NAME fns_x500 - overview of FNS over X.500 implementation DESCRIPTION Federated Naming Service (FNS) provides a method for federating multiple naming services under a single, simple interface for the basic naming operations. One of the naming services supported by FNS is the X.500 Directory Service (see ITU-T X.500 or ISO/IEC 9594). X.500 is a global direc- tory service. Its components cooperate to manage information about a hierarchy of objects on a worldwide scope. Such objects include countries, organizations, people, services, and machines. FNS uses X.500 to name entities globally. FNS provides the XFN interface for retrieval and modifica- tion of information stored in X.500. In addition, enterprise namespaces such as those served by NIS+ and NIS can be federated with X.500 by adding reference information to X.500 describing how to reach the desired next naming ser- vice. To federate a NIS+ or NIS namespace under X.500, per- form the following steps: 1. Obtain the root reference for the NIS+ hierarchy or NIS domain. 2. Enhance the X.500 schema to support the addition of XFN references. 3. Create an X.500 entry to store the XFN reference. 4. Add the XFN reference. The root reference is referred to as the next naming system reference because it refers to the next naming system beneath X.500. This reference contains information about how to communicate with the NIS+ or NIS servers and has the fol- lowing format: <domainname> <server name> [ <server address> ] where <domainname> is the fully qualified domain name. Notice that NIS+ and NIS have slightly different syntaxes for domain names. For NIS+, the fully qualified domain name is case-insensitive and terminated by a dot character ('.'). For NIS, the fully qualified domain name is case-sensitive and not terminated by a dot character. For both NIS+ and NIS, <server address> is optional. If it is not supplied, a host name lookup will be performed to get the machine's address. For example, if the machine wiz-nisplus-server with address 133.33.33.33 serves the NIS+ domain wiz.com., the reference would look like this: wiz.com. wiz-nisplus-server 133.33.33.33 For another example, if the machine woz-nis-server serves the NIS domain Woz.COM, the reference would look like this: Woz.COM woz-nis-server Before the next naming system reference can be added to X.500, the X.500 schema must be altered to include the fol- lowing object class and associated attributes (defined in ASN.1 notation). xFNSupplement OBJECT-CLASS ::= { SUBCLASS OF { top } KIND auxiliary MAY CONTAIN { objectReferenceString | nNSReference- String } ID id-oc-xFNSupplement } id-oc-xFNSupplement OBJECT IDENTIFIER ::= { iso member-body(2) ansi(840) sun(113536) 25 } objectReferenceString ATTRIBUTE ::= { WITH SYNTAX OCTET STRING EQUALITY MATCHING RULE octetStringMatch SINGLE VALUE TRUE ID id-at-objectReferenceString } id-at-objectReferenceString OBJECT IDENTIFIER ::= { iso member-body(2) ansi(840) sun(113536) 30 } nNSReferenceString ATTRIBUTE ::= { WITH SYNTAX OCTET STRING EQUALITY MATCHING RULE octetStringMatch SINGLE VALUE TRUE ID id-at-nNSReferenceString } id-at-nNSReferenceString OBJECT IDENTIFIER ::= { so member-body(2) ansi(840) sun(113536) 31 } The procedures for altering the X.500 schema will vary from implementation to implementation. Consult Solstice X.500 or the schema administration guide for your X.500 product. Once X.500 supports XFN references, the next naming system reference can be added by first creating an X.500 object and then adding the new reference to it. For example, the fol- lowing commands create entries for the Wiz and Woz organiza- tions in the U.S.A. and add the reference information shown in the examples above to them. For NIS+: example% fnattr .../c=us/o=wiz -a objectclass \ top organization xfnsupplement example% fnbind -r .../c=us/o=wiz/ onc_fn_enterprise \ onc_fn_nisplus_root "wiz.com. wiz-nisplus-server" For NIS: example% fnattr .../c=us/o=woz -a objectclass \ top organization xfnsupplement example% fnbind -r .../c=us/o=woz/ onc_fn_enterprise \ onc_fn_nis_root "Woz.COM woz-nis-server" Notice the mandatory trailing slash ('/') in the name argu- ment to fnbind(1). This modification effectively adds the next naming system reference to X.500. The reference may be retrieved using fnlookup(1) to see if the information has been added prop- erly. For example, the following command looks up the next naming system reference of the Wiz organization: example% fnlookup -v .../c=us/o=wiz/ Note the mandatory trailing slash. After this administrative step has been taken, clients out- side of the NIS+ hierarchy or NIS domain can access and per- form operations on the contexts in the NIS+ hierarchy or NIS domain. Foreign NIS+ clients access the hierarchy as unau- thenticated NIS+ clients. Continuing the example above, and assuming that NIS+ is federated underneath the Wiz organiza- tion, the root of the NIS+ enterprise may be listed using the command: example% fnlist .../c=us/o=wiz/ Note the mandatory trailing slash. The next naming system reference may be removed using the command: example% fnunbind .../c=us/o=wiz/ Note the mandatory trailing slash. SEE ALSO fnattr(1), fnbind(1), fnlist(1), fnlookup(1), nis+(1), ypserv(1M), xfn(3XFN), fns(5), fns_dns(5), fns_nis(5), fns_nis+(5), fns_references(5) Solstice X.500 NOTES In a 64-bit XFN application, retrieval and modification of information stored in the X.500 directory service is not supported.
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |