OpenVMS Enterprise Directory V5.6
HP OpenVMS Enterprise Directory V5.6
1993 - 2007 Hewlett-Packard Development Company, L.P. 3 September, 2007
User password hashing is also incorporated,
where ‘user’ is any LDAP client application
that has an identity in the directory.
The OpenVMS Enterprise Directory supports a
subset of the Simplified Access Control
scheme from the 1993 edition of the standard.
This allows administrators to define policies
that control access rights (such as read,
browse, modify, remove) to entries and
individual attributes within a particular part of
the directory (naming context).
The OpenVMS Enterprise Directory allows for
the authentication of users by name and
password. It also allows access to be restricted
based on network address and for chained
operations.
Distributed Operations
The DSA supports standard X.500 distributed
operations including chaining and referrals.
Knowledge management of superior and
subordinate references allows an OpenVMS
Enterprise Directory DSA to participate as a
first-level DSA or a subordinate DSA in a
multi-vendor distributed Directory Information
Base (DIB).
Replication
The OpenVMS Enterprise Directory supports
shadowing of data between DSAs, allowing
data to be replicated in the network for high
availability and performance. Shadowing also
allows replication of knowledge information
for distributed operation, access control
policies and authentication information, thus
reducing the amount of management required.
Selective Shadowing
Selective Shadowing offers the ability to
specify which attributes can and cannot be
shadowed to a consumer DSA.
The shadowing filter is controlled by the
shadowingAttributeSelection attribute in the
shadow agreement subentry. Thus there is a
specific filter for every shadowing agreement.
Shadowed information is represented using the
DSA Information Model defined in the 1993
edition of the standard. OpenVMS Enterprise
Directory supports the shadowing service
defined in X.525, including supplier initiated
and consumer-initiated agreements, both
scheduled and on change replication providing
full or incremental updates.
Protocols
The Directory Service is based on the client-
server model. The DSA server supports the
directorySystemAC application context (DSP
protocol) to communicate with other DSAs.
Communications between server DSAs and
client DUAs are supported by the
directoryAccessAC application context (DAP
protocol). DAP enables DUAs in other X.500
implementations to access the OpenVMS
Enterprise Directory DSA and vice-versa. DSP
enables full inter-working with DSAs in other
implementations.
The X.500 DSA server supports LDAPv2 and
LDAPv3 protocols.
For shadowing, the DSA supports
shadowSupplierInitiatedAC and
shadowConsumerInitiatedAC application
contexts in both the synchronous and
asynchronous variants (DISP protocol) and the
directoryOperational BindingManagementAC
application context (DOP protocol).
The OpenVMS Enterprise Directory V5.6 runs
on the OpenVMS Integrity and Alpha
operating systems. It provides integrated,
multi-protocol support allowing concurrent
DAP and DSP access over OSI (using
transport classes TP0, TP2, TP4) and
RFC1006 over TCP/IP.
Security – SSL/TLS Support
Secure Socket Layer/Transport Layer Security
support is provided utilising the SSL shareable
library in OpenVMS V7.3-2 and above.
The Directory can receive commands over a
secure line using LDAPv3. The following
protocols are non-simultaneously supported:
• SSLv23
• SSLv3
• TLSv1
The Directory does not provide a default or
private key. These may be obtained from
http://www.openssl.org
The Directory can be placed in one of three
management selectable security states – no
security, selectable security and mandatory
security.
Database
The OpenVMS Enterprise Directory provides
a Directory Information Base based on the