Rec. ITU-T X.518 (10/2019) Information technology – Open Systems Interconnection – The Directory: Procedures for distributed operation
Summary
History
FOREWORD
CONTENTS
Introduction
1 Scope
2 References
     2.1 Normative references
          2.1.1 Identical Recommendations | International Standards
          2.1.2 Other references
     2.2 Non-normative reference
3 Definitions
     3.1 Basic Directory definitions
     3.2 Directory model definitions
     3.3 DSA information model definitions
     3.4 Abstract service definitions
     3.5 Protocol definitions
     3.6 Directory replication definitions
     3.7 Distributed operation definitions
4 Abbreviations
5 Conventions
6 Overview
7 Distributed Directory system model
8 DSA interactions model
     8.1 Decomposition of a request
          8.1.1 NSSR decomposition
          8.1.2 Request decomposition
     8.2 Uni-chaining
     8.3 Multi-chaining
          8.3.1 Parallel multi-chaining
          8.3.2 Sequential multi-chaining
     8.4 Referral
     8.5 Mode determination
9 Overview of DSA abstract service
10 Information types
     10.1 Introduction
     10.2 Information types defined elsewhere
     10.3 Chaining arguments
     10.4 Chaining results
     10.5 Operation progress
     10.6 Trace information
     10.7 Reference type
     10.8 Access point information
     10.9 DIT bridge knowledge.
     10.10 Exclusions
     10.11 Continuation reference
11 Bind and Unbind
     11.1 DSA Bind
          11.1.1 DSA Bind syntax
          11.1.2 DSA Bind arguments
          11.1.3 DSA Bind results
          11.1.4 DSA Bind errors
     11.2 DSA Unbind
12 Chained operations
     12.1 Chained operations
     12.2 Chained Abandon operation
     12.3 Chained operations and protocol version
13 Chained errors
     13.1 Introduction
     13.2 DSA referral
14 Introduction
     14.1 Scope and limits
     14.2 Conformance
          14.2.1 Interaction involving a DSA based on Rec. CCITT X.5** (1988) | ISO/IEC 9594-*:1990
     14.3 Conceptual model
     14.4 Individual and cooperative operation of DSAs
     14.5 Cooperative agreements between DSAs
15 Distributed Directory behaviour
     15.1 Cooperative fulfilment of operations
     15.2 Phases of operation processing
          15.2.1 Name Resolution phase
          15.2.2 Evaluation phase
          15.2.3 Results Merging phase
     15.3 Managing Distributed Operations
          15.3.1 Request decomposition
          15.3.2 DSA as Request Responder
          15.3.3 Completion of operations
     15.4 Loop handling
          15.4.1 Loop detection
          15.4.2 Loop avoidance
     15.5 Other considerations for distributed operation
          15.5.1 Service controls
          15.5.2 Extensions
          15.5.3 Alias dereferencing
          15.5.4 Paged results
          15.5.5 Handling requests from LDAP client
     15.6 Authentication of Distributed operations
16 The Operation Dispatcher
     16.1 General concepts
          16.1.1 Procedures
          16.1.2 Use of common data structures
          16.1.3 Errors
          16.1.4 Asynchronous events
               16.1.4.1 Time limit
               16.1.4.2 Loss of an application-association
               16.1.4.3 Abandoning the operation
               16.1.4.4 Administrative Limits
               16.1.4.5 Size limit
     16.2 Procedures of the Operation Dispatcher
     16.3 Overview of procedures
          16.3.1 Request Validation procedure
          16.3.2 Abandon procedures
          16.3.3 Find DSE procedure
               16.3.3.1 Target Not Found sub-procedure
               16.3.3.2 Target Found sub-procedure
          16.3.4 Single entry interrogation procedure
          16.3.5 Modification procedures
          16.3.6 Multiple entry interrogation procedures
          16.3.7 Name Resolution Continuation Reference procedure
          16.3.8 List and Search Continuation Reference procedure
          16.3.9 Results Merging procedure
17 Request Validation procedure
     17.1 Introduction
     17.2 Procedure parameters
          17.2.1 Arguments
          17.2.2 Results
     17.3 Procedure definition
          17.3.1 Abandon processing
          17.3.2 Security checks
          17.3.3 Input preparation
               17.3.3.1 DUA request
               17.3.3.2 LDAP request
               17.3.3.3 DSA request
          17.3.4 Validity assertion
          17.3.5 Loop detection
          17.3.6 Unable or unwilling to perform
          17.3.7 Output processing
18 Name Resolution procedure
     18.1 Introduction
     18.2 Find DSE procedure parameters
          18.2.1 Arguments
          18.2.2 Results
          18.2.3 Errors
          18.2.4 Global variables
          18.2.5 Local and shared variables
     18.3 Procedures
          18.3.1 Find DSE procedure
          18.3.2 Target Not Found sub-procedure
          18.3.3 Target Found sub-procedure
          18.3.4 Check Suitability procedure
               18.3.4.1 Procedure parameters
               18.3.4.2 Procedure definition
19 Operation evaluation
     19.1 Modification procedures
          19.1.1 Add Entry operation
          19.1.2 Remove Entry operation
          19.1.3 Modify Entry, Change Password and Administer Password operations
          19.1.4 Modify DN operation
          19.1.5 Modify operations and non-specific subordinate references
          19.1.6 LDAP Modify operations
     19.2 Single entry interrogation procedure
     19.3 Multiple entry interrogation procedure
          19.3.1 List procedures
               19.3.1.1 Procedure parameters
                    19.3.1.1.1 Arguments
                    19.3.1.1.2 Results
               19.3.1.2 Procedure definition
                    19.3.1.2.1 List (I) procedure
                    19.3.1.2.2 List (II) procedure
          19.3.2 Search procedures
               19.3.2.1 Procedure parameters
                    19.3.2.1.1 Arguments
                    19.3.2.1.2 Results
               19.3.2.2 Procedure definition
                    19.3.2.2.1 Related Entry Argument procedure
                    19.3.2.2.2 Search-rule check procedure (I)
                    19.3.2.2.3 Search-rule check procedure (II)
                    19.3.2.2.4 Entry information selection
                    19.3.2.2.5 Search (I) procedure
                    19.3.2.2.6 Search (II) procedure
                    19.3.2.2.7 LDAP Search (I) procedure
                    19.3.2.2.8 LDAP Search (II) procedure
                    19.3.2.2.9 Search Alias procedure
                    19.3.2.2.10  Hierarchy Selection procedure (I)
20 Continuation Reference procedures
     20.1 Chaining strategy in the presence of shadowing
          20.1.1 Master only strategy
          20.1.2 Parallel strategy
          20.1.3 Sequential strategy
     20.2 Issuing chained subrequests to a remote DSA or LDAP server
     20.3 Procedures' parameters
          20.3.1 Arguments
          20.3.2 Results
          20.3.3 Errors
     20.4 Definition of the procedures
          20.4.1 Name Resolution Continuation Reference procedure
          20.4.2 List Continuation Reference procedure
          20.4.3 Search Continuation Reference procedure
          20.4.4 APInfo procedure
     20.5 Abandon procedures
          20.5.1 DAP/DSP Abandon procedure
          20.5.2 LDAP Abandon procedure
     20.6 DAP request to LDAP request procedure
          20.6.1 Introduction
          20.6.2 General on conversion
          20.6.3 Converting a DAP read request
          20.6.4 Converting a DAP compare request
          20.6.5 Handling and converting a DAP abandon request
          20.6.6 Converting a DAP list request
          20.6.7 Converting a DAP search request
          20.6.8 Converting a DAP addEntry request
          20.6.9 Converting a DAP removeEntry request
          20.6.10 Converting a DAP modifyEntry request
          20.6.11 Converting a DAP modifyDN request
     20.7 LDAP result to DAP reply procedure
          20.7.1 Introduction
          20.7.2 General on conversion
          20.7.3 Converting LDAP search results to DAP read result
          20.7.4 Converting LDAP compare result to a DAP compare result
          20.7.5 Converting LDAP search results to DAP list result
          20.7.6 Converting LDAP search results to DAP search result
          20.7.7 Converting LDAP AddResponse to DAP addEntry result
          20.7.8 Converting LDAP DelResponse to DAP removeEntry result
          20.7.9 Converting LDAP ModifyResponse to DAP modifyEntry result
          20.7.10 Converting LDAP ModifyDNResponse to DAP modifyDN result
21 Results Merging procedure
22 Procedures for distributed authentication
     22.1 Requester authentication
          22.1.1 Identity-based authentication
          22.1.2 Signature-based requester authentication
     22.2 Results authentication
23 Knowledge administration overview
     23.1 Maintenance of knowledge references
          23.1.1 Maintenance of consumer knowledge by supplier and master DSAs
          23.1.2 Maintenance of subordinate and immediate superior knowledge in master DSAs
          23.1.3 Maintenance of subordinate and immediate superior knowledge in consumer DSAs
     23.2 Requesting cross reference
     23.3 Knowledge inconsistencies
          23.3.1 Detection of knowledge inconsistencies
          23.3.2 Reporting of knowledge inconsistencies
          23.3.3 Treatment of inconsistent knowledge references
24 Hierarchical operational bindings
     24.1 Operational binding type characteristics
          24.1.1 Symmetry and roles
          24.1.2 Agreement
          24.1.3 Initiator
               24.1.3.1 Establishment
               24.1.3.2 Modification
               24.1.3.3 Termination
          24.1.4 Establishment parameters
               24.1.4.1 Superior DSA establishment parameter
                    24.1.4.1.1 Context prefix information
                    24.1.4.1.2 Entry information
                    24.1.4.1.3 Immediate superior entry information
               24.1.4.2 Subordinate DSA establishment parameter
          24.1.5 Modification parameters
          24.1.6 Termination parameters
          24.1.7 Type identification
     24.2 Operational binding information object Class definition
     24.3 DSA procedures for hierarchical operational binding management
          24.3.1 Establishment procedure
               24.3.1.1 Establishment initiated by superior DSA
               24.3.1.2 Establishment initiated by subordinate DSA
          24.3.2 Modification procedure
               24.3.2.1 Modification procedure initiated by superior
               24.3.2.2 Modification procedure initiated by subordinate
          24.3.3 Termination procedure
               24.3.3.1 Termination initiated by superior DSA
               24.3.3.2 Termination initiated by subordinate DSA
     24.4 Procedures for operations
     24.5 Use of application contexts
25 Non-specific hierarchical operational binding
     25.1 Operational binding type characteristics
          25.1.1 Symmetry and roles
          25.1.2 Agreement
          25.1.3 Initiator
               25.1.3.1 Establishment
               25.1.3.2 Modification
               25.1.3.3 Termination
          25.1.4 Establishment parameters
          25.1.5 Modification parameters
          25.1.6 Termination parameters
          25.1.7 Type identification
     25.2 Operational binding information object class definition
     25.3 DSA procedures for non-specific hierarchical operational binding management
          25.3.1 Establishment procedure
          25.3.2 Modification procedure
          25.3.3 Termination procedure
               25.3.3.1 Termination initiated by superior DSA
               25.3.3.2 Termination initiated by subordinate DSA
     25.4 Procedures for operations
     25.5 Use of application contexts
     D.1 Summary
     D.2 Distributed protection model
     D.3 Signed chained operations
          D.3.1 Chained signed arguments
          D.3.2 Chained signed results
          D.3.3 Merging of Signed List or Search Results