This document is obsolete. Please
refer to RFC 2116.
Network Working Group A. Getchell Request for Comments: 1632 Lawrence Livermore National Laboratory FYI: 11 S. Sataluri Obsoletes: 1292 AT&T Bell Laboratories Category: Informational Editors May 1994
A Revised Catalog of Available X.500 Implementations
Status of this Memo
This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
Abstract
This document is the result of a survey that gathered new or updated descriptions of currently available implementations of X.500, including commercial products and openly available offerings. This document is a revision of RFC 1292. We contacted each contributor in RFC 1292 and requested an update and published the survey template in several mailing lists and obtained new product descriptions.
This document contains detailed description of twenty six (26) X.500 implementations - DSAs, DUAs, and DUA interfaces.
This document catalogs currently available implementations of X.500, including commercial products and openly available offerings. For the purposes of this survey, we classify X.500 products as,
DSA A DSA is an OSI application process that provides the Directory functionality,
DUA A DUA is an OSI application process that represents a user in accessing the Directory and uses the DAP to communicate with a DSA, and
DUA Interface A DUA Interface is an application process that represents a user in accessing the Directory using either DAP but supporting only a subset of the DAP functionality or a protocol different from DAP to communicate with a DSA or DUA.
IDS Working Group [Page 1]
RFC 1632 X.500 Catalog May 1994
Section 2 of this document contains a listing of implementations cross referenced by keyword. This list should aid in identifying implementations that meet your criteria.
To compile this catalog, the IDS Working Group solicited input from the X.500 community by surveying several Internet mailing lists, including: iso@nic.ddn.mil, isode@nic.ddn.mil, osi-ds@cs.ucl.ac.uk, and ietf-ids@umich.edu. We also contacted many people by telephone and sent the template to several individuals and mailed a floppy disk containing the survey template to a person who did not have Internet access.
Readers are encouraged to submit comments regarding both the form and content of this memo. New submissions are welcome. Please direct input to the Integrated Directory Services (IDS) Working Group (ietf-ids@umich.edu) or to the editors. IDS will produce new ver- sions of this document when a sufficient number of changes have been received. This will be determined by the IDS chairpersons.
The Internet has experienced a steady growth in X.500 piloting activities. This document hopes to provide an easily accessible source of information on X.500 implementations for those who wish to consider X.500 technology for deploying a Directory service.
This document contains descriptions of both free and commercial X.500 implementations. It does not provide instructions on how to install, run, or manage these implementations. The descriptions and indices are provided to make the readers aware of available options and thus enable more informed choices.
Implementation descriptions were written by implementors and vendors, and not by the editors. We worked with the description authors to ensure uniformity and readability, but can not guarantee the accuracy or completeness of the descriptions, or the stability of the implementations.
The creation of this catalog would not have been possible without the efforts of the description authors and the members of the IDS Working Group. Our special thanks to the editors of RFC 1292, Ruth Lang and Russ Wright who helped us get started and made key suggestions that enabled us to learn from their experience. We also acknowledge and appreciate the efforts of Ken Rossen in obtaining six descriptions.
Keywords are abbreviated attributes of the X.500 implementations. The list of keywords defined below was derived from the implementation descriptions themselves. Implementations were indexed by a keyword either as a result of: (1) explicit, not implied, reference to a particular capability in the implementation description text, or (2) input from the implementation description author(s).
This section contains keyword definitions. They have been organized and grouped by functional category. The definitions are ordered first alphabetically by keyword category, and second alphabetically by implementation name within keyword category.
Available via FTP Implementation is available using FTP.
Commercially Available This implementation can be purchased.
Free Available at no charge, although other restrictions may apply.
Limited Availability Need to contact provider for terms and conditions of distribution.
IDS Working Group [Page 3]
RFC 1632 X.500 Catalog May 1994
Source Source code is available, potentially at an additional cost.
2.1.2 Conformance with Proposed Internet Standards
These RFCs specify standards track protocols for the Internet community. Implementations which conform to these evolving proposed standards have a higher probability of interoperating with other implementations deployed on the Internet.
RFC-1274 Implementation supports RFC 1274: Barker, P., and S. Kille, The COSINE and Internet X.500 Schema, University College, London, England, November 1991.
RFC-1276 Implementation supports RFC 1276: Kille, S., Replication and Distributed Operations extensions to provide an Internet Directory using X.500, University College, London, England, November 1991.
RFC-1277 Implementation supports RFC 1277: Kille, S., Encoding Network Addresses to support operation over non-OSI lower layers, University College, London, England, November 1991.
RFC-1485 Implementation supports RFC 1485: Kille, S., A String Representation of Distinguished Names, ISODE Consortium, July 1993.
RFC-1487 Implementation supports RFC 1487: Yeong, W., T. Howes, and S. Kille, X.500 Lightweight Directory Access Protocol, July 1993.
2.1.3 Consistence with Informational and Experimental Internet RFCs
These RFCs provide information to the Internet community and are not Internet standards. Compliance with these RFCs is not necessary for interoperability but may enhance functionality.
RFC-1202 Implementation supports RFC 1202: Rose, M. T., Directory
IDS Working Group [Page 4]
RFC 1632 X.500 Catalog May 1994
Assistance Service. February 1991.
RFC-1249 Implementation supports RFC 1249: Howes, T., M. Smith, and B. Beecher, DIXIE Protocol Specification, University of Michigan, August 1991.
RFC-1275 Implementation supports RFC 1275: Kille, S., Replication Requirements to provide an Internet Directory using X.500, University College, London, England, November 1991.
RFC-1278 Implementation supports RFC 1278: Kille, S., A string encoding of Presentation Address, University College, London, England, November 1991.
RFC-1279 Implementation supports RFC 1279: Kille, S., X.500 and Domains, University College, London, England, November 1991.
RFC-1484 Implementation supports RFC 1484: Kille, S., Using the OSI Directory to achieve User Friendly Naming, ISODE Consortium, July 1993.
API Implementation comes with an application programmer's interface (i.e., a set of libraries and include files).
DSA Only Implementation consists of a DSA only. No DUA is included.
DSA/DUA Both a DSA and DUA are included in this implementation.
DUA Interface Implementation is a DUA-like program that uses either DAP, but supporting only a subset of the DAP functionality, or uses a protocol different from DAP to communicate with a DSA or DUA.
DUA Only Implementation consists of a DUA only. No DSA is included.
IDS Working Group [Page 5]
RFC 1632 X.500 Catalog May 1994
LDAP DUA interface program uses the Lightweight Directory Access Protocol (LDAP).
DUA Connectivity The DUA can be connected to the pilot, and information on any pilot entry looked up. The DUA is able to display standard attributes and object classes and those defined in the COSINE and Internet Schema.
DSA Connectivity The DSA is connected to the DIT, and information in this DSA is accessible from any pilot DUA.
Limited Functionality Survey states that the implementation has some shortcomings or intended lack of functionality, e.g., omissions were part of the design to provide an easy-to-use user interface.
IDS Working Group [Page 6]
RFC 1632 X.500 Catalog May 1994
Motif Implementation provides a Motif-style X Window user interface.
Needs ISODE ISODE is required to compile and/or use this implementation.
OpenLook Implementation provides an OpenLook-style X Window user interface.
X Window System Implementation uses the X Window System to provide its user interface.
This section contains an index of implementations by keyword. You can use this list to identify particular implementations that meet your chosen criteria.
The index is organized as follows: keywords appear in alphabetical order; implementations characterized by that keyword are listed alphabetically as well. Note that a "*" is used to indicate that the particular implementation, or feature of the implementation, may not be available at this time.
For formatting purposes, we have used the following abbreviations for implementation names: BULL S.A. (Bull X500-DS and X500-DUA), DEC X.500 DSA (DEC X.500 Directory Server), DEC X.500 Admin (DEC X.500 Administration Facility), HP X.500 DD (HP X.500 Distributed Directory), LDAP (University of Michigan LDAP Implementation), OSI Access & Dir (OSI Access and Directory), and Traxis (Traxis Enterprise Directory).
IDS Working Group [Page 8]
RFC 1632 X.500 Catalog May 1994
386 CLNS
PathWay Messaging Bull S.A. PC-DUA DEC X.500 DSA UCOM X.500 DEC X.500 Admin DIR.X API HP X.500 DD HP X.500 DUA Bull S.A. OSI Access & Dir Custos PathWay Messaging DEC X.500 DSA Traxis DEC X.500 Admin UCOM X.500 DIR.X Wang OPEN/services HP X.500 DD XT-DUA HP X.500 DUA XT-QUIPU LDAP OSI Access & Dir Commercially Available QUIPU Traxis Bull S.A. UCOM X.500 DEC X.500 DSA DEC X.500 Admin Available via FTP DIR.X Directory 500 Custos HP X.500 DD DE HP X.500 DUA DOS-DE OSI Access & Dir LDAP PathWay Messaging ldap-whois++ PC-DUA maX.500 Traxis Xdi UCOM X.500 Wang OPEN/services Bull XT-DUA XT-QUIPU Bull S.A. UCOM X.500 DEC ULTRIX XT-DUA XT-QUIPU DEC X.500 DSA DEC X.500 Admin CDC LDAP ldap-whois++ OSI Access & Dir UCOM X.500
DEC VAX OpenVMS
DEC X.500 DSA DEC X.500 Admin
IDS Working Group [Page 9]
RFC 1632 X.500 Catalog May 1994
DSA Connectivity DUA Interface
DIR.X DE OSI Access & Dir DOS-DE PathWay Messaging LDAP QUIPU ldap-whois++ UCOM X.500 maX.500 XT-QUIPU OSI Access & Dir Pathway Messaging DSA Only PC-DUA QuickMailDUA DEC X.500 DSA Wang OPEN/services XT-QUIPU DUA Only DSA/DUA DEC X.500 Admin Bull S.A. HP X.500 DUA Custos MXLU DIR.X PC-Pages Directory 500 Xdi HP X.500 DD XLU OSI Access & Dir XT-DUA PathWay Messaging QUIPU Free Traxis UCOM X.500 Custos Wang OPEN/services DE DOS-DE DUA Connectivity LDAP ldap-whois++ DIR.X maX.500 LDAP MXLU maX.500 QUIPU MXLU Xdi OSI Access & Dir XLU PathWay Messaging PC-DUA HP PC-Pages QUIPU DIR.X UCOM X.500 HP X.500 DD Xdi HP X.500 DUA XLU LDAP XT-DUA *Traxis Wang OPEN/services XT-DUA XT-QUIPU
IDS Working Group [Page 10]
RFC 1632 X.500 Catalog May 1994
IBM PC Limited Functionality
DOS-DE Custos LDAP Wang OPEN/services OSI Access & Dir Xdi PathWay Messaging PC-DUA Macintosh PC-Pages Traxis LDAP Wang OPEN/services maX.500 PathWay Messaging IBM RISC *Traxis
DIR.X Motif LDAP *Traxis DEC X.500 Admin UCOM X.500 MXLU Wang OPEN/services UCOM X.500 XT-DUA XT-DUA XT-QUIPU Multiple Vendor Platforms ICL Custos *XT-DUA DE XT-QUIPU DOS-DE LDAP Included In ISODE MXLU PathWay Messaging DE PC-Pages QUIPU LDAP UCOM X.500 Xdi DE XLU DOS-DE XT-DUA LDAP XT-QUIPU ldap-whois++ maX.500 Needs ISODE OSI Access & Dir *Pathway Messaging Custos PC-DUA DE *PC-Pages MXLU QuickMailDUA Limited Availability Xdi XLU PC-Pages QuickMailDUA
UCOM X.500 OSI Access & Dir XT-DUA RFC-1274 OSI Transport DE Bull S.A. DEC X.500 DSA Custos DEC X.500 Admin DEC X.500 DSA DOS-DE DEC X.500 Admin LDAP DIR.X maX.500 HP X.500 DD OSI Access & Dir HP X.500 DUA QuickMailDUA PathWay Messaging QUIPU PC-Pages Traxis QUIPU UCOM X.500 Traxis Xdi Wang OPEN/services XT-DUA XT-DUA XT-QUIPU XT-QUIPU RFC-1275 RFC-1006 OSI Access & Dir Bull S.A. QUIPU Custos DEC X.500 DSA RFC-1276 DEC X.500 Admin DIR.X OSI Access & Dir Directory 500 QUIPU LDAP XT-QUIPU OSI Access & Dir PathWay Messaging RFC-1277 PC-Pages QUIPU DEC X.500 DSA Traxis DEC X.500 Admin UCOM X.500 DIR.X Wang OPEN/services OSI Access & Dir XT-DUA PathWay Messaging XT-QUIPU QUIPU UCOM X.500 RFC-1202 XT-DUA XT-QUIPU OSI Access & Dir PathWay Messaging
DEC X.500 DSA DEC X.500 Admin UCOM X.500 OSI Access & Dir PathWay Messaging SNI QUIPU UCOM X.500 DIR.X XT-DUA XT-QUIPU Solbourne
RFC-1279 XT-DUA XT-QUIPU OSI Access & Dir QUIPU Source UCOM X.500 XT-QUIPU DE LDAP RFC-1484 MXLU QUIPU DE Xdi DOS-DE XLU *LDAP *maX.500 Sun QUIPU Xdi Custos XT-DUA Directory 500 XT-QUIPU LDAP ldap-whois++ RFC-1485 OSI Access & Dir PathWay Messaging LDAP QuickMailDUA maX.500 QUIPU QUIPU Traxis XT-QUIPU UCOM X.500 Xdi RFC-1487 XT-DUA XT-QUIPU DE DOS-DE Tandem LDAP ldap-whois++ UCOM X.500 maX.500 PC-DUA QUIPU
IDS Working Group [Page 13]
RFC 1632 X.500 Catalog May 1994
UNIX
Custos DE ldap-whois++ MXLU QUIPU UCOM X.500 Xdi XLU
Wang
Wang OPEN/services
X Window System
MXLU OSI Access & Dir Xdi XLU XT-DUA
X.25
Bull S.A. DEC X.500 DSA DEC X.500 Admin DIR.X Directory 500 HP X.500 DD HP X.500 DUA OSI Access & Dir PathWay Messaging QUIPU Traxis UCOM X.500 Wang OPEN/services XT-DUA XT-QUIPU
In the following pages you will find descriptions of X.500 implementations listed in alphabetical order. In the case of name collisions, the name of the responsible organization, in square brackets, has been used to distinguish the implementations. Note that throughout this section, the page header reflects the name of the implementation, not the date of the document. The descriptions follow a common format, as described below:
NAME The name of the X.500 implementation and the name of the responsible organization. Implementations with a registered trademark indicate this by appending "(tm)", e.g., GeeWhiz(tm).
KEYWORDS A list of the keywords defined in Section 2 that have been used to cross reference this implementation.
ABSTRACT A brief description of the application. This section may optionally contain a list of the pilot projects in which the application is being used.
COMPLIANCE (applicable only for DSAs and DUAs) A statement of compliance with respect to the 1988 CCITT Recommendations X.500-X.521 [CCITT-88], specifically Section 9 of X.519, or the 1988 NIST OIW Stable Implementation Agreements [NIST-88].
CONFORMANCE WITH PROPOSED INTERNET STANDARDS A statement of compliance with respect to the several proposed Internet Standards.
CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs A statement of compliance with respect to the several informational and experimental Internet RFCs.
INTEROPERABILITY A list of other DUAs and DSAs with which this implementation can interoperate.
PILOT CONNECTIVITY Describes the level of connectivity it can offer to the pilot directory service operational on the Internet in North America, and to pilots co-ordinated by the PARADISE project in Europe. Levels of connectivity are: Not Tested, None, DUA Connectivity, and DSA Connectivity.
IDS Working Group [Page 15]
RFC 1632 X.500 Catalog May 1994
BUGS A warning on known problems and/or instructions on how to report bugs.
CAVEATS AND GENERAL LIMITATIONS A warning about possible side effects or shortcomings, e.g., a feature that works on one platform but not another.
INTERNETWORKING ENVIRONMENT A list of environments in which this implementation can be used, e.g., RFC-1006 with TCP/IP, TP0 or TP4 with X.25.
HARDWARE PLATFORMS A list of hardware platforms on which this application runs, any additional boards or processors required, and any special suggested or required configuration options.
SOFTWARE PLATFORMS A list of operating systems, window systems, databases, or unbundled software packages required to run this application.
AVAILABILITY A statement regarding the availability of the software (free or commercially available), a description of how to obtain the software, and (optionally) a statement regarding distribution conditions and restrictions.
DATE LAST UPDATED or CHECKED The month and year within which this implementation description was last modified.
IDS Working Group [Page 16]
RFC 1632 X.500 Catalog Bull S.A.
NAME
X500-DS X500-DUA Bull S.A.
KEYWORDS
API, Bull, CLNS, Commercially Available, DSA/DUA, OSI Transport, RFC-1006, X.25
ABSTRACT
X500-DS and X500-DUA are integral part of the large Bull OSI offer. Although based on the DCE/GDS (Distributed Computing Environment/Global Directory Service) of OSF, these two products may be installed and used without DCE environment. X500-DS is designed to implement both the DUA and the DSA functions, whilst X500-DUA only provides the DUA functions.
The X500-DUA package contains:
- The standards APIs XOM (X/Open OSI-Abstract-Data Manipulation API) and XDS (X/Open Directory Service API) for the development of portable applications, - A core DUA to translate all user's requests (bind, read, list, compare, modify, modifyRDN, search, add, remove, unbind ...) into the DAP protocol used for communication with distant DSAs, - The OSI standard protocols (ASN.1, ROSE, ACSE, Presentation and Session) for communication with the distant DSAs. The interface with the low layers of the stack being XTI. RFC-1006 is supported under XTI or the Session, - A DUA Cache to improve performances when accessing remote DSAs, - A management application for configuration of the product, controlling the operations and managing logs and traces, - A user application for the manipulations of the database entries.
The X500-DS package contains:
- All components of the X500-DUA, - A core DSA to process all requests received from distant DUAs through DAP protocol or from distant DSAs through DSP protocol. It supports the referral, chained and multi-casting modes of operation, access control lists, simple authentication, management of knowledge information (for distribution, shadows and copies of sub-trees),
IDS Working Group [Page 17]
RFC 1632 X.500 Catalog Bull S.A.
- A management application for managing the schema information (creation, deletion and modification of object classes and of attribute types, management of the rules of the DIT), - A C-ISAM database.
COMPLIANCE (applicable only for DSAs and DUAs)
Compliant with EWOS and OIW Agreements
Strong authentication in X.509 is not yet implemented. (Password scheme is currently used.)
Consists of both DUA and DSA implementation according to the 88 CCITT X.500 and ISO 9594 standard. The X/Open standard XDS and XOM interface libraries are also provided. When the product is installed with the DCE environment, XDS and XOM interfaces are also used to access DCE/CDS (Local Cell Directory Service) transparently. A GDA (Global Directory Agent) serves then as the gateway between the DCE CDS and GDS.
It is planned to support full 1992 extensions in the products for 1995.
CONFORMANCE WITH PROPOSED INTERNET STANDARDS
[No information provided--Ed.]
CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs
[No information provided--Ed.]
INTEROPERABILITY
This implementation of DAP and DSP can interoperate with other X.500 implementations from other Cebit demo participants including IBM, HP, ICL, Siemens-Nixdorf, etc. It also interoperates with ISODE QUIPU.
PILOT CONNECTIVITY
[No information provided--Ed.]
BUGS
[No information provided--Ed.]
IDS Working Group [Page 18]
RFC 1632 X.500 Catalog Bull S.A.
CAVEATS AND GENERAL LIMITATIONS
[No information provided--Ed.]
INTERNETWORKING ENVIRONMENT
OSI TP4 with CLNP (WAN - LAN) OSI TP0, 2 & 4 with X.25 (WAN) RFC-1006 with TCP/IP Either BSD sockets or XTI can be used to access the transports Through XTI, both OSI and TCP/IP protocols are possible on the same machine, thus permitting to build a Directory Service distributed on OSI and TCP/IP networks.
OSI Access and Directory includes several DUAs and a QUIPU based DSA (originally based on version 6.6) with enhancements. The DUA/DSA enhancements include:
- Directory API based on the X.400 API. - Support for X.400 objects including those to support MHS use of Directory to support MHS Routing. - Integration with Control Data's MailHub (X.400 MHS) products. - X Windows, curses and command line based DUA interfaces on UNIX. These interfaces support the full set of Directory operations. - Windows 3.x interface on PCs. - A DUA daemon that provides Directory access for applications. - LDAP 2.0 and 3.0 support. - Directory synchronization tools for synchronizing most PC/Mac/Dec mail directories with X.500. - Enhanced photo attribute support. - ACL enhancements. - Hash indexing for fast string search. - DIXIE, DAD and PH.X500 support. - SNMP based monitoring and management of DSAs.
Control Data Systems offers complete integration services to design, plan, install, configure, tailor and maintain X.500 services. These services may include the preparation of customer unique DUAs and tools for X.500 integration, synchronization, operational control and management. OSI Access and Directory is in production use at several government, commercial and academic sites. Some sites are supporting Directories in excess of 120,000 entries.
IDS Working Group [Page 20]
RFC 1632 X.500 Catalog Control Data Systems Inc.
COMPLIANCE (applicable only for DSAs and DUAs)
OSI Access and Directory complies with the 1988 CCITT Recommendations X.500-X.521 [CCITT-88] and the 1988 NIST OIW Stable Implementation Agreements [NIST-88]. OSI Access and Directory only supports simple authentication or no authentication. OSI Access and Directory complies with all static and dynamic requirements of X.519. OSI Access and Directory can act as a first-level DSA.
OSI Access and Directory will support some 1993 X.500 extensions in 1994 with full support in 1995/1996.
CONFORMANCE WITH PROPOSED INTERNET STANDARDS
OSI Access and Directory is compliant with the following RFCs: [RFC 1274], [RFC 1276], and [RFC 1277].
CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs
OSI Access and Directory also supports the required objects, attributes and attribute syntaxes for MHS use of Directory to support MHS Routing.
INTEROPERABILITY
OSI Access and Directory was tested against HP, DEC, ISODE Consortium and Wollongong implementations at the COS Interoperability Test Lab in May 1993. The OSINET Interoperability Tests were used. Please refer OSINET for test results. OSI Access and Directory has also been informally tested at trade shows with implementations from UNISYS and Retix.
PILOT CONNECTIVITY
OSI Access and Directory is connected via DSAs and DUAs to the PSI White Pages Project. OSI Access and Directory provides the base routing tree for the MHS Use of Directory pilot (Longbud) on the Internet.
BUGS
Control Data Systems provides complete software maintenance services with products.
IDS Working Group [Page 21]
RFC 1632 X.500 Catalog Control Data Systems Inc.
CAVEATS and GENERAL LIMITATIONS
[No information provided--Ed.]
INTERNETWORKING ENVIRONMENT
RFC1006 with TCP/IP, TP4 with CNLS, TP0 with X.25.
HARDWARE PLATFORMS
OSI Access and Directory runs on all MIPS and SUN SPARC platforms. Windows based DUAs available with OSI Access and Directory run on Windows 3.x compatible IBM PCs.
SOFTWARE PLATFORMS
Distributed and supported for Sun OS version 4.1.x, Sun Solaris 2.x and Control Data EP/IX (Control Data's MIPS based OS). Other platforms are pending. TP4 connectivity on SUN OS requires SUN OSI.
AVAILABILITY
Commercially available from:
Control Data Systems Inc. Network Solutions, ARH290 4201 Lexington Avenue North Arden Hills, MH 55126-6198 U.S.A.
1-800-257-OPEN (U.S. and Canada) 1-612-482-6736 (worldwide) FAX: 1-612-482-2000 (worldwide) EMAIL: info@cdc.com or s=info;p=cdc;a=attmail;c=us
DATE LAST UPDATED or CHECKED
November 22nd, 1993
IDS Working Group [Page 22]
RFC 1632 X.500 Catalog Custos
NAME
Custos National Institute of Standards and Technology
KEYWORDS
API, Available via FTP, DSA/DUA, Free, Limited Functionality, Multiple Vendor Platforms, Needs ISODE, OSI Transport, RFC-1006, Sun, UNIX
ABSTRACT
The implementation consists of a set DUA library routines, a terminal interface, and a DSA. The implementation was developed in C on Sun SPARCstations under SunOS 4.1.1. All underlying services are provided by the ISODE development package. The development package is also used for encoding and decoding ASN.1 data as well as for other data manipulation services. Using the ISODE package the implementation can be run over both TCP/IP and OSI protocols.
The DSA provides full support for both DAP and DSP protocols, conformant with ISO 9594 / CCITT X.500 standards. The DIB is maintained using a locally developed relational database system. The interface to the database system consists of a set of sql-like C functions. These are designed to allow straightforward replacement of the local database system with a more powerful commercial system. To achieve better performance several options are supported that permit loading of selected portions of the database in core. When these options are selected data can be retrieved more quickly from in core tables; all modifications to the DIB are directly reflected in the in core tables and the database.
COMPLIANCE (applicable only for DSAs and DUAs)
Custos is fully compliant with the 1988 Standard with the following omissions:
There are no present plans to extend Custos to include the 1992 X.500 extensions.
CONFORMANCE WITH PROPOSED INTERNET STANDARDS
[No information provided--Ed.]
CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs
[No information provided--Ed.]
INTEROPERABILITY
Have successfully interoperated with QUIPU and OSIWARE over the DAP. No DSP interoperability testing has been done.
PILOT CONNECTIVITY
Limited DUA and DSA connectivity to PSI White Pages Project.
BUGS
Bugs may be reported to the general discussion list, x500@osi.ncsl.nist.gov.
CAVEATS and GENERAL LIMITATIONS
No limitations on file sizes, etc. The only side effects to creating large files should be in the area of performance. Specifically, optimization requires loading parts of the DIB in core so greater memory requirements will be necessary for achieving better performance with a large database. Any platform the implementation can be ported to (generally any platform ISODE can be ported to) should support all features.
INTERNETWORKING ENVIRONMENT
RFC-1006; TP4/CLNP (SunLinkOSI) over 802 and X.25 (SunLink X.25).
HARDWARE PLATFORMS
It's only been run on Sun 3 and SPARC, but there are no known reasons why it shouldn't run on any hardware running the ISODE software.
IDS Working Group [Page 24]
RFC 1632 X.500 Catalog Custos
SOFTWARE PLATFORMS
It requires UNIX and the ISODE software package. It's been developed and tested with ISODE version 7.0 and Sun OS version 4.1.1. Uses a locally developed relational DBMS that should be easily replaceable with commercially available relational systems.
AVAILABILITY
Custos, the NIST implementation of X.500, the OSI Directory, is available for anonymous ftp from osi.ncsl.nist.gov (129.6.48.100) using the convention (user name = anonymous, password = ident). The software is available in two forms: a tar file and a compressed tar file.
Note: permissions on the directory ./pub/directory are set so that you will be able to "get" files whose names you can provide. However, you will not be able to "ls" the contents of the directory.
DATE LAST UPDATED or CHECKED
March 5th, 1993
IDS Working Group [Page 25]
RFC 1632 X.500 Catalog DE
NAME
DE
KEYWORDS
Available via FTP, DUA Interface, Free, Included in ISODE, LDAP, Multiple Vendor Platforms, Needs ISODE, RFC-1274, RFC-1484, RFC-1487, Source, UNIX
ABSTRACT
DE (Directory Enquiries) is intended to be a simple-to-use DUA interface, suitable for the naive user, and suitable for running as a public access dua. it will work on any terminal. The user is presented with a series of (verbose) prompts asking for person's name; department; organization; country. There is extensive on-line help. The matching algorithms are such that near matches are presented to the user before less good matches.
A lot of development has been done on the interface since it was first described in RFC1292. The most significant enhancement has been to add power searching - this allows a user to search for an entry even when they do not know the name of the organisation in which the person works - you still have to specify the country. DE now provides UFN style searching. It is now possible to search locality entries. DE now uses slightly different search algorithms depending on whether it is accessing part of the Directory mastered by a Quipu DSA - Quipu DSAs tend to use lots of replication and so encourage searching. An experimental feature is intended to give the user more feedback on the likely response time to a query - DE maintains a database of past information availability and DSA responsiveness. Translations exist into at least 4 different languages.
DE runs over ISODE DAP and University of Michigan LDAP. There is a version of DE, called DOS-DE, which has been ported to DOS, and this uses LDAP.
DE was funded by the COSINE PARADISE project, and DE is used as the PARADISE public access dua. You can test the software by telnet to 128.86.8.56 and logging in as dua -- no password required.
DE tries to cater well for the general case, at the expense of not dealing with the less typical. The main manifestation of this is that the current version does not handle searching under localities very well.
It is not possible to display photographs or reproduce sound attributes.
INTERNETWORKING ENVIRONMENT
As for ISODE.
HARDWARE PLATFORMS
As for ISODE.
SOFTWARE PLATFORMS
As for ISODE.
IDS Working Group [Page 27]
RFC 1632 X.500 Catalog DE
AVAILABILITY
The software is openly available as part of ISODE-8.0. An enhanced version is available as part of the PARADISE project upgrade.
Both these versions are available by FTP from <ftp.paradise.ulcc.ac.uk>, as src/isode-8.tar.Z and src/isode- paradise.tar.Z.
The very latest code will be made available with the ISODE Consortium release of ISODE. It is hoped it will be freely available to all.
DEC X.500 Directory Server Digital Equipment Corporation
KEYWORDS
API, CLNS, Commercially Available, DEC ULTRIX, DEC VAX OpenVMS, DSA Only, OSI Transport, RFC-1006, RFC-1274, RFC-1277, RFC-1278, X.25
ABSTRACT
The DEC X.500 Directory Server product provides a high performance Directory System Agent implemented according to the 1993 edition of ISO/IEC 9594 and the CCITT X.500 series of Recommendations.
Specific features provided include:
(1) Integrated multi-protocol support allowing concurrent DAP and DSP access over OSI and TCP/IP (using RFC1006) protocols. (2) Indexed database supports high-performance searching and sophisticated matching including approximate match. (3) Based on the 1993 edition Extended Information Models. (4) Support for chaining and referrals in support of a distributed Directory Information Base. (5) Support for the 1993 edition Simplified Access Control scheme. (6) Configurable schema based on the 1993 edition (including attributes, object classes, structure rules, name forms). (7) Support for a simple Shadowing protocol to enhance read availability. (8) Remote management facilities to configure and control DSAs and log significant events. (9) Provides the X/OPEN XDS/XOM Application Program Interface so that customers can construct their own DUA applications.
For Directory User Agent facilities see the associated entry for the DEC X.500 Administration Facility
COMPLIANCE (applicable only for DSAs and DUAs)
Conformance with respect to clause 9.2 of ISO/IEC 9594-5:1993:
(1) Supports the directoryAccessAC (DAP) and directorySystemAC (DSP) application contexts. (2) The DSA is capable of acting as a first-level DSA. (3) Chaining is supported.
IDS Working Group [Page 29]
RFC 1632 X.500 Catalog DEC DSA
(4) Bind security levels of simple (unprotected password) and none are supported. (5) All attribute types defined in ISO/IEC 9594-6:1993 are supported except for 1993 edition supertypes and collective attributes and EnhancedSearchGuide. Customers can define new attribute types. UNIVERSAL STRING is not supported for attributed based on DirectoryString. (6) All object classes defined in ISO/IEC 9594-7:1993 are supported. Customers can define new object classes. (7) The following operational attributes are supported: governingStructureRule createTimestamp modifyTimestamp myAccessPoint superiorKnowledge supplierKnowledge consumerKnowledge specificKnowledge dseType PrescriptiveACI (8) Dynamic modification of object class is permitted (9) A subset of Simplified Access Control is supported. (10) All name forms defined in ISO/IEC 9594-7:1993 are supported. Customers can defined new name forms and structure rules.
The X.500 Directory Server is compatible with and interworks with 1988 edition DUAs and DSAs. It is implemented to conform to relevant NIST OIW and EWOS agreements and the X.500 Implementors Guide.
All interoperability test results will be available on request from Digital. Interoperability testing is being undertaken using the harmonized OSIone X.500 test suite to which both OSInet and EurOSInet have been key contributors.
IDS Working Group [Page 30]
RFC 1632 X.500 Catalog DEC DSA
PILOT CONNECTIVITY
Digital is actively involved in both public and private pilots of X.500.
BUGS
[No information provided--Ed.]
CAVEATS and GENERAL LIMITATIONS
[No information provided--Ed.]
INTERNETWORKING ENVIRONMENT
The DEC X.500 Directory Service V1.0 operates over:
* RFC 1006 over TCP/IP on ULTRIX platforms. * OSI TP0, TP2 and TP4 over CLNS and CONS as appropriate on ULTRIX and OpenVMS platforms
HARDWARE PLATFORMS
The DEC X.500 Directory Service V1.0 runs on:
* VAX processors supported by OpenVMS * RISC processors supported by ULTRIX
SOFTWARE PLATFORMS
The DEC X.500 Directory Service V1.0 runs on:
* OpenVMS/VAX V5.5-2 or later running DECnet-VAX Extensions V5.4 * ULTRIX/RISC V4.2 or later running DECnet/OSI for ULTRIX, V5.1 or later.
For availability on other hardware and software platforms please contact Digital.
AVAILABILITY
The DEC X.500 Directory Service is commercially available from Digital Equipment Corporation. For further information please contact your local Digital office, or:
Digital Equipment Corporation Networks and Communications Engineering 550 King Street Littleton, MA. 01460-1289 USA
DATE LAST UPDATED
August 2nd, 1993
IDS Working Group [Page 32]
RFC 1632 X.500 Catalog DEC X.500 Admin. Facility
NAME
DEC X.500 Administration Facility Digital Equipment Corporation
KEYWORDS
API, CLNS, Commercially Available, DEC ULTRIX, DEC VAX OpenVMS, DUA Only, Motif, OSI Transport, RFC-1006, RFC-1274, RFC-1277, RFC-1278, X.25
ABSTRACT
The DEC X.500 Administration Facility product provides both command line and Motif interfaces to manage the information stored in the X.500 directory.
Specific features provided include:
(1) Multi-protocol support allowing DAP access over OSI and TCP/IP (using RFC1006) protocols. (2) Driven off the same configurable schema information as the DEC X.500 Directory Service. (3) Supports command line and OSF Motif interface styles. (4) Provides access to all X.500 services.
Specific features of the OSF Motif interface include:
(1) Supports two ways of accessing directory information, either by browsing the directory tree or by searching. (2) Easy-to-use search based on customer-extensible set of predefined filters. (3) Window layouts and text fully extensible, based on the schema, to support customer-defined object classes and attributes. (4) Easy-to-use forms based method for creating and modifying entries that simplifies use of the X.500 services.
See also the entry for the DEC X.500 Directory Service.
COMPLIANCE (applicable only for DSAs and DUAs)
Conformance with respect to clause 9.1 of ISO/IEC 9594-5:1993:
(1) Supports the all operations of the directoryAccessAC application context.
IDS Working Group [Page 33]
RFC 1632 X.500 Catalog DEC X.500 Admin. Facility
(2) Bind security levels of none and simple (unprotected passwords).
Interoperability test results will be available on request from Digital. Interoperability testing is being undertaken using the harmonized OSIone X.500 test suite to which both OSInet and EurOSInet have been key contributors.
PILOT CONNECTIVITY
Digital is actively involved in both public and private pilots of X.500.
BUGS
[No information provided--Ed.]
CAVEATS and GENERAL LIMITATIONS
[No information provided--Ed.]
INTERNETWORKING ENVIRONMENT
The DEC X.500 Administration Facility operates over:
* RFC 1006 over TCP/IP on ULTRIX platforms. * OSI TP0, TP2 and TP4 over CLNS and CONS as appropriate on ULTRIX and OpenVMS platforms
HARDWARE PLATFORMS
The DEC X.500 Administration Facility V1.0 runs on:
* VAX processors supported by OpenVMS * RISC processors supported by ULTRIX
IDS Working Group [Page 34]
RFC 1632 X.500 Catalog DEC X.500 Admin. Facility
SOFTWARE PLATFORMS
The DEC X.500 Administration Facility V1.0 runs on:
* OpenVMS/VAX V5.5-2 or later running DECnet-VAX Extensions V5.4 * ULTRIX/RISC V4.2 or later running DECnet/OSI for ULTRIX, V5.1 or later.
For availability on other hardware and software platforms please contact Digital.
AVAILABILITY
The DEC X.500 Administration Facility is commercially available from Digital Equipment Corporation. For further information please contact your local Digital office, or:
Digital Equipment Corporation Networks and Communications Engineering 550 King Street Littleton, MA. 01460-1289 USA
DATE LAST UPDATED
August 2nd, 1993
IDS Working Group [Page 35]
RFC 1632 X.500 Catalog DIR.X
NAME
DIR.X (tm) V3.0 Siemens Nixdorf Informationssysteme AG
KEYWORDS
API, CLNS, Commercially Available, DSA Connectivity, DSA/DUA, DUA Connectivity, HP, IBM RISC, OSI Transport, RFC-1006, RFC-1277, SNI, X.25
ABSTRACT
DIR.X is the Siemens Nixdorf X.500 product on which the OSF DCE/GDS (Distributed Computing Environment/Global Directory Service) is based. It supports full DUA and DSA functionality for globally unique identification and location of objects in a network. It also provides functions to answer queries (both yellow-page and white- page) about objects and attribute information. The software implements full DAP and DSP protocols specified in X.519. The required ACSE, ROSE, Presentation, Session and RFC-1006 protocol implementations are also included. It also supports RFC-1277.
Additional features include proprietary Replication and Access Control, Caching, Tree-handling utilities and (Remote) Administration.
COMPLIANCE (applicable only for DSAs and DUAs)
Consists of both DUA and DSA implementations according to the CCITT X.500 (1988) and ISO 9594 standard. The X/Open standard APIs for XDS and XOM are provided. The XDS interface can also be used to access the OSF DCE/CDS (DCE local Cell Directory Service) transparently.
DIR.X has been successfully conformance tested. PICS and PCTRs are available for all tested protocols: DSA/DAP, DUA/DAP, Presentation, ACSE and Session embedded in X.500.
Compliant with EWOS Agreements (which are being harmonized with OIW Agreements).
Strong authentication according to X.509 and an XDS/XOM convenience library will be included in the next version (Q2 1994). Support for X.500 (1993) is planned for Q4 1994.
IDS Working Group [Page 36]
RFC 1632 X.500 Catalog DIR.X
CONFORMANCE WITH PROPOSED INTERNET STANDARDS
[No information provided--Ed.]
CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs
[No information provided--Ed.]
INTEROPERABILITY
This implementation of DAP and DSP has successfully interoperated with the X.500 implementations from ICL, UNISYS, E3X and ISODE.
PILOT CONNECTIVITY
Several DIR.X DSAs are connected to the European X.500 pilot network PARADISE. (DUA and DSA connectivity.)
BUGS
Problems and bug-report e-mail address: dirx-info@mch.sni.de
CAVEATS AND GENERAL LIMITATIONS
The software is highly portable and without any general limitations.
INTERNETWORKING ENVIRONMENT
OSI TP4 with CLNP OSI TP0, 2 & 4 with X.25 RFC-1006 with TCP/IP
DIR.X can use either BSD sockets or XTI/TLI to access the Transport Service.
HARDWARE PLATFORMS
SNI's hardware platforms, IBM's RS/6000 and Hewlett Packard's HP9000 among others.
SOFTWARE PLATFORMS
SINIX (UNIX System V Release 4), OSF/1.1, AIX 3.1, HP-UX. A port to Windows-NT is planned for Q2 1994.
AVAILABILITY
DIR.X can be delivered as a binary product or as source to OEM customers. The DIR.X product is commercially available from:
IDS Working Group [Page 37]
RFC 1632 X.500 Catalog DIR.X
Siemens Nixdorf Informationssysteme SNI BU BA NM 12 D-81739 Munich Germany
Directory 500 (D500) is a comprehensive implementation of the CCITT X.500 recommendations. D500 is comprised of two major components which are responsible for manipulating the data in the OSI Directory. They are the Directory User Agent (DUA) and the Directory System Agent (DSA).
The DUA is the interface between the OSI Directory and those users wishing access to the Directory's information. Users make their requests through the DUA. When forwarding user's requests to the OSI Directory, the protocol used is known as the Directory Access Protocol (DAP).
The DSA will negotiate with other, remote DSAs to obtain requested information or to update remote DIBs. DSAs use the Directory System Protocol (DSP) to forward and answer these requests. The DSA supports chaining and referrals.
COMPLIANCE (applicable only for DSAs and DUAs)
All X.500 1988 operations are supported along with all Object Classes specified in X.521 and all Attribute Types specified in X.520.
Implementation plans include upgrades to support the 1992 extensions to X.500 in 1994. Please check with OSIware / Infonet Software Solutions for availability dates.
CONFORMANCE WITH PROPOSED INTERNET STANDARDS
[No information provided--Ed.]
CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs
[No information provided--Ed.]
IDS Working Group [Page 39]
RFC 1632 X.500 Catalog Directory 500
INTEROPERABILITY
Tested with QUIPU. Other interoperability information not available at this time.
Any Sun SPARC with 16 MB memory, 40 MB free disk Please enquire if interested in other platforms such as: SCO Unix, AIX
SOFTWARE PLATFORMS
Sun OS 4.1.x. Runs over TCP/IP, or X.25 (SunNet X.25 Version 7 required)
AVAILABILITY
Directory 500 is commercially as executable object code or as source code form from: OSIware / Infonet Software Solutions 4400 Dominion Street, Suite 210 Burnaby, BC V5G 4G3 CANADA
Available via FTP, DUA Interface, Free, IBM PC, LDAP, Multiple Vendor Platforms, RFC-1274, RFC-1484, RFC-1487
ABSTRACT
DOS-DE (DOS Directory Enquiries) is intended to be a simple-to-use DUA interface suitable for the naive user. It is an MS-DOS port of the standard UNIX DE implementation - see the entry on DE for full details. (All of the features DE are supported apart from the experimental `Quality of Service' code).
The user is presented with a series of (verbose) prompts asking for person's name; department; organization; country. There is extensive on-line help. The matching algorithms are such that near matches are presented to the user before less good matches. `Power searching' is also available - this allows a user to search for an entry even when they do not know the name of the organisation in which the person works - you still have to specify the country. DOS-DE provides UFN style searching. It is also possible to search locality entries. DOS-DE uses slightly different search algorithms depending on whether it is accessing part of the Directory mastered by a Quipu DSA - Quipu DSAs tend to use lots of replication and so encourage searching.
DOS-DE runs over the University of Michigan LDAP.
DE was funded by the COSINE PARADISE project. DOS-DE was developed by Andy Powell at the University of Bath.
DOS-DE tries to cater well for the general case, at the expense of not dealing with the less typical. The main manifestation of this is that the current version does not handle searching under localities very well.
It is not possible to display photographs or reproduce sound attributes.
INTERNETWORKING ENVIRONMENT
University of Michigan LDAP.
HARDWARE PLATFORMS
IBM PC/AT/XT and compatibles.
SOFTWARE PLATFORMS
LDAP for MS-DOS running over the NCSA Telnet stack or SUN's PCNFS version 4.1 or Novell's LAN Workplace (LWP).
AVAILABILITY
The software is openly available by FTP from ftp.bath.ac.uk, as pub/x500/dosde.zip.
The very latest code will be made available with the ISODE Consortium release of ISODE. It is hoped it will be freely available to all.
Contact:
IDS Working Group [Page 42]
RFC 1632 X.500 Catalog DOS-DE
A.Powell@bath.ac.uk
DATE LAST UPDATED or CHECKED
March 18th, 1993
IDS Working Group [Page 43]
RFC 1632 X.500 Catalog HP X.500 Dist. Dir. Products
NAME
HP X.500 Distributed Directory Products Hewlett Packard
KEYWORDS
API, CLNS, Commercially Available, DSA/DUA, DUA only, HP, OSI Transport, X.25
ABSTRACT
HP X.500 Distributed Directory. Its main components are:
DUA, and DUA Interface, DSA and DIB support, X.500 Address Lookup, X/Open Application Tool Kit API (XAT) for XDS/XOM Interface, X.500 High Level API (X5HLAPI) for XDS/XOM Interface.
HP X.500 DUA. Its main components are:
DUA, and DUA Interface, X.500 Address Look-up, X/Open Application Tool Kit API (XAT) for XDS/XOM Interface, X.500 High Level API (X5HLAPI) for XDS/XOM Interface.
HP X.500 Distributed Directory is based on the 1988 CCITT X.500 standard. HP X.500 can be used for accessing names and electronic mail addresses for multi-vendor messaging backbone networks. HP X.500 can also be used for the development of networked applications requiring distributed directory functionality.
HP OpenMail users can access the enterprise wide HP X.500 distributed directory directly from the HP OpenMail user interface, and select X.500 addresses for mailing. HP-UX Sendmail users can access electronic mail addresses from a X.500 server over a TCP/IP network.
Users of non-HP e-mail systems can access data stored in the X.500 Directory using X.500 Address Look-up. X.500 Address Look-up has an easy to use interface, and phonetic search capability.
HP X.500 Distributed Directory includes a complete multi-threaded DUA and DSA. The X.500 DIB is built on a database which has been optimized for X.500 performance. HP X.500 contains full support for DAP and DSP protocols.
IDS Working Group [Page 44]
RFC 1632 X.500 Catalog HP X.500 Dist. Dir. Products
Data Shadowing and security access control of HP X.500 Distributed Directory allow higher performance, and easier management of its DIB database in a global environment.
HP X.500 Distributed Directory has menu driven administration and user interface tools. The tools simplify directory configuration and data retrieval. It supports X/Open X.500 APIs (XDS and XOM), and high level APIs on top of XDS to allow developers to write their own X.500 based applications.
HP X.500 Distributed Directory supports comprehensive tracing and logging facilities for quick diagnosis and resolution of problems. HP also provides a rich set of troubleshooting tools to check the interoperability of the network at various layers of the OSI stack.
COMPLIANCE (applicable only for DSAs and DUAs)
HP X.500 Distributed Directory complies with the following standards:
CCITT X.501: The Directory - Models CCITT X.509: The Directory - Authentications Framework* CCITT X.511: The Directory - Abstract Service Definition CCITT X.518: The Directory - Procedures for Distributed Operations CCITT X.519: The Directory - Protocol Specifications CCITT X.520: The Directory - Selected Attribute Types CCITT X.521: The Directory - Selected Object Classes CCITT X.219: Remote Operations - Model, Notation and Service Definition CCITT X.229: Remote Operations - Protocol Specifications
*x.509 describes simple and strong authentication. HP X.500 Distributed Directory supports simple authentication. Strong authentication is not supported in the current release due to limited market demand.
HP X.500 Distributed Directory will comply with NIST and EWOS directory functional profiles. Based on factors such as market needs and NIST recommendations, HP will implement subsets of 1992 CCITT functionality in a phased approach.
CONFORMANCE WITH PROPOSED INTERNET STANDARDS
[No information provided--Ed.]
CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs
[No information provided--Ed.]
IDS Working Group [Page 45]
RFC 1632 X.500 Catalog HP X.500 Dist. Dir. Products
INTEROPERABILITY
HP has done some unofficial interoperability testing. HP would welcome suggestions on priorities for vendor interoperability testing.
PILOT CONNECTIVITY
[No information provided--Ed.]
BUGS
[No information provided--Ed.]
LIMITATIONS
HP X.500 Distributed Directory supports up to 30 DSA connections at one time. This limit could be increased in the future if needed.
INTERNETWORKING ENVIRONMENT
HP X.500 Distributed Directory resides on an OSI stack, and can be used in 802.3 LAN, or X.25 CLNS or CONS environment. HP is investigating implementing X.500 for the TCP/IP environment.
HARDWARE PLATFORMS
HP X.500 Distributed Directory is available on HP 9000 Series 800 family of high performance servers which are scalable platform.
The HP X.500 Address Look-up facility is also available for the HP 9000 Series 300 and Series 700 for customers who have purchased the X.500 product.
SOFTWARE PLATFORMS
HP X.500 Distributed Directory requires the following software environment:
- HP-UX Operating System 8.0 or later - OSI Transport Services/9000 for the Series 800 - HP Lan Link or HP X.25 product - Network Tracing and Logging - ANSI C compiler (for the HP/XDS API)
IDS Working Group [Page 46]
RFC 1632 X.500 Catalog HP X.500 Dist. Dir. Products
AVAILABILITY
HP X.500 Distributed Directory is commercial available. The product can be ordered through HP Sales offices. The ordering numbers are:
P/N J2152A HP X.500 Distributed Directory/9000 for the Series 800. Product contains DSA server and DUA client.
P/N J2153A HP X.500 DUA/9000 for the Series 800. Product contains only DUA client.
DATE LAST UPDATED or CHECKED
August 16th, 1993.
IDS Working Group [Page 47]
RFC 1632 X.500 Catalog Univ. of Mich. LDAP Imple.
NAME
University of Michigan LDAP Implementation
KEYWORDS
API, Available via FTP, DEC ULTRIX, DUA Connectivity, DUA Interface, Free, HP, IBM PC, IBM RISC, LDAP, Macintosh, Multiple Vendor Platforms, RFC-1006, RFC-1274, RFC-1484, RFC-1485, RFC-1487, Source, Sun
ABSTRACT
LDAP is the Lightweight Directory Access Protocol. It gives X.500 access to platforms that have only TCP/IP access, using simplified BER encoding of many X.500 data elements. LDAP is currently a proposed Internet Standard. The LDAP server is an intermediate protocol server that communicates with Internet clients on one side using the simple TCP-based LDAP protocol and an X.500 DSA on the other side using the Directory Access Protocol (DAP). A subset of the X.500 DAP is exported to the clients through the LDAP protocol.
The U-M LDAP distribution contains the following components:
- LDAP server - LDAP client library, including both synchronous and asynchronous APIs - Lightweight BER library, including an API that supports a printf/scanf-like interface - Various LDAP client programs, including a finger daemon (xfingerd), gopher to X.500 gateway (go500gw), command-line DUA (ud), e-mail query server (rcpt500), and an X.500 mailer (mail500)
COMPLIANCE (applicable only for DSAs and DUAs)
The U-M LDAP distribution is a complete implementation of the LDAP protocol. The LDAP protocol does not support access to all X.500 features and operations. The operations supported are bind, search, compare, add, delete, modify, modify RDN, and abandon. Note that read and list operations can be emulated using the search operation. Size and time limits may be specified, as may alias dereferencing and searching, but all X.500 service controls are not supported.
The current implementation of the LDAP server is known to work with the QUIPU DSA and DAP library.
PILOT CONNECTIVITY
DUA connectivity should be possible to all pilots, though only AARNET, PARADISE, and PSI White Pages Project have actually been tried.
BUGS
Bug reports should be sent to bug-ldap@umich.edu.
CAVEATS and GENERAL LIMITATIONS
None, aside from those mentioned above under completeness.
INTERNETWORKING ENVIRONMENT
LDAP clients use TCP to communicate with the LDAP server. The LDAP server normally uses RFC 1006 with TCP/IP to communicate with the DSA, though any other transport mechanism for DSA communication supported by ISODE should be possible.
HARDWARE PLATFORMS
The LDAP server is known to run on Sun 3 and Sun 4 platforms DEC's, HP's, and RS 6000's. The LDAP client libraries and some clients have been ported to the Macintosh and the PC.
SOFTWARE PLATFORMS
The LDAP server and clients are known to run under and SunOS 4.1.x, ULTRIX, HP-UX, and AIX. The LDAP client libraries also work under Macintosh System 6.0 or higher and MS-DOS 5.0.
IDS Working Group [Page 49]
RFC 1632 X.500 Catalog Univ. of Mich. LDAP Imple.
AVAILABILITY
This software is openly available. It may be obtained by anonymous FTP from terminator.rs.itd.umich.edu in the x500 directory. Documentation on the LDAP and lightweight BER libraries is provided in the form of man pages distributed with the source code. More information can be obtained from ldap-support@umich.edu.
This software was developed at the University of Michigan by Tim Howes with help from Mark Smith and Bryan Beecher, as well as many others around the Internet. It is subject to the following copyright.
Copyright (c) 1993 Regents of the University of Michigan. All rights reserved. Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. This software is provided ``as is'' without express or implied warranty.
DATE LAST UPDATED OR CHECKED
March 13th, 1993
IDS Working Group [Page 50]
RFC 1632 X.500 Catalog ldap-whois++
NAME
ldap-whois++
KEYWORDS
Available via FTP, DEC ULTRIX, DUA Interface, Free, LDAP, RFC-1487, Sun, UNIX
ABSTRACT
ldap-whois++ is a dua interface that implements the IETF WNILS draft whois++ proposal using the LDAP libraries developed by the University of Michigan.
maX.500 is a Directory User Agent for Apple Macintosh. It is currently at version 2.0, which uses the Lightweight Directory Access Protocol (LDAP) over TCP/IP to access The Directory. maX.500 can be used to search for, view, create, delete, and modify entries. It supports viewing of textual information, playing of audio, and viewing of black and white (fax) and color (JPEG) images.
maX.500 is a native Macintosh application, and as such has a friendly interface. It requires System Software version 6.0.5 or later and Apple's MacTCP control panel.
COMPLIANCE (applicable only for DSAs and DUAs)
maX.500 works over LDAP, and is subject to LDAP's limitations. The X.500 bind, search, compare, add, delete, abandon, and modify operations are used by maX.500. Size and time limits may be specified, as may alias dereferencing and searching.
CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs
Preliminary support is included for [RFC 1484] (same as U-M LDAP).
INTEROPERABILITY
maX.500 2.0 is known to work with the U-M LDAP server. It has been used successfully with the QUIPU DSA and others.
PILOT CONNECTIVITY
DUA connectivity should be possible to all pilots, though only AARNET, PARADISE, and PSI White Pages Project have actually been tried.
IDS Working Group [Page 53]
RFC 1632 X.500 Catalog maX.500
BUGS
Bug reports should be sent to max500-bugs@umich.edu.
CAVEATS and GENERAL LIMITATIONS
maX.500 does not support modification of "photo" (fax), "jpegPhoto", or "audio" attributes. Modify RDN is also unsupported.
INTERNETWORKING ENVIRONMENT
maX.500 is an LDAP client, and as such is uses TCP to communicate with the LDAP server. Apple's MacTCP control panel is required on the Macintosh.
HARDWARE PLATFORMS
maX.500 runs on Apple Macintosh Plus or later computers. It requires 1MB of RAM.
SOFTWARE PLATFORMS
maX.500 requires Apple System Software 6.0.5 or later (System 7 preferred) and MacTCP 1.1 or later (1.1.1 preferred).
AVAILABILITY
This software is openly available. It may be obtained by anonymous FTP from terminator.rs.itd.umich.edu in the x500 directory. More information can be obtained from ldap-support@umich.edu.
This software was developed at the University of Michigan by Mark Smith with help from Tim Howes and many others around the Internet. It is subject to the following copyright: Copyright (c) 1993 Regents of the University of Michigan. All rights reserved. Redistribution and use in binary forms is permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. This software is provided ``as is'' without express or implied warranty.
DATE LAST UPDATED OR CHECKED
July 26th, 1993
IDS Working Group [Page 54]
RFC 1632 X.500 Catalog MXLU
NAME
MXLU Brunel University, UK
KEYWORDS
DUA Connectivity, DUA Only, Free, Motif, Multiple Vendor Platforms, Needs ISODE, Source, UNIX, X Window System
ABSTRACT
MXLU (Motif/X LookUp) is an X.500 DUA interface for the X Window System using Motif.
Ported from the Athena widgets version, MXLU can be configured for many different styles of interaction. Example configurations are provided for single window and multiple window use.
MXLU implements the `User-Friendly Naming' search strategy and also has a form-filling search mode. Asynchronous directory operations are used.
Full user friendly add and modify functions are provided, with the ability to tailor the modify screen to present simple subsets of the available attributes.
Can also be configured as a bibliographic search tool for use with the ABDUX Project bibliographic DSAs.
COMPLIANCE (applicable only for DSAs and DUAs)
88 Standard compliant: Strong authentication not yet implemented. No plans for support of the 1992 Standard.
CONFORMANCE WITH PROPOSED INTERNET STANDARDS
No plans at present.
CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs
No plans at present.
INTEROPERABILITY
Tested with ISODE-8.0
IDS Working Group [Page 55]
RFC 1632 X.500 Catalog MXLU
PILOT CONNECTIVITY
DUA Connectivity: The interface is in use in the UK Academic Directory Pilot.
BUGS
Bugs should be reported to x500@brunel.ac.uk.
CAVEATS and GENERAL LIMITATIONS
Does not support modification of all known attribute syntaxes. In particular, ACLs and O/R addresses are not catered for.
INTERNETWORKING ENVIRONMENT
As ISODE.
HARDWARE PLATFORMS
Most UNIX machines.
SOFTWARE PLATFORMS
UNIX Motif 1.1 > ISODE/QUIPU (version 8.0 >)
AVAILABILITY
Sources are freely available for commercial or non-commercial use. Binaries for SunOs 4.1.3 are also available from Brunel, to simplify installation on sites that do not already use ISODE.
Postal Address: Andrew Findlay Computing and Media Systems Brunel University Cleveland Road Uxbridge, Middlesex UB8 3PH
IDS Working Group [Page 56]
RFC 1632 X.500 Catalog MXLU
UK
E-mail: x500@brunel.ac.uk.
Fax: +44 895 32806 (Andrew Findlay)
Telephone: +44 895 203066 (Andrew Findlay)
DATE LAST UPDATED or CHECKED
March 10th, 1994
IDS Working Group [Page 57]
RFC 1632 X.500 Catalog PathWay Messaging
NAME
PathWay Messaging
KEYWORDS
386, CLNS, Commercially Available, DSA Connectivity, DSA/DUA, DUA Connectivity, DUA Interface, IBM PC, LDAP, Macintosh, Multiple Vendor Platforms, OSI Transport, RFC-1006, RFC-1202, RFC-1277, RFC-1278, Sun, X.25
ABSTRACT
PathWay Messaging Services is a full X.400 MTA and X.400-Internet gateway that includes an integrated X.500 DSA/DUA. It supports full DUA and DSA functions as well as full DAP and DSP protocols specified in X.519. The DSA may be used exclusively for enterprise-wide messaging, or as a general purpose X.500 DSA. The product has successfully participated in OSInet X.500 I-Lab interoperability tests.
PathWay Messenger is an email application for desktop class machines with a limited functionality DUA Light Weight Client that provides access (per RFC 1202, Directory Assistance Service - support for LDAP is planned) over TCP/IP to the X.500 DSA/DUA included with PathWay Messaging Services.
COMPLIANCE (applicable only for DSAs and DUAs)
PathWay Messaging Services is a complete implementation of the 1988 X.500 Recommendations with the exception of strong authentication as outlined in X.509. It is conformant to NIST, EWOS, and UK GOSIP Directory profiles. It provides network through application layer protocol support, with support for all attribute types, syntaxes, and object classes defined in X.520 and X.521. Support for 1992 extensions to X.500 is planned for future release as is support for X/Open Object Management (OM) and X/Open Directory Services (XDS) standards.
CONFORMANCE WITH PROPOSED INTERNET STANDARDS
PathWay Messaging Services' X.500 supports the following Internet Proposals: [RFC 1277].
IDS Working Group [Page 58]
RFC 1632 X.500 Catalog PathWay Messaging
CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs
PathWay Messaging Services' X.500 supports the following Internet Proposals: [RFC 1202] and [RFC 1278].
INTEROPERABILITY
PathWay Messaging Services has undergone successful interoperability testing with Control Data, DEC, HP, and the ISODE Consortium using EurOSInet test suites.
PILOT CONNECTIVITY
Tested DUA and DSA connectivity with PARADISE and PSI White Pages Project.
BUGS
Send bug reports to: prod-eng@twg.com
CAVEATS and GENERAL LIMITATIONS
[No information provided--Ed.]
INTERNETWORKING ENVIRONMENT
RFC1006 with TCP/IP, TP4 with CNLS, TP0/2 or TP4 with X.25.
HARDWARE PLATFORMS
PathWay Messaging Services runs on all models of Sun SPARC and generic 386/486 systems. PathWay Messenger (email with lightweight DUA) also runs on Macintosh, and on IBM PC/AT and compatibles.
SOFTWARE PLATFORMS
PathWay Messaging Services supports SunOS 4.1.2, Solaris 1.0.1, and SunSoft INTERACTIVE UNIX. PathWay Messenger also supports SCO, MacOS and MS-Windows.
IDS Working Group [Page 59]
RFC 1632 X.500 Catalog PathWay Messaging
AVAILABILITY
PathWay Messaging is commercially available from:
The Wollongong Group, Inc. 1129 San Antonio Road Palo Alto, CA 94303 USA
Sales and Information: (415) 962 7100 FAX: (415) 969-5547
DATE LAST UPDATED or CHECKED
July 27th, 1993
IDS Working Group [Page 60]
RFC 1632 X.500 Catalog PC-DUA
NAME
PC-DUA NEXOR
KEYWORDS
386, Commercially Available, DUA Connectivity, DUA Interface, IBM PC, LDAP, RFC-1487
ABSTRACT
PC-DUA provides a MS Windows based user interface to the X.500 Directory.
Features include:
- Searching - Directory Browser - to enable user to identify directory entry - History - allowing quick access to previously referenced parts of the DIT. - User Friendly Name (UFN) based searching - Hypertext-like navigation. - Friendly names for attribute labels. - Intelligent choice of entries to display when moving to a new location in the DIT. - O-line hypertext help.
DUA Connectivity, DUA Only, IBM PC, LDAP, Limited Availability, Multiple Vendor Platforms, OSI Transport, RFC-1006
ABSTRACT
PC-Pages is a MS-DOS based X.500 DUA interface. It is currently only available for MS-Windows; a DOS character mode interface is being prepared.
Features include:
- "Form" based searching. - Supports the User Friendly Name (UFN) specification (RFC 1484). - Powerful query engine. - Tailorable entry display - display only those attributes required. - Integrates with the WhiteMail X.400 user agent. Hooks are provided to allow integration with other user agents. - Directory browsing. - Support for JPEG photo attributes. - Modify directory entries. - Add directory entries. - Delete directory entries. - Rebind to a configured DSA. - Some support for configuration of DAP service parameters.
Two versions of PC-Pages are currently available. One supports DAP over CONS or DAP over RFC-1006, and has data entry and modification facilities. The other supports LDAP and has a more advanced user interface including a tree-browser, but does not yet have data entry and modification.
A version in the form or a Windows DLL (Dynamic Link Library) is being prepared, for incorporation into other products such as mail agents.
COMPLIANCE (applicable only for DSAs and DUAs)
88 Standard compliant: Strong authentication not yet implemented. No plans for support of the 1992 Standard.
IDS Working Group [Page 63]
RFC 1632 X.500 Catalog PC-Pages
CONFORMANCE WITH PROPOSED INTERNET STANDARDS
[No information provided--Ed.]
CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs
[No information provided--Ed.]
INTEROPERABILITY
Tested with Quipu 8.0.
PILOT CONNECTIVITY
DUA Connectivity: The interface is in use in the UK Academic Directory Pilot.
BUGS
Bugs should be reported to x500@brunel.ac.uk.
CAVEATS and GENERAL LIMITATIONS
Does not support display or modification of all known attribute syntaxes. In particular: ACLs and O/R addresses.
INTERNETWORKING ENVIRONMENT
RFC1006 with TCP/IP. TP4 with CONS. A NetBIOS gateway to the previously listed protocols. LDAP using Winsock.
HARDWARE PLATFORMS
PC-Pages for Windows requires an IBM PC compatible with 286 or higher, 2mb+ memory.
SOFTWARE PLATFORMS
Windows 3.0 or 3.1 running in Standard or Enhanced mode. WhiteStack 1.1, provided by the Edinburgh University Computing Service.
AVAILABILITY
Free to UK Academic Community, and to some other communities subject to certain restrictions. Commercial derivatives exist. Please send queries to:
IDS Working Group [Page 64]
RFC 1632 X.500 Catalog PC-Pages
Postal: Andrew Findlay Computing and Media Services Brunel University Cleveland Road Uxbridge, Middlesex UB8 3PH UK
E-mail: x500@brunel.ac.uk.
Fax: +44 895 32806 (Andrew Findlay)
Telephone: +44 895 203066 (Andrew Findlay)
DATE LAST UPDATED or CHECKED
March 10th, 1994
IDS Working Group [Page 65]
RFC 1632 X.500 Catalog QuickMail
NAME
QuickMail/X.500 Interface (DUA Interface) NASA
KEYWORDS
DUA Interface, Limited Availability, Needs ISODE, RFC-1274, Sun
ABSTRACT
The NASA QuickMail/X.500 Interface program is a program which translates QuickMail name service requests into X.500 requests and returns the results from the DSA to the QuickMail user. This system allows QuickMail users the ability to find non-QuickMail users' or non-local QuickMail users' addresses, while retaining the normal QuickMail lookup interface. The program speaks QuickMail name service protocol on one side, and DAP on the other.
COMPLIANCE (applicable only for DSAs and DUAs)
[Same as dish] -- does not support strong authentication. No support for 1992 extensions needed.
CONFORMANCE WITH PROPOSED INTERNET STANDARDS
RFC 1274 supported to the extent that we use provided schema to store QuickMail addresses.
CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs
[No information provided--Ed.]
INTEROPERABILITY
Works with Quipu (ISODE 8.0, ICR1)
PILOT CONNECTIVITY
Connected to PSI WPPP, PARADISE. Other projects may use data if they are connected to either of these DSAs.
BUGS
No known bugs. Default QuickMail name service lookup time out of 10 seconds may be too fast for some DSAs to respond to.
IDS Working Group [Page 66]
RFC 1632 X.500 Catalog QuickMail
CAVEATS and GENERAL LIMITATIONS
Requires the Columbia AppleTalk Package (CAP 6.0) to work.
INTERNETWORKING ENVIRONMENT
EtherTalk or IPTalk on the Macintosh side, any ISODE supported environment on the X.500 side.
HARDWARE PLATFORMS
Known to run on Sun 4/470
SOFTWARE PLATFORMS
SunOS 4.1.1 and 4.1.3 can be used to host the package. Additionally may need SunLink OSI 7.0.1, Sunlink X.25 7.0. ISODE 8.0 or ISODE Consortium Release 1 needed to provide DAP support.
AVAILABILITY
Limited availability. For more details contact, Peter Yee MS 233-18 NASA Ames Research Center Moffett Field, CA 94035-1000 (415) 604-3812 (415) 604-6999 (FAX) yee@atlas.arc.nasa.gov
This implementation is a source release derived from the earlier openly available version of QUIPU, and will be used as base technology for products by a number of vendors. The release comprises of a DSA, and a number of sample DUAs which may be used in conjunction with the DSA.
COMPLIANCE (applicable only for DSAs and DUAs)
The DSA is aligned to the 1988 ISO IS and the NIST OIW Directory Implementors Guide Version 1, with the following exceptions:
- Strong authentication is not implemented (but hooks are provided for use with two packages). - QUIPU does not enforce the bounds constraints on attributes, filters or APDU size. - T.61 string formatting characters are not rejected. - If a DN is supplied with no password in an unprotected simple bind, QUIPU does not always check to see if the DN exists. If the DSA connected to can say authoritatively the DN does not exist, the association is rejected. However, if a chain operation is required to check the DN, the bind IS allowed. - When comparing attributes of UTCtime syntax, if the seconds field is omitted, QUIPU does not perform the match correctly (i.e., the seconds field in the attribute values should be ignored, but are not). - QUIPU always supplies the optional Chaining argument "originator" even if the CommonArgument "requestor" is used. - QUIPU always supplies the optional Chaining argument "target" even if the base object in the DAP arguments is the same. - The object class "without an assigned object identifier" is not recognised unless the "alias" object class is also present. - Non Specific Subordinate References are never followed by a QUIPU DSA, but they are passed on correctly to the client if generated.
Compliance with X.500(1993) standards is planned. DAP and replication (DISP) will be available in March 1994. Other 1993 features, with the exception of DOB, but including security features will be available.
Interoperability with several other DSAs has been demonstrated in pilot operation and at the COS X.500 Interoperability Lab, enhancing interoperability results from the earler versions of QUIPU.
PILOT CONNECTIVITY
Connectivity to the global research pilot (PARADISE etc.) has been demonstrated. It is expected that this system will be used extensively in a wide range of pilot activities. DUA Connectivity, and DSA Connectivity.
BUGS
Bugs should be reported to <bug-quipu@isode.com>
CAVEATS and GENERAL LIMITATIONS
None
INTERNETWORKING ENVIRONMENT
The IC R1.0 release is application level code, and assumes vendor provided lower layers. It provides the following modules with support for a range of APIs to handle associated lower layers:
- RFC 1006 (vendor supplied TCP/IP using sockets or TLI) - Transport service (vendor supplied transport, which may be any class and use any network service. TLI, XTI and various vendor-specific APIs). - TP0 (Vendor supplied X.25 or CONS using NTI and various vendor specific APIs).
Reference OS is SUNOS 4.1.3. It is also known to run on various other UNIX platforms.
AVAILABILITY
Available to members of the ISODE Consortium. Membership is open to any organisation. Also available under licence (zero cost) to all non-commercial research organisations. Contact:
ISODE Consortium Headquarters PO Box 505 London SW11 1DX UK
Traxis Enterprise Directory Angeli Systems Corporation
KEYWORDS
API, CLNS, Commercially Available, DSA/DUA, HP, IBM PC, IBM RISC, Macintosh, OSI Transport, RFC-1006, RFC-1274, Sun, X.25
ABSTRACT
The Traxis Enterprise Directory has multiple components in a three layer architecture. The individual components of the Traxis family are building blocks which can be assembled in a flexible, modular way to build complex systems.
At the enterprise level, is a distributed directory stored and managed by Traxis Directory Engines (TDEs). At the workgroup level Traxis Directory Hubs (TDHs) provide the means to integrate and connect Traxis Directory Engines to the wide variety of real world applications and systems which prevail in network environments. The TDE and the TDH support the myriad of client applications, including messaging and business applications, which require services from the Traxis directory.
At the desktop level, the Traxis Desktop Client (TDC) provides a common set of facilities which simplify and enable communications, object manipulation, and results management as required between the Traxis Directory Hub and applications. These capabilities, which include full access and management of the directory, are provided to applications through XDS++, the Traxis object oriented API. The Traxis Desktop Client also supports industry standard client software interfaces such as Microsoft MAPI, Apple OCE, CMC and VIM, through Compatibility Modules which map the standard API into XDS++. Through these APIs the Traxis Desktop Client supports applications of all kinds on PC, Macintosh, and UNIX systems.
Angeli supplied Traxis applications include the Traxis Administrative Console management station, the Traxis Global Browser general directory tool, the Traxis Operator Assistance high-speed look-up, the Traxis Data Base Gateway, the Traxis Import Export Utility and more.
The Traxis Directory Engine includes an X.500 DSA. The Traxis Directory Hub includes an X.500 DUA.
Traxis Directory Engine DSA is CCITT-1988 compliant with extended security and access control. Supports access control on User, Entry, and Attribute levels. DIB or subtree administrative manager supported. Supports simple authentication with encrypted password.
Support for February 14, 1993 CCITT X.500 planned. X.509 in first half of 1994. Replication and Administrative/Information Model in second half of 1994.
CONFORMANCE WITH PROPOSED INTERNET STANDARDS
Traxis conforms to RFC1274 which documents COSINE interoperability.
LDAP (RFC 1487) is planned for inclusion in a later release of Traxis if market demand requires it.
CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs
Traxis does not conform to the QUIPU RFC Internet Proposals cited. As noted elsewhere, Traxis is fully compatible with QUIPU operationally but does not use the cited RFCs in its internal operations.
INTEROPERABILITY
Traxis has been extensively tested for interoperability with ISODE QUIPU Version 8. Traxis Directory Engine (DSA) will serve DISH or other QUIPU DUAs using DAP. Traxis Directory Hub interoperates with QUIPU DSA. All directory access functions and their chained equivalents are interoperable.
Traxis Directory Hub to Traxis Directory Engine (or any DSA) communication via RFC1006 over TCP/IP, OSI TP4 with CLNS, and OSI TP0 with X.25. Traxis Desktop Client to Traxis Directory Hub via SPX/IPX or TCP/IP. Other LAN protocols supported in 1994.
HARDWARE PLATFORMS
Traxis Directory Hub and Traxis Directory Engine: Sun and PC currently supported. IBM RS/6000, HP 9000, and others in 1994. Traxis Desktop Client and applications: PC currently supported; Macintosh in 1994.
SOFTWARE PLATFORMS
Traxis Directory Hub and Traxis Directory Engine: All Sun platforms with Sun OS 4.1.3 currently supported, Solaris 2.x in 1994. Industry standard PC platforms with SCO Open Desktop V3 currently supported. Other UNIX platforms in 1994. Windows NT in 1994. Traxis Desktop Client and applications: PC with Windows 3.1 currently supported. Macintosh Systems 6 and 7, UNIX Motif, DOS, X Windows, and others planned for 1994.
AVAILABILITY
The Traxis Enterprise Directory is commercially available from:
Angeli Systems Corporation 1659 Eleventh Street Santa Monica, CA 90404 +1 310 392 3000 +1 310 392 4700 FAX
info@angeli.com
DATE LAST UPDATED or CHECKED
November 23rd, 1993
IDS Working Group [Page 73]
RFC 1632 X.500 Catalog UCOM.X 500
NAME
UCOM.X 500 (tm) - E3.X [DSA and DUA]
KEYWORDS
386, API, Bull, CLNS, Commercially Available, DEC ULTRIX, DSA Connectivity, DSA/DUA, DUA Connectivity, IBM RISC, Motif, Multiple Vendor Platforms, OpenLook, RFC-1006, RFC-1274, RFC-1277, RFC-1278, RFC-1279, Sequent, Sun, Tandem, UNIX, X.25
ABSTRACT
UCOM.X 500 includes a Directory System Agent (DSA), various directory access APIs and Directory User Agents (DUAs). UCOM.X 500 is a product based on PIZARRO, the research prototype developed at INRIA by Christian Huitema's team, and commercialized by TS-E3X, a member of the France Telecom group.
Characteristics of the DSA are:
- The DAP and DSP protocols are provided conformant with X.500 (88). - The DIB is maintained in ASN.1 encoded format in the Unix file system. Utilities are provided to load and dump the DIB from and to ASCII text files. - The DIT structure is held in main memory. Frequently used attributes may be held in inverted tables in memory to speed up searches. - Knowledge management: knowledge on managed domains is stored in UCOM.X specific attributes of the DSA entries. - Schema: The X.500 (88), X.400 (88) and most of the Cosine and Internet Schema are supported. Object class and attribute definitions are enforced. Users may define their own. - Simple authentication is provided; strong authentication and signed operations are being tested operationally through TS-E3X's participation in PASSWORD, a VALUE project with aim to pilot a European security infrastructure for network applications. - Access control: private mechanisms are provided to allow access control lists to be specified for parts of the DIT, to control modifications, and to specify access restrictions on attributes. - Management: a UCOM.X DSA object has been defined to allow operational parameters of the DSA to be managed via DAP. Administration utilities are provided to, e.g., generate usage statistics and periodically update the database from various data sources including a knowledge discovery tool.
The product offers a C language API conformant to X/Open's X/DS
IDS Working Group [Page 74]
RFC 1632 X.500 Catalog UCOM.X 500
specification, and a C++ API (for release 10/93).
The DUAs include a graphical directory browser with powerful search functionality for OpenLook and Motif, and a full-screen curses-based interface with full DAP functionality.
TS-E3X's strategy for UCOM.X500 is three-fold: Firstly, to use it as the directory service for Spheris, France Telecom's range of electronic mail products based on X.400 (88) (release mid '94). Secondly, to offer it to third parties developing specific applications using X.500: current applications include a distributed application to control document transfer in a large French hospital and distributed applications management in the French Post Office; planned uses include office applications for control of document circulation (workflow) and cooperative document editing. Thirdly, to offer it to telecomms operators such as France Telecom for application in network management. UCOM.X 500 is used extensively by French research centers involved in PARADISE.
COMPLIANCE (applicable only for DSAs and DUAs)
UCOM.X 500 conforms to X.500 (88) as specified in paragraph 9 of X.519.
Development of the product based on X.500 (93) is planned for '94 with release of a product conformant to the principal extensions at the end of '94. Emphasis is being placed on the shadowing protocol, the schema and access control.
CONFORMANCE WITH PROPOSED INTERNET STANDARDS
The COSINE and Internet Schema (RFC 1274) is supported with minor exceptions.
The string representation of PSAPs and their internal encoding conforms to RFC 1277.
The string representation of DNs will migrate to the Internet RFC 1485 definition.
CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs
RFC 1279 (X.500 and Domains) is supported. The string representation of PSAPs and their internal encoding conforms to RFC 1278.
AFRO (algorithme francais de recherche optimise), the search / name resolution algorithm proposed by UCOM.X 500, differs from the UFN algorithm principally in that it attempts to optimize by performing
IDS Working Group [Page 75]
RFC 1632 X.500 Catalog UCOM.X 500
read operations before resorting to searches in order to exploit the name error information.
INTEROPERABILITY
Through UCOM.X 500's use in the French PARADISE pilot, interoperability has been informally but extensively tested with Quipu and other implementations.
Detailed interoperability tests with Quipu, Marben and Siemens/Bull DIR/X are being conducted by the PARADISE OIFP (Operational Interworking) team at INRIA Rocquencourt, France.
The product is currently also undergoing formal tests for conformance to the CTS2 DSA/DAP and ACSE/Presentation/Session specifications at the French OSI conformance test centre.
PILOT CONNECTIVITY
DSA and DUA connectivity to the PARADISE pilot.
BUGS
UCOM.X 500 is a commercial product. As such, it is supported and bugs are fixed when detected. Bug reports can be sent to our support team via electronic mail.
CAVEATS AND GENERAL LIMITATIONS
The DIT structure and inverted attribute tables are stored in main memory. The recommended main memory size for a DSA is 1 kb per node, i.e., 10 Mb for a database of 10,000 objects. The current recommended maximum is a database size of the order of 100,000 objects.
Of the selected attribute types defined in X.500 (88), the searchGuide attribute is not supported ; neither are the following attributes from the Cosine and Internet Schema (RFC 1274): OtherMailbox, MailPreferenceOption and the various quality attributes.
The X/DS API supports the Basic Directory Contents (BDCP), the MHS Directory User (MDUP) and the Strong Authentication (SAP) packages with minor limitations. A proprietary mechanism for defining new classes and attributes is offered. Asynchronous operations and multiple concurrent sessions are not supported. Whilst referral may be handled automatically, continuation references are not.
IDS Working Group [Page 76]
RFC 1632 X.500 Catalog UCOM.X 500
INTERNETWORKING ENVIRONMENT
UCOM.X 500 includes a transport stack for TP0 with TCP/IP (RFC 1006) and X.25. The stack has been ported to SunNet OSI for TP4 with CLNP.
HARDWARE PLATFORMS
UCOM.X 500 can easily be ported to any UNIX machine. It currently runs on: Sun 3 and 4, IBM RS 6000, DEC ULTRIX (Vax and Mips), 386- based PCs, Bull DPX/2 and DPX/20, Sequent, Tandem and others.
SOFTWARE PLATFORMS
UCOM.X 500 is portable to any UNIX-like operating system. It has been ported to: UNIX SVR3 and SVR4, SUN OS 4, AIX, SCO Unix, Interactive Unix, ULTRIX, HP-UX, Dynix (Sequent), BOS (Bull) and others.
Ports to the following are planned: OS/2 ('94), Windows 3 ('94).
The product does not make use of an external DBMS for the information base.
AVAILABILITY
UCOM.X is commercially available. For further information contact:
Pascal Duchamp, International Sales
Address: TS-E3X, Le Capitole 44, avenue des Champs Pierreux, 99029 Nanterre Cedex, France Tel: (+33) 1-46-14-50-00 Fax: (+33) 1-46-14-58-16 Email: C=FR;A=atlas;P=e3x;O=e3x;OU1=paris;S=duchamp duchamp@paris.e3x.fr
CLNS, Commercially Available, DSA/DUA, DUA Interface, HP, IBM PC, IBM RISC, Limited Functionality, OSI Transport, RFC-1006, Wang, X.25
ABSTRACT
Wang's X.500 products are a part of our OPEN/services product whose main features include the following:
X.500 directory - Contains information about organizations, individuals, and distribution lists. The directory is the primary vehicle by which users of OPEN/office, Wang's X.400 electronic mail product, address mail.
Authentication Services - Verifies the login name and password of each user logging into OPEN/services.
International support - Provides character translation tables so that users can display screens containing international characters and use international collating sequences.
Object management - Greatly increases the integration between OPEN/services, OPEN/office and other Windows-based applications.
Activity logging - Records the activities of OPEN/services. This information can be useful for monitoring the OPEN/services processes and for troubleshooting.
Database management - Provides utilities that validate and reorganize the OPEN/services databases including the Directory Information Base (DIB).
OPEN/services includes a DSA, a DUA, and a DUA interface all rolled into one product. (The DUA interface protocol is private.)
Wang OPEN/services consists of two parts: software installed on a server and software installed on PC clients on a LAN. The client or end-user software enables users to log in and log out; change the login password; use the OPEN/services directory; and perform various actions, such as open and print, on files in the Wang OPEN/applications and in certain third-party applications including
IDS Working Group [Page 78]
RFC 1632 X.500 Catalog Wang OPEN/services
Microsoft Windows File Manager. The server consists of the DSA, the DUA, the Directory Information Base, the service administration programs such as login authentication, the database management utilities, and activity logging.
COMPLIANCE (applicable only for DSAs and DUAs)
Wang OPEN/services complies with the 1988 CCITT Recommendations X.500-X.521 [CCITT-88] with the following exceptions. Whole tree searches are not supported, nor does the product support chained adding, modifying, or deleting. Simple authentication is supported, but strong authentication is not.
In the future, the 1992 extensions to the X.500 standard will be supported by Wang OPEN/services.
CONFORMANCE WITH PROPOSED INTERNET STANDARDS
None are supported at the present time.
CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs
None are supported at the present time.
INTEROPERABILITY
The interoperability of OPEN/services with other X.500 products is untested.
PILOT CONNECTIVITY
Pilot connectivity between OPEN/services and the AARNET project, NADF Pilot Project, NIST Pilot Project, PARADISE, and PSI White Pages Project has not been attempted.
BUGS
To report problems with Wang OPEN/services, contact your local Wang sales office, your Wang authorized reseller or call your regional support center. (In the USA, the number is 404-432-9001).
CAVEATS and GENERAL LIMITATIONS
None
IDS Working Group [Page 79]
RFC 1632 X.500 Catalog Wang OPEN/services
INTERNETWORKING ENVIRONMENT
Wang OPEN/services currently runs in the following environments: RFC1006 with TCP/IP, TP4 with CNLS, TP0 with X.25 and SLIP.
HARDWARE PLATFORMS
Server Requirements
Installing Wang OPEN/services Server requires the following hardware: a Wang RISC Series Server 220 or greater, or an IBM RISC System/6000(tm) with a minimum of 32 MB of memory, or a Hewlett- Packard 9000 Series 800 system with a minimum of 32 MB of memory. For each system a minimum of 20 MB of free disk space in a file system is required.
Client Requirements
Installing OPEN/services for Windows requires the following hardware: a 386/SX CPU or later, at least 4 MB of memory, a hard disk drive with at least 2.5 MB of disk space, and a VGA monitor. A pointing device is not required to run OPEN/services but is strongly recommended.
Network Requirements
OPEN/services has the following network requirements: 802.3 or 802.5 LAN, network interface cards (NICs) to support TCP/IP on client PCs, Ethernet or token ring adapters on the servers, and optionally X.25 cards on the servers.
SOFTWARE PLATFORMS
Server Requirements
Installing Wang OPEN/services Server requires the following software: AIX Operating System, release 3.2.3 or later, with bundled support for the TCP/IP protocol suite, or HP-UX Operating System, Release 9.0 or later.
Client Requirements
OPEN/services for Windows requires the following software: Microsoft MS-DOS(tm) Operating System, Release 5.0 or later and Microsoft Windows 3.1 or later.
IDS Working Group [Page 80]
RFC 1632 X.500 Catalog Wang OPEN/services
AVAILABILITY
Wang OPEN/services is commercially available from:
Wang Laboratories, Inc. 1 Industrial Avenue Lowell, Massachusetts 01851 Phone: 508-967-6114 FAX: 508-967-1105
To obtain OPEN/services, contact your local Wang sales office, your Wang authorized reseller or call 1-800-NEW-WANG.
DATE LAST UPDATED or CHECKED
December 6th, 1993
IDS Working Group [Page 81]
RFC 1632 X.500 Catalog Xdi
NAME
Xdi - DUA Bellcore
KEYWORDS
Available via FTP, DUA Connectivity, DUA Only, Free, Limited Functionality, Multiple Vendor Platforms, Needs ISODE, RFC-1274, RFC-1484, Source, Sun, UNIX, X Window System
ABSTRACT
Xdi is a Directory User Agent (DUA) for the X Window System. In addition to providing a user-friendly interface, it supports Directory interactions of different levels of complexity. Users can select different window screens to browse, search and modify the Directory. There are two different search screens for name based search and attribute based search. It is simple to use for novice users but is also useful for more advanced users to formulate complex search filters. Xdi also supports "user-friendly naming" in many cases so that users are not required to know X.500 naming format.
COMPLIANCE (applicable only for DSAs and DUAs)
88 standard compliant: Delete and Add operations, and strong authentication not implemented. There are no facilities to modify the RDNs of entries.
Believed to be interoperable with other DSAs. Only tested against ISODE/QUIPU DSAs.
PILOT CONNECTIVITY
DUA Connectivity
IDS Working Group [Page 82]
RFC 1632 X.500 Catalog Xdi
BUGS
Send bug reports to sywuu@thumper.bellcore.com
CAVEATS and GENERAL LIMITATIONS
INTERNETWORKING ENVIRONMENT
Same as ISODE.
HARDWARE PLATFORMS
This software has been tested on SUN4. It is expected that the software is portable to SUN3 and other UNIX machines.
SOFTWARE PLATFORMS
Xdi is expected to run on ISODE (release 7.0 upwards) in UNIX environment. The 'xdi' directory has been designed to fit directly into the ISODE source tree. Xdi requires X11R4, the associated Xt toolkit and Athena widget libraries. Also see the operating environments of ISODE.
AVAILABILITY
The Xdi software is available via anonymous FTP from thumper.bellcore.com in file pub/xdi.tar.Z. Source code and executables can be freely distributed or modified for non-commercial and non-profit use provided that all copyright notices, permission and nonwarranty notice included in the software distribution remain intact.
For further information contact Sze-Ying Wuu at sywuu@thumper.bellcore.com.
DATE LAST UPDATED or CHECKED
March 18th, 1993
IDS Working Group [Page 83]
RFC 1632 X.500 Catalog XLU
NAME
XLU Brunel University, UK
KEYWORDS
DUA Connectivity, DUA Only, Free, Multiple Vendor Platforms, Needs ISODE, Source, UNIX, X Window System
ABSTRACT
XLU (X LookUp) is an X.500 DUA interface for the X Window System.
XLU can be configured for many different styles of interaction. Example configurations are provided for single window and multiple window use.
XLU implements the `User-Friendly Naming' search strategy and also has a form-filling search mode. Asynchronous directory operations are used.
Full user friendly add and modify functions are provided, with the ability to tailor the modify screen to present simple subsets of the available attributes.
COMPLIANCE (applicable only for DSAs and DUAs)
88 Standard compliant: Strong authentication not yet implemented. No plans for support of the 1992 Standard.
CONFORMANCE WITH PROPOSED INTERNET STANDARDS
No plans at present.
CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs
No plans at present.
INTEROPERABILITY
[No information provided--Ed.]
IDS Working Group [Page 84]
RFC 1632 X.500 Catalog XLU
PILOT CONNECTIVITY
DUA Connectivity: The interface is in use in the UK Academic Directory Pilot.
BUGS
Bugs should be reported to x500@brunel.ac.uk.
CAVEATS and GENERAL LIMITATIONS
[No information provided--Ed.]
INTERNETWORKING ENVIRONMENT
As ISODE.
HARDWARE PLATFORMS
Most UNIX machines.
SOFTWARE PLATFORMS
UNIX MIT X11R5 libraries ISODE/QUIPU (version 8.0 >)
AVAILABILITY
Sources are freely available for commercial or non-commercial use. Contacts.
Postal Address: Andrew Findlay Computing and Media Systems Brunel University Cleveland Road Uxbridge, Middlesex UB8 3PH UK
E-mail: x500@brunel.ac.uk.
Fax: +44 895 32806 (Andrew Findlay)
Telephone: +44 895 203066 (Andrew Findlay)
IDS Working Group [Page 85]
RFC 1632 X.500 Catalog XLU
DATE LAST UPDATED or CHECKED
March 1st, 1993
IDS Working Group [Page 86]
RFC 1632 X.500 Catalog XT-DUA
NAME
XT-DUA NEXOR
KEYWORDS
Bull, CLNS, Commercially Available, DUA Connectivity, DUA Only, HP, IBM RISC, ICL, Motif, Multiple Vendor Platforms, OpenLook, OSI Transport, RFC-1006, RFC-1274, RFC-1277, RFC-1278, RFC-1484, Solbourne, Sun, X Window System, X.25
ABSTRACT
XT-DUA provides a X-Windows based user interface to the X.500 Directory. Both Motif and OpenLook styles are supported.
Browsing features include:
- Passing of user address information to the XT-MUA X.400 user agent. - History - allowing quick access to previously referenced parts of the DIT. - Customizable entry display - allowing subsets of attributes be displayed when showing an entry. - User Friendly Name (UFN) based searching - Hypertext-like navigation. - Support for application entities e.g. startup of ftam session. - User defined name for attribute labels. - Support for photo and audio attributes. - Attribute value on scanline. - Intelligent choice of entries to display when moving to a new location in the DIT.
Management features include:
- Creation of new entries. - Modification of existing entries (including RDN) - based on Quipu EDB format. - Deletion of entries. - Friendly editor of modifying Quipu ACLs. - Rebinding - authenticated and to named DSA. - Full configuration of DAP request parameters
IDS Working Group [Page 87]
RFC 1632 X.500 Catalog XT-DUA
COMPLIANCE (applicable only for DSAs and DUAs)
Compliant with X.500(88), and NIST SIA version 2 except X.509 strong authentication not implemented (under development).
NEXOR is committed to migrate XT-DUA to the 1992 standards.
XT-QUIPU is an X.500(88) DSA. Characteristics of the DSA are:
- Full DAP access - Full DSP access - Support for X.400, X.500, and RFC 1274 attributes and object classes - Approximate match based on Soundex. - Flexible schema management - RFC 1276 Replication - Attribute level access control - Search and list access control - Knowledge management mapped onto DIT - Attribute inheritance - Caching - Remote management
COMPLIANCE (applicable only for DSAs and DUAs)
Compliant with X.500(88), and NIST SIA version 2 except X.509 strong authentication not implemented (under development).
NEXOR is committed to migrate XT-QUIPU to the 1992 standards.
[CCITT-88] CCITT, "Data Communications Networks Directory", Recommendations X.500-X.521, Volume VIII - Fascicle VIII.8, IXth Plenary Assembly, Melbourne, November 1988.
[NIST-88] National Institute of Standards and Technology, "Stable Implementation Agreements for Open Systems Interconnection Protocols", Version 2 Edition 1, NIST Special Publication 500-162, December 1988.
[RFC 1202] Rose, M., "Directory Assistance Service", RFC 1202, Performance Systems International, Inc., February 1991.
[RFC 1249] Howes, T., Smith, M., and B. Beecher, "DIXIE Protocol Specification", RFC 1249, University of Michigan, August 1991.
[RFC 1274] Barker, P., and S. Kille, "The COSINE and Internet X.500 Schema", RFC 1274, University College, London, England, November 1991.
[RFC 1275] Kille, S., "Replication Requirements to provide an Internet Directory using X.500," RFC 1275, University College, London, England, November 1991.
[RFC 1276] Kille, S., "Replication and Distributed Operations extensions to provide an Internet Directory using X.500", RFC 1276, University College, London, England, November 1991.
[RFC 1277] Kille, S., "Encoding Network Addresses to support operation over non-OSI lower layers", RFC 1277, University College, London, England, November 1991.
[RFC 1278] Kille, S., "A string encoding of Presentation Address", RFC 1278, University College, London, England, November 1991.
[RFC 1279] Kille, S., "X.500 and Domains", RFC 1279, University College, London, England, November 1991.
[RFC 1484] Kille, S., "Using the OSI Directory to achieve User Friendly Naming", RFC 1484, ISODE Consortium, July 1993.
[RFC 1485] S. Kille, "A String Representation of Distinguished
[RFC 1487] Yeong, W., Howes, T., and S. Kille, "X.500 Lightweight Directory Access Protocol", RFC 1487, Performance Systems International, University of Michigan, ISODE Consortium, July 1993.
[RFC 1488] Howes, T., Kille, S., Yeong, W., and C. Robbins, "The X.500 String Representation of Standard Attribute Syntaxes", RFC 1488, University of Michigan, ISODE Consortium, Performance Systems International, NeXor Ltd., July 1993.