检索式编写 经验贴 分别为pubmed, embase, cochrane library,转自丁香园
http://ebm.dxy.cn/bbs/topic/21829039
http://ebm.dxy.cn/bbs/topic/22342269?onlyHost=1
http://www.dxy.cn/bbs/topic/22011394

发现还是得看网站的帮助啊,
embase.com
http://www.embase.com/info/helpfiles/search-forms/advanced-search/field-limits
pubmed
http://www.ncbi.nlm.nih.gov/books/NBK3827/#pubmedhelp.Search_Field_Descrip
想快看可以翻翻中文的
http://www.meddir.cn/htm/1197652867640.htm
注意pubmed词组用双引号,embase是单引号,加了连字符pubmed认为是一个词,embase还是认为是两个词
web of science
http://images.webofknowledge.com/WOKRS5132R4.2/help/zh_CN/WOK/hs_search_rules.html
注意选择主题(TS)字段 实际是对所有字段进行检索
http://apps.webofknowledge.com/WOS_AdvancedSearch_input.do?SID=4CpcCIgOsnfHezq6wK1&product=WOS&search_mode=AdvancedSearch
高级检索的页面。。吐槽下Web of Science页面干净清爽的代价是很多功能都被藏起来了

在文章Configuring OpenLDAP as external user store of WSO2 IS 4.6.0一文中使用ldap连接数据库,当设置成ldaps时,将产生如下错误信息:

[2014-04-08 13:23:34,237] ERROR {org.wso2.carbon.user.core.ldap.LDAPConnectionContext} -  Error obtaining connection. simple bind failed: ldap.crscd.org:636
javax.naming.CommunicationException: simple bind failed: ldap.crscd.org:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.s
ecurity.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

此时需要导入OpenLDAP服务器相对应的CA证书,本系统使用StartSSL Class1的免费证书,因此需要导入StartSSL的根证书。

阅读更多

原文链接
官方文档

By default WSO2 IS uses embedded ldap, which is shipped with the product, as the primary user store. But it’s possible to configure other user stores (such as OpenLDAP, Active Directory and JDBC user stores) as primary user store. In this blog post I’m going to explain how to configure OpenLDAP as the primary user store of WSO2 IS 4.5.0 in following modes.

  • Read/Write mode
  • Read-only mode

Since we no longer need embedded ldap, let’s disable starting it at server start up. This can be changed in IS_HOME/repository/conf/embedded-ldap.xml

<EmbeddedLDAP>
    <Property name="enable">false</Property>
    .......................
  </EmbeddedLDAP>

阅读更多

原文链接

  • groupofnames stores its members in the member attribute (using DN as the value)
  • groupofuniquenames stores its members in the uniquemember attribute (again using DN as value).
  • The uniquemember attribute however is designed to be able to hold an extra unique identifier to tell the difference between two DN’s who have the same value in a group. The reason why this might happen is that a user is deleted from the directory, but not from all of the groups. Later a new entry is added with the same DN, but it is a different person. This person needs access to the group, but you need a way to differentiate between this recent addition and the earlier DN (if you have several thousand members, simply deleting the earlier DN may not be a reasonable option).

服务器修改

首先配置服务器只能本地非加密访问,远程访问必须通过SSL,修改文件/etc/default/slapd:

SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"

StartSSL获取相应的Web Server SSL/TLS Certificate证书,并下载StartCom Class1服务器根证书,保存在/etc/ssl/ldap目录中。

生成LDIF配置文件并导入

root@server0:/tmp# cat olcSSL.ldif
dn: cn=config
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/ldap/sub.class1.server.ca.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/ldap/ldap-key.pem
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/ldap/ldap-cert.pem
root@server0:/tmp# ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcSSL.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"

为保证密匙安全,Debian中推荐将密匙修改成用户组root:ssl-cert,并设置权限640,将openldap用户加入组ssl-cert

usermod -a -G ssl-cert openldap

重启slapd服务,此时外部即可且只能通过SSL连接OpenLDAP服务器。

###客户端配置

修改LDAP Admin中配置文件,使用SSL连接,并且Host设置成域名。

参考文献

  1. LDAP OpenLDAPSetup

通过添加索引,可以更快地实现检索,不过与此同时,索引将占用更多的内存,添加或者修改数据库因为需要更新索引需要的时间将更长,因此根据需要合理地添加索引。

索引语法如下:

# OLC (cn=config) form
olcDbIndex: attrlist | default indices

# indices = [pres [,approx] [,eq] [,sub] [,special]]

其具体含义可参考Appendix A - OpenLDAP: Indexing Entries,pres, approx, eq, sub分别是presence, approximate, equality, substring的缩写。

本系统使用的配置如下:

dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: cn,givenName,sn,displayName,mail pres,sub,eq
-
add: olcDbIndex
olcDbIndex: uidNumber,gidNumber eq
-
add: olcDbIndex
olcDbIndex: uid eq
-
add: olcDbIndex
olcDbIndex: default eq,sub
-
add: olcDbIndex
olcDbIndex: telephonenumber

通过命令ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcDbIndex.ldif修改将配置导入,或者已完成博客通过LDAP Admin修改OpenLDAP配置一文中操作,可通过LDAP Admin软件中Tools->Import…导入该配置。

注:导入配置后,数据库将自动重建索引,无需通过slapindex。

查询命令可参考Appendix A - LDAP: Text Search Filter

参考文献:

  1. Appendix A - OpenLDAP: Indexing Entries
  2. Appendix A - LDAP: Text Search Filter
  3. LDAP OpenLDAPSetup
  4. 通过LDAP Admin修改OpenLDAP配置

原文链接

OpenLDAP under olc(On-line configuration) (cn=config) either as part of the standard installation or they can be added using this procedure or by the include statement in the slapd.conf configuration file).

commonName (cn)

surname(姓)

  • An attribute definition includes its type (or SYNTAX), for example, a string or number, and how it behaves in certain conditions, for instance, whether comparison operations are case-sensitive or case-insensitive using what are called matchingRules (more on this later, much later).
  • entries must contain one, and only one, STRUCTURAL objectClass. A STRUCTURAL objectClass may have a SUPerior (may be part of a hierarchy) which is also STRUCTURAL and thus the hierarchy may be viewed as a single STRUCTURAL objectClass
  • entries may contain any number of AUXILIARY objectClasses.
  • Each objectclass supported by an LDAP server forms part of a collection called objectclasses which can be discovered via the subschema.

阅读更多

配置OpenLDAP需要通过ldif语法编写指令,并通过命令行工具ldapmodify修改,使用起来非常不便,此时通过赋予cn=admin,dc=crscd,dc=org 数据库cn=config权限实现通过LDAP Admin、phpldapadmin等第三方管理软件修改OpenLDAP配置。

cuckoo@server0:~$ echo "dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcAccess
olcAccess: to * by dn="cn=admin,dc=crscd,dc=org" write" > /tmp/access.ldif

cuckoo@server0:~$ sudo ldapmodify -c -Y EXTERNAL -H ldapi:/// -f /tmp/access.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={0}config,cn=config"

此时在LDAP Admin新增配置Base: cn=config,实现对OpenLDAP配置操作。

阅读更多