This section contains supplemental information about the use of X.500 attributes for XFN references. In order to permit an XFN reference to be stored as an attribute in X.500, the directory schema must be modified to support the object classes and attributes defined in this appendix.
See Chapter 25, FNS and Global Naming Systems. for the procedures needed to federate X.500.
See Managing the X.500 Client Toolkit for information about modifying the X.500 directory schema.
Two new object classes, XFN and XFN-supplement, are introduced to support XFN references. The XFN object class is not relevant in FNS since SunSoft's X.500 directory product cannot support the introduction of new compound ASN.1 syntaxes. Instead, FNS uses the XFN-supplement object class.
The two new object classes are defined in ASN.1 as follows:
xFN OBJECT-CLASS ::= { SUBCLASS OF { top } KIND auxiliary MAY CONTAIN { objectReferenceId | objectReference | nNSReferenceId | nNSReference } ID id-oc-xFN } id-oc-xFN OBJECT IDENTIFIER ::= { iso(1) member-body(2) ansi(840) sun(113536) ds-oc-xFN(24) } xFNSupplement OBJECT-CLASS ::= { SUBCLASS OF { top } KIND auxiliary MAY CONTAIN { objectReferenceString | nNSReferenceString } ID id-oc-xFNSupplement } id-oc-xFNSupplement OBJECT IDENTIFIER ::= { iso(1) member-body(2) ansi(840) sun(113536) ds-oc-xFNSupplement(25) } |
The XFN-supplement object class is defined as an auxiliary object class so that it may be inherited by all X.500 object classes. It is defined with two optional attributes:
objectReferenceString is used to hold an XFN reference to the object itself.
nNSReferenceString is used to hold an XFN reference to a next naming system.
Both attributes are defined in ASN.1 as follows:
objectReferenceString ATTRIBUTE ::= { WITH SYNTAX OCTET STRING EQUALITY MATCHING RULE octetStringMatch SINGLE VALUE TRUE ID { id-at-objectReferenceString } } id-at-objectReferenceString OBJECT IDENTIFIER ::= { iso(1) member-body(2) ansi(840) sun(113536) ds-at-objectReferenceString(30) } nNSReferenceString ATTRIBUTE ::= { WITH SYNTAX OCTET STRING EQUALITY MATCHING RULE octetStringMatch SINGLE VALUE TRUE ID { id-at-nNSReferenceString } } id-at-nNSReferenceString OBJECT IDENTIFIER ::= { iso(1) member-body(2) ansi(840) sun(113536) ds-at-nNSReferenceString(31) } |
Both objectReferenceString and nNSReferenceString store XFN references in a string form. Their octet string syntax is further constrained to conform to the following BNF definition:
<ref> ::= <id> '$' <ref-addr-set> <ref-addr-set> ::= <ref-addr> | <ref-addr> '$' <ref-addr-set> <ref-addr> ::= <id> '$' <addr-set> <addr> ::= <hex-string> <id> ::= 'id' '$' <string> | 'uuid' '$' <uuid-string> | 'oid' '$' <oid-string> <string> ::= <char> | <char> <string> <char> ::= <PCS> | '\' <PCS> <PCS> ::= // Portable Character Set: // !"#$%&'()*+,-./0123456789:;<=>? // @ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ // `abcdefghijklmnopqrstuvwxyz{|}~ <uuid-string> ::= <uuid-char> | <uuid-char> <uuid-string> <uuid-char> ::= <hex-digit> | '-' <oid-string> ::= <oid-char> | <oid-char> <oid-string> <oid-char> ::= <digit> | '.' <hex-string> ::= <hex-octet> | <hex-octet> <hex-string> <hex-octet> ::= <hex-digit> <hex-digit> <hex-digit> ::= <digit> | 'a' | 'b' | 'c' | 'd' | 'e' | 'f' | 'A' | 'B' | 'C' | 'D' | 'E' | 'F' <digit> ::= '0' | '1' | '2' | '3' | '4' | '5' | '6' | '7' | '8' | '9' |
The following example is a string form XFN reference:
id$onc_fn_enterprise$id$onc_fn_nisplus_root$0000000f77697a2e636fd2e2062696762696700 |
The example uses an XFN reference of type onc_fn_enterprise. It contains the address type onc_fn_nisplus_root and a single address value. The address value is an XDR-encoded string, comprising the domain name, doc.com, followed by the host name, cygnus.
An XFN reference may be added to an X.500 entry by using the FNS command fnattr, as in this example:
# fnattr -a .../c=us/o=doc object-class top organization xfn-supplement |
creates a new entry called c=us/o=doc and adds an object class attribute with the values top, organization , and XFN-supplement.
The FNS command fnbind binds the NIS+ reference to the named entry and links X.500 to the root of the NIS+ namespace. (Note the use of a trailing slash in the name argument to fnbind.)
# fnbind -r .../c=us/o=doc/ onc_fn_enterprise onc_fn_nisplus_root "doc.com. cygnus" |