Understanding X.500 - The Directory

Copyright 1994, 1996 D W Chadwick.

This book is protected by copyright laws and no part of this document may be published, copied, circulated or used either in part or in its entirety without the prior written notification and permission of  the author.  However, the book, or portions of it, may be copied and used for personal and academic study, and sections may be quoted, on the condition that it is clearly and prominently stated that it is the work of the author.




Chapter 1 Everyone needs Directories!

1.1 Everyone needs Directories
1.2 The history of X.500 standardisation
1.3 A case study
1.4 Pilot services
Weird and Wonderful

Chapter 2 The organisation of information in the Directory

2.1 Introduction
2.2 Objects and entries
2.3 Attributes
2.4 The structure of the DIB
2.5 Naming entries
2.6 Aliases
2.7 Purported names, name resolution and alias dereferencing
2.8 Collective attributes
2.9 The Directory operational and administrative information model
2.10 Attribute hierarchies
2.11 Directory administrative authority model
2.12 Subentries
2.13 The DSA information model
Weird and Wonderful

Chapter 3 Controlling the information in the Directory - the schema

3.1 Overview
3.2 Attribute syntax
3.3 Matching rules
3.4 Attribute type
3.5 Object classes
3.6 An example DIT entry
3.7 Multiple inheritance and multiple object class membership
3.8 Unregistered object classes
3.9 Name forms
3.10 DIT structure rules
3.11 Subschema summary
3.12 System schema
3.13 Subschema administration
Weird and Wonderful

Chapter 4 Overview of the distributed Directory

4.1 The components of the Directory
4.2 Referrals
4.3 Home DSA
4.4 Distributing the DIT - naming contexts
4.5 Distributed name resolution
4.6 Overview of the Directory Access Protocol (DAP)
4.7 Overview of the Directory System Protocol (DSP)
4.8 Overview of the Directory Operational Binding Management Protocol (DOP)
4.9 Overview of the Directory Information Shadowing Protocol (DISP)
Weird and Wonderful

Chapter 5 The Directory Service and associated protocols

5.1 Introduction
5.2 The Bind operation
5.3 The Directory Unbind operation
5.4 Common Arguments
5.5 Common Results
5.6 The Read operation
5.7 The Compare operation
5.8 The List operation
5.9 The paged results service
5.10 The Search operation
5.11 The Abandon operation
5.12 Visibility of the interrogation operations to the user
5.13 The AddEntry operation
5.14 The RemoveEntry operation
5.15 The ModifyEntry operation
5.16 The Modify(R)DN operation
5.17 The effect of modifying subentries
5.18 The errors
5.19 Rules for extensibility
5.20 Critical extensions

Chapter 6 Replication of Directory information

6.1 Introduction
6.2 Shadowing agreements
6.3 Parameters of the DOP Establish Operational Binding request
6.4 Updating a shadowing agreement
6.5 Terminating a shadowing agreement
6.6 Updating the shadowed information
Weird and Wonderful

Chapter 7 Checking out the users - the authentication framework

7.1 Introduction
7.2 Users of the authentication framework
7.3 Simple authentication
7.4 Simple authentication procedures
7.5 Strong authentication
7.6 Consequences of digital signatures for distributed operations
7.7 The information stored in the Directory to support strong authentication
7.8 Strong authentication procedures
7.9 Revocation lists
7.10 Using public keys
Weird and Wonderful

Chapter 8 Controlling access to the Directory information

8.1 Introduction
8.2 Application of the administrative model to access controls
8.3 The access control attributes
8.4 The specification of the access control lists
8.5 The permissions needed for each operation
8.6 Visibility of the DIT structure
8.7 Examples of ACI items
8.8 Protecting the access control operational attributes
8.9 The access control decision function (ACDF)
8.10 The simplified access control scheme
8.11 Identifying the access control scheme in use
Weird and Wonderful

Chapter 9 The distributed Directory in more detail

9.1 Introduction
9.2 Knowledge references
9.3 Access point information
9.4 Modelling knowledge references - the knowledge attribute types
9.5 Mapping knowledge attributes to access point information
9.6 Distributed name resolution
9.7 First Level DSAs
9.8 Managing the root naming context
9.9 Managing an organisation's naming context
9.10 Modes of interaction
9.11 NSSR decomposition
9.12 Request decomposition
9.13 The Chaining Arguments
9.14 Chaining Results
9.15 Operational Bindings
9.16 Establishing operational bindings
9.17 Modifying operational bindings
9.18 Terminating operational bindings
9.19 Hierarchical Operational Bindings
9.20 Establishing the HOB
9.21 Modifying the HOB
9.22 Terminating a HOB
9.23 Conclusion
Weird and Wonderful

Chapter 10 Use of the Directory by other applications

10.1 Introduction
10.2 X.400 use of the Directory
10.3 Internet mail (SMTP) use of the Directory
10.4 EDI use of X.500
10.5 FTAM use of the Directory
10.6 NADF use of the Directory
10.7 Library access
10.8 Conclusion

Sources and References

Appendix A

A.1 Object Identifiers (OIDs)
A.2 Naming Directory entries with object identifiers
Weird and Wonderful

Appendix B

B.1 Distributed name resolution based on naming contexts