mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-12 10:54:48 +08:00
1516 lines
54 KiB
Plaintext
1516 lines
54 KiB
Plaintext
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Network Working Group J. Kempf
|
|||
|
Request for Comments: 2926 Sun Microsystems, Inc.
|
|||
|
Category: Informational R. Moats
|
|||
|
Coreon, Inc.
|
|||
|
P. St. Pierre
|
|||
|
Sun Microsystems, Inc.
|
|||
|
September 2000
|
|||
|
|
|||
|
|
|||
|
Conversion of LDAP Schemas to and from SLP Templates
|
|||
|
|
|||
|
Status of this Memo
|
|||
|
|
|||
|
This memo provides information for the Internet community. It does
|
|||
|
not specify an Internet standard of any kind. Distribution of this
|
|||
|
memo is unlimited.
|
|||
|
|
|||
|
Copyright Notice
|
|||
|
|
|||
|
Copyright (C) The Internet Society (2000). All Rights Reserved.
|
|||
|
|
|||
|
Abstract
|
|||
|
|
|||
|
This document describes a procedure for mapping between Service
|
|||
|
Location Protocol (SLP) service advertisements and lightweight
|
|||
|
directory access protocol (LDAP) descriptions of services. The
|
|||
|
document covers two aspects of the mapping. One aspect is mapping
|
|||
|
between SLP service type templates and LDAP directory schema.
|
|||
|
Because the SLP service type template grammar is relatively simple,
|
|||
|
mapping from service type templates to LDAP types is straightforward.
|
|||
|
Mapping in the other direction is straightforward if the attributes
|
|||
|
are restricted to use just a few of the syntaxes defined in RFC 2252.
|
|||
|
If arbitrary ASN.1 types occur in the schema, then the mapping is
|
|||
|
more complex and may even be impossible. The second aspect is
|
|||
|
representation of service information in an LDAP directory. The
|
|||
|
recommended representation simplifies interoperability with SLP by
|
|||
|
allowing SLP directory agents to backend into LDAP directory servers.
|
|||
|
The resulting system allows service advertisements to propagate
|
|||
|
easily between SLP and LDAP.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 1]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
Table of Contents
|
|||
|
|
|||
|
1.0 Introduction ................................................ 2
|
|||
|
2.0 Mapping SLP Templates to LDAP Schema ........................ 3
|
|||
|
2.1 Mapping from SLP Attribute Types to LDAP Attribute Types .. 8
|
|||
|
2.1.1 Integer ............................................... 8
|
|||
|
2.1.2 String ................................................ 8
|
|||
|
2.1.3 Boolean ............................................... 9
|
|||
|
2.1.4 Opaque ................................................ 9
|
|||
|
2.2 Keyword Attributes ........................................ 9
|
|||
|
2.3 Template Flags ............................................ 9
|
|||
|
2.3.1 Multi-valued .......................................... 9
|
|||
|
2.3.2 Optional .............................................. 10
|
|||
|
2.3.3 Literal ............................................... 10
|
|||
|
2.3.4 Explicit Matching ..................................... 10
|
|||
|
2.4 Default and Allowed Value Lists ........................... 10
|
|||
|
2.5 Descriptive Text .......................................... 11
|
|||
|
2.6 Generating LDAP Attribute OIDs ............................ 11
|
|||
|
2.7 Example ................................................... 11
|
|||
|
3.0 Attribute Name Conflicts .................................... 15
|
|||
|
4.0 Mapping from Schema to Templates ............................ 15
|
|||
|
4.1 Mapping LDAP Attribute Types to SLP Attribute Types ....... 16
|
|||
|
4.2 Mapping ASN.1 Types to SLP Types .......................... 17
|
|||
|
4.2.1 Integer ............................................... 18
|
|||
|
4.2.2 Boolean ............................................... 18
|
|||
|
4.2.3 Enumerated ............................................ 18
|
|||
|
4.2.4 Object Identifier ..................................... 19
|
|||
|
4.2.5 Octet String .......................................... 19
|
|||
|
4.2.6 Real .................................................. 19
|
|||
|
4.3 Example ASN.1 Schema ...................................... 19
|
|||
|
5.0 Representing SLP Service Advertisements in an LDAP DIT ...... 22
|
|||
|
6.0 Internationalization Considerations ......................... 24
|
|||
|
7.0 Security Considerations ..................................... 24
|
|||
|
8.0 References .................................................. 25
|
|||
|
9.0 Authors' Addresses .......................................... 26
|
|||
|
10.0 Full Copyright Statement ................................... 27
|
|||
|
|
|||
|
1.0 Introduction
|
|||
|
|
|||
|
SLP templates [1] are intended to create a simple encoding of the
|
|||
|
syntactic and semantic conventions for individual service types,
|
|||
|
their attributes, and conventions. They can easily be generated,
|
|||
|
transmitted, read by humans and parsed by programs, as it is a string
|
|||
|
based syntax with required comments. Directory schemas serve to
|
|||
|
formalize directory entry structures for use with LDAP [2] These
|
|||
|
directories serve to store information about many types of entities.
|
|||
|
Network services are an example of one such entity.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 2]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
Interoperability between SLP and LDAP is important so clients using
|
|||
|
one protocol derive benefit from services registered through the
|
|||
|
other. In addition, LDAP directory servers can serve as the backend
|
|||
|
for SLP directory agents (DAs) if interoperability is possible In
|
|||
|
order to facilitate interoperability, this document creates mappings
|
|||
|
between the SLP template grammar and LDAP directory schema, and
|
|||
|
establishes some conventions for representing service advertisements
|
|||
|
in LDAP directories. The goal of the translation is to allow SLPv2
|
|||
|
queries (which are syntactically and semantically equivalent to
|
|||
|
LDAPv3 string queries [7]) to be submitted to an LDAP directory
|
|||
|
server by an SLP DA backended into LDAP without extensive processing
|
|||
|
by the DA.
|
|||
|
|
|||
|
The simple notation and syntactic/semantic attribute capabilities of
|
|||
|
SLP templates map easily into directory schemas, and are easily
|
|||
|
converted into directory schemas, even by automated means. The
|
|||
|
reverse may not be true. If the LDAP schema contains attributes with
|
|||
|
unrecognized or complex syntaxes, the translation may be difficult or
|
|||
|
impossible. If, however, the LDAP schema only uses a few of the
|
|||
|
common syntaxes defined in RFC 2252 [8], then the translation is more
|
|||
|
straightforward. In addition, to foster complete bidirectionality,
|
|||
|
the mapping must follow a very specific representation in its DESC
|
|||
|
attributes.
|
|||
|
|
|||
|
This document outlines the correct mappings for SLP templates into
|
|||
|
the syntactic representation specified for LDAP directory schema by
|
|||
|
RFC 2252 [8]. This syntax is a subset of the ASN.1/BER described in
|
|||
|
the X.209 specification [9], and is used by the LDAPv3 [2] directory
|
|||
|
schema. Likewise, rules and guidelines are proposed to facilitate
|
|||
|
consistent mapping of ASN.1 based schemas to be translated in the SLP
|
|||
|
template grammar. Finally, a proposal for a representation of service
|
|||
|
advertisements in LDAP directory services is made that facilitates
|
|||
|
SLP interoperability.
|
|||
|
|
|||
|
Except when used as elements in the definition of LDAP schemas, the
|
|||
|
key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
|
|||
|
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
|
|||
|
document are to be interpreted as described in RFC 2119 [16].
|
|||
|
|
|||
|
2.0 Mapping SLP Templates to LDAP Schema
|
|||
|
|
|||
|
We define the following abstract object class as the parent class for
|
|||
|
all services. Any specific service type is a subclass of this, with
|
|||
|
its own attributes:
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 3]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
( 1.3.6.1.4.1.6252.2.27.6.2.1
|
|||
|
NAME 'slpService'
|
|||
|
DESC 'parent superclass for SLP services'
|
|||
|
ABSTRACT
|
|||
|
SUP top
|
|||
|
MUST ( template-major-version-number $
|
|||
|
template-minor-version-number $
|
|||
|
description $
|
|||
|
template-url-syntax $
|
|||
|
service-advert-service-type $
|
|||
|
service-advert-scopes )
|
|||
|
MAY ( service-advert-url-authenticator $
|
|||
|
service-advert-attribute-authenticator ) )
|
|||
|
|
|||
|
The attributes correspond to various parts of the SLP service
|
|||
|
template and SLP service advertisement.
|
|||
|
|
|||
|
SLP service type templates begin with four definitions that set the
|
|||
|
context of the template:
|
|||
|
|
|||
|
template-type - This defines the service type of the template. The
|
|||
|
service type can be a simple service type, like "service:ftp", an
|
|||
|
abstract service type, like "service:printer" or a concrete
|
|||
|
service type, like "service:printer:lpr". The type name can
|
|||
|
additionally include a naming authority, for example
|
|||
|
"service:printer.sun:local". The name that appears in this field
|
|||
|
omits the "service:" prefix.
|
|||
|
|
|||
|
template-version - A string containing a major and minor version
|
|||
|
number, separated by a period.
|
|||
|
|
|||
|
template-description - A block of human readable text describing
|
|||
|
what the service type does.
|
|||
|
|
|||
|
template-url-syntax - An ABNF [6] grammar describing the service
|
|||
|
type specific part of the service URL.
|
|||
|
|
|||
|
The SLP template-type definition is used as the name of the LDAP
|
|||
|
object class for the template, a subclass of the "slpService" class,
|
|||
|
together with the "service" prefix to indicate that the name is for a
|
|||
|
service. In the translating service type name, colons and the period
|
|||
|
separating the naming authority are converted into hyphens. If the
|
|||
|
template defines an SLP concrete type, the concrete type name is
|
|||
|
used; the abstract type name is never used. For example, the
|
|||
|
template for "service:printer:lpr" is translated into an LDAP object
|
|||
|
class called "service-printer-lpr". Furthermore, if the type name
|
|||
|
contains a naming authority, the naming authority name must be
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 4]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
included. For example, the service type name
|
|||
|
"service:printer.sun:local" becomes "service-printer-sun-local". The
|
|||
|
LDAP object class is always "STRUCTURAL".
|
|||
|
|
|||
|
The template-version definition is partitioned into two attributes,
|
|||
|
template-major-version-number and template-minor-version-number. The
|
|||
|
LDAP definition for these attributes is:
|
|||
|
|
|||
|
( 1.3.6.1.4.1.6252.2.27.6.1.1
|
|||
|
NAME 'template-major-version-number'
|
|||
|
DESC 'The major version number of the service type template'
|
|||
|
EQUALITY integerMatch
|
|||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|||
|
SINGLE-VALUE
|
|||
|
)
|
|||
|
|
|||
|
( 1.3.6.1.4.1.6252.2.27.6.1.2
|
|||
|
NAME 'template-minor-version-number'
|
|||
|
DESC 'The minor version number of the service type template'
|
|||
|
EQUALITY integerMatch
|
|||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|||
|
SINGLE-VALUE
|
|||
|
)
|
|||
|
|
|||
|
The template-url-syntax definition in the SLP template is described
|
|||
|
by the following attribute:
|
|||
|
|
|||
|
( 1.3.6.1.4.1.6252.2.27.6.1.3
|
|||
|
NAME 'template-url-syntax'
|
|||
|
DESC 'An ABNF grammar describing the service type
|
|||
|
specific part of the service URL'
|
|||
|
EQUALITY caseExactIA5Match
|
|||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|||
|
SINGLE-VALUE
|
|||
|
)
|
|||
|
|
|||
|
The template-description attribute is translated into the X.520
|
|||
|
standard attribute "description" [3].
|
|||
|
|
|||
|
We further establish the convention that SLP template characteristics
|
|||
|
that can't be translated into LDAP are inserted into the DESC field
|
|||
|
of the object class definition. The items are separated by empty
|
|||
|
lines (consisting of two "LINE FEED" characters), are preceded by a
|
|||
|
LINE FEED character, and are tagged at the beginning of the line to
|
|||
|
indicate what they represent. This allows the template to be
|
|||
|
reconstructed from the schema by properly parsing the comments.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 5]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
The bulk of an SLP template consists of attribute definitions. There
|
|||
|
are four items in an SLP template attribute definition that need to
|
|||
|
be mapped into LDAP:
|
|||
|
|
|||
|
Attribute Name - Since SLPv2 attribute names are defined to be
|
|||
|
compatible with LDAPv3, SLP attributes map directly into LDAP
|
|||
|
attributes with no change. Similarly, LDAP attributes map directly
|
|||
|
to SLP attributes.
|
|||
|
|
|||
|
Attribute Type - The SLP attribute type is mapped into the LDAP
|
|||
|
attribute type.
|
|||
|
|
|||
|
Attribute Flags - The SLP attribute flags are mapped into
|
|||
|
characteristics of the LDAP attribute definition, or into the DESC
|
|||
|
field if no equivalent LDAP attribute definition characteristic
|
|||
|
occurs.
|
|||
|
|
|||
|
Default and Allowed Values - These must be handled by the client
|
|||
|
or a DA enabled to handle templates, as in SLP. For reference,
|
|||
|
however, they should be included in the DESC field of the LDAP
|
|||
|
attribute definition.
|
|||
|
|
|||
|
Descriptive Text - The SLP template descriptive text should be
|
|||
|
mapped into the DESC field.
|
|||
|
|
|||
|
We discuss mapping of types, flags, default and allowed values, and
|
|||
|
descriptive text in the subsections below.
|
|||
|
|
|||
|
OIDs for SLP template conversion schema elements are standardized
|
|||
|
under the enterprise number of SrvLoc.Org (6252) [18].
|
|||
|
|
|||
|
For purposes of representing an SLP entry, we also define two
|
|||
|
standardized LDAP syntaxes and attributes with standardized OIDs.
|
|||
|
|
|||
|
( 1.3.6.1.4.1.6252.2.27.6.2.2
|
|||
|
DESC 'SLP Service Type'
|
|||
|
)
|
|||
|
|
|||
|
Defines the syntax for the service type name. The syntax is defined
|
|||
|
in the BNF for the service URL in RFC 2609 Section 2.1 [1].
|
|||
|
|
|||
|
( 1.3.6.1.4.1.6252.2.27.6.2.3
|
|||
|
DESC 'SLP Scope'
|
|||
|
)
|
|||
|
|
|||
|
Defines the syntax for the scope name. The syntax is defined in the
|
|||
|
BNF for scope names in RFC 2608 Section 6.4.1 [5].
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 6]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
( 1.3.6.1.4.1.6252.2.27.6.1.4
|
|||
|
NAME 'service-advert-service-type'
|
|||
|
DESC 'The service type of the service advertisement, including
|
|||
|
the "service:" prefix.'
|
|||
|
EQUALITY caseExactIA5Match
|
|||
|
SYNTAX 1.3.6.1.4.1.6252.2.27.6.2.2
|
|||
|
SINGLE-VALUE
|
|||
|
)
|
|||
|
|
|||
|
Defines an attribute for the service type name.
|
|||
|
|
|||
|
( 1.3.6.1.4.1.6252.2.27.6.1.5
|
|||
|
NAME 'service-advert-scopes'
|
|||
|
DESC 'A list of scopes for a service advertisement.'
|
|||
|
EQUALITY caseExactIA5Match
|
|||
|
SYNTAX 1.3.6.1.4.1.6252.2.27.6.2.3
|
|||
|
)
|
|||
|
|
|||
|
Defines a multivalued attribute for the scopes.
|
|||
|
|
|||
|
Searches for abstract types can be made with an LDAP query that
|
|||
|
wildcards the concrete type. For example, a search for all service
|
|||
|
advertisements of the printer abstract type can be made with the
|
|||
|
following query:
|
|||
|
|
|||
|
(service-advert-service-type=service:printer:*)
|
|||
|
|
|||
|
SLP specifies that service URLs and attribute lists can be
|
|||
|
accompanied by a structured authenticator consisting of a digital
|
|||
|
signature and information necessary to verify the signature. A
|
|||
|
syntax and two standardized SLP attributes are defined for this
|
|||
|
purpose:
|
|||
|
|
|||
|
( 1.3.6.1.4.1.6252.2.27.6.2.3 DESC 'SLP Authenticator')
|
|||
|
|
|||
|
The syntax of an SLP authenticator is the bytes of the
|
|||
|
authenticator in network byte order, see RFC 2608, Section 9.2
|
|||
|
[5].
|
|||
|
|
|||
|
( 1.3.6.1.4.1.6252.2.27.6.1.6
|
|||
|
NAME 'service-advert-url-authenticator'
|
|||
|
DESC 'The authenticator for the URL, null if none.'
|
|||
|
SYNTAX 1.3.6.1.4.1.6252.2.27.6.2.3
|
|||
|
SINGLE-VALUE
|
|||
|
)
|
|||
|
|
|||
|
This attribute contains the SLP URL authenticator, as defined in
|
|||
|
RFC 2608, Section 9.2 [5].
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 7]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
( 1.3.6.1.4.1.6252.2.27.6.1.7
|
|||
|
NAME 'service-advert-attribute-authenticator'
|
|||
|
DESC 'The authenticator for the attribute list, null if none.'
|
|||
|
SYNTAX 1.3.6.1.4.1.6252.2.27.6.2.3
|
|||
|
SINGLE_VALUE
|
|||
|
)
|
|||
|
|
|||
|
This attribute contains the SLP attribute authenticator, as
|
|||
|
defined in RFC 2608, Section 9.2 [5].
|
|||
|
|
|||
|
2.1 Mapping from SLP Attribute Types to LDAP Attribute Types
|
|||
|
|
|||
|
We define the mapping from SLP attribute types to LDAP as follows:
|
|||
|
|
|||
|
SLP Type ASN.1 Type LDAP Type
|
|||
|
---------------------------------------------------
|
|||
|
Integer INTEGER INTEGER
|
|||
|
String DirectoryString Directory String
|
|||
|
Boolean BOOLEAN Boolean
|
|||
|
Opaque OCTET STRING Octet String
|
|||
|
Keyword (N/A) IA5 String
|
|||
|
|
|||
|
The following subsections discuss further details of the mapping.
|
|||
|
|
|||
|
2.1.1 Integer
|
|||
|
|
|||
|
SLP integers compare as integers when performing a query. LDAP
|
|||
|
integers behave similarly. Consequently, the mapping from the SLP
|
|||
|
integer type to LDAP is INTEGER, with the integerMatch matching rule.
|
|||
|
|
|||
|
2.1.2 String
|
|||
|
|
|||
|
SLP strings are encoded as described in the SLP protocol
|
|||
|
specification [5]. All value strings are considered case insensitive
|
|||
|
for matching operations. SLP strings are not null terminated and are
|
|||
|
encoded in UTF-8.
|
|||
|
|
|||
|
SLP strings are mapped to the LDAP Directory String type. The
|
|||
|
Directory String type exactly matches the SLP string type, i.e. it is
|
|||
|
a non-null terminated UTF-8 string. The caseIgnoreMatch equality
|
|||
|
rule, caseIgnoreOrderingMatch ordering rule, and
|
|||
|
caseIgnoreSubstringsMatch substring rule are used for comparing
|
|||
|
string attribute values.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 8]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
2.1.3 Boolean
|
|||
|
|
|||
|
Boolean attributes may have one of two possible values. In SLP,
|
|||
|
these values are represented as strings, TRUE and FALSE. In SLP's
|
|||
|
string encoding of a boolean value, case does not matter.
|
|||
|
|
|||
|
The SLP Boolean type maps directly into an LDAP BOOLEAN. The
|
|||
|
caseIgnoreMatch rule is used for equality matching.
|
|||
|
|
|||
|
2.1.4 Opaque
|
|||
|
|
|||
|
SLP attribute values of type Opaque are represented as OCTET STRING
|
|||
|
in LDAP, and the octetStringMatch matching rule is used to compare
|
|||
|
them.
|
|||
|
|
|||
|
2.2 Keyword Attributes
|
|||
|
|
|||
|
SLP service type templates allow the definition of keyword
|
|||
|
attributes. Keyword attributes are attributes whose only
|
|||
|
characteristic is their presence. Keyword attributes have no flag
|
|||
|
information, nor any default or allowed values (since, by definition,
|
|||
|
they have no values).
|
|||
|
|
|||
|
ASN.1 has no concept of keyword attributes. Keyword attributes are
|
|||
|
translated into a "May" clause in the ASN.1 class definition for the
|
|||
|
service type. If the keyword attribute is present, then its value is
|
|||
|
of no consequence, but for consistency we make it simply the NUL
|
|||
|
character, "\00".
|
|||
|
|
|||
|
2.3 Template Flags
|
|||
|
|
|||
|
SLP template flags can be handled as described in the following
|
|||
|
subsections.
|
|||
|
|
|||
|
2.3.1 Multi-valued
|
|||
|
|
|||
|
Multi-valued attributes are defined in an SLP template using the one
|
|||
|
value. All values for a given attribute must be of the same type.
|
|||
|
|
|||
|
LDAP attribute definitions require that a single valued attribute
|
|||
|
include the SINGLE-VALUE tag if the attribute is single valued.
|
|||
|
Otherwise, the attribute is assumed to be multivalued by default.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 9]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
2.3.2 Optional
|
|||
|
|
|||
|
SLP uses the 'O' flag to indicate an attribute may or may not be
|
|||
|
present. These optional attributes are defined using the "May"
|
|||
|
clause in the ASN.1 definition class definition for the service type.
|
|||
|
All other attributes must be defined as a "Must".
|
|||
|
|
|||
|
2.3.3 Literal
|
|||
|
|
|||
|
ASN.1 does not have a mechanism to indicate that the values of an
|
|||
|
attribute may not be translated from one language to another, since
|
|||
|
ASN.1 schema are not typically translated. This flag is dropped when
|
|||
|
translating a template, but presence of the flag should be noted in
|
|||
|
the DESC field. It should be placed on a separate line and tagged
|
|||
|
with "Literal:" so the template can be reconstructed from the schema.
|
|||
|
|
|||
|
2.3.4 Explicit Matching
|
|||
|
|
|||
|
The SLP template syntax uses a flag of 'X' to indicate that an
|
|||
|
attribute must be present in order for the query to be properly
|
|||
|
satisfied. There is no provision for requiring that particular
|
|||
|
attributes be in a query. Consequently, this flag is dropped when
|
|||
|
translating a template, but presence of the flag should be noted in
|
|||
|
the DESC field. It should be placed on a separate line and tagged
|
|||
|
with "Explicit:" so the template can be reconstructed from the
|
|||
|
schema.
|
|||
|
|
|||
|
2.4 Default and Allowed Value Lists
|
|||
|
|
|||
|
The SLP template grammar provides the capability to define default
|
|||
|
and allowed values for an attribute. The SLP protocol does not
|
|||
|
enforce these restrictions on registered attributes, however. The
|
|||
|
default and allowed values may be used by client side applications,
|
|||
|
or alternatively it may also be used by DAs to initialize
|
|||
|
registrations having no attributes and to limit attribute values to
|
|||
|
the template allowed values.
|
|||
|
|
|||
|
LDAP servers also do not support default and allowed values on
|
|||
|
attributes. Therefore, enforcement of default and allowed values in
|
|||
|
SLP templates is left up to the clients or a DA, if the DA is
|
|||
|
backending into LDAP. The default and allowed values should be
|
|||
|
included in the DESC field. The comments should be placed on separate
|
|||
|
lines and labeled with the "Default:" and "Allowed:" tags to allow
|
|||
|
reconstruction of the template.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 10]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
2.5 Descriptive Text
|
|||
|
|
|||
|
The descriptive text associated with an attribute definition should
|
|||
|
be included in the DESC field. It should start on a separate line and
|
|||
|
begin with the "Description:" tag.
|
|||
|
|
|||
|
2.6 Generating LDAP Attribute OIDs
|
|||
|
|
|||
|
LDAP attributes require an OID. In general, there is no a priori way
|
|||
|
that an algorithm can be defined for generating OIDs, because it will
|
|||
|
depend on the conventions used by the organization developing the
|
|||
|
template. In some cases, an organization's procedure for generating
|
|||
|
OIDs may be regular enough that a template developer can
|
|||
|
algorithmically generate OIDs off of an assigned root. Whatever means
|
|||
|
is used, the template developer should assure that unique OIDs are
|
|||
|
assigned to each SLP attribute that is translated into an LDAP
|
|||
|
attribute.
|
|||
|
|
|||
|
2.7 Example
|
|||
|
|
|||
|
The template included below is a hypothetical abstract printer
|
|||
|
service template, similar to that described in [10].
|
|||
|
|
|||
|
template-type = printer
|
|||
|
|
|||
|
template-version = 0.0
|
|||
|
|
|||
|
template-description =
|
|||
|
The printer service template describes the attributes supported by
|
|||
|
network printing devices. Devices may be either directly
|
|||
|
connected to a network, or connected to a printer spooler that
|
|||
|
understands the a network queuing protocol such as IPP, lpr or the
|
|||
|
Salutation Architecture.
|
|||
|
|
|||
|
template-url-syntax =
|
|||
|
;The URL syntax is specific to the printing protocol being
|
|||
|
;employed
|
|||
|
|
|||
|
description = STRING
|
|||
|
# This attribute is a free form string that can contain any
|
|||
|
# site-specific descriptive information about this printer.
|
|||
|
|
|||
|
printer-security-mechanisms-supported = STRING L M
|
|||
|
none
|
|||
|
# This attribute indicates the security mechanisms supported
|
|||
|
tls, ssl, http-basic, http-digest, none
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 11]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
printer-operator = STRING O L M
|
|||
|
# A person, or persons responsible for maintaining a
|
|||
|
# printer on a day-to-day basis, including such tasks
|
|||
|
# as filling empty media trays, emptying full output
|
|||
|
# trays, replacing toner cartridges, clearing simple
|
|||
|
# paper jams, etc.
|
|||
|
|
|||
|
printer-location-address = STRING O
|
|||
|
# Physical/Postal address for this device. Useful for
|
|||
|
# nailing down a group of printers in a very large corporate
|
|||
|
# network. For example: 960 Main Street, San Jose, CA 95130
|
|||
|
|
|||
|
printer-priority-queue = BOOLEAN O
|
|||
|
FALSE
|
|||
|
# TRUE indicates this printer or print queue is a priority
|
|||
|
# queuing device.
|
|||
|
|
|||
|
printer-number-up = INTEGER O
|
|||
|
1
|
|||
|
# This job attribute specifies the number of source
|
|||
|
# page-images to impose upon a single side of an instance
|
|||
|
# of a selected medium.
|
|||
|
1, 2, 4
|
|||
|
|
|||
|
printer-paper-output = STRING M L O
|
|||
|
standard
|
|||
|
# This attribute describes the mode in which pages output
|
|||
|
# are arranged.
|
|||
|
|
|||
|
standard, noncollated sort, collated sort, stack, unknown
|
|||
|
|
|||
|
We assume that the concrete type "service:printer:lpr" for printers
|
|||
|
that speak the LPR protocol [4] has the following template
|
|||
|
definition:
|
|||
|
|
|||
|
template-type = printer:lpr
|
|||
|
|
|||
|
template-version = 0.0
|
|||
|
|
|||
|
template-description =
|
|||
|
The printer:lpr service template describes the attributes
|
|||
|
supported by network printing devices that speak the
|
|||
|
LPR protocol. No new attributes are included.
|
|||
|
|
|||
|
template-url-syntax = queue
|
|||
|
queue = ;The queue name, see RFC 1179.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 12]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
The LDAP class definition for the "service:printer:lpr" concrete
|
|||
|
service type is translated as follows:
|
|||
|
|
|||
|
( ---place the assigned OID here---
|
|||
|
NAME 'service-printer-lpr'
|
|||
|
DESC 'Description: The printer:lpr service template
|
|||
|
describes the attributes supported by network printing
|
|||
|
devices that speak the LPR protocol. No new attributes
|
|||
|
are included.
|
|||
|
|
|||
|
URL Syntax: queue
|
|||
|
queue = ;The queue name, see RFC 1179.'
|
|||
|
SUP slpService
|
|||
|
MUST ( description $ security-mechanisms-supported $
|
|||
|
labeledURI)
|
|||
|
MAY ( operator $ location-address $ priority-queue $
|
|||
|
number-up $ paper-output)
|
|||
|
)
|
|||
|
|
|||
|
The attribute definitions are translated as follows:
|
|||
|
|
|||
|
( ---place the assigned OID here---
|
|||
|
NAME 'printer-security-mechanisms-supported'
|
|||
|
DESC 'Description: This attribute indicates the security mechanisms
|
|||
|
supported.
|
|||
|
|
|||
|
Default: value
|
|||
|
|
|||
|
Allowed: tls, ssl, http-basic, http-digest, none
|
|||
|
|
|||
|
Literal:'
|
|||
|
EQUALITY caseIgnoreMatch
|
|||
|
ORDERING caseIgnoreOrderingMatch
|
|||
|
SUBSTR caseIgnoreSubstringsMatch
|
|||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|||
|
)
|
|||
|
|
|||
|
( ---place the assigned OID here---
|
|||
|
NAME 'printer-operator'
|
|||
|
DESC 'Description: A person, or persons responsible for
|
|||
|
maintaining a printer on a day-to-day basis, including
|
|||
|
such tasks as filling empty media trays, emptying full
|
|||
|
output trays, replacing toner cartridges, clearing simple
|
|||
|
paper jams, etc.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 13]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
Literal:'
|
|||
|
EQUALITY caseIgnoreMatch
|
|||
|
ORDERING caseIgnoreOrderingMatch
|
|||
|
SUBSTR caseIgnoreSubstringsMatch
|
|||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|||
|
)
|
|||
|
|
|||
|
( --place the assigned OID here---
|
|||
|
NAME 'printer-location-address'
|
|||
|
DESC 'Description Physical/Postal address for this device.
|
|||
|
Useful for nailing down a group of printers in a very
|
|||
|
large corporate network. For example: 960 Main Street,
|
|||
|
San Jose, CA 95130.'
|
|||
|
EQUALITY caseIgnoreMatch
|
|||
|
ORDERING caseIgnoreOrderingMatch
|
|||
|
SUBSTR caseIgnoreSubstringsMatch
|
|||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|||
|
SINGLE-VALUE
|
|||
|
)
|
|||
|
|
|||
|
( ---place the assigned OID here---
|
|||
|
NAME 'printer-priority-queue'
|
|||
|
DESC 'Description: TRUE indicates this printer or print
|
|||
|
queue is a priority queuing device.'
|
|||
|
EQUALITY booleanMatch
|
|||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
|
|||
|
SINGLE-VALUE
|
|||
|
)
|
|||
|
|
|||
|
( ---place the assigned OID here---
|
|||
|
NAME 'printer-number-up'
|
|||
|
DESC 'Description: This job attribute specifies the number
|
|||
|
of source page-images to impose upon a single side of
|
|||
|
an instance of a selected medium. This attribute is
|
|||
|
INTEGER.
|
|||
|
|
|||
|
Default: 1
|
|||
|
|
|||
|
Allowed: 1, 2, 3, 4'
|
|||
|
EQUALITY integerMatch
|
|||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|||
|
SINGLE-VALUE
|
|||
|
)
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 14]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
( ---place the assigned OID here---
|
|||
|
NAME 'printer-paper-output'
|
|||
|
DESC 'Description: This attribute describes the mode in
|
|||
|
which pages output are arranged. Default value is
|
|||
|
standard.
|
|||
|
|
|||
|
Default: standard
|
|||
|
|
|||
|
Allowed: standard, noncollated sort, collated sort,
|
|||
|
stack, unknown.
|
|||
|
Literal:'
|
|||
|
EQUALITY caseIgnoreMatch
|
|||
|
ORDERING caseIgnoreOrderingMatch
|
|||
|
SUBSTR caseIgnoreSubstringsMatch
|
|||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|||
|
)
|
|||
|
|
|||
|
3.0 Attribute Name Conflicts
|
|||
|
|
|||
|
LDAP has a flat name space, and attribute names and OIDs must be
|
|||
|
unique in a directory server. In order to avoid name conflicts in the
|
|||
|
translation of SLP templates to LDAP schemas, template developers may
|
|||
|
want to consider prepending the name of the service type to the
|
|||
|
attribute. Postprocessing attribute names to make them unique when
|
|||
|
translated is not possible, because it would require the DA to
|
|||
|
rewrite queries before submitting them to the directory server. In
|
|||
|
addition, developers should use standard LDAP attributes when such
|
|||
|
attributes are available.
|
|||
|
|
|||
|
In the above example template, the abstract type name "printer" is
|
|||
|
prepended to attributes to avoid conflicts. The standard
|
|||
|
"description" attribute defined by X.520 [3] is used to translate the
|
|||
|
template description attribute.
|
|||
|
|
|||
|
4.0 Mapping from Schema to Templates
|
|||
|
|
|||
|
The reverse mapping from LDAP schema to SLP service type templates
|
|||
|
requires dealing with both LDAP and ASN.1 data types. RFC 2252
|
|||
|
defines 33 attribute syntaxes that should be supported by LDAP
|
|||
|
directory servers. These syntaxes are defined using BNF for strings
|
|||
|
or using ASN.1 for binary valued attributes defined by X.520.
|
|||
|
|
|||
|
Mapping of the LDAP data types into SLP template types is fairly
|
|||
|
straightforward, but mapping arbitrary ASN.1 data types is somewhat
|
|||
|
more complicated and requires encoding the ASN.1 data type into a
|
|||
|
string. To a certain extent, this masks the ASN.1 data type because
|
|||
|
it becomes impossible to distinguish between a native string having
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 15]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
content equivalent to an encoded ASN.1 string. However, inclusion of
|
|||
|
the ASN.1 data type in the comment provides additional information
|
|||
|
should a reverse transformation from SLP to ASN.1 be required.
|
|||
|
|
|||
|
The following subsections deal with both LDAP and ASN.1 attribute
|
|||
|
data type mappings.
|
|||
|
|
|||
|
4.1 Mapping LDAP Attribute Syntaxes to SLP Attribute Types
|
|||
|
|
|||
|
The following table contains the mappings for LDAP syntaxes to SLP
|
|||
|
data types:
|
|||
|
|
|||
|
LDAP Type SLP Type
|
|||
|
--------------------------------------------------------
|
|||
|
ACI Item NA
|
|||
|
Access Point NA
|
|||
|
Attribute Type Description NA
|
|||
|
Audio Opaque
|
|||
|
Binary ASN.1 escape
|
|||
|
Bit String String
|
|||
|
Boolean Boolean
|
|||
|
Certificate Opaque
|
|||
|
Certificate List Opaque
|
|||
|
Certificate Pair Opaque
|
|||
|
Country String String
|
|||
|
DN String
|
|||
|
Data Quality Syntax NA
|
|||
|
Delivery Method NA
|
|||
|
Directory String String
|
|||
|
DIT Content Rule Description NA
|
|||
|
DIT Structure Rule Description NA
|
|||
|
DL Submit Permission NA
|
|||
|
DSA Quality Syntax NA
|
|||
|
Enhanced Guide NA
|
|||
|
Facsimile Telephone Number String
|
|||
|
Fax Opaque
|
|||
|
Generalized Time String
|
|||
|
Guide NA
|
|||
|
IA5 String String
|
|||
|
INTEGER Integer
|
|||
|
JPEG Opaque
|
|||
|
LDAP Syntax Description NA
|
|||
|
LDAP Schema Definition NA
|
|||
|
LDAP Schema Description NA
|
|||
|
Master and Shadow Access Points NA
|
|||
|
Matching Rule Description NA
|
|||
|
Matching Rule Use Description NA
|
|||
|
Mail Preference NA
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 16]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
MHS OR Address String
|
|||
|
Modify Rights NA
|
|||
|
Name and Optional UID NA
|
|||
|
Name Form Description NA
|
|||
|
Numeric String String
|
|||
|
Object Class Description NA
|
|||
|
Octet String Opaque
|
|||
|
OID String
|
|||
|
Other Mailbox String
|
|||
|
Postal Address String
|
|||
|
Protocol Information NA
|
|||
|
Presentation Address String
|
|||
|
Printable String String
|
|||
|
Substring Assertion NA
|
|||
|
Subtree Specification NA
|
|||
|
Supplier Information NA
|
|||
|
Supplier or Consumer NA
|
|||
|
Supplier And Consumer NA
|
|||
|
Supported Algorithm NA
|
|||
|
DSE Type NA
|
|||
|
Telephone Number String
|
|||
|
Teletex Terminal Identifier String
|
|||
|
Telex Number String
|
|||
|
UTC Time String
|
|||
|
|
|||
|
4.2 Mapping ASN.1 Types to SLP Types
|
|||
|
|
|||
|
ASN.1 employs a much richer set of data types than provided by SLP.
|
|||
|
The table below show the mapping of selected ASN.1 data type to their
|
|||
|
nearest SLP equivalent. Because of the complexity and flexibility of
|
|||
|
ASN.1, a complete list cannot be provided.
|
|||
|
|
|||
|
As sample of some ASN.1 encodings and their mappings to SLP:
|
|||
|
|
|||
|
ASN.1 type SLP type
|
|||
|
-----------------------------------------
|
|||
|
INTEGER Integer
|
|||
|
BOOLEAN Boolean
|
|||
|
ENUMERATED String
|
|||
|
OBJECT IDENTIFIER String
|
|||
|
OCTET STRING Opaque
|
|||
|
REAL String
|
|||
|
|
|||
|
Data types that do not map directly to SLP data types should be
|
|||
|
defined as either a String, or as Opaque. ASN.1 types that may only
|
|||
|
contain valid characters for Strings, as defined in X.680 [9] should
|
|||
|
be encoded as strings. ASN.1 types such as GraphicString that change
|
|||
|
their character set encoding in part way through a value should not
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 17]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
be encoded as strings, however, If such types are required, the SLP
|
|||
|
Opaque type should be used. In either case, the first line of the
|
|||
|
help text is used to indicate the original ASN.1 data type.
|
|||
|
|
|||
|
The following subsections describe how to convert from the ASN.1 BER
|
|||
|
[9] to the SLP template for the different types in the table above.
|
|||
|
|
|||
|
4.2.1 Integer
|
|||
|
|
|||
|
Both SLP templates and ASN.1 support Integers, so there is a one to
|
|||
|
one mapping between an SLP Integer attribute and an ASN.1 Integer
|
|||
|
attribute. Details on the encoding of integers is summarized in the
|
|||
|
SLP template to ASN.1 section above.
|
|||
|
|
|||
|
4.2.2 Boolean
|
|||
|
|
|||
|
Boolean values are supported by both SLP and ASN.1, though on wire
|
|||
|
encodings differ. X.680 [9] specifies zero and non-zero encoding for
|
|||
|
booleans, where SLP encodes booleans using the strings TRUE and
|
|||
|
FALSE. In general, most LDAP servers will use the LDAP Boolean type
|
|||
|
(which is a string), so again the ASN.1 type should be recorded in
|
|||
|
the comment or it will be lost.
|
|||
|
|
|||
|
4.2.3 Enumerated
|
|||
|
|
|||
|
SLP templates support the concept of enumerations through the listing
|
|||
|
of allowed values in the attribute definition. These enumerations
|
|||
|
are not strictly binding on clients or DAs, but they are similar to
|
|||
|
the ASN.1 definition of enumerations. BER encodes the ASN.1
|
|||
|
enumeration by passing the number of the element's position in the
|
|||
|
enumeration. This requires both sides to have knowledge of the
|
|||
|
specific enumeration prior to decoding an enumeration's value. SLP
|
|||
|
provides no specific support for transmitting enumerations. They are
|
|||
|
simply String types. Information on the ASN.1 type and ASN.1 encoding
|
|||
|
of the enumeration values is recorded in the comment.
|
|||
|
|
|||
|
Example:
|
|||
|
|
|||
|
color-supported = STRING M
|
|||
|
none
|
|||
|
# ASN.1: Enumeration.
|
|||
|
# ASN.1 Mapping: none = 0, highlight = 1, three color = 2,
|
|||
|
# four color = 4, monochromatic = 5
|
|||
|
#This attribute specifies whether the Printer supports
|
|||
|
# color and, if so, what type.
|
|||
|
none,highlight,three color,four color,monochromatic
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 18]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
4.2.4 Object Identifier
|
|||
|
|
|||
|
Object identifiers(OIDs) are commonly used in the ASN.1 world to
|
|||
|
identify object and attributes. OIDs are a numerical representation
|
|||
|
of an element's place in the naming hierarchy. Each element at a
|
|||
|
particular level of a hierarchy has a unique number assigned within
|
|||
|
that level of the hierarchy. A sample OID would be the naming tree
|
|||
|
for SNMP MIBs: iso(1) org(3) dod(6) internet(1) mgmt(2) mib(1) would
|
|||
|
be written as the string "1.3.6.1.2.1".
|
|||
|
|
|||
|
Because this representation reduces down to a string of dot separated
|
|||
|
numbers, this maps easily to the SLP String type. The help text for
|
|||
|
this element should indicate it is an ASN.1 OID
|
|||
|
|
|||
|
identifier = STRING
|
|||
|
# ASN.1: OID
|
|||
|
# The object identifier for this SNMP agent.
|
|||
|
|
|||
|
4.2.5 Octet String
|
|||
|
|
|||
|
An ASN.1 octet string should be mapped to an Opaque in an SLP
|
|||
|
template. An octet string is a sequence of bytes, whereas an Opaque
|
|||
|
is a a string that encodes a sequence of bytes. Again, the ASN.1 type
|
|||
|
is lost unless recorded in the comment.
|
|||
|
|
|||
|
4.2.6 Real
|
|||
|
|
|||
|
There is no direct mapping between floating point numbers and any SLP
|
|||
|
data types. Attributes having the ASN.1 type of Real are mapped to
|
|||
|
SLP type String. Comments are added to the attribute help text
|
|||
|
indicating the value was originally an ASN.1 real. For example:
|
|||
|
|
|||
|
weight = STRING
|
|||
|
# ASN.1: Real
|
|||
|
# The objects weight in pounds.
|
|||
|
|
|||
|
4.3 Example ASN.1 Schema
|
|||
|
|
|||
|
The following is an example schema for an exported filesystem. The
|
|||
|
section presents it as in ASN.1 and the following section shows the
|
|||
|
SLP template translation. The template translation does not capture
|
|||
|
the actual attribute format for the Set type, that would be done in
|
|||
|
the LDAP client software making the translation. Note that even
|
|||
|
though the class definition does not conform with the previously
|
|||
|
defined conventions for SLP classes, the schema can still be
|
|||
|
translated into an SLP template. The syntax used in this example
|
|||
|
follows
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 19]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
-- Abstraction of a fstab entry (a "mount").
|
|||
|
-- These lookups would likely be performed by an
|
|||
|
-- an automounter type application.
|
|||
|
mount OBJECT-CLASS ::= {
|
|||
|
SUBCLASS OF { top }
|
|||
|
MUST CONTAIN { mountHost |
|
|||
|
mountDirectory |
|
|||
|
mountType
|
|||
|
}
|
|||
|
MAY CONTAIN { mountOption |
|
|||
|
mountDumpFrequency |
|
|||
|
mountPassNo
|
|||
|
}
|
|||
|
ID { <oid1> }
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
- The mount host.
|
|||
|
mountHost ATTRIBUTE ::= {
|
|||
|
WITH SYNTAX caseIgnoreString
|
|||
|
EQUALITY MATCHING RULE caseIgnoreMatch
|
|||
|
SINGLE VALUE
|
|||
|
ID { <oid2> }
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
- The file system to mount.
|
|||
|
mountDirectory ATTRIBUTE ::= {
|
|||
|
WITH SYNTAX caseIgnoreString
|
|||
|
EQUALITY MATCHING RULE caseIgnoreMatch
|
|||
|
SINGLE VALUE
|
|||
|
ID { <oid3> }
|
|||
|
}
|
|||
|
|
|||
|
- The type of file system being mounted.
|
|||
|
mountType ATTRIBUTE ::= {
|
|||
|
WITH SYNTAX INTEGER { ufs(1),
|
|||
|
hsfs(2),
|
|||
|
nfs(3),
|
|||
|
rfs(4)
|
|||
|
}
|
|||
|
EQUALITY MATCHING RULE integerMatch
|
|||
|
SINGLE VALUE
|
|||
|
ID { <oid4> }
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 20]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
- Options for the mount operation.
|
|||
|
mountOption ATTRIBUTE ::= {
|
|||
|
WITH SYNTAX caseIgnoreString
|
|||
|
EQUALITY MATCHING RULE caseIgnoreString
|
|||
|
ID { <oid5> }
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
- How often to dump the file system.
|
|||
|
mountDumpFrequency ATTRIBUTE :: = {
|
|||
|
WITH SYNTAX INTEGER (0..9)
|
|||
|
EQUALITY MATCHING RULE integerMatch
|
|||
|
SINGLE VALUE
|
|||
|
ID { <oid6> }
|
|||
|
}
|
|||
|
|
|||
|
- Boot time mount pass number.
|
|||
|
mountPassNo ATTRIBUTE ::= {
|
|||
|
WITH SYNTAX INTEGER
|
|||
|
EQUALITY MATCHING RULE integerMatch
|
|||
|
SINGLE VALUE
|
|||
|
ID { <oid7> }
|
|||
|
}
|
|||
|
|
|||
|
The translated SLP template is:
|
|||
|
|
|||
|
template-type = mount
|
|||
|
|
|||
|
template-version = 1.0
|
|||
|
|
|||
|
template-description = "Describes a remote filesystem access
|
|||
|
protocol"
|
|||
|
|
|||
|
template-url-syntax =
|
|||
|
filesystem = 1*[ DIGIT / ALPHA ]
|
|||
|
urlpath = "/" filesystem
|
|||
|
|
|||
|
mountHost = STRING L
|
|||
|
# ASN.1: Case Ignore String, Single Value
|
|||
|
# The mount host
|
|||
|
|
|||
|
mountDirectory = STRING L
|
|||
|
# ASN.1: Case Ignore String, Single Value
|
|||
|
# The filesystem to mount
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 21]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
mountType = STRING L
|
|||
|
ufs
|
|||
|
# ASN.1: Enumeration, Single Value
|
|||
|
# ASN.1 Mapping: ufs = 1, hsfs = 2, nfs = 3, rfs = 4
|
|||
|
# The type of the filesystem being mounted
|
|||
|
ufs, hsfs, nfs, rfs
|
|||
|
|
|||
|
mountOption = STRING M O L
|
|||
|
# ASN.1: Case Ignore String
|
|||
|
# mount options for this filesystem
|
|||
|
|
|||
|
mountDumpFrequency = INTEGER O
|
|||
|
0
|
|||
|
# ASN.1: Integer Range, Single Value
|
|||
|
# How often to dump this filesystem
|
|||
|
0, 1, 2, 3, 4, 5, 6, 7, 8, 9
|
|||
|
|
|||
|
mountPassNo = INTEGER O
|
|||
|
# ASN.1: Integer, Single Value
|
|||
|
# Boot time mount pass number
|
|||
|
|
|||
|
5.0 Representing SLP Service Advertisements in an LDAP DIT
|
|||
|
|
|||
|
In addition to translating between SLP templates and LDAP schema,
|
|||
|
another area requiring compatibility is the representation of SLP
|
|||
|
service advertisements in an LDAP DIT. A standardized representation
|
|||
|
for service information allows SLP DAs to store service
|
|||
|
advertisements in LDAP, and for LDAP clients to query the DIT for
|
|||
|
those services. Similarly, if LDAP clients represent service
|
|||
|
information in the same form, SLP clients can benefit from
|
|||
|
interoperability.
|
|||
|
|
|||
|
A service advertisement contains the service URL in a 'labeledURI'
|
|||
|
attribute [11]. The labeledURI attribute in a service advertisement
|
|||
|
should only contain the service URL for the service, with no
|
|||
|
additional label. It is recommended that the labeledURI be used as
|
|||
|
the RDN for the service object in the DIT.
|
|||
|
|
|||
|
Although service advertisements can appear anywhere within the DIT,
|
|||
|
it is recommended that all services be stored under a single common
|
|||
|
point, or root node, to facilitate searching in a domain. This allows
|
|||
|
a client to search for all of advertisements of a particular service
|
|||
|
type, say, for all printers. The recommended parent entry is one
|
|||
|
named "ou=service" below the entry which is the representation of the
|
|||
|
domain, as described in RFC 2247.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 22]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
For example, a printer service with labeledURI of
|
|||
|
"service:lpr://printsrv/queue1" in the domain foobar.com advertised
|
|||
|
in the LDAP server that holds the entry "dc=foobar,dc=com" tree has
|
|||
|
the following DN:
|
|||
|
|
|||
|
"labeledURI=service:lpr://printsrv/queue1, ou=service, dc=foobar,
|
|||
|
dc=com"
|
|||
|
|
|||
|
While this leads to a flat space of service storage, since SLP uses
|
|||
|
search filters from LDAP for searches, these filters can be used for
|
|||
|
one-level searches from the root node.
|
|||
|
|
|||
|
The following example illustrates how an advertisement having a
|
|||
|
simple service type is represented. The advertisement (in conceptual
|
|||
|
form) for a printer is:
|
|||
|
|
|||
|
Service Type: service:lpr://printsrv/queue1
|
|||
|
Scopes: eng,corp
|
|||
|
Attributes:
|
|||
|
description = A general printer for all to use.
|
|||
|
security-mechanisms-supported = none
|
|||
|
Authentication: none
|
|||
|
|
|||
|
The RDN of the object is labeledURI=service:lpr://printsrv/queue1,
|
|||
|
and the following LDAP search filter will return this object, along
|
|||
|
with any others of the service type "service:lpr" that match the
|
|||
|
other attributes:
|
|||
|
|
|||
|
(&(service-advert-service-type=service:lpr)
|
|||
|
(service-advert-scopes=eng)
|
|||
|
(service-advert-scopes=corp)
|
|||
|
(description=A general printer for all to use.)
|
|||
|
(security-mechanisms-supported=none))
|
|||
|
|
|||
|
Service advertisements in SLP also have a lease time associated with
|
|||
|
them. In LDAP servers that support the extensions for dynamic
|
|||
|
directory services [12], the service advertisement entry objectClass
|
|||
|
should be extended with the dynamicObject class. This allows the
|
|||
|
service advertisement to time out within the LDAP directory server.
|
|||
|
If the LDAP directory server does not support the dynamic directory
|
|||
|
services extension, then advertisement lease timeouts must be handled
|
|||
|
by the SLP agent.
|
|||
|
|
|||
|
While the service advertisement schema outlined in this section is
|
|||
|
primarily for SLP DAs that use LDAP as a backing store, if LDAP
|
|||
|
agents register services using the same format, complete
|
|||
|
interoperability with SLP is achieved.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 23]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
6.0 Internationalization Considerations
|
|||
|
|
|||
|
SLP specifies that an RFC 1766 [13] language code accompanies every
|
|||
|
service advertisement. Language codes for service advertisements in
|
|||
|
LDAP must be represented according to RFC 2596 [14].
|
|||
|
|
|||
|
RFC 2596 prohibits language codes in DNs, and specifies that a
|
|||
|
directory server which does not support language codes must treat an
|
|||
|
attribute with a language code as an unrecognized attributes.
|
|||
|
According to RFC 2596, language codes are appended to attribute names
|
|||
|
with a semicolon (";"). For example, the following attribute/value
|
|||
|
pair is in the German locale:
|
|||
|
|
|||
|
(address;lang-de=44 Bahnhofstrasse, 2365 Weibstadt, Deutschland)
|
|||
|
|
|||
|
An attribute with a language tag in a specific locale is considered a
|
|||
|
separate attribute from attributes in other locales.
|
|||
|
|
|||
|
If the service advertisement is in the default SLP locale ("en", no
|
|||
|
dialect), then the language code need not be appended to the
|
|||
|
attribute name.
|
|||
|
|
|||
|
SLP queries in locales other than the default need not be rewritten
|
|||
|
to include language tags before being submitted to the directory
|
|||
|
server. RFC 2596 specifies that all entries that match are returned,
|
|||
|
including those with language tags, without requiring the language
|
|||
|
tags to be explicitly present in the query. The SLP DA can then
|
|||
|
postprocess the result to select the entries from the required
|
|||
|
locale.
|
|||
|
|
|||
|
7.0 Security Considerations
|
|||
|
|
|||
|
SLP authenticators are stored with the service advertisement in the
|
|||
|
DIT, as discussed in Section~7ef{slpdit}. LDAP clients need to use
|
|||
|
LDAP authentication [15] to assure that they are connecting with a
|
|||
|
secure server. In particular, SLP DAs that use LDAP as a back end
|
|||
|
store and that implement SLP authentication MUST use LDAP
|
|||
|
authentication to assure that the LDAP entries for their service
|
|||
|
registrations are secure.
|
|||
|
|
|||
|
Acknowledgements
|
|||
|
|
|||
|
Many thanks are due to Mark Wahl whose detailed and insightful
|
|||
|
comments were instrumental in helping improve the technical accuracy
|
|||
|
of this document with respect to LDAP.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 24]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
8.0 References
|
|||
|
|
|||
|
[1] Guttman, E., Perkins, C. and J. Kempf, "Service Templates and
|
|||
|
service: Schemes", RFC 2609, April 1999.
|
|||
|
|
|||
|
[2] Wahl, W., Howes, T. and S. Kille, "Lightweight Directory Access
|
|||
|
Protocol (v3)", RFC 2251, December 1997.
|
|||
|
|
|||
|
[3] International Telecommunications Union. The Directory:Selected
|
|||
|
Attribute Types. ITU Recommendation X.520. August, 1997.
|
|||
|
|
|||
|
[4] McLaughlin, L., "Line Printer Daemon Protocol, RFC 1179, August
|
|||
|
1990.
|
|||
|
|
|||
|
[5] Guttman, E., Perkins, C., Veizades, J. and M. Day, "Service
|
|||
|
Location Protocol Version 2", RFC 2608, April 1999.
|
|||
|
|
|||
|
[6] Crocker, D. and P. Overell, "Augmented BNF for Syntax
|
|||
|
Specifications: ABNF", RFC 2234, November 1997.
|
|||
|
|
|||
|
[7] Howes, T., "The String Representation of LDAP Search Filters",
|
|||
|
RFC 2254, December 1997.
|
|||
|
|
|||
|
[8] Wahl, W., Coulbeck, A., Howe, T. and S. Kille, "Lightweight
|
|||
|
Directory Access Protocol (v3): Attribute Syntax Definition",
|
|||
|
RFC 2252, December 1997.
|
|||
|
|
|||
|
[9] ITU-T Rec. X.680. Abstract Syntax Notation One (ASN.1) -
|
|||
|
Specification of Basic Notation. 1994.
|
|||
|
|
|||
|
[10] Fleming, P., Jones, K., Lewis, H., and McDonald, I., "Internet
|
|||
|
Printing Protocol (IPP): LDAP Schema for Printer Services", Work
|
|||
|
in Progress.
|
|||
|
|
|||
|
[11] Smith, M., "Definition of an X.500 Attribute Type and an Object
|
|||
|
Class to Hold Uniform Resource Identifiers (URIs)", RFC 2079,
|
|||
|
January 1997.
|
|||
|
|
|||
|
[12] Yaacovi, Y., Wahl, M. and T. Genovese, "Lightweight Directory
|
|||
|
Access Protocol (v3): Extensions for Dynamic Directory
|
|||
|
Services", RFC 2589, May 1999.
|
|||
|
|
|||
|
[13] Alvestrand, H., "Tags for the Identification of Languages", RFC
|
|||
|
1766, December 1997.
|
|||
|
|
|||
|
[14] Wahl, M. and T. Howes, "Use of Language Codes in LDAP", RFC
|
|||
|
2596, May 1999.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 25]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
[15] Wahl, M., Alvestrand, H., Hodges, J. and R. Morgan,
|
|||
|
"Authentication Methods for LDAP", RFC 2829, May 2000.
|
|||
|
|
|||
|
[16] Bradner, S., "Key Words for Use in RFCs to Indicate Requirement
|
|||
|
Levels", BCP 14, RFC 2119, March 1997.
|
|||
|
|
|||
|
[17] Dubuisson, O. ASN.1: Communication between Heterogeneous
|
|||
|
Systems. OSS Nokalva, 2000.
|
|||
|
|
|||
|
[18] http://www.srvloc.org
|
|||
|
|
|||
|
9.0 Authors' Addresses
|
|||
|
|
|||
|
James Kempf
|
|||
|
Sun Microsystems
|
|||
|
901 San Antonio Avenue
|
|||
|
Palo Alto, CA 94303
|
|||
|
USA
|
|||
|
|
|||
|
Phone: +1 650 786-5890
|
|||
|
EMail: james.kempf@sun.com
|
|||
|
|
|||
|
|
|||
|
Ryan Moats
|
|||
|
Coreon, Inc.
|
|||
|
15621 Drexel Circle
|
|||
|
Omaha, NE, 68135
|
|||
|
USA
|
|||
|
|
|||
|
EMail: rmoats@coreon.net
|
|||
|
|
|||
|
|
|||
|
Pete St. Pierre
|
|||
|
Sun Microsystems
|
|||
|
901 San Antonio Avenue
|
|||
|
Palo Alto, CA 94303
|
|||
|
USA
|
|||
|
|
|||
|
Phone: +1 415 786-5790
|
|||
|
EMail: Pete.StPierre@Eng.Sun.COM
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 26]
|
|||
|
|
|||
|
RFC 2926 Conversion of LDAP Schemas September 2000
|
|||
|
|
|||
|
|
|||
|
10. Full Copyright Statement
|
|||
|
|
|||
|
Copyright (C) The Internet Society (2000). All Rights Reserved.
|
|||
|
|
|||
|
This document and translations of it may be copied and furnished to
|
|||
|
others, and derivative works that comment on or otherwise explain it
|
|||
|
or assist in its implementation may be prepared, copied, published
|
|||
|
and distributed, in whole or in part, without restriction of any
|
|||
|
kind, provided that the above copyright notice and this paragraph are
|
|||
|
included on all such copies and derivative works. However, this
|
|||
|
document itself may not be modified in any way, such as by removing
|
|||
|
the copyright notice or references to the Internet Society or other
|
|||
|
Internet organizations, except as needed for the purpose of
|
|||
|
developing Internet standards in which case the procedures for
|
|||
|
copyrights defined in the Internet Standards process must be
|
|||
|
followed, or as required to translate it into languages other than
|
|||
|
English.
|
|||
|
|
|||
|
The limited permissions granted above are perpetual and will not be
|
|||
|
revoked by the Internet Society or its successors or assigns.
|
|||
|
|
|||
|
This document and the information contained herein is provided on an
|
|||
|
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
|||
|
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
|||
|
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
|||
|
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
|||
|
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
|||
|
|
|||
|
Acknowledgement
|
|||
|
|
|||
|
Funding for the RFC Editor function is currently provided by the
|
|||
|
Internet Society.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Kempf, et al. Informational [Page 27]
|
|||
|
|