Software Product Description Compaq X.500 Directory Service V4.0 SPD 40.77.10 Description The Compaq X.500 Directory Service products may be used to implement a distributed network directory service following the CCITT X.500 Recommendations. These Recommendations split the functions of the directory between one or more Directory System Agents (DSA), where all information is held, and one or more Directory User Agents (DUA), from which all inquiries and other directory actions are made. Using the X.500 model, departments and organizations may adopt an incremental independent approach to the establishment of a directory service using conforming products from multiple vendors. These separate implementations may then be connected together to provide a single logical directory service which spans the department, the organization, the region or the world, as appropriate. The Directory may contain information on anything of interest, typically people, systems, network resources and databases and may be accessed both by individual users and applications. V4.0 introduces an LDAPv3 and v2 interface enabling full interoperability with other LDAP applications and clients. The Compaq X.500 Directory Service product set includes: ? Compaq X.500 Directory Server - a Directory System Agent ? Compaq X.500 Administration Facility - a Directory User Agent Other Compaq messaging and networking products such as all versions of Office Server and ALL-IN-1 V3.2, also provide the directory user agent function in order to access information in the Compaq X.500 Directory Server. The Compaq X.500 Directory Service products are based on the 1993 edition of ISO/IEC 9594 and the CCITT X.500 series of recommendations. Abstract Services The Compaq X.500 Directory Service components provide and support all of the X.500 Abstract Services, including: ? Read Read attributes from a named entry ? Compare Test an attribute value without reading it ? Abandon Abandon an outstanding operation ? List List names of subordinate entries ? Search Find entries matching a search expression ? Add Create a new entry ? Remove Delete an entry ? Modify Entry Add or remove attributes or values ? Modify RDN Rename an entry The following operations are supported via the LDAPv3 protocol: ? Bind – with simple password ? Unbind ? Search – no extensibleMatch option ? Modify ? Add ? Delete AE-PX3PK-TE ? Modify Distinguished Name – no newSuperior option ? Compare ? Abandon ? Backwards compatibility with LDAPv2 clients and directories The following LDAP string syntaxes are supported: ? AttributeTypeDescription (not in v2) ? Binary ? BitString ? Boolean ? Distinguished Name ? DirectoryString ? FacsimileTelephoneNumber ? GeneralisedTime (not in v2) ? IA5String ? Integer ? Jpeg ? MHS-OR-Address ? Delete String ? UTC Time ? Telex Number ? NumericString ? ObjectClassDescription ? OID ? PostalAddress ? PrintableString ? TelephoneNumber ? Delivery Method ? Printable or Numeric String Schema The Compaq X.500 Directory Service uses a configurable schema allowing customer definition of attributes, object classes, structure rules, and name forms. The schema is installed individually at each DSA. A default schema that implements the schema in X.520 and X.521 (1995 edition) as well as other useful definitions is included. Security The Compaq X.500 Directory Service supports a subset of the Simplified Access Control scheme from the 1993 edition of the standard. This allows administrators to define policies that control access rights (such as read, browse, modify, remove) to entries and individual attributes within a particular part of the directory (naming context). The Compaq X.500 Directory Service allows for the authentication of users by name and password. It also allows access to be restricted based on network address and for chained operations. X.500 V4.0 on Tru64 UNIX has been certified with the Entrust V5.0 security product. Distributed Operations The DSA supports standard X.500 distributed operations including chaining and referrals. Knowledge management of superior and subordinate references allows a Compaq X.500 DSA to participate as a first-level DSA or a subordinate DSA in a multi-vendor distributed Directory Information Base (DIB). Replication The Compaq X.500 Directory Service supports shadowing of data between DSAs, allowing data to be replicated in the network for availability and performance. Shadowing also allows replication of knowledge information for distributed operation, access control policies and authentication information, thus reducing the amount of management required. Shadowed information is represented using the DSA Information Model defined in the 1993 edition of the standard. Compaq X.500 Directory Service supports the shadowing service defined in X.525, including supplier initiated and consumer-initiated agreements, both scheduled and on change replication providing full or incremental updates. Protocols The Directory Service is based on the client- server model. The DSA server supports the directorySystemAC application context (DSP protocol) to communicate with other DSAs. Communications between server DSAs and client DUAs are supported by the directoryAccessAC application context (DAP protocol). DAP enables DUAs in other X.500 implementations to access the Compaq X.500 Directory Service DSA and vice-versa. DSP enables full interworking with DSAs in other implementations. The X.500 DSA server supports LDAPv2 and LDAPv3 protocols. For shadowing, the DSA supports shadowSupplierInitiatedAC and shadowConsumerInitiatedAC application contexts in both the synchronous and asynchronous variants (DISP protocol) and the directoryOperational BindingManagementAC application context (DOP protocol). The Compaq X.500 V4.0 Directory Service runs on the Compaq Tru64 UNIX and OpenVMS Alpha operating systems. It provides integrated, multi-protocol support allowing concurrent DAP and DSP access over OSI (using transport classes TP0, TP2, TP4) and RFC1006 over TCP/IP. With the inclusion of LDAP support in V4.0 there is no longer any need to deploy the InfoBroker Server, however if InfoBroker is deployed: For the Compaq UNIX environment, the unlimited system use license for the X.500 Directory Server includes the right to install and use the InfoBroker Server on the same system as the DSA. Where the InfoBroker Server is to be installed and run on a system separate from the DSA, or with a concurrent use DSA license, a separate InfoBroker Server license is required. Database The Compaq X.500 Directory Service provides a Directory Information Base based on the 1993 edition of Extended Information Models. This indexed database supports high- performance searching and sophisticated matching including approximate (Soundex) match. The database is held in main memory to ensure optimal response times. Service Management The Compaq X.500 Directory Service provides DSA management conforming to Compaq's Enterprise Management Architecture (EMA), integrated with DECnet-Plus. This provides remote management facilities to configure and control DSAs, and to log significant events. Programming Interface Application access to the Compaq X.500 Directory Service is provided through the X/Open[TM] Company Limited's OSI- Abstract-Data Manipulation API and API to Directory Services, also known as the XDS/XOM Application Program Interface. Documentation, useful libraries and supporting files for the API are included with the X.500 Directory Server. The Compaq X.500 Directory Service includes a base component that contains the DUA libraries and other supporting files necessary to support applications written to the directory API. This base component, therefore, provides run-time client access to the API libraries; it is distributed with the Compaq X.500 Directory Server product. The license for the Compaq X.500 Directory Server includes the right to install this base component on any system having an application needing access to that properly licensed Compaq X.500 Directory Server. It is not required to load a license into the License Management Facility in order for the base kit to function. Directory User Agents The Compaq X.500 Administration Facility provides a Directory User Agent. The Information Management Utility (DXIM) allows users to search and browse the directory and to maintain the data stored in it. Operations include the addition, modification, and deletion of entries. DXIM supports both DECwindows? Motif? and command line interfaces. It can be used on a DSA node or remotely from any other node in the network. DXIM is configurable, based on the schema definitions, to support customer defined attributes and classes. Access to the Compaq X.500 Directory Service may also be obtained through other Compaq software products which contain the Directory User Agent function. For example, Office Server will allow users of TeamLinks, Outlook, IMAP and POP3 clients access to information in the X.500 Directory. Inclusion of the LDAP interface enables the following clients to obtain directory information: ? Internet Explorer ? Netscape Web Client ? Outlook 98 Client And any client accessing via Office Server V4.0A (LDAPv2 support) or Office Server V5.0 and V6.0 (LDAPv3 support). STANDARDS SUPPORTED The Compaq X.500 Directory Service products are implemented according to the 1993 edition of ISO/IEC 9594 and the CCITT X.500 series of Recommendations. The products have successfully completed testing to the Open Systems Testing Consortium (OSTC) 1988 X.500 conformance tests. The conformance testing was carried out by the United Kingdom National Computer Centre, an accredited OSTC testing centre, who produced OSTC test reports valid in all European Community states. The products have been registered by the U.S. National Institute of Standards and Technology (NIST) as conformant to U.S. GOSIP. The products are designed and implemented to conform, with some minor exceptions, to the following European and US profiles: NIST OIW Stable Implementor's Agreements - Version 5 edition 1 ? ENV 41210 ? ENV 41212 ? ENV 41215 ? ENV 41512 The product also supports, where applicable, the following Internet standards: ? RFC 1006 ? RFC 1274 ? RFC 1277 (as it applies to TCP/IP networks) ? RFC 1278 The LDAP functionality will conform to the following standards. For LDAP V2: ? RFC 1777 Lightweight Directory Access Protocol ? RFC 1558 A String Representation of LDAP Search Filters ? RFC 1778 The String Representation of Standard Attribute Syntaxes For LDAP V3: ? RFC 2251 Lightweight Directory Access Protocol (v3) ? RFC 2252 Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions ? RFC 2253 Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names ? RFC 2254 The String Representation of LDAP Search Filters ? RFC 2255 The LDAP URL Format ? RFC 2256 A Summary of the X.500 (96) User Schema for use with LDAP V3 Character Set Support LDAPv3 strings are based on the UTF-8 character set and are restricted to characters that can be mapped to the T.61 character set. Input characters will be substituted by their base character wherever possible, if they can’t be mapped to T.61. HARDWARE REQUIREMENTS Processors Supported For Compaq Tru64 UNIX: Compaq X.500 Directory Service is supported on all valid Compaq Tru64 UNIX AlphaServer configurations. Refer to the configuration charts listed in the Tru64 UNIX Operating System Software Product Description (SPD 41.61.xx) for further information on supported hardware configurations. For OpenVMS Alpha: Compaq X.500 Directory Service is supported on all valid OpenVMS AlphaServer configurations supported by DECnet-Plus. Refer to the DECnet-Plus for OpenVMS Alpha Software Product Description (SPD 50.45.xx) for further information on supported hardware configurations. Disk Space Requirements The counts below refer to the disk space required on the system disk or specified file systems. The sizes are approximate; actual sizes may vary depending on the user's system environment, configuration, and software options selected. The counts below refer to the space required to install the X.500 Server, Administration, and Application Programming components. The Base component is a mandatory component for all installations. Permanent disk space requirements for the components are cumulative. Directory data files are not included and will require additional space which can be on a non-system disk. For Compaq Tru64 UNIX Systems: Disk space required for installation and for use (permanent): Component File System (Kbytes): User /var Base: 3000 500 Server: 4000 50 Administration: 4300 600 Application Programming: 7800 Look-up client: 8300 Reference Pages: 300 Release Notes: 300 Directory data files are stored in the /var file system. For OpenVMS Alpha Systems (Block Size = 512KB): Disk space required for installation: Component Blocks Kbytes All: 40000 20480 Disk space required for use (permanent): Component Blocks Kbytes Base: 6000 3072 Server: 18000 9216 Administration: 7000 3584 Application Programming:1000 512 Look-up client 5000 2560 Memory Requirements The performance of this product is dependent on the amount of system memory. The memory size suggested for most typical hardware configurations is at least 128 Mbytes for systems running the Directory Server. On these server systems, memory usage increases in proportion to the amount of data stored in the database. CLUSTER ENVIRONMENT This layered product is fully supported when installed on any valid and licensed VMScluster?* configuration without restrictions. Only one Directory System Agent (DSA) can be active on a single node or VMScluster at any one time. The HARDWARE REQUIREMENTS section of this document details any special hardware required by this product. * VMScluster configurations are fully described in the VMScluster Software Product Description (29.78.xx) and include CI, Ethernet, and Mixed Interconnect configurations. This layered product is fully supported when installed on any valid and licensed TruCluster?* configuration without restrictions. Only one Directory System Agent (DSA) can be active on a single node or TruCluster at any one time. * TruCluster configurations are fully described in the TruCluster Software Product Description (44.17) SOFTWARE REQUIREMENTS For Compaq Tru64 UNIX Systems: For All Systems: Compaq Tru64 UNIX Operating System V4.0d to g. Compaq Tru64 UNIX Operating System V5.0 DECnet-Plus for Tru64 UNIX V4.0c or later For OpenVMS Alpha Systems: For Systems Using Terminals: OpenVMS Alpha Operating System V7.1-2 or later DECnet-Plus V7.1 ECO6 or DECnet- Plus V7.2-1 ECO2 for OpenVMS Alpha or later DIGITAL TCP/IP Services for OpenVMS V5.0A or later is required for RFC1006 transport and LDAP protocols For all OpenVMS Systems: This product may run in either of the following ways: Standalone Execution - Running the X11 display server and the client application on the same machine. Remote Execution - Running the X11 display server and the client application on different machines. OpenVMS Tailoring: The following OpenVMS classes are required for full functionality of this layered product: ? OpenVMS Required Saveset ? Network Support ? Programming Support ? VMS Workstation Support GROWTH CONSIDERATIONS The minimum hardware/software requirements for any future version of this product may be different from the requirements for the current version. DISTRIBUTION MEDIA This product is available on the Tru64 UNIX and OpenVMS Alpha Layered Products CD- ROM distributions, Software Product Library, formerly known as CONDIST. The documentation for this product is available on the Tru64 UNIX and OpenVMS Alpha Online Documentation CD-ROM distributions. A printed documentation kit is available that covers both platforms. ORDERING INFORMATION In this section, an asterisk (*) denotes variant fields. For additional information on available licenses, services, and media, refer to the appropriate price book. Compaq X.500 Directory Server: Software Licenses: For Tru64 UNIX systems: QL-2FYA*-** For OpenVMS Alpha Systems: ? Unlimited system use: QL-2NZA*-** ? Concurrent use: QL-0P4A*-** Software Product Services: For Tru64 UNIX systems: QT-2FYA*-** For OpenVMS Alpha systems: QT-2NZA*-** Compaq X.500 Administration Facility: Software Licenses: For Tru64 UNIX systems: QL-2FZA*-** For OpenVMS Alpha systems: QL-2P0A*-** Software Product Services: For Tru64 UNIX systems: QT-2FZA*-** For OpenVMS Alpha systems: QT-2P0A*-** Media for all products: Software Media: For Tru64 UNIX systems: QA-054AA-H8 For OpenVMS Alpha systems: QA-03XAA-H8 Documentation for all products: Printed Documentation: For Tru64 UNIX systems: QA-0P4AA-GZ For OpenVMS Alpha systems: QA-0P4AA-GZ SOFTWARE LICENSING This software is furnished under the licensing provisions of Compaq Computer Corporation's Standard Terms and Conditions. For more information about Compaq's licensing terms and policies, contact your local Compaq office or Partner. License Management Facility Support This layered product supports the Tru64 UNIX and OpenVMS License Management Facilities (LMF). License units for the Compaq X.500 Directory Server are allocated on an Unlimited System Use and Concurrent Use basis. Each Server Concurrent Use license allows a specified number of entries to be added to the local directory database, according to the number of units in the license. The number of entries counted includes: ? all sub-entries (access control, shadowing agreement and other sub entries) ? intermediate entries in the naming hierarchy ? a small number of overhead entries used for internal DSA management purposes ? all shadowed entries from other DSAs ? normal entries such as those used by human users or used by other dependent software, for example MAILbus 400 MTA routing and gateway entries. In a messaging environment with mail user agents, a MAILbus 400 MTA and gateways, a 5000 entry DSA may be sufficient to support a user population of just 1000 people. For further details of this mechanism, consult the product documentation. The Server Unlimited System Use license imposes no fixed limits on directory size. The Compaq X.500 Directory Service includes a base component that contains the DUA libraries and other supporting files necessary to support applications written to the directory API. This base component, therefore, provides run-time client access to the API libraries; it is distributed with the Compaq X.500 Directory Server product. The license for the Compaq X.500 Directory Server includes the right to install this base component on any system having an application needing access to that properly licensed Compaq X.500 Directory Server. It is not required to load a license into the License Management Facility in order for the base kit to function. The Unlimited System Use license for the Compaq X.500 Directory Server for Tru64 UNIX allows the installation and use of the InfoBroker Server for Compaq Tru64 UNIX on the same Compaq UNIX system as the Compaq X.500 Directory Server. This does not apply to the Concurrent Use license for the Compaq X.500 Directory Server for Tru64 UNIX; in this case an additional InfoBroker Server license is required. License units for the Compaq X.500 Administration Facility are allocated on a Unlimited System Use and Concurrent Use basis. Each Concurrent Use license allows any one individual at a time to use the layered product. For more information on the Compaq Tru64 UNIX or the OpenVMS License Management Facilities, refer to the appropriate Software Product Description or documentation. SOFTWARE PRODUCT SERVICES A variety of service options are available from Compaq. For more information, contact your local Compaq office or Compaq partner. SOFTWARE WARRANTY This software is provided by Compaq with a 90 day conformance warranty in accordance with the Compaq warranty terms applicable to the license purchase. COMPAQ, the Compaq logo, DEC, Digital, OpenVMS, VAX and VMS Registered in U.S. Patent and Trademark Office. ALL-IN-1, CI, DECnet, DECstation, DECsystem, DECwindows, DECthreads, Digital, MicroVAX, OpenVMS, TK, TruCluster, VMScluster, VAXft, VAXserver and VAXstation are trademarks of Compaq Information Technologies Group, L.P. in the United States and/or other countries. Microsoft Outlook is a registered trademark of Microsoft Corporation in the United States and/or other countries. Motif, OSF, OSF/Motif, OSF/1 and UNIX are registered trademarks of the Open Group in the United States and/or other countries. All other product names mentioned herein may be trademarks or registered trademarks of their respective companies. Confidential computer software. Valid license from Compaq required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Compaq shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is subject to change without notice. The information in this publication is subject to change without notice and is provided "AS IS" WITHOUT WARRANTY OF ANY KIND. THE ENTIRE RISK ARISING OUT OF THE USE OF THIS INFORMATION REMAINS WITH RECIPIENT. IN NO EVENT SHALL COMPAQ BE LIABLE FOR ANY DIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE OR OTHER DAMAGES WHATSOEVER (INCLUDING WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION OR LOSS OF BUSINESS INFORMATION), EVEN IF COMPAQ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. The limited warranties for Compaq products are exclusively set forth in the documentation accompanying such products. Nothing herein should be construed as constituting a further or additional warranty. © 2000 Compaq Computer Corporation Possession, use, or copying of the software described in this publication is authorized only pursuant to a valid written license from Compaq or an authorized sub-licensor. Compaq X.500 Directory Service V4.0 ? 2000 Compaq Computer Corporation 1 April, 2000