编写AD/ADAM扩展脚本有编写ldf文件和Vbscript脚本两种方法,本文主要对编写ldf文件的写法进行一些说明,文中出现的脚本,只需要保存为后缀名为ldf的文件,通过执行以下命令行,就可以导入。
ldifde -v -i -f <yourfilename>.ldf
在我们对AD/ADAM的应用开发中,我们可能会遇到下面几种情况:
- AD/ADAM现有的class不足够或不符合使用;
- AD/ADAM现有的attribute不足够或不符合使用;
- 需要将两个class的指定的attribute关联
- ……
在遇到这些情况时,我们就需要对AD/ADAM的Schema进行扩展,下面我们用几个实例,来对AD/ADAM的扩展脚本的编写进行一些简单的描述。
1、当我们要对AD/ADAM的增加一个名为QQ的Attribute,保存用户的QQ号码时,我们可以建立以下脚本,保存为后缀名为ldf的文件,例如:AddQQAttribute.ldf
dn: cn=QQ,cn=schema,cn=configuration,dc=x
changetype: add
objectclass: attributeSchema
lDAPDisplayName: QQ
attributeId: 1.3.6.1.4.1.999.1.1.28.11
oMSyntax: 2
attributeSyntax: 2.5.5.9
isSingleValued: TRUE
searchFlags: 1
description: "QQ Number"
说明:
要增加一个attribute,我们需要向schema的容器增加一个attributeSchema对象。
dn: cn=QQ,cn=schema,cn=configuration,dc=x
changetype: add
objectclass: attributeSchema
lDAPDisplayName: QQ
attributeId: 1.3.6.1.4.1.999.1.1.28.11
这四行脚本说明增加一个名称为QQ的属性,其中属性的唯一标识attributeId的值1.3.6.1.4.1.999.1.1.28.11,可以到以下网址中申请:http://www.iso.ch/iso/en/aboutiso/isomembers/index.html
oMSyntax: 2
attributeSyntax: 2.5.5.9
isSingleValued: TRUE
searchFlags: 1
这四行说明了新增加attribute的一些基本属性,基中oMSyntax和attributeSyntax说明了该attribute值的数据类型为integer类型,我们可以通过以下表的查找到相应的数据类型值。TRUE大小写敏感。
attributeSyntax 与 oMSyntax 对应表
Name: AccessPointDN
attributeSyntax: 2.5.5.14
oMSyntax: 127
Description: Type of distinguished name taken from X.500.
Name: Boolean
attributeSyntax: 2.5.5.8
oMSyntax: 1
Description: TRUE or FALSE value.
Name: CaseExactString
attributeSyntax: 2.5.5.3
oMSyntax: 27
Description: Case-sensitive string.
Name: CaseIgnoreString
attributeSyntax: 2.5.5.4
oMSyntax: 20
Description: Case-insensitive string.
Name: DirectoryString
attributeSyntax: 2.5.5.12
oMSyntax: 64
Description: Case-insensitive Unicode string.
Name: DN
attributeSyntax: 2.5.5.1
oMSyntax: 127
Description: String representing a distinguished name.
Name: DNWithBinary
attributeSyntax: 2.5.5.7
oMSyntax: 127
Description: Octet string that has the following format:B:CharCount:BinaryValue:ObjectDN
where CharCount is the number of hexadecimal digits in BinaryValue, BinaryValue is the hexadecimal representation of the binary value, and ObjectDN is a distinguished name.
Name: DNWithString
attributeSyntax: 2.5.5.14
oMSyntax: 127
Description: Octet string that contains a string value and a DN. A value with this syntax has the following format:S:CharCount:StringValue:ObjectDN where CharCount is the number of characters in the StringValue string and ObjectDN is a distinguished name of an object in Active Directory.
Name: Enumeration
attributeSyntax: 2.5.5.9
oMSyntax: 10
Description: Defined in X.500 and treated as an integer.
Name: GeneralizedTime
attributeSyntax: 2.5.5.11
oMSyntax: 24
Description: Time-string format defined by ASN.1 standards. See ISO 8601 and X.680.
Name: IA5String
attributeSyntax: 2.5.5.5
oMSyntax: 22
Description: Case-sensitive string containing characters from the IA5 character set.
Name: Integer
attributeSyntax: 2.5.5.9
oMSyntax: 2
Description: 32-bit integer.
Name: Integer8
attributeSyntax: 2.5.5.16
oMSyntax: 65
Description: 64-bit integer, also known as a large integer.
Name: NTSecurityDescriptor
attributeSyntax: 2.5.5.15
oMSyntax: 66
Description: Octet string that contains a security descriptor.
Name: NumericString
attributeSyntax: 2.5.5.6
oMSyntax: 18 String that contains digits.
Name: OctetString
attributeSyntax: 2.5.5.10
oMSyntax: 4
Description: Array of bytes used to store binary data.
Name: OID
attributeSyntax: 2.5.5.2
oMSyntax: 6
Description: String that contains digits (09) and decimal points (.).
Name: ORName
attributeSyntax: 2.5.5.7
oMSyntax: 127
Description: Taken from X.400; used for X.400 to RFC 822 map ping.
Name: PresentationAddress
attributeSyntax: 2.5.5.13
oMSyntax: 127
Description: String that contains OSI presentation addresses.
Name: PrintableString
attributeSyntax: 2.5.5.5
oMSyntax: 19
Description: Case-sensitive string that contains characters from the printable character set.
Name: ReplicaLink
attributeSyntax: 2.5.5.10
oMSyntax: 127
Description: Used by Active Directory internally.
Name: Sid
attributeSyntax: 2.5.5.17
oMSyntax: 4
Description: Octet string that contains a security identifier (SID).
Name: UTCTime
attributeSyntax: 2.5.5.11
oMSyntax: 23
Description: Time-string format defined by ASN.1 standards.
其它的attribute schema的属性说明:
LinkID: 在AD原有的attribute中,有两个互相配对的属性,member与memberOf,这两个attribute的数据类型都是distinguishedName类型,假设组Group1的member属性中有用户User1的distinguishedName时,User1的memberOf属性自然就会包含Group1的distinguishedName,当我们要实现这种类型的attribute时,我们就需要指定该attribute的LinkID,并且该attribute的类型必须为distinguishedName的类型,即attributeSyntax: 2.5.5.1及oMSyntax: 127。
2、假设我们需要往AD/ADAM里增加一个自定义的class,我们可以通过编写以下的脚本来完成。
dn: cn=rallencorp-SalesUser,CN=schema,CN=configuration,CN=x
changetype: add
objectclass: classSchema
lDAPDisplayName: rallencorp-SalesUser
governsId: 1.3.6.1.4.1.999.1.1.28.21
objectClassCategory: 1
subClassOf: top
description: Auxiliary class for Sales user attributes
mayContain: 1.3.6.1.4.1.999.1.1.28.11
说明:
governsId:定义该class的OID,可以到http://www.iso.ch/iso/en/aboutiso/isomembers/index.html.去申请;
objectClassCategory:定义该class的classType,各值的对应表如下:
Object class category values
Name Value Description
88 0 Legacy class type defined by the original X.500 standards. It should not be used for new classes.
Structural 1 Used for instantiating objects. Can be comprised of abstract, auxiliary, and other structural classes.
Abstract 2 Used to define a high-level grouping of attributes that can be used as part of other abstract or structural class definitions. Objects cannot be instantiated using an abstract class.
Auxiliary 3 Used as a collection of attributes that can be applied to other abstract, auxiliary, or structural classes.
subClassOf:定义上级类型,这里用Top指该类被定义在根节点下;
mayContain:可能包含的属性
mustContain:必须要包含的属性
possSuperiors:可以被构建在那些class下
以上代码,在ADAM中测试通过。
4014
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
