Sun and OracleChannel SunHow to BuyLog In繁體中文

Sun Java System Communications Express 6.3 Administration Guide
只搜尋這本書
搜尋說明
查看這本書:
包含在
尋找其他文件
熱門支援資源
 以 PDF 格式下載這本書 (1598 KB)

Appendix B Installing Communications Express Without Messaging Server and Using a Single Tree Structure

An existing Directory Information Tree should be mapped to the dual tree namespace to retrieve user/group entries, when you are installing Communications Express on a machine on which:

  • Messaging Server is not installed or configured

  • Single tree namespace structure is used for retrieving user/group entries

    The sections below describes how Communications Express uses the two DIT tree mechanism and how an existing single tree namespace structure maps to the dual tree name space.

Two Tree Names Space Mechanism

The namespace of Directory should consist of two directory information trees (DIT), an Organization Tree and a Domain Component Tree (DC Tree). Organization Trees contain the user and group entries. The DC Tree mirrors the local DNS structure and is used by the system as an index to the Organization Tree containing the data entries. The DC Tree also contains the domain’s operating parameters such as the service specific attributes.

How the Two-tree Namespace Mechanism Works

This section describes how Communications Express uses the two-DIT mechanism.

When Communications Express searches for user/group entries, it first looks at the user/group’s domain node in the DC Tree and extracts the value of the inetDomainBaseDN attribute. This attribute holds a DN reference to the organization subtree containing the actual user/group entry.

Using this model, Communications Express can support entries stored in any type of directory Tree, provided that a domain component node in the DC Tree points to the node in the Organization Tree under which the users for that domain can be found.

Why Two Directory Information Trees?

This dual-tree mechanism provides the following enhancements:

  • The partitioning of data for organization-specific access control. That is, each organization can have a separate subtree in the DIT where user and group entries are located. Access to that data can be limited to users in that part of the subtree.

  • The ability to have a distinct namespace for sub domains. For example, west.siroe.com and siroe.com may be mapped to separate organization subtrees allowing the creation of user entries with the same UID in each one of them.

程序To Map an Existing DIT to the Dual Tree Namespace

Assuming that the root suffix for Organization tree is: o=isp

Assuming that the Organization DN that is currently being used is o=siroe.com,o=isp and the user container is ou=People,o=siroe.com,o=isp

  1. Create a root suffix, o=internet for DC tree.

    The root suffix can be created using the Directory Server console.

  2. Under this DC tree root suffix, create a domain entry with DN as

    dc=siroe,dc=com,o=internet.

    Use the following LDIFs to create the domain entry using the ldapmodify command:

    Note –

    Please change the Organization root, Organization Name, Organization DN, Object Classes and Attribute values mentioned in the LDIF files to reflect your deployment details.


    root suffix
Organization root suffix: o=isp
Organization name: siroe
DNS domain name: siroe.com
Origanization DN: o=siroe.com,o=isp

    The following Object Classes and attributes are used by mail service:


    ObjectClasses:
mailDomain, nsManagedDomain
Attributes:
mailDomainStatus, preferredMailHost, mailDomainDiskQuota, mailDomainMsgQuota
mailDomainReportAddress, nsMaxDomains, nsNumUsers, nsNumDomains, nsNumMailLists
    Note –

    Remove mail service ObjectClasses and Attributes from the LDIFs if you do not wish to use them.

    Ensure that the value of inetDomainBaseDN attribute in the LDIF is assigned the organization DN.

    Examples of LDIF files

  3. Use ldapmodify command to add the LDIF file entries to the DC tree.

Example B–1 LDIF File 1


dn: dc=com,o=internet
dc: com
objectclass: top
objectclass: domain
Example B–2 LDIF File 2


dn: dc=com,o=internet
dc: com
objectclass: top
objectclass: domain
dn: dc=siroe,dc=com,o=internet
objectClass: top
objectClass: domain
objectClass: inetDomain
objectClass: mailDomain
objectClass: nsManagedDomain
dc: siroe
aci: (targetattr="icsTimeZone||icsMandatorySubscribed||icsMandatoryView|
|icsDefaultAccess||icsRecurrenceBound||icsRecurrenceDate|
|icsAnonymousLogin||icsAnonymousAllowWrite||icsAnonymousCalendar|
|icsAnonymousSet||icsAnonymousDefaultSet||icsSessionTimeout|
|icsAllowRights||icsExtended||icsExtendedDomainPrefs")
(targetfilter=(objectClass=icsCalendarDomain))(version 3.0; 
acl "Domain Adm calendar access - product=ims5.0,
class=nda,num=16,version=1"; allow (all) 
groupdn="ldap:///cn=Domain Administrators,ou=Groups,o=siroe.com,o=isp";
description: DC node for siroe.com hosted domain
inetDomainBaseDN: o=siroe.com,o=isp
inetDomainStatus: active
mailDomainStatus: active
preferredMailHost: mailhost.siroe.com
mailDomainDiskQuota: -1
mailDomainMsgQuota: -1
mailDomainReportAddress: postmaster@siroe.com
nsMaxDomains: 1
nsNumUsers: 1
nsNumDomains: 1
nsNumMailLists: 0