eTrust Directory - CA Technologies

Transcription

eTrust Directory

Getting Started Guide
4.1
This documentation and related computer software program (hereinafter referred to as the “Documentation”) is for
the end user’s informational purposes only and is subject to change or withdrawal by Computer Associates
International, Inc. (“CA”) at any time.
This documentation may not be copied, transferred, reproduced, disclosed or duplicated, in whole or in part, without
the prior written consent of CA. This documentation is proprietary information of CA and protected by the copyright
laws of the United States and international treaties.
Notwithstanding the foregoing, licensed users may print a reasonable number of copies of this documentation for
their own internal use, provided that all CA copyright notices and legends are affixed to each reproduced copy. Only
authorized employees, consultants, or agents of the user who are bound by the confidentiality provisions of the
license for the software are permitted to have access to such copies.
This right to print copies is limited to the period during which the license for the product remains in full force and
effect. Should the license terminate for any reason, it shall be the user’s responsibility to return to CA the reproduced
copies or to certify to CA that same have been destroyed.
To the extent permitted by applicable law, CA provides this documentation “as is” without warranty of any kind,
including without limitation, any implied warranties of merchantability, fitness for a particular purpose or
noninfringement. In no event will CA be liable to the end user or any third party for any loss or damage, direct or
indirect, from the use of this documentation, including without limitation, lost profits, business interruption,
goodwill, or lost data, even if CA is expressly advised of such loss or damage.
The use of any product referenced in this documentation and this documentation is governed by the end user’s
applicable license agreement.
The manufacturer of this documentation is Computer Associates International, Inc.
Provided with “Restricted Rights” as set forth in 48 C.F.R. Section 12.212, 48 C.F.R. Sections 52.227-19(c)(1) and (2) or
DFARS Section 252.227-7013(c)(1)(ii) or applicable successor provisions.
This product includes code licensed from RSA Data Security.
 2003 Computer Associates International, Inc.
All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Contents
Chapter 1: Welcome to eTrust Directory
The Purpose of This Guide.....................................................................
What Is a Directory? ..........................................................................
Why You Need a Directory ....................................................................
Save time.................................................................................
Increase productivity ......................................................................
Reduce risk and downtime .................................................................
Why eTrust Directory is the best solution .......................................................
Outstanding Performance ..................................................................
Industrial-Strength Database Reliability .....................................................
Robust Distribution and Replication ........................................................
Virtually Unlimited Scalability .............................................................
Powerful Security .........................................................................
Applications Integration ...................................................................
Consolidated Customer Management .......................................................
Comprehensive Management Tools and Capabilities .........................................
Leverage Investments .....................................................................
CA Services: Enabling Solutions Through Experience ............................................
CA Education Services ........................................................................
Computer Associates: The Software That Manages eBusiness .....................................
For More Information .........................................................................
1-1
1-1
1-2
1-2
1-2
1-2
1-3
1-3
1-3
1-3
1-5
1-5
1-5
1-6
1-6
1-6
1-7
1-7
1-7
1-8
Chapter 2: Installing eTrust Directory
eTrust Directory Components ..................................................................
DSML....................................................................................
DXconfig .................................................................................
Dxmanager ...............................................................................
DXserver .................................................................................
Dxtools ..................................................................................
JXplorer ..................................................................................
2-1
2-1
2-1
2-2
2-2
2-2
2-2
Contents
iii
JXweb .................................................................................... 2-2
UDDI Web Client .......................................................................... 2-2
Windows Installation .......................................................................... 2-4
Before You Start ........................................................................... 2-4
Installing eTrust Directory.................................................................. 2-4
Custom Setup ............................................................................. 2-5
UNIX Installation ............................................................................. 2-6
Before You Start ........................................................................... 2-6
Installing eTrust Directory.................................................................. 2-6
Custom Setup ............................................................................. 2-7
Upgrading from a Previous Version ............................................................. 2-8
Installation Considerations ................................................................. 2-9
Chapter 3: A Quick Tour of the Sample Directories
Democorp DSA ............................................................................... 3-2
Democorp Setup Script ..................................................................... 3-2
Windows Installation ...................................................................... 3-3
UNIX Installation .......................................................................... 3-3
UNSPSC DSA ................................................................................. 3-3
UNSPSC Setup Script ...................................................................... 3-4
Router DSA ................................................................................... 3-5
Router Setup Script ........................................................................ 3-5
Chapter 4: A Quick Tour of JXplorer
Starting JXplorer .............................................................................. 4-2
Windows ................................................................................. 4-2
UNIX..................................................................................... 4-2
Connecting to a DSA .......................................................................... 4-3
Searching a Directory .......................................................................... 4-4
Displaying an Entry in a Directory .............................................................. 4-5
Updating a Directory .......................................................................... 4-6
iv
eTrust Directory Getting Started
Chapter 5: A Quick Tour of JXweb
Connecting to JXweb ..........................................................................
Connecting to a Directory .....................................................................
Displaying Directory Information ..............................................................
Searching the Directory .......................................................................
Searching the Directory for Specific Attributes ...................................................
Updating an Entry ............................................................................
5-1
5-2
5-3
5-4
5-5
5-6
Chapter 6: A Quick Tour of eTrust Directory Administration
Configuring eTrust Directory ..................................................................
Types of Configuration ........................................................................
Configuration Files ...........................................................................
DXconfig.....................................................................................
Starting DXserver .............................................................................
Additional Windows Information ..........................................................
Stopping DXserver ............................................................................
DXconsole ...................................................................................
Log Files .....................................................................................
DXtools ......................................................................................
DXmanager Portal ............................................................................
6-1
6-2
6-2
6-4
6-5
6-5
6-6
6-6
6-7
6-7
6-7
Chapter 7: A Quick Tour of UDDI Registry
About UDDI Repositories ..................................................................... 7-1
What a UDDI Repository Can Do ........................................................... 7-1
About the eTrust Directory UDDI Registry .................................................. 7-1
Connecting to the UDDI Web Client ............................................................ 7-2
Connecting to the UDDI Server ................................................................ 7-2
Searching the Repository—Simple .............................................................. 7-3
Searching the Repository—Advanced ........................................................... 7-5
Publishing Information ........................................................................ 7-6
Setting Up Your Publishing User ID ........................................................ 7-6
Logging on to the Repository ............................................................... 7-7
Registering Your Business ................................................................. 7-7
Registering a Service ...................................................................... 7-9
Adding a Binding Template ............................................................... 7-10
Checking that Your Business Can Be Found ................................................ 7-10
Contents
v
Appendix A: Supported Standards
X.500 Standards ..............................................................................
Industry Standards ...........................................................................
LDAP Standards .............................................................................
Management Standards .......................................................................
Security Standards ...........................................................................
A-1
A-2
A-2
A-3
A-4
Appendix B: The LDAP and X.500 standards
The LDAP standard is widely accepted .......................................................... B-1
The X.500 standard allows directories to communicate ............................................ B-2
eTrust Directory Supports Both Standards ....................................................... B-2
vi
eTrust Directory Getting Started
Chapter
1
Welcome to eTrust Directory
Congratulations! You now have an effective way to manage and control your
directory information.
With eTrust™ Directory, no matter how your network grows and evolves, you
have a secure and reliable foundation for providing information services to users
and directory-enabled applications.
The Purpose of This Guide
This guide is designed to give you a quick introduction to eTrust Directory . By
the time you finish reading this guide you will have an overview of the wide
scope of the product and its general use. It is important to us that you feel
comfortable with eTrust Directory before you begin to use it.
What Is a Directory?
A directory stores information about people, resources, and systems. It provides
a consistent way to name, describe, locate, access, manage, and secure this
information.
A directory service makes this information available to different applications in a
network.
These applications can search the information in the directory in the same way
that we use a telephone directory.
1–1
Why You Need a Directory
Why You Need a Directory
Directories provide a platform- and vendor-independent information service.
They avoid duplication by managing shared information such as profiles and
policies, and help provide common services such as security and resource
management.
The great benefits of directories are realized when common functions are
delegated to a directory service and directory-enabled applications then leverage
this service. The alternative can be very costly—each application having to
develop and maintain its own information base about users, customers,
suppliers, or other applications.
Banks, corporations, government agencies and OEMs rely on large-scale
directory backbone infrastructures for online financial services, intelligent
networks, public key infrastructure (PKI) and related business applications and
services.
To help ensure success for these business-critical applications, you need a
directory solution that combines the highest levels of performance, scalability,
reliability and industrial-strength security.
Save time
Directories save time for administrators by offering a single management focus
for staff, customers and resources, along with associated access and security
profiles.
Increase productivity
Directories increase productivity by providing a highly available, fast and secure
common information service.
Reduce risk and downtime
Directories reduce risk and downtime by delivering built-in fault tolerance, and
automatic recovery and failover features.
1–2
etrust Directory Getting Started Guide
Why eTrust Directory is the best solution
eTrust Directory is an industrial-strength directory. It is proven in missioncritical business systems, and meets the stringent demands of Internet service
providers (ISPs) and large corporations. It supports LDAP, Secure Sockets Layer
(SSL), and X.500 protocols, and meets the industry’s highest standards for
performance, scalability, and security.
Outstanding Performance
eTrust Directory delivers thousands of searches per second on multimillion entry
databases and sub-second multi-cast searching across hundreds of distributed
servers.
Industrial-Strength Database Reliability
eTrust Directory incorporates the predictable performance, reliability and
availability of a commercial RDBMS to significantly reduce technology risk and
cost of deployment.
The RDBMS can automatically recover from power failures, perform online
backup and tuning, maintain journals and “hot” swap underlying database
images, ensure data integrity, transaction management, recovery and rollback,
disk management, indexing, and query optimization.
eTrust Directory is unique in that many international patents protect the design
and algorithms used to map directory information to a relational database.
Robust Distribution and Replication
Replication and distribution are two distinct elements of directory system design.
Both are used to improve the performance, capacity, and reliability of the system.
eTrust Directory is engineered to ensure that these performance, capacity, and
reliability functions are world-class.
eTrust Directory includes advanced replication and routing features, along with
an industry-leading replication scheme that provides a real-time multi-master
capability. Together with intelligent routing, eTrust Directory can automatically
failover between masters, perform load balancing and switch routes in the case
of network outages.
1–3
In addition, X.500 replication can provide backup copies of data. The multiwrite
capability of DXserver enables you to synchronize groups of peer DSAs while the
DSAs are still online. If one DSA fails, then a router DSA can forward requests to
another DSA in the peer group. You can also configure DXservers with multiple
network addresses to allow for network failover.
Replication
Replication occurs when the same directory entry namespace exists on different
servers.
One directory
namespace is
replicated across
three servers
Namespace 1
Namespace 2
Namespace 3
Replication is important for recovery and sometimes for performance.
Replication involves copying data. Whenever data is copied, you must ensure
that the copies are synchronized. This can make the cost of developing and
maintaining replicated systems expensive, and you should weigh it against the
benefit of recovery (in the event of failure) and performance.
Distribution
Distribution occurs when interconnected directory servers have different entry
namespaces, but they operate as one logical directory service.
Namespace 1
One directory
service is
distributed across
three namespaces
Namespace 2
1–4
Namespace 3
Distribution is important for scaling. Similar to the World Wide Web,
distribution lets any number of servers share and maintain their own
information. However, unlike the World Wide Web, directory servers have a
server-to-server protocol (DSP), which enables them to cooperate to provide
distributed queries and a unified view of the whole directory information tree
(DIT).
Virtually Unlimited Scalability
Each eTrust Directory server can hold more than one hundred million entries,
and as many directory servers as required can be linked together to form an
integrated directory backbone.
eTrust Directory can achieve sub-second response times in highly replicated and
distributed environments.
Powerful Security
eTrust Directory delivers powerful security through an integrated set of
authentication, access control and encryption facilities.
With an eTrust Directory backbone, Internet access to services can be secured by
strong authentication of customers with digital certificates and smart cards at
very high transaction rates. Many service provider and web-enabled applications
rely on the distributed backbone infrastructure of eTrust Directory to manage
customer identity, group and security details.
The authentication levels include password, SSL and certificate-based
authentication, as well as mutual authentication and network address validation
for servers.
eTrust Directory provides stringent access controls, which can be role-based,
rule-based and/or dynamic, and can be applied over subtrees, entries and
attributes.
DXserver implements the powerful X.500 security model. This includes mutual
authentication of DSAs to provide security between directory servers, rule-based
access controls, access-controlled routing, automatic alias management, and
credit-based controls to stop denial of service.
Applications Integration
eTrust Directory works seamlessly with many third-party applications, such as
SAP, PeopleSoft, Netegrity SiteMinder and Tivoli Access Manager.
1–5
Consolidated Customer Management
eTrust Directory provides a distributed, highly secure store of customer
information and account relationships. Information that is duplicated across
incompatible legacy systems and back-office applications can be migrated into a
unified, easily accessible directory infrastructure.
Comprehensive Management Tools and Capabilities
All aspects of eTrust Directory management can be performed dynamically. This
includes the seamless swapping of databases, changes to tracing, access controls,
and knowledge references while the DSA remains online.
Many forms of logging are provided for auditing, accounting, billing and
statistics purposes. Customers immediately realize the benefits of a truly
distributed and integrated directory service.
DXserver’s X.500 schemas are fully configurable, including attribute syntaxes
(basic directory information types), permitting you to easily define your own
custom schema. A comprehensive set of schema files is provided with eTrust
Directory.
Leverage Investments
Distributed directories provide a powerful, standards-compliant platform for
managing complex, distributed information. eTrust Directory is a true multiprotocol solution, offering the combined strengths of X.500 and LDAP V3
standards.
eTrust Directory can incorporate into a unified directory backbone any LDAPenabled desktop clients from Microsoft, Novell, Sun-Netscape, and Lotus, and
clients constructed from publicly available LDAP tool kits.
eTrust Directory also uses the power of X.500’s distributed searching, security,
and management to LDAP server administrators and users.
1–6
CA Services: Enabling Solutions Through Experience
CA Services: Enabling Solutions Through Experience
When it comes to getting on the information fast track, CA Services can
recommend and install a full suite of security management solutions to keep
your business moving. Our associates have the proprietary knowledge about
custom-fitting your enterprise for solutions ranging from life cycle management,
data warehousing, and next-level business intelligence. Our experts leave you
with the technology and knowledge tools to fully collect, exploit, and leverage
your data resources and applications.
CA Education Services
Computer Associates Global Education Services (CA Education) offerings
include instructor-led and computer-based training, product certification
programs, third-party education programs, distance learning, and software
simulation. These services help to expand the knowledge base so you are better
able to use our products more efficiently, contributing to your greater success.
CA Education assists today’s technologists with everything from understanding
product capabilities to implementation and quality performance.
Because the vast community of education seekers is varied, so too are our
methods of instruction. CA Education is committed to provide a variety of
alternatives to traditional instructor-led training, including synchronous and
asynchronous distance learning and Unicenter simulation.
To extend training to a wider audience—for a fraction of the cost and logistical
hassle of sending everybody away to a class—CA Education offers excellent
distance learning options.
Computer Associates: The Software That Manages eBusiness
The next generation of eBusiness promises unlimited opportunities by leveraging
existing business infrastructures and adopting new technologies. At the same
time, extremely complicated management presents challenges—from managing
the computing devices to integrating and managing the applications, data, and
business processes in and across organizational boundaries. Look to CA for the
answers.
CA has the solutions available to help eBusinesses address these important
issues. Through industry-leading eBusiness Process Management, eBusiness
Information Management, and eBusiness Infrastructure Management offerings,
CA delivers the only comprehensive, state-of-the-art solutions, serving all
stakeholders in this extended global economy.
1–7
For More Information
For More Information
After walking through this Getting Started guide, you can refer to the numerous
resources available to you for additional information. Your eTrust Directory CD
contains useful informational documents that showcase your software and detail
explanations about the product’s comprehensive, feature-rich components. In
addition, the online help system at supportconnect.ca.com offers procedural
information and answers to any questions you may encounter.
1–8
Chapter
2
Installing eTrust Directory
This chapter describes the eTrust Directory components and the directions for
installation.
eTrust Directory Components
eTrust Directory components are designed to help you build and manage
distributed directory systems.
The major components of eTrust Directory are:
DSML
A directory services markup language (DSML) server and client for accessing
directories
This version includes a technology preview of a Directory Services Markup
Language (DSML) server, which allows you to connect to eTrust Directory’s
sample router with the DSML 2.0 protocol. To start the DSML server, you must
set it up by running setup in the %DXHOME%\..\dxwebserver\samples\dsml
directory on Windows or $DXHOME/../dxwebserver/samples/dsml directory
on UNIX. After this, you can use JXplorer to connect to this DSML server by
using the following connection settings:
■
Host: <computer name of the machine running the DSML server>
■
Port: 8080
■
Protocol: DSML v2
■
DSML Service: dsml-sample/services/DSML
DXconfig
A graphical, web-based, configuration editor
2–1
Dxmanager
A graphical, web-based, eTrust Directory administration portal
DXserver
A high-performance directory system agent (DSA) that provides versatility and
reliability through a number of features including access (DAP and LDAP) and
server-to-server (DSP and DISP) protocols, high integrity security, distributed
operation processing, ease of management, and a reliable data store (RDBMS)
Dxtools
A flexible set of utilities that facilitates interaction with external data systems (for
importing, exporting, and synchronizing data)
JXplorer
A powerful, feature-rich, graphical, Java-based, LDAP directory browser and
editor
JXweb
A graphical, web-based, LDAP directory browser and editor
UDDI Web Client
A graphical, web-based, universal description, discovery and integration (UDDI)
registry browser and server
eTrust Directory 4.1 includes a technology preview of the Universal Description,
Discovery and Integration (UDDI) server and browser. To try the UDDI server,
you must set up its server by running setup in the
%DXHOME%\..\dxwebserver\samples\uddi directory on Windows or
$DXHOME/../dxwebserver/samples/uddi directory on UNIX.
The following diagram shows the components and protocols used by eTrust
Directory.
2–2
eTrust Directory Getting Started Guide
For definitions of the terms in the diagram, see the Glossary.
2–3
Windows Installation
Before You Start
Important! eTrust Directory comes with Advantage™ Ingres® 2.6 as its database. If an
older version of Advantage Ingres is already installed, ask Computer Associates
Technical Support whether all your applications that require Advantage Ingres work
with Advantage Ingres 2.6. You can choose to keep your existing version of Advantage
Ingres. eTrust Directory 4.1 supports Advantage Ingres 2.0 and 2.6.
The Setup Wizard sets up directory services for automatic startup. If you want to
stop a DXserver and restart it during a session, see the chapter “A Quick Tour of
eTrust Directory Administration” for more information.
eTrust Directory provides a number of directory samples to familiarize you with
eTrust Directory concepts. The installation process lets you choose whether to
install those samples. For more information, see the chapter “A Quick Tour of the
Sample Directories.”
1.
Insert the eTrust Directory CD-ROM in the CD-ROM drive.
The eTrust Directory Product Explorer appears and presents you with a list
of the installable components. It tells you the system requirements for each
component. It also gives you access to the online documentation.
2.
2–4
Choose eTrust Directory, DXserver, Windows, and then click System
Requirements. Ensure that the requirements are satisfied.
Note: Selecting any of the components takes you to the same general eTrust
Directory installation.
3.
When the requirements are satisfied, click Install.
4.
Follow the Setup Wizard, which guides you through the installation.
5.
At the Setup Type dialog, check Complete, and then click Next to install the
default features.
Custom Setup
For custom setup options, including silent installation instructions, see the
appendix “Installing DXserver for Windows” in the Administrator Guide.
2–5
UNIX Installation
UNIX Installation
Before You Start
If you are installing eTrust Directory from a local disk, ensure that the parent
directories have rx permissions for all users so newly added users (such as dsa
and ingres) have permissions to access the tar files.
You should never run dxserver as root. After installing eTrust Directory, you
must log in as user ‘dsa’ before executing dxserver start all. Always make sure
$DXHOME is defined before running dxserver.
You can install eTrust Directory silently (or unattended), provided JRE 1.4.1 has
been installed. See the Administrator Guide for more information.
1.
Log on as root and run the dxsetup.sh installation script:
# cd /cdrom/cdrom0/dxserver/unix/install
# ./dxsetup.sh
2.
Enter 1 to select express installation.
Before the installation begins, you should accept the license agreement. The
following message appears:
2–6
UNIX Installation
3.
Enter Y to continue the setup.
4.
At each of the prompts, press Enter to accept the defaults.
The installation process also installs a number of directory samples to familiarize
you with eTrust Directory concepts. For more information, see the chapter “A
Quick Tour of the Sample Directories.”
If you choose to load the samples, their DXserver processes start automatically
after installation. If you want to stop a server and restart it during a session, see
the chapter “A Quick Tour of eTrust Directory Administration” for more
information.
Custom Setup
For custom setup options, including silent installation instructions, see the
appendix “Installing DXserver for UNIX” in the Administrator Guide.
2–7
Upgrading from a Previous Version
eTrust Directory 4.1 is backward-compatible with all earlier versions.
When upgrading from a previous eTrust Directory version, the Advantage
Ingres RDBMS is also upgraded to the latest Advantage Ingres II 2.6. You can
choose to not upgrade Advantage Ingres. If you are upgrading from eTrust
Directory 3.6 SP 2 or earlier, existing databases are automatically upgraded with
the following command:
dxupgradedb database-name
where database-name is the name of the database to upgrade. This also applies if
you install eTrust Directory 4.1 after you installed any other eTrust product that
embeds a pre-4.1 version of eTrust Directory.
See http://support.ca.com/etrustdir_supp.html for detailed upgrade
information.
Advantage Ingres Upgrades
This version does not force you to upgrade any existing pre-2.6 Advantage
Ingres installation, as eTrust Directory 4.0 used to do on Windows. If you are
running Advantage Ingres 2.0 or 2.5, you must check with Computer Associates
Technical Support to find out whether your applications that use your existing
version of Advantage Ingres also support Advantage Ingres 2.6.
If you do choose to upgrade, your Advantage Ingres installation code and all
your existing databases will be converted to “ET” on Windows only. Advantage
Ingres 2.6 now allows you to have multiple installation instances on all
platforms. The eTrust Directory installation implements the following:
■
■
■
■
2–8
If you say No to the upgrade prompt, the pre-existing Advantage Ingres
installation will not be changed.
If eTrust Directory previously installed Advantage Ingres 2.6, this upgrade
will apply the latest Advantage Ingres 2.6 SP 1 upgrade but keep the
installation code that was used last time.
If the previous Advantage Ingres Installation is version 2.0 or 2.5 and you say
Yes to the upgrade prompt, the Advantage Ingres 2.6 SP 1 upgrade will be
applied. On Windows only, your Advantage Ingres installation code will be
changed to “ET.” On other platforms, Advantage Ingres will be upgraded,
but the installation code will remain the same as before.
If there is no previous Advantage Ingres installation, eTrust Directory will
install Advantage Ingres [ET].
If you are upgrading from an earlier version of eTrust Directory, you should
back up your schema files first. The schema used by the DemoCorp sample has
changed since Version 3.6 SP 2. Therefore, it is recommended that you reinstall
the samples by running the setup script in the Router, DemoCorp, and UNSPSC
directories.
Important! If you run these scripts, any existing data in the DemoCorp and UNSPSC
databases will be lost.
Installation Considerations
eTrust Directory 4.1 requires Java Runtime Environment (JRE) 1.4.1, which must
be installed first. On Windows, you can install JRE 1.4.1 from the Supported
Products list in the eTrust Directory Product Explorer. On UNIX, the JRE is now
embedded within eTrust Directory.
The documentation for eTrust Directory is installed under \doc on Windows and
under /doc on UNIX underneath the directory you specify. The default
installation path is C:\Program Files\CA\eTrust Directory on Windows and
/opt/CA/eTrustDirectory on UNIX.
You do not have to reboot your computer after installation. If you are installing
eTrust Directory for the first time, sample directories are installed automatically.
If you are upgrading from a previous version, you have the option of running
the sample directories—Router, DemoCorp, and UNSPSC. You may want to
experiment with these sample directories by using the JXplorer browser.
Additionally, there are further samples in the subdirectories of
%DXHOME%\samples on Windows and $DXHOME/samples on UNIX. To
configure each sample, run setup.bat on Windows or setup.sh on UNIX. See the
readme.txt in the samples directory for more information.
eTrust Directory embeds Advantage Ingres II 2.6. The Advantage Ingres RDBMS
installation performs a standard tuning of the database parameters. You can
customize these parameters in some installations.
To run JXplorer, you need the Java Runtime Environment, which is provided on
the eTrust Directory product CD.
Note: Before you commence the installation you must stop all applications that
may have current open connections to an Advantage Ingres database. It is also
recommended to disable any virus-scanning software during the installation.
2–9
Chapter
3
A Quick Tour of the Sample
Directories
The DXserver setup automatically installs, configures, and starts the following
sample directories: Democorp, Router, and UNSPSC.
You can use these samples to explore the eTrust Directory features before setting
up your own directory. Although the samples load automatically by using
DXtools, this chapter describes how the samples are set up, which illustrates the
different ways you can load your data.
The data files and setup scripts for these directory samples are located in the
samples directory. The corresponding configuration files are located in the config
directory.
Each subdirectory of the samples directory contains a README.TXT file,
providing more information about each sample. The Democorp, Router, and
UNSPSC sample directories collectively form a single logical view of all of the
directory information. It does not matter which directory you connect to. You see
the same data because the DSAs cooperate to resolve a query or update through
X.500 distribution.
A Quick Tour of the Sample Directories
3–1
Democorp DSA
Democorp DSA
Democorp is an example of a corporate staff directory.
Democorp Setup Script
The setup script creates a DXserver called democorp using an Advantage Ingres
database called democorp. The directory is loaded using the dxmodify tool with
the prefix O=DEMOCORP, C=AU. This is a demonstration of a front-end load in
a directory. Front-end loads are useful for loading fewer than a few thousand
entries and for loading data in already populated directories.
The data is converted from comma-separated value (CSV) format to LDAP
lightweight directory interchange format(LDIF) by using the csv2ldif tool. The
resulting LDIF file is loaded in the directory by using the dxmodify tool. After
loading, the democorp Advantage Ingres database is tuned.
The setup script performs the following steps:
1.
Creates the Democorp Advantage Ingres database called democorp.
2.
Configures the Democorp initialization file, database file, knowledge file,
and knowledge group file, and start the Democorp DXserver DSA.
3.
Converts the Democorp CSV data to LDIF.
4.
Loads the LDIF data in the Democorp directory.
5.
Tunes the democorp Advantage Ingres database.
Tip: The sample.dxg group knowledge file sources knowledge of the
Democorp, Router, and UNSPSC DSAs.
3–2
UNSPSC DSA
If you need to reinstall the Democorp sample directory at any time, from the
…\dxserver\samples\democorp\ directory, run the setup.bat file.
UNIX Installation
If you need to reinstall the Democorp sample directory at any time, log on as the
user, dsa, and from the …dxserver/samples/democorp/ directory, run the
setup.sh file.
UNSPSC DSA
The United Nations Development Program and Dun & Bradstreet merged their
separate commodity classification coding schemes in 1999 to form the Universal
Standard Products and Services Classification (UNSPSC).
UNSPSC is a hierarchical classification comprising five levels. Each level contains
a two-character numeric value and a textual description as follows:
Segment
The logical aggregation of families for analytical purposes
Family
A commonly recognized group of interrelated commodity categories
Class
A group of commodities sharing a common use or function
Commodity
A group of substitutable products or services
Business Function
The function performed by an organization in support of the commodity
The levels let you search products more precisely because you confine the
searches to logical categories, thus eliminating irrelevant hits. The levels also let
managers perform expenditure analysis on categories relevant to the company’s
situation.
3–3
UNSPSC DSA
UNSPSC Setup Script
The UNSPSC directory contains more than 10,000 entries.
The setup script creates a DXserver called unspsc using Advantage Ingres. This
is an example of a back-end or bulk load by using the dxloaddb tool. Bulk loads
are very fast because they bypass the DSA and load the data directly in the
database. They are used for initial data loads or updating the entire contents of a
directory.
The data is converted from CSV format to LDIF by using the csv2ldif tool. The
resulting LDIF file is loaded in the directory by using the dxloaddb tool.
5
csv2ldif
dxloaddb
3
4
DXserver
DB
1
LDIF
CSV
config
2
The UNSPSC setup script performs the following steps:
1.
Creates the UNSPSC Advantage Ingres database called unspsc.
2.
Configures the UNSPSC initialization file, database file, knowledge file, and
the knowledge group file.
3.
Converts the UNSPSC CSV data to LDIF.
4.
Loads more than 10,000 LDIF entries in the UNSPSC directory.
5.
Starts the UNSPSC DXserver DSA.
Tip: Use the bulk load tools, ldifsort and dxloaddb, to achieve a high
performance load of the UNSPSC data by directly loading the Advantage
Ingres unspsc database.
3–4
Router DSA
If you need to reinstall the UNSPSC sample directory at any time, from the
…\dxserver\samples\unspsc\ directory, run the setup.bat file.
UNIX Installation
If you need to reinstall the UNSPSC directory at any time, log on as the user, dsa,
and from the …/dxserver/samples/unspsc/ directory, run the setup.sh file.
Router DSA
This sample demonstrates how a router DSA does not require a database of its
own. It also acts as a single point of entry into multiple directories as
demonstrated with Democorp and UNSPSC.
Router Setup Script
The setup script creates a DXserver called Router with no database and starts it.
2
DXserver
config
1
The setup script performs the following steps:
1.
Configures the Router initialization file, knowledge file, and knowledge
group file.
2.
Starts the Router DXserver DSA.
3–5
Router DSA
If you need to reinstall the Router directory at any time, from the
…\dxserver\samples\router\ directory, run the setup.bat file.
UNIX Installation
If you need to reinstall the Router directory at any time, log on as the user, dsa,
and from the …/dxserver/samples/router/ directory, run the setup.sh setup
script.
3–6
Chapter
4
A Quick Tour of JXplorer
The eTrust Directory contains a number of graphical user interfaces (GUIs) that
let you browse, search, configure, and update the directory. This tour
demonstrates the JXplorer directory browser.
By using the JXplorer browser, you can:
■
■
■
■
■
■
■
Connect to any directory that supports LDAP, and browse, search, and
update the directory.
Read the directory’s schema directly.
Cut, paste, and edit sub-trees in the directory visually, enabling large-scale
manipulation of directory entries.
Import and export LDIF files in or out of a directory, and manipulate them
offline.
Configure the browser, including visual appearance and logging
information.
Display directory data by using configurable HTML templates.
Optionally, use SSL to communicate securely, and simple authentication and
security layer (SASL) for secure certificate-based authentication.
After running the setup programs for the DEMOCORP, ROUTER, and UNSPSC
samples, you have a distributed directory consisting of three running DSAs. This
tour assumes that these DSAs are configured and running.
4–1
Starting JXplorer
Starting JXplorer
You start JXplorer from either a Windows or UNIX machine.
Windows
To start JXplorer on a Windows machine, click Start on the taskbar, and then
choose Programs, Computer Associates, eTrust, eTrust Directory, JXplorer.
UNIX
To start JXplorer on a UNIX machine, issue the following command from the
JXplorer directory:
./jxstart.sh
4–2
Connecting to a DSA
Connecting to a DSA
From the File menu, choose Connect (or click
dialog.
) to display the Connection
The following dialog shows JXplorer set to connect to the ROUTER DSA
anonymously. If JXplorer is not running on the same machine as the DSA, enter
the host ID in the Host field.
Note: The port number is specified in the router.dxc knowledge configuration
file.
Click OK to connect.
4–3
Searching a Directory
Searching a Directory
You can execute simple, single-attribute-value searches quickly by using the
quick search bar, which contains drop-down lists of common attribute types and
operators. The operators include:
■
■
■
■
■
Equals (=)
Starts from (>=)
Up to (<=)
Not equal to (!(=))
Approximately matches (~=)
The following dialog shows a search looking for entries with a common name
that sounds like Bernie S.
4–4
Displaying an Entry in a Directory
Displaying an Entry in a Directory
To display the contents of an entry, click the entry in either the Results tab or the
Explore tab.
The following dialog shows Bernd Stark’s entry.
Tip: You can view a photo of a person in a template when the entry has the
jpegPhoto attribute type. The photo must be in the JPEG format. To list the
attributes types in the entry, click the Table Editor tab.
4–5
Updating a Directory
Updating a Directory
The table editor lists all the attribute types and values contained in an entry. To
select the table editor, click its tab on the right pane. The bold attribute types are
mandatory attributes that must have values.
To change a value, click the value and enter a new one. To send the change to the
directory, click Submit .
Note: You can update the contents of an entry in the HTML view or the table
editor.
4–6
4–7
Chapter
5
A Quick Tour of JXweb
JXweb is a general-purpose LDAP-compliant directory browser and editor that
provide access to the DXserver directory from any machine throughout the
World Wide Web. This means that you can browse the directory while you are
out of the office!
This tour assumes that the DEMOCORP DSA is configured and running.
Connecting to JXweb
To connect to JXweb, start your web browser and enter the following uniform
resource locator (URL):
http://server:port/http://server:8080/jxweb/index.html
where server is the name of the host on which JXweb is installed.
The browser lists the JXweb Connect page, which is the gateway to the directory.
Note: You can also access JXweb from the DXmanager portal. For information
about how to access the portal, see DXmanager Portal in the chapter “A Quick
Tour of eTrust Directory Administration.”
5–1
Connecting to a Directory
Connecting to a Directory
Connect to a directory from the JXweb Connect page as follows:
1.
Specify the name of the computer that hosts the directory's server in the Host
text box.
2.
Specify the port number of the directory's server in the Port text box.
3.
Specify the base distinguished name of the directory to which you want to
connect in the Base DN text box (for example, o=DEMOCORP,c=AU).
Important! Do not enter spaces when entering distinguished names.
4.
Click Connect.
The following dialog shows JXweb set to connect to the DEMOCORP DSA on the
COMP002 computer.
5–2
Displaying Directory Information
Displaying Directory Information
The following dialog shows the main browser connected to DEMOCORP.
Click an entry in the DIT to display the details on the right pane.
When you are connected to a directory and want to connect to another, click
Connect from the JXweb menu bar to display the JXweb Connect page.
When you exit your browser, you are automatically disconnected from the
directory.
5–3
Searching the Directory
Searching the Directory
You want to search for entries with a common name that matches approximately
Bernie S. Proceed as follows:
5–4
1.
From the JXweb menu bar, click Search.
2.
From the Quick Search page, specify the search criteria as follows:
3.
Click Search to display the following results:
Searching the Directory for Specific Attributes
Searching the Directory for Specific Attributes
You want to refine the criteria to search for entries with a common name that
matches approximately Bernie S, and return their cn and telephoneNumber
attributes. Proceed as follows:
1.
From the JXweb menu bar, click Search.
2.
From the Quick Search page, click Advanced Search.
3.
From the Advanced Search page, specify the search criteria as follows:
For information about the Advanced Search page, click Help.
4.
Click Search to display the following results:
5–5
Updating an Entry
Updating an Entry
You want to update the information for Bernd Stark. To add the license number
of his car. Proceed as follows:
5–6
1.
From the list of results, click the
2.
Click the
3.
On the Modify page, specify the license number (for example, CAR 001) and
click Modify.
4.
In response to the confirmation message, click OK to add the license number.
icon for Bernd Stark to display his details.
icon for the carLicense attribute.
Chapter
6
A Quick Tour of eTrust Directory
Administration
While some may only be interested in viewing and updating information in a
directory, the directory administrator is more concerned with the directory
configuration and management, and the maintenance of its reliability and
integrity.
Configuring eTrust Directory
A simple directory system consists of a directory server (DSA), which is
configured using a set of configuration files. The DSA is connected to a database
(DB) that contains the directory data. DXconsole is available to provide online
tracing and configuration options. A set of tools (DXtools) is available to search
or update the directory. Directory activity is recorded in a number of log files.
A Quick Tour of eTrust Directory Administration
6–1
Types of Configuration
Types of Configuration
A number of features in eTrust Directory let you manage the directory and the
information in it. See the Administrator Guide for more information on these
features, which include:
■
Adding security (access controls and SSL)
■
Adding new schema
■
Extending the directory knowledge and adding more DSAs
■
Including LDAP servers in a directory structure
■
Providing data copies and enhancing availability using replication
Configuration Files
You can configure eTrust directory by changing the configuration files. When a
machine has more than one DSA running, the DSAs can share the same
configuration. To transfer knowledge to another machine, you can copy the
configuration files.
The DSAs are configured in the servers subdirectory. The DEMOCORP,
ROUTER, and UNSPSC .dxi DSA initialization files source the sample.dxg file,
which in turn sources the democorp.dxc, router.dxc, and unspsc.dxc knowledge
configuration files. The UDDI DSA is a sample for the UDDI registry, which
sources the uddi.dxc knowledge configuration file.
The following window shows the subdirectory for the supplied knowledge
configuration files. The window also shows the various configuration
subdirectories.
6–2
Configuration Files
6–3
DXconfig
DXconfig
If you prefer to use a GUI for your configuration files, you can modify them by
using the web-based DXconfig, which lists the details in an easy-to-use template.
The following page shows the limits file for the sample DSAs viewed by using
DXconfig:
To access DXconfig, start your web browser and enter the following URL:
http://server:8080/cocoon/dxconfig/start.html
where server is the name of the host on which DXconfig is installed.
6–4
Starting DXserver
Starting DXserver
To start a DXserver, enter the following from a command prompt:
dxserver start serverName
where serverName is the name of the DXserver (for example, DEMOCORP). The
name must match the name of the initialization file in the servers subdirectory
(for example, democorp.dxi).
DXserver carries out the following steps before it starts:
1.
Read and check the syntax in the configuration files, including the syntax in
user defined schema files.
2.
Set up the communications defined by the set dsa serverName command
in the knowledge file, providing that the communication ports are available.
3.
Check that the database name exists and that all the object identifiers (OIDs)
in the database are defined in the schema files.
4.
Check for a valid license.
Failure to start is reported to the trace and alarm logs in the logs directory.
Additional Windows Information
On Windows, the dxserver start serverName command installs a service for
the DSA, which can then be manually started from Control Panel, Administrative
Tools, Services.
The dxserver install serverName command installs the DSA as a service that
starts automatically when you restart your computer.
Note: The installation process sets up the sample DXserver instances as services
for automatic startup.
6–5
Stopping DXserver
Stopping DXserver
To stop a DXserver, enter the following from a command prompt:
dxserver stop serverName
To stop DXserver DSAs on Windows, click Start on the taskbar, and then choose
Settings, Control Panel, Administrative Tools, Services. Right-click the service to
display the shortcut menu, and choose Stop.
DXconsole
A management console called DXconsole is supplied to help you manage eTrust
Directory. Use the console to examine the tracing of events as they occur or to
make changes to the DSA configuration. However, when the DSA shuts down, it
does not save changes made through the console to the DSA configuration You
can enable DXconsole either locally or remotely.
On a Windows operating system, you can start DXconsole from the Start menu.
Click Start on the taskbar, and then choose Programs, eTrust Directory,
DXconsole.
To connect to a DSA locally through DXconsole, use the command:
% telnet localhost local-port-number
where:
■
■
% is the prompt.
local-port-number is the local console port number of the DSA to which you
want to connect (specified in the knowledge configuration file).
To connect to a DSA remotely through DXconsole, use the command:
% telnet host-name remote-port-number
where:
■
■
■
% is the prompt
host-name is the name of the machine running the DSA to which you want to
connect
remote-port-number is the remote console port number of the remote DSA to
which you want to connect.
Note: You can connect to the remote DSA only when it is enabled in the remoteconsole-port parameter of the set dsa command for that DSA.
6–6
Log Files
Log Files
Open certain log files to track the operations performed on a DSA. These log files
can trace operations, gather statistics and record alarms.
For more information about log files, see the chapter “General Administration”
in the Administrator Guide.
DXtools
The DXtools provide a sophisticated set of utilities that simplify the management
of directory data and databases. These utilities are divided into the following
general categories:
Database tools
Simplify the management of the underlying Advantage Ingres databases and
tables used by the DSAs, and provide a high performance, high volume data
import and export capability.
LDIF tools
Are data conversion and manipulation tools that use a format appropriate
for importing data in a directory.
DAP tools
Provide an X.500 DAP interface for importing and exporting data in and out
of a directory.
For more information about DXtools, see the chapter “Using DXtools” in the
Administrator Guide.
DXmanager Portal
You can access most of the administrator tasks through the web-based
DXmanager portal. Use the following URL to access the portal:
http://server:8080/cocoon/dxmanager/directory.html
For information about how to use the portal, see the online help.
6–7
April 2003
6–8
Chapter
7
A Quick Tour of UDDI Registry
Universal Description, Discovery, and Integration (UDDI) is a rapidly emerging
standard in the Web services world. This feature enables you to set up a registry
repository using eTrust Directory.
About UDDI Repositories
A UDDI repository is a directory of all the Web services in an organization, be it
a single business enterprise or a globe-spanning multinational conglomerate.
The UDDI repository provides a central point for recording all the details about
each Web service, enabling the developers in the organization to locate other
Web services to use as building blocks to construct an application, thus saving
time and effort.
What a UDDI Repository Can Do
Because the UDDI repository contains all the details about the interfaces,
developers can more easily combine or present services developed by disparate
groups, possibly in different locations.
Moreover, the UDDI protocol provides for recovery—if a needed service fails
and is replaced by another at a different location, all those services that depend
on it can recover automatically by reloading the location and connection
parameters from the UDDI repository.
About the eTrust Directory UDDI Registry
The eTrust Directory UDDI registry provides repository services. It functions as a
business directory, permitting searches based upon categorizations and
relationships between businesses. It provides authentication and authorization of
users for inquiry and publishing.
A server provides UDDI services to requests from clients. A web-based UDDI
Web Client enables you to publish to or search the repository.
7–1
Connecting to the UDDI Web Client
Connecting to the UDDI Web Client
Use the following URL to access a UDDI Web Client:
http://web-client-host:8080/uddi-browser-sample
The browser lists the UDDI Web Client Connect page.
Connecting to the UDDI Server
To explore the supplied sample repository, connect to the UDDI server. By
default, the URL text boxes on the Connect page already include the URLs of the
server local to the UDDI Web Client.
To connect to the specified server, click Connect.
7–2
Searching the Repository—Simple
When you connect to the UDDI server, the UDDI Search page appears.
To search for businesses with names that begin with TA, irrespective of case,
proceed as follows:
1.
In the Name text box, specify TA.
Note: The search matches names that start with the specified value. For the
search to match the value exactly, select Exact Match under Find Qualifiers.
2.
For Max returned result (under Find Qualifiers), select 100. This finds as
many businesses as possible.
7–3
3.
Click Submit. The following results appear on the left pane:
Tip: To change the widths of the pane, drag the vertical split bar.
4.
7–4
Click an entry in the DIT to display the details about a business on the right
pane:
Searching the Repository—Advanced
Searching the Repository—Advanced
You want to narrow the search to include only those business entries with a:
■
■
Name that begins with TA
Category bag that contains the following tModel: uddi-org:iso-ch:3166:1999
with a value US-WA
Proceed as follows:
1.
From the UDDI Web Client menu bar, click Business Search.
2.
On the UDDI Search page, specify TA in the Name text box.
3.
For Categorization (under Advanced Options), click Select.
4.
On the CategoryBay KeyedReferences List page, proceed as follows:
a.
In the tModel Name/Key column, locate the uddi-org:iso-ch:3166:1999
tModel.
b. In its Value text box, specify US-WA.
c.
Click Select.
d. Click
to select the checked value.
The categorization text box on the UDDI Search page is filled with the
corresponding tModel key and the specified value.
5.
For Max returned result (under Find Qualifiers), select 100. This finds as
many businesses as possible.
6.
Click Submit to start the search. The results appear on the left pane.
7–5
Publishing Information
When you register a service, you can publish the following information:
■
A business entity that provides information about the publisher
■
Services provided by the business entity
■
A binding template that enables you to look for further information about a
service
However, before you can start publishing, you must make yourself known to the
registry by setting up your publishing user ID.
The following sections guide you through publishing the information in the
repository. At any time, you can click Help from the UDDI Web Client menu bar
to obtain more information.
Setting Up Your Publishing User ID
Set up your user ID as follows:
1.
From the UDDI Web Client menu bar, click Publish Login.
2.
On the Publish API Login page, click the link at the bottom.
The User Register page appears:
7–6
3.
Complete the User Register page, and click Submit to create your user ID.
Logging on to the Repository
On the Publish API Login page, supply your user ID (in the Name text box) and
password. Click Login to access the repository and start publishing your
information.
Registering Your Business
Before you can publish information about your services, you must register the
business that provides the services. When you log on as a publisher, the Edit
Business Entity page appears:
Register your business as follows:
1.
On the Edit Business Entity page, click Add Business to display the New
Business Entity page:
7–7
2.
Complete the New Business Entity page. Provide information to make it easy
for potential customers to search for your business and find out about it.
3.
Click Submit to register the business. The Business Details page appears:
With your business registered, you can register the services provided by the
business. You can also publish contacting information that potential customers
can use to get in touch with the business. You can edit the attributes of the
business by clicking the corresponding icon.
7–8
Registering a Service
Register a service provided by the business as follows:
1.
On the Business Details page, click Add Service to display the New Service
page.
2.
Complete the New Service page. Provide information to make it easy for
potential customers to search for the service.
3.
Click Submit to register the service. The Service Details page appears:
7–9
Adding a Binding Template
Binding templates provide an access points that enable potential customers to
access further information about the service.
Add a binding template as follows:
1.
On the Service Details page, click Add Binding to display the New Binding
Template page.
2.
Complete the New Binding Template page, and click Submit to add the
binding. The Binding Template page appears:
To review the AccessPoint attribute, click it.
Checking that Your Business Can Be Found
Perform a search for your business to determine if it is registered.
For more information about all of the topics in this guide, see the Administrator
Guide, the User Guide, and the online help.
7–10
Appendix
A
Supported Standards
This appendix lists the standards supported by eTrust Directory.
X.500 Standards
DXserver supports all the mandatory requirements of the following standards:
Standard
Title
Recommendation X.500, ISO/IEC 9594-1
(1993)
Information technology - Open Systems Interconnection The Directory: Overview of Concepts, Models, and
Services
(1993)
Information technology - Open Systems Interconnection The Directory: Models
(1993)
Information technology - Open Systems Interconnection The Directory: Abstract Service Definition
(1993)
Information technology - Open Systems Interconnection The Directory: Procedures for Distributed Operation
(1993)
Information technology - Open Systems Interconnection The Directory: Protocol Specifications
(1993)
Information technology - Open Systems Interconnection The Directory: Selected Attribute Types
(1993)
Information technology - Open Systems Interconnection The Directory: Selected Object Classes
(1993)
Information technology - Open Systems Interconnection The Directory: Authentication Framework
(1993)
Information technology - Open Systems Interconnection The Directory: Replication
Supported Standards
A–1
Industry Standards
Industry Standards
eTrust Directory has undergone rigorous testing, and Computer Associates
recognizes the importance of the following industry standards.
Standard
Comment
ISO 9001
Computer Associates has achieved ISO9002 accreditation and is in the process of
obtaining ISO9001 accreditation.
LDAP-2000
Computer Associates is in the process of obtaining the open brand for LDAP-2000 for
eTrust Directory.
See http://www.opengroup.org/directory for more information.
BLITS
eTrust Directory has been tested against the Basic LDAP Version 3 Interoperability Test
Suite.
See http://www.opengroup.org/directory/mats/blits25/index.htm for more
information.
PROTOS
eTrust Directory has been tested against the PROTOS protocol security test suite for
LDAP (http://www.ee.oulu.fi/research/ouspg/protos/testing/
c06/ldapv3/index.html), which was made prominent by CERT
(http://www.cert.org/advisories/CA-2001-18.html).
LDAP Standards
DXserver supports all of the significant LDAP Request for Comments (RFCs) as
listed in the following table. Support for other LDAP standards will be included
as they gain industry acceptance. Currently, no LDAP controls are supported.
RFC
Title
Comment
1558
A String Representation of LDAP Search Filters
(December 1993)
Obsoleted by RFC1960
Status: INFORMATIONAL
1777
Lightweight Directory Access Protocol (March 1995)
Obsoletes RFC1487
Status: DRAFT STANDARD
1778
The String Representation of Standard Attribute
Syntaxes (March 1995)
Obsoletes RFC1488
Updated by RFC2559
1779
A String Representation of Distinguished Names
(March 1995)
Obsoletes RFC1485
A–2
Management Standards
RFC
Title
Comment
1960
A String Representation of LDAP Search Filters (June
1996)
Obsoletes RFC1558
Status: PROPOSED STANDARD
2251
Lightweight Directory Access Protocol (v3) (December
1997)
2252
Lightweight Directory Access Protocol (v3): Attribute
Syntax Definitions (December 1997)
2253
Lightweight Directory Access Protocol (v3): UTF-8
String Representation of Distinguished Names
(December 1997)
Obsoletes RFC1779
2254
The String Representation of LDAP Search Filters
(December 1997)
Obsoletes RFC1960
2255
The LDAP URL Format (December 1997)
Obsoletes RFC1959
2256
A Summary of the X.500(96) User Schema for use with
LDAPv3 (December 1997)
3377
Lightweight Directory Access Protocol (v3): Technical
Specification (September 2002)
Management Standards
The eTrust Directory supports the following industry standards for
management. In addition to these standards, eTrust Directory has a powerful
management console, which is described in the Administrator Guide.
Standard
Title
Recommendation
X.711
Data communication networks: Open Systems interconnection (OSI);
Management Common Management Information Protocol Specification for
CCITT applications (1991)
Recommendation
X.720 ISO/IEC IS
10165-1
Information technology - Open Systems Interconnection - Structure of
Management Information - Part 1: Management Information Model
ISO/IEC CD 9594-10
Information technology - Open Systems Interconnection - The Directory: Use of
Systems Management for Administration of the Directory
Supported Standards
A–3
Security Standards
RFC
Title
Comment
1155
Structure and Identification of Management
Obsoletes RFC1065
Information for TCP/IP-based Internets (May Also STD0016
1990)
Status: STANDARD
1156
Management Information Base for Network
Obsoletes RFC1066
Management of TCP/IP-based internets (May Status: HISTORIC
1990)
1157
Simple network management
protocol(SNMP). (May 1990)
Obsoletes RFC1098
Also STD0015
Status: STANDARD
1212
Concise MIB Definitions (March 1991)
Also STD0016
Status: STANDARD
1213
Management Information Base for Network
Management of TCP/IP-based internets:
MIB-II (March 1991)
Obsoletes RFC1158)
Updated by RFC2011, RFC2012, RFC2013
Also STD0017
Status: STANDARD
1567
X.500 Directory Monitoring MIB (January
1994)
Status: PROPOSED STD
Security Standards
eTrust Directory conforms to the following security standards:
IETF Internet-Draft
The SSL Protocol Version 3.0 (November 1996)
PKCS #11
PKCS #11 v2.11: Cryptographic Token Interface Standard (November 2001)
PKCS #12
PKCS 12 v1.0: Personal Information Exchange Syntax Standard (June 1999)
RFC 2246
The TLS Protocol Version 1.0 (January 1999)
A–4
Appendix
B
The LDAP and X.500 standards
To work together, you have to communicate and share information. This is
essential for organizations growing through mergers and acquisitions, and
business-to-business communication and eCommerce.
Standards-based directories let this communication take place. However, many
directory systems on the market are unable to communicate with other
directories.
eTrust Directory uses both of the major directory standards, which promotes a
global, distributed infrastructure—vital in today’s worldwide marketplace.
The LDAP standard is widely accepted
LDAP (the lightweight directory access protocol) is a simplified version of the
X.500 directory access protocol. LDAP has a simple application program
interface, can be easily embedded in applications and web browsers, and is
backed by some of the world’s largest information technology vendors.
LDAP enables a large number of applications to access the same directory. This
can allow a directory to act as an integration point for bringing systems together
and consolidating management tasks.
Because LDAP has a simple protocol, LDAP-only servers are common. However,
LDAP is not a server-to-server protocol. This means that LDAP-only servers
cannot be connected together: a group of them cannot cooperate with each other
to resolve distributed queries, and cannot have a single logical authentication
and access control regime. While these LDAP-only servers can perform useful
local functions, their inability to communicate with other LDAP servers means
that each individual server forms an “island of information.”
The LDAP and X.500 standards
B–1
The X.500 standard allows directories to communicate
The X.500 standard allows directories to communicate
The X.500 standard solves the “island of information” problem by providing
mechanisms for distributed operations, distributed management, distributed
security, and replication.
eTrust Directory Supports Both Standards
LDAP is important for clients, while X.500 is important for servers.
eTrust Directory fully applies X.500 and LDAP standards to provide a
distributed and reliable directory service. eTrust Directory uses LDAP support to
access LDAP-only directories, and the X.500 distributed directory model for
distribution.
In addition to supporting LDAP for access, eTrust Directory permits the
integration of LDAP-only servers to a directory backbone.
B–2
eTrust Directory User Guide

eTrust Directory - CA Technologies

Transcription

Similar documents

RM People Directory Quick Start - RM

NJAA-Ad Form 2015 Directory PROOF3

Directory Framework

OSS Identity Management

AIRMAN`S INFORMATiON MANUAL

File Processing Using PHP on IBM i

Meridian Digital Telephones M3904 Professional-

New England`s leading provider of benefits education

Media Pack - The Directory Group