Rec. ITU-T X.518 (10/2019) Information technology – Open Systems Interconnection – The Directory: Procedures for distributed operation
Summary
History
FOREWORD
CONTENTS
Introduction
1 Scope
2 References
2.1 Normative references
2.1.1 Identical Recommendations | International Standards
2.1.2 Other references
2.2 Non-normative reference
3 Definitions
3.1 Basic Directory definitions
3.2 Directory model definitions
3.3 DSA information model definitions
3.4 Abstract service definitions
3.5 Protocol definitions
3.6 Directory replication definitions
3.7 Distributed operation definitions
4 Abbreviations
5 Conventions
6 Overview
7 Distributed Directory system model
8 DSA interactions model
8.1 Decomposition of a request
8.1.1 NSSR decomposition
8.1.2 Request decomposition
8.2 Uni-chaining
8.3 Multi-chaining
8.3.1 Parallel multi-chaining
8.3.2 Sequential multi-chaining
8.4 Referral
8.5 Mode determination
9 Overview of DSA abstract service
10 Information types
10.1 Introduction
10.2 Information types defined elsewhere
10.3 Chaining arguments
10.4 Chaining results
10.5 Operation progress
10.6 Trace information
10.7 Reference type
10.8 Access point information
10.9 DIT bridge knowledge.
10.10 Exclusions
10.11 Continuation reference
11 Bind and Unbind
11.1 DSA Bind
11.1.1 DSA Bind syntax
11.1.2 DSA Bind arguments
11.1.3 DSA Bind results
11.1.4 DSA Bind errors
11.2 DSA Unbind
12 Chained operations
12.1 Chained operations
12.2 Chained Abandon operation
12.3 Chained operations and protocol version
13 Chained errors
13.1 Introduction
13.2 DSA referral
14 Introduction
14.1 Scope and limits
14.2 Conformance
14.2.1 Interaction involving a DSA based on Rec. CCITT X.5** (1988) | ISO/IEC 9594-*:1990
14.3 Conceptual model
14.4 Individual and cooperative operation of DSAs
14.5 Cooperative agreements between DSAs
15 Distributed Directory behaviour
15.1 Cooperative fulfilment of operations
15.2 Phases of operation processing
15.2.1 Name Resolution phase
15.2.2 Evaluation phase
15.2.3 Results Merging phase
15.3 Managing Distributed Operations
15.3.1 Request decomposition
15.3.2 DSA as Request Responder
15.3.3 Completion of operations
15.4 Loop handling
15.4.1 Loop detection
15.4.2 Loop avoidance
15.5 Other considerations for distributed operation
15.5.1 Service controls
15.5.2 Extensions
15.5.3 Alias dereferencing
15.5.4 Paged results
15.5.5 Handling requests from LDAP client
15.6 Authentication of Distributed operations
16 The Operation Dispatcher
16.1 General concepts
16.1.1 Procedures
16.1.2 Use of common data structures
16.1.3 Errors
16.1.4 Asynchronous events
16.1.4.1 Time limit
16.1.4.2 Loss of an application-association
16.1.4.3 Abandoning the operation
16.1.4.4 Administrative Limits
16.1.4.5 Size limit
16.2 Procedures of the Operation Dispatcher
16.3 Overview of procedures
16.3.1 Request Validation procedure
16.3.2 Abandon procedures
16.3.3 Find DSE procedure
16.3.3.1 Target Not Found sub-procedure
16.3.3.2 Target Found sub-procedure
16.3.4 Single entry interrogation procedure
16.3.5 Modification procedures
16.3.6 Multiple entry interrogation procedures
16.3.7 Name Resolution Continuation Reference procedure
16.3.8 List and Search Continuation Reference procedure
16.3.9 Results Merging procedure
17 Request Validation procedure
17.1 Introduction
17.2 Procedure parameters
17.2.1 Arguments
17.2.2 Results
17.3 Procedure definition
17.3.1 Abandon processing
17.3.2 Security checks
17.3.3 Input preparation
17.3.3.1 DUA request
17.3.3.2 LDAP request
17.3.3.3 DSA request
17.3.4 Validity assertion
17.3.5 Loop detection
17.3.6 Unable or unwilling to perform
17.3.7 Output processing
18 Name Resolution procedure
18.1 Introduction
18.2 Find DSE procedure parameters
18.2.1 Arguments
18.2.2 Results
18.2.3 Errors
18.2.4 Global variables
18.2.5 Local and shared variables
18.3 Procedures
18.3.1 Find DSE procedure
18.3.2 Target Not Found sub-procedure
18.3.3 Target Found sub-procedure
18.3.4 Check Suitability procedure
18.3.4.1 Procedure parameters
18.3.4.2 Procedure definition
19 Operation evaluation
19.1 Modification procedures
19.1.1 Add Entry operation
19.1.2 Remove Entry operation
19.1.3 Modify Entry, Change Password and Administer Password operations
19.1.4 Modify DN operation
19.1.5 Modify operations and non-specific subordinate references
19.1.6 LDAP Modify operations
19.2 Single entry interrogation procedure
19.3 Multiple entry interrogation procedure
19.3.1 List procedures
19.3.1.1 Procedure parameters
19.3.1.1.1 Arguments
19.3.1.1.2 Results
19.3.1.2 Procedure definition
19.3.1.2.1 List (I) procedure
19.3.1.2.2 List (II) procedure
19.3.2 Search procedures
19.3.2.1 Procedure parameters
19.3.2.1.1 Arguments
19.3.2.1.2 Results
19.3.2.2 Procedure definition
19.3.2.2.1 Related Entry Argument procedure
19.3.2.2.2 Search-rule check procedure (I)
19.3.2.2.3 Search-rule check procedure (II)
19.3.2.2.4 Entry information selection
19.3.2.2.5 Search (I) procedure
19.3.2.2.6 Search (II) procedure
19.3.2.2.7 LDAP Search (I) procedure
19.3.2.2.8 LDAP Search (II) procedure
19.3.2.2.9 Search Alias procedure
19.3.2.2.10 Hierarchy Selection procedure (I)
20 Continuation Reference procedures
20.1 Chaining strategy in the presence of shadowing
20.1.1 Master only strategy
20.1.2 Parallel strategy
20.1.3 Sequential strategy
20.2 Issuing chained subrequests to a remote DSA or LDAP server
20.3 Procedures' parameters
20.3.1 Arguments
20.3.2 Results
20.3.3 Errors
20.4 Definition of the procedures
20.4.1 Name Resolution Continuation Reference procedure
20.4.2 List Continuation Reference procedure
20.4.3 Search Continuation Reference procedure
20.4.4 APInfo procedure
20.5 Abandon procedures
20.5.1 DAP/DSP Abandon procedure
20.5.2 LDAP Abandon procedure
20.6 DAP request to LDAP request procedure
20.6.1 Introduction
20.6.2 General on conversion
20.6.3 Converting a DAP read request
20.6.4 Converting a DAP compare request
20.6.5 Handling and converting a DAP abandon request
20.6.6 Converting a DAP list request
20.6.7 Converting a DAP search request
20.6.8 Converting a DAP addEntry request
20.6.9 Converting a DAP removeEntry request
20.6.10 Converting a DAP modifyEntry request
20.6.11 Converting a DAP modifyDN request
20.7 LDAP result to DAP reply procedure
20.7.1 Introduction
20.7.2 General on conversion
20.7.3 Converting LDAP search results to DAP read result
20.7.4 Converting LDAP compare result to a DAP compare result
20.7.5 Converting LDAP search results to DAP list result
20.7.6 Converting LDAP search results to DAP search result
20.7.7 Converting LDAP AddResponse to DAP addEntry result
20.7.8 Converting LDAP DelResponse to DAP removeEntry result
20.7.9 Converting LDAP ModifyResponse to DAP modifyEntry result
20.7.10 Converting LDAP ModifyDNResponse to DAP modifyDN result
21 Results Merging procedure
22 Procedures for distributed authentication
22.1 Requester authentication
22.1.1 Identity-based authentication
22.1.2 Signature-based requester authentication
22.2 Results authentication
23 Knowledge administration overview
23.1 Maintenance of knowledge references
23.1.1 Maintenance of consumer knowledge by supplier and master DSAs
23.1.2 Maintenance of subordinate and immediate superior knowledge in master DSAs
23.1.3 Maintenance of subordinate and immediate superior knowledge in consumer DSAs
23.2 Requesting cross reference
23.3 Knowledge inconsistencies
23.3.1 Detection of knowledge inconsistencies
23.3.2 Reporting of knowledge inconsistencies
23.3.3 Treatment of inconsistent knowledge references
24 Hierarchical operational bindings
24.1 Operational binding type characteristics
24.1.1 Symmetry and roles
24.1.2 Agreement
24.1.3 Initiator
24.1.3.1 Establishment
24.1.3.2 Modification
24.1.3.3 Termination
24.1.4 Establishment parameters
24.1.4.1 Superior DSA establishment parameter
24.1.4.1.1 Context prefix information
24.1.4.1.2 Entry information
24.1.4.1.3 Immediate superior entry information
24.1.4.2 Subordinate DSA establishment parameter
24.1.5 Modification parameters
24.1.6 Termination parameters
24.1.7 Type identification
24.2 Operational binding information object Class definition
24.3 DSA procedures for hierarchical operational binding management
24.3.1 Establishment procedure
24.3.1.1 Establishment initiated by superior DSA
24.3.1.2 Establishment initiated by subordinate DSA
24.3.2 Modification procedure
24.3.2.1 Modification procedure initiated by superior
24.3.2.2 Modification procedure initiated by subordinate
24.3.3 Termination procedure
24.3.3.1 Termination initiated by superior DSA
24.3.3.2 Termination initiated by subordinate DSA
24.4 Procedures for operations
24.5 Use of application contexts
25 Non-specific hierarchical operational binding
25.1 Operational binding type characteristics
25.1.1 Symmetry and roles
25.1.2 Agreement
25.1.3 Initiator
25.1.3.1 Establishment
25.1.3.2 Modification
25.1.3.3 Termination
25.1.4 Establishment parameters
25.1.5 Modification parameters
25.1.6 Termination parameters
25.1.7 Type identification
25.2 Operational binding information object class definition
25.3 DSA procedures for non-specific hierarchical operational binding management
25.3.1 Establishment procedure
25.3.2 Modification procedure
25.3.3 Termination procedure
25.3.3.1 Termination initiated by superior DSA
25.3.3.2 Termination initiated by subordinate DSA
25.4 Procedures for operations
25.5 Use of application contexts
D.1 Summary
D.2 Distributed protection model
D.3 Signed chained operations
D.3.1 Chained signed arguments
D.3.2 Chained signed results
D.3.3 Merging of Signed List or Search Results