ldap-id.ms revision 303975
1.pl 10.0i 2.po 0 3.ll 8.5i 4.lt 8.5i 5.nr LL 8.5i 6.nr LT 8.5i 7.ds LF Johansson 8.ds RF [Page %] 9.ds CF 10.ds LH Internet draft 11.ds RH 30 March 1998 12.ds CH Berkeley AMD LDAP Schema 13.hy 0 14.ad l 15.in 0 16INTERNET-DRAFT Leif Johansson 17Intented Category: Experimental Stockholm University 18 19 20 21.ce 22A directory (X.500 and LDAPv3) schema for Berkely automounter 23 24 25.ti 0 261. Status of this Memo 27 28.fi 29.in 3 30This memo describes a directory (LDAP or X.500) schema for storing 31amd (Berkely-style automounter) mount info maps. The schema is currently 32beeing supported by the (beta version of the) am-utils version 6 package 33[AMUTILS]. 34 35.ti 0 362. Overview and Rationale 37 38Directory services such as X.500 [X500] or LDAP [RFC2251] are a natural 39choice of repository for amd mount map databases. All Object Identifiers 40in this document are prefixed by amdSchema-id to be assigned later. The 41relation between this schema and the automount schema elements in [HOWARD] 42are mostly superficial. The model for the elements in [HOWARD] was the SUN 43automounter which has quite a different syntax for mount maps. Furthermore 44the intended usage of this schema differs from that of [HOWARD] in many 45respects. 46 47.ti 0 483. DSA requirements 49 50Directory servers implementing this schema SHOULD maintain the 51modifyTimestamp operational attribute. If not the amdMapCacheTtl 52attribute SHOULD be set to 0 indicating to clients that caching of 53map entries SHOULD be turned off. Clients wishing to use the amdMap 54schema MAY use the modifyTimestamp information to set the ttl for 55internal caching schemes. A value of 0 for the amdMapCacheTtl must 56result in clients turning off any local caching. 57 58.ti 0 594. Syntax definitions 60 61The following attribute syntax is defined in this document: 62 63 amdlocationlist 64 65This syntax represents a amd map value. This is the syntax expressed 66in BNF using definitions from [RFC2252]: 67 68 amdlocationlist = amdlocationselection | 69 amdlocationlist whsp "||" whsp amdlocationselection 70 71 amdlocationselection = amdlocation | 72 amdlocationselection whsp amdlocation 73 74 amdlocation = amdlocationinfo | 75 "-" amdlocationinfo | 76 "-" 77 78 amdlocationinfo = seloropt | 79 amdlocationinfo ";" seloropt | 80 ";" 81 82 seloropt = seletion | 83 optass 84 85 selection = keystring "==" printablestring 86 keystring "!=" printablestring 87 88 optass = keystring \":=\" printablestring 89 90X.500 servers or LDAPv3 servers (supporting the binary attribute 91option) may use the following syntax definition: 92 93 AmdLocationList ::= SEQUENCE OF { 94 SEQUENCE OF { 95 location AmdLocation 96 } 97 } 98 99 AmdLocation ::= SET OF { 100 CHOICE { 101 location [0] AmdLocationInfo 102 notlocation [1] AmdLocationInfo 103 not [2] NULL 104 } 105 } 106 107 AmdLocationInfo ::= SET OF { 108 CHOICE { 109 selection [0] AmdSelection 110 option [1] AmdOption 111 } 112 } 113 114 AmdSelection ::= CHOICE { 115 eq [0] AttributeAndValue 116 ne [1] AttributeAndValue 117 } 118 119 AmdOption ::= AttributeAndValue 120 121 AttributeAndValue ::= SEQUENCE { 122 attribute IA5String 123 value IA5String 124 } 125 126.ti 0 1275. Attribute types 128 129The following attribute types are defined in this document: 130 131 amdMapName 132 amdMapCacheTtl 133 amdMapEntry 134 amdMapEntryKey 135 amdMapEntryValue 136 137 amdSchema-a OBJECT IDENTIFIER ::= { amdSchema-id 1 } 138 139 amdMapName 140 ATTRIBUTE ::= { 141 WITH SYNTAX IA5String 142 EQUALITY MATCHING RULE caseIgoreExactMatch 143 --ID { amdSchema-a 1 } 144 DESCRIPTION 145 "This attribute is the symbolic and in the naming 146 context unique name of an amd map. This corresponds 147 in the case of a flat file database to the name of 148 the file or the mount-point of the map." 149 } 150 151 152 amdMapCacheTtl 153 ATTRIBUTE ::= { 154 WITH SYNTAX Integer 155 EQUALITY MATCHING RULE integerExactMatch 156 --ID { amdSchema-a 2 } 157 SINGLE VALUED 158 DESCRIPTION 159 "The maximum time-to-live for the entries in this 160 map. After this many milliseconds the map has to 161 be cleared from local caches and reloaded. A value 162 of 0 disables caching." 163 } 164 165 amdMapEntry 166 ATTRIBUTE ::= { 167 WITH SYNTAX DistinguishedName 168 EQUALITY MATHCING RULE dNCaseIgnoreExactMatch 169 --ID { amdSchema-a 3 } 170 DESCRIPTION 171 "A multivalued attribute listing the distinguished 172 names of the amdMapEntries making up this amdMap 173 object." 174 } 175 176 amdMapEntryKey ::= { 177 ATTRIBUTE ::= { 178 WITH SYNTAX IA5String 179 EQUALITY MATCHING RULE stringExactMatch 180 --ID { amdSchema-a 4 } 181 SINGLE VALUED 182 DESCRIPTION 183 "The value of this attribute is usually the name of 184 a mountpoint for this amdMapEntry." 185 } 186 187 amdMapEntryValue ::= { 188 ATTRIBUTE ::= { 189 WITH SYNTAX AmdLocationList 190 --ID { amdSchema-a 5 } 191 DESCRIPTION 192 "This is the actual mount information for the amdMapEntry 193 using the syntax described above." 194 } 195 196 amdMapEntryKey ::= { 197 ATTRIBUTE ::= { 198 WITH SYNTAX IA5String 199 EQUALITY MATCHING RULE stringExactMatch 200 --ID { amdSchema-a 4 } 201 SINGLE VALUED 202 DESCRIPTION 203 "The value of this attribute is usually the name of 204 a mountpoint for this amdMapEntry." 205 } 206 207 amdMapEntryValue ::= { 208 ATTRIBUTE ::= { 209 WITH SYNTAX AmdLocationList 210 --ID { amdSchema-a 5 } 211 DESCRIPTION 212 "This is the actual mount information for the amdMapEntry 213 using the syntax described above." 214 } 215 216.ti 0 2176. Object classes 218 219The following object classes are defined in this document: 220 221 amdMap 222 amdMapEntry 223 224defined as follows: 225 226 amdSchema-oc ::= { amdSchema-id 2 } 227 228 amdMap OBJECT-CLASS ::= { 229 SUBCLASS OF { top } 230 KIND auxiliary 231 --ID { amdSchema-oc 1 } 232 MAY CONTAIN { amdMapCacheTtl , cn } 233 MUST CONTAIN { amdMapName , amdMapEntry } 234 } 235 236 amdMapEntry OBJECT-CLASS ::= { 237 SUBCLASS OF { top } 238 KIND structural 239 --ID { amdSchema-oc 2 } 240 MUST CONTAIN { 241 amdMapName , 242 amdEntryKey , 243 amdEntryValue , 244 } 245 MAY CONTAIN { cn } 246 DESCRIPTION 247 "An entry of this object class describes mount 248 information relative to a certain amdMap entry" 249 } 250 251.ti 0 2527. Examples 253 254 255 256.ti 0 2578. Security Considerations 258 259Due to the security problems posed by NFS care should be taken not to 260advertise exported filesystems. Therefore it is often desirable to limit 261access to entries carrying amd mount map information to those systems 262to which the corresponding filesystems have been exported. 263 264.ti 0 2659. References 266 267 [AMUTILS] 268 am-utils homepage: http://shekel.cs.columbia.edu/~erez/am-utils.html 269 270 [RFC2251] 271 M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access 272 Protocol (v3)", RFC 2251, December 1997. 273 274 [RFC2252] 275 M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight Directory 276 Access Protocol (v3): Attribute Syntax Definitions", RFC 2252, 277 December 1997. 278 279 [RFC2253] 280 M. Wahl, S. Kille, T. Howes, "Lightweight Directory Access 281 Protocol (v3): UTF-8 String Representation of Distinguished 282 Names", RFC 2253, December 1997. 283 284 [HOWARD] 285 Luke Howard, "An Approach for Using LDAP as a Network 286 Information Service", draft-howard-nis-schema-??.txt, Internet 287 draft. 288 289 [X500] 290 ITU something or other. 291 292.in 3 293 294 295.ti 0 296Author's Address 297 298.nf 299 300Leif Johansson 301Department of Mathematics 302Stockholm University 303S-106 91 Stockholm 304 SWEDEN 305 306Email: leifj@matematik.su.se 307