This book is protected by copyright laws and no part of this document may be published, copied, circulated or used either in part or in its entirety without the prior written notification and permission of the author. However, the book, or portions of it, may be copied and used for personal and academic study, and sections may be quoted, on the condition that it is clearly and prominently stated that it is the work of the author.
Chapter 1 Everyone needs Directories!
1.1
Everyone needs Directories
1.2
The history of X.500 standardisation
1.3 A case study
1.4 Pilot services
Weird and
Wonderful
Chapter 2 The organisation of information in the Directory
2.1 Introduction
2.2 Objects
and entries
2.3 Attributes
2.4 The
structure of the DIB
2.5 Naming entries
2.6 Aliases
2.7 Purported
names, name resolution and alias dereferencing
2.8 Collective
attributes
2.9 The Directory
operational and administrative information model
2.10 Attribute
hierarchies
2.11
Directory administrative authority model
2.12 Subentries
2.13
The DSA information model
Weird and Wonderful
Chapter 3 Controlling the information in the Directory - the schema
3.1 Overview
3.2 Attribute
syntax
3.3 Matching rules
3.4 Attribute
type
3.5 Object classes
3.6 An example DIT entry
3.7
Multiple inheritance and multiple object class membership
3.8
Unregistered object classes
3.9 Name forms
3.10 DIT
structure rules
3.11 Subschema
summary
3.12 System schema
3.13
Subschema administration
Weird and Wonderful
Chapter 4 Overview of the distributed Directory
4.1
The components of the Directory
4.2 Referrals
4.3 Home DSA
4.4
Distributing the DIT - naming contexts
4.5
Distributed name resolution
4.6
Overview of the Directory Access Protocol (DAP)
4.7
Overview of the Directory System Protocol (DSP)
4.8
Overview of the Directory Operational Binding Management Protocol (DOP)
4.9
Overview of the Directory Information Shadowing Protocol (DISP)
Weird and Wonderful
Chapter 5 The Directory Service and associated protocols
5.1 Introduction
5.2 The Bind operation
5.3 The
Directory Unbind operation
5.4 Common Arguments
5.5 Common Results
5.6 The Read operation
5.7 The Compare operation
5.8 The List
operation
5.9
The paged results service
5.10 The
Search operation
5.11 The
Abandon operation
5.12
Visibility of the interrogation operations to the user
5.13
The AddEntry operation
5.14
The RemoveEntry operation
5.15
The ModifyEntry operation
5.16
The Modify(R)DN operation
5.17
The effect of modifying subentries
5.18 The errors
5.19
Rules for extensibility
5.20 Critical
extensions
Chapter 6 Replication of Directory information
6.1 Introduction
6.2 Shadowing
agreements
6.3
Parameters of the DOP Establish Operational Binding request
6.4
Updating a shadowing agreement
6.5
Terminating a shadowing agreement
6.6
Updating the shadowed information
Weird and Wonderful
Chapter 7 Checking out the users - the authentication framework
7.1 Introduction
7.2
Users of the authentication framework
7.3 Simple
authentication
7.4
Simple authentication procedures
7.5 Strong
authentication
7.6 Consequences of digital signatures
for distributed operations
7.7
The information stored in the Directory to support strong authentication
7.8
Strong authentication procedures
7.9 Revocation
lists
7.10 Using
public keys
Weird and Wonderful
Chapter 8 Controlling access to the Directory information
8.1 Introduction
8.2
Application of the administrative model to access controls
8.3
The access control attributes
8.4
The specification of the access control lists
8.5 The permissions needed for each
operation
8.6 Visibility of the DIT structure
8.7 Examples
of ACI items
8.8
Protecting the access control operational attributes
8.9
The access control decision function (ACDF)
8.10
The simplified access control scheme
8.11
Identifying the access control scheme in use
Weird and Wonderful
Chapter 9 The distributed Directory in more detail
9.1 Introduction
9.2 Knowledge
references
9.3
Access point information
9.4
Modelling knowledge references - the knowledge attribute types
9.5
Mapping knowledge attributes to access point information
9.6
Distributed name resolution
9.7 First Level
DSAs
9.8
Managing the root naming context
9.9
Managing an organisation's naming context
9.10 Modes
of interaction
9.11 NSSR
decomposition
9.12 Request
decomposition
9.13
The Chaining Arguments
9.14 Chaining
Results
9.15 Operational
Bindings
9.16
Establishing operational bindings
9.17
Modifying operational bindings
9.18
Terminating operational bindings
9.19
Hierarchical Operational Bindings
9.20 Establishing
the HOB
9.21 Modifying
the HOB
9.22 Terminating
a HOB
9.23 Conclusion
Weird and Wonderful
Chapter 10 Use of the Directory by other applications
10.1 Introduction
10.2 X.400 use of the Directory
10.3 Internet mail (SMTP) use of the Directory
10.4 EDI use of X.500
10.5 FTAM use of the Directory
10.6 NADF use of the Directory
10.7 Library access
10.8 Conclusion
A.1
Object Identifiers (OIDs)
A.2
Naming Directory entries with object identifiers
Weird and Wonderful
B.1 Distributed name resolution based on naming contexts
Index