TCP/IP Tutorial and Technical Overview phần 6

LDAP interface for the GDA One way LDAP is being integrated into DCE is to allow DCE cells to be registered in LDAP directories. The GDA in a cell that wants to connect to remote cells is configured to enable access to the LDAP directory (see Figure 12-17). Figure 12-17 The LDAP interface for GDA DCE originally only supported X.500 and DNS name syntax for cell names. LDAP and X.500 names both follow the same hierarchical naming model, but their syntax is slightly different. X.500 names are written in reverse order and use a slash (/) rather than a comma (,) to separated relative distinguished names. When the GDA is configured to use LDAP, it converts cell names in X.500 format into the LDAP format. LDAP interface for the CDS DCE provides two programming interfaces to the Directory Service; Name Service Interface (NSI) and the X/Open Directory Service (XDS). XDS is an X.500-compatible interface used to access information in the GDS, and it can also be used to access information in the CDS. However, the use of NSI is much more common in DCE applications. The NSI API provides functionality that is specifically tailored for use with DCE client and server programs that use RPC. NSI allows servers to register their address and the type of RPC interface they support. This address/interface information is called an RPC binding, and is 476 TCP/IP Tutorial and Technical Overview needed by clients that want to contact the server. NSI allows clients to search the CDS for RPC binding information. NSI was designed to be independent of the directory where the RPC bindings are stored. However, the only supported directory to date has been CDS. NSI will be extended to also support adding and retrieving RPC bindings from an LDAP directory. This will allow servers to advertise their RPC binding information in either CDS or an LDAP directory. Application programs can use either the NSI or the LDAP API when an LDAP directory is used (see Figure 12-18). Figure 12-18 The LDAP interface for NSI 12.4.8 The Directory-Enabled Networks (DEN) initiative In September 1997, Cisco Systems Inc. and Microsoft® Corp. announced the so-called Directory-Enabled Networks (DEN) initiative as a result of a collaborative work. Many companies, such as IBM, either support this initiative or actively participate in ad hoc working groups (ADWGs). DEN represents an information model specification for an integrated directory that stores information about people, network devices, and applications. The DEN schema defines the object classes and their related attributes for those objects. As such, DEN is a Chapter 12. Directory and naming protocols 477 key piece to building intelligent networks, where products from multiple vendors can store and retrieve topology and configuration-related data. Of special interest is that the DEN specification defines LDAPv3 as the core protocol for accessing DEN information, which makes information available to LDAP-enabled clients or network devices, or both. DEN makes use of the Common information Model (CIM). CIM details a way of integrating different management models such as SNMP MIBs and DMTF MIFs. At the time of writing, the most current CIM schema was version 2.12, released in April of 2006. More information about the DEN initiative can be found on the founder’s Web at: http://www.dmtf.org/standards/wbem/den/ http://www.dmtf.org/standards/cim/ 12.4.9 Web-Based Enterprise Management (WBEM) WBEM is a set of standards designed to deliver an integrated set of management tools for the enterprise. By making use of XML and CIM, it becomes possible to manage network devices, desktop systems, telecom systems and application systems, all from a Web browser. For further information, see: http://www.dmtf.org/standards/wbem/ 12.5 RFCs relevant to this chapter The following RFCs provide detailed information about the directory and naming protocols and architectures presented throughout this chapter: Ê RFC 1032 – Domain administrators guide (November 1987) Ê RFC 1033 – Domain administrators operations guide (November 1987) Ê RFC 1034 – Domain names - concepts and facilities (November 1987) Ê RFC 1035 – Domain names - implementation and specifications (November 1987) Ê RFC 1101 – DNS encoding of network names and other types (April 1989) Ê RFC 1183 – New DNS RR Definitions (October 1990) Ê RFC 1202 – Directory Assistance service (February 1991) Ê RFC 1249 – DIXIE Protocol Specification (August 1991) Ê RFC 1348 – DNS NSAP RRs (July 1992) 478 TCP/IP Tutorial and Technical Overview Ê RFC 1480 – The US Domain (June 1993) Ê RFC 1706 – DNS NSAP Resource Records (October 1994) Ê RFC 1823 – The LDAP Application Programming Interface (August 1995) Ê RFC 1876 – A Means for Expressing Location Information in the Domain Name System (January 1996) Ê RFC 1995 – Incremental Zone Transfer in DNS (August 1996) Ê RFC 1996 – A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY) (August 1996) Ê RFC 2136 – Dynamic Updates in the Domain Name System (DNS UPDATE) (April 1997) Ê RFC 2444 – The One-time-Password SASL Mechanism (October 1998) Ê RFC 4592 – The Role of Wildcards in the Domain Name System (July 2006) Ê RFC 2743 – Generic Security Service Application Program Interface Version 2, Update 1 (January 2000) Ê RFC 2874 – DNS Extensions to Support IPv6 Address Aggregation and Renumbering (July 2000) Ê RFC 3007 – Secure Domain Name Systems (DNS) Dynamic Update (November 2000) Ê RFC 3494 – Lightweight Directory Access protocol version 2 (LDAPv2) (March 2003) Ê RFC 3596 – DNS Extensions to Support IP Version 6 (October 2003) Ê RFC 3645 – Generic Security Service Algorithm for Secret Key Transaction Authentication for DNS (GSS-TSIG) (October 2003) Ê RFC 3901 – DNS IPv6 Transport Operational Guidelines (September 2004) Ê RFC 4033 – DNS Security Introduction and Requirements (March 2005) Ê RFC 4034 – Resource Records for the DNS Security Extensions (March 2005) Ê RFC 4035 – Protocol Modifications for the DNS Security Extensions (March 2005) Ê RFC 4339 – IPv6 Host Configuration of DNS Server Information Approaches (February 2006) Ê RFC 4398 – Storing Certificates in the Domain Name System (DNS) (March 2006) Ê RFC 4422 – Simple Authentication and Security Layer (SASL) (June 2006) Ê RFC 4501 – Domain Name System Uniform Resource Identifiers (May 2006) Chapter 12. Directory and naming protocols 479 Ê RFC 4505 – Anonymous Simple Authentication and Security Layer (SASL) (June 2006) Ê RFC 4510 – Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map (June 2006) Ê RFC 4511 – Lightweight Directory Access Protocol (LDAP): The Protocol (June 2006) Ê RFC 4512 – Lightweight Directory Access Protocol (LDAP): Directory Information Models (June 2006) Ê RFC 4513 – Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms (June 2006) Ê RFC 4514 – Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names (June 2006) Ê RFC 4515 – Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters (June 2006) Ê RFC 4516 – Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator (June 2006) Ê RFC 4517 – Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules (June 2006) Ê RFC 4518 – Lightweight Directory Access Protocol (LDAP): Internationalized String Preparation (June 2006) Ê RFC 4519 – Lightweight Directory Access Protocol (LDAP): Schema for User Applications (June 2006) Ê RFC 4520 – Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP) (June 2006) Ê RFC 4521 – Considerations for Lightweight Directory Access Protocol (LDAP) (June 2006) Ê RFC 4522 – Lightweight Directory Access Protocol (LDAP): The Binary Encoding Option (June 2006) Ê RFC 4523 – Lightweight Directory Access Protocol (LDAP): Schema Definitions for X.509 Certificates (June 2006) Ê RFC 4524 – Lightweight Directory Access Protocol (LDAP): COSINE/LDAP X.500 Schema (June 2006) Ê RFC 4525 – Lightweight Directory Access Protocol (LDAP): Modify-Increment Extension (June 2006) Ê RFC 4526 – Lightweight Directory Access Protocol (LDAP): Absolute True and False Filters (June 2006) 480 TCP/IP Tutorial and Technical Overview ... - tailieumienphi.vn