

Software
Product
Description


 Compaq OpenVMS Enterprise Directory for eBusiness V5.1   SPD 81.03.00
and Compaq Administrator for Enterprise Directory V1.0  




Description 

The Compaq? OpenVMS Enterprise 
Directory for eBusiness may be used to 
implement a distributed network directory 
service following the CCITT X.500 
Recommendations. These Recommendations 
split the functions of the directory between one 
or more Directory System Agents (DSA), 
where all information is held and one or more 
Directory User Agents (DUA), from which all 
inquiries and other directory actions are made. 
Using the X.500 model, departments and 
organizations may adopt an incremental 
independent approach to the establishment of a 
directory service using conforming products 
from multiple vendors. These separate 
implementations may then be connected 
together to provide a single logical directory 
service which spans the department, the 
organization, the region or the world, as 
appropriate. The Directory may contain 
information on anything of interest, typically 
people, systems, network resources, 
authentication certificates and databases and 
may be accessed both by individual users and 
applications. 

V5.1 includes a new management client 
known as the Compaq Administrator for 
Enterprise Directory, which is described within 
this document.

The OpenVMS Enterprise Directory product 
set includes: 

?	OpenVMS Enterprise Directory Server - a 
Directory System Agent

?	Compaq Administrator for Enterprise 
Directory for Windows clients 

?	OpenVMS Enterprise Directory 
Administration Facility - a Directory User 
Agent 

Other Compaq messaging and networking 
products such as all versions of Office Server 
and ALL-IN-1 V3.2, also provide the directory 
user agent function in order to access 
information in the Enterprise Directory Server. 

The OpenVMS Enterprise Directory products 
are based on the 1993 edition of ISO/IEC 9594 
and the CCITT X.500 series of 
recommendations. 

Abstract Services 

The OpenVMS Enterprise Directory 
components provide and support all of the 
X.500 Abstract Services, including: 

?	Read          
Read attributes from a named entry
?	Compare    
Test an attribute value without reading it
?	Abandon    
Abandon an outstanding operation
?	List             
List names of subordinate entries
?	Search        
Find entries matching a search expression        
?	Add             
Create a new entry
?	Remove       
Delete an entry
?	Modify Entry      
Add or remove attributes or values
?	Modify RDN       
Rename an entry 

The following operations are supported via the 
LDAPv3 protocol:

?	Bind  with simple password
?	Unbind
?	Search  no extensibleMatch option
?	Modify


     AE-PX3PO-TE
?	Add
?	Delete 
?	Modify Distinguished Name  no 
newSuperior option 
?	Compare
?	Abandon
?	Backwards compatibility with LDAPv2 
clients and directories

The following LDAP string syntaxes are 
supported:

?	AttributeTypeDescription (not in v2)
?	Binary
?	BitString
?	Boolean
?	Distinguished Name
?	DirectoryString
?	FacsimileTelephoneNumber
?	GeneralisedTime (not in v2)
?	IA5String
?	Integer
?	Jpeg
?	MHS-OR-Address
?	Octet String
?	UTC Time
?	Telex Number
?	NumericString
?	ObjectClassDescription
?	OID
?	PostalAddress
?	PrintableString
?	TelephoneNumber
?	Delivery Method
?	Printable or Numeric String

In addition the LDAP extension 
ManageDSAIT is included.

Schema 

The OpenVMS Enterprise Directory uses a 
highly configurable schema allowing customer 
definition of attributes, object classes, structure 
rules, and name forms. The schema is installed 
individually at each DSA. A default schema 
that implements the schema in X.520 and 
X.521 (1995 edition) as well as other useful 
definitions such as inetOrgPerson ObjectClass 
as defined in RFC2798 are included. 

Security 

The OpenVMS Enterprise Directory supports a 
subset of the Simplified Access Control 
scheme from the 1993 edition of the standard. 
This allows administrators to define policies 
that control access rights (such as read, 
browse, modify, remove) to entries and 
individual attributes within a particular part of 
the directory (naming context). 

The OpenVMS Enterprise Directory allows for 
the authentication of users by name and 
password. It also allows access to be restricted 
based on network address and for chained 
operations.

Distributed Operations 

The DSA supports standard X.500 distributed 
operations including chaining and referrals. 
Knowledge management of superior and 
subordinate references allows an OpenVMS 
Enterprise Directory DSA to participate as a 
first-level DSA or a subordinate DSA in a 
multi-vendor distributed Directory Information 
Base (DIB). 


Replication 

The OpenVMS Enterprise Directory supports 
shadowing of data between DSAs, allowing 
data to be replicated in the network for high 
availability and performance. Shadowing also 
allows replication of knowledge information 
for distributed operation, access control 
policies and authentication information, thus 
reducing the amount of management required. 

Shadowed information is represented using the 
DSA Information Model defined in the 1993 
edition of the standard. OpenVMS Enterprise 
Directory supports the shadowing service 
defined in X.525, including supplier initiated 
and consumer-initiated agreements, both 
scheduled and on change replication providing 
full or incremental updates. 

Protocols 

The Directory Service is based on the client-
server model. The DSA server supports the 
directorySystemAC application context (DSP 
protocol) to communicate with other DSAs. 
Communications between server DSAs and 
client DUAs are supported by the 
directoryAccessAC application context (DAP 
protocol). DAP enables DUAs in other X.500 
implementations to access the OpenVMS 
Enterprise Directory DSA and vice-versa. DSP 
enables full interworking with DSAs in other 
implementations. 

The X.500 DSA server supports LDAPv2 and 
LDAPv3 protocols.


For shadowing, the DSA supports 
shadowSupplierInitiatedAC and 
shadowConsumerInitiatedAC application 
contexts in both the synchronous and 
asynchronous variants (DISP protocol) and the 
directoryOperational BindingManagementAC 
application context (DOP protocol). 

The OpenVMS Enterprise Directory V5.0 runs 
on the OpenVMS Alpha operating system. It 
provides integrated, multi-protocol support 
allowing concurrent DAP and DSP access over 
OSI (using transport classes TP0, TP2, TP4) 
and RFC1006 over TCP/IP. 


Database 

The OpenVMS Enterprise Directory provides 
a Directory Information Base based on the 
1993 edition of Extended Information Models. 
This indexed database supports high-
performance searching and sophisticated 
matching including approximate (Soundex) 
match. The database is held in main memory 
to ensure optimal response times. 


Service Management 

The OpenVMS Enterprise Directory provides 
DSA management conforming to Compaq's 
Enterprise Management Architecture (EMA), 
integrated with DECnet-Plus. This provides 
remote management facilities to configure and 
control DSAs, and to log significant events. 


Programming Interface 

Application access to the OpenVMS 
Enterprise Directory is provided through the 
X/Open? Company Limited's OSI-Abstract-
Data Manipulation API and API to Directory 
Services, also known as the XDS/XOM 
Application Program Interface. 

Documentation, useful libraries and supporting 
files for the API are included with the 
OpenVMS Enterprise Directory.

The OpenVMS Enterprise Directory includes a 
base component that contains the DUA 
libraries and other supporting files necessary to 
support applications written to the directory 
API. This base component, therefore, provides 
run-time client access to the API libraries; it is 
distributed with the OpenVMS Enterprise 
Directory product. 

Compaq Administrator for Enterprise 
Directory V1.0

Description 

The Compaq? Administrator for Enterprise 
Directory (CAED) is a Graphical User 
Interface designed to enable system managers 
and administrators to easily manage multiple 
X.500 based Compaq Enterprise Directory 
servers. The CAED provides multiple views of 
a directory network, visually depicting 
associations and dependencies. This first 
release concentrates on management of the 
DSAs (Directory Service Agents) themselves. 

The CAED is written as a Java? application 
designed to run on any platform that supports 
the Java2 Runtime Environment V1.3 or later. 

The "Look-and-Feel" of the CAED is that of 
the Sun Metal look and feel chosen because of 
its multi-platform support and minimal 
software dependency on the host platforms. 

All communication with Enterprise Directory 
servers is via LDAP over an IP network 
allowing management of multiple directories 
from a single CAED. The CAED takes full 
advantage of features within the Enterprise 
Directory V5.1 to maximise manageability. 

Note: Earlier versions of Enterprise Directory 
are not supported.

All management operations performed by the 
CAED are subject to checking by Enterprise 
Directory, which prevents the user 
inadvertently modifying a DSA in such a way 
that it is left in an inconsistent state.

Functionality Supported

The CAED allows an administrator to connect 
simultaneously to an arbitrary number of 
Enterprise Directories - subject to suitable 
authentication - and provide a view of the DSA 
which highlights and allows manipulation of 
the following entities:

?	Naming Contexts

?	Display and highlight existing naming 
contexts
?	Create new naming contexts
?	Remove existing naming contexts



?	Superior References

?	Display an existing Superior 
Reference
?	Create a new Superior Reference
?	Modify or delete an existing Superior 
Reference

?	Subordinate References

?	Display existing subordinate 
references
?	Create new subordinate references
?	Modify or delete existing subordinate 
references

?	Replication

?	Display existing replication 
information
?	Create new replication agreements
?	Modify or delete existing replication 
agreements 

For operations which involve multiple DSAs,  
e.g. setting up a subordinate reference, the 
CAED makes checks on all DSAs involved 
before proceeding, and will issue appropriate 
diagnostic information in the case of 
inconsistency.

Security and Authentication

An authentication mechanism is available to 
ensure security and integrity of the DSAs and 
Schema. 

?	CAED to DSA security mechanism
?	User name and Password logon to 
DSA


Supported Platforms

The CAED has been tested and certified with 
the following platforms:

?	Windows 2000 SP2
or 
?	Windows NT V4 SP6
with
?	Java2 Runtime Environment V1.3
and
?	Connection to an IP network






Disk Space Requirements 

40 MB

Memory Requirements 

32 MB

DISTRIBUTION MEDIA 

This product is supplied with the OpenVMS 
Enterprise Directory V5.1 and is downloadable 
from the Web.

The on-line documentation for this product is 
included in the supplied kits.


Directory User Agents 

The OpenVMS Enterprise Directory 
Administration Facility provides a Directory 
User Agent. The Information Management 
Utility (DXIM) allows users to search and 
browse the directory and to maintain the data 
stored in it. Operations include the addition, 
modification, and deletion of entries. DXIM 
supports both DECwindows? Motif? and 
command line interfaces. It can be used on a 
DSA node or remotely from any other node in 
the network. 

DXIM is configurable, based on the schema 
definitions, to support customer defined 
attributes and classes. 

Access to the OpenVMS Enterprise Directory 
may also be obtained through other Compaq 
software products which contain the Directory 
User Agent function. For example, Office 
Server will allow users of TeamLinks, 
Outlook, IMAP4, POP3 and Web clients 
access to information in the X.500 Directory. 

Inclusion of the LDAP interface enables the 
following clients to obtain directory 
information:

?	Internet Explorer
?	Netscape Web Client
?	Outlook 2000 Client

And any client accessing via Office Server 
V4.0A (LDAPv2 support) or Office Server 
V5.0 and V6.0 (LDAPv3 support).






STANDARDS SUPPORTED 

The OpenVMS Enterprise Directory products 
are implemented according to the 1993 edition 
of ISO/IEC 9594 and the CCITT X.500 series 
of Recommendations. The products have 
successfully completed testing to the Open 
Systems Testing Consortium (OSTC) 1988 
X.500 conformance tests. The conformance 
testing was carried out by the United Kingdom 
National Computer Centre, an accredited 
OSTC testing centre, who produced OSTC test 
reports valid in all European Community 
states. The products have been registered by 
the U.S. National Institute of Standards and 
Technology (NIST) as conformant to U.S. 
GOSIP. 

The products are designed and implemented to 
conform, with some minor exceptions, to the 
following European and US profiles: 

NIST OIW Stable Implementor's Agreements - 
Version 5 edition 1 

?	ENV 41210
?	ENV 41212
?	ENV 41215
?	ENV 41512 

The product also supports, where applicable, 
the following Internet standards: 

?	RFC 1006
?	RFC 1274
?	RFC 1277 (as it applies to TCP/IP 
networks)
?	RFC 1278

The LDAP functionality will conform to the 
following standards. For LDAP V2:

?	RFC 1777 Lightweight Directory Access 
Protocol
?	RFC 1558 A String Representation of 
LDAP Search Filters
?	RFC 1778 The String Representation of 
Standard Attribute Syntaxes

For LDAP V3:

?	RFC 2251 Lightweight Directory Access 
Protocol (v3)
?	RFC 2252 Lightweight Directory Access 
Protocol (v3): Attribute Syntax 
Definitions
?	
?	

?	RFC 2253 Lightweight Directory Access 
Protocol (v3): UTF-8 String 
Representation of Distinguished Names
?	RFC 2254 The String Representation of 
LDAP Search Filters
?	RFC 2255 The LDAP URL Format
?	RFC 2256 A Summary of the X.500 (96) 
User Schema for use with LDAP V3


Character Set Support

LDAPv3 strings are based on the UTF-8 
character set and are restricted to characters 
that can be mapped to the T.61 character set. 
Input characters will be substituted by their 
base character wherever possible, if they can't 
be mapped to T.61.



HARDWARE REQUIREMENTS 

Processors Supported 

OpenVMS Enterprise Directory is supported 
on all valid OpenVMS AlphaServer 
configurations supported by DECnet-Plus. 
Refer to the DECnet-Plus for OpenVMS Alpha 
Software Product Description (SPD 50.45.xx) 
for further information on supported hardware 
configurations. 

Disk Space Requirements 

The counts below refer to the disk space 
required on the system disk or specified file 
systems. The sizes are approximate; actual 
sizes may vary depending on the user's system 
environment, configuration, and software 
options selected. 

The counts below refer to the space required to 
install the Directory Server, Administration, 
and Application Programming components. 
The Base component is a mandatory 
component for all installations. Permanent disk 
space requirements for the components are 
cumulative. Directory data files are not 
included and will require additional space 
which can be on a non-system disk. 

Disk space required for installation: 
 
Component		Blocks	     Kbytes
All:			40000	     20480




Disk space required for use (permanent): 

Component		Blocks	     Kbytes
Base:                          	  6000           3072
Server:                       	18000           9216 
Administration:                	  7000           3584
Application Programming:	  1000             512
Look-up client		  5000	       2560


Memory Requirements 

The performance of this product is dependent 
on the amount of system memory. The 
memory size suggested for most typical 
hardware configurations is at least 128 Mbytes 
for systems running the Directory Server. On 
these server systems, memory usage increases 
in proportion to the amount of data stored in 
the database. 

CLUSTER ENVIRONMENT 

This layered product is fully supported when 
installed on any valid and licensed 
VMScluster?* configuration without 
restrictions. Only one Directory System Agent 
(DSA) can be active on a single node or 
VMScluster at any one time. The 
HARDWARE REQUIREMENTS section of 
this document details any special hardware 
required by this product. 

    * VMScluster configurations are fully 
described in the VMScluster Software Product 
Description (29.78.xx) and include CI, 
Ethernet, and Mixed Interconnect 
configurations. 


SOFTWARE REQUIREMENTS 

For OpenVMS Alpha Systems: 

For Systems Using Terminals: 

OpenVMS Alpha Operating System 
V7.2-1, V7.3 or later 

DECnet-Plus V7.2-1 ECO2 for 
OpenVMS Alpha or later

Compaq TCP/IP Services for 
OpenVMS V5.0A or later is required 
for RFC1006 transport and LDAP 
protocols




For all OpenVMS Systems: 

This product may run in either of the following 
ways: 

Standalone Execution - Running the X11 
display server and the client application on 
the same machine. 
Remote Execution - Running the X11 
display server and the client application on 
different machines. 

OpenVMS Tailoring: 

The following OpenVMS classes are required 
for full functionality of this layered product: 

?	OpenVMS Required Saveset 
?	Network Support
?	Programming Support
?	VMS Workstation Support 

GROWTH CONSIDERATIONS 

The minimum hardware/software requirements 
for any future version of this product may be 
different from the requirements for the current 
version. 


DISTRIBUTION MEDIA 

This product is available:
?	with OpenVMS V7.3 and later 
distributions of OpenVMS
?	the OpenVMS Alpha Layered Products 
CD-ROM distribution's Software Product 
Library, formerly known as CONDIST
?	the OpenVMS e-Business CD V1.3 and 
later

The on-line documentation for this product is 
available on the OpenVMS V7.3 kit and Alpha 
Online Documentation CD-ROM distributions. 

A printed documentation kit is available. 


ORDERING INFORMATION 

In this section, an asterisk (*) denotes variant 
fields. For additional information on available 
licenses, services, and media, refer to the 
appropriate price book. 

    Software Product Services: 
 
?	QT-2NZA*-**
 

Compaq OpenVMS Enterprise Directory 
Administration Facility: 

    Software Licenses on the OpenVMS Alpha 
Software Products Library:  

?	QL-2P0A*-**

    Software Product Services: 

?	QT-2P0A*-**
 
            
   Documentation for all products: 

    OpenVMS Printed Documentation: 

?	QA-0P4AA-GZ
 


SOFTWARE LICENSING 

This software is furnished under the licensing 
provisions of Compaq Computer Corporation's 
Standard Terms and Conditions. For more 
information about Compaq's licensing terms 
and policies, contact your local Compaq office 
or Partner. 


License Management Facility Support 

This product is bundled at no license charge 
with OpenVMS V7.3 on an Unlimited System 
Use basis. There are no LMF license checks. 

In a messaging environment with mail user 
agents, a MAILbus 400 MTA and gateways, a 
5,000 entry DSA may be sufficient to support 
a user population of around 1000 people. For 
further details of this mechanism, consult the 
product documentation. 

The OpenVMS Enterprise Directory includes a 
base component that contains the DUA 
libraries and other supporting files necessary to 
support applications written to the directory 
API. This base component, therefore, provides 
run-time client access to the API libraries; it is 
distributed with the OpenVMS Enterprise 
Directory product. 

SOFTWARE PRODUCT SERVICES 
Software Product Services is based on Service 
level SPL3 when the product is first activated 
on every system.



SOFTWARE WARRANTY 

This software is provided by Compaq with a 
warranty in accordance with the Compaq 
OpenVMS operating system warranty that it is 
installed upon. 


Compaq, the Compaq logo, DEC, Digital, 
OpenVMS, VAX and VMS Registered in U.S. 
Patent and Trademark Office.

ALL-IN-1, CI, DECnet, DECstation, 
DECsystem, DECwindows, DECthreads, 
Digital, MicroVAX, OpenVMS, TK,  
VMScluster, VAXft, VAXserver and 
VAXstation are trademarks of Compaq 
Information Technologies Group, L.P. in the 
United States and/or other countries.

Microsoft Outlook is a registered trademark of 
Microsoft Corporation in the United States 
and/or other countries.

Motif, OSF, OSF/Motif, OSF/1 and UNIX are 
trademarks of The Open Group in the United 
States and other countries. 

All other product names mentioned herein may 
be trademarks of their respective companies. 

Confidential computer software. Valid license 
from Compaq required for possession, use or 
copying. Consistent with FAR 12.211 and 
12.212, Commercial Computer Software, 
Computer Software Documentation, and 
Technical Data for Commercial Items are 
licensed to the U.S. Government under 
vendor's standard commercial license.

Compaq shall not be liable for technical or 
editorial errors or omissions contained herein. 
The information in this document is provided 
"as is" without warranty of any kind and is 
subject to change without notice. The 
warranties for Compaq products are set forth 
in the express limited warranty statements 
accompanying such products. Nothing herein 
should be construed as constituting an 
additional warranty.


 2001 Compaq Computer Corporation 

Possession, use, or copying of the software 
described in this publication is authorized only 
pursuant to a valid written license from 
Compaq or an authorized sub-licensor.
Compaq OpenVMS Enterprise Directory for eBusiness V5.1
? 2001 Compaq Computer Corporation	1 	October, 2001
