{"id":337,"date":"2011-07-12T11:23:33","date_gmt":"2011-07-12T11:23:33","guid":{"rendered":""},"modified":"2015-08-17T18:13:26","modified_gmt":"2015-08-17T16:13:26","slug":"dodawanie-schematow-opendj","status":"publish","type":"post","link":"https:\/\/drfugazi.eu.org\/en\/dodawanie-schematow-opendj\/","title":{"rendered":"Dodawanie schemat\u00f3w do OpenDJ"},"content":{"rendered":"

Sorry, this entry is only available in Polish<\/a>. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.<\/p>

OpenDJ podobnie jak inne us\u0142ugi katalogowe pozwala na rozszerzanie funkcjonalno\u015bci katalogu poprzez dodawanie schemat\u00f3w. Istnieje szereg gotowych schemat\u00f3w, kt\u00f3re powsta\u0142y dla r\u00f3\u017cnych us\u0142ug, mo\u017cna te\u017c zbudowa\u0107 w\u0142asny schemat zawieraj\u0105cy przydatne atrybuty (attribute) i klasy obiekt\u00f3w (objectClass). Ja tutaj pos\u0142u\u017c\u0119 si\u0119 schematem dla Samby, kt\u00f3ry mo\u017cna znale\u017a\u0107 gdzie\u015b w sieci. O sposobach konwersji schematu z postaci blokowej do formatu LDIF pisa\u0142em ju\u017c wcze\u015bniej<\/a>. Oto fragment schematu w LDIF:<\/p>\n

\r\n#\r\n################################################################################\r\n#\r\ndn: cn=schema\r\n#\r\n################################################################################\r\n#\r\nattributeTypes: (\r\n  1.3.6.1.4.1.7165.2.1.2\r\n  NAME 'ntPassword'\r\n  DESC 'NT Passwd'\r\n  EQUALITY caseIgnoreIA5Match\r\n  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32}\r\n  SINGLE-VALUE\r\n  )\r\n#\r\n################################################################################\r\n#\r\nobjectClasses: (\r\n  1.3.6.1.4.1.7165.2.2.14\r\n  NAME 'sambaTrustPassword'\r\n  DESC 'Samba Trust Password'\r\n  SUP top\r\n  STRUCTURAL\r\n  MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags )\r\n  MAY ( sambaSID $ sambaPwdLastSet )\r\n  )\r\n#\r\n################################################################################\r\n<\/code><\/pre>\n
Jest tu definicja atrybutu i klasy obiektu, ca\u0142o\u015b\u0107 schematu znajduje si\u0119 w za\u0142\u0105czniku. Aby wczyta\u0107 nowy schemat do OpenDJ mo\u017cna zaimportowa\u0107 LDIFa, ale mo\u017cna te\u017c wgra\u0107 plik schematu do katalogu OpenDJ-ver\/config\/schema<\/code> i zrestartowa\u0107 serwer:<\/p>\n
# cp 98-samba.ldif OpenDJ-2.4.3\/config\/schema\/\r\n# .\/OpenDJ-2.4.3\/bin\/stop-ds \r\nStopping Server...\r\n\r\n[12\/Jul\/2011:11:27:02 +0200] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend userRoot is now taken offline\r\n[12\/Jul\/2011:11:27:02 +0200] category=CORE severity=NOTICE msgID=458955 msg=The Directory Server is now stopped\r\n\r\n\r\n# .\/OpenDJ-2.4.3\/bin\/start-ds \r\n[12\/Jul\/2011:11:27:36 +0200] category=CORE severity=INFORMATION msgID=132 msg=The Directory Server is beginning the configuration bootstrapping process\r\n[12\/Jul\/2011:11:27:37 +0200] category=EXTENSIONS severity=INFORMATION msgID=1049147 msg=Loaded extension from file '\/data\/var\/OpenDJ-2.4.3\/lib\/extensions\/snmp-mib2605.jar' (build 2.4.3, revision 6998)\r\n[12\/Jul\/2011:11:27:38 +0200] category=CORE severity=NOTICE msgID=458886 msg=OpenDJ 2.4.3 (build 20110613203412Z, R6998) starting up\r\n...\r\n<\/code><\/pre>\n
Jak po restarcie uruchomimy GUI (control-panel) i zajrzymy do Schemat\u00f3w, to znajdziemy atrybuty i klasy obiekt\u00f3w Samby w drzewku Custom. Dodaj\u0119 reszt\u0119 potrzebnych schemat\u00f3w i ponownie restartuj\u0119 serwer:<\/p>\n
# cp 99-* OpenDJ-2.4.3\/config\/schema\r\n# .\/OpenDJ-2.4.3\/bin\/stop-ds\r\n# .\/OpenDJ-2.4.3\/bin\/start-ds\r\n<\/code><\/pre>\n
Przy wczytywaniu schemat\u00f3w obowi\u0105zuje kolejno\u015b\u0107 alfabetyczna, schematowi Samby nada\u0142em numer 98, \u017ceby zosta\u0142 wczytany przed pozosta\u0142ymi dodatkowymi schematami, gdy\u017c przynajmniej jedna z moich klas obiekt\u00f3w u\u017cywa atrybutu ntPassword, kt\u00f3ry musi by\u0107 zdefiniowany wcze\u015bniej.<\/p>\n
Nale\u017cy jednak pami\u0119ta\u0107 o tym, \u017ce je\u015bli jest skonfigurowana replikacja<\/b>, to nale\u017cy zachowa\u0107 sp\u00f3jno\u015b\u0107 schemat\u00f3w, czyli wgra\u0107 te same schematy do wszystkich serwer\u00f3w replikuj\u0105cych.<\/p>\n
Do\u0142\u0105czam jeszcze jeden schemat 99-phamm.ldif<\/code>, gdy\u017c na nim b\u0119d\u0119 opiera\u0142 kolejny wpis dotycz\u0105cy indeks\u00f3w.<\/p>","protected":false},"excerpt":{"rendered":"
Sorry, this entry is only available in Polish. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.OpenDJ podobnie...<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[115],"tags":[6,88],"jetpack_publicize_connections":[],"acf":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7M9Tz-5r","jetpack-related-posts":[{"id":333,"url":"https:\/\/drfugazi.eu.org\/en\/konwersja-schematu-ldif\/","url_meta":{"origin":337,"position":0},"title":"Konwersja schematu do LDIF","author":"","date":"Saturday November 27th, 2010","format":false,"excerpt":"Pot\u0119g\u0105 us\u0142ugi katalogowej LDAP jest mo\u017cliwo\u015b\u0107 definiowania w\u0142asnych atrybut\u00f3w, klas obiekt\u00f3w, regu\u0142 itp. i grupowania ich w tzw. schematy, kt\u00f3re mo\u017cna dodawa\u0107 do konfiguracji. Na dzie\u0144 dzisiejszy jednak wi\u0119kszo\u015b\u0107 schemat\u00f3w, kt\u00f3re znajdziecie w sieci jest zorganizowana w bloki zawieraj\u0105ce definicje atrybut\u00f3w i klas obiekt\u00f3w, wygl\u0105da to mniej wi\u0119cej tak: definicja\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":229,"url":"https:\/\/drfugazi.eu.org\/en\/konwersja-schematu-do-ldif\/","url_meta":{"origin":337,"position":1},"title":"Kowersja schematu LDAP do LDIF","author":"drfugazi","date":"Saturday November 27th, 2010","format":false,"excerpt":"Pot\u0119g\u0105 us\u0142ugi katalogowej LDAP jest mo\u017cliwo\u015b\u0107 definiowania w\u0142asnych atrybut\u00f3w, klas obiekt\u00f3w, regu\u0142 itp. i grupowania ich w tzw. schematy, kt\u00f3re mo\u017cna dodawa\u0107 do konfiguracji. Na dzie\u0144 dzisiejszy jednak wi\u0119kszo\u015b\u0107 schemat\u00f3w, kt\u00f3re znajdziecie w sieci jest zorganizowana w bloki zawieraj\u0105ce definicje atrybut\u00f3w i klas obiekt\u00f3w, wygl\u0105da to mniej wi\u0119cej tak: definicja\u2026","rel":"","context":"In \"Konfiguracja\"","block_context":{"text":"Konfiguracja","link":"https:\/\/drfugazi.eu.org\/en\/tag\/konfiguracja\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":285,"url":"https:\/\/drfugazi.eu.org\/en\/konfiguracja\/","url_meta":{"origin":337,"position":2},"title":"Konfiguracja OpenDJ","author":"drfugazi","date":"Monday July 11th, 2011","format":false,"excerpt":"Po rozpakowaniu i instalacji OpenDJ jest wst\u0119pnie skonfigurowany. W moim przypadku posiada te\u017c wpis bazowy (base entry), tutaj niech to b\u0119dzie dc=domain,dc=tld. Je\u015bli kto\u015b dopiero buduje drzewo LDAP, to pewnie teraz doda sobie standardowe ou=People i tam b\u0119dzie umieszcza\u0142 u\u017cytkownik\u00f3w za pomoc\u0105 narz\u0119dzi do zarz\u0105dzania katalogiem LDAP. Zwykle jednak jest\u2026","rel":"","context":"In "LDAP"","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":354,"url":"https:\/\/drfugazi.eu.org\/en\/opendj-online-schema-modification\/","url_meta":{"origin":337,"position":3},"title":"OpenDJ – online schema modification","author":"drfugazi","date":"Tuesday June 19th, 2012","format":false,"excerpt":"I wrote before about schema conversion to LDIF format and how to add schemas offline by uploading them to config\/schema directory in OpenDJ. Now I will describe how to extend schema online, without restart LDAP server. Most if not all LDAP servers now have possibility to modify configuration and schemas\u2026","rel":"","context":"In "LDAP"","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":338,"url":"https:\/\/drfugazi.eu.org\/en\/dodawanie-indeksow-opendj\/","url_meta":{"origin":337,"position":4},"title":"Dodawanie indeks\u00f3w do OpenDJ","author":"drfugazi","date":"Tuesday July 12th, 2011","format":false,"excerpt":"Sorry, this entry is only available in Polish. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.Indeksy to bardzo wa\u017cna rzecz w katalogu LDAP. Je\u015bli s\u0105 problemy wydajno\u015bciowe z katalogiem i zacznie si\u0119 szuka\u0107\u2026","rel":"","context":"In "LDAP"","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":341,"url":"https:\/\/drfugazi.eu.org\/en\/unique-attributes-opendj\/","url_meta":{"origin":337,"position":5},"title":"Unique attributes in OpenDJ","author":"drfugazi","date":"Monday July 25th, 2011","format":false,"excerpt":"Sometimes you need to set some attributes as unique, for example: if LDAP contains system users, then uid attribute shouldn't repeat in whole system. OpenDJ is equipped with proper plugin, but it's not enabled by default. In case of mail system, attribute mail should be unique. Here we don't have\u2026","rel":"","context":"In "LDAP"","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/337"}],"collection":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/comments?post=337"}],"version-history":[{"count":0,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/337\/revisions"}],"wp:attachment":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/media?parent=337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/categories?post=337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/tags?post=337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}