       &                                DIGITAL  	  Software   Product  Description  D  ___________________________________________________________________  D  PRODUCT NAME:  Digital X.500 Directory Service         SPD 40.77.08    DESCRIPTION  
  Introduction   D  The Digital[TM] X.500 Directory Service products may be used to im-D  plement a distributed network directory service following the CCITTD  X.500 Recommendations. These Recommendations split the functions ofG  the directory between one of more Directory System Agents (DSA), where F  all information is held, and one or more Directory User Agents (DUA),E  from which all inquiries and other directory actions are made. Using F  the X.500 model, departments and organizations may adopt an incremen-E  tal independent approach to the establishment of a directory service D  using conforming products from multiple vendors. These separate im-F  plementations may then be connected together to provide a single log-E  ical directory service which spans the department, the organization, G  the region or the world, as appropriate. The Directory may contain in- F  formation on anything of interest, typically people, systems, networkE  resources and databases and may be accessed both by individual users   and applications.  :  The Digital X.500 Directory Service product set includes:  =  o  Digital X.500 Directory Server - a Directory System Agent   B  o  Digital X.500 Administration Facility - a Directory User Agent    D                                                           March 1997  D                                                          AE-PX3PJ-TE       I  Other Digital messaging and networking products, such as ALL-IN-1, Mail- G  Works for Digital UNIX and the InfoBroker Server, also provide the di- G  rectory user agent function in order to access information in the Dig-   ital X.500 Directory Server.   H  The Digital X.500 Directory Service products are based on the 1993 edi-D  tion of ISO/IEC 9594 and the CCITT X.500 series of Recommendations.  &  Version Numbers and Operating Systems  D  The current Digital X.500 Directory Service product version numbers%  and supported operating systems are:   D  ___________________________________________________________________D  Operating_System______X.500_Product_Version________________________    Digital UNIX[R]       3.1  OpenVMS[TM] Alpha     3.1D  OpenVMS_VAX[TM]_______3.1__________________________________________    Abstract Services  G  The Digital X.500 Directory Service components provide and support all +  of the X.500 Abstract Services, including:   3     Read         Read attributes from a named entry   ;     Compare      Test an attribute value without reading it   1     Abandon      Abandon an outstanding operation   2     List         List names of subordinate entries  :     Search       Find entries matching a search expression  #     Add          Create a new entry         Remove       Delete an entry  3     Modify       Add or remove attributes or values 	     Entry         Modify RDN   Rename an entry  #                                   2          Schema   F  The Digital X.500 Directory Service uses a configurable schema allow-H  ing customer definition of attributes, object classes, structure rules,D  and name forms. The schema is installed individually at each DSA. AH  default schema that implements the schema in X.520 and X.521 (1993 edi-7  tion) as well as other useful definitions is included.   	  Security   E  The Digital X.500 Directory Service supports a subset of the Simpli- G  fied Access Control scheme from the 1993 edition of the standard. This D  allows administrators to define policies that control access rightsE  (such as read, browse, modify, remove) to entries and individual at- E  tributes within a particular part of the directory (naming context).   E  The Digital X.500 Directory Service allows for the authentication of I  users by name and password. It also allows access to be restricted based B  on network address, and, for chained operations, originating DSA.    Distributed Operations   H  The DSA supports standard X.500 distributed operations including chain-D  ing and referrals. Knowledge management of superior and subordinateF  references allows a Digital X.500 DSA to participate as a first-levelE  DSA or a subordinate DSA in a multi-vendor distributed Directory In-   formation Base (DIB).    Replication  G  The Digital X.500 Directory Service supports shadowing of data between E  DSAs, allowing data to be replicated in the network for availability D  and performance. Shadowing also allows replication of knowledge in-E  formation for distributed operation, access control policies and au- E  thentication information, thus reducing the amount of management re-   quired.        #                                   3        D  Shadowed information is represented using the DSA Information ModelE  defined in the 1993 edition of the standard. Digital X.500 Directory M  Service supports the shadowing service defined in X.525, including supplier- D  initiated and consumer-initiated agreements, both scheduled and on-:  change replication providing full or incremental updates.                                                                      #                                   4        
  Protocols  J  The Directory Service is based on the client-server model. The DSA serverE  supports the directorySystemAC application context (DSP protocol) to D  communicate with other DSAs. Communications between server DSAs andD  client DUAs are supported by the directoryAccessAC application con-E  text (DAP protocol). DAP enables DUAs in other X.500 implementations F  to access the Digital X.500 Directory Service DSA and vice-versa. DSP>  enables full interworking with DSAs in other implementations.  G  For shadowing, of the DSA supports shadowSupplierInitiatedAC and shad- G  owConsumerInitiatedAC application contexts in both the synchronous and D  asynchronous variants (DISP protocol) and the directoryOperational-8  BindingManagementAC application context (DOP protocol).  D  The Digital X.500 Directory Service runs on the Digital UNIX, Open-E  VMS Alpha and OpenVMS VAX operating systems. It provides integrated, G  multi-protocol support allowing concurrent DAP and DSP access over OSI A  (using transport classes TP0, TP2, TP4) and RFC1006 over TCP/IP.   D  In conjunction with the InfoBroker Server (see SPD 53.32.xx) accessE  to the directory service may be obtained using LDAP (Lightweight Di- D  rectory Access Protocol). For the Digital UNIX environment, the un-G  limited system use license for the X.500 Directory Server includes the E  right to install and use the InfoBroker Server on the same system as E  the DSA. Where the InfoBroker Server is to be installed and run on a D  system separate from the DSA, or with a concurrent use DSA license,2  a separate InfoBroker Server license is required.  	  Database   E  The Digital X.500 Directory Service provides a Directory Information D  Base based on the 1993 edition of Extended Information Models. ThisG  indexed database supports high-performance searching and sophisticated E  matching including approximate (Soundex) match. The database is held 1  in main memory to ensure optimal response times.         #                                   5          Service Management   E  The Digital X.500 Directory Service provides DSA management conform- F  ing to Digital's Enterprise Management Architecture (EMA), integratedH  with DECnet/OSI[TM]. This provides remote management facilities to con-8  figure and control DSAs, and to log significant events.    Programming Interface  F  Application access to the Digital X.500 Directory Service is providedE  through the X/Open[TM] Company Limited's OSI-Abstract-Data Manipula- F  tion API and API to Directory Services, also known as the XDS/XOM Ap-F  plication Program Interface. Documentation, useful libraries and sup-H  porting files for the API are included with the X.500 Directory Server.  H  The Digital X.500 Directory Service includes a base component that con-E  tains the DUA libraries and other supporting files necessary to sup- E  port applications written to the directory API. This base component, D  therefore, provides run-time client access to the API libraries; itD  is distributed with the Digital X.500 Directory Server product. TheE  license for the Digital X.500 Directory Server includes the right to F  install this base component on any system having an application need-E  ing access to that properly licensed Digital X.500 Directory Server. E  It is not required to load a license into the License Management Fa- .  cility in order for the base kit to function.    Directory User Agents  D  The Digital X.500 Administration Facility provides a Directory UserH  Agent. The Information Management Utility (DXIM) allows users to searchD  and browse the directory and to maintain the data stored in it. Op-F  erations include the addition, modification, and deletion of entries.H  DXIM supports both DECwindows[TM] Motif[R] and command line interfaces.D  It can be used on a DSA node or remotely from any other node in the	  network.   L  DXIM is configurable, based on the schema definitions, to support customer-   defined attributes and classes.    #                                   6        K  Access to the Digital X.500 Directory Service may also be obtained through G  other Digital software products which contain the Directory User Agent F  function. For example, MailWorks for Digital UNIX will allow users of@  TeamLinks clients access to information in the X.500 Directory.    STANDARDS SUPPORTED  E  The Digital X.500 Directory Service products are implemented accord- D  ing to the the 1993 edition of ISO/IEC 9594 and the CCITT X.500 se-H  ries of Recommendations. The products have successfully completed test-E  ing to the Open Systems Testing Consortium (OSTC) 1988 X.500 confor- I  mance tests. The conformance testing was carried out by the United King- E  dom National Computer Centre, an accredited OSTC testing center, who G  produced OSTC test reports valid in all European Community states. The F  products have been registered by the U.S. National Institute of Stan-9  dards and Technology (NIST) as conformant to U.S. GOSIP.   D  The products are designed and implemented to conform, with some mi-;  nor exceptions, to the following European and US profiles:   B  o  NIST OIW Stable Implementor's Agreements - Version 5 edition 1  
  o  ENV 41210   
  o  ENV 41212   
  o  ENV 41215   
  o  ENV 41512   D  The products also support, where applicable, the following Internet  standards:     o  RFC 1006    o  RFC 1274  /  o  RFC 1277 (as it applies to TCP/IP networks)     o  RFC 1278  #                                   7          HARDWARE REQUIREMENTS    Processors Supported     For Digital UNIX:  G  Digital X.500 Directory Service is supported on all valid Digital UNIX F  Alpha configurations. Refer to the configuration charts listed in theJ  Digital UNIX Operating System Software Product Description (SPD 41.61.xx)>  for further information on supported hardware configurations.    For OpenVMS Alpha:   F  Digital X.500 Directory Service is supported on all valid OpenVMS Al-D  pha configurations supported by DECnet/OSI. Refer to the DECnet/OSIG  for OpenVMS Alpha Software Product Description (SPD 50.45.xx) for fur- 7  ther information on supported hardware configurations.     For OpenVMS VAX:   F  Digital X.500 Directory Service is supported on all valid OpenVMS VAXD  configurations supported by DECnet/OSI, with the exception of thoseE  listed below. Refer to the DECnet/OSI for OpenVMS VAX Software Prod- D  uct Description (SPD 25.03.xx) for further information on supported  hardware configurations.     Processors Not Supported   B  MicroVAX I, VAXstation I, VAX-11/725, VAX-11/782, VAXstation 8000    Disk Space Requirements  E  The counts below refer to the disk space required on the system disk G  or specified file systems. The sizes are approximate; actual sizes may D  vary depending on the user's system environment, configuration, and  software options selected.         #                                   8        J  The counts below refer to the space required to install the X.500 Server,F  Administration, and Application Programming components. The Base com-F  ponent is a mandatory component for all installations. Permanent diskE  space requirements for the components are cumulative. Directory data F  files are not included and will require additional space which can be  on a non-system disk.                                                                    #                                   9          For Digital UNIX Systems:  >  Disk space required for installation and for use (permanent):  D  ___________________________________________________________________4  Component                     File System (Kbytes):  D  ______________________________/usr_______/var______________________  -  Base:                         3000       500 -  Server:                       4000        50 -  Administration:               4300       600 #  Application                   7800 
  Programming: #  Look-up client:               8300 #  Reference Pages:               300 D  Release_Notes:_________________300_________________________________  9  Directory data files are stored in the /var file system.   4  For OpenVMS Alpha Systems (Block Cluster Size = 1):  &  Disk space required for installation:  D  ___________________________________________________________________D  Component_____________________Blocks_____Kbytes____________________  D  All:__________________________40000______20480_____________________  )  Disk space required for use (permanent):   D  ___________________________________________________________________D  Component_____________________Blocks_____Kbytes____________________  .  Base:                          6000      3072.  Server:                       18000      9216.  Administration:                7000      3584.  Application                    1000       512
  Programming: D  Look-up_client:________________5000______2560______________________  #                                  10        2  For OpenVMS VAX Systems (Block Cluster Size = 1):  &  Disk space required for installation:  D  ___________________________________________________________________D  Component_____________________Blocks_____Kbytes____________________  D  All:__________________________40000______20480_____________________  )  Disk space required for use (permanent):   D  ___________________________________________________________________D  Component_____________________Blocks_____Kbytes____________________  .  Base:                          6000      3072.  Server:                       18000      9216.  Administration:                7000      3584.  Application                    1000       512
  Programming: D  Look-up_client:________________5000______2560______________________    Memory Requirements  E  The performance of this product is dependent on the amount of system D  memory. The memory size suggested for most typical hardware config-F  urations is at least 64 Mbytes for Digital UNIX or at least 32 MbytesG  for OpenVMS, for systems running the Directory Server. On these server D  systems, memory usage increases in proportion to the amount of data  stored in the database.    CLUSTER ENVIRONMENT  D  This layered product is fully supported when installed on any validF  and licensed VMScluster[TM]* configuration without restrictions. OnlyG  one Directory System Agent (DSA) can be active on a single node or VM- D  Scluster at any one time. The HARDWARE REQUIREMENTS section of this@  document details any special hardware required by this product.      #                                  11        I  *  VMScluster configurations are fully described in the VMScluster Soft- E     ware Product Description (29.78.xx) and include CI, Ethernet, and &     Mixed Interconnect configurations.    SOFTWARE REQUIREMENTS    For Digital UNIX Systems:    For All Systems:   D  o  Digital UNIX Operating System V4.0D or later. Digital UNIX Oper-H     ating System V4.0A may be used provided patch 123.00 (OSF405-400151)D     is applied. Digital UNIX Operating System V4.0B may be used pro-F     vided patch 44.00 (OSF410-400151) is applied. At the time of writ-6     ing, no patch is available for Digital UNIX V4.0C.  .  o  DECnet/OSI for Digital UNIX V4.0A or later    For OpenVMS Alpha Systems:     For Systems Using Terminals:o  0  o  OpenVMS Alpha Operating System V6.1 or later  .  o  DECnet/OSI V6.2 for OpenVMS Alpha or later    For OpenVMS VAX Systems:s  7  For Systems Using Terminals (No DECwindows Interface):o  %  o  OpenVMS VAX Operating System V6.1g  #  o  DECnet/OSI V6.2 for OpenVMS VAX     For All OpenVMS Systems:r  6  This product may run in either of the following ways:  H  o  Standalone Execution - Running the X11 display server and the client$     application on the same machine.  #                                  12t    i  D  o  Remote Execution - Running the X11 display server and the client&     application on different machines.  D  VMS DECwindows is part of the OpenVMS VAX operating system but mustF  be installed separately. Installation of VMS DECwindows gives you the@  option to install any or all of the following three components:  F  o  VMS DECwindows Compute Server (Base kit; includes runtime support)  !  o  VMS DECwindows Device Supportd  &  o  VMS DECwindows Programming Support  D  For stand-alone execution, the following DECwindows components must  be installed on the machine:o  !  o  VMS DECwindows Compute Server   !  o  VMS DECwindows Device Support   F  For remote execution, the following DECwindows components must be in-  stalled on the machine:    Server Machine   !  o  VMS DECwindows Compute Server   !  o  VMS DECwindows Device Supportd    Client Machines  !  o  VMS DECwindows Compute Serverr  !  o  VMS DECwindows Device Supporte    OpenVMS Tailoring:   E  The following OpenVMS classes are required for full functionality of   this layered product:    o  OpenVMS Required Saveset    o  Network Supportt    o  Programming Support-  #                                  13.    i    o  VMS Workstation Supporti    GROWTH CONSIDERATIONS  E  The minimum hardware/software requirements for any future version ofmD  this product may be different from the requirements for the current	  version._    DISTRIBUTION MEDIA_  G  This product is available on the Digital UNIX, OpenVMS Alpha and Open-_/  VMS VAX Layered Products CD-ROM distributions.A  E  The documentation for this product is available on the Digital UNIX,_D  OpenVMS Alpha and OpenVMS VAX Online Documentation CD-ROM distribu-  tions.t  D  A printed documentation kit is available that covers all platforms.    ORDERING INFORMATION   H  In this section, an asterisk (*) denotes variant fields. For additionalE  information on available licenses, services, and media, refer to the   appropriate price book.     Digital X.500 Directory Server:    o  Software Licenses:  %     For Digital UNIX      QL-2FYA*-**      systems:       For OpenVMS Alphae     Systems:  %     - Unlimited system    QL-2NZA*-**e     use:      #                                  14  n       %     - Concurrent use:     QL-0P4A*-**   %     For OpenVMS VAX       QL-0P4A*-**X     Systems:    o  Software Product Services:  %     For Digital UNIX      QT-2FYA*-**r     systems:  %     For OpenVMS Alpha     QT-2NZA*-**m     Systems:  %     For OpenVMS VAX       QT-0P4A*-**      Systems:  '  Digital X.500 Administration Facility:.    o  Software Licenses:  %     For Digital UNIX      QL-2FZA*-**d     systems:  %     For OpenVMS Alpha     QL-2P0A*-**i     Systems:  %     For OpenVMS VAX       QL-0P5A*-**r     Systems:    o  Software Product Services:  %     For Digital UNIX      QT-2FZA*-**p     systems:  %     For OpenVMS Alpha     QT-2P0A*-**w     Systems:  %     For OpenVMS VAX       QT-0P5A*-**i     Systems:  #                                  15n o  x    Media for all products:    o  Software Media:   %     For Digital UNIX      QA-054AA-H8e     systems (CD-ROM):a  %     For OpenVMS Alpha     QA-03XAA-H8      Systems (CD-ROM):o  %     For OpenVMS VAX       QA-VWJ8A-A8      Systems (CD-ROM):   %     For OpenVMS VAX       QA-0P4A*-**r     Systems (tapes):     Documentation for all products:    o  Printed Documentation:  %     For Digital UNIX      QA-0P4AA-GZg     systems:  %     For OpenVMS Alpha     QA-0P4AA-GZ      Systems:  %     For OpenVMS VAX       QA-0P4AA-GZr     Systems:    SOFTWARE LICENSINGp  E  This software is furnished under the licensing provisions of DigitaltD  Equipment Corporation's Standard Terms and Conditions. For more in-E  formation about Digital's licensing terms and policies, contact youro  local Digital office.  $  License Management Facility Support  H  This layered product supports the Digital UNIX and OpenVMS License Man-  agement Facilities (LMF).  F  License units for the Digital X.500 Directory Server are allocated on2  an Unlimited System Use and Concurrent Use basis.  #                                  16a    i  D  Each Server Concurrent Use license allows a specified number of en-D  tries to be added to the local directory database, according to theG  number of units in the license. The number of entries counted includesmD  all sub-entries (access control, shadowing agreement and other sub-E  entries), intermediate entries in the naming hierarchy, a small num-oG  ber of overhead entries used for internal DSA management purposes, all I  shadowed entries from other DSAs as well as normal entries such as thosetE  used by human users or used by other dependent software, for exampledE  MAILbus 400 MTA routing and gateway entries. In a messaging environ- G  ment with mail user agents, a MAILbus 400 MTA and gateways, a 5000 en-tD  try DSA may only be sufficient to support a user population of 1000H  people. For further details of this mechanism, consult the product doc-  umentation.  G  The Server Unlimited System Use license imposes no fixed limits on di-a  rectory size.  H  The Digital X.500 Directory Service includes a base component that con-E  tains the DUA libraries and other supporting files necessary to sup-OE  port applications written to the directory API. This base component,lD  therefore, provides run-time client access to the API libraries; itD  is distributed with the Digital X.500 Directory Server product. TheE  license for the Digital X.500 Directory Server includes the right to6F  install this base component on any system having an application need-E  ing access to that properly licensed Digital X.500 Directory Server.iE  It is not required to load a license into the License Management Fa-m.  cility in order for the base kit to function.  H  The Unlimited System Use license for the Digital X.500 Directory ServerJ  for Digital UNIX allows the installation and use of the InfoBroker ServerF  for Digital UNIX on the same Digital UNIX system as the Digital X.500D  Directory Server. This does not apply to the Concurrent Use licenseF  for the Digital X.500 Directory Server for Digital UNIX; in this case5  an additional InfoBroker Server license is required.t  D  License units for the Digital X.500 Administration Facility are al-F  located on a Unlimited System Use and Concurrent Use basis. Each Con-H  current Use license allows any one individual at a time to use the lay-  ered product.  #                                  17        E  For more information on the Digital UNIX or the OpenVMS License Man-eG  agement Facilities, refer to the appropriate Software Product Descrip-n  tion or documentation.e    SOFTWARE PRODUCT SERVICES  F  A variety of service options are available from Digital. For more in-.  formation, contact your local Digital office.    SOFTWARE WARRANTY  H  Warranty for this software product is provided by Digital with the pur-G  chase of a license for the product as defined in the Software Warrantyn  Addendum of this SPD.    A  [R] Motif, OSF, OSF/Motif and OSF/1 are registered trademarks ofe"     Open Software Foundation, Inc.  B     UNIX is a registered trademark in the United States of America?     and other countries, licensed exclusively by X/Open Companye     Limited.  5  [TM]X/Open is a trademark of X/Open Company Limited.s  B  [TM]The DIGITAL Logo, ALL-IN-1, CI, DEC, DECnet, DECstation, DEC-?     system, DECwindows, DECthreads, Digital, MicroVAX, OpenVMS,eB     TK, VAX, VMScluster, VAXft, VAXserver, VAXstation, and VMS are0     trademarks of Digital Equipment Corporation.  B   Digital Equipment Corporation. 1993, 1997. All rights reserved.  F  Digital Equipment Corporation makes no representation that the use ofF  its products in the manner described in this publication will not in-D  fringe on existing or future patent rights, nor do the descriptionsF  contained in this publication imply the granting of licenses to make,G  use, or sell equipment or software in accordance with the description.a      #                                  18r    d  E  Possession, use, or copying of the software described in this publi-nH  cation is authorized only pursuant to a valid written license from Dig-#  ital or an authorized sublicensor.                                                                           #                                  19D