Internet DRAFT - draft-bannister-dbis-custom

draft-bannister-dbis-custom



 



Internet Draft                                           M. R. Bannister
<draft-bannister-dbis-custom-04.txt>               Prose Consulting Ltd.
Category: Informational                                    July 24, 2015
Expires January 25, 2016

                 Directory-Based Information Services:
                              Custom Maps

Status of this Memo

   Distribution of this memo is unlimited.

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on January 25, 2016.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.   

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.




 


Bannister, Mark R.      Expires January 25, 2016                [Page 1]

Internet Draft              DBIS Custom Maps               July 24, 2015


Abstract          

   This document extends Directory-Based Information Services (DBIS)
   described in [draft-bannister-dbis-mapping-00] to support custom
   databases.

   The custom database schema SHALL be backwards compatible with the
   Network Information Service [NIS] but stored within [X.500] entries
   so that they may be resolved with the Lightweight Directory Access
   Protocol [RFC4510].

   A custom database contains arbitrary key/value pairs.

   This document describes configuration maps [draft-bannister-dbis-
   mapping-00] for custom databases, and database entries referenced by
   those maps.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED" and "MAY" in this document are
   to be interpreted as described in [RFC2119].

Table of Contents

   1. Configuration Maps  . . . . . . . . . . . . . . . . . . . . . .  3
     1.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.2. Example Configuration Map Entry . . . . . . . . . . . . . .  3
   2. Database  . . . . . . . . . . . . . . . . . . . . . . . . . . .  3
     2.1. Definition  . . . . . . . . . . . . . . . . . . . . . . . .  3
     2.2. Object Classes  . . . . . . . . . . . . . . . . . . . . . .  4
       2.2.1. Introduction  . . . . . . . . . . . . . . . . . . . . .  4
       2.2.2. dbisCustomConfig  . . . . . . . . . . . . . . . . . . .  4
       2.2.3. customMapEntry  . . . . . . . . . . . . . . . . . . . .  4
     2.3. Attributes  . . . . . . . . . . . . . . . . . . . . . . . .  4
       2.3.1. customMapName . . . . . . . . . . . . . . . . . . . . .  4
       2.3.2. en  . . . . . . . . . . . . . . . . . . . . . . . . . .  4
       2.3.3. customMapValue  . . . . . . . . . . . . . . . . . . . .  5
       2.3.4. description . . . . . . . . . . . . . . . . . . . . . .  5
       2.3.5. manager . . . . . . . . . . . . . . . . . . . . . . . .  5
       2.3.6. disableObject . . . . . . . . . . . . . . . . . . . . .  5
     2.4. Example Custom Map Entries  . . . . . . . . . . . . . . . .  5
   3. Attribute Syntax  . . . . . . . . . . . . . . . . . . . . . . .  6
   4. Implementation Notes  . . . . . . . . . . . . . . . . . . . . .  6
     4.1. Common Search Filters . . . . . . . . . . . . . . . . . . .  6
       4.1.1. Search Parameters . . . . . . . . . . . . . . . . . . .  6
       4.1.2. Find Configuration Map for Domain . . . . . . . . . . .  6
       4.1.3. List Custom Entries . . . . . . . . . . . . . . . . . .  7
   5. Security Considerations . . . . . . . . . . . . . . . . . . . .  7
   6.  References . . . . . . . . . . . . . . . . . . . . . . . . . .  7
 


Bannister, Mark R.      Expires January 25, 2016                [Page 2]

Internet Draft              DBIS Custom Maps               July 24, 2015


     6.1.  Normative References . . . . . . . . . . . . . . . . . . .  7
     6.2.  Informative References . . . . . . . . . . . . . . . . . .  7
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . .  8


1. Configuration Maps

1.1. Scope

   A custom database uses the standard configuration maps defined in
   [draft-bannister-dbis-mapping-00], section 3.

   Additionally, dbisMapConfig entries for custom databases SHALL have
   assigned the object class dbisCustomConfig to identify that they
   relate to a custom database.

   It is RECOMMENDED that the dbisMapConfig entry for a custom database
   have the dbisMapFilter attribute set according to the following
   table:

         -------------------------------------------------------
         Database      dbisMapFilter
         -------------------------------------------------------
         custom        objectClass=customMapEntry
         -------------------------------------------------------

1.2. Example Configuration Map Entry

   The following gives an example of a configuration map entry for a
   custom database called "console":

       dn: cn=cons,en=sales.corp,ou=domain-mappings,o=infra
       objectClass: top
       objectClass: dbisMapConfig
       objectClass: dbisCustomConfig
       cn: cons
       customMapName: console
       dbisMapDN: ou=console,ou=dbis,o=infra
       dbisMapFilter: objectClass=customMapEntry
       profileTTL: 900
       description: Primary console database (custom map)

2. Database

2.1. Definition

   A custom database entry contains the following information:

 


Bannister, Mark R.      Expires January 25, 2016                [Page 3]

Internet Draft              DBIS Custom Maps               July 24, 2015


   - Key name.

   - Value.

2.2. Object Classes

2.2.1. Introduction

     A dbisMapConfig entry for a custom database SHALL be assigned the
     object class dbisCustomConfig.

     Custom map entries SHALL have the object class customMapEntry.

2.2.2. dbisCustomConfig

   The dbisCustomConfig class is defined as follows:

       objectclass ( 1.3.6.1.4.1.23780.219.1.33 NAME 'dbisCustomConfig'
         DESC 'DBIS custom database configuration map'
         SUP dbisMapConfig STRUCTURAL
         MUST customMapName )

2.2.3. customMapEntry

   The customMapEntry class is defined as follows:

       objectclass ( 1.3.6.1.4.1.23780.219.1.35 NAME 'customMapEntry'
         DESC 'DBIS custom map entry'
         SUP top STRUCTURAL
         MUST ( en $ customMapValue )
         MAY ( description $ disableObject ) )

2.3. Attributes

2.3.1. customMapName

   The name of the custom map is stored in the LDAP attribute
   customMapName which MUST be assigned to a dbisCustomConfig entry:

       attributetype ( 1.3.6.1.4.1.23780.219.2.34 NAME 'customMapName'
         DESC 'Name of DBIS custom map'
         EQUALITY caseExactMatch SINGLE-VALUE
         SUBSTR caseExactSubstringsMatch
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )

2.3.2. en

   Each custom map entry's key is stored in the LDAP attribute en which
 


Bannister, Mark R.      Expires January 25, 2016                [Page 4]

Internet Draft              DBIS Custom Maps               July 24, 2015


   is defined in [draft-bannister-dbis-mapping-00].  The en attribute
   MUST be associated with customMapEntry objects and SHALL form the
   RDN.

2.3.3. customMapValue

   Each entry's value is stored in the LDAP attribute customMapValue
   that MUST be assigned to a customMapEntry:

       attributetype ( 1.3.6.1.4.1.23780.219.2.35 NAME 'customMapValue'
         DESC 'DBIS custom map value'
         EQUALITY caseExactIA5Match
         SUBSTR caseExactIA5SubstringsMatch
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

2.3.4. description

   The description attribute MAY be associated with an entry to provide
   an arbitrary description of the entry.

2.3.5. manager

   The manager attribute MAY be associated with an entry to provide one
   or more DNs of the individuals, groups or systems that are
   responsible for maintaining the entry.

2.3.6. disableObject

   An entry MAY be disabled by setting the disableObject attribute
   [draft-bannister-dbis-mapping-00] to TRUE.  If an entry is disabled,
   then the DUA SHALL behave as if the entry does not exist.  The DUA
   MAY optionally provide a separate mechanism for listing disabled
   entries, but they MUST be clearly marked as disabled so that no
   confusion can arise.

2.4. Example Custom Map Entries

   The following is an example of some custom map entries in LDIF format
   [RFC2849]:

       dn: ou=console,ou=custom,o=infra
       objectClass: top
       objectClass: organizationalUnit
       ou: console

       dn: en=kirk,ou=console,ou=custom,o=infra
       objectClass: top
       objectClass: customMapEntry
 


Bannister, Mark R.      Expires January 25, 2016                [Page 5]

Internet Draft              DBIS Custom Maps               July 24, 2015


       en: kirk
       customMapValue: 2079 ssh

       dn: en=spock,ou=console,ou=custom,o=infra
       objectClass: top
       objectClass: customMapEntry
       en: spock
       customMapValue: 53179 telnet

3. Attribute Syntax

   The following syntaxes are used by the attributes defined in this
   document:

   -----------------------------------------------------------
   Syntax OID                     Value             Reference
   -----------------------------------------------------------
   1.3.6.1.4.1.1466.115.121.1.26  IA5 String        [RFC4517]
   -----------------------------------------------------------

4. Implementation Notes

4.1. Common Search Filters

4.1.1. Search Parameters

   This section provides example LDAP search filters [RFC4515] for
   obtaining database entries with commonly used input criteria.

   To simplify the examples, all databases are assumed to have been
   defined with only a single configuration map entry (dbisMapConfig). 
   However, [draft-bannister-dbis-mapping-00] permits multiple such
   entries, so an implementation must support this, increasing the
   number of search operations as necessary to locate all of the
   database entries in scope.

   The base DN used in the search operations described in this section
   comes from the dbisMapDN attribute assigned to the dbisMapConfig
   entry. Note that a dbisMapConfig entry may have more than one of
   these.

   Where it appears in search filters below, the text "dbisMapFilter"
   refers to the value assigned to the attribute of the same name in the
   corresponding dbisMapConfig entry.  Class and attribute names used in
   these search filters may be modified by the dbisMapClass and
   dbisMapAttr attributes assigned to the dbisMapConfig entry.

4.1.2. Find Configuration Map for Domain
 


Bannister, Mark R.      Expires January 25, 2016                [Page 6]

Internet Draft              DBIS Custom Maps               July 24, 2015


   To locate the configuration map for a given DBIS domain, search for
   entries underneath the dbisDomainObject entry [draft-bannister-dbis-
   mapping-00] using the following filter:

         (&(objectClass=dbisCustomConfig)(!(disableObject=TRUE)))

4.1.3. List Custom Entries

   Custom maps are enumerated by applying the dbisMapFilter as follows:

         (&(dbisMapFilter)(!(disableObject=TRUE)))

   This filter returns all custom map entries under a given base DN.

5. Security Considerations

   The security considerations discussed in [draft-bannister-dbis-
   mapping-00] apply equally to this document.

6.  References

6.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2849]  Good, G., "The LDAP Data Interchange Format (LDIF) -
              Technical Specification", RFC 2849, June 2000.

   [RFC4510]  Zeilenga, K., Ed., "Lightweight Directory Access Protocol
              (LDAP): Technical Specification Road Map", RFC 4510, June
              2006.

   [RFC4515]  Smith, M., Ed., and T. Howes, "Lightweight Directory
              Access Protocol (LDAP): String Representation of Search
              Filters", RFC 4515, June 2006.

   [RFC4517]  Legg, S., Ed., "Lightweight Directory Access Protocol
              (LDAP): Syntaxes and Matching Rules", RFC 4517, June 2006.

   [draft-bannister-dbis-mapping-00]  Bannister, M. R., "Directory-Based
              Information Services: Mapping Objects", draft-bannister-
              dbis-mapping-00.txt, August 2013.

6.2.  Informative References

   [X.500]  Weider, C. and J. Reynolds, "Executive Introduction to
              Directory Services Using the X.500 Protocol", FYI 13, RFC
 


Bannister, Mark R.      Expires January 25, 2016                [Page 7]

Internet Draft              DBIS Custom Maps               July 24, 2015


              1308, March 1992.

   [NIS]  Wikipedia, "Network Information Service", <http://
              en.wikipedia.org/wiki/Network_Information_Service>.

Author's Address

   Mark R. Bannister
   Prose Consulting Ltd.
   73 Claygate Lane
   Esher, Surrey, KT10 0BQ
   United Kingdom

   Tel: +44 7764 604316
   EMail: dbis@proseconsulting.co.uk




































Bannister, Mark R.      Expires January 25, 2016                [Page 8]