windows AD
1.先创建QQ的schema
编写一个ldf文件
dn: cn=QQ,cn=schema,cn=configuration,dc=x
changetype: add
objectclass: attributeSchema
lDAPDisplayName: QQ
attributeId: 1.3.6.1.4.1.999.1.1.28.11
oMSyntax: 2
attributeSyntax: 2.5.5.9
isSingleValued: TRUE
searchFlags: 1
description: "QQ Number"
说明:
要增加一个attribute,我们需要向schema的容器增加一个attributeSchema对象。
dn: cn=QQ,cn=schema,cn=configuration,dc=x
changetype: add
objectclass: attributeSchema
lDAPDisplayName: QQ
attributeId: 1.3.6.1.4.1.999.1.1.28.11
这四行脚本说明增加一个名称为QQ的属性,其中属性的唯一标识attributeId的值1.3.6.1.4.1.999.1.1.28.11,可以到以下网址中申请:
oMSyntax: 2
attributeSyntax: 2.5.5.9
isSingleValued: TRUE
searchFlags: 1
这四行说明了新增加attribute的一些基本属性,基中oMSyntax和attributeSyntax说明了该attribute值的数据类型为integer类型,我们可以通过以下表的查找到相应的数据类型值。TRUE大小写敏感。
attributeSyntax 与 oMSyntax 对应表
Name: AccessPointDN
attributeSyntax: 2.5.5.14
oMSyntax: 127
Description: Type of distinguished name taken from X.500.
Name: Boolean
attributeSyntax: 2.5.5.8
oMSyntax: 1
Description: TRUE or FALSE value.
Name: CaseExactString
attributeSyntax: 2.5.5.3
oMSyntax: 27
Description: Case-sensitive string.
Name: CaseIgnoreString
attributeSyntax: 2.5.5.4
oMSyntax: 20
Description: Case-insensitive string.
Name: DirectoryString
attributeSyntax: 2.5.5.12
oMSyntax: 64
Description: Case-insensitive Unicode string.
Name: DN
attributeSyntax: 2.5.5.1
oMSyntax: 127
Description: String representing a distinguished name.
Name: DNWithBinary
attributeSyntax: 2.5.5.7
oMSyntax: 127
Description: Octet string that has the following format:B:CharCount:BinaryValue:ObjectDN
where CharCount is the number of hexadecimal digits in BinaryValue, BinaryValue is the hexadecimal representation of the binary value, and ObjectDN is a distinguished name.
Name: DNWithString
attributeSyntax: 2.5.5.14
oMSyntax: 127
Description: Octet string that contains a string value and a DN. A value with this syntax has the following format:S:CharCount:StringValue:ObjectDN where CharCount is the number of characters in the StringValue string and ObjectDN is a distinguished name of an object in Active Directory.
Name: Enumeration
attributeSyntax: 2.5.5.9
oMSyntax: 10
Description: Defined in X.500 and treated as an integer.
Name: GeneralizedTime
attributeSyntax: 2.5.5.11
oMSyntax: 24
Description: Time-string format defined by ASN.1 standards. See ISO 8601 and X.680.
Name: IA5String
attributeSyntax: 2.5.5.5
oMSyntax: 22
Description: Case-sensitive string containing characters from the IA5 character set.
Name: Integer
attributeSyntax: 2.5.5.9
oMSyntax: 2
Description: 32-bit integer.
Name: Integer8
attributeSyntax: 2.5.5.16
oMSyntax: 65
Description: 64-bit integer, also known as a large integer.
Name: NTSecurityDescriptor
attributeSyntax: 2.5.5.15
oMSyntax: 66
Description: Octet string that contains a security descriptor.
Name: NumericString
attributeSyntax: 2.5.5.6
oMSyntax: 18 String that contains digits.
Name: OctetString
attributeSyntax: 2.5.5.10
oMSyntax: 4
Description: Array of bytes used to store binary data.
Name: OID
attributeSyntax: 2.5.5.2
oMSyntax: 6
Description: String that contains digits (09) and decimal points (.).
Name: ORName
attributeSyntax: 2.5.5.7
oMSyntax: 127
Description: Taken from X.400; used for X.400 to RFC 822 map ping.
Name: PresentationAddress
attributeSyntax: 2.5.5.13
oMSyntax: 127
Description: String that contains OSI presentation addresses.
Name: PrintableString
attributeSyntax: 2.5.5.5
oMSyntax: 19
Description: Case-sensitive string that contains characters from the printable character set.
Name: ReplicaLink
attributeSyntax: 2.5.5.10
oMSyntax: 127
Description: Used by Active Directory internally.
Name: Sid
attributeSyntax: 2.5.5.17
oMSyntax: 4
Description: Octet string that contains a security identifier (SID).
Name: UTCTime
attributeSyntax: 2.5.5.11
oMSyntax: 23
Description: Time-string format defined by ASN.1 standards.
其它的attribute schema的属性说明:
LinkID: 在AD原有的attribute中,有两个互相配对的属性,member与memberOf,这两个attribute的数据类型都是distinguishedName类型,假设组Group1的member属性中有用户User1的distinguishedName时,User1的memberOf属性自然就会包含Group1的distinguishedName,当我们要实现这种类型的attribute时,我们就需要指定该attribute的LinkID,并且该attribute的类型必须为distinguishedName的类型,即attributeSyntax: 2.5.5.1及oMSyntax: 127。
运行导入:
ldifde -v -i -f .ldf
2.在CN=user,CN=Schema,CN=Cconfiguration,Dc=orange,Dc=blue,DC=com的maycontain中添加一个QQ属性.
3.获取某个属性的值
dsquery * "CN=jack,CN=Users,DC=orange,DC=blue,DC=com" -scope base -attr QQ
QQ
6666666
这样就为一个用户添加了一个属性.
阅读(1531) | 评论(0) | 转发(0) |