SunJavaSystemessManager72005Q4管理指南
SunMicrosystems,Inc.4150NetworkCircleSantaClara,CA95054U.S.A.
文件号码819–3482
版权所有2005SunMicrosystems,Inc.4150NetworkCircle,SantaClara,CA95054U.S.A.保留所有权利。
本文档及其相关产品的使用、复制、分发和反编译均受许可证限制。
未经Sun及其许可方(如果有)的事先书面许可,不得以任何形式、任何手段复制本产品或文档的任何部分。
第三方软件,包括字体技术,均已从Sun供应商处获得版权和使用许可。
本产品的某些部分可能是从BerkeleyBSD系统衍生出来的,并获得了加利福尼亚大学的许可。
UNIX是X/OpenCompany,Ltd.在美国和其他国家/地区独家许可的注册商标。
Sun、SunMicrosystems、Sun徽标、、AnswerBook、AnswerBook2和Solaris是SunMicrosystems,Inc.在美国和其他国家/地区的商标或注册商标。
所有的SPARC商标的使用均已获得许可,它们是SPARCInternational,Inc.在美国和其他国家/地区的商标或注册商标。
标有SPARC商标的产品均基于由SunMicrosystems,Inc.开发的体系结构。
OPENLOOK和Sun™图形用户界面是SunMicrosystems,Inc.为其用户和许可证持有者开发的。
Sun感谢Xerox在研究和开发可视或图形用户界面的概念方面为计算机行业所做的开拓性贡献。
Sun已从Xerox获得了对Xerox图形用户界面的非独占性许可证,该许可证还适用于实现OPENLOOKGUI和在其他方面遵守Sun书面许可协议的Sun许可证持有者。
美国政府权利–商业软件。
政府用户应遵循SunMicrosystems,Inc.的标准许可协议,以及FAR(FederalAcquisitionRegulations,即“联邦政府采购法规”)的适用条款及其补充条款。
本文档按“原样”提供,对于所有明示或默示的条件、陈述和担保,包括对适销性、适用性和非侵权性的默示保证,均不承担任何责任,除非此免责声明的适用范围在法律上无效。
060420@14774
目录
前言................................................................................................................................................................13
第I部分essManager配置..................................................................................................................................17
1essManager72005Q4配置脚本.......................................................................................................19essManager72005Q4安装概述........................................................................................................19essManageramconfig脚本操作................................................................................................20essManager范例配置脚本输入文件................................................................................................21部署模式变量......................................................................................................................................21essManager配置变量..................................................................................................................22Web容器配置变量..............................................................................................................................25DirectoryServer配置变量..................................................................................................................29essManageramconfig脚本.................................................................................................................30essManager部署方案..........................................................................................................................31部署essManager的附加实例....................................................................................................32配置和重新配置essManager的实例.......................................................................................33M配置或重新配置essManager的实例...........................................................................33卸载essManager...........................................................................................................................34M卸载essManager的实例.................................................................................................34卸载所有的essManager实例....................................................................................................35M彻底删除系统中的essManager72005Q4...................................................................35示例配置脚本输入文件.............................................................................................................................35
2安装和配置第三方Web容器...................................................................................................................37安装和配置BEAWebLogic8.1..................................................................................................................37M安装和配置WebLogic8.1..............................................................................................................37安装和配置IBMWebSphere5.1...............................................................................................................38M安装和配置WebSphere5.1...........................................................................................................38
3
目录
使用JavaES安装DirectoryServer和essManager.........................................................................39M安装DirectoryServer......................................................................................................................39
配置essManager...................................................................................................................................40M配置essManager......................................................................................................................40创建配置脚本输入文件.....................................................................................................................40运行配置脚本......................................................................................................................................41
重新启动Web容器.....................................................................................................................................42
3在SSL模式下配置essManager.........................................................................................................43使用安全SunJavaEnterpriseSystemWebServer配置essManager............................................43M配置安全的WebServer..................................................................................................................43使用安全SunJavaSystemApplicationServer配置essManager..................................................45以SSL设置ApplicationServer6.2....................................................................................................46M保证ApplicationServer实例的安全...................................................................................46以SSL配置ApplicationServer8.1....................................................................................................48在SSL模式下配置essManager..................................................................................................49M在SSL模式下配置essManager.....................................................................................49使用安全BEAWebLogicServer配置AMSDK.......................................................................................49M配置安全WebLogic实例...............................................................................................................49使用安全IBMWebSphereApplicationServer配置AMSDK...............................................................51M配置安全WebSphere实例............................................................................................................51在SSL模式下将essManager配置到DirectoryServer..................................................................52在SSL模式下配置DirectoryServer.................................................................................................52将essManager连接至已启用SSL的DirectoryServer..........................................................52M将essManager连接到DirectoryServer.......................................................................53
第II部分访问控制.......................................................................................................................................................55
4essManager控制台..............................................................................................................................57管理视图.......................................................................................................................................................57领域模式控制台..................................................................................................................................57传统模式控制台..................................................................................................................................58用户概要文件视图......................................................................................................................................60
4
SunJavaSystemessManager72005Q4管理指南•
目录
5管理领域.......................................................................................................................................................63创建和管理领域..........................................................................................................................................63M创建新的领域..................................................................................................................................63常规属性...............................................................................................................................................64验证................................................................................................................................................................64服务................................................................................................................................................................64M将服务添加到领域.........................................................................................................................65权限................................................................................................................................................................65
6数据存储库...................................................................................................................................................67LDAPv3数据存储库...................................................................................................................................67M创建新的LDAPv3数据存储库....................................................................................................67LDAPv3库插件属性...........................................................................................................................68AMSDK库插件............................................................................................................................................73M创建新的AMSDK库插件.............................................................................................................73
7管理验证.......................................................................................................................................................75配置验证.......................................................................................................................................................75验证模块类型......................................................................................................................................75验证模块实例......................................................................................................................................84M创建新的验证模块实例........................................................................................................84验证链....................................................................................................................................................85M创建新的验证链.............................................................................................................................85验证类型.......................................................................................................................................................86验证类型如何确定访问.....................................................................................................................86基于领域的验证..................................................................................................................................88基于组织的验证..................................................................................................................................90基于角色的验证..................................................................................................................................92基于服务的验证..................................................................................................................................95基于用户的验证..................................................................................................................................97基于验证级别的验证.........................................................................................................................99基于模块的验证................................................................................................................................101用户界面登录URL...................................................................................................................................103登录URL参数....................................................................................................................................103帐户锁定.....................................................................................................................................................109物理锁定.............................................................................................................................................
110
5
目录
验证服务故障转移....................................................................................................................................
110全限定域名映射........................................................................................................................................
111 FQDN映射的可能用途...................................................................................................................
112持久Cookie................................................................................................................................................
112 M启用持久Cookie...........................................................................................................................
112传统模式中的多LDAP验证模块配置.................................................................................................
112 M添加其他LDAP配置...................................................................................................................
113会话升级.....................................................................................................................................................
116验证插件接口............................................................................................................................................
117 M编写和配置验证插件...................................................................................................................
117JAAS共享状态...........................................................................................................................................
118 启用JAAS共享状态.........................................................................................................................
118 8管理策略.....................................................................................................................................................
119概述..............................................................................................................................................................
119策略管理功能............................................................................................................................................120URL策略代理服务............................................................................................................................120策略类型.....................................................................................................................................................121标准策略.............................................................................................................................................121候选策略.............................................................................................................................................125策略定义类型文档....................................................................................................................................126Policy元素..........................................................................................................................................126Rule元素.............................................................................................................................................126Subjects元素.......................................................................................................................................128Subject元素........................................................................................................................................128Referrals元素......................................................................................................................................128Referral元素.......................................................................................................................................128Conditions元素.................................................................................................................................128Condition元素...................................................................................................................................129添加“已启用策略服务”............................................................................................................................129M添加新的已启用策略服务..........................................................................................................129创建策略.....................................................................................................................................................130M使用amadmin创建策略.............................................................................................................130M使用essManager控制台创建标准策略............................................................................131M使用essManager控制台创建候选策略............................................................................131为对等领域和子领域创建策略......................................................................................................131
6
SunJavaSystemessManager72005Q4管理指南•
目录
M为子领域创建策略...............................................................................................................132管理策略.....................................................................................................................................................132
修改标准策略....................................................................................................................................132M在标准策略中添加或修改规则.........................................................................................132M在标准策略中添加或修改主题.........................................................................................133M将条件添加到标准策略......................................................................................................134M将响应提供者添加到标准策略.........................................................................................134
修改候选策略....................................................................................................................................135M在候选策略中添加或修改规则.........................................................................................135M在策略中添加或修改候选项..............................................................................................136M将响应提供者添加到候选策略.........................................................................................136
策略配置服务............................................................................................................................................137主题结果的生存时间.......................................................................................................................137动态属性.............................................................................................................................................137amldapuser定义.................................................................................................................................137添加策略配置服务............................................................................................................................138
基于资源的验证........................................................................................................................................138限制......................................................................................................................................................138M配置基于资源的验证...........................................................................................................138
9管理主题.....................................................................................................................................................141用户..............................................................................................................................................................141M创建或修改用户...........................................................................................................................141M将用户添加到角色和组..............................................................................................................142M将服务添加到身份.......................................................................................................................142代理..............................................................................................................................................................143M创建或修改代理...........................................................................................................................143创建唯一策略代理身份...................................................................................................................144M创建唯一策略代理身份......................................................................................................144过滤的角色.................................................................................................................................................145M创建过滤的角色...........................................................................................................................146角色..............................................................................................................................................................146M创建或修改角色...........................................................................................................................146M将用户添加到角色或组..............................................................................................................146组..................................................................................................................................................................147M创建或修改组................................................................................................................................147
7
目录
第III部分目录管理和默认服务...............................................................................................................................149
10目录管理.....................................................................................................................................................151管理目录对象............................................................................................................................................151组织......................................................................................................................................................151M创建组织.................................................................................................................................152M删除组织.................................................................................................................................153容器......................................................................................................................................................153M创建容器.................................................................................................................................154M删除容器.................................................................................................................................154组容器..................................................................................................................................................154M创建组容器............................................................................................................................154M删除组容器............................................................................................................................155组..........................................................................................................................................................155M创建静态组............................................................................................................................156M向静态组添加成员或从中移除.........................................................................................156M创建动态组............................................................................................................................156M向动态组添加成员或从中移除.........................................................................................157人员容器.............................................................................................................................................157M创建人员容器........................................................................................................................158M删除人员容器........................................................................................................................158用户......................................................................................................................................................158M创建用户.................................................................................................................................158M编辑用户概要文件...............................................................................................................159M将用户添加到角色和组......................................................................................................160角色......................................................................................................................................................161M创建静态角色........................................................................................................................162M将用户添加到静态角色......................................................................................................163M创建动态角色........................................................................................................................164M从角色中移除用户...............................................................................................................166
11当前会话.....................................................................................................................................................167当前会话界面............................................................................................................................................167会话管理.............................................................................................................................................167会话信息.............................................................................................................................................167终止会话.............................................................................................................................................168
8
SunJavaSystemessManager72005Q4管理指南•
目录
M终止会话.................................................................................................................................168
12密码重置服务............................................................................................................................................169注册密码重置服务....................................................................................................................................169M为不同领域中的用户注册密码重置........................................................................................169配置密码重置服务....................................................................................................................................170M配置服务.........................................................................................................................................170密码重置封锁....................................................................................................................................171最终用户的密码重置...............................................................................................................................171自定义密码重置................................................................................................................................171M自定义密码重置....................................................................................................................171重置忘记密码....................................................................................................................................172M重置忘记密码........................................................................................................................172密码策略.....................................................................................................................................................172
13日志记录服务............................................................................................................................................175日志文件.....................................................................................................................................................175essManager服务日志........................................................................................................................175会话日志.............................................................................................................................................175控制台日志.........................................................................................................................................176验证日志.............................................................................................................................................176联合日志.............................................................................................................................................176策略日志.............................................................................................................................................176代理日志.............................................................................................................................................176SAML日志..........................................................................................................................................176amAdmin日志...................................................................................................................................177日志记录功能............................................................................................................................................177安全日志.............................................................................................................................................177M启用安全日志........................................................................................................................177命令行日志.........................................................................................................................................178日志属性.............................................................................................................................................178远程日志.............................................................................................................................................178M启用远程日志........................................................................................................................179错误日志和访问日志...............................................................................................................................180调试文件.....................................................................................................................................................181调试级别.............................................................................................................................................181
9
目录
调试输出文件....................................................................................................................................182使用调试文件....................................................................................................................................182多个essManager实例和调试文件..........................................................................................183
第IV部分命令行参考................................................................................................................................................185
14amadmin命令行工具...............................................................................................................................187amadmin命令行可执行文件..................................................................................................................187amadmin语法....................................................................................................................................187使用amadmin进行联合管理.........................................................................................................190将amadmin用于资源包..................................................................................................................192
15ampassword命令行工具.........................................................................................................................195ampassword命令行可执行文件.............................................................................................................195M用essManager在SSL模式下运行ampassword...............................................................195
16bak2am命令行工具.................................................................................................................................197bak2am命令行可执行文件.....................................................................................................................197bak2am语法.......................................................................................................................................197
17am2bak命令行工具.................................................................................................................................199am2bak命令行可执行文件.....................................................................................................................199am2bak语法.......................................................................................................................................199M运行备份程序........................................................................................................................201
18amserver命令行工具...............................................................................................................................203amserver命令行可执行文件...................................................................................................................203amserver语法.....................................................................................................................................203
19VerifyArchive命令行工具.......................................................................................................................205VerifyArchive命令行可执行文件..........................................................................................................205VerifyArchive语法.............................................................................................................................205
10
SunJavaSystemessManager72005Q4管理指南•
目录
20amsecuridd帮助器...................................................................................................................................207amsecuridd帮助器命令行可执行文件.................................................................................................207amsecuridd语法.................................................................................................................................208运行amsecuridd帮助器...................................................................................................................208
第V部分附录..............................................................................................................................................................
相关文章
