Internet Draft M. R. Bannister Prose Consulting Ltd. Category: Informational March 11, 2014 Expires September 12, 2014 Directory-Based Information Services: Custom Maps Status of this Memo Distribution of this memo is unlimited. This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on September 12, 2014. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Bannister, Mark R. Expires September 12, 2014 [Page 1] Internet Draft DBIS Custom Maps March 11, 2014 Abstract This document extends Directory-Based Information Services (DBIS) described in [draft-bannister-dbis-mapping-00] to support custom databases. The custom database schema SHALL be backwards compatible with the Network Information Service [NIS] but stored within [X.500] entries so that they may be resolved with the Lightweight Directory Access Protocol [RFC4510]. A custom database contains arbitrary key/value pairs. This document describes configuration maps [draft-bannister-dbis- mapping-00] for custom databases, and database entries referenced by those maps. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED" and "MAY" in this document are to be interpreted as described in [RFC2119]. Table of Contents 1. Configuration Maps . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Example Configuration Map Entry . . . . . . . . . . . . . . 3 2. Database . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Definition . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2. Object Classes . . . . . . . . . . . . . . . . . . . . . . 4 2.2.1. Introduction . . . . . . . . . . . . . . . . . . . . . 4 2.2.2. dbisCustomConfig . . . . . . . . . . . . . . . . . . . 4 2.2.3. customMapObject . . . . . . . . . . . . . . . . . . . . 4 2.2.4. customMapEntry . . . . . . . . . . . . . . . . . . . . 4 2.3. Attributes . . . . . . . . . . . . . . . . . . . . . . . . 4 2.3.1. en . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.3.2. customMapValue . . . . . . . . . . . . . . . . . . . . 5 2.3.3. description . . . . . . . . . . . . . . . . . . . . . . 5 2.3.4. manager . . . . . . . . . . . . . . . . . . . . . . . . 5 2.3.5. disableObject . . . . . . . . . . . . . . . . . . . . . 5 2.4. Example Custom Map Entries . . . . . . . . . . . . . . . . 5 3. Attribute Syntax . . . . . . . . . . . . . . . . . . . . . . . 6 4. Implementation Notes . . . . . . . . . . . . . . . . . . . . . 6 4.1. Common Search Filters . . . . . . . . . . . . . . . . . . . 6 4.1.1. Search Parameters . . . . . . . . . . . . . . . . . . . 6 4.1.2. Find Configuration Map for Domain . . . . . . . . . . . 7 4.1.3. List Custom Maps . . . . . . . . . . . . . . . . . . . 7 4.1.4. List Custom Entries . . . . . . . . . . . . . . . . . . 7 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 Bannister, Mark R. Expires September 12, 2014 [Page 2] Internet Draft DBIS Custom Maps March 11, 2014 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 6.1. Normative References . . . . . . . . . . . . . . . . . . . 7 6.2. Informative References . . . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8 1. Configuration Maps 1.1. Scope A custom database uses the standard configuration maps defined in [draft-bannister-dbis-mapping-00], section 3. Additionally, dbisMapConfig entries for custom databases SHALL have assigned the object class dbisCustomConfig to identify that they relate to a custom database. It is RECOMMENDED that the dbisMapConfig entry for a custom database have the dbisMapFilter attribute set according to the following table, where "name" is the name of the database: ------------------------------------------------------- Database dbisMapFilter ------------------------------------------------------- custom &(objectClass=customMapObject)(en=name) ------------------------------------------------------- 1.2. Example Configuration Map Entry The following gives an example of a configuration map entry for a custom database called "console": dn: cn=cons,en=sales.corp,ou=domain-mappings,o=infra objectClass: top objectClass: dbisMapConfig objectClass: dbisCustomConfig cn: cons dbisMapDN: cn=cons,ou=dbis,o=infra dbisMapFilter: &(objectClass=customMapObject)(en=console) profileTTL: 900 description: Primary console database (custom map) 2. Database 2.1. Definition A custom database entry contains the following information: Bannister, Mark R. Expires September 12, 2014 [Page 3] Internet Draft DBIS Custom Maps March 11, 2014 - Key name. - Value. Database entries are child objects of an LDAP entry with the class customMapObject bearing the name of the map in the en attribute. 2.2. Object Classes 2.2.1. Introduction A dbisMapConfig entry for a custom database SHALL be assigned the object class dbisCustomConfig. The custom map is defined by an object with the class customMapObject while the entries in that map SHALL appear as child objects in the DIT and SHALL have the object class customMapEntry. 2.2.2. dbisCustomConfig The dbisCustomConfig class is defined as follows: objectclass ( 1.3.6.1.4.1.23780.219.1.33 NAME 'dbisCustomConfig' DESC 'DBIS custom database configuration map' SUP dbisMapConfig STRUCTURAL ) 2.2.3. customMapObject The customMapObject class is defined as follows: objectclass ( 1.3.6.1.4.1.23780.219.1.34 NAME 'customMapObject' DESC 'Top-level of a DBIS custom map, entries are child nodes' SUP top STRUCTURAL MUST en MAY ( description $ manager $ disableObject ) ) 2.2.4. customMapEntry The customMapEntry class is defined as follows: objectclass ( 1.3.6.1.4.1.23780.219.1.35 NAME 'customMapEntry' DESC 'DBIS custom map entry' SUP top STRUCTURAL MUST ( en $ customMapValue ) MAY ( description $ disableObject ) ) 2.3. Attributes Bannister, Mark R. Expires September 12, 2014 [Page 4] Internet Draft DBIS Custom Maps March 11, 2014 2.3.1. en The name of the custom map and each entry's key is stored in the LDAP attribute en which is defined in [draft-bannister-dbis-mapping-00]. The en attribute MUST be associated with customMapObject and customMapEntry objects and SHALL form the RDN. 2.3.2. customMapValue Each entry's value is stored in the LDAP attribute customMapValue that MUST be assigned to a customMapEntry: attributetype ( 1.3.6.1.4.1.23780.219.2.35 NAME 'customMapValue' DESC 'DBIS custom map value' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 2.3.3. description The description attribute MAY be associated with an entry to provide an arbitrary description of the entry. 2.3.4. manager The manager attribute MAY be associated with an entry to provide one or more DNs of the individuals, groups or systems that are responsible for maintaining the entry. 2.3.5. disableObject An entry MAY be disabled by setting the disableObject attribute [draft-bannister-dbis-mapping-00] to TRUE. If an entry is disabled, then the DUA SHALL behave as if the entry does not exist. The DUA MAY optionally provide a separate mechanism for listing disabled entries, but they MUST be clearly marked as disabled so that no confusion can arise. 2.4. Example Custom Map Entries The following is an example of some custom map entries in LDIF format [RFC2849]: dn: en=console,ou=custom,o=infra objectClass: top objectClass: customMapObject en: console description: Top-level entry for console map Bannister, Mark R. Expires September 12, 2014 [Page 5] Internet Draft DBIS Custom Maps March 11, 2014 dn: en=kirk,en=console,ou=custom,o=infra objectClass: top objectClass: customMapEntry en: kirk customMapValue: 2079 ssh dn: en=spock,en=console,ou=custom,o=infra objectClass: top objectClass: customMapEntry en: spock customMapValue: 53179 telnet 3. Attribute Syntax The following syntaxes are used by the attributes defined in this document: ----------------------------------------------------------- Syntax OID Value Reference ----------------------------------------------------------- 1.3.6.1.4.1.1466.115.121.1.26 IA5 String [RFC4517] ----------------------------------------------------------- 4. Implementation Notes 4.1. Common Search Filters 4.1.1. Search Parameters This section provides example LDAP search filters [RFC4515] for obtaining database entries with commonly used input criteria. To simplify the examples, all databases are assumed to have been defined with only a single configuration map entry (dbisMapConfig). However, [draft-bannister-dbis-mapping-00] permits multiple such entries, so an implementation must support this, increasing the number of search operations as necessary to locate all of the database entries in scope. The base DN used in the search operations described in this section comes from the dbisMapDN attribute assigned to the dbisMapConfig entry. Note that a dbisMapConfig entry may have more than one of these. Where it appears in search filters below, the text "dbisMapFilter" refers to the value assigned to the attribute of the same name in the corresponding dbisMapConfig entry. Class and attribute names used in these search filters may be modified by the dbisMapClass and Bannister, Mark R. Expires September 12, 2014 [Page 6] Internet Draft DBIS Custom Maps March 11, 2014 dbisMapAttr attributes assigned to the dbisMapConfig entry. 4.1.2. Find Configuration Map for Domain To locate the configuration map for a given DBIS domain, search for entries underneath the dbisDomainObject entry [draft-bannister-dbis- mapping-00] using the following filter: (&(objectClass=dbisCustomConfig)(!(disableObject=TRUE))) 4.1.3. List Custom Maps Custom maps are enumerated by applying the dbisMapFilter as follows: (&(dbisMapFilter)(!(disableObject=TRUE))) This filter returns all enabled maps. 4.1.4. List Custom Entries Map entries are enumerated by the following filter: (&(objectClass=customMapEntry)(!(disableObject=TRUE))) The base DN for the search should be amended to the parent object for the custom map that is required, as located by the search filter given in section 4.1.3 above. If the customMapObject is marked as disabled then the child entries SHALL also be treated as disabled. 5. Security Considerations The security considerations discussed in [draft-bannister-dbis- mapping-00] apply equally to this document. 6. References 6.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2849] Good, G., "The LDAP Data Interchange Format (LDIF) - Technical Specification", RFC 2849, June 2000. [RFC4510] Zeilenga, K., Ed., "Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map", RFC 4510, June 2006. Bannister, Mark R. Expires September 12, 2014 [Page 7] Internet Draft DBIS Custom Maps March 11, 2014 [RFC4515] Smith, M., Ed., and T. Howes, "Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters", RFC 4515, June 2006. [RFC4517] Legg, S., Ed., "Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules", RFC 4517, June 2006. [draft-bannister-dbis-mapping-00] Bannister, M. R., "Directory-Based Information Services: Mapping Objects", draft-bannister- dbis-mapping-00.txt, August 2013. 6.2. Informative References [X.500] Weider, C. and J. Reynolds, "Executive Introduction to Directory Services Using the X.500 Protocol", FYI 13, RFC 1308, March 1992. [NIS] Wikipedia, "Network Information Service", . Author's Address Mark R. Bannister Prose Consulting Ltd. 73 Claygate Lane Esher, Surrey, KT10 0BQ United Kingdom Tel: +44 7764 604316 EMail: dbis@proseconsulting.co.uk Bannister, Mark R. Expires September 12, 2014 [Page 8]