Chapter 5 Configuring Scopes

SLP enables you to provision services that depend on logical, physical, or administrative grouping of users by creating scopes to administer their access to service advertisements.

• "Deploying Scopes"

• "When to Configure Scopes"

• "Configuring Scopes"

• "Considerations When Configuring Scopes"

Deploying Scopes

Use the net.slp.useScopes property to create scopes. For example, in the /etc/inet/slp.conf file on a host, add a new scope, called newscope, as shown:

net.slp.useScopes=newscope

To help you understand the scope concept, imagine that your organization has an alcove of networked office machines, such as printers and fax machines, and that they reside at the end of the south hall on the second floor of Building 6. These office machines might be provided for all users on the second floor, or their use might be restricted to members of a certain department. Scopes provide a way to provision access to the service advertisements for these machines.

If the office machines are dedicated to the marketing department, then the marketing department hosts and the printers in proximity to that cluster can be configured with a scope named mktg. Other printers, belonging to other departments, can be configured with different scope names.

In another scenario, the departments might be dispersed. For instance, the mechanical engineering and the CAD/CAM departments might be split between floors 1 and 2. However, you can provide the floor 2 machines for the hosts on both floors by assigning them to the same scope. You can deploy scopes in any manner that operates well with your network and users.

UAs having a particular scope are not prevented from actually using services advertised in other scopes. Configuring scopes controls only which service advertisements a UA sees. It is up to the service itself to enforce any access control restrictions.

When to Configure Scopes

SLP can function adequately without any scope configuration whatsoever. In the Solaris operating environment, the default scope for SLP is default. If no scopes are configured, default is the scope of all SLP messages.

Configuration of scopes is suggested if any of the following apply:

1. The organizations you support want to restrict service advertisement access to their own members.

2. The physical layout of the organization you support suggests that services in a certain area be accessed by particular users.

3. Some other reason exists for partitioning the service advertisements that users are allowed to see.

An example of the first case was cited in "Deploying Scopes". An example of the second case is a situation in which an organization is spread between two buildings, and you want users in a building to access local services in that building. Users in Building 1 can be configured with the B1 scope, while users in Building 2 can be configured with the B2 scope.

Configuring Scopes

Scopes are configured by setting the net.slp.useScopes property in the slp.conf file to a comma-separated list of scope names. Construct scope names using the following grammatical guidelines:

• Any alphanumeric characters, upper or lower-case

• Any punctuation characters (except for: '', \, !, <, =, >, and ~).

• Spaces that are considered part of the name

• Non-ASCII characters

  You use a backslash to escape non-ASCII characters. For example, UTF-8 encoding uses 0xc3a9 hex code to represent the letter e with the French aigue accent. If the platform does not support UTF-8, you use the UTF-8 hex code as the escape sequence \c3\a9.

How to Configure Scopes

This procedures assumes (as an example) that you are creating scopes eng and mktg in bldg6. In this case, you are configuring multiple scopes.

1. Become superuser.

2. Edit the /etc/inet/slp.conf file and change the net.slp.useScopes line to:

   net.slp.useScopes=eng,mktg,bldg6

3. Save the file and exit.

Considerations When Configuring Scopes

By modifying the net.slp.useScopes property in the slpd.conf file, you configure scopes for all agents on the host. If the host is running any SAs or is acting as a DA, you must configure this property if you want to configure the SAs or DA into scopes other than default. If only UAs are running on the machine and the UAs should discover SAs and DAs supporting scopes other than default, you do not need to configure the property unless you want to restrict the scopes the UAs use. If the property is not configured, UAs will automatically discover available DAs and scopes through slpd, which uses active and passive DA discovery to find DAs, or through SA discovery if no DAs are running. On the other hand, if the property is configured, UAs will use only the configured scopes and not discard them.

If you decide to configure scopes, you should consider keeping the default scope on the list of configured scopes unless you are sure that all SAs in the network have scopes configured. If any SAs are left unconfigured, UAs with configured scopes will be unable to find them, because the unconfigured SAs automatically have scope default, but the UAs have the configured scopes.

If you also decide to configure DAs by setting the net.slp.DAAddresses property, be sure that the scopes supported by the configured DAs are the same as the scopes that you have configured with the net.slp.useScopes property. If this is not the case, slpd prints an error message when it is restarted.