📄 介绍ldap.htm
字号:
lang=EN-US></SPAN></I></P>
<P><SPAN style="FONT-FAMILY: 宋体">就象上面那一种格式,这种格式也是以</SPAN><SPAN
lang=EN-US>DNS</SPAN><SPAN
style="FONT-FAMILY: 宋体">域名为基础的,但是上面那种格式不改变域名(也就更易读),而这种格式把域名:</SPAN><SPAN
lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">foobar.com</SPAN><SPAN
style="FONT-FAMILY: 宋体">分成两部分</SPAN> <SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">dc=foobar,
dc=com</SPAN><SPAN
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 黑体">。</SPAN><SPAN
style="FONT-FAMILY: 宋体">在理论上,这种格式可能会更灵活一点,但是对于最终用户来说也更难记忆一点。考虑一下</SPAN><SPAN
lang=EN-US>foobar.com</SPAN><SPAN style="FONT-FAMILY: 宋体">这个例子。当</SPAN><SPAN
lang=EN-US>foobar.com</SPAN><SPAN style="FONT-FAMILY: 宋体">和</SPAN><SPAN
lang=EN-US>gizmo.com</SPAN><SPAN
style="FONT-FAMILY: 宋体">合并之后,可以简单的把“</SPAN><SPAN lang=EN-US>dc=com</SPAN><SPAN
style="FONT-FAMILY: 宋体">”当作基准</SPAN><SPAN lang=EN-US>DN</SPAN><SPAN
style="FONT-FAMILY: 宋体">。把新的记录放到已经存在的</SPAN><SPAN lang=EN-US>dc=gizmo,
dc=com</SPAN><SPAN style="FONT-FAMILY: 宋体">目录下,这样就简化了很多工作(当然,如果</SPAN><SPAN
lang=EN-US>foobar.com</SPAN><SPAN style="FONT-FAMILY: 宋体">和</SPAN><SPAN
lang=EN-US>wocket.edu</SPAN><SPAN
style="FONT-FAMILY: 宋体">合并,这个方法就不能用了)。如果</SPAN><SPAN lang=EN-US>LDAP</SPAN><SPAN
style="FONT-FAMILY: 宋体">服务器是新安装的,我建议你使用这种格式。再请注意一下,如果你打算使用活动目录(</SPAN><SPAN
lang=EN-US>Actrive Directory</SPAN><SPAN style="FONT-FAMILY: 宋体">),</SPAN><SPAN
lang=EN-US>Microsoft</SPAN><SPAN
style="FONT-FAMILY: 宋体">已经限制你必须使用这种格式。</SPAN></P>
<H3><SPAN style="FONT-FAMILY: 宋体">更上一层楼:在目录树中怎么组织数据</SPAN></H3>
<P><SPAN style="FONT-FAMILY: 宋体">在</SPAN><SPAN lang=EN-US>UNIX</SPAN><SPAN
style="FONT-FAMILY: 宋体">文件系统中,最顶层是根目录(</SPAN><SPAN lang=EN-US>root</SPAN><SPAN
style="FONT-FAMILY: 宋体">)。在根目录的下面有很多的文件和目录。象上面介绍的那样,</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">目录也是用同样的方法组织起来的。</SPAN></P>
<P><SPAN style="FONT-FAMILY: 宋体">在根目录下,要把数据从逻辑上区分开。因为历史上(</SPAN><SPAN
lang=EN-US>X.500</SPAN><SPAN style="FONT-FAMILY: 宋体">)的原因,大多数</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">目录用</SPAN><SPAN
lang=EN-US>OU</SPAN><SPAN style="FONT-FAMILY: 宋体">从逻辑上把数据分开来。</SPAN><SPAN
lang=EN-US>OU</SPAN><SPAN style="FONT-FAMILY: 宋体">表示“</SPAN><SPAN
lang=EN-US>Organization Unit</SPAN><SPAN style="FONT-FAMILY: 宋体">”,在</SPAN><SPAN
lang=EN-US>X.500</SPAN><SPAN
style="FONT-FAMILY: 宋体">协议中是用来表示公司内部的机构:销售部、财务部,等等。现在</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">还保留</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">ou=</SPAN><SPAN
style="FONT-FAMILY: 宋体">这样的命名规则,但是扩展了分类的范围,可以分类为:</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">ou=people,
ou=groups, ou=devices</SPAN><SPAN
style="COLOR: black; FONT-FAMILY: 宋体">,等等。更低一级的</SPAN><SPAN lang=EN-US
style="COLOR: black">OU</SPAN><SPAN
style="COLOR: black; FONT-FAMILY: 宋体">有时用来做更细的归类。例如:</SPAN><SPAN lang=EN-US
style="COLOR: black">LDAP</SPAN><SPAN
style="COLOR: black; FONT-FAMILY: 宋体">目录树(不包括单独的记录)可能会是这样的:</SPAN><SPAN
lang=EN-US style="COLOR: black"></SPAN></P>
<P class=a><SPAN> </SPAN>dc=foobar, dc=com </P>
<P class=a><SPAN> </SPAN>ou=customers
</P>
<P
class=a><SPAN>
</SPAN>ou=asia </P>
<P
class=a><SPAN>
</SPAN>ou=europe </P>
<P
class=a><SPAN>
</SPAN>ou=usa </P>
<P class=a><SPAN> </SPAN>ou=employees
</P>
<P class=a><SPAN> </SPAN>ou=rooms </P>
<P class=a><SPAN> </SPAN> ou=groups
</P>
<P class=a><SPAN>
</SPAN>ou=assets-mgmt </P>
<P class=a><SPAN> </SPAN>ou=nisgroups
</P>
<P class=a><SPAN>
</SPAN>ou=recipes</P>
<H2><A name=_单独的LDAP记录></A><SPAN style="FONT-FAMILY: 黑体">单独的</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 黑体">记录</SPAN></H2>
<H3><SPAN lang=EN-US>DN</SPAN><SPAN style="FONT-FAMILY: 宋体">是</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">记录项的名字</SPAN></H3>
<P><SPAN style="FONT-FAMILY: 宋体">在</SPAN><SPAN lang=EN-US>LDAP</SPAN><SPAN
style="FONT-FAMILY: 宋体">目录中的所有记录项都有一个唯一的“</SPAN><SPAN lang=EN-US>Distinguished
Name</SPAN><SPAN style="FONT-FAMILY: 宋体">”,也就是</SPAN><SPAN
lang=EN-US>DN</SPAN><SPAN style="FONT-FAMILY: 宋体">。每一个</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">记录项的</SPAN><SPAN
lang=EN-US>DN</SPAN><SPAN style="FONT-FAMILY: 宋体">是由两个部分组成的:相对</SPAN><SPAN
lang=EN-US>DN</SPAN><SPAN style="FONT-FAMILY: 宋体">(</SPAN><SPAN
lang=EN-US>RDN</SPAN><SPAN style="FONT-FAMILY: 宋体">)和记录在</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">目录中的位置。</SPAN></P>
<P><SPAN lang=EN-US>RDN</SPAN><SPAN style="FONT-FAMILY: 宋体">是</SPAN><SPAN
lang=EN-US>DN</SPAN><SPAN style="FONT-FAMILY: 宋体">中与目录树的结构无关的部分。在</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN
style="FONT-FAMILY: 宋体">目录中存储的记录项都要有一个名字,这个名字通常存在</SPAN><SPAN
lang=EN-US>cn</SPAN><SPAN style="FONT-FAMILY: 宋体">(</SPAN><SPAN
lang=EN-US>Common Name</SPAN><SPAN
style="FONT-FAMILY: 宋体">)这个属性里。因为几乎所有的东西都有一个名字,在</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">中存储的对象都用它们的</SPAN><SPAN
lang=EN-US>cn</SPAN><SPAN style="FONT-FAMILY: 宋体">值作为</SPAN><SPAN
lang=EN-US>RDN</SPAN><SPAN
style="FONT-FAMILY: 宋体">的基础。如果我把最喜欢的吃燕麦粥食谱存为一个记录,我就会用</SPAN><B><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">cn=Oatmeal
Deluxe</SPAN></B><SPAN style="FONT-FAMILY: 宋体">作为记录项的</SPAN><SPAN
lang=EN-US>RDN</SPAN><SPAN style="FONT-FAMILY: 宋体">。</SPAN></P>
<P><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: Wingdings">l<SPAN
style="FONT: 7pt 'Times New Roman'">
</SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">我的</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">目录的基准</SPAN><SPAN
lang=EN-US>DN</SPAN><SPAN style="FONT-FAMILY: 宋体">是</SPAN><B><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">dc=foobar,dc=com</SPAN></B></P>
<P><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: Wingdings">l<SPAN
style="FONT: 7pt 'Times New Roman'">
</SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">我把自己的食谱作为</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">的记录项存在</SPAN><B><SPAN
lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">ou=recipes</SPAN></B></P>
<P><SPAN lang=EN-US style="FONT-FAMILY: Wingdings">l<SPAN
style="FONT: 7pt 'Times New Roman'">
</SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">我的</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">记录项的</SPAN><SPAN
lang=EN-US>RDN</SPAN><SPAN style="FONT-FAMILY: 宋体">设为</SPAN><B><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">cn=Oatmeal
Deluxe</SPAN></B></P>
<P><SPAN style="FONT-FAMILY: 宋体">上面这些构成了燕麦粥食谱的</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">记录的完整</SPAN><SPAN
lang=EN-US>DN</SPAN><SPAN style="FONT-FAMILY: 宋体">。记住,</SPAN><SPAN
lang=EN-US>DN</SPAN><SPAN style="FONT-FAMILY: 宋体">的读法和</SPAN><SPAN
lang=EN-US>DNS</SPAN><SPAN style="FONT-FAMILY: 宋体">主机名类似。下面就是完整的</SPAN><SPAN
lang=EN-US>DN</SPAN><SPAN style="FONT-FAMILY: 宋体">:</SPAN></P>
<P class=a><B><SPAN lang=EN-US>cn=Oatmeal
Deluxe,ou=recipes,dc=foobar,dc=com</SPAN></B></P>
<H3><SPAN style="FONT-FAMILY: 宋体">举一个实际的例子来说明</SPAN><SPAN
lang=EN-US>DN</SPAN></H3>
<P><SPAN style="FONT-FAMILY: 宋体">现在为公司的员工设置一个</SPAN><SPAN
lang=EN-US>DN</SPAN><SPAN style="FONT-FAMILY: 宋体">。可以用基于</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">cn</SPAN><SPAN
style="FONT-FAMILY: 宋体">或</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">uid</SPAN><SPAN
style="FONT-FAMILY: 宋体">(</SPAN><SPAN lang=EN-US>User ID</SPAN><SPAN
style="FONT-FAMILY: 宋体">),作为典型的用户帐号。例如,</SPAN><SPAN
lang=EN-US>FooBar</SPAN><SPAN style="FONT-FAMILY: 宋体">的员工</SPAN><SPAN
lang=EN-US>Fran Smith</SPAN><SPAN style="FONT-FAMILY: 宋体">(登录名:</SPAN><SPAN
lang=EN-US>fsmith</SPAN><SPAN style="FONT-FAMILY: 宋体">)的</SPAN><SPAN
lang=EN-US>DN</SPAN><SPAN style="FONT-FAMILY: 宋体">可以为下面两种格式:</SPAN></P>
<P class=a><B><SPAN
lang=EN-US>uid=fsmith,ou=employees,dc=foobar,dc=com</SPAN></B></P>
<P><I><SPAN style="FONT-FAMILY: 宋体">(基于登录名)</SPAN><SPAN
lang=EN-US></SPAN></I></P>
<P><SPAN lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">(以及</SPAN><SPAN
lang=EN-US>X.500</SPAN><SPAN style="FONT-FAMILY: 宋体">)用</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">uid</SPAN><SPAN
style="FONT-FAMILY: 宋体">表示“</SPAN><SPAN lang=EN-US>User ID</SPAN><SPAN
style="FONT-FAMILY: 宋体">”,不要把它和</SPAN><SPAN lang=EN-US>UNIX</SPAN><SPAN
style="FONT-FAMILY: 宋体">的</SPAN><SPAN lang=EN-US>uid</SPAN><SPAN
style="FONT-FAMILY: 宋体">号混淆了。大多数公司都会给每一个员工唯一的登录名,因此用这个办法可以很好地保存员工的信息。你不用担心以后还会有一个叫</SPAN><SPAN
lang=EN-US>Fran Smith</SPAN><SPAN style="FONT-FAMILY: 宋体">的加入公司,如果</SPAN><SPAN
lang=EN-US>Fran</SPAN><SPAN
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -