME( ’slapdSslAuth’ ’slapdSslAuth’ )ACCESS-CLASS criticalLENGTH 16 )
attributetypes=( 1.3.18.0.2.4.2389NAME ’ibm-slapdSslCertificate’DESC ’ⁿw≈ΩwñO°AuHvCϕ°ApK≈MOHikmgui íⁿwoCY!wq ibm-slapdSslCertificateAh LDAP Server wq≤≈Ωww]pK≈ iµ SSL suC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2389DBNAME( ’SslCertificate’ ’SslCertificate’ )ACCESS-CLASS criticalLENGTH 128 )
attributetypes=( 1.3.18.0.2.4.2429NAME ’ibm-slapdSslCipherSpec’ESC ’SSL KXWµA] DES-56BRC2-40-MD5BRC4-128-MD5BRC4-128-SHABRC4-40-MD5BTripleDES-168 AESCªwqb LDAP ßP°Aºí SSL suAiⁿ[K/KΦkC’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
356 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2429DBNAME( ’slapdSslCipherSpe’ ’slapdSslCipherSpe’ )ACCESS-CLASS normalLENGTH 30 )
attributetypes=( 1.3.18.0.2.4.2362NAME ’ibm-slapdSslCipherSpecs’DESC ’b ibm-slapdSslCipherSpec ñΣA²úCⁿw@QiAⁿXb LDAP ßP°Aºí SSL suAiH[K/KΦkCNϕ LDAP °AΣ[K/KΦkiCw²wqKXPΣíGSLAPD_SSL_TRIPLE_DES_SHA_US 0x0A 168 ≈ SHA-1 MAC T½ DES [Kk LAPD_SSL_DES_SHA_US0x09DES 56 ≈ SHA-1 MAC DES [KkSLAPD_SSL_RC4_SHA_US 0x05 RC4 128 ≈ SHA-1 MAC RC4 [KkSLAPD_SSL_RC4_MD5_US 0x04 RC4 128 ≈M MD5 MAC [KkSLAPD_SSL_RC4_MD5_EXPORT 0x03 RC4 40 ≈M MD5 MAC [Kk SLAPD_SSL_RC2_MD5_EXPORT 0x06 40 ≈ MD5 MAC RC2 [Kk’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2362DBNAME( ’SslCipherSpecs’ ’SslCipherSpecs’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2375NAME ’ibm-slapdSSLKeyDatabase’DESC ’LDAP °A SSL ≈Ωw⌠C≈ΩwO Bz LDAP ß SSL suAH≤w SSL suLDAP °ACb Windows WAiⁿuAuºeYS≈ⁿw (D:) ]Ow² ²]pG /etc/key.kdb = D:\ProgramFiles\IBM\ldap\etc\key.kdbC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2375DBNAME( ’slapdSSLKeyDataba’ ’slapdSSLKeyDataba’ )ACCESS-CLASS criticalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2438 NAME ’ibm-slapdSSLKeyDatabasePW’DESC ’ⁿwP LDAP °A SSL ≈Ωw÷pKXApPb ibm-slapdSslKeyDatabase ⁿwCY LDAP °A≈Ωw÷pKX⌠AhiHñ ibm-slapdSslKeyDatabasePW A]w ibm-slapdSslKeyDatabasePW = noneCNGKX⌠≤P≈ΩwP²ñABM≈ΩwPWAúLWO .sthAúO .kdb’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2438DBNAME( ’slapdSSLKeyDPW’ ’slapdSSLKeyDPW’ )ACCESS-CLASS normal )
attributetypes=( 1.3.18.0.2.4.2392NAME ’ibm-slapdSslKeyRingFile’DESC ’LDAP °A SSL ≈Ωw⌠C≈ΩwO Bz LDAP ß SSL suA
² G. IBM Tivoli Directory Server 5.2 "nwq 357
H≤w SSL suLDAP °ACb Windows WAiⁿuAuºeYS≈ⁿw (D:) ]Ow² ²]pG /etc/key.kdb =D:\Program Files\IBM\ldap\etc\key.kdbC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2392DBNAME( ’SslKeyRingFile’ ’SslKeyRingFile’ )ACCESS-CLASS criticalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2390NAME ’ibm-slapdSslKeyRingFilePW’DESC ’ⁿwP LDAP °A SSL ≈Ωw÷pKXApb ibm-slapdSslKeyRingFile ⁿwCY LDAP °A≈Ωw÷pKX⌠AhiHñ ibm-slapdSslKeyRingFilePW A]w ibm-slapdSslKeyRingFilePW = noneCNGKX⌠≤P≈ΩwP²ñABM≈ΩwPWAúLWO .sthAúO .kdbC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2390DBNAME( ’SslKeyRingFilePW’ ’SslKeyRingFilePW’ )ACCESS-CLASS critical )
attributetypes=( 1.3.18.0.2.4.2388NAME ’ibm-slapdSuffix’DESC ’ⁿwnxsbßíñRWwqC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2388DBNAME( ’slapdSuffix’ ’slapdSuffix’ )ACCESS-CLASS criticalLENGTH 1000 )
attributetypes=( 1.3.18.0.2.4.2480NAME ’ibm-slapdSupportedWebAdmVersion’DESC ’wqΣ°Atm webzDxC’EQUALITY 2.5.13.2ORDERING 2.5.13.3SUBSTR 2.5.13.4SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2480DBNAME( ’slapdSupWebAdmVer’ ’slapdSupWebAdmVer’ )ACCESS-CLASS normalLENGTH 256 )
attributetypes=( 1.3.18.0.2.4.2393NAME ’ibm-slapdSysLogLevel’DESC ’O l | m | h º@Cú@pΩOⁿb ibmslapd.log ñhCh - ¬]Am - ñAl - C]nC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2393
358 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
DBNAME( ’SysLogLevel’ ’SysLogLevel’ )ACCESS-CLASS criticalLENGTH 1 )
attributetypes=( 1.3.18.0.2.4.2391NAME’ibm-slapdTimeLimit’DESC ’bjMnDßϕW¡AúßnDOⁿw⌠≤í¡εCd≥ = 0.... Yß¡εAhpßMqibmslapd.conf ¬CYßS¡εABH admin DN sAh°¡εú]¡CYßS¡εA]SHadmin DN sAhq ibmslapd.conf ¬¡εC0 = ú]¡C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2391DBNAME( ’TimeLimit’ ’TimeLimit’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( ibm-slapdStartupTraceEnabled-oidNAME ’ibm-slapdTraceEnabled’DESC ’O TRUE | FALSE º@CⁿwOnb°A¼lΩT’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( ibm-slapdStartupTraceEnabled-oidACCESS-CLASS normalLENGTH 5 )
attributetypes=( ibm-slapdTraceMessageLevel-oidNAME ’ibm-slapdTraceMessageLevel’DESC ’bⁿOµ -h ∩ºßiⁿ⌠≤A]wúTºh’SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( ibm-slapdTraceMessageLevel-oidACCESS-CLASS normalLENGTH 16 )
attributetypes=( ibm-slapdTraceMessageLog-oidNAME ’ibm-slapdTraceMessageLog’DESC ’nN LDAP C API Mú¿Tºg ibmslapd D≈≈W⌠mCb Windows WAiⁿuABuºeYS≈r"A]Ow² ²]pG /tmp/tracemsg.log = C:\Program Files\IBM\ldap\tmp\tracemsg.logC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( ibm-slapdTraceMessageLog-oidACCESS-CLASS normalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2384NAME ’ibm-slapdTransactionEnable’DESC ’Y FALSEAhπΘµ÷ΣF°A LDAP_UNWILLING_TO_PERFORMA StartTransaction nDC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2384DBNAME( ’TransactionEnable’ ’TransactionEnable’ )
² G. IBM Tivoli Directory Server 5.2 "nwq 359
ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2499NAME ’ibm-slapdUseProcessIdPW’DESC ’Y] trueA°AP ibmslapd Bz÷pnJ ID sΩwCY] falseAh°A ibm-slapdDbUserID Mibm-slapdDbUserPW Γ sΩwC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2499DBNAME( ’useprocidpw’ ’useprocidpw’ )ACCESS-CLASS normalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2436NAME ’ibm-slapdVersion’DESC ’IBM Slapd X’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2436DBNAME( ’slapdVersion’ ’slapdVersion’ )ACCESS-CLASS normalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2327NAME ’ibm-supportedReplicationModels’DESC ’b Root DSE ñi°AΣgí OID’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26NO-USER-MODIFICATIONUSAGE dSAOperation )IBMAttributetypes=( 1.3.18.0.2.4.2327DBNAME( ’supportedReplicat’ ’supportedReplicat’ )ACCESS-CLASS systemLENGTH 240 )
attributetypes=( 1.3.18.0.2.4.470NAME ’IBMAttributeTypes’DESC ’ ’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.470DBNAME( ’IBMAttributeTypes’ ’IBMAttributeTypes’ )ACCESS-CLASS normalLENGTH 256 )
attributetypes=( 1.3.6.1.4.1.1466.101.120.16NAME ’ldapSyntaxes’DESC ’°AuiHv CΩ@ykCC@∩@ykC’EQUALITY 2.5.13.30SYNTAX 1.3.6.1.4.1.1466.115.121.1.54USAGE directoryOperation )IBMAttributetypes=( 1.3.6.1.4.1.1466.101.120.16DBNAME( ’ldapSyntaxes’ ’ldapSyntaxes’ )ACCESS-CLASS systemLENGTH 256 EQUALITY )
attributetypes=( 2.5.21.4NAME ’matchingRules’
360 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
DESC ’qObl⌡ñC’EQUALITY 2.5.13.30SYNTAX 1.3.6.1.4.1.1466.115.121.1.30USAGE directoryOperation )IBMAttributetypes=( 2.5.21.4DBNAME( ’matchingRules’ ’matchingRules’ )ACCESS-CLASS systemLENGTH 256EQUALITY )
attributetypes=( 2.5.21.8NAME ’matchingRuleUse’DESC ’qObl⌡ñC’EQUALITY 2.5.13.30SYNTAX 1.3.6.1.4.1.1466.115.121.1.31USAGE directoryOperation )IBMAttributetypes=( 2.5.21.8DBNAME( ’matchingRuleUse’ ’matchingRuleUse’ )ACCESS-CLASS systemLENGTH 256EQUALITY )
attributetypes=( 2.5.4.31NAME ’member’DESC ’wqsC@¿OWC’SUP 2.5.4.49EQUALITY 2.5.13.1USAGE userApplications )IBMAttributetypes=( 2.5.4.31DBNAME( ’member’ ’member’ )ACCESS-CLASS normalLENGTH 1000EQUALITY )
attributetypes=( 2.5.18.4NAME ’modifiersName’DESC ’]t²ß∩C’EQUALITY 2.5.13.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 2.5.18.4DBNAME( ’ldap_entry’ ’modifier’ )ACCESS-CLASS systemLENGTH 1000EQUALITY )
attributetypes=( 2.5.18.2NAME ’modifyTimestamp’DESC ’]t²ß∩íC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 2.5.18.2DBNAME( ’ldap_entry’ ’modify_Timestamp’ )ACCESS-CLASS systemLENGTH 26 )
attributetypes=( 2.5.4.41NAME ’name’ DESC ’W¼OW¼AW¼iα¿q≤RWrΩ¼CñúiαX¼¡C’EQUALITY 1.3.6.1.4.1.1466.109.114.2SUBSTR 2.5.13.4
² G. IBM Tivoli Directory Server 5.2 "nwq 361
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE userApplications )IBMAttributetypes=( 2.5.4.41DBNAME( ’name’ ’name’ )ACCESS-CLASS normalLENGTH 32700EQUALITYSUBSTR )
attributetypes=( 2.5.21.7NAME ’nameForms’DESC ’qObl⌡ñC’EQUALITY 2.5.13.30SYNTAX 1.3.6.1.4.1.1466.115.121.1.35USAGE directoryOperation )IBMAttributetypes=( 2.5.21.7DBNAME( ’nameForms’ ’nameForms’ )ACCESS-CLASS normalLENGTH 256EQUALITY )
attributetypes=( 1.3.6.1.4.1.1466.101.120.5NAME ’namingContexts’DESC ’∩°ADδvRWwqC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12USAGE dSAOperation )IBMAttributetypes=( 1.3.6.1.4.1.1466.101.120.5DBNAME( ’namingContexts’ ’namingContexts’ )ACCESS-CLASS normalLENGTH 1000 )
attributetypes=( 2.16.840.1.113730.3.1.11NAME ’newSuperior’DESC ’ⁿwϕBz modDN @AN¿YWWC’EQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUENO-USER-MODIFICATIONUSAGE userApplications )IBMAttributetypes=( 2.16.840.1.113730.3.1.11DBNAME( ’newSuperior’ ’newSuperior’ )ACCESS-CLASS normalLENGTH 1000EQUALITY APPROX )
attributetypes=( 2.5.4.10NAME ( ’o’ ’organizationName’ ’organization’ )DESC ’]tW (organizationName)C’SUP 2.5.4.41EQUALITY 1.3.6.1.4.1.1466.109.114.2SUBSTR 2.5.13.4USAGE userApplications )IBMAttributetypes=( 2.5.4.10DBNAME( ’o’ ’o’ )ACCESS-CLASS normalLENGTH 128 )
attributetypes=( 2.5.4.0NAME ’objectClass’DESC ’objectClass íNϕ½≤C’EQUALITY 2.5.13.0SYNTAX 1.3.6.1.4.1.1466.115.121.1.38USAGE userApplications )
362 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
IBMAttributetypes=( 2.5.4.0DBNAME( ’objectClass’ ’objectClass’ )ACCESS-CLASS normalLENGTH 128EQUALITY )
attributetypes=( 2.5.21.6NAME ’objectClasses’DESC ’qObl⌡ñC’EQUALITY 2.5.13.30SYNTAX 1.3.6.1.4.1.1466.115.121.1.37USAGE directoryOperation )IBMAttributetypes=( 2.5.21.6DBNAME( ’objectClasses’ ’objectClasses’ )ACCESS-CLASS systemLENGTH 256EQUALITY )
attributetypes=( 1.3.18.0.2.4.289NAME ’ownerPropagate’DESC ’ⁿX entryOwner OnM≤l≡C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.289DBNAME( ’ownerPropagate’ ’ownerPropagate’ )ACCESS-CLASS restrictedLENGTH 5 )
attributetypes=( 2.5.4.11NAME ( ’ou’ ’organizationalUnit’ ’organizationalUnitName’ )DESC ’]tW (organizationName)C’SUP 2.5.4.41EQUALITY 1.3.6.1.4.1.1466.109.114.2SUBSTR 2.5.13.4USAGE userApplications )IBMAttributetypes=( 2.5.4.11DBNAME( ’ou’ ’ou’ )ACCESS-CLASS normalLENGTH 128 )
attributetypes=( 2.5.4.32NAME ’owner’DESC ’wqtdºHOW (DN)C’SUP 2.5.4.49EQUALITY 2.5.13.1USAGE userApplications )IBMAttributetypes=( 2.5.4.32DBNAME( ’owner’ ’owner’ )ACCESS-CLASS normalLENGTH 1000 )
attributetypes=( 1.3.18.0.2.4.290NAME ’ownerSource’DESC ’ⁿXΣ entryOwner nMbºOWC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.290DBNAME( ’ownerSource’ ’ownerSource’ )ACCESS-CLASS systemLENGTH 1000 )
attributetypes=( 1.3.6.1.4.1.42.2.27.8.1.17NAME ’pwdAccountLockedTime’DESC ’ⁿwΩwbßí’
² G. IBM Tivoli Directory Server 5.2 "nwq 363
EQUALITY 2.5.13.27ORDERING 2.5.13.28SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.6.1.4.1.42.2.27.8.1.17DBNAME( ’pwdAccLockTime’ ’pwdAccLockTime’ )ACCESS-CLASS criticalLENGTH 30 )
attributetypes=( 1.3.6.1.4.1.42.2.27.8.1.16NAME ’pwdChangedTime’DESC ’ⁿw≤KXß¡’EQUALITY 2.5.13.27ORDERING 2.5.13.28SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.6.1.4.1.42.2.27.8.1.16DBNAME( ’pwdChangedTime’ ’pwdChangedTime’ )ACCESS-CLASS criticalLENGTH 30 )
attributetypes=( 1.3.6.1.4.1.42.2.27.8.1.18NAME ’pwdExpirationWarned’DESC ’@iKXYNí’EQUALITY 2.5.13.27ORDERING 2.5.13.28SYNTAX 1.3.6.1.4.1.1466.115.121.1.24SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.6.1.4.1.42.2.27.8.1.18DBNAME( ’pwdExpireWarned’ ’pwdExpireWarned’ )ACCESS-CLASS criticalLENGTH 30 )
attributetypes=( 1.3.6.1.4.1.42.2.27.8.1.19NAME ’pwdFailureTime’DESC ’ßs≥OóíWO’EQUALITY 2.5.13.27ORDERING 2.5.13.28SYNTAX 1.3.6.1.4.1.1466.115.121.1.24USAGE directoryOperation )IBMAttributetypes=( 1.3.6.1.4.1.42.2.27.8.1.19DBNAME( ’pwdFailureTime’ ’pwdFailureTime’ )ACCESS-CLASS criticalLENGTH 30 )
attributetypes=( 1.3.6.1.4.1.42.2.27.8.1.21NAME ’pwdGraceUseTime’DESC ’bKXße¡nJ@íWO’EQUALITY 2.5.13.27SYNTAX 1.3.6.1.4.1.1466.115.121.1.24USAGE directoryOperation )IBMAttributetypes=( 1.3.6.1.4.1.42.2.27.8.1.21DBNAME( ’pwdGraceUseTime’ ’pwdGraceUseTime’ )ACCESS-CLASS criticalLENGTH 30 )
attributetypes=( 1.3.6.1.4.1.42.2.27.8.1.20NAME ’pwdHistory’DESC ’KX ’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
364 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
USAGE directoryOperation )IBMAttributetypes=( 1.3.6.1.4.1.42.2.27.8.1.20DBNAME( ’pwdHistory’ ’pwdHistory’ )ACCESS-CLASS criticalLENGTH 1024 )
attributetypes=( 1.3.6.1.4.1.42.2.27.8.1.22NAME ’pwdReset’DESC ’ⁿXw½]KXC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.6.1.4.1.42.2.27.8.1.22DBNAME( ’pwdReset’ ’pwdReset’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.299NAME ’replicaBindDN’DESC ’LDAP s°AOW’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.299DBNAME( ’replicaBindDN’ ’replicaBindDN’ )ACCESS-CLASS criticalLENGTH 1000 )
attributetypes=( 1.3.18.0.2.4.302NAME ’replicaBindMethod’DESC ’LDAP s°A LDAP s¼C’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.302DBNAME( ’replicaBindMethod’ ’replicaBindMethod’ )ACCESS-CLASS normalLENGTH 100 )
attributetypes=( 1.3.18.0.2.4.300NAME ( ’replicaCredentials’ ’replicaBindCredentials’ )DESC ’LDAP s°A’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.300DBNAME( ’replicaCred’ ’replicaCred’ )ACCESS-CLASS critical )
attributetypes=( 1.3.18.0.2.4.298NAME ’replicaHost’DESC ’°AD≈W’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.298DBNAME( ’replicaHost’ ’replicaHost’ )ACCESS-CLASS normalLENGTH 100 )
attributetypes=( 1.3.18.0.2.4.301NAME ’replicaPort’DESC ’°AÑ TCP/IP ≡C’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )
² G. IBM Tivoli Directory Server 5.2 "nwq 365
IBMAttributetypes=( 1.3.18.0.2.4.301DBNAME( ’replicaPort’ ’replicaPort’ )ACCESS-CLASS normalLENGTH 10 )
attributetypes=( 1.3.18.0.2.4.304NAME ’replicaUpdateTimeInterval’DESC ’ⁿwqD°A°A≤sΘíjíC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.304DBNAME( ’replicaUpdateInt’ ’replicaUpdateInt’ )ACCESS-CLASS normalLENGTH 20 )
attributetypes=( 1.3.18.0.2.4.303NAME ’replicaUseSSL’DESC ’ϕOn SSL qT O@gΩyC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.303DBNAME( ’replicaUseSSL’ ’replicaUseSSL’ )ACCESS-CLASS normalLENGTH 10 )
attributetypes=( 2.16.840.1.113730.3.1.34NAME ’ref’DESC ’’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.26USAGE userApplications )IBMAttributetypes=( 2.16.840.1.113730.3.1.34DBNAME( ’ref’ ’ref’ )ACCESS-CLASS normalLENGTH 100 )
attributetypes=( 2.5.4.34NAME ’seeAlso’DESC ’wqiα]t÷ΣL²°AC’SUP 2.5.4.49EQUALITY 2.5.13.1USAGE userApplications )IBMAttributetypes=( 2.5.4.34DBNAME( ’seeAlso’ ’seeAlso’ )ACCESS-CLASS normalLENGTH 1000 )
attributetypes=( 2.5.18.10NAME ’subschemaSubentry’DESC ’Ol⌡WA°Abl⌡ñOiⁿw⌡C’EQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 2.5.18.10DBNAME( ’subschemaSubent’ ’subschemaSubent’ )ACCESS-CLASS systemLENGTH 1000
366 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
EQUALITY )
attributetypes=( 1.3.18.0.2.4.819NAME ’subtreeSpecification’DESC ’wq≤µ@l≡ºIXC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.819DBNAME( ’subtreeSpec’ ’subtreeSpec’ )ACCESS-CLASS systemLENGTH 2024 )
attributetypes=( 1.3.6.1.4.1.1466.101.120.7NAME ’supportedExtension’DESC ’O OBJECT IDENTIFIERAO°AΣΣ@C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.38USAGE dSAOperation )IBMAttributetypes=( 1.3.6.1.4.1.1466.101.120.7DBNAME( ’supportedExtensio’ ’supportedExtensio’ )ACCESS-CLASS normalLENGTH 256 )
attributetypes=( 1.3.6.1.4.1.1466.101.120.15NAME ’supportedLDAPVersion’DESC ’O°AΩ@ LDAPqT≤wC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27USAGE dSAOperation )IBMAttributetypes=( 1.3.6.1.4.1.1466.101.120.15DBNAME( ’supportedLDAPVers’ ’supportedLDAPVers’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.6.1.4.1.1466.101.120.14NAME ’supportedSASLMechanisms’DESC ’O°AΣΣ SASL≈εWC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE dSAOperation )IBMAttributetypes=( 1.3.6.1.4.1.1466.101.120.14DBNAME( ’supportedSASLMech’ ’supportedSASLMech’ )ACCESS-CLASS normal LENGTH 2048)
attributetypes=( 2.16.840.1.113730.3.1.6NAME ’targetDN’DESC ’wqbú°AWsWB∩RúºOWCpGO modrdn @AtargetDn ]tQ∩eOWC’EQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUENO-USER-MODIFICATIONUSAGE userApplications )IBMAttributetypes=( 2.16.840.1.113730.3.1.6DBNAME( ’targetDN’ ’targetDN’ )ACCESS-CLASS normalLENGTH 1000EQUALITY APPROX)
² G. IBM Tivoli Directory Server 5.2 "nwq 367
368 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
² H. IBM Tivoli Directory 5.2 tm⌡½≤OM
oO IBM Tivoli Directory Server 5.2 tm½≤OCª≤ etc²U V3config.oc H V3.config.at ΓñCªOwqiXbibmslapd.conf ñ½≤C
tm½≤O
oO IBM Tivoli Directory Server 5.2 ⌡½≤OC
# File generated at 4:07:24 PM on 8/4/2003 from IBM LDAP schema version 1.5
objectclasses=( 1.3.18.0.2.6.489NAME ’ibm-slapdAdmin’DESC ’IBM Admin Daemon stm]w’SUP ( ibm-slapdConfigEntry $ top )STRUCTURALMUST ( cn $ ibm-slapdErrorLog $ ibm-slapdPort )MAY ( ibm-slapdSecurePort ) )
objectclasses=( 1.3.18.0.2.6.556NAME ’ibm-slapdAdminGroupMember’DESC ’≤ IBM Directory Server zsC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( ibm-slapdAdminDN $ ibm-slapdAdminPW )MAY ( ibm-slapdKrbAdminDN $ ibm-slapdDigestAdminUser ) )
objectclasses=( 1.3.18.0.2.6.490NAME ’ibm-slapdConfigBackend’DESC ’IBM Directory tmßítm’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdPlugin $ ibm-slapdSuffix )MAY ( ibm-slapdReadOnly ) )
objectclasses=( 1.3.18.0.2.6.486NAME ’ibm-slapdConfigEntry’DESC ’ibm slapd tm’SUP ’top’ABSTRACTMUST ( cn )MAY ( ibm-slapdInvalidLine ) )
objectclasses=( 1.3.18.0.2.6.560NAME ’ibm-slapdConnectionManagement’DESC ’IBM Directory Server ssu]wC’SUP ( ibm-slapdConfigEntry $ top )STRUCTURALMUST ( cn )MAY ( ibm-slapdAllowAnon $ ibm-slapdAllReapingThreshold$ ibm-slapdAnonReapingThreshold $ ibm-slapdBoundReapingThreshold$ ibm-slapdESizeThreshold $ ibm-slapdEThreadActivate$ ibm-slapdEThreadEnable $ ibm-slapdETimeThreshold$ ibm-slapdWriteTimeout $ ibm-slapdIdleTimeOut ) )
objectclasses=( 1.3.18.0.2.6.493NAME ’ibm-slapdCRL’DESC ’IBM Directory oεMµ]wC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURAL
© Copyright IBM Corp. 2003 369
MUST ( cn $ ibm-slapdLdapCrlHost $ ibm-slapdLdapCrlPort )MAY ( ibm-slapdLdapCrlPassword $ ibm-slapdLdapCrlUser ) )
objectclasses=( 1.3.18.0.2.6.575NAME ’ibm-slapdDigest’DESC ’IBM Directory DIGEST-MD5 SASL s≈εstmC’SUP ’ibm-slapdConfigEntry’STRUCTURALMAY ( ibm-slapdDigestAdminUser $ ibm-slapdDigestAttr$ ibm-slapdDigestRealm ) )
objectclasses=( 1.3.18.0.2.6.500NAME ’ibm-slapdEventNotification’DESC ’IBM Directory s≤q]wC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdEnableEventNotification )MAY ( ibm-slapdMaxEventsPerConnection $ ibm-slapdMaxEventsTotal ) )
objectclasses=( 1.3.18.0.2.6.501NAME ’ibm-slapdFrontEnd’DESC ’°A≈ⁿJse]wC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn )MAY ( ibm-slapdPlugin $ ibm-slapdSetenv $ ibm-slapdIdleTimeOut $ ibm-slapdACLCache$ ibm-slapdACLCacheSize $ ibm-slapdFilterCacheSize $ ibm-slapdFilterCacheBypassLimit$ ibm-slapdEntryCacheSize $ ibm-slapdDB2CP ) )
objectclasses=( 1.3.18.0.2.6.494NAME ’ibm-slapdKerberos’DESC ’IBM Directory s kerberos O]wC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdKrbAdminDN $ ibm-slapdKrbEnable $ ibm-slapdKrbIdentityMap$ ibm-slapdKrbKeyTab $ ibm-slapdKrbRealm ) )
objectclasses=( 1.3.18.0.2.6.495NAME ’ibm-slapdLdcfBackend’DESC ’IBM Directory LDCF ßítmC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn )MAY ( ibm-slapdSuffix $ ibm-slapdPlugin ) )
objectclasses=( 1.3.18.0.2.6.526NAME ’ibm-slapdPendingMigration’DESC ’ⁿX°A≤niµαC’SUP ’top’AUXILIARYMAY ( ibm-slapdMigrationInfo ) )
objectclasses=( 1.3.18.0.2.6.497NAME ’ibm-slapdRdbmBackend’DESC ’IBM Directory DB2 ΩwßítmC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdDbName $ ibm-slapdDbInstance $ ibm-slapdDbUserID $ibm-slapdDbUserPW )MAY ( ibm-slapdPlugin $ ibm-slapdSuffix $ ibm-slapdReadOnly$ ibm-slapdChangeLogMaxEntries $ ibm-slapdPagedResAllowNonAdmin$ ibm-slapdPagedResLmt $ ibm-slapdPageSizeLmt $ ibm-slapdSortKeyLimit$ ibm-slapdSortSrchAllowNonAdmin $ ibm-slapdDbConnections $ ibm-slapdDbLocation$ ibm-slapdDB2CP $ ibm-slapdReplDbConns $ ibm-slapdCLIErrors$ ibm-slapdBulkloadErrors $ ibm-slapdDBAlias $ ibm-slapdUseProcessIdPW ) )
370 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
objectclasses=( 1.3.18.0.2.6.485NAME ’ibm-slapdReferral’DESC ’IBM Directory sWαC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdReferral ) )
objectclasses=( 1.3.18.0.2.6.496NAME ’ibm-slapdReplication’DESC ’]tw]sPD°Aα URLCA≤ϕ°A]t@hg⌠wqAΣL°A gΣñC°AiH@Σñ@íD°AA@¬°ACY MasterDNⁿw!]t Master PW Ah kerberos OC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn )MAY ( ibm-slapdMasterDN $ ibm-slapdMasterPW $ ibm-slapdMasterReferral ) )
objectclasses=( 1.3.18.0.2.6.499NAME ’ibm-slapdSchema’DESC ’IBM Directory s⌡]wCeúΣh½⌡AúLApGh½⌡AhC@⌡@ ibm-slapdSchema C’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdSchemaCheck $ ibm-slapdIncludeSchema )MAY ( ibm-slapdSchemaAdditions ) )
objectclasses=( 1.3.18.0.2.6.492NAME ’ibm-slapdSSL’DESC ’IBM Directory s SSL su]wC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdSecurity $ ibm-slapdSecurePort $ ibm-slapdSslAuth )MAY ( ibm-slapdSslCertificate $ ibm-slapdSslCipherSpec$ ibm-slapdSslCipherSpecs $ ibm-slapdSSLKeyDatabase$ ibm-slapdSSLKeyDatabasePW $ ibm-slapdSslKeyRingFilePW ) )
objectclasses=( 1.3.18.0.2.6.488NAME ’ibm-slapdSupplier’DESC ’]tgú°A≤s°AWⁿwl≡AsC½≤OA∩g ibm-slapdReplication ½≤ñⁿww]s’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdReplicaSubtree $ ibm-slapdMasterDN )MAY ( ibm-slapdMasterPW ) )
objectclasses=( 1.3.18.0.2.6.498NAME ’ibm-slapdTop’DESC ’IBM Tivoli Directory Server stm]wC’SUP ( top $ ibm-slapdConfigEntry )STRUCTURALMUST ( cn $ ibm-slapdAdminDN $ ibm-slapdAdminPW $ ibm-slapdErrorLog$ ibm-slapdPort $ ibm-slapdPwEncryption $ ibm-slapdSizeLimit$ ibm-slapdSysLogLevel $ ibm-slapdTimeLimit ) MAY ( ibm-slapdServerId$ ibm-slapdVersion $ ibm-slapdMaxPendingChangesDisplayed$ ibm-slapdSupportedWebAdmVersion ) )
objectclasses=( 1.3.18.0.2.6.491NAME ’ibm-slapdTransaction’DESC ’IBM Directory sµ÷Σ]wC’SUP ( top $ ibm-slapdConfigEntry )
² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 371
STRUCTURALMUST ( cn $ ibm-slapdMaxNumOfTransactions $ ibm-slapdMaxOpPerTransaction$ ibm-slapdMaxTimeLimitOfTransactions $ ibm-slapdTransactionEnable ) )
tm
oO IBM Tivoli Directory Server 5.2 tmCpyk OID í
íWA\ etc ²ñ V3.ldapsyntaxes C
# File generated at 4:07:00 PM on 8/4/2003 from IBM LDAP schema version 1.5attributetypes=( 1.3.18.0.2.4.3056NAME ’ibm-auditExtOp’DESC ’TRUE FALSECⁿXOnOⁿuv@Cw]O FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3056DBNAME( ’auditExOp’ ’auditExOp’ )ACCESS-CLASS normalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.3055NAME ’ibm-auditVersion’DESC ’ⁿwnfC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3055DBNAME( ’auditVersion’ ’auditVersion’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.3075NAME ’ibm-replicationignorederrorcount’DESC ’º]wMD LDAP_SUCCESS GAe°A≤s’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE NO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3075DBNAME( ’replicationignore’ ’replicationignore’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.3076NAME ’ibm-replicationskippederrorcount’DESC ’FñLH\g@≥iµD LDAP_SUCCESS GAe°A≤s’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUENO-USER-MODIFICATIONUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3076DBNAME( ’replicationskippe’ ’replicationskippe’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2485NAME ’ibm-slapdACLAccess’DESC ’pG]w TrueAiH¬⌠≤H]iH¬ ACL CpG]w FalseAuziH¬ ACL C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE userApplications )
372 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
IBMAttributetypes=( 1.3.18.0.2.4.2485DBNAME( ’slapdACLAccess’ ’slapdACLAccess’ )ACCESS-CLASS normalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2374NAME ’ibm-slapdACLCache’DESC ’ε°AOn ACL ΩT’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2374DBNAME( ’ACLCache’ ’ACLCache’ )ACCESS-CLASS normalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2373NAME ’ibm-slapdACLCacheSize’DESC ’ACL OΘñiHOsW¡’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2373DBNAME( ’slapdACLCacheSize’ ’slapdACLCacheSize’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2428NAME ’ibm-slapdAdminDN’DESC ’²zs DNApGcn=root’EQUALITY 2.5.13.1ORDERING 1.3.18.0.2.4.405SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2428DBNAME( ’slapdAdminDN’ ’slapdAdminDN’ )ACCESS-CLASS criticalLENGTH 1000EQUALITY ORDERING )
attributetypes=( 1.3.18.0.2.4.3013NAME ’ibm-slapdAdminGroupEnabled’DESC ’O TRUE | FALSE º@CⁿwzseOwCYSⁿwAhw] FALSECpG]wTRUEA°AN\zsñnJC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3013DBNAME( ’AdmGroupEnabled’ ’AdmGroupEnabled’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2425NAME ’ibm-slapdAdminPW’DESC ’²zsKX’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2425DBNAME( ’slapdAdminPW’ ’slapdAdminPW’ )ACCESS-CLASS critical )
attributetypes=( 1.3.18.0.2.4.3021NAME ’ibm-slapdAllowAnon’
² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 373
DESC ’ⁿwOiH\WsC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3021DBNAME( ’slapdAllowAnon’ ’slapdAllowAnon’ )ACCESS-CLASS normalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.3024NAME ’ibm-slapdAllReapingThreshold’DESC ’ⁿwbsuzºeAb°AñsuC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3024DBNAME( ’slapdAllReapingTh’ ’slapdAllReapingTh’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.3022NAME ’ibm-slapdAnonReapingThreshold’DESC ’ⁿwbWsusuzºeAb°AñsuC’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3022DBNAME( ’slapdAnonReapingT’ ’slapdAnonReapingT’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2366NAME ’ibm-slapdAuthIntegration’DESC ’ⁿw LDAP zsvP OS πXCG0 - ún∩M OS LDAP zA1 - NπAϕv¡ OS ∩M LDAP zCA≤OS/400C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2366DBNAME( ’slapdAuthIntegrat’ ’slapdAuthIntegrat’ )ACCESS-CLASS systemLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.3023NAME ’ibm-slapdBoundReapingThreshold’DESC ’ⁿwbWMssusuzºeAb°AñsuC’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3023DBNAME( ’slapdBoundReaping’ ’slapdBoundReaping’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2368NAME ’ibm-slapdBulkloadErrors’DESC ’nNjqⁿJTºg ibmslapd D≈≈W⌠mCb Windows WAiⁿuAuºeYS≈r"A]Ow² ²
374 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
]pG /tmp/bulkload.errors = D:\Program Files\IBM\ldap\tmp\bulkload.errorsC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE userApplications )IBMAttributetypes=( 1.3.18.0.2.4.2368DBNAME( ’slapdBulkloadErro’ ’slapdBulkloadErro’ )ACCESS-CLASS normalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.3069NAME ’ibm-slapdCachedAttribute’DESC ’]tnbñWA@W@C’EQUALITY 1.3.6.1.4.1.1466.109.114.2ORDERING 2.5.13.3SUBSTR 2.5.13.4SYNTAX 1.3.6.1.4.1.1466.115.121.1.26USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3069DBNAME( ’slapdCachedAttr’ ’slapdCachedAttr’ )ACCESS-CLASS normalLENGTH 256 )
attributetypes=( 1.3.18.0.2.4.3068NAME ’ibm-slapdCachedAttributeSize’DESC ’iHOΘq]HµC0 ϕúC’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3068DBNAME( ’slapdAttrCacheSz’ ’slapdAttrCacheSz’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.3012NAME ’ibm-slapdChangeLogMaxAge’DESC ’ⁿwb÷ßíñiⁿ°Od¡]HpµCC@≤ΘxßíúΣvibm-slapdChangeLogMaxAge CY!wqWXd≥]tAhw] 0CpG0]ú]¡jG2,147,483,647]32 Aatπ’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE USAGE userApplications )IBMAttributetypes=( 1.3.18.0.2.4.3012DBNAME( ’chgLogMaxAge’ ’chgLogMaxAge’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2427NAME ’ibm-slapdChangeLogMaxEntries’DESC ’ⁿwb÷pßíñAiⁿ≤ΘxW¡CC@≤ΘxßíúΣvibm-slapdChangeLogMaxEntries CYSwqWXd≥]tAhw] 0CpG0]ú]¡AjG2,147,483,647]32 Aatπ’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE userApplications )IBMAttributetypes=( 1.3.18.0.2.4.2427DBNAME( ’chgLogMaxEntries’ ’chgLogMaxEntries’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2432NAME ’ibm-slapdCLIErrors’
² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 375
DESC ’ibmslapd D≈W⌠mADB2 CLITºgJΣñCb Windows WAiⁿuABuºeYS≈r"A]Ow² ²]pG /tmp/cli.errors = D:\Program Files\IBM\ldap\tmp\cli.errorsC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2432DBNAME( ’slapdCLIErrors’ ’slapdCLIErrors’ )ACCESS-CLASS normalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2369NAME ’ibm-slapdDB2CP’DESC ’ⁿw²ΩwrXC1208 O UTF-8 ΩwrXC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2369DBNAME( ’slapdDB2CP’ ’slapdDB2CP’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2431NAME ’ibm-slapdDBAlias’DESC ’DB2 ΩwOWC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2431DBNAME( ’slapdDBAlias’ ’slapdDBAlias’ )ACCESS-CLASS normalLENGTH 8 )
attributetypes=( 1.3.18.0.2.4.2417NAME ’ibm-slapdDbConnections’DESC ’ⁿw°Aú DB2ßí DB2 suCΣO5 ≤jCg@P≤ΘxiHΣLsuC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2417DBNAME( ’DbConnections’ ’DbConnections’ )ACCESS-CLASS criticalLENGTH 2 )
attributetypes=( 1.3.18.0.2.4.2418NAME ’ibm-slapdDbInstance’DESC ’ßí DB2 ΩC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2418DBNAME( ’slapdDbInstance’ ’slapdDbInstance’ )ACCESS-CLASS criticalLENGTH 8 )
attributetypes=( 1.3.18.0.2.4.2382NAME ’ibm-slapdDbLocation’DESC ’ßíΩwbt⌠C
376 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
b UNIX WAoqO DB2INSTANCE l²]pG/home/ldapdb2Cb Windows WhuO≈ⁿw]pG D:’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2382DBNAME( ’slapdDbLocation’ ’slapdDbLocation’ )ACCESS-CLASS criticalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2426NAME ’ibm-slapdDbName’DESC ’ßí DB2 ΩwWC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2426DBNAME( ’slapdDbName’ ’slapdDbName’ )ACCESS-CLASS criticalLENGTH 8 )
attributetypes=( 1.3.18.0.2.4.2422NAME ’ibm-slapdDbUserID’DESC ’ßí s DB2 ΩwWC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2422DBNAME( ’slapdDbUserID’ ’slapdDbUserID’ )ACCESS-CLASS criticalLENGTH 8 )
attributetypes=( 1.3.18.0.2.4.2423NAME ’ibm-slapdDbUserPW’DESC ’ßí s DB2 ΩwKXC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2423DBNAME( ’slapdDbUserPW’ ’slapdDbUserPW’ )ACCESS-CLASS critical )
attributetypes=( 1.3.18.0.2.4.3054NAME ’ibm-slapdDerefAliases’DESC ’jMnDjOWhAúbßnDñiαⁿw⌠≤ derefAliasesC\ neverBfindBsearch M alwaysC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3054DBNAME( ’slapdDerefAliases’ ’slapdDerefAliases’ )ACCESS-CLASS normalLENGTH 6)
attributetypes=( 1.3.18.0.2.4.3032NAME ’ibm-slapdDigestAdminUser’DESC ’ⁿw LDAP zzs¿ Digest MD5 WCϕ MD5 Digest O OzC’EQUALITY 2.5.13.5
² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 377
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3032DBNAME( ’DigestAdminUser’ ’DigestAdminUser’ )ACCESS-CLASS criticalLENGTH 512 )
attributetypes=( 1.3.18.0.2.4.3082NAME ’ibm-slapdDigestAttr’DESC ’m½w] DIGEST-MD5 username C≤DIGEST-MD5 SASL sWd\WCpG!ⁿwA°A uidC’EQUALITY 2.5.13.0SYNTAX 1.3.6.1.4.1.1466.115.121.1.38USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3082DBNAME( ’slapdDigestAttr’ ’slapdDigestAttr’ )ACCESS-CLASS criticalLENGTH 128 )
attributetypes=( 1.3.18.0.2.4.3083NAME ’ibm-slapdDigestRealm’DESC ’m½w] DIGEST-MD5 ΓCpGbúP°AúPWMKXAi²Dn@WMKXrΩCbºWAoOiα]tbßbßXWCrΩ! ]t⌡µOD≈WABiαⁿ[email protected]!ⁿwA°A°A πD≈WC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3083DBNAME( ’slapdDigestRealm’ ’slapdDigestRealm’ )ACCESS-CLASS criticalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2421NAME ’ibm-slapdEnableEventNotification’DESC ’Y] FALSEA°A@nDAúe\ΣHG LDAP_UNWILLING_TO_PERFORM n²≤qC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2421DBNAME( ’enableEvntNotify’ ’enableEvntNotify’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2372NAME ’ibm-slapdEntryCacheSize’DESC ’OΘñiHOsW¡’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2372DBNAME( ’slapdRDBMCacheSiz’ ’slapdRDBMCacheSiz’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2424NAME ’ibm-slapdErrorLog’DESC ’ibmslapd D≈W⌠mATº
378 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
gJΣñCb Windows WAiⁿuAuºeYS≈r"A]Ow² ²]pG /tmp/slapd.errors = D:\Program Files\IBM\ldap\tmp\slapd.errorsC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2424DBNAME( ’slapdErrorLog’ ’slapdErrorLog’ )ACCESS-CLASS criticalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.3028NAME ’ibm-slapdESizeThreshold’DESC ’ⁿwb≥µ⌡µⁿºeAsbu@εCñu@C’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3028DBNAME( ’slapdESizeThresho’ ’slapdESizeThresho’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.3030NAME ’ibm-slapdEThreadActivate’DESC ’ⁿw¼pN≥µ⌡µⁿC]wUCΣñ@GS - jpAT - íASOT - jpíASAT - jpMíC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3030DBNAME( ’slapdEThreadActiv’ ’slapdEThreadActiv’ )ACCESS-CLASS normalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.3031NAME ’ibm-slapdEThreadEnable’DESC ’ⁿwOiH≥µ⌡µⁿC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3031DBNAME( ’slapdEThreadEnabl’ ’slapdEThreadEnabl’ )ACCESS-CLASS normal LENGTH 5 )
attributetypes=( 1.3.18.0.2.4.3029NAME ’ibm-slapdETimeThreshold’DESC ’ⁿwb≥µ⌡µⁿºeAqu@εCúíjíq]HµC’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3029DBNAME( ’slapdETimeThresho’ ’slapdETimeThresho’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2371NAME ’ibm-slapdFilterCacheBypassLimit’DESC ’jMLo°≤XYWLNú[JujMLo°≤vOΘñA]XLo°≤ ID Mµw]tbOΘñA]wU≤¡εOΘqC 0 ϕS¡εC’
² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 379
EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2371DBNAME( ’slapdRDBMCacheByp’ ’slapdRDBMCacheByp’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2370NAME ’ibm-slapdFilterCacheSize’DESC ’ⁿwujMLo°≤OΘvñOsW¡C’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2370DBNAME( ’slapdFilterCacheS’ ’slapdFilterCacheS’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2378NAME ’ibm-slapdIdleTimeOut’DESC ’Od! C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2378DBNAME( ’SlapdIdleTimeOut’ ’SlapdIdleTimeOut’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2364NAME ’ibm-slapdIncludeSchema’DESC ’ibmslapd D≈W⌠AΣñ]tLDCF ßí⌡wqCG/etc/V3.system.at /etc/V3.system.oc /etc/V3.ibm.at/etc/V3.ibm.oc /etc/V3.user.at /etc/V3.user.oc/etc/V3.ldapsyntaxes /etc/V3.matchingrules/etc/V3.modifiedschema b Windows WAiⁿuABuºeYS≈r"A]Ow² ²]pG /etc/V3.system.at = D:\Program Files\IBM\ldap\etc\V3.system.atC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2364DBNAME( ’slapdIncldeSchema’ ’slapdIncldeSchema’ )ACCESS-CLASS criticalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2430NAME ’ibm-slapdInvalidLine’DESC ’YLAw²[b tmYCpNiHµjM "ibm-slapdInvalidLine=*"ΦíAOLtm]wC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE userApplications )IBMAttributetypes=( 1.3.18.0.2.4.2430DBNAME( ’slapdInvalidLine’ ’slapdInvalidLine’ )ACCESS-CLASS normalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2365
380 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
NAME ’ibm-slapdIpAddress’DESC ’ⁿw°AnÑ IP CoiHO IPv4 IPv6 CYSⁿwAh°AwⁿwD≈ IP CoA≤ OS/400C’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2365DBNAME( ’slapdIpAddress’ ’slapdIpAddress’ )ACCESS-CLASS systemLENGTH 32 )
attributetypes=( 1.3.18.0.2.4.2420NAME ’ibm-slapdKrbAdminDN’DESC ’ⁿw LDAP z kerberos ID]p ibm-kn=name@realmCA≤ϕznJ Web AdminA kerberos O OzCⁿwANúⁿw adminDN M adminPWC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2420DBNAME( ’slapdKrbAdminDN’ ’slapdKrbAdminDN’ )ACCESS-CLASS criticalLENGTH 512 )
attributetypes=( 1.3.18.0.2.4.2394NAME ’ibm-slapdKrbEnable’DESC ’O TRUE | FALSE º@Cⁿw°AOΣ kerberos OC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2394DBNAME( ’slapdKrbEnable’ ’slapdKrbEnable’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2419NAME ’ibm-slapdKrbIdentityMap’DESC ’Y] TRUEAϕßOHkerberos ID OA°AjMX kerberos AMßN DN [JsusñCoi²H LDAP DN≥ª ACLAMiHb kerberos OñC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2419DBNAME( ’KrbIdentityMap’ ’KrbIdentityMap’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2416NAME ’ibm-slapdKrbKeyTab’DESC ’ⁿw LDAP °A keytab C]t LDAP °ApK≈AoMΣkerberos bßsC [HO@]pP°A SSL ≈ΩwCb Windows WAiⁿuAuºeYS≈r" (D:)Ah]Ow² ²]pG /tmp/slapd.errors = D:\Program Files\IBM\ldap\tmp\slapd.errorsC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2416DBNAME( ’slapdKrbKeyTab’ ’slapdKrbKeyTab’ )
² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 381
ACCESS-CLASS criticalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2400NAME ’ibm-slapdKrbRealm’DESC ’ⁿw LDAP °A Kerberos ΓC broot DSE ñoµ ldapservicename CNGLDAP °AiH@h½ KDC]HΓbßΩTxswA²OYN LDAP °A@ kerberos°AAuiHOµ@Γ¿C’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2400DBNAME( ’slapdKrbRealm’ ’slapdKrbRealm’ )ACCESS-CLASS criticalLENGTH 256 )
attributetypes=( 1.3.18.0.2.4.3074NAME ’ibm-slapdLanguageTagsEnabled’DESC ’ⁿw²°AO\yÑ@í@í≈Ciα]A TRUE M FALSEC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3074DBNAME( ’slapdLanguageTags’ ’slapdLanguageTags’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2415NAME ’ibm-slapdLdapCrlHost’DESC ’ⁿw LDAP °AD≈WA D≈ñ]t τß x.509v3 u°Mµv(CRL)CϕoX ibm-slapdSslAuth=serverclientauth Hß@ CRL τAnC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2415DBNAME( ’LdapCrlHost’ ’LdapCrlHost’ )ACCESS-CLASS criticalLENGTH 256 )
attributetypes=( 1.3.18.0.2.4.2407NAME ’ibm-slapdLdapCrlPassword’DESC ’ⁿw°A SSL s LDAP°AKXA °Añ]t τß x.509v3 u°Mµv(CRL)Cϕ ibm-slapdSslAuth=serverclientauthABwgw∩ CRL τoXßAiαnCNG Y LDAP°AOs CRL e\!gOs CRL]pWsANún ibm-slapdLdapCrlPasswordC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2407DBNAME( ’CrlPassword’ ’CrlPassword’ )ACCESS-CLASS critical )
attributetypes=( 1.3.18.0.2.4.2404 NAME ’ibm-slapdLdapCrlPort’DESC ’ⁿw LDAP °A LDAP ibm-slapdPortA °Añ]t τß x.509v3 u°Mµv(CRL) Cϕ ibm-slapdSslAuth=serverclientauthABwgw∩ CRL τoXß
382 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
AnoC]IP ≡!A16 πA≤ 1 - 65535 ºí’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2404DBNAME( ’LdapCrlPort’ ’LdapCrlPort’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2403NAME ’ibm-slapdLdapCrlUser’DESC ’ⁿw°A SSL s LDAP °A bindDNA °Añ]t τßx.509v3 u°Mµv(CRL)CϕoX ibm-slapdSslAuth=serverclientauth Hß@ CRL τAiαnCNGY LDAP °AOsCRL e\!gOs CRL]pWsANún ibm-slapdLdapCrlUserC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2403DBNAME( ’LdapCrlUser’ ’LdapCrlUser’ )ACCESS-CLASS criticalLENGTH 1000 )
attributetypes=( 1.3.18.0.2.4.2409NAME ’ibm-slapdMasterDN’DESC ’gú°As DNCΣXP°Aºíwqg≤w÷p½≤ñ replicaBindDNCϕ kerberos OAibm-slapdMasterDNⁿw kerberos ID DN ek]p ibm-kn=freddy@realm1CY kerberosAhMasterServerPW Q ñC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2409DBNAME( ’MasterDN’ ’MasterDN’ )ACCESS-CLASS criticalLENGTH 1000 )
attributetypes=( 1.3.18.0.2.4.2411NAME ’ibm-slapdMasterPW’DESC ’gúsKXCΣXP°Aºíwqg≤w÷p½≤º replicaBindPWCY kerberosAMasterServerPW Q ñC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2411DBNAME( ’MasterPW’ ’MasterPW’ )ACCESS-CLASS critical )
attributetypes=( 1.3.18.0.2.4.2401NAME ’ibm-slapdMasterReferral’DESC ’D°A URL]pGldaps://master.us.ibm.com:636’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2401DBNAME( ’MasterReferral’ ’MasterReferral’ )ACCESS-CLASS criticalLENGTH 256 )
² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 383
attributetypes=( 1.3.18.0.2.4.2412NAME ’ibm-slapdMaxEventsPerConnection’DESC ’Csuin²≤qW¡Cp = 0 (unlimited) j = 2,147,483,647’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2412DBNAME( ’EventsPerCon’ ’EventsPerCon’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2405NAME ’ibm-slapdMaxEventsTotal’DESC ’suin²≤qW¡Cp = 0 ]ú]¡j = 2,147,483,647’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2405DBNAME( ’MaxEventsTotal’ ’MaxEventsTotal’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2439NAME ’ibm-slapdMaxNumOfTransactions’DESC ’P@í@ñµ÷W¡C0 = ú]¡’EQUALITY 2.5.13.29SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2439DBNAME( ’MaxNumOfTrans’ ’MaxNumOfTrans’ )ACCESS-CLASS criticalLENGTH 11EQUALITYORDERINGSUBSTRAPPROX )
attributetypes=( 1.3.18.0.2.4.2385NAME ’ibm-slapdMaxOpPerTransaction’DESC ’C@µ÷@W¡C0 = ú]¡’EQUALITY 2.5.13.29SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2385DBNAME( ’MaxOpPerTrans’ ’MaxOpPerTrans’ )ACCESS-CLASS criticalLENGTH 11EQUALITYORDERINGAPPROX )
attributetypes=( 1.3.18.0.2.4.2486NAME ’ibm-slapdMaxPendingChangesDisplayed’DESC ’πú°Añ⌠≤wg@≤wnπmg≤sjC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27USAGE userApplications )IBMAttributetypes=( 1.3.18.0.2.4.2486DBNAME( ’slapdMaxPendingCh’ ’slapdMaxPendingCh’ )ACCESS-CLASS normalLENGTH 11 )
384 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
attributetypes=( 1.3.18.0.2.4.2386NAME ’ibm-slapdMaxTimeLimitOfTransactions’DESC ’mµ÷OW¡AHϕµC0 = ú]¡’EQUALITY 2.5.13.29SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2386DBNAME( ’MaxTimeOfTrans’ ’MaxTimeOfTrans’ )ACCESS-CLASS criticalLENGTH 11EQUALITYORDERINGAPPROX )
attributetypes=( 1.3.18.0.2.4.2500NAME ’ibm-slapdMigrationInfo’DESC ’ ε≤αΩTC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2500DBNAME( ’slapdMigrationInf’ ’slapdMigrationInf’ )ACCESS-CLASS criticalLENGTH 2048 )
attributetypes=( 1.3.18.0.2.4.2376NAME ’ibm-slapdPagedResAllowNonAdmin’DESC ’°AO e\DzsbjMnDWGnDCpGq ibmslapd.conf ¬O TRUEA°ABz⌠≤ßnDA]AWsúXnDCYq ibmslapd.conf ¬O FALSEAh°AuBzπzv¡úXßnDCYßHjM@ TRUE FALSE ½nAnDGA²oSzv¡ABq ibmslapd.conf¬O FALSE A°AßAXOinsufficientAccessRights - ú⌡µjMC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2376DBNAME( ’SlapdPagedNonAdmn’ ’SlapdPagedNonAdmn’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2380NAME ’ibm-slapdPagedResLmt’DESC ’e\Pb@ñ!⌡µGjMnDW¡Cd≥ = 0.... YßnDG@ABj!⌡µGe@ñAh°ANßúLX - ú⌡µ⌠≤jMC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2380DBNAME( ’SlapdPagedResLmt’ ’SlapdPagedResLmt’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2406NAME ’ibm-slapdPlugin’DESC ’íOAⁿJíwAΣiXR°A\αCibm-slapdPlugin Hⁿw
² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 385
°Anp≤ⁿJPl]wíwCΣykG keyword filename init_function [args...]C@¡xykñLúPAoO]íwRWDúPºGC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2406DBNAME( ’slapdPlugin’ ’slapdPlugin’ )ACCESS-CLASS criticalLENGTH 2000 )
attributetypes=( 1.3.18.0.2.4.2408NAME ’ibm-slapdPort’DESC ’D SSL su TCP/IP ibm-slapdPortCúiHM ibm-slapdSecurePort πPC]IP ≡OLtA16 πA≤ 1 - 65535 ºí’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2408DBNAME( ’slapdPort’ ’slapdPort’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2402NAME ’ibm-slapdPwEncryption’DESC ’O none | imask | crypt | sha º@CⁿwKXxs≤²ºesX≈εCYSⁿwAhw] noneCY] none ºΣLASASL digest-md5 sNóC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2402DBNAME( ’PwEncryption’ ’PwEncryption’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2413NAME ’ibm-slapdReadOnly’DESC ’O TRUE | FALSE º@CⁿwOigJßíCYSⁿwAhw] FALSECY] TRUEA°A LDAP_UNWILLING_TO_PERFORM (0x35)@∩≤¬ΩwñΩº⌠≤ßnDC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2413DBNAME( ’ReadOnly’ ’ReadOnly’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2487NAME ’ibm-slapdReferral’DESC ’ⁿwϕrMnDúXAnαLDAP URLC≤Wα]p ibm-slapdSuffix úsb°ARWwqC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2487DBNAME( ’Referral’ ’Referral’ )ACCESS-CLASS critical LENGTH 32700 )
attributetypes=( 1.3.18.0.2.4.2434NAME ’ibm-slapdReplDbConns’DESC ’g@Ωwsu’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
386 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
SINGLE-VALUEUSAGE userApplications )IBMAttributetypes=( 1.3.18.0.2.4.2434DBNAME( ’slapdReplDbConns’ ’slapdReplDbConns’ )ACCESS-CLASS normalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2367NAME ’ibm-slapdReplicaSubtree’DESC ’Ogl≡ DNC’EQUALITY 2.5.13.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.12USAGE userApplications )IBMAttributetypes=( 1.3.18.0.2.4.2367DBNAME( ’slapdReplicaSubtr’ ’slapdReplicaSubtr’ )ACCESS-CLASS normalLENGTH 1000 )
attributetypes=( 1.3.18.0.2.4.2437NAME ’ibm-slapdSchemaAdditions’DESC ’ibmslapd D≈W⌠AΣñ]tLDCF ßí⌡wqCG /etc/V3.modifiedschemaCb Windows WiⁿuAuºeYS≈r"A]Ow² ²]pG /etc/V3.system.at = D:\Program Files\IBM\ldap\etc\V3.system.atC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2437DBNAME( ’slapdSchemaAdditi’ ’slapdSchemaAdditi’ )ACCESS-CLASS normalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2363NAME ’ibm-slapdSchemaCheck’DESC ’O V2 | V3 | V3_lenient º@CⁿwsW/∩@⌡d≈εCV2 = ⌡µ LDAP v2 dCV3 = ⌡µ LDAP v3 dCV3_lenient = ún"½≤OC[JAun±½≤OC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2363DBNAME( ’SchemaCheck’ ’SchemaCheck’ )ACCESS-CLASS criticalLENGTH 10 )
attributetypes=( 1.3.18.0.2.4.2398NAME ’ibm-slapdSecurePort’DESC ’SSL su TCP/IP ≡CúiMibm-slapdPort πPC]IP ≡OLt 16 πA≤ 1 - 65535 ºí’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2398DBNAME( ’SecurePort’ ’SecurePort’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2399NAME ’ibm-slapdSecurity’DESC ’O none | SSL | SSLOnly º@Cⁿw°Aⁿsu¼Cnone - °AuÑD SSL ≡Cssl - °AÑSSL MD SSL ≡Csslonly - °AuÑ SSL ≡C’EQUALITY 2.5.13.2
² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 387
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2399DBNAME( ’Security’ ’Security’ )ACCESS-CLASS criticalLENGTH 7 )
attributetypes=( 1.3.18.0.2.4.2433NAME ’ibm-slapdServerId’DESC ’wqg@ñ°A’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26SINGLE-VALUEUSAGE userApplications )IBMAttributetypes=( 1.3.18.0.2.4.2433DBNAME( ’slapdServerId’ ’slapdServerId’ )ACCESS-CLASS normalLENGTH 240 )
attributetypes=( 1.3.18.0.2.4.2397NAME ’ibm-slapdSetenv’DESC ’°A≈A⌡µ ibm-slapdSetenv putenv()AH∩Σv⌡µ⌠CShell (%PATH% \24LANG)NúiCe@kO]w DB2CODEPAGE=1208AoO UCS-2 (Unicode) Ωwn]wC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2397DBNAME( ’slapdSetenv’ ’slapdSetenv’ )ACCESS-CLASS criticalLENGTH 2000 )
attributetypes=( 1.3.18.0.2.4.2396NAME ’ibm-slapdSizeLimit’DESC ’jMnW¡AúbßjMnDñOⁿw⌠≤jp¡εCd≥ = 0.... Yß¡εAhpßMq ibmslapd.conf ¬CYßS¡εABs admin DNAh°¡εú]¡CYßS¡εA]Ss admin DNAhq ibmslapd.conf ¬¡εC0 = ú]¡C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2396DBNAME( ’SizeLimit’ ’SizeLimit’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2381 NAME ’ibm-slapdSortKeyLimit’DESC ’bµ@jMnDñiHⁿw °≤]ΣW¡Cd≥ = 0.... YßjMnD]A ΣWL¡εe\AB jMε½n] FALSEAh°Aqibmslapd.conf ¬AbF¡εºß ñJ⌠≤ Σ - ⌡µjMP CYßjMnD]AΣWL¡εe\AB jMε½n] TRUEAh°AX adminLimitExceeded - Nú⌡µjM C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2381DBNAME( ’SlapdSortKeyLimit’ ’SlapdSortKeyLimit’ )ACCESS-CLASS critical
388 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
LENGTH 11 )
attributetypes=( 1.3.18.0.2.4.2377NAME ’ibm-slapdSortSrchAllowNonAdmin’DESC ’°AO e\DzsbjMnDW nDCYq ibmslapd.conf ¬O TRUEA°ANBz⌠≤ßnDA]AWsúXnDCYqibmslapd.conf ¬O FALSEAh°AuBzπzv¡úXßnDCYßnD ⁿwjM@½n TRUEA²Szv¡ABq ibmslapd.conf ¬ FALSEAh°AßAX insufficientAccessRights - ú⌡µjM C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2377DBNAME( ’SlapdSortNonAdmin’ ’SlapdSortNonAdmin’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2395NAME ’ibm-slapdSslAuth’DESC ’O serverauth | serverclientauth º@CⁿwSSL suO¼Cserverauth - bßΣ°AOCserverclientauth - Σ°AHßOC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2395DBNAME( ’slapdSslAuth’ ’slapdSslAuth’ )ACCESS-CLASS criticalLENGTH 16 )
attributetypes=( 1.3.18.0.2.4.2389NAME ’ibm-slapdSslCertificate’DESC ’ⁿw O≈Ωwñ°AHCObzL ikmgui í°ApK≈PⁿwCYSwqibm-slapdSslCertificateAh LDAP °A SSL suN≈Ωwñwqw]pK≈C’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2389DBNAME( ’SslCertificate’ ’SslCertificate’ )ACCESS-CLASS criticalLENGTH 128 )
attributetypes=( 1.3.18.0.2.4.2429NAME ’ibm-slapdSslCipherSpec’DESC ’SSL KXWµA] DES-56BRC2-40-MD5BRC4-128-MD5BRC4-128-SHABRC4-40-MD5BTripleDES-168 AESCªwqb LDAP ßP°Aºí SSL suAiⁿ[K/KΦkC’EQUALITY 1.3.6.1.4.1.1466.109.114.1SYNTAX 1.3.6.1.4.1.1466.115.121.1.26USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2429DBNAME( ’slapdSslCipherSpe’ ’slapdSslCipherSpe’ )ACCESS-CLASS normalLENGTH 30 )
² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 389
attributetypes=( 1.3.18.0.2.4.2362NAME ’ibm-slapdSslCipherSpecs’DESC ’b ibm-slapdSslCipherSpec ñΣA²úCⁿw@QiXAⁿXb LDAP ßP°AºíSSL suAiH[K/KΦkCXNϕLDAP °AΣi[K/KΦkCw²wqKXΣípUGSLAPD_SSL_TRIPLE_DES_SHA_US 0x0A T½ DES tΓkAπ@ 168 ≈
H@ SHA-1 MACSLAPD_SSL_DES_SHA_US 0x09DES 56 ≈M SHA-1 MAC [KSLAPD_SSL_RC4_SHA_US 0x05 RC4 128 ≈M SHA-1 MAC [KSLAPD_SSL_RC4_MD5_US 0x04 RC4 128 ≈M MD5 MAC [KSLAPD_SSL_RC4_MD5_EXPORT 0x03 RC4 40 ≈M MD5 MAC [KSLAPD_SSL_RC2_MD5_EXPORT 0x06 RC2 40 ≈M MD5 MAC [K’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2362DBNAME( ’SslCipherSpecs’ ’SslCipherSpecs’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( 1.3.18.0.2.4.3088NAME ’ibm-slapdSslFIPsModeEnabled’DESC ’Y TRUEAⁿw°AN ICC GSKitAY False h BSAFE C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3088DBNAME( ’slapdSslFIPsModeE’ ’slapdSslFIPsModeE’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2375NAME ’ibm-slapdSSLKeyDatabase’DESC ’LDAP °A SSL ≈Ωw⌠C≈ΩwO Bz LDAP ß SSL suAHs LDAP °Aw SSL suCb Windows WAiⁿuAuºeYS≈ⁿw (D:)Ah]Ow² ²]pG /etc/key.kdb = D:\Program Files\IBM\ldap\etc\key.kdbC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2375DBNAME( ’slapdSSLKeyDataba’ ’slapdSSLKeyDataba’ )ACCESS-CLASS criticalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2438 NAME ’ibm-slapdSSLKeyDatabasePW’DESC ’ⁿwP LDAP °A SSL ≈Ωw÷pKXApb ibm-slapdSslKeyDatabase ⁿwCY LDAP °A≈Ωw÷pKX⌠AhiHñ ibm-slapdSslKeyDatabasePW A]wibm-slapdSslKeyDatabasePW = noneCNGKX⌠≤M≈ΩwP²ñABM≈ΩwPWAúLWO .sthAúO .kdb’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2438DBNAME( ’slapdSSLKeyDPW’ ’slapdSSLKeyDPW’ )ACCESS-CLASS normal )
attributetypes=( 1.3.18.0.2.4.2392NAME ’ibm-slapdSslKeyRingFile’DESC ’LDAP °A SSL ≈Ωw⌠C≈Ωw
390 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
O Bz LDAP ß SSL suAHs LDAP °Aw SSL suCb Windows WAiⁿuAuºeYS≈ⁿw (D:)Ah]Ow² ²]pG /etc/key.kdb = D:\Program Files\IBM\ldap\etc\key.kdbC’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2392DBNAME( ’SslKeyRingFile’ ’SslKeyRingFile’ )ACCESS-CLASS criticalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2390NAME ’ibm-slapdSslKeyRingFilePW’DESC ’ⁿwP LDAP °A SSL ≈Ωw÷pKXApb ibm-slapdSslKeyRingFile ⁿwCY LDAP °A≈Ωw÷pKX⌠AhiHñ ibm-slapdSslKeyRingFilePW A]wibm-slapdSslKeyRingFilePW = noneCNGKX⌠≤M≈ΩwP²ñABM≈ΩwPWAúLWO .sthAúO .kdbC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.5SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2390DBNAME( ’SslKeyRingFilePW’ ’SslKeyRingFilePW’ )ACCESS-CLASS critical )
attributetypes=( 1.3.18.0.2.4.3058NAME ’ibm-slapdStartupTraceEnabled’DESC ’O [TRUE|FALSE] Σñº@CⁿwOnb°A¼lΩTC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3058DBNAME( ’slapdStartupTrace’ ’slapdStartupTrace’ )ACCESS-CLASS normalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2388NAME ’ibm-slapdSuffix’DESC ’ⁿwnxsbßíñRWwqC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.12USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2388DBNAME( ’slapdSuffix’ ’slapdSuffix’ )ACCESS-CLASS criticalLENGTH 1000 )
attributetypes=( 1.3.18.0.2.4.2480NAME ’ibm-slapdSupportedWebAdmVersion’DESC ’wqΣ°Atm webzDxC’EQUALITY 2.5.13.2ORDERING 2.5.13.3SUBSTR 2.5.13.4SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2480DBNAME( ’slapdSupWebAdmVer’ ’slapdSupWebAdmVer’ )ACCESS-CLASS normalLENGTH 256 )
² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 391
attributetypes=( 1.3.18.0.2.4.2393NAME ’ibm-slapdSysLogLevel’DESC ’O l | m | h º@Cú@pΩOⁿb ibmslapd.log ñhCh - ¬]Am - ñAl - C]nC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2393DBNAME( ’SysLogLevel’ ’SysLogLevel’ )ACCESS-CLASS criticalLENGTH 1 )
attributetypes=( 1.3.18.0.2.4.2391NAME ’ibm-slapdTimeLimit’DESC ’bjMnDßϕW¡AúßnDOⁿw⌠≤í¡εCd≥ = 0.... Yß@¡εAhpßMqibmslapd.conf ¬CYßS¡εABH admin DN sAh°¡εú]¡CYßS¡εA]SH admin DN sAhq ibmslapd.conf ¬¡εC0 = ú]¡C’SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2391DBNAME( ’TimeLimit’ ’TimeLimit’ )ACCESS-CLASS criticalLENGTH 11 )
attributetypes=( ibm-slapdStartupTraceEnabled-oidNAME ’ibm-slapdTraceEnabled’DESC ’O TRUE | FALSE º@CⁿwOnb°A¼lΩT’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( ibm-slapdStartupTraceEnabled-oidACCESS-CLASS normalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.3060NAME ’ibm-slapdTraceMessageLevel’DESC ’b ibmslapd -h ⁿOµ∩ºßiⁿ⌠≤A]wúTºh’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3060DBNAME( ’slapdTraceLevel’ ’slapdTraceLevel’ )ACCESS-CLASS normalLENGTH 6)
attributetypes=( 1.3.18.0.2.4.3059NAME ’ibm-slapdTraceMessageLog’DESC ’nN LDAP C API Mú¿Tºg°AD≈W⌠mCb Windows WAiⁿuAuºeYS≈NA]Ow² ²]pG /tmp/tracemsg.log = C:\Program Files\IBM\LDAP\tmp\tracemsg.logC’EQUALITY 2.5.13.2SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE USAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3059DBNAME( ’slapdTraceMessage’ ’slapdTraceMessage’ )
392 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
ACCESS-CLASS normalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.2384NAME ’ibm-slapdTransactionEnable’DESC ’Y FALSEAhπΘµ÷ΣF°A LDAP_UNWILLING_TO_PERFORMA StartTransaction nDC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2384DBNAME( ’TransactionEnable’ ’TransactionEnable’ )ACCESS-CLASS criticalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2499NAME ’ibm-slapdUseProcessIdPW’DESC ’Y] trueA°AP ibmslapd Bz÷pnJ ID sΩwCY] falseAh°A ibm-slapdDbUserID M ibm-slapdDbUserPWΓ sΩwC’SYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2499DBNAME( ’useprocidpw’ ’useprocidpw’ )ACCESS-CLASS normalLENGTH 5 )
attributetypes=( 1.3.18.0.2.4.2436NAME ’ibm-slapdVersion’DESC ’IBM Slapd X’EQUALITY 2.5.13.5SYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.2436DBNAME( ’slapdVersion’ ’slapdVersion’ )ACCESS-CLASS normalLENGTH 1024 )
attributetypes=( 1.3.18.0.2.4.3026NAME ’ibm-slapdWriteTimeout’DESC ’ⁿw²gJOCϕFí¡εANñsuC’EQUALITY 2.5.13.14SYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUEUSAGE directoryOperation )IBMAttributetypes=( 1.3.18.0.2.4.3026DBNAME( ’slapdWriteTimeout’ ’slapdWriteTimeout’ )ACCESS-CLASS normalLENGTH 11 )
A≤
HUCiHA≤MµCo≤Aún½s°ANiH
C
Cn=Configuration
v ibm-slapdadmindn
v ibm-slapdadminpw
v ibm-slapderrorlog
v ibm-slapdpwencryption
² H. IBM Tivoli Directory 5.2 tm⌡½≤OM 393
v ibm-slapdsizelimit
v ibm-slapdsysloglevel
v ibm-slapdtimelimit
cn=Front End, cn=Configuration
v ibm-slapdaclcache
v ibm-slapdaclcachesize
v ibm-slapdentrycachesize
v ibm-slapdfiltercachebypasslimit
v ibm-slapdfiltercachesize
v ibm-slapdidletimeout
cn=Event Notification, cn=Configuration
v ibm-slapdmaxeventsperconnection
v ibm-slapdmaxeventstotal
cn=Transaction, cn=Configuration
v ibm-slapdmaxnumoftransactions
v ibm-slapdmaxoppertransaction
v ibm-slapdmaxtimelimitoftransactions
c n = C o n f i g D B , c n = C o n f i g B a c k e n d s , c n = I B M D i r e c t o r y ,cn=Schemas,cn=Configuration
v ibm-slapdreadonly
c n = D i r e c t o r y , c n = R D B M B a c k e n d s , c n = I B M D i r e c t o r y ,cn=Schemas,cn=Configuration
v ibm-slapdbulkloaderrors
v ibm-slapdclierrors
v ibm-slapdpagedresallownonadmin
v ibm-slapdpagedreslmt
v ibm-slapdpagesizelmt
v ibm-slapdreadonly
v ibm-slapdsortkeylimit
v ibm-slapdsortsrchallownonadmin
v ibm-slapdsuffix
394 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
² I. N
ΩTOw∩ IBM bⁿΩúºúPAoXC bΣLΩaañA
IBM úúoúñúUúBA\αCnDzbaOi
oúAAVϕa IBM ANϕdCbú IBM úBí
AAúϕtuα IBM úBíACunI< IBM z
]úvA⌠≤\αϕúBíAúiHN IBM úBíACú
LAΣLD IBM úBíAbB@WPτAΣd⌠≤C
IBM ∩≤σ≤eMQMQ1Cσ≤ú#ezMQº⌠≤
vCziHΦídv÷DAτHG
IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785U.S.A.
pGnd÷ (DBCS) ΩTvyApzΩaa IBM z
]úíAΦíHG
IBM World Trade Asia Corporation Licensing2-31 Roppongi 3-chome, Minato-kuTokyo 106, Japan
UCq¿YPΩºk°ΦAY°úAG IBM H¼úA úú
⌠≤qºO (]A²ú¡≤iΓXSwO)CYab
Yµ÷Wú0\úWzOAhúLC
ñiαNWLΩW"C]AIBM wqFNqß
eJsñCPAIBM oH∩i () ΩTñúú ()
íC
bΩTñAZ∩≤D IBM ⌠zAúuΦKºGAúNϕ∩≤o⌠
⌠≤ Co⌠ú≈Aú≤ IBM ú@í≈FpGnQo⌠
Az")µßIC
IBM oHUAϕΦí¼% Q ßú⌠≤ΩTA L∩ztdC
íº≥vYµo÷ΩAHKUCΩTió IBMCΣUCΩT
ⁿOG(1) WíPΣLí]]Aíºí≤½ΩTΦíF (2)
¼wµ½ºΩTΦkCpG⌠≤DpG
IBM CorporationDepartment LZKS11400 Burnet RoadAustin, TX 78758U.S.A.
WzΩºoΣSϕn≤AbYípU"IOΦoC
© Copyright IBM Corp. 2003 395
IBM ≥≤ΦºuIBM ßXvBuΩívXv⌠≤PÑXº°A
úσ≤ñzºvíPΣAvΩC
⌠≤B[\⌡µαΩúOb@ⁿε⌠UMwXC]AYbΣ
L@⌠UAoGiαjjúPCwwboÑqtWLAú
LoúOb@δtWXPGCAAwiαwzL Φí
⌠LC²ΩGiαDpC )vSw⌠AdAΩ
C
úºD IBM úΩTAY@%ú AΣXnΣL
DoCIBM LoúA]LkToD IBM ú⌡µαBe
B⌠≤∩úΣLDiOLCpGz∩D IBM úα⌠≤
AwVú dC
÷ IBM V⌠≤»zANϕ IBM wAiα≤²ní
pUM#C
ú IBM ΓNϕ IBM esΓµAiαH≤CgP ú
µiαúPC
UCWⁿO International Business Machines Corporation bⁿΩM/ΣLΩaa
G
v AIX
v DB2
v IBM
v OS/400
v SecureWay
v Tivoli
v WebSphere
v World Registry
v z/OS
Java O Sun Microsystems, Inc. U C
MicrosoftBMS-DOSBWindows H Windows NT O Microsoft Corporation U
UNIX O The Open Group U C
ΣLqBúMAíWOΣLqU AOC
396 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
Wⁿ
iHΣ IBM Directory ú@ⁿJwq
"
±∩Wh (matching rule)±∩Whíp≤⌡µ±CⁿΣ±∩
Wh]AG
caseExactIA5MatchcaseExactMatchcaseExactOrderingMatchcaseExactSubstringsMatchcaseIgnoreIA5MatchcaseIgnoreMatchcaseIgnoreOrderingMatchcaseIgnoreSubstringsMatchdistinguishedNameMatchdistinguishedNameOrderingMatchgeneralizedTimeMatchgeneralizedTimeOrderingMatchintegerFirstComponentMatchintegerMatchobjectIdentifierFirstComponentMatchobjectIdentifierMatchoctetStringMatchtelephoneNumberMatchtelephoneNumberSubstringsMatchuTCTimeMatch
¡
²⌡ (directory schema)²ñUO%@Σ÷p
¿CCiα@h
CYnOñSwA¼W
nM@ⁿwAp ″cn=John Doe″Cou:vt∩CCú]t@
objectClass Awq]tΩ
T¼CΩWA½≤OiHⁿXñ
iα]tΣLC²⌡wq²
ñiαX¼P½≤OC
¼wqwqΣj°Py
kC½≤OwqhⁿwbO½≤ñ
"AHiαC
)
Ph°A (Peer server)ϕwl≡hD°AAíD°
AⁿJCPh°Aú gt@
Ph°Aeª≤F u g
²bªW≤C
h (multiple value)hOⁿw@HWC
iHhepQaM@mCYn
sWhYA÷@UhAMß
C@µ[J@CY]thA
µNπ¿UMµC
r (suffix)rO@ DNAOxsb²
ÑhñWhC%≤ LDAP ñ
∩RW≈εAo DN ]O²ÑhñΣ
LCrCCí²°Aiα
hrAC@r!OOxs
²ÑhC
sεMµ (access control list, ACL)sεMµ (ACL) ú@ΦkO@x
sb LDAP ²ñΩTCziH
ACL ¡ε²úPí≈Sw²
sCLDAP ² ÷YÑhí
≡¼cCC@²]½≤ú
]t½≤OWAH@M∩
C
sεs (access control group)iµsεsCC@sñú
]t%¿ DN ¿h¼Cs
εs½≤O ’AccessGroup’C
s\iv (access permission)s\iv@ΓG
v Aπ½≤\iv
v AsOO\iv
w Socket h (Secure Sockets Layer, SSL)IBM Tivoli Directory Server w Socket
hwAO@ LDAP sC
SSL O@ LDAP P IBM Tivoli Directory
Server ºíqTA SASL O≈
ε]τí≈εO°AA
X.509 OßP°AC
C
OW (alias)LDAP ñiHOW≤²≡
ñA⌠≤mCOWOⁿVΣL²
½≤@ⁿC
© Copyright IBM Corp. 2003 397
OW½≤O ’½≤O=aliasObject’CO
ñ"n ’aliasedObjectName’ ñA]t
t@²½≤π DN]OW½
≤C
b C API ñAbw]ípUAOW½≤ú
bjM@íCßibⁿO
µWXAnDCbMΣjM
≥ªAiNOWCYⁿw@
≥ª½≤OOW½≤Ah½≤bl
jMºeA²úC
pAY½≤π DN
″cn=personOfTheWeek, o=Corporation,
c=US″AΣ al iasedObjectName:
″cn=personA, o=Corporation,c=US″C]w’deref finding’ AjM≥ª
″cn=personOfTheWeek, o=Corporation, c=US″ ″cn=personA,
o=Corporation,c=US″CobN¿jM≥ªC
t@iαObjMíNOWCb
ípUA@≥ª DN O%ßú
DNA²NbjMíΣOW
C
ΣdO≥ª o=Corporation, c=US″ jM ″cn=*week*″C÷MΣXIO″cn=personOfTheWeek, o=Corporation,
c = U S ″A½≤QAN″cn=personA, o=Corporation,c=US″ #@jMGC
]iH ’all’CoϕOW
bMΣjM≥ªHbjM@íΣ½
≤AiµC
°A (replica) °AOⁿ²°AC
g°AiHOsπ²A
uOs²@²≡C∩ °A
⌠≤≤sAúαD°ACY
D°AóAzb °AW,@≈
²≡C °A]iH∩
#íC
gl≡ (replicated subtree) gl≡OO DIT @í≈AªOq@í°
A gΣL°ACbo]pUAS
wl≡iH gY°AA úα
gΣL°ACl≡iHbw°A
WgJA ΣLl≡hiHO¬C
g≤w (replication agreement) g≤wOⁿ²ñ]tΩTAwqΓí
°Aºíusuvu g⌠vCΣ
ñ@í°Aú]eX≤°A
At@í]¼≤°A
C≤wñ]tqúº
ísuAHw gn
ΩTC
gx (replication site)tmb@ ghD°AM⌠≤D
°ABPh °AC
g⌠⌠ (Replicating network)]ts gx⌠⌠C
g⌠wq (replication context)ⁿX gl≡ CziHN
ibm-replicationContext U½≤OsW
ñANª g CP g
÷tmΩTOs g⌠wqU
@ñC
ñΓ (role)ñΓMsⁿAúLª]t%z
?Sϕ\ivC
K
°A (consumer server)°AOⁿzL g@AqΣL [ú
] °A¼≤°AC
½≤Owq (object class definition)Cú]t@ objectClass A
wq]tΩT¼C½≤OⁿX
ñiα]tΣLC²⌡w
q²ñiHX¼P½≤
OC¼wqwqΣj°P
ykC½≤OwqhⁿwbO½≤
ñ"AHiαC
½≤O¼ (object class type)½≤OiHOcíApA
personFΓH¼ApAtopFU¼ApAePersonC
E
∩OW (relative distinguished name, RDN)∩OW (RDN) OOW (DN)
@≤CpAYπ DN O cn=John
398 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
Doe,ou=Test,o=IBM,c=USAh RDN NO
cn=John DoeC
Q@
As (dynamic group)AsOⁿjMϕíwqsC
ϕsW²ñA
XjMϕíA] )¿s
¿CAt]ú µBv
ΦkßíG
v SwO≤Sws¿
C
v CXSws¿C
v CXSw⌡sC
jMϕíiHMΣLs@C
osi@sεºC
¼l≡ (Nested subtree)¼l≡Ob²ΣLl≡@l
≡C
¼s (nested group)NsX¿¼iHÑhí÷YAH
Kwqs¿ΩµC¼s
wqOⁿ@lsAΣ DN Q)
sñ]tCtwg
wq@sAT!¼s
M@δ¿C
jM (sorted search)jMε²ßiH @≥
¼jMGAΣñC≥Nϕ@j
MΣCpiNd⌠Aqß
í°AA]b°A⌡µ
vCpAziαn m≤BWr
qXAN@≈uMµCú
nmjMMµΓA+αNΣ]@
b°AWAMßÑG#bß
WAm@AunmjMMµ@
AMßbNG#ßíº
eA[HC
QG
ú°A (supplier server)ú°AOⁿe≤ΣL []
°A°AC
ÑíCg (cascading replication)ÑíC gO@ gAΣñhh
°AhCPh/D°A g@p
¬°AAMßA gΣL°AC
oiH!D°A g@t
ⁿC
QT
s (group)sΓ¼G
v @δs
v iµsεsC
@δs½≤O
’GroupOfNames’B’GroupOfUniqueNames’
wqsCsεs½≤
O ’AccessGroup’C
C@s½≤út%¿ DN ¿h
¼Csúi]ts DNC
hD°A (Gateway server)@í°AAqΣb gxAN
gyqα g⌠⌠ñΣLh
DC]¼) g@⌠⌠ΣLhD
°A gyqAAαΣ g
xW°AC
hD°A"OD°A]igJC
Q"
yk (syntax)ykOⁿΩ"nµíCⁿΣyk]
AG
IBM ¼í±∩WhíWµíí¼í½≤OíDIT cWhíDIT eWhíLDAP ykíOID±∩WhíBoolean - TRUE/FALSEBinary - KirΩINTEGER - πrqíIA5 rΩ - jpgrΩ²rΩ - újpgrΩUTC íqXDN - OW
Q)
Rε (quiesce)°AB≤Lkⁿß≤s¼AA
Wⁿ 399
u%z⌡µ% gzεH
C
QC
Wh (indexing rule)bñ[WhAiH≤t
ΩTCIBM Tivoli Directory Server úUC
WhG
v Ñ
v j
v lrΩ
v fV
\ 114yWhzC
QK
α (referral)αú@Φí²°ANß
ΣL²°ACαAziHG
v NWíΩT!bhí°AW
v iΩOb@÷p°Añ≤
B
v NßnDeAϕ°A
α@δµíG
ldap[s]://hostname:portCαDw°AµíqOG
ldap://hostname:389A αw SSL
°AµíG
ldaps://hostname:636CΣlΩTA\ 58yúαzC
α°A (Forwarding server) gªº≤¬°ACoM
Ph/D°A#Abo°Añª
O¬A BSPh°AC
QE
OW (distinguished names, DN)²ñC@ú@OW
(DN)CDN Ob²ñ@OW
CDN O%hu=vt∩¿AU
t李HrIjApG
cn=Ben Gray,ou=editing,o=New YorkTimes,c=US
cn=Lucille White,ou=editing,o=NewYork Times,c=US
cn=Tom Brown,ou=reporting,o=NewYork Times,c=US
LDAP DN HSO]qOY
WYAß≥sxAq
OHΩaCDN @≤
u∩OWv(RDN)CªiH
O≤MπP)ΣLC
GQ@
sO (attribute access class)nⁿ\iv+αs!bP
@OñCⁿw⌡ñs
OCiH∩TsOG
v @δ
v P
v ½n
A
aclEntryaclEntry O@h¼AΣñ]tis
½≤ΣC@ΩTC
aclEntry CXUCΩT¼G
v ΩΘ½≤vQ]O@d≥C
v iHs>≥O]
sOC
v s>≥vQ]\ivC
aclPropagate²≡ñ⌠≤½≤úiH]w ACLCpP
bσ¼ÑhítñA LDAP s
εMµiHU²ÑhñCo
ACL ACLAΣ aclPropagate
trueC½≤lbúb
Il ACL ]wCYnⁿwMΣ)
úP A C LA"Ta]ws
ACLC
aclSourceC@½≤ú@÷p aclSource
C]twq ACL DNC
O%°AOsAúLAiX@z
C
B
bulkload@ⁿOµíAH LDIF µíj
qⁿJjqΩC
E
entryOwnerC@½≤ú@÷p entryOwner
400 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
CentryOwner iαO@A
@sAM aclEntry iⁿ½≤ⁿC
úLAentryOwner DΘ∩½≤M
vCbΩWOSw½≤z
CLSw½≤πsvA
ⁿ≤z DNCzΩwñ⌠
≤½≤π\ivC
G
gsk7ikmgsk7ikm íi-pK≈
∩1B¼1≈Ωw
ñHz≈Ωwñ≈Cgsk7ikm
@íCiú⌡
µ@nΩTCYz@Aª
oX@hTºAúz½súΩTC
L
ldapaddLDAP ∩ H LDAP sWuπ
ldapmodify OiHq shell sAIs
ldap_modify M ldap_add Γíw
Cldapadd Ω@ ldapmodify ≤WCϕ ldapadd A-a]sWXN)C
ldapdeleteLDAP Rúuπ ldapdelete OiHq
shell sAsIs ldap_delete íw
Cldapdelete M LDAP °Aºí
suAiµsAMßRú@h
CYú@h DN AhRú
π%OW (DN) CC@
DN OHrΩe DNC
ldapmodifyLDAP ∩ H LDAP sWu
π ldapmodify OiHq shell sAI
s ldap_modify M ldap_add Γíw
Cldapadd Ω@ ldapmodify ≤WCϕ ldapadd A-a]sWXN)C
ldapmodrdnLDAP ∩ RDN uπ ldapmodrdn O
iHq shell sAIs ldap_modrdn
íwC ldapmodrdn M
LDAP °AºísuAiµsAMß
∩ RDNCΩTOqΘJB
]zL -f ∩AqⁿOµDN P RDN t∩¬C
ldapsearchLDAP jMuπ ldapsearch OiHq shell s
AIs ldap_search íwC
ldapsearch M LDAP °Aºí
suAiµsAMßLo°≤⌡µj
MCLo°≤X LDAP Lo°≤r
ΩekC
LDIF L D A P Ωµ½µí ( L D I F )Ab
ldapmodifyBldapadd H ldapsearch ⁿOµíñAHiΓσrµí
Nϕ LDAP C
LDIF uπ ldif OiHzL shell s
íAªiN⌠NΩα½ LDIFC
ªqΘJ¬ΘJAMßúX
LDIF O²C
ldif2dbíiNHσr LDAP ²µ½µí
(LDIF) ⁿwAⁿJ÷píΩw
²ñCΩw"wsbCldif2db isW²ΩwñAsWwg
]tΩwñC
O
ownerPropagateM ACL \αPC
w]AuÑh≡VUA
BΣ] trueCY]
falseAN∩g¿M≤Sw½
≤C
ownerSourceC@½≤ú@÷p ownerSource
C]twq
DNCO%°A@AúLAi
X@zC
Wⁿ 401
402 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
HñσrAσrAS
ϕºCC
eGfGi 195
eTfl⌡ 116
l≡
± 291
l≡± 291
lO 102
u@í
°A¼A 34
wLo ACL 201, 211
e"fúe\≤
⌡ 117
í
ß 249
°A 284
ⁿOµ 249
bulkload 284
db2ldif 288
dbback 287
dbrestore 287
ibmdirctl 289
ldapadd 249, 265
ldapchangepwd 250
ldapdelete 253
ldapdiff 291
ldapexop 257
ldapmodify 249, 265
ldapmodrdn 271
ldapsearch 275
ldaptrace 297
ldif 300
ldif2db 300
runstats 301
ldapadd 249, 265
ldapchangepwd 250
ldapdelete 253
ldapdiff 291
ldapexop 257
ldapmodify 249, 265
ldapmodrdn 271
í (≥)
ldapsearch 275
Θx 173
f
zní 183
²°A 173
zní 181, 182
f 175
bulkload 180
DB2 179
±∩Wh 113
e¡fDx 18
qñú°A 22
nJ 18
nX 19
sW°A 21
≤e 22
≤KX 21
≤nJ 21
HAΦí≤ 393
[K
µVsX
crypt 85
SHA-1 85
h 84
VsX
imask 85
ssl 83
iH⌠Dn 80
"n\iv 205
Lo ACL 210
ßí
ldapadd 249, 265
ldapchangepwd 250
ldapdelete 253
ldapdiff 291
ldapexop 257
ldapmodify 249, 265
ldapmodrdn 271
ldapsearch 275
ßO 73
²°A
Θx 173
²°AΘx 173
e)fµ÷
]w 53
µ÷hw 67
@P⌡ 100
Wí 61
r 57
spΓ
ⁿwWh 208
XWh 208
sε
A⌡ 117
sεMµ 201
s\iv
LDAP @ 205
svQ 205
w Sockest h 67
w 74
KXh 86
Kerberos 92
ssl 67
¿Ωµ 197
)µ≈ 78
eCfεC
g 166
°A
ε 24
24
°Aí
bulkload 284
db2ldif 288
dbback 287
dbrestore 287
ibmdirctl 289
ldaptrace 297
ldif 300
ldif2db 300
runstats 301
°A¼A 25
°Aα
]w 47
°A
utmví 15
°APßO 68
°A 71
°AO 67
© Copyright IBM Corp. 2003 403
@
257
Rú
≈ 78
Rú 250, 253
°A 129
g
l≡ 133
D°A 133
εC 166
°AñΓ 131
136
A⌡ 117
165
Ny 129
úΩT 137
g
d 144
gⁿOµ
° 313
ñΓ 224
¡≈∩M
Kerberos 94
eKf≤q 55
55
55
z 243
ⁿOµ 45
π²\α⌠⌠
⌡Σ 125
≤w
g 132
ACL 206
@ 257
g 129
½≤OX 101
½≤O 101
s 223
U 196
IBMAttributeTypes 112
IBMsubschema 116
¼A
°A 25
su 34
≈
74
iH⌠Dn 80
)µ 78
Rú 78
≈ (≥)
pK 74
≈1 81
úiH⌠Dn 81
J 80
X 79
w] 78
≤ΩwKX 77
π÷ΩT 77
≈∩ 74
≈⌠
α 82
eEf÷p
°A, zLα 61
ⁿO 249
bulkload 284
db2ldif 288
dbback 287
dbrestore 287
ibmdirctl 249, 289
ldapadd 249, 265
ldapchangepwd 249
ldapdelete 253
ldapdiff 291
ldapexop 249, 257
ldapmodify 249, 265
ldapmodrdn 271
ldapsearch 275
ldaptrace 249, 297
ldif 300
ldif2db 300
runstats 301
ⁿOµ 45
d
⌡ 116
eQf∩ 271
α 47
í
q 126
UTC 126
Tº
317
ú
°A 312
ⁿO 312
tm 310
iÑΘX 311
Ωwtm 310
° 310
ú (≥)
h 312
eQ@fε°A 24
A
≤
⌡ 117
As 219
A⌡
±∩Wh 113
sε 117
g 117
≤ 117
@ 42
KX
Dxz 21
w 86
z 23
z 23
yk≥D 91
≤ 250
KXh 87
¼s 220
jM 51, 278
ldapsearch 278
CΘ 165
Cg 165
°A 24
utmví 15
VXís 221
α
≈⌠ 82
Wh
114
qí 126
q
≤ 55
su 34
e 36
εA 36
eQGfúΩT 137
Ω DN 203
189
Rú 253
∩ 271
jM 275
≤KX 250
∩
w∩⌡ 124
404 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
eQTfutmví 15
≥D 15
J
≈ 80
X
≈ 79
jM
jp¡ε 49, 225
w 49
! 49
!G 52
Γ 199
ε 50
í¡ε 49, 225
]w 49
iÑ 198
197
÷ 197
jM¡ε
s 225
jM 275
jMLo°≤
47
s 219
¿Ωµ 197
½≤O 223
A 219
¼ 220
VXí 221
jM¡ε 225
z 244
RA 219
Proxy v 229
Ωµ½µí 327
Ωw
≈ 287
287
Ωwsu
47
⌡µWh 8
eQ"f率
g 144
°
gⁿOµ 313
ú 310
í°A 308
\iv 305
GSKit 305
IBM Websphere Application Server -
Express O 308
° (≥)
kerberos AíWW 305
A¼A 30
z
W 23
KX 23
z
zs 38
Γ 235
zní 13
fΘx 183
Θx 181, 182
znífΘx 183
zníΘx 181, 182
zs 38
⌡
l⌡ 116
@q 100
Σ 100
½≤O 101
d 116
A
≤ 117
¼ 99
d 124
107
¼ 99
≤
úe\ 117
IBM Tivoli Directory Server 5.2
369
yÑΣ 329
yÑ
45
45
yk
OW 7
Sϕr 8
115
ACL 202
Backus Naur Form 7
Γ 235
z 239
z 235
eQ¡ff
Θx 175
fΘx 175
sw 74
í
ú 312
d 237
d (≥)
z 240
d
LDIF 327
1 328
eQ)f 74
1 78
zñ 74
OW 80
ldap 317
X 317
RAs 219
eQCfí°A
° 308
apache tomcat 17
IBM WebSphere Application Server -
Express O 17
\iv
° 305
d
124
Ωw 287
eQKfs²²≡ 189
α 58
!Wí 61
°A÷p 61
60
w]
wq 59
eQEfOW 7
Ω 203
°
GSKit 305
eGQf
½≤O 102
405
eGQ@f 107
Gi 195
HAΦí- ≤ 393
64
@ 42
yk 115
MAY 125
MUST 125
64
¼
⌡ 99
eGQGfO
ß 73
°A 67
°APß 68
eGQTf≤≡ 45
AACL 201
wLo 211
Lo 210
206
Lo°≤¼ 201
yk 202
ACL jp 47
Bbulkload 284
Θx 180
bulkload Θx 180
DDB2
Θx 179
DB2 Θx 179
db2ldif 288
dbback 287
dbrestore 287
DEN 125
DN 7
Ω 203
DN ⌡µr 8
GGSKit 74
° 305
IIANA r 329
IBM Websphere Application Server -
Express O
D 308
IBMAttributeTypes 112
ibmdirctl 249, 289
ibmslapd ∩ 15
ibmslapd.conf 57
IBMsubschema 116
iPlanet
σk 126
e 126
KKerberos 92
kerberos AíWW
° 305
Lldapadd 249, 265
ldapchangepwd 249, 250
ldapdelete 253
ldapdiff 291
ldapexop 249, 257
ldapmodify 45, 249, 265
ldapmodrdn 271
ldapsearch 275
ldaptrace 249, 297
LDIF 327
ldif 300
ldif2db 300
OOID 101
PProxy v
s 229
Rrdn 271
ref 60
referral
½≤O 60
ref 60
runstats 301
SSSL 67
TTLS 67
UUTC í 126
UTF-8 329
uuid 315
WWeb zuπ
nJ 23
Web zDx 18
Θx 173
Web zní 13
406 IBM Tivoli Directory Server: IBM Tivoli Directory Server zΓU
Printed in Denmark by IBM Danmark A/S
SC40-1892-00