LDAP扫盲.ppt

2.2 数据操作格式 Ldap的全部操作只能使用LDIF(LDAP Data Interchange Format )格式来实现。 LDIF 由两部分组成，第一部分是前两行，版本和 dn ，后面是属性和值 2.2 数据操作格式 LDIF 由两部分组成，第一部分是前两行，版本和 dn ，后面是属性和值 LDIF文件实例： version: 1 dn: uid=bjensen, ou=people, dc=example, dc=com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Barbara Jensen cn: Babs Jensen givenName: Barbara sn: Jensen uid: bjensen mail: bjensen@ telephoneNumber: +1 408 555 1212 description: Manager, Switching Products Division 2 LDAP用户指南 常用命令ldapadd,ldapsearch,ldapmodify Ldapdelete etc 数据操作格式：LDIF文件 安全控制：ACL 2.3 安全控制：ACL 语法： access directive ::= access to what [by who [access] [control] ]+ What：指定的是需要访问的entries and attributes 2.3 安全控制：ACL 语法： access directive ::= access to what [by who [access] [control] ]+ who： 2.3 安全控制：ACL 语法： access directive ::= access to what [by who [access] [control] ]+ access： 2.3 安全控制：ACL 语法： access directive ::= access to what [by who [access] [control] ]+ control ::= [stop | continue | break] 这里的control的含义是，who不满足条件时候的行为就执行，control的行为，否则不执行。 2.3 安全控制：ACL access to directives work by first matching the what condition. If that evaluates to a match then processing continues with each by who element. If any of these conditions match the optional control part is executed (defaults to stop) and the access control result is success. If at the end of the access to directive none of the by who conditions has been met then an implicit control of stop is assumed and the access control result is fail. If access to what fails to match then control is passed to the next ACL and the process repeats. If no more ACLs exist then an implicit control of stop is assumed and the access control result is fail 。 2.3 安全控制：ACL # mail: self may write, authenticated users may read access to attrs=mail by self write by users read by * none # cn, sn: self my write, all may read access to attrs=cn,sn by self write by * read # immediate children: only self can add/d