Network Working Group R. Hedberg
Request for Comment: 2657 Catalogix
Category: Experimental August 1999
Network Working Group R. Hedberg
Request for Comment: 2657 Catalogix
Category: Experimental August 1999
LDAPv2 Client vs. the Index Mesh
LDAPv2客户端与索引网格
Status of this Memo
本备忘录的状况
This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited.
这份备忘录为互联网社区定义了一个实验性协议。它没有规定任何类型的互联网标准。要求进行讨论并提出改进建议。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
Abstract
摘要
LDAPv2 clients as implemented according to RFC 1777 [1] have no notion on referral. The integration between such a client and an Index Mesh, as defined by the Common Indexing Protocol [2], heavily depends on referrals and therefore needs to be handled in a special way. This document defines one possible way of doing this.
根据RFC 1777[1]实施的LDAPv2客户机没有转介概念。根据通用索引协议[2]的定义,这种客户端和索引网格之间的集成在很大程度上取决于引用,因此需要以特殊的方式进行处理。本文件定义了一种可能的方法。
During the development of the Common Indexing Protocol (CIP), one of the underlying assumptions was that the interaction between clients and the Index Mesh Servers [1] would heavily depend on the passing of referrals. Protocols like LDAPv2 [2] that lack this functionality need to compensate for it by some means. The way chosen in this memo is to add more intelligence into the client. There are two reasons behind this decision. First, this is not a major enhancement that is needed and secondly, that the intelligence when dealing with the Index Mesh, with or the knowledge about referrals, eventually has to go into the client.
在通用索引协议(CIP)的开发过程中,一个基本假设是客户端和索引网格服务器[1]之间的交互在很大程度上取决于引用的传递。像LDAPv2[2]这样缺乏这种功能的协议需要通过某种方式进行补偿。本备忘录中选择的方式是向客户机添加更多智能。这一决定背后有两个原因。首先,这不是一个需要的主要增强,其次,处理索引网格时的智能,或者关于转介的知识,最终必须进入客户端。
If a LDAPv2 client is going to be able to interact with the Index Mesh, the Mesh has to appear as something that is understandable to the client. Basically, this consists of representing the index servers and their contained indexes in a defined directory information tree (DIT) [3,4] structure and a set of object classes and attribute types that have been proven to be useful in this context.
如果LDAPv2客户端将能够与索引网格交互,则网格必须显示为客户端可以理解的内容。基本上,这包括在定义的目录信息树(DIT)[3,4]结构中表示索引服务器及其包含的索引,以及一组已被证明在这种情况下有用的对象类和属性类型。
Object class descriptions are written according to the BNF defined in [5].
对象类描述是根据[5]中定义的BNF编写的。
The cIPIndex objectClass, if present in a entry, allows it to hold one indexvalue and information connected to this value.
如果条目中存在cIPIndex对象类,则允许它保存一个indexvalue和与此值连接的信息。
( 1.2.752.17.3.9 NAME 'cIPIndex' SUP 'top' STRUCTURAL MUST ( extendedDSI $ idx ) MAY ( indexOCAT ) )
(1.2.752.17.3.9名称“cIPIndex”辅助“top”结构必须(扩展DSI$idx)可(indexOCAT))
The cIPDataSet objectClass, if present in a entry, allows it to hold information concerning one DataSet.
如果条目中存在cIPDataSet对象类,则允许它保存有关一个数据集的信息。
( 1.2.752.17.3.10 NAME 'cIPDataSet' SUP 'top' STRUCTURAL MUST ( dSI $ searchBase ) MAY ( indexOCAT $ description $ indexType $ accessPoint $ protocolVersion $ polledBy $ updateIntervall $ securityOption $ supplierURI $ consumerURI $ baseURI $ attributeNamespace $ consistencyBase ) )
(1.2.752.17.3.10名称“cIPDataSet”SUP“top”结构必须(dSI$searchBase)可以(indexOCAT$description$indexType$accessPoint$protocolVersion$Polled by$updateIntervall$securityOption$supplierURI$consumerURI$baseURI$attributeNamespace$consistencyBase))
The attributes idx, indexOCAT, extendedDSI, description, cIPIndexType, baseURI, dSI are used by a client accessing the index server. The other attributes (accesspoint, protocolVersion, polledBy, updateIntervall, consumerURI, supplierURI and securityOption, attributeNamespace, consistencyBase) are all for usage in server to server interactions.
访问索引服务器的客户端使用属性idx、indexOCAT、extendedDSI、description、cIPIndexType、baseURI、dSI。其他属性(accesspoint、protocolVersion、polledBy、updateIntervall、consumerURI、supplierURI和securityOption、attributeNamespace、consistencyBase)都用于服务器到服务器的交互。
The index value, normally used as part of the RDN.
索引值,通常用作RDN的一部分。
( 1.2.752.17.1.20 NAME 'idx' EQUALITY caseIgnoreIA5Match SYNTAX IA5String SINGLE-VALUE )
(1.2.752.17.1.20名称“idx”相等caseIgnoreA5Match语法IA5String单值)
DataSet Identifier, a unique identifier for one particular set of information. This should be an OID, but stored in a stringformat.
数据集标识符,一组特定信息的唯一标识符。这应该是一个OID,但以stringformat存储。
( 1.2.752.17.1.21 NAME 'dSI' EQUALITY caseIgnoreIA5Match SYNTAX IA5String )
(1.2.752.17.1.21名称“dSI”相等caseIgnoreA5Match语法IA5String)
Describes the type of data that is stored in this entry, by using objectcClasses and attributeTypes. The information is stored as a objectClass name followed by a space and then an attributeType name. A typical example when dealing with whitepages information would be "person cn".
使用objectcClasses和AttributeType描述存储在此条目中的数据类型。信息存储为objectClass名称,后跟空格,然后是attributeType名称。处理白页信息时的一个典型示例是“person cn”。
( 1.2.752.17.1.28 NAME 'indexOCAT' EQUALITY caseIgnoreIA5Match SYNTAX IA5String )
(1.2.752.17.1.28名称'indexOCAT'相等caseIgnoreA5Match语法IA5String)
A URI describing which protocols, hostnames and ports should be used by an indexserver to interact with servers carrying indexinformation representing this dataSet.
一个URI,描述indexserver应使用哪些协议、主机名和端口与承载代表此数据集的indexinformation的服务器进行交互。
( 1.2.752.17.1.22 NAME 'supplierURI' EQUALITY caseIgnoreIA5Match SYNTAX IA5String )
(1.2.752.17.1.22名称“supplierURI”相等CaseIgnoreA5Match语法IA5String)
The attribute value for this attribute is a LDAP URI. One can envisage other URI syntaxes, if the client knows about more access protocols besides LDAP, and the interaction between the client and the server can not use referrals for some reason.
此属性的属性值是LDAP URI。如果客户机知道LDAP之外的更多访问协议,并且客户机和服务器之间的交互由于某种原因不能使用引用,那么可以设想其他URI语法。
( 1.2.752.17.1.26 NAME 'baseURI' EQUALITY caseExactIA5Match SYNTAX IA5String )
(1.2.752.17.1.26名称'baseURI'相等caseExactIA5Match语法IA5String)
At present, the Common Indexing Protocol version should be 3.
目前,通用索引协议版本应为3。
( 1.2.752.17.1.27 NAME 'protocolVersion' EQUALITY numericStringMatch SYNTAX numericString )
(1.2.752.17.1.27名称“protocolVersion”相等数字字符串匹配语法数字字符串)
The type of index Object that is used to pass around index information.
用于传递索引信息的索引对象的类型。
( 1.2.752.17.1.29 NAME 'cIPIndexType' EQUALITY caseIgnoreIA5Match SYNTAX IA5String )
(1.2.752.17.1.29名称'cIPIndexType'相等caseIgnoreA5Match语法IA5String)
The Distinguished Name of Index servers that polls data from this indexserver.
从此indexserver轮询数据的索引服务器的可分辨名称。
( 1.2.752.17.1.30 NAME 'polledBy' EQUALITY distinguishedNameMatch SYNTAX DN )
(1.2.752.17.1.30名称“polledBy”相等区分名称匹配语法DN)
The maximum duration in seconds between the generation of two updates by the supplier server.
供应商服务器生成两次更新之间的最长持续时间(秒)。
( 1.2.752.17.1.31 Name 'updateIntervall' EQUALITY numericStringMatch SYNTAX numericString SINGLE-VALUE )
(1.2.752.17.1.31名称'UpdateInterval'相等数值字符串匹配语法数值字符串单值)
Whether and how the supplier server should sign and encrypt the update before sending it to the consumer server.
供应商服务器是否以及如何在将更新发送到消费者服务器之前对其进行签名和加密。
( 1.2.752.17.1.32 NAME 'securityOption' EQUALITY caseIgnoreIA5Match SYNTAX IA5String SINGLE-VALUE )
(1.2.752.17.1.32名称'securityOption'相等caseIgnoreA5Match语法IA5String单值)
DataSet Identifier possibly followed by a space and a taglist, the later as specified by [6].
数据集标识符可能后跟空格和标记列表,后者由[6]指定。
( 1.2.752.17.1.33 NAME 'extendedDSI' EQUALITY caseIgnoreIA5Match SYNTAX IA5String )
(1.2.752.17.1.33名称“extendedDSI”相等caseIgnoreA5Match语法IA5String)
A URI describing which means a server can accept indexinformation. An example being a mailto URI for MIME email based index transport.
描述表示服务器可以接受索引信息的URI。例如,用于基于MIME电子邮件的索引传输的mailto URI。
( 1.2.752.17.1.34 NAME 'consumerURI' EQUALITY caseExactIA5Match SYNTAX IA5String )
(1.2.752.17.1.34名称“consumerURI”相等caseExactIA5Match语法IA5String)
Any consumer supplier pair has to agree on what attribute that should be used and also possibly the meaning of the attributenames. The value of this attribute should, for example, be a URI pointing to a document wherein the agreement is described.
任何消费者-供应商对必须就应该使用的属性以及属性名称的含义达成一致。例如,该属性的值应该是一个URI,指向描述协议的文档。
( 1.2.752.17.1.35 NAME 'attributeNamespace' EQUALITY caseExactIA5Match SYNTAX IA5String )
(1.2.752.17.1.35名称'attributeNamespace'相等大小写ExactIA5Match语法IA5String)
This attribute is specifically used by consumer supplier pairs that use the tagged index object [6].
此属性专门由使用标记索引对象的消费者-供应商对使用[6]。
( 1.2.752.17.1.36 NAME 'consistencyBase' EQUALITY caseExactIA5Match SYNTAX IA5String )
(1.2.752.17.1.36名称“consistencyBase”相等大小写ExactIA5Match语法IA5String)
A client interaction with the Index Mesh consists of a couple of rather well defined actions. The first being to find a suitable index to start with, then to transverse the Index Mesh and finally to query the servers holding the original data. Note when reading this text that what is discussed here is the client's perception of the DIT, how it is in fact implemented is not discussed.
客户端与索引网格的交互由两个定义良好的操作组成。首先要找到一个合适的索引,然后横穿索引网格,最后查询保存原始数据的服务器。请注意,在阅读本文时,这里讨论的是客户对DIT的看法,但没有讨论它实际上是如何实现的。
This approach depends on the fact that every index server partaking in an Index Mesh is represented in the DIT by a entry of the type cIPDataSet, and has a distinguished name (DN) which most significant relative distinguished name (RDN) has the attributetype dSI. Therefore, finding a suitable indexserver to start the search from is a matter of searching the DIT at a suitable place for objects with the objectClass cIPIndexObject. Every found entry can then be evaluated by looking at the description value as well as the indexOCAT value. The description string should be a human readable and understandable text that describes what the index server is indexing. An example of such a string could be, "This index covers all employees at Swedish Universities and University Colleges that has an email account". The indexOCAT attribute supplies information about which kind of entries and which attributes within these entries that the index information has emanated from. For example, if the
这种方法取决于这样一个事实,即参与索引网格的每个索引服务器在DIT中由cIPDataSet类型的条目表示,并且具有可分辨名称(DN),其中最重要的相对可分辨名称(RDN)具有attributetype dSI。因此,找到一个合适的indexserver来开始搜索就是在一个合适的位置搜索DIT,查找对象类为cIPIndexObject的对象。然后,可以通过查看description值和indexOCAT值来评估找到的每个条目。描述字符串应该是人类可读且可理解的文本,用于描述索引服务器正在索引的内容。这类字符串的一个例子可能是,“此索引涵盖瑞典大学和大学学院中拥有电子邮件帐户的所有员工”。indexOCAT属性提供关于索引信息来自哪些类型的条目以及这些条目中的哪些属性的信息。例如,如果
indexOCAT attribute value is "person cn", one can deduce that this is an index over persons and not over roles, and that it is the attribute commonName that is indexed.
indexOCAT属性值为“person cn”,可以推断这是针对人员而非角色的索引,并且索引的是属性commonName。
Each index server has its information represented in the DIT as a very flat tree. In fact, it is only one level deep.
每个索引服务器的信息在DIT中都表示为一个非常扁平的树。事实上,它只有一个层次的深度。
0 Indexservers cIPDataSet
/|\
/ | \
/ | \
0 0
cIPDataSet entries cIPIndex entries
one for each DataSet one for each index value
that this server has that this indexserver
gathered indexes from. has.
0 Indexservers cIPDataSet
/|\
/ | \
/ | \
0 0
cIPDataSet entries cIPIndex entries
one for each DataSet one for each index value
that this server has that this indexserver
gathered indexes from. has.
A search then consists of a set of searches. The first being the search for the index entries that contains an indexvalue that matches what the user is looking for, and the second a search based on the DSI information in the extendedDSI attribute values returned from the first search. In the case of the the cIPIndexType being tagged-index, the taglists should be compared to find which DSI it might be useful to pose further queries to.
然后,搜索由一组搜索组成。第一个是搜索包含与用户正在查找的内容匹配的indexvalue的索引项,第二个是基于第一次搜索返回的extendedDSI属性值中的DSI信息进行搜索。在cIPIndexType被标记为索引的情况下,应该比较标记列表,以找到对哪个DSI进行进一步查询可能有用。
When doing these types of searches, the client should be aware of the fact that the index values disregarding their origin (attributeTypes) always are stored in the index server as values of the idx attribute.
在执行这些类型的搜索时,客户机应该知道这样一个事实,即忽略其来源的索引值(AttributeType)始终作为idx属性的值存储在索引服务器中。
The object of the second search is to get information on the different DataSet involved, and should normally be performed as a read. Since the DataSet information probably will remain quite stable over time, this information lends itself very well to caching. If at this stage there is more than one DataSet involved, the User interface might use the description value to aid the user in choosing which one to proceed with. The content of the searchBase value of the DataSet tells the client whether it represents another index server (the most significant part of the dn is a dSI attribute) or if it is a end server.
第二次搜索的目的是获取有关不同数据集的信息,通常应以读取方式执行。由于数据集信息可能会随着时间的推移保持相当稳定,因此该信息非常适合缓存。如果在此阶段涉及多个数据集,则用户界面可能会使用描述值来帮助用户选择要继续处理的数据集。数据集的searchBase值的内容告诉客户端它是表示另一个索引服务器(dn的最重要部分是dSI属性)还是表示终端服务器。
When finally reaching the end server/servers that probably has the sought for information, the information in the indexOCAT attribute can be used to produce an appropriate filter. If a search for "Rol*" in an index having an indexOCAT attribute value of "person cn" returns an idx entry with the idx value of "Roland", then an appropriate filter to use might be "&(|(cn=* roland *)(cn=roland *)(cn=* roland))(objectclass=person)". A complete example of a search process is given in Appendix A.
当最终到达可能具有查找信息的终端服务器时,可以使用indexOCAT属性中的信息生成适当的过滤器。如果在indexOCAT属性值为“person cn”的索引中搜索“Rol*”,返回idx值为“Roland”的idx条目,则要使用的适当过滤器可能是“&(|(cn=*Roland*)(cn=Roland*)(cn=*Roland))(objectclass=person)”。附录A中给出了搜索过程的完整示例。
Since this memo deals with client behavior, it does not add anything that either enhances or diminishes the security features that exists in LDAPv2.
由于此备忘录涉及客户机行为,因此不会添加任何增强或削弱LDAPv2中存在的安全功能的内容。
As with security, this memo neither enhances or diminishes the handling of internationalization in LDAPv2.
与安全性一样,此备忘录既不增强也不减少LDAPv2中国际化的处理。
[1] Yeong, W., Howes, T. and S. Kille, "Lightweight Directory Access Protocol", RFC 1777, March 1995.
[1] Yeong,W.,Howes,T.和S.Kille,“轻量级目录访问协议”,RFC 17771995年3月。
[2] Allen, J. and M. Mealling "The Architecture of the Common Indexing Protocol (CIP)", RFC 2651, August 1999.
[2] Allen,J.和M.Mealling,“公共索引协议(CIP)的体系结构”,RFC 26511999年8月。
[3] The Directory: Overview of Concepts, Models and Service. CCITT Recommendation X.500, 1988.
[3] 目录:概念、模型和服务概述。CCITT建议X.500,1988年。
[4] Information Processing Systems -- Open Systems Interconnection -- The Directory: Overview of Concepts, Models and Service. ISO/IEC JTC 1/SC21; International Standard 9594-1, 1988.
[4] 信息处理系统开放系统互连目录:概念、模型和服务概述。ISO/IEC JTC 1/SC21;国际标准9594-11988。
[5] Wahl, M., Coulbeck, A., Howes, T. and S. Kille, "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions", RFC 2252, December 1997.
[5] Wahl,M.,Coulbeck,A.,Howes,T.和S.Kille,“轻量级目录访问协议(v3):属性语法定义”,RFC2252,1997年12月。
[6] Hedberg, R., Greenblatt, B., Moats, R. and M. Wahl, "A Tagged Index Object for use in the Common Indexing Protocol", RFC 2654, August 1999.
[6] Hedberg,R.,Greenblatt,B.,Moats,R.和M.Wahl,“通用索引协议中使用的标记索引对象”,RFC 2654,1999年8月。
Roland Hedberg Catalogix Dalsveien 53 0387 Oslo, Norway
挪威奥斯陆罗兰·赫德伯格目录Dalsveien 53 0387
Phone: +47 23 08 29 96
EMail: roland@catalogix.ac.se
Phone: +47 23 08 29 96
EMail: roland@catalogix.ac.se
Appendix A - Sample Session
附录A-会议样本
Below is a sample of a session between a LDAPv2 client and an index server mesh as specified in this memo.
下面是本备忘录中指定的LDAPv2客户端和索引服务器网格之间的会话示例。
The original question of the session is to find the email address of a person by the name, "Roland Hedberg", who is working at "Umea University" in Sweden.
会议的原始问题是找到一个名叫“罗兰·赫德伯格”的人的电子邮件地址,他在瑞典的“乌梅大学”工作。
Step 1.
第一步。
A singlelevel search with the baseaddress "c=SE" and the filter "(objectclass=cipDataset)" was issued.
发出了基址为“c=SE”且过滤器为“objectclass=cipDataset”的单级搜索。
The following results were received:
收到以下结果:
DN: dSI=1.2.752.17.5.0,c=SE
dsi= 1.2.752.17.5.0
description= "index over employees with emailaddresses within Swedish
higher education"
indexOCAT= "cn person"
cIPIndexType= "x-tagged-index-1" ;
searchBase= "dsi=1.2.752.17.5.0,c=SE"
protocolVersion = 3
DN: dSI=1.2.752.17.5.0,c=SE
dsi= 1.2.752.17.5.0
description= "index over employees with emailaddresses within Swedish
higher education"
indexOCAT= "cn person"
cIPIndexType= "x-tagged-index-1" ;
searchBase= "dsi=1.2.752.17.5.0,c=SE"
protocolVersion = 3
DN: dSI=1.2.752.23.1.3,c=SE
dsi= 1.2.752.23.1.3
description= "index over Swedish lawyers"
indexOCAT= "cn person"
cIPIndexType= "x-tagged-index-1" ;
searchBase= "dsi=1.2.752.23.1.3,c=SE"
protocolVersion = 3
DN: dSI=1.2.752.23.1.3,c=SE
dsi= 1.2.752.23.1.3
description= "index over Swedish lawyers"
indexOCAT= "cn person"
cIPIndexType= "x-tagged-index-1" ;
searchBase= "dsi=1.2.752.23.1.3,c=SE"
protocolVersion = 3
Step 2.
第二步。
Since the first index seemed to cover the interesting population, a single level search with the baseaddress "dsi=1.2.752.17.5.0,c=SE" and the filter "(|(idx=roland)(idx=hedberg))" was issued.
由于第一个索引似乎涵盖了感兴趣的人群,因此发布了一个带有基址“dsi=1.2.752.17.5.0,c=SE”和过滤器“(|(idx=roland)(idx=hedberg))的单级搜索。
The following results were received:
收到以下结果:
DN: idx=Roland,dSI=1.2.752.17.5.0,c=SE
idx= Roland
extendedDSI= 1.2.752.17.5.10 1,473,612,879,1024
extendedDSI= 1.2.752.17.5.14 35,78,150,200
extendedDSI= 1.2.752.17.5.16 187,2031,3167,5284,6034-6040
extendedDSI= 1.2.752.17.5.17 17
DN: idx=Roland,dSI=1.2.752.17.5.0,c=SE
idx= Roland
extendedDSI= 1.2.752.17.5.10 1,473,612,879,1024
extendedDSI= 1.2.752.17.5.14 35,78,150,200
extendedDSI= 1.2.752.17.5.16 187,2031,3167,5284,6034-6040
extendedDSI= 1.2.752.17.5.17 17
DN: idx=Hedberg,dSI=1.2.752.17.5.0,c=SE
idx= Hedberg
extendedDSI= 1.2.752.17.5.8 24,548-552,1066
extendedDSI= 1.2.752.17.5.10 473,512,636,777,1350
extendedDSI= 1.2.752.17.5.14 84,112,143,200
extendedDSI= 1.2.752.17.5.15 1890-1912
extendedDSI= 1.2.752.17.5.17 44
DN: idx=Hedberg,dSI=1.2.752.17.5.0,c=SE
idx= Hedberg
extendedDSI= 1.2.752.17.5.8 24,548-552,1066
extendedDSI= 1.2.752.17.5.10 473,512,636,777,1350
extendedDSI= 1.2.752.17.5.14 84,112,143,200
extendedDSI= 1.2.752.17.5.15 1890-1912
extendedDSI= 1.2.752.17.5.17 44
A comparison between the two sets of extendedDSIs shows that two datasets 1.2.752.17.5.10 and 1.2.752.17.5.14 contains persons named "Roland" and "Hedberg". Therefore, the next step would be to see what the datasets represent. A comparison like this should normally not be left to the user.
两组扩展数据集之间的比较表明,两组数据集1.2.752.17.5.10和1.2.752.17.5.14包含名为“罗兰”和“赫德伯格”的人员。因此,下一步将是查看数据集代表什么。这样的比较通常不应该留给用户。
Step. 3
步3.
Two baselevel searches, one for "dsi=1.2.752.17.5.10,dsi=1.2.752.17.5.0,c=SE" and the other for "dsi=1.2.752.17.5.14,dsi=1.2.752.17.5.0,c=SE" with the filter "(objectclass=cipdataset)" were issued.
发布了两个基本级别的搜索,一个用于“dsi=1.2.752.17.5.10,dsi=1.2.752.17.5.0,c=SE”,另一个用于“dsi=1.2.752.17.5.14,dsi=1.2.752.17.5.0,c=SE”以及过滤器(objectclass=cipdataset)”。
The following results were received:
收到以下结果:
DN: dSI=1.2.752.17.5.10,dSI=1.2.752.17.5.0,c=SE
dsi= 1.2.752.17.5.10
description= "Employees at Umea University,Sweden"
indexOCAT= "person cn"
searchBase= "o=Umea Universitet,c=SE"
DN: dSI=1.2.752.17.5.10,dSI=1.2.752.17.5.0,c=SE
dsi= 1.2.752.17.5.10
description= "Employees at Umea University,Sweden"
indexOCAT= "person cn"
searchBase= "o=Umea Universitet,c=SE"
respectively
分别地
DN: dSI=1.2.752.17.5.14,dSI=1.2.752.17.5.0,c=SE
dsi= 1.2.752.17.5.14
description= "Employees at Lund University,Sweden"
indexOCAT= "person cn"
searchBase= "o=Lunds Universitet,c=SE"
DN: dSI=1.2.752.17.5.14,dSI=1.2.752.17.5.0,c=SE
dsi= 1.2.752.17.5.14
description= "Employees at Lund University,Sweden"
indexOCAT= "person cn"
searchBase= "o=Lunds Universitet,c=SE"
Step 4
步骤4
Based on the descriptions for the two datasets, "1.2.752.17.5.10" was chosen as the best to proceed with. From the searchbase attribute value, it was clear that this was a base server. The query now has to be somewhat modified. One possibility would be to issue a query with the baseobject "o=Umea Universitet,c=SE" and the filter "(&(cn=Roland Hedberg)(objectclass=person))"
根据对这两个数据集的描述,选择“1.2.752.17.5.10”作为最佳继续。从searchbase属性值可以清楚地看出,这是一个基本服务器。现在必须对查询进行一些修改。一种可能是使用baseobject“o=umeauniversiitet,c=SE”和过滤器“&(cn=rolandhedberg)(objectclass=person))发出查询
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。