fns_x500(5)




NAME

     fns_x500 - overview of FNS over X.500 implementation


DESCRIPTION

     Federated  Naming  Service  (FNS)  provides  a  method   for
     federating  multiple  naming services under a single, simple
     interface for the basic naming operations. One of the naming
     services  supported  by  FNS  is the X.500 Directory Service
     (see ITU-T X.500 or ISO/IEC 9594). X.500 is a global  direc-
     tory service. Its components cooperate to manage information
     about a hierarchy of objects  on  a  worldwide  scope.  Such
     objects  include countries, organizations, people, services,
     and machines. FNS uses X.500 to name entities globally.

     FNS provides the XFN interface for retrieval  and  modifica-
     tion of information stored in X.500. In addition, enterprise
     namespaces such as those served  by  NIS+  and  NIS  can  be
     federated  with  X.500  by  adding  reference information to
     X.500 describing how to reach the desired next  naming  ser-
     vice.  To federate a NIS+ or NIS namespace under X.500, per-
     form the following steps:

     1. Obtain the root reference for the NIS+ hierarchy  or  NIS
        domain.

     2. Enhance the X.500 schema to support the addition  of  XFN
        references.

     3. Create an X.500 entry to store the XFN reference.

     4. Add the XFN reference.

     The root reference is referred to as the next naming  system
     reference  because  it  refers  to  the   next naming system
     beneath X.500. This reference contains information about how
     to communicate with the NIS+ or NIS servers and has the fol-
     lowing format:

          <domainname> <server name> [ <server address> ]

     where <domainname>  is  the  fully  qualified  domain  name.
     Notice  that  NIS+  and NIS have slightly different syntaxes
     for domain names. For NIS+, the fully qualified domain  name
     is case-insensitive and terminated by a dot character ('.').
     For NIS, the fully qualified domain name  is  case-sensitive
     and   not  terminated  by a dot character. For both NIS+ and
     NIS, <server address> is optional. If it is not supplied,  a
     host  name  lookup  will  be  performed to get the machine's
     address.

     For example, if the machine wiz-nisplus-server with  address
     133.33.33.33  serves the NIS+ domain wiz.com., the reference
     would look like this:

          wiz.com. wiz-nisplus-server 133.33.33.33

     For another example, if the  machine  woz-nis-server  serves
     the NIS domain Woz.COM, the reference would look like this:

          Woz.COM woz-nis-server

     Before the next naming system  reference  can  be  added  to
     X.500,  the X.500 schema must be altered to include the fol-
     lowing object class and associated  attributes  (defined  in
     ASN.1 notation).

     xFNSupplement OBJECT-CLASS ::= {
       SUBCLASS OF { top }
       KIND          auxiliary
       MAY CONTAIN { objectReferenceString  |  nNSReference-
     String }
       ID            id-oc-xFNSupplement }

     id-oc-xFNSupplement OBJECT IDENTIFIER ::= {
       iso member-body(2) ansi(840) sun(113536) 25 }

     objectReferenceString ATTRIBUTE ::= {
       WITH SYNTAX            OCTET STRING
       EQUALITY MATCHING RULE octetStringMatch
       SINGLE VALUE           TRUE
       ID                     id-at-objectReferenceString }

     id-at-objectReferenceString OBJECT IDENTIFIER ::= {
       iso member-body(2) ansi(840) sun(113536) 30 }

     nNSReferenceString ATTRIBUTE ::= {
       WITH SYNTAX            OCTET STRING
       EQUALITY MATCHING RULE octetStringMatch
       SINGLE VALUE           TRUE
       ID                     id-at-nNSReferenceString }

     id-at-nNSReferenceString OBJECT IDENTIFIER ::= {
       so member-body(2) ansi(840) sun(113536) 31 }

     The procedures for altering the X.500 schema will vary  from
     implementation to implementation. Consult  Solstice X.500 or
     the schema administration guide for your X.500 product.

     Once X.500 supports XFN references, the next  naming  system
     reference can be added by first creating an X.500 object and
     then adding the new reference to it. For example,  the  fol-
     lowing commands create entries for the Wiz and Woz organiza-
     tions in the U.S.A. and add the reference information  shown
     in the examples above to them.

     For NIS+:

     example% fnattr .../c=us/o=wiz -a objectclass \
             top organization xfnsupplement

     example% fnbind -r .../c=us/o=wiz/ onc_fn_enterprise \
             onc_fn_nisplus_root "wiz.com. wiz-nisplus-server"

     For NIS:

     example% fnattr .../c=us/o=woz -a objectclass \
             top organization xfnsupplement

     example% fnbind -r .../c=us/o=woz/ onc_fn_enterprise \
             onc_fn_nis_root "Woz.COM woz-nis-server"

     Notice the mandatory trailing slash ('/') in the name  argu-
     ment to fnbind(1).

     This modification effectively adds the  next  naming  system
     reference  to  X.500.  The  reference may be retrieved using
     fnlookup(1) to see if the information has been  added  prop-
     erly.  For  example, the following command looks up the next
     naming system reference of the Wiz organization:

     example% fnlookup -v .../c=us/o=wiz/

     Note the mandatory trailing slash.

     After this administrative step has been taken, clients  out-
     side of the NIS+ hierarchy or NIS domain can access and per-
     form operations on the contexts in the NIS+ hierarchy or NIS
     domain.  Foreign  NIS+ clients access the hierarchy as unau-
     thenticated NIS+ clients. Continuing the example above,  and
     assuming that NIS+ is federated underneath the Wiz organiza-
     tion, the root of the NIS+ enterprise may  be  listed  using
     the command:

     example% fnlist .../c=us/o=wiz/

     Note the mandatory trailing slash.

     The next naming system reference may be  removed  using  the
     command:

     example% fnunbind .../c=us/o=wiz/

     Note the mandatory trailing slash.


SEE ALSO

     fnattr(1),  fnbind(1),  fnlist(1),   fnlookup(1),   nis+(1),
     ypserv(1M),   xfn(3XFN),   fns(5),  fns_dns(5),  fns_nis(5),
     fns_nis+(5), fns_references(5)

     Solstice X.500


NOTES

     In a 64-bit XFN application, retrieval and  modification  of
     information  stored  in  the  X.500 directory service is not
     supported.


Man(1) output converted with man2html