fns_x500(5)
NAME
fns_x500 - overview of FNS over X.500 implementation
DESCRIPTION
Federated Naming Service (FNS) provides a method for
federating multiple naming services under a single, simple
interface for the basic naming operations. One of the naming
services supported by FNS is the X.500 Directory Service
(see ITU-T X.500 or ISO/IEC 9594). X.500 is a global direc-
tory service. Its components cooperate to manage information
about a hierarchy of objects on a worldwide scope. Such
objects include countries, organizations, people, services,
and machines. FNS uses X.500 to name entities globally.
FNS provides the XFN interface for retrieval and modifica-
tion of information stored in X.500. In addition, enterprise
namespaces such as those served by NIS+ and NIS can be
federated with X.500 by adding reference information to
X.500 describing how to reach the desired next naming ser-
vice. To federate a NIS+ or NIS namespace under X.500, per-
form the following steps:
1. Obtain the root reference for the NIS+ hierarchy or NIS
domain.
2. Enhance the X.500 schema to support the addition of XFN
references.
3. Create an X.500 entry to store the XFN reference.
4. Add the XFN reference.
The root reference is referred to as the next naming system
reference because it refers to the next naming system
beneath X.500. This reference contains information about how
to communicate with the NIS+ or NIS servers and has the fol-
lowing format:
<domainname> <server name> [ <server address> ]
where <domainname> is the fully qualified domain name.
Notice that NIS+ and NIS have slightly different syntaxes
for domain names. For NIS+, the fully qualified domain name
is case-insensitive and terminated by a dot character ('.').
For NIS, the fully qualified domain name is case-sensitive
and not terminated by a dot character. For both NIS+ and
NIS, <server address> is optional. If it is not supplied, a
host name lookup will be performed to get the machine's
address.
For example, if the machine wiz-nisplus-server with address
133.33.33.33 serves the NIS+ domain wiz.com., the reference
would look like this:
wiz.com. wiz-nisplus-server 133.33.33.33
For another example, if the machine woz-nis-server serves
the NIS domain Woz.COM, the reference would look like this:
Woz.COM woz-nis-server
Before the next naming system reference can be added to
X.500, the X.500 schema must be altered to include the fol-
lowing object class and associated attributes (defined in
ASN.1 notation).
xFNSupplement OBJECT-CLASS ::= {
SUBCLASS OF { top }
KIND auxiliary
MAY CONTAIN { objectReferenceString | nNSReference-
String }
ID id-oc-xFNSupplement }
id-oc-xFNSupplement OBJECT IDENTIFIER ::= {
iso member-body(2) ansi(840) sun(113536) 25 }
objectReferenceString ATTRIBUTE ::= {
WITH SYNTAX OCTET STRING
EQUALITY MATCHING RULE octetStringMatch
SINGLE VALUE TRUE
ID id-at-objectReferenceString }
id-at-objectReferenceString OBJECT IDENTIFIER ::= {
iso member-body(2) ansi(840) sun(113536) 30 }
nNSReferenceString ATTRIBUTE ::= {
WITH SYNTAX OCTET STRING
EQUALITY MATCHING RULE octetStringMatch
SINGLE VALUE TRUE
ID id-at-nNSReferenceString }
id-at-nNSReferenceString OBJECT IDENTIFIER ::= {
so member-body(2) ansi(840) sun(113536) 31 }
The procedures for altering the X.500 schema will vary from
implementation to implementation. Consult Solstice X.500 or
the schema administration guide for your X.500 product.
Once X.500 supports XFN references, the next naming system
reference can be added by first creating an X.500 object and
then adding the new reference to it. For example, the fol-
lowing commands create entries for the Wiz and Woz organiza-
tions in the U.S.A. and add the reference information shown
in the examples above to them.
For NIS+:
example% fnattr .../c=us/o=wiz -a objectclass \
top organization xfnsupplement
example% fnbind -r .../c=us/o=wiz/ onc_fn_enterprise \
onc_fn_nisplus_root "wiz.com. wiz-nisplus-server"
For NIS:
example% fnattr .../c=us/o=woz -a objectclass \
top organization xfnsupplement
example% fnbind -r .../c=us/o=woz/ onc_fn_enterprise \
onc_fn_nis_root "Woz.COM woz-nis-server"
Notice the mandatory trailing slash ('/') in the name argu-
ment to fnbind(1).
This modification effectively adds the next naming system
reference to X.500. The reference may be retrieved using
fnlookup(1) to see if the information has been added prop-
erly. For example, the following command looks up the next
naming system reference of the Wiz organization:
example% fnlookup -v .../c=us/o=wiz/
Note the mandatory trailing slash.
After this administrative step has been taken, clients out-
side of the NIS+ hierarchy or NIS domain can access and per-
form operations on the contexts in the NIS+ hierarchy or NIS
domain. Foreign NIS+ clients access the hierarchy as unau-
thenticated NIS+ clients. Continuing the example above, and
assuming that NIS+ is federated underneath the Wiz organiza-
tion, the root of the NIS+ enterprise may be listed using
the command:
example% fnlist .../c=us/o=wiz/
Note the mandatory trailing slash.
The next naming system reference may be removed using the
command:
example% fnunbind .../c=us/o=wiz/
Note the mandatory trailing slash.
SEE ALSO
fnattr(1), fnbind(1), fnlist(1), fnlookup(1), nis+(1),
ypserv(1M), xfn(3XFN), fns(5), fns_dns(5), fns_nis(5),
fns_nis+(5), fns_references(5)
Solstice X.500
NOTES
In a 64-bit XFN application, retrieval and modification of
information stored in the X.500 directory service is not
supported.
Man(1) output converted with
man2html