Author: gnuhpc
Source: http://www.cnblogs.com/gnuhpc/
1. Organization tree
Organizations
Organization units
Business partner organizations
Locations
Administrative Domains
Itim does not allow Domain administrators to perform itim configuration operations, unless they are placed in a specific permission group through ACI.
2. Example:
3. Organizational Roles
There are two types:
• Static organizational roles-a static organizational role that is global to any user.
• Dynamic organizational roles -- automatically retrieves members from the itim profile using LDAP filter.
4. design considerations:
Availability: administrators use Tim management, especially person management, to consider convenience, complexity, time consumption, and other factors.
Agent Management: controls different levels of managers through ACI.
Inheritance: The Role in Tim has inheritance.
Personalized customization requirements: Tim supports personalized customization.
Batch loading: you must consider using batch loading during deployment. This function depends on a good organizational structure design.
5. To use TDS data in other directories or use other LDAP in itim, we must use TDI.
6. Directory example:
At the top of the organizational structure tree is the root node, which is set to DC = com by default during installation. Of course we can change the name, just as we use o = xyz in the figure.
Next, ou = itim on the left is interpreted as follows:
Ou = xyz on the right is interpreted as follows:
The two containers under ou = itim are used to store some restrictions and other password-related information of the itim application. The definitions are as follows:
Erglobalid = 0000 stores the company's specific information:
Ou = iitim on the right stores information related to the itim service.
Author: gnuhpc
Source: http://www.cnblogs.com/gnuhpc/