Chinaunix首页 | 论坛 | 博客
  • 博客访问: 2476280
  • 博文数量: 293
  • 博客积分: 2660
  • 博客等级: 少校
  • 技术积分: 3632
  • 用 户 组: 普通用户
  • 注册时间: 2009-11-03 17:50
文章分类

全部博文(293)

文章存档

2015年(13)

2014年(58)

2013年(73)

2012年(25)

2011年(30)

2010年(86)

2009年(8)

分类:

2010-09-12 10:50:52

windows AD
1.先创建QQ的schema
编写一个ldf文件
dn: cn=QQ,cn=schema,cn=configuration,dc=x
changetype: add
objectclass: attributeSchema
lDAPDisplayName: QQ
attributeId: 1.3.6.1.4.1.999.1.1.28.11
oMSyntax: 2
attributeSyntax: 2.5.5.9
isSingleValued: TRUE
searchFlags: 1
description: "QQ Number"
说明:
要增加一个attribute,我们需要向schema的容器增加一个attributeSchema对象。
dn: cn=QQ,cn=schema,cn=configuration,dc=x
changetype: add
objectclass: attributeSchema
lDAPDisplayName: QQ
attributeId: 1.3.6.1.4.1.999.1.1.28.11
 
这四行脚本说明增加一个名称为QQ的属性,其中属性的唯一标识attributeId的值1.3.6.1.4.1.999.1.1.28.11,可以到以下网址中申请:
 
oMSyntax: 2
attributeSyntax: 2.5.5.9
isSingleValued: TRUE
searchFlags: 1
 
这四行说明了新增加attribute的一些基本属性,基中oMSyntax和attributeSyntax说明了该attribute值的数据类型为integer类型,我们可以通过以下表的查找到相应的数据类型值。TRUE大小写敏感。
attributeSyntax 与 oMSyntax 对应表
Name:               AccessPointDN
attributeSyntax:    2.5.5.14
oMSyntax:           127
Description:        Type of distinguished name taken from X.500.
Name:               Boolean
attributeSyntax:    2.5.5.8
oMSyntax:           1
Description:        TRUE or FALSE value.
Name:               CaseExactString
attributeSyntax:    2.5.5.3
oMSyntax:           27
Description:        Case-sensitive string.
Name:               CaseIgnoreString
attributeSyntax:    2.5.5.4
oMSyntax:             20
Description:           Case-insensitive string.
Name:                    DirectoryString
attributeSyntax:    2.5.5.12
oMSyntax:             64
Description:           Case-insensitive Unicode string.
Name:                    DN
attributeSyntax:    2.5.5.1
oMSyntax:             127
Description:           String representing a distinguished name.
Name:                    DNWithBinary
attributeSyntax:    2.5.5.7
oMSyntax:             127
Description:           Octet string that has the following format:B:CharCount:BinaryValue:ObjectDN
where CharCount is the number of hexadecimal digits in BinaryValue, BinaryValue  is the hexadecimal representation of the binary value, and ObjectDN is a distinguished name.
Name:                    DNWithString
attributeSyntax:    2.5.5.14
oMSyntax:             127
Description:           Octet string that contains a string value and a DN. A value with this syntax has the following format:S:CharCount:StringValue:ObjectDN  where CharCount is the number of characters in the StringValue string and ObjectDN is a distinguished name of an object in Active Directory.
Name:                    Enumeration
attributeSyntax:    2.5.5.9
oMSyntax:             10
Description:           Defined in X.500 and treated as an integer.
Name:                    GeneralizedTime
attributeSyntax:    2.5.5.11
oMSyntax:             24
Description:           Time-string format defined by ASN.1 standards. See ISO 8601 and X.680.
Name:                    IA5String
attributeSyntax:    2.5.5.5
oMSyntax:             22
Description:           Case-sensitive string containing characters from the IA5 character set.
Name:                    Integer
attributeSyntax:    2.5.5.9
oMSyntax:             2
Description:           32-bit integer.
Name:                    Integer8
attributeSyntax:    2.5.5.16
oMSyntax:             65
Description:           64-bit integer, also known as a large integer.
Name:                    NTSecurityDescriptor
attributeSyntax:    2.5.5.15
oMSyntax:             66
Description:           Octet string that contains a security descriptor.
Name:                    NumericString
attributeSyntax:    2.5.5.6
oMSyntax:             18                        String that contains digits.
Name:                    OctetString
attributeSyntax:    2.5.5.10
oMSyntax:             4
Description:           Array of bytes used to store binary data.
Name:                    OID
attributeSyntax:    2.5.5.2
oMSyntax:             6
Description:           String that contains digits (09) and decimal points (.).
Name:                    ORName
attributeSyntax:    2.5.5.7
oMSyntax:             127
Description:           Taken from X.400; used for X.400 to RFC 822 map ping.
Name:                    PresentationAddress
attributeSyntax:    2.5.5.13
oMSyntax:             127
Description:           String that contains OSI presentation addresses.
Name:                    PrintableString
attributeSyntax:    2.5.5.5
oMSyntax:             19
Description:           Case-sensitive string that contains characters from the printable character set.
Name:                    ReplicaLink
attributeSyntax:    2.5.5.10
oMSyntax:             127
Description:           Used by Active Directory internally.
Name:                    Sid
attributeSyntax:    2.5.5.17
oMSyntax:             4
Description:           Octet string that contains a security identifier (SID).
Name:                    UTCTime
attributeSyntax:    2.5.5.11
oMSyntax:             23
Description:           Time-string format defined by ASN.1 standards.

其它的attribute schema的属性说明:
LinkID: 在AD原有的attribute中,有两个互相配对的属性,member与memberOf,这两个attribute的数据类型都是distinguishedName类型,假设组Group1的member属性中有用户User1的distinguishedName时,User1的memberOf属性自然就会包含Group1的distinguishedName,当我们要实现这种类型的attribute时,我们就需要指定该attribute的LinkID,并且该attribute的类型必须为distinguishedName的类型,即attributeSyntax: 2.5.5.1及oMSyntax: 127。
运行导入:
ldifde -v -i -f .ldf
 
2.在CN=user,CN=Schema,CN=Cconfiguration,Dc=orange,Dc=blue,DC=com的maycontain中添加一个QQ属性.
 
3.获取某个属性的值
dsquery *  "CN=jack,CN=Users,DC=orange,DC=blue,DC=com" -scope base -attr QQ
QQ
6666666
 
这样就为一个用户添加了一个属性.
 
阅读(1531) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~