Manpages

NAME

fns_x500 − overview of FNS over X.500 implementation

DESCRIPTION

Federated Naming Service (FNS) provides a method for federating multiple naming services under a single, simple interface for the basic naming operations. One of the naming services supported by FNS is the X.500 Directory Service (see ITU-T X.500 or ISO/IEC 9594). X.500 is a global directory service. Its components cooperate to manage information about a hierarchy of objects on a worldwide scope. Such objects include countries, organizations, people, services, and machines. FNS uses X.500 to name entities globally.

FNS provides the XFN interface for retrieval and modification of information stored in X.500. In addition, enterprise namespaces such as those served by NIS+ and NIS can be federated with X.500 by adding reference information to X.500 describing how to reach the desired next naming service. To federate a NIS+ or NIS namespace under X.500, perform the following steps:

1.

Obtain the root reference for the NIS+ hierarchy or NIS domain.

2.

Enhance the X.500 schema to support the addition of XFN references.

3.

Create an X.500 entry to store the XFN reference.

4.

Add the XFN reference.

The root reference is referred to as the next naming system reference because it refers to the next naming system beneath X.500. This reference contains information about how to communicate with the NIS+ or NIS servers and has the following format:

<domainname> <server name> [ <server address> ]

where <domainname> is the fully qualified domain name. Notice that NIS+ and NIS have slightly different syntaxes for domain names. For NIS+, the fully qualified domain name is case-insensitive and terminated by a dot character (’.’). For NIS, the fully qualified domain name is case-sensitive and not terminated by a dot character. For both NIS+ and NIS, <server address> is optional. If it is not supplied, a host name lookup will be performed to get the machine’s address.

For example, if the machine wiz-nisplus-server with address 133.33.33.33 serves the NIS+ domain wiz.com., the reference would look like this:

wiz.com. wiz-nisplus-server 133.33.33.33

For another example, if the machine woz-nis-server serves the NIS domain Woz.COM, the reference would look like this:

Woz.COM woz-nis-server

Before the next naming system reference can be added to X.500, the X.500 schema must be altered to include the following object class and associated attributes (defined in ASN.1 notation).

xFNSupplement OBJECT-CLASS ::= {
  SUBCLASS OF { top }
  KIND          auxiliary
  MAY CONTAIN { objectReferenceString  |  nNSReference-
String }
  ID            id-oc-xFNSupplement }

id-oc-xFNSupplement OBJECT IDENTIFIER ::= {
  iso member-body(2) ansi(840) sun(113536) 25 }

objectReferenceString ATTRIBUTE ::= {
  WITH SYNTAX            OCTET STRING
  EQUALITY MATCHING RULE octetStringMatch
  SINGLE VALUE           TRUE
  ID                     id-at-objectReferenceString }

id-at-objectReferenceString OBJECT IDENTIFIER ::= {
  iso member-body(2) ansi(840) sun(113536) 30 }

nNSReferenceString ATTRIBUTE ::= {
  WITH SYNTAX            OCTET STRING
  EQUALITY MATCHING RULE octetStringMatch
  SINGLE VALUE           TRUE
  ID                     id-at-nNSReferenceString }


id-at-nNSReferenceString OBJECT IDENTIFIER ::= {
  so member-body(2) ansi(840) sun(113536) 31 }

The procedures for altering the X.500 schema will vary from implementation to implementation. Consult Solstice X.500 or the schema administration guide for your X.500 product.

Once X.500 supports XFN references, the next naming system reference can be added by first creating an X.500 object and then adding the new reference to it. For example, the following commands create entries for the Wiz and Woz organizations in the U.S.A. and add the reference information shown in the examples above to them.

For NIS+:

example% fnattr .../c=us/o=wiz -a objectclass \
top organization xfnsupplement

example% fnbind -r .../c=us/o=wiz/ onc_fn_enterprise \
onc_fn_nisplus_root "wiz.com. wiz-nisplus-server"

For NIS:

example% fnattr .../c=us/o=woz -a objectclass \
top organization xfnsupplement

example% fnbind -r .../c=us/o=woz/ onc_fn_enterprise \
onc_fn_nis_root "Woz.COM woz-nis-server"

Notice the mandatory trailing slash (’/’) in the name argument to fnbind(1).

This modification effectively adds the next naming system reference to X.500. The reference may be retrieved using fnlookup(1) to see if the information has been added properly. For example, the following command looks up the next naming system reference of the Wiz organization:

example% fnlookup -v .../c=us/o=wiz/

Note the mandatory trailing slash.

After this administrative step has been taken, clients outside of the NIS+ hierarchy or NIS domain can access and perform operations on the contexts in the NIS+ hierarchy or NIS domain. Foreign NIS+ clients access the hierarchy as unauthenticated NIS+ clients. Continuing the example above, and assuming that NIS+ is federated underneath the Wiz organization, the root of the NIS+ enterprise may be listed using the command:

example% fnlist .../c=us/o=wiz/

Note the mandatory trailing slash.

The next naming system reference may be removed using the command:

example% fnunbind .../c=us/o=wiz/

Note the mandatory trailing slash.

SEE ALSO

fnattr(1), fnbind(1), fnlist(1), fnlookup(1), nis+(1), ypserv(1M), xfn(3XFN), fns(5), fns_dns(5), fns_nis(5), fns_nis+(5), fns_references(5)

Solstice X.500

NOTES

In a 64-bit XFN application, retrieval and modification of information stored in the X.500 directory service is not supported.