DIT - LDAP entries and nodes

1.   DIT: Directory Information Tree, LDAP . ldif  formate file contains entries that conform. to it.

2.  LDAP directory stores information in ndoes. In this directory, each user has a node that stores information unique to her or him. Each group has a node that maintains a list of unique memebers.

WebSphere LPTA users LDAP to map authorization roles to users and groups. Therefore the DIT needs to contain a set of users entries. In addition it needs a set of groups such that each group entry refers to a subset of users that belong to that group.

Basically, the LDIF file that initially populate the directory contains:

         dn: cn=organazationName,c=contry  

        dn:  cn=users, o=organizationName, c=Contry

       dn:   cn=groups,o=organizationName,c=Contry

A DIT resembles a file directory tree, so begin by creating higher-level nodes that contains lower-level nodes,and then create the contained nodes. The DIT root will be the directory suffix o=organizationName, c=Contry, that can be defined by TDS configuration Tool.

Thus the LDIF file begins at the o=organizationName node. Next, it defines the people fand groups nodes. Finally, it populates the people and groups nodes with data nodes.

Each u=groups node contains the groupOfUniqueNames object class, wich specifies a multivalued attribute named uniqueMember. A group entry will use the value list of this attribute to reference the distinguished name(DN) of each user in a given group. WebSphere will use this information to check group membership for a role mapped to a DIT group.

3.  If cron task returns error message: 'VMM groups synchoniza failed. null error code=1'

Solution: check whether entry: cn=groups, u=xxx1,o=xxx2,c=xx3' imported into tds or not. If not, when ldapadding members, error 'No such object' also occurs.

 

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/24123206/viewspace-666527/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/24123206/viewspace-666527/