HP TRU64 UNIX Enterprise Directory V5.6

ManualsBrandsHP ManualsSoftwareOpenVMS 8.4

HP Tru64 UNIX Enterprise Directory V5.6

 1993-2007 Hewlett-Packard Development Company, L.P. 3 November, 2007

individual attributes within a particular part of

the directory (naming context).

The Tru64 UNIX Enterprise Directory allows

for the authentication of users by name and

password. It also allows access to be restricted

based on network address and for chained

operations.

Distributed Operations

The DSA supports standard X.500 distributed

operations including chaining and referrals.

Knowledge management of superior and

subordinate references allows a Tru64 UNIX

Enterprise Directory DSA to participate as a

first-level DSA or a subordinate DSA in a

multi-vendor distributed Directory Information

Base (DIB).

Replication

The Tru64 UNIX Enterprise Directory

supports shadowing of data between DSAs,

allowing data to be replicated in the network

for high availability and performance.

Shadowing also allows replication of

knowledge information for distributed

operation, access control policies and

authentication information, thus reducing the

amount of management required.

Selective Shadowing

V5.6 supports Selective Shadowing – the

ability to specify which attributes can and

cannot be shadowed to a consumer DSA.

The shadowing filter is controlled by the

shadowingAttributeSelection attribute in the

shadow agreement subentry. Thus every

shadowing agreement has its filter.

Shadowed information is represented using the

DSA Information Model defined in the 1997

edition of the standard. Tru64 UNIX

Enterprise Directory supports the shadowing

service defined in X.525, including supplier

initiated and consumer-initiated agreements,

both scheduled and on change replication

providing full or incremental updates.

Protocols

The Directory Service is based on the client-

server model. The DSA server supports the

directorySystemAC application context (DSP

protocol) to communicate with other DSAs.

Communications between server DSAs and

client DUAs are supported by the

directoryAccessAC application context (DAP

protocol). DAP enables DUAs in other X.500

implementations to access the Tru64 UNIX

Enterprise Directory DSA and vice-versa. DSP

enables full interworking with DSAs in other

implementations.

The DSA server supports LDAPv2 and

LDAPv3 protocols.

For shadowing, the DSA supports

shadowSupplierInitiatedAC and

shadowConsumerInitiatedAC application

contexts in both the synchronous and

asynchronous variants (DISP protocol) and the

directoryOperational BindingManagementAC

application context (DOP protocol).

The Tru64 UNIX Enterprise Directory V5.6

runs on the Tru64 UNIX operating system. It

provides integrated, multi-protocol support

allowing concurrent DAP and DSP access over

OSI (using transport classes TP0, TP2, TP4)

and RFC1006 over TCP/IP.

Security – SSL/TLS Support

Secure Socket Layer/Transport Layer Security

support is provided utilising the object library

shipped with this kit.

The Directory can receive commands over a

secure line using LDAPv3. The following

protocols are non-simultaneously supported:

x SSLv23

x SSLv3

x TLSv1

The Directory does not provide a default or

private key. These may be obtained from

http://www.openssl.org

The Directory can be placed in one of three

management selectable security states – no

security; selectable security; mandatory

security.

Database

The Tru64 UNIX Enterprise Directory

provides a Directory Information Base based

on the 1993 edition of Extended Information

Models. This indexed database supports high-

performance searching and sophisticated

matching including approximate (Soundex)

match. The database is held in main memory

to ensure optimal response times.