[ Pobierz całość w formacie PDF ]
.As discussed, thedefault object, groupOfUniqueNames, is a good starting point, but not sufficient for our needs.You'll need to add to the object class the ability to have the uniquePermission attribute aspart of the object class's definition.However, adding an attribute to an existing object classbrings up an important design issue related to directory servers.3.3.2.1 Addition versus extensionAt this point, there is a design decision to make.The directory server allows you either to addthe uniquePermission attribute to the set of allowed attributes for groupOfUniqueNames, or9Some directory servers, most notably iPlanet, offer a "Distinguished Name" LDAP type, which should be used.This will ensure that only valid DNsare supplied as values for the attribute.For more details on specific directory servers, check out Appendix C.52Building Java"! Enterprise Applications Volume I: Architectureto extend the groupOfUniqueNames class and create a new descendant object class where youcan make the desired change.The latter choice, extension, is always preferred; this is one ofthe very few design principles that is absolute.Changing a default LDAP object class is verydangerous, as it causes your directory server's schema to immediately become incompatiblewith all other directory servers.While you could certainly make the changes in these otherdirectory servers, you lose the ability to communicate through common structures, andcommunication between a modified directory server and an unmodified one, perhaps for[10]sharing groups (groupOfUniqueNames objects), would be made impossible.So instead, youneed to extend your directory server schema.Create a new object class and call itgroupOfForethoughtNames, with the parent object groupOfUniqueNames.You then need toadd the custom attribute, uniquePermission, to the set of required attributes for the newobject class.Once you have added this attribute, the groups object class is ready to use.Theobject class hierarchy for these new object classes is shown in Figure 3-13 (note that onlyrelevant attributes are shown for each class).Attributes above the line in each object class arerequired, and those below are optional.The connecting lines represent potential referencesbetween object class instances.Figure 3-13.Object class hierarchy for the Forethought LDAP schema3.3.3 Directory HierarchyNow that all of your object classes are in place and the LDAP schema is complete, you cancreate the object instances needed for storing Forethought data.Depending on the directoryserver you are using, some of these may already exist in your directory hierarchy.At the topof your tree, you should have an organization called "forethought.com" where the DN is[11]o=forethought.com.Underneath this top level, you want to be able to store users,permissions, and groups.As discussed earlier, most servers come with a preconfiguredorganizational unit for users called People; if it doesn't exist, you should create this unit.Theend result is a unit with a DN of ou=People, o=forethought.com.All the users (instances ofthe inetOrgPerson object class) will then reside under this unit.We've already discussed userDNs, identified by their user ID, the uid attribute.10I'm exaggerating slightly here; good programmers can program for these sorts of aberrant solutions and allow communication across heterogeneousobject classes.However, it is still bad practice, and cannot be discouraged enough.11If you are using an internationally aware directory server, the DN may be a little longer.A country reference is sometimes present, resulting inthe DN looking more like o=forethought.com, c=US (for the United States).You can substitute your country code as appropriate.53Building Java"! Enterprise Applications Volume I: ArchitectureObject Class Hierarchy, Directory HierarchyLike the difference between an LDAP schema and a database schema, distinguishingbetween object class hierarchies and directory hierarchies is a subtle thing.Theobject class hierarchy of a directory server is the set of physical objects that areallowed to exist within the schema.There are almost always many more of thesephysical objects, the object classes, than actual object instances in use.However, theobject instances and the treelike structure of data that they make up comprise theactual directory hierarchy, sometimes called (even more confusingly) simply theobject hierarchy.The best analogy here is to closely relate a directory server to theJava language [ Pobierz całość w formacie PDF ]

zanotowane.pl

doc.pisz.pl

pdf.pisz.pl

funlifepok.htw.pl

• Menu

  • Index
  • ASP.NET Module 7 Creating a Microsoft ASP.NET Web Application
  • [ebook] PHP MySQL PHP Database Applications IDG Books Jay Greenspan
  • Niemeyer Pat, Knudsen Jonathan Learning Java
  • Wen Chu Chen, Grace J. Yoo Encyclopedia of Asian American Issues Today (2 volumes) (2009)
  • Applications Of DSP To Audio And Acoustics (Mark Kahrs)
  • Idea Group Architectural Issues of Web Enabled Electronic Business
  • Koontz Dean R Sciana strachu
  • Eco Umberto Baudolino (2)
  • William Gibson Neuromancer v 1.1
  • Dębowski Marek T. Rok Chińskiego Lisa
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • alcotours.xlx.pl