115 lines
7.2 KiB
HTML
115 lines
7.2 KiB
HTML
|
<?xml version="1.0" encoding="utf-8"?>
|
||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="dc.language" scheme="rfc1766" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow"/>
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<title>Directory Server (LDAP) - Publishing</title>
|
||
|
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="ic.css" />
|
||
|
</head>
|
||
|
<body>
|
||
|
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
|
||
|
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
|
||
|
|
||
|
|
||
|
<a name="rzahypubc"></a>
|
||
|
<h2 id="rzahypubc">Publishing</h2>
|
||
|
<p>i5/OS provides the ability to have the system publish certain kinds of
|
||
|
information to an LDAP directory. That is, the system will create and update
|
||
|
LDAP entries representing various types of data.</p>
|
||
|
<p>i5/OS has built-in support for publishing the following information to
|
||
|
a LDAP server:</p>
|
||
|
<p><span class="bold">Users</span></p><blockquote>
|
||
|
<p>When you configure the operating system to publish the information
|
||
|
type Users to the Directory Server, it automatically exports entries from
|
||
|
the system distribution directory to the Directory Server. It uses the QGLDSSDD
|
||
|
application program interface (API) to do this. This also keeps the LDAP directory
|
||
|
synchronized with changes that are made in the system distribution directory.
|
||
|
For information about the QGLDSSDD API, see "<a href="../apis/dirserv1.htm">Directory
|
||
|
Server APIs</a>" in the Programming topic.</p>
|
||
|
<p>Publishing users is useful
|
||
|
for providing LDAP search access to information from the system distribution
|
||
|
directory (for example to provide LDAP address book access to LDAP-enabled
|
||
|
POP3 mail clients like Netscape Communicator or Microsoft Outlook Express).</p>
|
||
|
<p>Published users can also be used to support LDAP authentication with
|
||
|
some users published from the system distribution directory, and other users
|
||
|
added to the directory by other means. A published user has a uid attribute
|
||
|
that names the user profile, and has no userPassword attribute. When a bind
|
||
|
request is received for an entry like this, the server calls the operating
|
||
|
system security to validate the uid and password as a valid user profile and
|
||
|
password for that profile. If you want to use LDAP authentication, and would
|
||
|
like existing users to be able to authenticate using their operating system
|
||
|
passwords, while non-i5/OS users are added to the directory manually, you
|
||
|
should consider this function.</p>
|
||
|
<p><img src="delta.gif" alt="Start of change" />Another way to publish users
|
||
|
is to take entries from an existing HTTP validation list and create corresponding
|
||
|
LDAP entries in the directory server. This is done through the QGLDPUBVL application
|
||
|
program interface (API). This API creates inetOrgPerson directory entries
|
||
|
with passwords that are linked to the original validation list entry. The
|
||
|
API can be run once or scheduled to run periodically to check for new entries
|
||
|
to add to the directory server. </p>
|
||
|
<a name="wq31"></a>
|
||
|
<div class="notetitle" id="wq31">Note:</div>
|
||
|
<div class="notebody">Only validation list entries
|
||
|
created for use with the HTTP Server (powered by Apache) are supported by
|
||
|
this API. Existing entries in the directory server will not be updated. Users
|
||
|
that are deleted from the validation list are not detected.</div><p class="indatacontent"> Once
|
||
|
users are added to the directory they can authenticate to applications that
|
||
|
use the validation as well as applications that support LDAP authentication.
|
||
|
For more information about the QGLDPUBVL API, see "<a href="../apis/dirserv1.htm">Directory Server APIs</a>" in the Programming topic.<img src="deltaend.gif" alt="End of change" /></p></blockquote>
|
||
|
<p><span class="bold">System information</span></p><blockquote>
|
||
|
<p>When you configure the operating system to publish the information
|
||
|
type System to the Directory Server, the following types of information are
|
||
|
published:</p>
|
||
|
<ul>
|
||
|
<li>Basic information about this machine and the operating system release.</li>
|
||
|
<li>Optionally, you can select one or more printers to publish, in which case
|
||
|
the system will automatically keep the LDAP directory synchronized with changes
|
||
|
that are made to those printers on the system.</li></ul>
|
||
|
<p>Printer information that can be published includes:</p>
|
||
|
<ul>
|
||
|
<li>Location</li>
|
||
|
<li>Speed in pages per minutes</li>
|
||
|
<li>Support for duplex and color</li>
|
||
|
<li>Type and model</li>
|
||
|
<li>Description</li></ul>
|
||
|
<p>This information comes from the device description on the system being
|
||
|
published. In a network environment, users can use this information to help
|
||
|
select a printer. The information is first published when a printer is selected
|
||
|
to be published, and it is updated when a printer writer is stopped or started,
|
||
|
or the printer device description is changed.</p></blockquote>
|
||
|
<p><span class="bold">Printer shares</span></p><blockquote>
|
||
|
<p>When you configure the operating system to publish printer shares,
|
||
|
information about the selected iSeries NetServer printer shares are published
|
||
|
to the configured Active Directory server. Publishing print shares to an Active
|
||
|
Directory allows users to add iSeries printers to their Windows 2000 desktop
|
||
|
with the Windows 2000's Add Printer wizard. In order to do this in the Add
|
||
|
Printer wizard, specify that you want to find a printer in the Windows 2000
|
||
|
Active Directory. You must publish print shares to a directory server which
|
||
|
supports Microsoft's Active Directory schema.</p></blockquote>
|
||
|
<p><span class="bold">TCP/IP Quality of Service</span></p><blockquote>
|
||
|
<p>The TCP/IP Quality of Service (QOS) server can be configured to use
|
||
|
a shared QOS policy defined in an LDAP directory using an IBM defined schema.
|
||
|
The TCP/IP QOS publishing agent is used by the QOS server to read the policy
|
||
|
information; it defines the server, authentication information, and where
|
||
|
in the directory the policy information is stored.</p></blockquote>
|
||
|
<p>You can also create an application to publish or search for other kinds
|
||
|
of information in a LDAP directory using this framework by defining additional
|
||
|
publishing agents and making use of the directory publishing APIs. For more
|
||
|
information, see <a href="rzahyusr-pi.htm#rzahyusr-pi">Publish information to the Directory Server</a> and <a href="../apis/dirserv1.htm">Directory
|
||
|
Server APIs</a> in the Programming topic.</p>
|
||
|
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
|
||
|
</body>
|
||
|
</html>
|