STC Internal Report 1996
X.500 Directory Services in Belgium
and how to participate.
Nils Meulemans
May 1993
This paper describes the current status of the
Belgian X.500 Value project. It is the follow up
of the September `92 edition (IIHE/HELIOS-B - 92-
122). As such it doesn't describe the
establishment of the X.500 services in Belgium, it
rather focuses on the service enhancements which
have been introduced over the last few months.
In the scope of promoting the X.500 Directory
Services in Belgium, the Helios-B group of the
University of Brussels has set up a public DUA/DSA
service which makes joining the project a lot more
easy for SMEs. It does this by reducing both the
costs and the required effort. This paper provides
all details needed to make use of this service.
Although it was not our intention to become too
technical, this paper might contain some
information which requires some X.500 background.
In case you experience some problems with terms
used in this paper, please refer to the first
edition of the document. That edition contains a
short technical description of X.500.
1. Introduction
During the first few months after the initial establishment of
the X.500 services in Belgium, most time was spent on offering
a more stable service. The quality of the service which is
currently offered by the Helios-B group of the University of
Brussels has benefited a lot from the quality of the existing
X.500 products. The Belgian national DSA is now based on QUIPU
8.0, the X.500 implementation of ISODE. Among all national
DSAs, the Belgian master is currently in the top five of the
most stable DSAs in the world. Nevertheless, we are still
trying to provide an even better service by setting up a backup
DSA which will take over the service transparently when the
master becomes unavailable for some reason.
At the same time, the number of registered organisations,
people and services is still expanding. A lot of effort has
been spent on the development of tools to bulk load data from
other existing databases.
Last, but not least, Public Access to the X.500 services in
Belgium has also been expanded. The idea was not to make the
service more complex or to give it a bigger functionality, but
rather to provide services which better match the requirements
of the users and their technical means. A detailed description
of the X.500 services offered by the Helios-B group of the
University of Brussels can be found in paragraph 3.
2. PARADISE, the European X.500 project
The original PARADISE X.500 project terminated at the end of
1992. When the project started in November 1990, it was decided
that it would officially finish by the end of last year.
However, in the course of the project it became clear that it
would be very difficult to reach the final milestone of the
project before that time. Nevertheless it would be wrong to
think that the project did not meet the goals it was aiming at.
The aim of the project was to promote the use of X.500 services
in Europe. This it has done, and with success. One of the major
reasons why funding cannot be stopped from one day to the other
is that somebody should take care of the operation and
management of the root (world) DSA and of the coordination, on
an international level, of all the national initiatives. On the
other side there is also still a lot of promotional work to be
done. People are getting more and more aware of the existence
and the functionality of the X.500 services, most of them
however are still a bit reluctant towards joining the project.
The reason for this is simple. Although there are currently
already more than 1 million persons registered in the
directory, compared to the overall number of people using
computers daily, this figure is still very small. As a result
of this, promoting the X.500 services might have a negative
effect. People get disappointed when they try to find
information on persons or organisations which are not yet
registered and they will loose interest. That's why several
organisations offering X.500 services are trying to regain
people's interest by storing information which is of general
interest to everybody. In this scope the Helios-B group of the
University of Brussels has decided to store information on
hotels and restaurants in the directory. With Brussels being
one of the major cities in the European Community, we believe
that this service will be appreciated by a lot of people. More
information on this initiative can be found below.
For a detailed description of the current status of the
international PARADISE project we refer to the 3rd and 4th
editions of the PARADISE International Report. These reports
also summarise the national initiatives of countries involved,
even outside of Europe.
3. PARADISE in Belgium
The Belgian X.500 Value project currently covers the following
major activities: operating the Belgian national DSA, offering
DUA services to the public, loading information from existing
databases, operating a public file server on X.500 related
topics and promoting the X.500 service.
3.1 Operating the Belgian national DSA
Backup DSA for Belgium
----------------------
The most important changes since the previous Value status
report (September 1992) is the establishment of a backup DSA
for the Belgian Directory Information Tree (DIT). This DSA is,
as the master, also operated by the Helios-B group of the
University of Brussels. It's called "Red Titi Monkey" and it's
currently only accessible over IP. Actions have been taken to
make it also operational over Public X.25 and IXI/Europanet.
This backup DSA or slave DSA is set up in such a way that the
Belgian DIT will not become invisible when the master DSA, the
"Woolly Spider Monkey" is becoming unavailable. The existence
of the backup DSA has been forwarded to the root DSA which, on
its turn, forwards the information to a large number of other
national DSAs. When a DSA tries to access the Belgian master
and finds out that this DSA is down, it will automatically try
to connect to the slave. This slave DSA contains exactly the
same information as the master because it gets regular copies
from this latter DSA. An equivalent mechanism is currently
being set up for the public access DUAs, i.e. they will first
try to connect to the master. If this fails, they will redirect
themselves to the slave DSA. You may only notice some slight
delay when this situation occurs.
DSA services in Belgium
-----------------------
The Helios-B group of the University of Brussels is still
offering a limited amount of storage capacity on the master
DSA. With this service it is aiming at SMEs which are
interested in joining the X.500 project but which don't want to
spend money to buy a dedicated machine, on which they could
operate their own DSA, or to hire somebody to manage the
service. This public DSA service is currently still offered
free of any charge.
The service is already open to the public and can be used
through the IDM (Interactive Directory Management) DUA. No
special permissions are required to use the service. This means
that you should only contact the Belgian Helpdesk if you need
some more information (Feel free to do this whenever you want.
See annex A). A detailed description of IDM and how to use it
can be found further in this document. Connection data for IDM
and an example session have been included in annexes B and C.
3.2 Public DUA services
Most of the Public Access DUA services, which were already
mentioned in the previous X.500 status report, are still
available. Usage of all these DUA services has been monitored
and, based on the results, some interfaces have been removed
while others have been enhanced. An important change since the
previous release of this paper is the establishment of a modem
access to some of the services mentioned in this paragraph. It
is however not our intention to promote the use of modems, but
as we received some requests from organisations which don't
have access to any network, we decided to add this service as
an interim solution. Modem access to X.500 should not be
considered as a real service, but rather as a means to allow
more people to have some first hands-on experience with the
X.500 Directory. All the services listed below are available to
the public. Detailed information on how to access them can be
found in annex B. Example sessions have been included in Annex
C.
DE (Directory Enquiry)
----------------------
DE is an easy to use, self explanatory, line-oriented DUA. It
supports searching and retrieving of a limited number of
entries. A power-search version of DE is available through the
public PARADISE X.500 interface. This latter version of DE
allows the user to search for persons directly under the
country level. It does this by scanning all registered
organisations. Furthermore it provides an estimate of the time
required to solve your query. This estimate is based on
previous equivalent queries.
IDM (Interactive Directory Management)
--------------------------------------
IDM is the Directory Management extension of DE. It allows new
organisations to register themselves and their employees in the
X.500 Directory without direct interaction with the country-
level directory manager. The use of IDM is explained in detail
in paragraph 4 (Joining PARADISE).
SD (Screen Directory)
---------------------
It is clear that windows-oriented interfaces show a higher
degree of user friendliness than simple line-oriented
interfaces. The same is true for X.500 DUAs. However, due to
the price of terminals that are able to deal with such
interfaces, most users are still obliged to stick to their
simple VT100 equivalent terminals. With SD a (successful)
attempt has been made to build a full screen interface for
character addressable terminals. The interface is limited to
searching and retrieving information. Nevertheless it is still
part of our public DUA service as we believe it's a good
example of a full screen day-to-day interface.
MaX.500 2.0B1 (Macintosh DUA)
-----------------------------
MaX.500 2.0B1 is the latest available version of the X.500
interface for the Apple Macintosh. MaX.500 allows searching,
retrieval and management of data (mainly personal entries).
Although it provides a higher functionality than DE and SD, the
interface is still quite easy to use. Installation of maX.500
is also straightforward as it is not using a complete OSI stack
but rather relies on the availability of an LDAP (Light Weight
Directory Access Protocol) server. MaX.500 can be obtained from
our public file server (see below).
DOS-DE
------
DOS-DE is the MS-DOS version of DE. As maX.500 it is using the
LDAP server. DOS-DE is also very easy to install and can be
obtained from our public file server (see below).
PDUA (Personal DUA)
-------------------
PDUA is an experimental, VT100 based DUA which has been
developed at the University of Brussels. The initial idea
behind PDUA was to provide a user-friendly interface which
allowed the users to modify their own entries. The advantage of
PDUA is that it supports context-specific help which can be
consulted at any moment in the course of the session.
PDUA has however grown beyond its initial aim and can now be
considered as a testbed to try out new X.500 Object Classes
(i.e. new kinds of information). It remains however available
as a public DUA.
DUA.400 (X.400 Mail Responder)
------------------------------
DUA.400 is an X.400 mail responder which handles X.500 queries.
DUA.400 was also developed at the University of Brussels. The
mail responder captures the body of the mail and sends it to an
interpreter which will query the X.500 Directory based on the
commands contained in the mail. The functionality of the mail
responder is limited to browsing and simple searching. A
helpfile can be obtained by sending a mail with only a question
mark in the body part.
PC.500 (DUA for MS-Windows)
---------------------------
PC.500 is the working-name of the DUA for MS-Windows which is
currently under development by students at the University of
Brussels. PC.500 will make use of an LDAP server.
DIXIE and LDAP server
---------------------
DIXIE and LDAP are Light-Weight Directory Access Protocol
servers which have been installed at the University of Brussels
and which have been opened to the public. The DIXIE server is
the first of such servers which became operational and it is
still available for historical reasons as it supports the first
version of maX.500. In the future the LDAP server will take
over all low-weight directory access coming from PCs (DOS-DE
and PC.500) and Macintoshes (maX500 2.0B1 and later).
Modem access to DE, IDM and PDUA
--------------------------------
When dialling in on one of the numbers given in annex B, you
will get access to a terminal server at the University of
Brussels. With this terminal server you can connect to a
machine (elem3) on which there are three public accounts that
correspond to the following DUA services: DE, IDM and PDUA. The
username you should use is the same as the service to which it
provides access (in lower-case). More details on how to use
this service can be found in annex B. If you intend to use this
service, please refer also to the example session in annex C.
Some necessary and useful details, which are hard to explain
with only some textual description, are given there.
3.3 Loading external databases
Two important factors when measuring the success of the
existing X.500 infrastructure are the quality and the quantity
of the information it provides. Quality is related to the
correctness of the registered data while quantity reflects the
amount of entries. They can be considered as being of equal
importance. The more data which will be stored in the
directory, the more time will have to be spent to keep the
quality (correctness) of the data at an acceptable level. When
trying to tackle this problem, we first have to consider where
the original data is coming from. We can bring this back to 2
alternatives; or the original data is stored in the X.500
directory itself or the data is coming from an external source.
In the former case, management is quite simple. Each registered
person is able to check his own directory information and
modify it if this is required. To help the user remembering
this, the X.500 directory could send a mail on a regular basis
to all registered persons, containing that person's entry. If
the user feels something has to be modified, he can send back a
mail containing the new information or he can access the
directory interactively through any of the available DUAs.
However, if the original data is coming from a source other
than the X.500 directory, keeping the information in the
directory up-to-date might cause more problems. In this case
the data will have to be downloaded on a regular basis from its
source to the X.500 directory. This process requires the
availability of several converters. We, at the University of
Brussels, have chosen for the three step approach which is
illustrated in the following figure.
-- figure are not available in the text format version
During the first step the external data, which might be in any
format, is converted into a textual representation. This
representation is transformed, during the second step, into the
DM (Directory Management) format. This format is inherent to
the QUIPU software. In a third step the files with the data in
DM format are loaded with the DM loader. By choosing this three
step approach we have limited the impact of the external format
on the conversion tools. Whatever the external format may be,
the last step remains the same. In most cases only the second
step will have to be redone as the external information is
usually already stored in textual format or in any database
format from which a textual representation can easily be
generated by the used database environment itself. The
modifications which are required for the second step are quite
simple as the input format for this converter assumes that the
textual input file contains one record (i.e. new X.500 entry)
per line with fields separated by a predefined separator. One
problem remains however. If the information which was
downloaded from some external source is modified in the time
period between two downloads, on the external side as well as
on the X.500 side, both sources are inconsistent. Therefore,
before downloading the external data again, the information
which is already stored in the X.500 directory will be passed
through step 3 backwards. This will result in a DM-format
version of the stored data. By converting the new data with
steps one and two, we will generate a DM-format copy of the new
data. Afterwards we can use the DM-diff tool to compare these
two versions and generate a new DM-format file which we will
feed into the DM-loader (step 3). This will bring the
information in the X.500 directory up-to-date with the
information coming from the external source, taking into
account the changes which have been made to the information
which was stored in the directory.
So, each time we want to load information from an external
source into the X.500 directory, we have to consider which
information we want to store. This means that first we have to
check whether appropriate Object Classes are available (e.g.
organization, department, organizational person, residential
person, hotel, restaurant, etc.). An Object Class can best be
compared with a specification of a record of a database. The
fields of the record are called the Attributes of the Object
Class. If no usable Object Classes are available, we should
create new ones. In most cases (depending of course on the
X.500 software) this is straightforward. Building Object
Classes for X.500 is like defining records in Pascal or structs
in C. Once the Object Classes are available, we have to
generate (step 1) a textual representation of the source, i.e.
a file with for each entry a line containing all the
information (separated fields corresponding to the Attributes)
which is required by the new Object Class. Before we execute
step two we have to specify which fields of the textual
representation correspond to which attributes. Once we have
done that, we can execute the last two steps.
Summarised, this means that loading external data involves 2
tasks: generate a textual representation and define the mapping
to corresponding attributes. The Helios-B group of the
University of Brussels has already performed these two
operations for several external sources and is willing to
provide help to anybody who is planning to bulk-load existing
data in X.500.
3.4 The Helios-B public file server
The Helios-B group of the University of Brussels has set up a
public file server which is accessible through anonymous FTAM
and FTP. Access details can be found in annex D. Currently the
X.500 sub-directory of the file server contains the following
information:
- an up-to-date table with accessible X.500 DUAs
- the latest available patches for the ISODE software
- ISODE/QUIPU oidtables with Object Identifiers and
definitions of new X.500 Objects
- status reports of the Belgian X.500 Value project (e.g.
this paper)
- compressed executables of DOS-DE
- compressed executables of maX.500
- an index file describing all available files
This table will be kept up-to-date on a day-to-day basis. So,
check regularly for new information.
3.5 X.500 Integration
As an interactive service, X.500 has already proven to be very
useful. However, the aim is to reach a total integration of
several OSI services. Both X.400 and FTAM can make good use of
the X.500 services. We can e.g. store X.400 routing information
or X.400 mailing-lists in the X.500 Directory Information Base
(DIB). It is also possible to store local services (X.400,
FTAM, etc.) under the entry of the organisation or the
department which is providing them. This latter mechanism works
in two directions. Incoming requests for a specific service
will be captured by a daemon which will search the local X.500
DIB. If the service is registered in the Directory, the
corresponding entry will contain all information required to
forward the request.
In the other direction, a local service can access the X.500
directory through a daemon in order to find the connection data
for some remote service. Combined with the User Friendly Naming
(UFN) strategy this can provide rather interesting
functionalities. E.g. consider the command ftam ucl,gb . As
ucl,gb is using the UFN format, FTAM will try to resolve this
destination description by forwarding it to the X.500
Directory. As a matching entry X.500 will propose to connect to
the FTAM responder of the University College London in Great
Britain. The advantage of this is that we don't have to
remember complex addresses anymore. As can be seen in this
example, the name (eventually abbreviated) of the organisation
and the country will do. If that organisation would have
several matching services, a list will be proposed. By using
the UFN format and the X.500 service, any changes in the
physical location of the remote service will remain transparent
for the user.
The integration with other OSI applications is one of the major
concerns for the near future in specifying and implementing the
X.500 standards.
4. Joining PARADISE
In the past we have made a distinction between passive and
active participation in the PARADISE project. Now, we would
like to restrict ourselves to saying that people who (for the
time being) decide they only want to use the existing X.500
infrastructure for information retrieval without being
registered themselves, should refer to annexes B and C of this
paper. There they will find all the information they need to
access the Public DUA services.
For people willing to participate actively in the X.500
PARADISE project, things have become more easy due to the
introduction of the IDM interface. IDM, the Interactive
Directory Manager, allows the user to manage all the entries
for which he has the privileges. This can be an entry for an
organization, a department or a person. Having the privilege
means, he is allowed by his organisation to manage the entries
and he knows the password required to modify the information.
The following figure has been added to guide people willing to
register themselves or the organisation to which they belong.
In this figure we suppose that you have access to a running IDM
(possibly remotely over X.25, IXI/Europanet, Internet or by
modem - see annex B).
-- figure are not available in the text format version
1.First you should check whether your organisation is already
registered or not. IDM can help you with this by typing the
name of your organisation when you connect to the DSA. If
the organisation is not yet registered, IDM will ask you
whether it is your intention to register it. Now you should
consider the fact whether you are allowed by your
organisation to do this or not. By answering yes to this
question, IDM will consider you as the X.500 manager of your
organisation.
2.Now you should check whether your organisation is operating
its own DSA or whether it is using a remote DSA service.
3.As your organisation is already registered in the X.500
directory and it is operating its own DSA, you should direct
yourself to your local DSA manager as he might have worked
out his own registration procedure. Anyway, he will be the
only person having enough privileges to add entries under
your organisation's subtree. Once you are registered you
will be able to modify your own entry with IDM.
4.Your organisation is registered but it is not operating its
own DSA. This means your organisation is probably an SME and
it is using some remote X.500 DSA service. As your
organisation is already registered, somebody within your
organisation must have been appointed as your local DSA
manager, i.e. somebody of your organisation has been given
the privileges on a remote DSA to add entries under the
subtree of your organisation. You should direct yourself to
him to have your name registered. Once your entry has been
added to the directory you will be able to make
modifications to it by using a remote IDM. It is however
also possible that your organisation is running a local DUA
(e.g. IDM) even though it has no local DSA. In this case it
might be easier for you to use that local interface.
5.Your organisation is not yet registered and you have decided
that you might become the future X.500 manager for your
organisation. You should now ask yourself whether you are
willing to operate your own DSA or whether you want to use
some remote DSA service. Criteria you have to consider
before answering this question are: you need network
connectivity (X.25, IXI/Europanet, Internet), you need an
X.500 DSA implementation, an X.500 DSA requires a dedicated
machine, management might be a full time job for the first
few months and after these months a DSA manager (or a
backup) will have to be present on a permanent basis.
6.You have decided that you want to operate your own DSA. This
means you have considered the criteria mentioned under point
5. At this point you should not hesitate to contact the
Belgian PARADISE helpdesk if you have any problem with
choosing X.500 software and the necessary hardware.
Furthermore we are willing to offer you our expertise when
installing a local X.500 DSA and linking it to the Belgian
national DSA.
7.We consider an organisation as an SME when less than 100
X.500 entries are required for the organisation. Furthermore
you should be aware of the fact that IDM only supports flat
hierarchies for SMEs. This means that all employees will be
registered directly under the entry for your organisation.
However, if you do want to register departments under your
organisation, contact the Belgian PARADISE helpdesk. In
theory this should not cause any problems but it requires
some actions to be taken by our local DSA manager.
8.As your organisation is an SME, you are allowed to use the
remote DSA service offered by the University of Brussels.
This means that we open some storage capacity on our local
DSA to store a limited number of entries of other
organisations. This DSA service is still free of charge. In
order to register your organisation you should appoint one
person (and eventually a backup) who will become your local
DSA manager. This means that this person will register and
manage your organisation and its entries, i.e. add and
delete entries (e.g. persons). Once your local DSA manager
has registered a person, that person will be able to modify
his/her personal information in the directory.
The tool, which has been made available to remote users to
register their organisation and its employees, is called
IDM. IDM access details and example sessions can be found in
annexes B and C.
It is important to remember that usage of IDM is always open
to anybody and that it's free of any charge (except for your
network connection of course). When you decide to register
your organisation you don't have to warn us. We will see the
entries you have created appear in the DIB (Directory
Information Base) and we will take the necessary actions to
transfer the information to its proper place in the DIT
(Directory Information Tree). This transfer of information
is required as IDM stores the new entries in a temporary
place in the DIT where it will only be visible to you and
the other persons of your organisation and to our local DSA
manager. Our DSA manager will check the new entries and if
everything look fine (this will usually be the case as
nothing should go wrong when using IDM), he will move the
information directly under the Belgian subtree. At that
moment your organisation and its entries will become visible
to the rest of the world.
Our local DSA manager will check for new organisations on a
regular basis. Nevertheless, giving some signal (phone call
or mail to helpdesk) will speed up the official registration
process.
9.Apparently you require more than 100 entries for your
organisation. This doesn't mean that you are per se excluded
from our public DSA service. We urge you to contact the
Belgian PARADISE helpdesk as we will consider these requests
on a case by case basis. Eventually we could be able to make
some special arrangements or help you planning the set up of
your private DSA.
5. Conclusion
As can be seen in the 4th international PARADISE project
report, the number of entries in the X.500 Directory is still
growing. By the end of 1992, the figure came close to 1
million. Most of the entries however still belong to research
organisations (mainly universities). The ratio between
registered private and research organisations in Belgium is
more or less the same as in the rest of the world. The overall
number of entries under the Belgian subtree is still relatively
small. By the end of February `93 only 3816 entries were
registered in 5 DSAs. But there's positive news in the Belgian
X.500 world. Recently RTT/Belgacom has shown positive interest
in the X.500 project. Negotiations are on their way on how they
could cooperate in the project. Furthermore, with the
introduction of IDM, participation in X.500 has become more
easy for SMEs. Larger organisation, on their turn, can benefit
a lot from the development (both by the University of Brussels
and University College London) of all kinds of tools to bulk-
load data from existing databases. Still, X.500 will not become
a success through the driving force of a few individuals. We
have to work together to build it into something useful.
Otherwise we will run the risk in getting behind in still
another field of modern technology. The figures in the last
International PARADISE report show that it's not yet too late
but that we should act NOW. Europe is ready for X.500! Are we?
6. Acknowledgement
Part of the recent work carried out at the University of
Brussels on X.500 services is sponsored by a grant of the
Commission of the European Communities under the VALUE
programme.
Annex A
PARADISE Helpdesk
Linda Millington
Department of Computer Science
University College London
Gower Street
London WC1E 6BT
Tel.:+44 71 405 8400 x432
Fax: +44 71 242 1845
E-mail: helpdesk@paradise.ulcc.ac.uk
C=gb; ADMD= ; PRMD=uk.ac; O=ulcc; OU=paradise; S=helpdesk
PARADISE Project Manager
David Goodman
Department of Computer Science
University College London
Gower Street
London WC1E 6BT
Tel.:+44 71 380 7294
Fax: +44 71 387 1397
E-mail: d.goodman@cs.ucl.ac.uk
C=gb; ADMD=gold 400; PRMD=uk.ac; O=ucl; OU=cs; S=goodman; I=D
X.500: C=GB@O=University College London@OU=Computer Science@
CN=David Goodman
Belgian PARADISE Helpdesk
Nils Meulemans
VUB-ULB
Group Helios-B
CP 230 Bd du Triomphe
B-1050 Brussels
Tel.:02/641.35.53
Fax: 02/641.38.16
E-mail: meulemans@helios.iihe.rtt.be
C=be; ADMD=rtt; PRMD=iihe; O=helios; S=meulemans
X.500: C=BE@O=Vrije Universiteit Brussel@OU=Helios@CN=Nils Meulemans
Annex B
Public DUA services
Except for the last one, all the services mentioned in this
annex are offered by the Helios-B group of the University of
Brussels. The last one is the central PARADISE DUA located at
the University of London Computer Centre (ULCC).
DE
IP: 134.184.11.4 (elem4.vub.ac.be)
public X.25: 222100611
IXI: 204306500004
Login: dua
IDM
IP: 134.184.11.4 (elem4.vub.ac.be)
public X.25: 222100611
IXI: 204306500004
Login: idm
SD
IP: 134.184.11.4 (elem4.vub.ac.be)
public X.25: 222100611
IXI: 204306500004
Login: sd
PDUA
IP: 134.184.11.4 (elem4.vub.ac.be)
Public X.25: 222100611
IXI: 204306500004
Login: pdua
DUA.400 DUA.400 DUA.400
Send a mail with a "?" in the body-part to:
X.400: s=directory/o=elem4/p=iihe/a=rtt/c=be
RFC: directory@elem4.iihe.rtt.be
Modem Access
Tel. numbers: 02/641.38.01 and 02/641.38.02
Username: Identify yourself to the terminal server.
Local machine: elem3 Front-end for DUA services.
Login: DE, IDM or PDUA
DIXIE and LDAP servers
The DIXIE and LDAP servers of the University of Brussels are
accessible over IP: elem4.vub.ac.be (134.184.11.4).
GOPHER server
Recently a Gopher to X.500 gateway has been established on the
STC (Service Telematique et Communication) Gopher server. This
Gopher server is accessible over IP: elem4.vub.ac.be
(134.184.11.4). The server has also been registered in the
world-wide Gopherspace. More information on this new service
will be included in our next X.500 Value report.
PARADISE DE
IP: 128.86.8.56 (paradise.ulcc.ac.uk)
Public X.25: 23421920014853
IXI: 20433450400253
Login: dua
Annex C
Examples of DUA Sessions
DE
--
In the next example we used the public DE (Directory Enquiry)
service of the University of Brussels in order to search
information on Paul Van Binst. We know that he's working at the
Universite Libre de Bruxelles (ULB) but we don't know the exact
department. DE searches through the entire subtree of the ULB
in order to find a matching entry.
Person's name, q to quit, * to list people, ? for help
:- van binst
Department name, * to list depts, to search all depts, ? for
help
:-
Organisation name, * to list orgs, ? for help
:- ulb
Country name, to search `BE', * to list countries, ? for help
:- be
Belgium
Universite Libre de Bruxelles
Helios
Paul Van Binst
postalAddress Brussels University
Helios-B
CP 230 Bd du Triomphe
Brussels
B-1050
telephoneNumber +32-2-641.32.11
fax +32-2-641.38.16
X.400 mail address
/S=vanbinst/O=helios/Prmd=iihe/Admd=rtt/C=be/
RFC mail address vanbinst@helios.iihe.rtt.be
favouriteDrink Champagne
Person's name, q to quit, for `van binst', * to list people, ?
for help
:-
IDM
---
When connecting to the X.500 directory with IDM, you will first
have to identify yourself. In order to identify yourself, you
should tell IDM your name, possibly the department where you
work, the organisation to which this department belongs and in
which country the organisation is located. IDM will ask your
password to prove that you're really the person who you claim
to be. In case you want to change information in your own
entry, you should identify yourself by providing your personal
password. However, if it's your intention to manage other
information of your organisation, you should identify yourself
as the Directory Manager of that organisation. In the example
below we connect as Nils Meulemans, who is also the X.500
directory manager of the department Helios of the Vrije
Universiteit Brussel.
Connecting to the directory please wait... Done
Please enter the country of the organisation you wish to manage
Country name, * to list countries : be
BE -- Belgium
Please enter the name of the organisation you wish to manage
Organisation name, * to list organisations : Vrije
Universiteit Brussel
Vrije Universiteit Brussel
Optional Department name, * to list departments : Helios
Helios
Your name, * to list entries, : Nils Meulemans
You have been identified as user: Nils Meulemans
Helios
Vrije Universiteit Brussel
BE
Please enter your password :
You are managing the Directory at: Helios
Vrije Universiteit Brussel
BE
In this example, the organisation and the person already exist.
As such, IDM has found the entry and asked for the
corresponding password. However, let us assume that the
organisation is not yet registered.
Connecting to the directory please wait... Done
Please enter the country of the organisation you wish to manage
Country name, * to list countries : be
BE -- Belgium
Please enter the name of the organisation you wish to manage
Organisation name, * to list organisations : Oscar Bever Ltd
No organisations match `Oscar Bever Ltd'
Searching for recently registered organisations please
wait... Done
No organisations match `Oscar Bever Ltd'
Do you want to add the organisation `Oscar Bever Ltd'? (y/n)
[n] y
This facility allows you to register an organisation in the
Directory.
PARADISE will convey the information you provide to the
appropriate national
Directory manager who will be responsible for adding your
organisation.
Please enter the name of the organisation,
exactly as you want it registered in the directory q to quit
[Oscar Bever Ltd] :
Telephone number: +32-2-641.35.53
telexNumber (Number, Country and Answerback)
Number: 63538
Country: BE
Answerback: OSBE
NAME OF ENTRY - Oscar Bever Ltd
Telephone number - +32-2-641.35.53
telexNumber - 63538
- BE
- OSBE
Are all the values OK ? (y/n) [n] y
Adding the organisation `Oscar Bever Ltd' please wait... ...
Done
Password to be used for managing your directory account :
Password verification :
Adding the entry with your organisation's password please
wait... ...Done
Do you want to add entries to the new organisation? (y/n) [y]
n
Your organisation has been successfully added to the directory.
As the organisation Oscar Bever Ltd is not yet registered under
the Belgian X.500 subtree, IDM asks whether it is the intention
to register the organisation. Notice that in this example we
haven't identified ourselves. The reason is obvious. The
organisation doesn't exist yet and as such it is impossible to
identify yourself as a person belonging to that organisation.
By answering yes to question about our intention to register
the organisation, IDM doesn't only create an entry for the new
organisation, it creates also an entry called Directory Manager
under that organisation. This entry will be used in the future
to identify the directory manager for the organisation you just
registered. This means that if you want to manage the directory
information of your organisation, you will have to identify
yourself as the Directory Manager when using IDM. This requires
you to know the password which was typed when registering the
organisation (see example above). The directory manager will
have privileges to change the organisation information and to
add and delete persons. He will not be able to change
information of registered persons, as this is left to the
persons themselves. In the example below we will add a new
person to the organisation we just registered.
Connecting to the directory please wait... Done
Please enter the country of the organisation you wish to manage
Country name, * to list countries : be
BE -- Belgium
Please enter the name of the organisation you wish to manage
Organisation name, * to list organisations : Oscar Bever Ltd
No organisations match `Oscar Bever Ltd'
Searching for recently registered organisations please
wait... Done
Oscar Bever Ltd
Please enter your password :
The following options are available
1 Maintain organisation entries
2 Update organisation entry
3 Change password
4 Help overview
Enter number or q to quit [1 Maintain organisation entries]: 1
The following options are available
1 List all entries
2 Read an entry
3 Add a new entry
4 Modify an existing entry
5 Delete an existing entry
Enter number or q to quit [3 Add a new entry]: 3
The following options are available
1 Add a person
2 Add a role
3 Add a room
Enter number or q to quit to previous menu [1 Add a person]: 1
Enter q to quit from this option at any time
Enter surname, q to quit adding a person: Verdoodt
Enter first name: Katrijn
Checking that entry is not already in the Directory... Done
Enter full name [Katrijn Verdoodt]:
Telephone number: +32-2-641.35.53
RFC mail address: katrijn@oscar.ac.be
X.400 mail: s=katrijn;o=oscar;p=iihe;a=rtt;c=be
Room number: 216 B
NAME OF ENTRY - Katrijn Verdoodt
Full name - Katrijn Verdoodt
Telephone number - +32-2-641.35.53
RFC mail address - katrijn@oscar.ac.be
X.400 mail - s=katrijn;o=oscar;p=iihe;a=rtt;c=be
Room number - 216 B
Are all the values OK ? (y/n) [n] y
Adding the entry `Katrijn Verdoodt' please wait... Done
Enter surname, q to quit adding a person: q
The following options are available
1 List all entries
2 Read an entry
3 Add a new entry
4 Modify an existing entry
5 Delete an existing entry
Enter number or q to quit [3 Add a new entry]: 1
Directory Manager
Katrijn Verdoodt
Telephone number +32-5-56.12.76
X.400 mail s=katrijn;o=oscar;p=iihe;a=rtt;c=be
RFC mail address katrijn@oscar.ac.be
Room number 216 B
The following options are available
1 List all entries
2 Read an entry
3 Add a new entry
4 Modify an existing entry
5 Delete an existing entry
Enter number or q to quit [3 Add a new entry]: q
The following options are available
1 Maintain organisation entries
2 Update organisation entry
3 Change password
4 Help overview
Enter number or q to quit [1 Maintain organisation entries]: q
In the previous example you will notice that as soon as IDM has
added the new entry it asks again for a surname. This allows
you to register a sequence of new entries. In the examples
above you will also find some menus IDM will present you in the
course of your session. They will give you an idea of the
functionality of IDM.
Note: When using IDM for the first time, all of this might seem
a bit complex. Therefore we allow you to use IDM in an
experimental way. This means we have no problem with the fact
that you create fake organisations to try out IDM's
functionality. However, in order to make it easy for us to make
a distinction between real and fake organisations, include the
word test somewhere in the name of the organisation.
PDUA
----
In the next example we are looking for a person who is working
at the Vrije Universiteit Brussel (VUB). We know his firstname
is Theo and that he's involved in Computer Science (Informatica
in Dutch). The reason why PDUA proposes to do a power-search is
that PDUA is in the first place aimed at persons modifying only
their personal information and that everybody should at least
be able to find his own entry without the help of the X.500
search facility. IDM could be used for this purpose, but PDUA
offers a more user-friendly interface.
Welcome to the Personal DUA.
----------------------------
This DUA supports limited modification facilities of personal Directory
entries. In order to identify yourself and locate your entry it allows
you to travel through the DIT. At any moment you can use the following
commands:
q ............. quit
m ............. modify current entry
s ............. show current entry
i ............. identify user
h ............. help
? ............. context specific help
f ............. more help and further developments
* ............. list entries at current level
@ ............. moveto root
.. ............. move back one level
............. moveto next level (wildcards supported)
If you intend to modify information, please move to your entry and
identify yourself by typing 'i' or 'I'.
--------------------------------------------------------------------
Current position: root
--------------------------------------------------------------------
Entry Name: be
Current position: BE
--------------------------------------------------------------------
Entry Name: vrije *
Current position: BE
Vrije Universiteit Brussel
--------------------------------------------------------------------
Entry Name: Theo *
No such entry. Would you like me to try a power-search (y/n): y
--------------------------------------------------------------------
1 ou=Wetenschappen@ou=Theoretische Fysische Scheikunde
2 ou=Wetenschappen@ou=Theoretische Natuurkunde
3 ou=Wetenschappen@ou=Departement Informatica@cn=Theo D'Hondt
4 ou=Geneeskunde en Farmacie@ou=Huisartsengeneeskunde@cn=Theo Marmitte
--------------------------------------------------------------------
Number: 3
--------------------------------------------------------------------
Current position: BE
Vrije Universiteit Brussel
Wetenschappen
Departement Informatica
Theo D'Hondt
--------------------------------------------------------------------
Reached leaf. Show or Modify entry : s
--------------------------------------------------------------------
- Name : Theo D'Hondt
- Surname : D'Hondt
- Business Address : Campus Oefenplein
Pleinlaan 2
Brussel
B-1050
- Telephone : +32-2-641.34.80
- RFC mail : tjdhondt@vnet3.vub.ac.be
- Room : 10F706
--------------------------------------------------------------------
Current position: BE
Vrije Universiteit Brussel
Wetenschappen
Departement Informatica
Theo D'Hondt
--------------------------------------------------------------------
Reached leaf. Show or Modify entry :
MaX.500
-------
When starting up maX.500 it will connect to a predefined LDAP
server. Through this server maX.500 will have access to an
X.500 Directory. MaX.500 will position itself at a specific
place (search-base) in the X.500 DIT. This search-base can be
predefined through the preferences of maX.500 (see Preferences
button) or it can be changed interactively by means of the
Browser (see Browse button).
-- figure are not available in the text format version
In our example the default search-base is set to Belgium, Vrije
Universiteit Brussel. We are now going to change this search-
base by using the browser. When we click on the Browse button
the following window will appear.
-- figure are not available in the text format version
This window shows all entries under the entry of the Vrije
Universiteit Brussel (as this is the current search-base). By
double clicking on the entry Helios, we now change the search-
base to Belgium, Vrije Universiteit Brussel, Helios. This new
search-base will now be used for all future search commands
issued through maX.500. In the next figure we see how we can
make a search in the X.500 DIT by using maX.500. In this
example we are searching for all entries of the type people
(i.e. X.500 Object Class for Organisational Persons) of which
the field Common Name (i.e. X.500 Attribute for Common Name )
starts with Nils. The scope of the search will be anywhere
under the current search-base, which we changed in the previous
figure to Belgium, Vrije Universiteit Brussel, Helios.
-- figure are not available in the text format version
As you can see, some of the words in the previous menu appear
in pop-up boxes. This allows the user to change the search-
filter. E.g. people could be changed to department to search
for departments, common name could be replaced by telephone
number in case we want to search somebody based on his
telephone number and starts with could become matches exactly
to locate entries of which the selected attribute matches
exactly the word in the search-box. Although this allows a
large flexibility in building the search-filter, the interface
remains easy to use. In specific cases, where this flexibility
is not wanted, this search window can be replaced by a much
simpler one without all the options (see Fewer Choices button).
By clicking Find, maX.500 will start searching the selected
subtree for entries matching the specified search-filter. In
our example it returns the following entry.
-- figure are not available in the text format version
When clicking on View Photo, the following window will appear.
-- figure are not available in the text format version
Note: Due to the software with which this picture was captured,
the result might not look very well. The supported format is
colour JPEG or black/white G3FAX.
Modem Access to X.500
---------------------
The next example shows a DE session issued through modem
access. It starts at the point where a connection has been
established with the Terminal Server. This connection will be
established automatically as soon as you have dialled the
corresponding telephone numbers. From the terminal server you
should connect to a machine called elem3 by typing connect
elem3 (or c elem3). Login on the machine as de, idm or pdua.
DECserver 200 Terminal Server V3.1 (BL37) - LAT V5.1
Please type HELP if you need assistance.
Enter username> Nils Meulemans
Local> connect elem3
Local -010- Session 1 to ELEM3 established
(elem3)
login: de
...
Person's name. q to quit, * to list people, ? for help
:- q
Connection closed
local -011- Session 1 disconnected from ELEM3
Local> logout
Local -020- Logged out port 4 on server LAT_08002B1DFEC8
Annex D
The Helios-B Public File Server
The Helios-B file server is accessible by anonymous FTP and
FTAM. All X.500 related files can be found in the X.500 sub-
directory.
FTP: elem4.vub.ac.be (134.184.11.4)
FTAM: helios, vub, be (in case of X.500 access)
Below 2 example sessions with both FTP and FTAM have been
included. On-line help can be obtained by typing help at the
FTP or FTAM prompt.
FTP
elem6-nils>ftp elem4.vub.ac.be
Connected to elem4.vub.ac.be.
220 elem4.vub.ac.be FTP server (SunOS 4.1) ready.
Name (elem4.vub.ac.be:nils): ftp
331 Guest login ok, send ident as password.
Password:
230 Guest login ok, access restrictions apply.
ftp> cd X.500
250 CWD command successful.
ftp> ls
200 PORT command successful.
150 ASCII data connection for /bin/ls (134.184.11.4,1209) (0
bytes).
INDEX
Public-DUAs.txt
X.500-status-2.0.ps
dosde.zip
index
isode-8-patch1.tar.Z
maX500.sit.Bin
oidtable.at
oidtable.gen
oidtable.oc
226 ASCII Transfer complete.
141 bytes received in 0.44 seconds (0.32 Kbytes/s)
ftp>
...
FTAM
elem4-nils>ftam helios,vub,be
user (helios,vub,be:nils): anon
[using file service,services,Helios,Vrije Universiteit
Brussel,BE]
helios,vub,be... connected
ANONymous user permitted, access restrictions apply
helios,vub,be> cd X.500
helios,vub,be> ls
INDEX index oidtable.gen
Public-DUAs.txt isode-8-patch1.tar.Z oidtable.oc
X.500-status-2.0.ps maX500.sit.Bin
dosde.zip oidtable.at
helios,vub,be>
...
Annex E
DSAs and Registered Organisations in Belgium
The following organisations are currently registered under the
Belgian DIT:
Universities
------------
Katholieke Universiteit Leuven (KUL)
Universitaire Instelling Antwerpen (UIA)
Universite Catholique de Louvain (UCL)
Universite Libre de Bruxelles (ULB)
Vrije Universiteit Brussel (VUB)
Private organisations
---------------------
Concurrent Computer Corporation
SYSTEC
Systematic Associates
The following DSAs are currently operational in the Belgian
DIT:
Woolly Spider Monkey
--------------------
The Woolly Spider Monkey DSA is the national master DSA for
Belgium. It is operated by the Helios-B group of the
University of Brussels. Apart from the root information of all
organisations registered in Belgium, it also holds all the
entries of both VUB and ULB with the exception of one
department on the VUB.
Red Titi Monkey
---------------
The Red Titi Monkey DSA is the national backup DSA for
Belgium. It is also operated by the Helios-B group of the
University of Brussels.
MotMot
------
MotMot is the master DSA of the department of Computer
Engineering of the VUB. Backup and slave copies of its entries
are however stored in the above mentioned DSAs.
Blue-headed Parrot
------------------
The Blue-headed Parrot DSA is the master DSA of the Katholieke
Universiteit Leuven. It is operated by the department of
Computer Science of the KUL.
Honey Bear
----------
Honey Bear is the name of the master DSA of the Concurrent
Computer Corporation. Although this DSA is physically located
in the UK, it also holds the entries of its employees in
several other European countries.