1. DIT: Directory Information Tree, LDAP . ldif formate file contains entries that conform. to it.
2. LDAP directory stores information in ndoes. In this directory, each user has a node that stores information unique to her or him. Each group has a node that maintains a list of unique memebers.
WebSphere LPTA users LDAP to map authorization roles to users and groups. Therefore the DIT needs to contain a set of users entries. In addition it needs a set of groups such that each group entry refers to a subset of users that belong to that group.
Basically, the LDIF file that initially populate the directory contains:
dn: cn=organazationName,c=contry
dn: cn=users, o=organizationName, c=Contry
dn: cn=groups,o=organizationName,c=Contry
A DIT resembles a file directory tree, so begin by creating higher-level nodes that contains lower-level nodes,and then create the contained nodes. The DIT root will be the directory suffix o=organizationName, c=Contry, that can be defined by TDS configuration Tool.
Thus the LDIF file begins at the o=organizationName node. Next, it defines the people fand groups nodes. Finally, it populates the people and groups nodes with data nodes.
Each u=groups node contains the groupOfUniqueNames object class, wich specifies a multivalued attribute named uniqueMember. A group entry will use the value list of this attribute to reference the distinguished name(DN) of each user in a given group. WebSphere will use this information to check group membership for a role mapped to a DIT group.
3. If cron task returns error message: 'VMM groups synchoniza failed. null error code=1'
Solution: check whether entry: cn=groups, u=xxx1,o=xxx2,c=xx3' imported into tds or not. If not, when ldapadding members, error 'No such object' also occurs.
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/24123206/viewspace-666527/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/24123206/viewspace-666527/