📄 rfc1330.txt
字号:
order to optimize search performance. This approach has the added benefit of insulating the local DIT from administrative restructuring within the organization. Others have chosen to closely model their organization's departmental structure. Often this approach seems more natural and can enhance the information obtained from browsing the Directory. Below are experiences from current DSA managers, describing the way they structured their local DIT and the reasons for doing so. A site may find this information helpful in determining how to structure their local DIT. Ultimately this decision will depend upon the needs of the local organization and expectations of Directory usage. Valdis Kletnieks of the Virginia Polytechnic Institute: "For Virginia Tech, it turned out to be a reasonably straightforward process. Basically, the University is organized on a College/Department basis. We decided to model that "real" structure in the DIT for two major reasons: "(a) It duplicates the way we do business, so interfacing the X.500 directory with the "real world" is easier. "(b) With 600+ departmental units and 11,000+ people (to be 30,000+ once we add students), a "zero" (everybody at top) or "one" deep (600 departments at top) arrangement just didn't hack it - it was deemed necessary that you be able to do a some 120 or 140 county office entries under the Extension service, it's a BIT unwieldy there). However, with some 20 college-level entries at the top, and the "average" college having 30 departments, and the "average" department being from 10 to 40 people, it works out pretty well." Jeff Tannehill of Duke University: "Our DIT is flat. We get the entire database of people at Duke from Tel-Com and just put everyone directly under "O=Duke University". "Actually, there is an exception, when the DSA was first set up and we had not received a database yet, I configured the DIT to include "OU=Computer Science", under which myself and one otherESCC X.500/X.400 Task Force [Page 11]
RFC 1330 X.500 and X.400 Plans for ESnet May 1992 System Administrator have entries. Upon getting the database for everyone else I decided not to attempt to separate the people in the database into multiple ou's." Joe Carlson of Lawrence Livermore National Laboratory: "We tried both flat (actually all under the same OU) and splitting based on internal department name and ended up with flat. Our primary reason was load and search times, which were 2-3 times faster for flat organization." Paul Mauvais of Portland State University: "We originally set up our DIT by simply loading our campus phone book into one level down from the top (e.g. OU=Faculty and Staff, OU=Students, OU=Computing Services). "I'd love to have an easy way to convert our flat faculty and staff area into departments and colleges, but the time to convert the data into the separate OU's is probably more than I have right now." Mohamed Ellozy of Dana-Farber Cancer Institute: "Here we have a phone database that includes department, so we got the ou's with no effort. We thus never went the flat space way." Dan Moline of TRW: "Well - we're still in the process of defining our DIT. TRW comes under the international companies DBA. Our part under the PSI White Pages Pilot defines the DIT for our space and defense organization here in Redondo Beach (however, I organized the structure to adhere to TRW corporate). We input from our manpower DB for our S&D personnel. We're trying to get corporate's DB for possible input. "However, arranging your DIT by organizations (at least for corps) presents a problem; things are always being reorganized! We were DSO now we're SSO!!! We still have some of our old domain name for DNS tied to organizations that have not existed for years! "So we are currently redesigning our DIT to try to fit NADF 175 (something more geographically). Our reasoning was that organizations may change but buildings and localities do not."ESCC X.500/X.400 Task Force [Page 12]
RFC 1330 X.500 and X.400 Plans for ESnet May 1992 Ruth Lang of SRI: "There has been no SRI-wide policy or decision to participate in the PSI White Pages Pilot. @c=US@O=SRI International supports the information for one OU only (i.e., a local policy and decision). In order to not give the false impression that all SRI information was contained under this O=SRI International, I used OU=Network Information Systems Center. If I were to structure the DIT for all of SRI, I'm sure that my thinking would yield a much different structure." Russ Wright of Lawrence Berkeley Laboratory: "Since we don't have much organizational information in current staff database, I have to stick to a fairly flat structure. I have two OUs. One is for permanent staff, the other is for guests (there is a flag in our database that is set for guests). "I may add an additional level of OUs to our current structure. The top level would contain different 'types' of information. For example, one OU may be 'Personnel', another may be called publications). Staff and Guests would reside under the Personnel OU." Peter Yee of NASA Ames: "I broke up my DIT at the NASA Center level. NASA is made of nearly 20 Centers and Facilities. The decision to break up at this level was driven by several factors: "1. Control of the local portion of the DIT should reside with the Center in question, particularly since the Center probably supplies the data in question and controls the matching DSA. "2. Each Center ranges in size from 1,000 to 16,000 persons. This seems to be the range that works well on moderate sized UNIX servers. Smaller would be a waste, larger would require too much memory. "3. Representatives from several Centers have contacted me asking if they could run their own DSAs so that they can experiment with X.500. Thus the relevant DSA needs to be under their control."2.5. Information Stored in X.500 The Phase I deployment of X.500 should be limited to "white pages"-ESCC X.500/X.400 Task Force [Page 13]
RFC 1330 X.500 and X.400 Plans for ESnet May 1992 type information about people. Other types of objects can be added in later Phases, or added dynamically as the need arises. To make X.500 truly useful to the ESnet community as a White Pages service, it is recommended that the following minimum information should be stored in the X.500 database: Information ASN.1 Attribute Type Example ----------- -------------------- ------- Locator Info commonName Allen Sturtevant surname Sturtevant postalAddress LLNL P.O. Box 5509, L-561 Livermore, CA 94551 telephoneNumber +1 510 422 8266 facsimileTelephoneNumber +1 510 422 0435 E-Mail Info rfc822Mailbox Sturtevant@es.net mhsORAddresses /PN=Allen Sturtevant/O=NERSC/ /PRMD=ESnet/ADMD= /C=US/ otherMailbox DECnet: ESNIC::APS The above list of attributes comprises a minimum set which is recommended for a person's entry. However, you may chose to omit some attributes for reasons of privacy or legality. Note that the X.500 standard requires that the surname and commonName attributes be present. If an individual's phone number and/or address cannot be provided, they should be replaced by the site's "Information Phone Number" and postal address to allow some means of contacting the person.2.5.1. Information Security It is understood that placing this type of information in X.500 is equivalent to putting the "Company Phone Book" on-line in the Internet. Different sites may treat this information differently. Some may view it as confidential, while others may view this data as open to the public. In any case, it was recommended that ESnet sites discuss the implications with their respective legal departments before actually making their information openly available. There currently exists minimal access control in several X.500 implementations.2.6. Accessing the X.500 Directory Service The PSI White Pages Pilot Project software provides numerous interfaces to the information in the X.500 Directory. Non- interactive access mechanisms (e.g. WHOIS, FINGER and ElectronicESCC X.500/X.400 Task Force [Page 14]
RFC 1330 X.500 and X.400 Plans for ESnet May 1992 Mail) make use of capabilities or services which already reside on many workstations and hosts. Such hosts could immediately take advantage of the X.500 service with no additional software or reconfiguration needed. However, since these methods are non- interactive, they only provide a way to search for and read information in the Directory but no way to modify information.2.6.1. Directory Service via WHOIS The Pilot Project software allows you to configure the X.500 Directory service to be made available via a network port offering an emulation of the SRI-NIC WHOIS service. UNIX-based hosts and VMS hosts running Multinet typically come configured with the WHOIS service. Users at their workstations would then be able to issue a simple WHOIS command to a known host running a DSA to retrieve information about colleagues at their site or at other ESnet sites. For example, the command: whois -h wp.lbl.gov wright will return information about Russ Wright at Lawrence Berkeley Lab. It is recommended that all sites which bring up such a service, should provide an alias name for the host running their DSA of the form <wp.site.domain> for consistency within the ESnet community.2.6.2. Directory Service via Electronic Mail The Pilot Project software also allows the X.500 Directory service to be made available via electronic mail. A user who sends an electronic mail message to a known host running a DSA containing a WHOIS-like command on the subject line, would then receive a return mail message containing the results of their query.2.6.3. Directory Service via FINGER The X.500 Directory service could also be made available via the FINGER service. Although this access method does not come with the PSI Pilot Project software, several sites have already implemented a FINGER interface to the X.500 Directory. For ease of use and consistency, a single FINGER interface should be selected, then individual implementations within the ESnet community should conform to this interface.2.6.4. Directory Service via Specialized Applications Many X.500 Directory User Agents (DUAs) are widely available. Some of these come with the PSI Pilot Project software. Other DUAs, which have been developed by third parties to fit into the pilot software,ESCC X.500/X.400 Task Force [Page 15]
RFC 1330 X.500 and X.400 Plans for ESnet May 1992 are publicly available. These user agents support interactive access to the X.500 Directory allowing browsing, searching, listing and modifying data in the Directory. However, in most cases, use of these DUAs requires the Pilot Project software be installed on the host system. Only a few of these DUAs and their capabilities are described below. o DISH - A User Agent which provides a textual interface to the X.500 Directory. It gives full access to all elements of the Directory Access Protocol (DAP) and as such may be complex for novice users. DISH is most useful to the DSA administrator.⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -