📄 介绍ldap.htm
字号:
style="FONT-FAMILY: 宋体">改变了她的名字(结婚?离婚?或宗教原因?),也用不着改变</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">记录项的</SPAN><SPAN
lang=EN-US>DN</SPAN><SPAN style="FONT-FAMILY: 宋体">。</SPAN></P>
<P class=a><B><SPAN lang=EN-US>cn=Fran
Smith,ou=employees,dc=foobar,dc=com</SPAN></B></P>
<P><I><SPAN style="FONT-FAMILY: 宋体">(基于姓名)</SPAN><SPAN
lang=EN-US></SPAN></I></P>
<P><SPAN style="FONT-FAMILY: 宋体">可以看到这种格式使用了</SPAN><SPAN lang=EN-US>Common
Name</SPAN><SPAN style="FONT-FAMILY: 宋体">(</SPAN><SPAN lang=EN-US>CN</SPAN><SPAN
style="FONT-FAMILY: 宋体">)。可以把</SPAN><SPAN lang=EN-US>Common Name</SPAN><SPAN
style="FONT-FAMILY: 宋体">当成一个人的全名。这种格式有一个很明显的缺点就是:如果名字改变了,</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">的记录就要从一个</SPAN><SPAN
lang=EN-US>DN</SPAN><SPAN style="FONT-FAMILY: 宋体">转移到另一个</SPAN><SPAN
lang=EN-US>DN</SPAN><SPAN
style="FONT-FAMILY: 宋体">。但是,我们应该尽可能地避免改变一个记录项的</SPAN><SPAN
lang=EN-US>DN</SPAN><SPAN style="FONT-FAMILY: 宋体">。</SPAN></P>
<H2><SPAN style="FONT-FAMILY: 黑体">定制目录的对象类型</SPAN></H2>
<P><SPAN style="FONT-FAMILY: 宋体">你可以用</SPAN><SPAN lang=EN-US>LDAP</SPAN><SPAN
style="FONT-FAMILY: 宋体">存储各种类型的数据对象,只要这些对象可以用属性来表示,下面这些是可以在</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">中存储的一些信息:</SPAN></P>
<P><SPAN lang=EN-US style="FONT-FAMILY: Wingdings">l<SPAN
style="FONT: 7pt 'Times New Roman'">
</SPAN></SPAN><SPAN
style="FONT-FAMILY: 宋体">员工信息:员工的姓名、登录名、口令、员工号、他的经理的登录名,邮件服务器,等等。</SPAN></P>
<P><SPAN lang=EN-US style="FONT-FAMILY: Wingdings">l<SPAN
style="FONT: 7pt 'Times New Roman'">
</SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">物品跟踪信息:计算机名、</SPAN><SPAN
lang=EN-US>IP</SPAN><SPAN style="FONT-FAMILY: 宋体">地址、标签、型号、所在位置,等等。</SPAN></P>
<P><SPAN lang=EN-US style="FONT-FAMILY: Wingdings">l<SPAN
style="FONT: 7pt 'Times New Roman'">
</SPAN></SPAN><SPAN
style="FONT-FAMILY: 宋体">客户联系列表:客户的公司名、主要联系人的电话、传真和电子邮件,等等。</SPAN></P>
<P><SPAN lang=EN-US style="FONT-FAMILY: Wingdings">l<SPAN
style="FONT: 7pt 'Times New Roman'">
</SPAN></SPAN><SPAN
style="FONT-FAMILY: 宋体">会议厅信息:会议厅的名字、位置、可以坐多少人、电话号码、是否有投影机。</SPAN></P>
<P><SPAN lang=EN-US style="FONT-FAMILY: Wingdings">l<SPAN
style="FONT: 7pt 'Times New Roman'">
</SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">食谱信息:菜的名字、配料、烹调方法以及准备方法。</SPAN></P>
<P><SPAN style="FONT-FAMILY: 宋体">因为</SPAN><SPAN lang=EN-US>LDAP</SPAN><SPAN
style="FONT-FAMILY: 宋体">目录可以定制成存储任何文本或二进制数据,到底存什么要由你自己决定。</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">目录用对象类型(</SPAN><SPAN
lang=EN-US>object classes</SPAN><SPAN
style="FONT-FAMILY: 宋体">)的概念来定义运行哪一类的对象使用什么属性。在几乎所有的</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN
style="FONT-FAMILY: 宋体">服务器中,你都要根据自己的需要扩展基本的</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN
style="FONT-FAMILY: 宋体">目录的功能,创建新的对象类型或者扩展现存的对象类型。</SPAN></P>
<P><SPAN lang=EN-US>LDAP</SPAN><SPAN
style="FONT-FAMILY: 宋体">目录以一系列“属性对”的形式来存储记录项,每一个记录项包括属性类型和属性值(这与关系型数据库用行和列来存取数据有根本的不同)。下面是我存在</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">目录中的一部分食谱记录:</SPAN></P>
<P class=a><SPAN> </SPAN>dn: cn=Oatmeal Deluxe, ou=recipes, dc=foobar,
dc=com </P>
<P class=a><SPAN> </SPAN>cn: Instant Oatmeal Deluxe </P>
<P class=a><SPAN> </SPAN>recipeCuisine: breakfast </P>
<P class=a><SPAN> </SPAN>recipeIngredient: 1 packet instant oatmeal </P>
<P class=a><SPAN> </SPAN>recipeIngredient: 1 cup water </P>
<P class=a><SPAN> </SPAN>recipeIngredient: 1 pinch salt </P>
<P class=a><SPAN> </SPAN>recipeIngredient: 1 tsp brown sugar </P>
<P class=a><SPAN> </SPAN>recipeIngredient: 1/4 apple, any type</P>
<P><SPAN style="FONT-FAMILY: 宋体">请注意上面每一种配料都作为属性</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">recipeIngredient</SPAN><SPAN
style="FONT-FAMILY: 宋体">值。</SPAN><SPAN lang=EN-US>LDAP</SPAN><SPAN
style="FONT-FAMILY: 宋体">目录被设计成象上面那样为一个属性保存多个值的,而不是在每一个属性的后面用逗号把一系列值分开。</SPAN></P>
<P><SPAN
style="FONT-FAMILY: 宋体">因为用这样的方式存储数据,所以数据库就有很大的灵活性,不必为加入一些新的数据就重新创建表和索引。更重要的是,</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN
style="FONT-FAMILY: 宋体">目录不必花费内存或硬盘空间处理“空”域,也就是说,实际上不使用可选择的域也不会花费你任何资源。</SPAN></P>
<H2><A name=_作为例子的一个单独的数据项></A><SPAN
style="FONT-FAMILY: 黑体">作为例子的一个单独的数据项</SPAN></H2>
<P><SPAN style="FONT-FAMILY: 宋体">让我们看看下面这个例子。我们用</SPAN><SPAN lang=EN-US>Foobar,
Inc.</SPAN><SPAN style="FONT-FAMILY: 宋体">的员工</SPAN><SPAN lang=EN-US>Fran
Smith</SPAN><SPAN style="FONT-FAMILY: 宋体">的</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">记录。这个记录项的格式是</SPAN><SPAN
lang=EN-US>LDIF</SPAN><SPAN style="FONT-FAMILY: 宋体">,用来导入和导出</SPAN><SPAN
lang=EN-US>LDAP</SPAN><SPAN style="FONT-FAMILY: 宋体">目录的记录项。</SPAN></P>
<P class=a><SPAN> </SPAN>dn: uid=fsmith, ou=employees, dc=foobar,
dc=com</P>
<P class=a><SPAN> </SPAN>objectclass: person</P>
<P class=a><SPAN> </SPAN>objectclass: organizationalPerson</P>
<P class=a><SPAN> </SPAN>objectclass: inetOrgPerson</P>
<P class=a><SPAN> </SPAN>objectclass: foobarPerson</P>
<P class=a><SPAN> </SPAN>uid: fsmith</P>
<P class=a><SPAN> </SPAN>givenname: Fran</P>
<P class=a><SPAN> </SPAN>sn: Smith</P>
<P class=a><SPAN> </SPAN>cn: Fran Smith</P>
<P class=a><SPAN> </SPAN> cn: Frances Smith</P>
<P class=a><SPAN> </SPAN>telephonenumber: 510-555-1234</P>
<P class=a><SPAN> </SPAN>roomnumber: 122G</P>
<P class=a><SPAN> </SPAN>o: Foobar, Inc.</P>
<P class=a><SPAN> </SPAN>mailRoutingAddress: fsmith@foobar.com</P>
<P class=a><SPAN> </SPAN>mailhost: mail.foobar.com</P>
<P class=a><SPAN> </SPAN>userpassword: {crypt}3x1231v76T89N</P>
<P class=a><SPAN> </SPAN>uidnumber: 1234</P>
<P class=a><SPAN> </SPAN>gidnumber: 1200</P>
<P class=a><SPAN> </SPAN>homedirectory: /home/fsmith</P>
<P class=a><SPAN> </SPAN>loginshell: /usr/local/bin/bash</P>
<P><SPAN
style="FONT-FAMILY: 宋体">属性的值在保存的时候是保留大小写的,但是在默认情况下搜索的时候是不区分大小写的。某些特殊的属性(例如,</SPAN><SPAN
lang=EN-US>password</SPAN><SPAN
style="FONT-FAMILY: 宋体">)在搜索的时候需要区分大小写。</SPAN></P>
<P><SPAN style="FONT-FAMILY: 宋体">让我们一点一点地分析上面的记录项。</SPAN></P>
<P class=a><SPAN lang=EN-US>dn: uid=fsmith, ou=employees, dc=foobar,
dc=com</SPAN></P>
<P><SPAN style="FONT-FAMILY: 宋体">这是</SPAN><SPAN lang=EN-US>Fran</SPAN><SPAN
style="FONT-FAMILY: 宋体">的</SPAN><SPAN lang=EN-US>LDAP</SPAN><SPAN
style="FONT-FAMILY: 宋体">记录项的完整</SPAN><SPAN lang=EN-US>DN</SPAN><SPAN
style="FONT-FAMILY: 宋体">,包括在目录树中的完整路径。</SPAN><SPAN lang=EN-US>LDAP</SPAN><SPAN
style="FONT-FAMILY: 宋体">(和</SPAN><SPAN lang=EN-US>X.500</SPAN><SPAN
style="FONT-FAMILY: 宋体">)使用</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">uid</SPAN><SPAN
style="FONT-FAMILY: 宋体">(</SPAN><SPAN lang=EN-US>User ID</SPAN><SPAN
style="FONT-FAMILY: 宋体">),不要把它和</SPAN><SPAN lang=EN-US>UNIX</SPAN><SPAN
style="FONT-FAMILY: 宋体">的</SPAN><SPAN lang=EN-US>uid</SPAN><SPAN
style="FONT-FAMILY: 宋体">号混淆了。</SPAN></P>
<P class=a><SPAN> </SPAN>objectclass: person </P>
<P class=a><SPAN> </SPAN>objectclass: organizationalPerson </P>
<P class=a><SPAN> </SPAN>objectclass: inetOrgPerson </P>
<P class=a><SPAN> </SPAN>objectclass: foobarPerson</P>
<P><SPAN style="FONT-FAMILY: 宋体">可以为任何一个对象根据需要分配多个对象类型。</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">person</SPAN><SPAN
style="FONT-FAMILY: 宋体">对象类型要求</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">cn</SPAN><SPAN
style="FONT-FAMILY: 宋体">(</SPAN><SPAN lang=EN-US>common name</SPAN><SPAN
style="FONT-FAMILY: 宋体">)和</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">sn</SPAN><SPAN
style="FONT-FAMILY: 宋体">(</SPAN><SPAN lang=EN-US>surname</SPAN><SPAN
style="FONT-FAMILY: 宋体">)这两个域不能为空。</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">persion</SPAN><SPAN
style="FONT-FAMILY: 宋体">对象类型允许有其它的可选域,包括</SPAN><SPAN
lang=EN-US>givenname</SPAN><SPAN style="FONT-FAMILY: 宋体">、</SPAN><SPAN
lang=EN-US>telephonenumber</SPAN><SPAN style="FONT-FAMILY: 宋体">,等等。</SPAN><SPAN
lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">organizational
Person</SPAN><SPAN style="FONT-FAMILY: 宋体">给</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">person</SPAN><SPAN
style="FONT-FAMILY: 宋体">加入更多的可选域,</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">inetOrgPerson</SPAN><SPAN
style="FONT-FAMILY: 宋体">又加入更多的可选域(包括电子邮件信息)。最后,</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">foobarPerson</SPAN><SPAN
style="FONT-FAMILY: 宋体">是为</SPAN><SPAN lang=EN-US>Foobar</SPAN><SPAN
style="FONT-FAMILY: 宋体">定制的对象类型,加入了很多定制的属性。</SPAN></P>
<P class=a><SPAN> </SPAN>uid: fsmith </P>
<P class=a><SPAN> </SPAN>givenname: Fran </P>
<P class=a><SPAN> </SPAN>sn: Smith </P>
<P class=a><SPAN> </SPAN>cn: Fran Smith </P>
<P class=a><SPAN> </SPAN>cn: Frances Smith </P>
<P class=a><SPAN> </SPAN>telephonenumber: 510-555-1234 </P>
<P class=a><SPAN> </SPAN>roomnumber: 122G </P>
<P class=a><SPAN> </SPAN>o: Foobar, Inc.</P>
<P><SPAN style="FONT-FAMILY: 宋体">以前说过了,</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Courier New'">uid</SPAN><SPAN
style="FONT-FAMILY: 宋体">表示</SPAN><SPAN lang=EN-US>User ID</SPAN><SPAN
style="FONT-FAMILY: 宋体">。当看到</SPAN><SPAN lang=EN-US>uid</SPAN><SPAN
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -