Network Working Group C. Apple Request for Comments: 2116 AT&T Laboratories FYI: 11 K. Rossen Obsoletes: 1632 MCI Systemhouse Category: Informational April 1997 X.500 Implementations Catalog-96 Status of this Memo This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Abstract This document is a revision to [RFC 1632]: A Revised Catalog of Available X.500 Implementations and is based on the results of data collection via a WWW home page that enabled implementors to submit new or updated descriptions of currently available implementations of X.500, including commercial products and openly available offerings. [RFC 1632] is a revision of [RFC 1292]. We contacted each contributor to [RFC 1632] to request an update and published the URL of the WWW home page survey template in several mailing lists to encourage the submission of new product descriptions. This document contains detailed description of 31 X.500 implementations - DSAs, DUAs, and DUA interfaces. Table of Contents 1. Introduction................................................2 1.1 Purpose.....................................................3 1.2 Scope.......................................................3 1.3 Disclaimer..................................................3 1.4 Overview....................................................4 1.5 Acknowledgements............................................4 2. Keywords....................................................4 2.1 Keyword Definitions.........................................4 2.1.1 Availability................................................4 2.1.2 Conformance with International Standards....................5 2.1.3 Conformance with Proposed Internet Standards................5 2.1.4 Consistence with Other Relevant Standards and Profiles......7 2.1.5 Consistence with Informational and Experimental RFCs........9 2.1.6 Support for Popular Schema Elements.........................9 2.1.7 Miscellaneous Functionality................................10 2.1.8 Implementation Type........................................10 Apple & Rossen Informational [Page 1] RFC 2116 X.500 Implementations Catalog-96 April 1997 2.1.9 Internetworking Environment................................11 2.1.10 Pilot Connectivity.........................................11 2.1.11 Miscellaneous Information..................................11 2.1.12 Operating Environment......................................12 2.2 Implementations Indexed by Keyword.........................14 3. Implementation Descriptions................................29 (for individual description page numbers see Table 2-1, p. 15) 4. References................................................161 5. Security Considerations...................................164 6. Editors' Addresses........................................164 1. Introduction This document catalogs currently available implementations of X.500, including commercial products and openly available offerings. For the purposes of this survey, we classify X.500 products as, DSA A DSA is an OSI application process that provides the Directory functionality, DUA A DUA is an OSI application process that represents a user in accessing the Directory and uses the DAP to communicate with a DSA, and DUA Interface A DUA Interface is an application process that represents a user in accessing the Directory using either DAP but supporting only a subset of the DAP functionality or a protocol different from DAP to communicate with a DSA or DUA. Section 2 of this document contains a listing of implementations cross referenced by keyword. This list should aid in identifying implementations that meet your criteria. To compile this catalog, the IDS Working Group solicited input from the X.500 community by publishing a URL for a set of on-line description forms deployed on the WWW as a home page on an InterNIC server. This URL Apple & Rossen Informational [Page 2] RFC 2116 X.500 Implementations Catalog-96 April 1997 (http://www.internic.net/projects/x500catalog/catalogtop.html) was advertised on the following directory-related mailing lists: iso@nic.ddn.mil, isode@nic.ddn.mil, osi-ds@cs.ucl.ac.uk, ids@merit.edu, ietf-asid@umich.edu, mhs-ds@mercury.udev.cdc.com, nadf-l@ema.org, and dssig@nist.gov. Readers are encouraged to submit comments regarding both the forms and content of this memo. New submissions are welcome. Please direct input to the Integrated Directory Services (IDS) Working Group (ietf-ids@umich.edu) or to the authors. IDS will produce new versions of this document when a significant number of substantive comments have been received or when significant updates and/or modifications to X.500-related standards documents have been ratified. This will be determined by the IDS chairpersons. 1.1 Purpose The Internet has experienced a steady growth in X.500 piloting activities. This document hopes to provide an easily accessible source of information on X.500 implementations for those who wish to consider X.500 technology for deploying a Directory service. 1.2 Scope This document contains descriptions of both free and commercial X.500 implementations. It does not provide instructions on how to install, run, or manage these implementations. The descriptions and indices are provided to make the readers aware of available options and thus enable more informed choices. 1.3 Disclaimer Implementation descriptions were written by implementors and vendors, and not by the editors. We worked with the description authors to ensure uniformity and readability, but cannot guarantee the accuracy or completeness of the descriptions, nor the stability of the implementations. Apple & Rossen Informational [Page 3] RFC 2116 X.500 Implementations Catalog-96 April 1997 1.4 Overview Section 1 contains introductory information. Section 2 contains a list of keywords, their definitions, a cross reference of the X.500 implementations by these keywords and a table containing implementor name, implementor abreviation, and the page of this document on which the description begins for a particular implementor. Section 3 contains the X.500 implementation descriptions. Section 4 has a list of references. Section 6 lists the editors' addresses. 1.5 Acknowledgments The creation of this catalog would not have been possible without the efforts of the description authors and the members of the IDS Working Group. Our special thanks to the editors of [RFC 1632], Linda Millington and Sri Sataluri who graciously contributed the nroff source file used to structure their version of the catalog. 2. Keywords Keywords are abbreviated attributes of the X.500 implementations. The list of keywords defined below was derived from the implementation descriptions themselves. Implementations were indexed by a keyword either as a result of: (1) explicit, not implied, reference to a particular capability in the implementation description text, or (2) input from the implementation description author(s). 2.1 Keyword Definitions This section contains keyword definitions. They have been organized and grouped by functional category. The definitions are ordered first alphabetically by keyword category, and second alphabetically by implementation name within keyword category. 2.1.1 Availability Available via FTP Implementation is available using FTP. Apple & Rossen Informational [Page 4] RFC 2116 X.500 Implementations Catalog-96 April 1997 Commercially Available This implementation can be purchased. Free Available at no charge, although other restrictions may apply. Limited Availability Need to contact provider for terms and conditions of distribution. 2.1.2 Conformance with International Standards PICS-AVAIL Completed PICS per X.581/X.582 DAP Support for the DAP protocol DSP Support for the DSP protocol DISP Support for the DISP protocol DOP Support for the DOP protocol BAC Support for Basic Access Control SAC Support for Simplified Access Control 2.1.3 Conformance with Proposed Internet Standards These RFCs specify standards track protocols for the Internet community. Implementations which conform to these evolving proposed standards have a higher probability of interoperating with other implementations deployed on the Internet. Apple & Rossen Informational [Page 5] RFC 2116 X.500 Implementations Catalog-96 April 1997 RFC-1274 Implementation supports [RFC 1274]: Barker, P., and S. Kille, The COSINE and Internet X.500 Schema, University College, London, England, November 1991. RFC-1276 Implementation supports [RFC 1276]: Kille, S., Replication and Distributed Operations extensions to provide an Internet Directory using X.500, University College, London, England, November 1991. RFC-1277 Implementation supports [RFC 1277]: Kille, S., Encoding Network Addresses to support operation over non-OSI lower layers, University College, London, England, November 1991. RFC-1567 Implementation supports [RFC 1567]: Mansfield, G., and Kille, S., X.500 Directory Monitoring MIB, AIC Systems Laboratory, ISODE Consortium, January 1994. RFC-1777 Implementation supports [RFC 1777]: Yeong, W., Howes, T., and Kille, S., Lightweight Directory Access Protocol, March 1995. RFC-1778 Implementation supports [RFC 1778]: Howes, T., Kille, S., Yeong, W., and Robbins, The String Representation of Standard Attribute Syntaxes, March 1995. RFC-1779 Implementation supports [RFC 1779]: Kille, S., A String Representation of Distinguished Names, March 1995. RFC-1798 Implementation supports [RFC 1798]: Young, A., Connection-less Lightweight Directory Access Protocol, June 1995. Apple & Rossen Informational [Page 6] RFC 2116 X.500 Implementations Catalog-96 April 1997 2.1.4 Consistence with Informational and Experimental Internet RFCs These RFCs provide information to the Internet community and are not Internet standards. Compliance with these RFCs is not necessary for interoperability but may enhance functionality. RFC-1202 Implementation supports [RFC 1202]: Rose, M. T., Directory Assistance Service. February 1991. RFC-1249 Implementation supports [RFC 1249]: Howes, T., M. Smith, and B. Beecher, DIXIE Protocol Specification, University of Michigan, August 1991. RFC-1275 Implementation supports [RFC 1275]: Kille, S., Replication Requirements to provide an Internet Directory using X.500, University College, London, England, November 1991. RFC-1278 Implementation supports [RFC 1278]: Kille, S., A string encoding of Presentation Address, University College, London, England, November 1991. RFC-1279 Implementation supports [RFC 1279]: Kille, S., X.500 and Domains, University College, London, England, November 1991. RFC-1558 Implementation supports [RFC 1558]: Howes, T., A String Representation of LDAP Search Filters, December 1993. RFC-1562 Implementation supports [RFC 1562]: Michaelson, G. and Prior, M., Naming Guidelines for the AARNet X.500 Directory Service, December 1993. Apple & Rossen Informational [Page 7] RFC 2116 X.500 Implementations Catalog-96 April 1997 RFC-1608 Implementation supports [RFC 1608]: Johannsen, T., Mansfield, G., Kosters, M., and Sataluri, S., Representing IP Information in the X.500 Directory, March 1994. RFC-1609 Implementation supports [RFC 1609]: Mansfield, G., Johannsen, T., and Knopper, M., Charting Networks in the X.500 Directory, March 1994. RFC-1617 Implementation supports [RFC 1617]: Barker, P., Kille, S., and Lenggenhager, T., Naming and Structuring Guidelines for X.500 Directory Pilots, May 1994. RFC-1781 Implementation supports [RFC 1781]: Kille, S., Using OSI Directory to Achieve User Friendly Naming, March 1995. RFC-1801 Implementation supports [RFC 1801]: Kille, S., MHS Use of the X.500 Directory to support MHS Routing, June 1995. RFC-1803 Implementation supports [RFC 1803]: Wright, R., Getchell, Howes, T., Sataluri, S., Yee, P., and Yeong, W., Recommendations for an X.500 Production Directory Service, June 1995. RFC-1804 Implementation supports [RFC 1804]: Mansfield, G., Rajeev, P., Raghavan, S., and Howes, T., Schema Publishing in X.500 Directory, June 1995. Apple & Rossen Informational [Page 8] RFC 2116 X.500 Implementations Catalog-96 April 1997 2.1.5 Consistence with Other Relevant Standards and Profiles ADI12 Implementation support ISO/IEC pdISP 10615-2: DSA Support of Directory Access. ADI21 Implementation supports ISO/IEC ISP 10615-3: Directory System: DSA Responder Role. ADI22 Implementation supports ISO/IEC ISP 10615-4: Directory System: DSA Initiator Role. ADI31 Implementation supports ISO/IEC pdISP 10615-X: DUA Support of Distributed Operations. ADI32 Implementation supports ISO/IEC pdISP 10615-X: DSA Support of Distributed Operations. FDI11 Implementation supports ISO/IEC pdISP 10616: Common Directory Use. FDI3 Implementation supports ISO/IEC pdISP 11190: FTAM Use of The Directory. XDS Implementation supports the XDS API defined in IEEE 1224.2 2.1.6 Support for Popular Schema Elements NADF Implementation supports the directory schema defined in NADF SD-4. Apple & Rossen Informational [Page 9] RFC 2116 X.500 Implementations Catalog-96 April 1997 Other Popular Schemas Implementation supports other popular schema elements. 2.1.7 Miscellaneous Functionality DYN-OBJ Implementation allows the object class of an entry to be changed dynamically (not allowed in X.500[1988], allowed in 1993) ALIAS-CONSISTENCY Implementation incorporates facilities for maintenance of alias integrity in the face of modification or deletion of the aliased object. 2.1.8 Implementation Type API Implementation comes with an application programmer's interface (i.e., a set of libraries and include files). DSA Only Implementation consists of a DSA only. No DUA is included. DSA/DUA Both a DSA and DUA are included in this implementation. DUA Interface Implementation is a DUA-like program that uses either DAP, but supporting only a subset of the DAP functionality, or uses a protocol different from DAP to communicate with a DSA or DUA. DUA Only Implementation consists of a DUA only. No DSA is included. LDAP DUA interface program uses the Lightweight Directory Access Protocol (LDAP). Apple & Rossen Informational [Page 10] RFC 2116 X.500 Implementations Catalog-96 April 1997 2.1.9 Internetworking Environment CLNS Implementation operates over the OSI ConnectionLess Network Service (CLNS). OSI Transport Implementation operates over one or more OSI transport protocols. RFC-1006 Implementation operates over [RFC 1006] with TCP/IP transport service. [RFC 1006] is an Internet Standard. X.25 Implementation operates over OSI X.25. 2.1.10 Pilot Connectivity DUA Connectivity The DUA can be connected to the pilot, and information on any pilot entry looked up. The DUA is able to display standard attributes and object classes and those defined in the COSINE and Internet Schema. DSA Connectivity The DSA is connected to the DIT, and information in this DSA is accessible from any pilot DUA. 2.1.11 Miscellaneous Included in ISODE DUAs that are part of ISODE. Limited Functionality Survey states that the implementation has some shortcomings or intended lack of functionality, e.g., omissions were part of the design to provide an easy-to-use user interface. Apple & Rossen Informational [Page 11] RFC 2116 X.500 Implementations Catalog-96 April 1997 Motif Implementation provides a Motif-style X Window user interface. OpenView Implementation provides an OpenView-style X Window user interface. X Window System Implementation uses the X Window System to provide its user interface. Language Support Implementation supports single or multiple languages. Documentation Language Support Documentation for implementation is available in single or multiple languages. Number of Implementations Implementor gave an estimate of the number of instantiations of their implementation are deployed in live directory services. Existing Database Support Implementation includes support for a non-X.500 DIT repository, synchronization with non-X.500 DBMS, or non-X.500 DBMS to X.500 DIT repository format conversion tools. 2.1.12 Operating Environment MS Windows Implementation runs under Microsoft Windows. MS Windows NT Implementation runs under Microsoft Windows NT. MS Windows95 Implementation runs under Microsoft Windows95. Apple & Rossen Informational [Page 12] RFC 2116 X.500 Implementations Catalog-96 April 1997 386 Implementation runs on a 386-based platform. 486 Implementation runs on a 486-based platform. Pentium Implementation runs on a Pentium-based platform. Bull Implementation runs on a Bull platform. CDC Implementation runs on a CDC MIPS platform. DEC ULTRIX Implementation runs under DEC ULTRIX. DEC UNIX Implementation runs under DEC UNIX. DEC OpenVMS AXP Implementation runs on a DEC AXP platform running OpenVMS. DEC OpenVMS VAX Implementation runs on a DEC VAX platform running OpenVMS. HP Implementation runs on an HP platform. IBM PC Implementation runs on a PC. IBM RISC Implementation runs on IBM's RISC UNIX workstation. Apple & Rossen Informational [Page 13] RFC 2116 X.500 Implementations Catalog-96 April 1997 ICL Implementation runs on an ICL platform. Macintosh Implementation runs on a Macintosh. Multiple Vendor Platforms Implementation runs on more than one hardware platform. Sequent Implementation runs on a Sequent platform. SNI Implementation runs on a Siemens Nixdorf platform. Solbourne Implementation runs on a Solbourne platform. Sun Implementation runs on a Sun platform. Tandem Implementation runs on a Tandem platform. UNIX Implementation runs on a generic UNIX platform. 2.2 Implementations Indexed by Keyword This section contains an index of implementations by keyword. You can use this list to identify particular implementations that meet your chosen criteria. Table 2-1 shows the implementations about which information can be found in this document as well as the abreviation used to represent this implementation and the page number on which each implementation description begins. Apple & Rossen Informational [Page 14] RFC 2116 X.500 Implementations Catalog-96 April 1997 Implementation Name |Abbreviation | Page ======================================|================|====== A-Window-To-Directory |AWTD | 33 --------------------------------------|----------------|------ Critical Angle X.500 Enabler |CAXE | 35 --------------------------------------|----------------|------ cxdua |cxdua | 39 --------------------------------------|----------------|------ Cycle (tm) LiveData (tm) |Cycle | 41 --------------------------------------|----------------|------ DC X500 |DCX500 | 43 --------------------------------------|----------------|------ Directory Enquiries |DE | 52 --------------------------------------|----------------|------ Digital X.500 Directory Server |DXDS | 55 --------------------------------------|----------------|------ DIR.D(tm) V2.6 |DIR.D | 61 --------------------------------------|----------------|------ DIR.X(tm) V3.1 |DIR.X-3.1 | 64 --------------------------------------|----------------|------ DIR.X(tm) V4.0 |DIR.X-4.0 | 70 --------------------------------------|----------------|------ DIR.X-SYNC(tm) V2.0 |DIR.X-SYNC | 76 --------------------------------------|----------------|------ DX500 OpenDirectory(tm) |DX500 | 80 --------------------------------------|----------------|------ FORUM LOOK'UP(tm) |FORUM | 82 --------------------------------------|----------------|------ FX*500(tm) |FX*500 | 87 --------------------------------------|----------------|------ Global Directory Server |GDS | 95 --------------------------------------|----------------|------ i500 Enterprise Directory Server |i500 | 101 --------------------------------------|----------------|------ ISODE Rel. 3.0 X.500(1993) Directory |ISODE.r3 | 105 --------------------------------------|----------------|------ ISOPLEX DS (tm) DSA |ISOPLEX | 109 --------------------------------------|----------------|------ LDAP Implementation |LDAP | 113 --------------------------------------|----------------|------ maX.500 Macintosh DUA Interface |maX.500 | 117 --------------------------------------|----------------|------ Messageware DSA |MDSA | 120 --------------------------------------|----------------|------ Table 2-1: Table of Implementation Identifiers (cont.) Apple & Rossen Informational [Page 15] RFC 2116 X.500 Implementations Catalog-96 April 1997 Implementation Name |Abbreviation | Page ======================================|================|====== Messageware PC-DUA |MDUA | 124 --------------------------------------|----------------|------ NonStop Directory Services |NSDS | 127 --------------------------------------|----------------|------ ORG.D(tm) V2.0/V2.1 |ORG.D | 132 --------------------------------------|----------------|------ OSIAM X.500-88 |OSIAM-88 | 136 --------------------------------------|----------------|------ OSIAM X.500-93 |OSIAM-93 | 139 --------------------------------------|----------------|------ PMDF-X500 |PMDF | 145 --------------------------------------|----------------|------ TransIT500 |T500 | 149 --------------------------------------|----------------|------ waX.500 :: Windows Access to X.500 |waX.500 | 163 --------------------------------------|----------------|------ X500-DS |X500-DS | 165 --------------------------------------|----------------|------ X500-DUA |X500-DUA | 165 --------------------------------------|----------------|------ Table 2-1: Table of Implementation Identifiers (cont.) The index is organized as follows: keywords appear in alphabetical order; implementations characterized by that keyword are listed alphabetically as well. For formatting purposes, we have used the abbreviations for implementation names as defined above in Table 2-1. ADI12 ADI21 AWTD AWTD DIR.X-3.1 DIR.X-3.1 DIR.X-4.0 DIR.X-4.0 DXDS DXDS GDS GDS i500 i500 OSIAM-88 OSIAM-88 X500-DS X500-DS X500-DUA X500-DUA Apple & Rossen Informational [Page 16] RFC 2116 X.500 Implementations Catalog-96 April 1997 ADI22 AWTD FORUM DIR.X-3.1 FX*500 DIR.X-4.0 GDS DXDS i500 GDS ISODE.r3 i500 LDAP OSIAM-88 MDSA X500-DS NSDS X500-DUA OSIAM-88 OSIAM-93 ADI31 PMDF X500-DS AWTD X500-DUA DIR.X-3.1 DIR.X-4.0 Available via FTP GDS OSIAM-88 CAXE X500-DS cxdua X500-DUA LDAP maX.500 ADI32 MDSA waX.500 DIR.X-3.1 DIR.X-4.0 BAC GDS i500 DCX500 OSIAM-88 DIR.X-4.0 X500-DS DXDS X500-DUA FX*500 GDS ALIAS-CONSISTENCY i500 ISODE.r3 AWTD MDSA FORUM PMDF GDS i500 Bull NSDS X500-DS AWTD X500-DUA OSIAM-88 OSIAM-93 API X500-DS X500-DUA AWTD Cycle Commercially Available DCX500 DIR.X-3.1 AWTD Apple & Rossen Informational [Page 17] RFC 2116 X.500 Implementations Catalog-96 April 1997 DIR.X-4.0 CAXE DXDS cxdua Cycle DEC UNIX DCX500 DIR.D DXDS DIR.X-3.1 ISODE.r3 DIR.X-4.0 LDAP DIR.X-SYNC MDSA DXDS PMDF FORUM FX*500 DEC OpenVMS AXP GDS i500 DXDS ISODE.r3 PMDF MDSA NSDS DEC OpenVMS VAX ORG.D OSIAM-88 DXDS OSIAM-93 LDAP PMDF PMDF X500-DS X500-DUA DISP DAP DCX500 DIR.X-4.0 AWTD DXDS CAXE FORUM Cycle FX*500 DCX500 GDS DIR.X-3.1 i500 DIR.X-4.0 ISODE.r3 DXDS MDSA FORUM OSIAM-93 FX*500 GDS Documentation Language Support i500 ISODE.r3 AWTD MDSA Cycle NSDS DCX500 OSIAM-88 DIR.D OSIAM-93 DIR.X-3.1 PMDF DIR.X-4.0 X500-DS DIR.X-SYNC X500-DUA FORUM FX*500 DEC ULTRIX GDS LDAP Apple & Rossen Informational [Page 18] RFC 2116 X.500 Implementations Catalog-96 April 1997 ISODE.r3 maX.500 LDAP MDSA MDSA ORG.D OSIAM-88 OSIAM-93 OSIAM-93 PMDF waX.500 X500-DS X500-DUA DOP DSP DIR.X-4.0 DXDS AWTD CAXE DSA Connectivity DCX500 DIR.X-3.1 CAXE DIR.X-4.0 DCX500 DXDS DIR.X-3.1 FORUM DIR.X-4.0 FX*500 DXDS GDS FORUM i500 FX*500 ISODE.r3 GDS MDSA i500 NSDS ISODE.r3 OSIAM-88 MDSA OSIAM-93 OSIAM-88 PMDF OSIAM-93 X500-DS PMDF DUA Connectivity DSA Only AWTD CAXE CAXE DCX500 DIR.D FX*500 DIR.X-3.1 MDSA DIR.X-4.0 DXDS DSA/DUA FORUM GDS AWTD i500 Cycle ISODE.r3 DIR.X-3.1 LDAP DIR.X-4.0 maX.500 DXDS MDSA FORUM ORG.D GDS OSIAM-88 i500 OSIAM-93 ISODE.r3 PMDF LDAP Apple & Rossen Informational [Page 19] RFC 2116 X.500 Implementations Catalog-96 April 1997 MDSA DUA Interface NSDS OSIAM-88 Cycle DCX500 FORUM DIR.D FX*500 DIR.X-SYNC GDS DXDS i500 FORUM ISODE.r3 FX*500 LDAP GDS MDSA LDAP OSIAM-88 maX.500 OSIAM-93 NSDS ORG.D FDI11 OSIAM-88 OSIAM-93 AWTD PMDF DIR.X-3.1 DIR.X-4.0 DUA Only DXDS GDS AWTD i500 cxdua OSIAM-88 maX.500 X500-DS MDSA X500-DUA waX.500 X500-DUA FDI3 DYN-OBJ AWTD DIR.X-3.1 AWTD DIR.X-4.0 CAXE DXDS DCX500 GDS DXDS i500 FORUM OSIAM-88 FX*500 X500-DS GDS X500-DUA i500 ISODE.r3 Free LDAP MDSA CAXE NSDS cxdua PMDF ISODE.r3 X500-DS LDAP X500-DUA maX.500 waX.500 Existing Database Support HP CAXE Apple & Rossen Informational [Page 20] RFC 2116 X.500 Implementations Catalog-96 April 1997 Cycle DCX500 DCX500 DIR.X-3.1 DXDS DIR.X-4.0 DIR.X-SYNC Included in ISODE FORUM GDS PMDF i500 ISODE.r3 Language Support LDAP MDSA AWTD OSIAM-88 Cycle OSIAM-93 DCX500 DIR.D IBM PC DIR.X-3.1 DIR.X-4.0 CAXE DIR.X-SYNC Cycle DXDS DCX500 FORUM DIR.D FX*500 DIR.X-3.1 GDS DIR.X-4.0 LDAP DXDS MDSA FORUM NSDS FX*500 ORG.D i500 OSIAM-88 ISODE.r3 OSIAM-93 LDAP PMDF MDSA X500-DS ORG.D X500-DUA OSIAM-88 OSIAM-93 LDAP IBM RISC CAXE cxdua DCX500 DIR.D DIR.X-3.1 DXDS DIR.X-4.0 FX*500 FORUM GDS GDS i500 ISODE.r3 ISODE.r3 LDAP LDAP MDSA maX.500 OSIAM-88 NSDS OSIAM-93 ORG.D X500-DS waX.500 X500-DUA Limited Availability Apple & Rossen Informational [Page 21] RFC 2116 X.500 Implementations Catalog-96 April 1997 ICL CAXE i500 ISODE.r3 MDSA MDSA NSDS MDSA PMDF ORG.D OSIAM-88 Limited Functionality OSIAM-93 waX.500 Cycle DIR.D MS Windows95 Motif Cycle DIR.D DXDS DXDS GDS LDAP ISODE.r3 MDSA MDSA ORG.D PMDF OSIAM-93 waX.500 Macintosh Multiple Vendor Platforms FORUM LDAP CAXE maX.500 Cycle DCX500 MS Windows DIR.D DIR.X-3.1 cxdua DIR.X-4.0 Cycle DIR.X-SYNC DIR.D FORUM DXDS FX*500 FORUM GDS LDAP ISODE.r3 MDSA LDAP ORG.D MDSA OSIAM-88 ORG.D OSIAM-93 OSIAM-88 waX.500 OSIAM-93 PMDF MS Windows NT NADF CAXE Cycle DIR.D DCX500 DIR.X-3.1 DIR.D DIR.X-4.0 DIR.X-3.1 FORUM DIR.X-4.0 GDS Apple & Rossen Informational [Page 22] RFC 2116 X.500 Implementations Catalog-96 April 1997 DXDS ISODE.r3 GDS LDAP i500 maX.500 LDAP MDSA NSDS AWTD ORG.D DCX500 OSIAM-88 DIR.X-3.1 OSIAM-93 DIR.X-4.0 PMDF DXDS X500-DS FORUM X500-DUA FX*500 GDS Number of Implementations ISODE.r3 MDSA Cycle NSDS DIR.D OSIAM-88 DIR.X-3.1 PMDF DIR.X-SYNC X500-DS FORUM X500-DUA GDS LDAP OSI Transport waX.500 AWTD OpenView CAXE Cycle MDSA DCX500 DIR.X-3.1 OSF-DCE DIR.X-4.0 DXDS AWTD FORUM FX*500 OSI CLNS GDS i500 AWTD ISODE.r3 Cycle MDSA DIR.X-3.1 NSDS DIR.X-4.0 OSIAM-88 DXDS OSIAM-93 FX*500 PMDF GDS X500-DS i500 X500-DUA ISODE.r3 MDSA Other Popular Schemas NSDS OSIAM-88 CAXE OSIAM-93 i500 PMDF ISODE.r3 X500-DS maX.500 Apple & Rossen Informational [Page 23] RFC 2116 X.500 Implementations Catalog-96 April 1997 X500-DUA PMDF OSI CONS Pentium-class CAXE GDS Cycle i500 DCX500 ISODE.r3 DIR.D LDAP DIR.X-3.1 MDSA DIR.X-4.0 NSDS DIR.X-SYNC OSIAM-88 DXDS OSIAM-93 FORUM PMDF FX*500 X500-DS GDS X500-DUA ISODE.r3 LDAP RFC-1202 MDSA ORG.D GDS OSIAM-88 MDSA OSIAM-93 PMDF waX.500 RFC-1249 PICS-AVAIL GDS CAXE Cycle RFC-1274 DCX500 DIR.X-3.1 CAXE DIR.X-4.0 DCX500 DXDS DIR.X-3.1 FX*500 DIR.X-4.0 i500 DXDS ISODE.r3 FORUM MDSA FX*500 NSDS GDS OSIAM-88 i500 OSIAM-93 ISODE.r3 X500-DS LDAP X500-DUA maX.500 MDSA RFC-1006 NSDS OSIAM-88 AWTD OSIAM-93 CAXE PMDF Cycle waX.500 DCX500 DIR.X-3.1 RFC-1275 Apple & Rossen Informational [Page 24] RFC 2116 X.500 Implementations Catalog-96 April 1997 DIR.X-4.0 DXDS GDS FORUM ISODE.r3 FX*500 PMDF RFC-1276 RFC-1558 GDS CAXE MDSA DIR.D PMDF DIR.X-3.1 DIR.X-4.0 RFC-1277 DXDS GDS AWTD i500 CAXE ISODE.r3 DIR.X-3.1 LDAP DIR.X-4.0 maX.500 DXDS MDSA FORUM ORG.D GDS PMDF ISODE.r3 MDSA RFC-1562 NSDS OSIAM-88 GDS OSIAM-93 ISODE.r3 PMDF MDSA X500-DS PMDF X500-DUA RFC-1567 RFC-1278 DCX500 CAXE DIR.X-3.1 DIR.D DIR.X-4.0 DIR.X-4.0 FX*500 DXDS GDS FORUM i500 GDS ISODE.r3 i500 ISODE.r3 RFC-1608 LDAP MDSA MDSA ORG.D PMDF PMDF RFC-1609 RFC-1279 MDSA CAXE DIR.X-3.1 RFC-1617 Apple & Rossen Informational [Page 25] RFC 2116 X.500 Implementations Catalog-96 April 1997 GDS ISODE.r3 CAXE MDSA DXDS NSDS FORUM PMDF GDS ISODE.r3 RFC-1779 MDSA PMDF CAXE DCX500 RFC-1777 DIR.D DIR.X-3.1 CAXE DIR.X-4.0 cxdua DXDS DCX500 FORUM DIR.D FX*500 DIR.X-3.1 GDS DIR.X-4.0 ISODE.r3 DXDS LDAP FX*500 maX.500 GDS MDSA i500 NSDS ISODE.r3 ORG.D LDAP OSIAM-88 maX.500 OSIAM-93 MDSA PMDF NSDS waX.500 ORG.D OSIAM-88 RFC-1781 OSIAM-93 PMDF FORUM waX.500 GDS ISODE.r3 RFC-1778 LDAP maX.500 CAXE MDSA DCX500 PMDF DIR.D DIR.X-3.1 RFC-1798 DIR.X-4.0 DXDS LDAP FORUM PMDF FX*500 GDS RFC-1801 ISODE.r3 LDAP CAXE maX.500 DIR.X-3.1 MDSA DIR.X-4.0 Apple & Rossen Informational [Page 26] RFC 2116 X.500 Implementations Catalog-96 April 1997 NSDS DXDS ORG.D GDS OSIAM-88 ISODE.r3 OSIAM-93 MDSA PMDF PMDF waX.500 RFC-1803 ISODE.r3 LDAP CAXE MDSA DXDS OSIAM-88 GDS OSIAM-93 ISODE.r3 MDSA Tandem PMDF NSDS RFC-1804 UNIX MDSA AWTD SAC DCX500 DIR.X-3.1 DCX500 DIR.X-4.0 DIR.X-4.0 FORUM DXDS FX*500 FX*500 ISODE.r3 GDS LDAP i500 MDSA ISODE.r3 OSIAM-88 MDSA OSIAM-93 NSDS X500-DS PMDF X500-DUA SNI XDS DIR.D AWTD DIR.X-3.1 DCX500 DIR.X-4.0 DIR.X-3.1 DIR.X-SYNC DIR.X-4.0 ISODE.r3 DXDS ORG.D FORUM FX*500 Solbourne i500 ISODE.r3 LDAP MDSA NSDS Sun OSIAM-88 OSIAM-93 Apple & Rossen Informational [Page 27] RFC 2116 X.500 Implementations Catalog-96 April 1997 CAXE X500-DS DCX500 X500-DUA DIR.X-3.1 DIR.X-4.0 FORUM GDS i500 X Window System x486 DXDS CAXE GDS Cycle ISODE.r3 DCX500 MDSA DIR.D PMDF DIR.X-3.1 DIR.X-4.0 X.25 DIR.X-SYNC DXDS AWTD FORUM DCX500 FX*500 DIR.X-3.1 GDS DIR.X-4.0 ISODE.r3 DXDS LDAP FORUM MDSA FX*500 ORG.D GDS OSIAM-88 i500 OSIAM-93 ISODE.r3 waX.500 MDSA NSDS OSIAM-88 OSIAM-93 PMDF X500-DS X500-DUA x386 CAXE Cycle DCX500 DIR.D DXDS FORUM FX*500 GDS ISODE.r3 LDAP Apple & Rossen Informational [Page 28] RFC 2116 X.500 Implementations Catalog-96 April 1997 MDSA ORG.D OSIAM-88 OSIAM-93 waX.500 3. Implementation Descriptions In the following pages you will find descriptions of X.500 implementations listed in alphabetical order. In the case of name collisions, the name of the responsible organization, in square brackets, has been used to distinguish the implementations. Note that throughout this section, the page header reflects the name of the implementation, not the date of the document. The descriptions follow a common format, as described below: NAME The name of the X.500 implementation and the name of the responsible organization. Implementations with a registered trademark indicate this by appending "(tm)", e.g., GeeWhiz(tm). ABSTRACT A brief description of the application. This section may optionally contain a list of the pilot projects in which the application is being used. COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs) A statement of compliance with respect to the 1988 CCITT Recommendations X.500-X.521 [CCITT-88], specifically Section 9 of X.519, or the 1988 NIST OIW Stable Implementation Agreements [NIST- 88]. COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs) A statement of compliance with respect to the 1993 ITU-T Recommendations X.500-X.521 [ITU-T-93], specifically Section 9 of X.519, or the 1994 NIST OIW Stable Implementation Agreements [NIST- 94]. CONFORMANCE WITH PROPOSED INTERNET STANDARDS A statement of compliance with respect to the several proposed Internet Standards. Apple & Rossen Informational [Page 29] RFC 2116 X.500 Implementations Catalog-96 April 1997 CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs A statement of compliance with respect to the several informational and experimental Internet RFCs. INTEROPERABILITY A list of other DUAs and DSAs with which this implementation can interoperate. PILOT CONNECTIVITY Describes the level of connectivity it can offer to the pilot directory service operational on the Internet in North America, and to pilots co-ordinated by the PARADISE project in Europe. Levels of connectivity are: Not Tested, None, DUA Connectivity, and DSA Connectivity. BUGS A warning on known problems and/or instructions on how to report bugs. CAVEATS AND GENERAL LIMITATIONS A warning about possible side effects or shortcomings, e.g., a feature that works on one platform but not another. INTERNETWORKING ENVIRONMENT A list of environments in which this implementation can be used, e.g., [RFC 1006] with TCP/IP, TP0 or TP4 with X.25. HARDWARE PLATFORMS A list of hardware platforms on which this application runs, any additional boards or processors required, and any special suggested or required configuration options. SOFTWARE PLATFORMS A list of operating systems, window systems, databases, or unbundled software packages required to run this application. NUMBER OF IMPLEMENTATIONS IN THE FIELD A statement regarding the number of implementations deployed in the field. Apple & Rossen Informational [Page 30] RFC 2116 X.500 Implementations Catalog-96 April 1997 AVAILABILITY A statement regarding the availability of the software (free or commercially available), a description of how to obtain the software, and (optionally) a statement regarding distribution conditions and restrictions. DATE LAST UPDATED or CHECKED The month and year within which this implementation description was last modified. Apple & Rossen Informational [Page 31] RFC 2116 X.500 Implementations Catalog-96 April 1997 NAME A-Window-To-Directory (AWTD) ABSTRACT A-Window-To-Directory is a simple-to-use DUA interface available on PC that provides access to the X.500 Directory Services. The available operations are: bind (authenticated or anonymous), read, list, compare, modify, modifyRDN, search, add, remove and unbind. It is designed to be used with the Bull X500-DUA product and for that reason is able to handle any of the defined schema. The new acronyms, objects and attributes are automatically loaded without any customisation. The interface of the application may be personalized in several ways, through Local Preferences stored on the PC and through User Settings stored on the UNIX machine that runs the Bull X500-DUA product. COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs) A-Window-To-Directory offers all the services described in the 88 CCITT X.500 standard. COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs) No CONFORMANCE WITH PROPOSED INTERNET STANDARDS No CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs No INTEROPERABILITY Is designed to interoperate with Bull X500-DUA and X500-DS products PILOT CONNECTIVITY [No information provided. -- Ed.] BUGS Bull S.A. provides complete software maintenance with the products. Apple & Rossen Informational [Page 32] RFC 2116 X.500 Implementations Catalog-96 April 1997 CAVEATS AND GENERAL LIMITATIONS [No information provided. -- Ed.] INTERNETWORKING ENVIRONMENT Proprietary protocol to access the Bull X500-DUA through TCP/IP sockets. The product may be used on LAN (Ethernet) or WAN (X.25). HARDWARE PLATFORMS 386SX/DX, 486SX/DX PC Ethernet board/connection 4 MBytes RAM 3 Mbytes on disk SOFTWARE PLATFORMS MS-DOS 5.0 Microsoft Windows 3.1 Microsoft TCP/IP stack installed, version 1.0 NUMBER OF IMPLEMENTATIONS IN THE FIELD [No information provided. -- Ed.] AVAILABILITY The product is commercially available since February 1995. DATE LAST UPDATED or CHECKED November 1995 ADDITIONAL INFORMATION and/or COMMENTS [No information provided. -- Ed.] Apple & Rossen Informational [Page 33] RFC 2116 X.500 Implementations Catalog-96 April 1997 NAME Critical Angle X.500 Enabler (CAIx500e) ABSTRACT The X.500 Enabler product allows an LDAP-only directory server to be integrated into X.500 environments, by transparently converting X.500 DAP and DSP requests into LDAP requests. The initial release scheduled for 4Q96 will allow for connections from X.500-capable clients and servers to an LDAP-capable server, and will support the following features: * LDAP version 2, as defined in RFC 1777, * all attributes defined for LDAPv2, with the exception of certificates and revocation lists, * X.500(1988) DAP and DSP protocols over TCP/IP (using RFC 1006), * the following operations: Bind (with none or simple credentials), Read, Compare, List, Search, Abandon, AddEntry, ModifyEntry, RemoveEntry and ModifyRDN, * the X.500(1993) critical extensions field, to aid in deployments incorporating 1993 DSAs. This release will be available for Solaris 2.5 (SPARC and Intel) and Windows NT 4.0 Server (Intel). The product is expected to enter a public beta test period in September 1996. Beta test evaluation copies will be free (limited to two copies per site) but will be set to expire in December 1996. Released versions of X.500 Enabler will be licensed per server, and will be distributed over the Internet. COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs) The X.500 enabler accepts DAP and DSP connections. It supports Bind (with none or simple credentials), Read, Compare, List, Search, Abandon, AddEntry, ModifyEntry, RemoveEntry and ModifyRDN. Apple & Rossen Informational [Page 34] RFC 2116 X.500 Implementations Catalog-96 April 1997 It supports the attributes and object classes defined in X.520 and X.521. COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs) The X.500 Enabler will accept connections from X.500(1993) DUAs and DSAs. It supports the X.511(1993) critical extension mechanism. Non-critical protocol fields which do not map onto LDAPv2 are ignored. Attribute and object classes from X.520(1993) and X.521(1993) are supported, including collective. Operational attributes from X.501 are supported, with the exception of subschema. As LDAPv3-based servers become available, it is expected that the X.500 Enabler will be upgraded to map more of the X.500(1993) protocol onto LDAPv3. CONFORMANCE WITH PROPOSED INTERNET STANDARDS [RFC 1006] is the supported transport service. The product supports the object classes and attributes defined in RFC 1274. CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs [No information provided. -- Ed.] INTEROPERABILITY The X.500 Enabler is being tested with public-domain X.500 and LDAP clients and servers, and with the various X.500 clients and servers connected to the PARADISE project, such as from the ISODE Consortium. Critical Angle intends to do interoperability testing with commercial LDAP-only servers as they become available. PILOT CONNECTIVITY This product will be used to connect LDAP-only servers, such as University of Michigan's slapd, and many vendor's forthcoming commercial LDAP server products, into the PARADISE project directory, so that they can be accessed by LDAP and X.500 DUAs throughout the project. Apple & Rossen Informational [Page 35] RFC 2116 X.500 Implementations Catalog-96 April 1997 BUGS Bugs reports may be sent to . CAVEATS AND GENERAL LIMITATIONS X.509 certificates and revocation lists are not supported due to limitations in the LDAP version 2 protocol. This restriction will be removed once LDAP version 3 servers become generally available. Under Windows NT there are limitations on the number of simultaneous incoming connections. INTERNETWORKING ENVIRONMENT This product supports RFC 1006 for DAP and DSP, and LDAP over TCP. HARDWARE PLATFORMS This product will initially be available for Sun Solaris 2.5 SPARC and Intel, and Windows NT Server 4.0 Intel. Subsequent versions may be available on additional platforms. SOFTWARE PLATFORMS An LDAP-based server, such as the freely-available slapd, is required. It does not need to run on the same host as the X.500 Enabler. NUMBER OF IMPLEMENTATIONS IN THE FIELD [No information provided. -- Ed.] AVAILABILITY This product is licensed per-host server, and is distributed over the Internet. In addition to discounts for large deployment orders, subscription programs permit customers to obtain subsequent update releases at a substantial discount. Beta test evaluations are free (limited to two copies per site), and will expire 90 days after the start of the beta period. Apple & Rossen Informational [Page 36] RFC 2116 X.500 Implementations Catalog-96 April 1997 DATE LAST UPDATED or CHECKED September 1996 ADDITIONAL INFORMATION and/or COMMENTS [No information provided. -- Ed.] Apple & Rossen Informational [Page 37] RFC 2116 X.500 Implementations Catalog-96 April 1997 NAME cxdua Chromatix, Inc. 10451 Twin Rivers Rd, Suite 265 Columbia, MD 21044 ABSTRACT The CXDUA is a Windows 3.1 DUA that has been derrived from a highly portable and flexible Unix based Administrative Directory User Agent. The goal of the original design was to support features to assist a directory administrator in managing the directory. These features include a highly portable GUI, Entry Templates, Entry Lists, Batch Operations and Directory Control Functions. Both the Windows and the Unix versions support strong authentication. The Unix DUA has been used in various DMS and NSA pilot projects. COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs) [No information provided. -- Ed.] COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs) [No information provided. -- Ed.] CONFORMANCE WITH PROPOSED INTERNET STANDARDS [No information provided. -- Ed.] CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs [No information provided. -- Ed.] INTEROPERABILITY [No information provided. -- Ed.] PILOT CONNECTIVITY [No information provided. -- Ed.] BUGS [No information provided. -- Ed.] Apple & Rossen Informational [Page 38] RFC 2116 X.500 Implementations Catalog-96 April 1997 CAVEATS AND GENERAL LIMITATIONS [No information provided. -- Ed.] INTERNETWORKING ENVIRONMENT [No information provided. -- Ed.] HARDWARE PLATFORMS Windows 3.1 SOFTWARE PLATFORMS [No information provided. -- Ed.] NUMBER OF IMPLEMENTATIONS IN THE FIELD [No information provided. -- Ed.] AVAILABILITY The software is freely available via anonymous ftp from ftp.chromatix.com or can be obtained via the WEB at http://www.chromatix.com. Commercial versions will be available in the near future. DATE LAST UPDATED or CHECKED 0496 ADDITIONAL INFORMATION and/or COMMENTS [No information provided. -- Ed.] Apple & Rossen Informational [Page 39] RFC 2116 X.500 Implementations Catalog-96 April 1997 NAME Cycle (tm) LiveData (tm) (Cycle) Cycle Software,Inc. ABSTRACT A component of the Cycle Virtual Data Highway. Network software product used to break down barriers between isolated systems. Available separatly as Cycle LiveNet (DUA) and Cycle LiveNet Directory (DUA & DSA) COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs) Cycle LiveData is compliant with the 1988 NIST OIW Stable Agreements to the extent that implementations based on the more recent stable agreements are compliant. COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs) Cycle LiveData is compliant with the 1993 NIST OIW Stable Agreements. CONFORMANCE WITH PROPOSED INTERNET STANDARDS Unknown CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs Unknown INTEROPERABILITY Not tested PILOT CONNECTIVITY Not tested BUGS No known bugs CAVEATS AND GENERAL LIMITATIONS Current release supports objects of the Application Entity Object Class only. This limitation is being relaxed in the next release. Apple & Rossen Informational [Page 40] RFC 2116 X.500 Implementations Catalog-96 April 1997 INTERNETWORKING ENVIRONMENT [RFC 1006] with TCP/IP,TP4, [RFC-1070] with IP,IPX, and NetBEUI. HARDWARE PLATFORMS Runs on Microsoft Windows hardware platforms. SOFTWARE PLATFORMS Windows 95, Windows NT, Windows for Workgroups NUMBER OF IMPLEMENTATIONS IN THE FIELD > 1,000 AVAILABILITY Commercially Available. Contact: Cycle Software,Inc. 1212 Hancock St. Quincy, MA 02169 Voice- 617-770-9594 Fax- 617-770-9903 E-mail cycle@livedata.com. DATE LAST UPDATED or CHECKED 1/96 ADDITIONAL INFORMATION and/or COMMENTS [No information provided. -- Ed.] Apple & Rossen Informational [Page 41] RFC 2116 X.500 Implementations Catalog-96 April 1997 NAME DC X500 Data Connection Ltd 100 Church Street Enfield Middlesex EN2 6BQ UK ABSTRACT DC X500 provides a truly scalable X.500 based enterprise directory server with the necessary architectural flexibility to enable integration with existing database and directory technologies. From a pure X.500 standpoint, DC X500 provides a full function state-of-the-art DSA implementation. * Architected from scratch according to the 1993 X.500 standards (i.e. not a 1988 DSA with 1993 features grafted on) * Support for all the key X.500 OSI protocols: * Directory Access Protocol (DAP) for user access * Directory System Protocol (DSP) for distributed DSA comunications * Directory Information Shadowing Protocol (DISP) to support replication between servers to give improved performance in a distributed network * Support of the 1993 Basic Access Control and Simplified Access Control models * Support for the key Internet X.500 related standards: * integrated Lightweight DAP (LDAP)for DUA access * Madman MIBs for easy integration with SNMP The DC X500 architecture is based on Data Connection's underlying product architecture which has evolved since 1987 and includes: * genuine multi-threaded implementation Apple & Rossen Informational [Page 42] RFC 2116 X.500 Implementations Catalog-96 April 1997 * true portability (the product is available on a range of operating systems e.g Windows NT, AIX, HP-UX. OS/2 etc and it is possible to port the core technology to any hardware/software platform) * secure service recording for operation tracking and billing * support for system monitoring (both alarms and statistics) Key product features include: * Name resolution and integrated use of Search Indices based on 2-3 trees leads to high performance operation evaluation (subsecond response times on million entry DSAs) * Generic schema support based on 1993 concepts that allows customers to tailor the schema to meet their precise data structuing requirements * System recycle time is minimised (e.g. DC X500 can be backed up while running and search indices are dynamically updated), helping achieve the goal of continuous (24x7) availability and high reliability. * No artificial software constraints are imposed resulting in a truly scalable product - assuming the availability of the necessary hardware DC X500 can be configured to support millions of entries in a single DSA. DC X500 is certified for used within the Paradise Pilot project. The product has also undergone interoperability testing at the EuroSInet interoperability workshops in Europe. COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs) From 1988 X.519 9.2 Conformance by DSAs 9.2.1 Statement Requirements a) directoryAccessAC and directorySystemAC are both supported b) the DSA can act as a first level DSA c) the chained mode of ooperation is supported. Apple & Rossen Informational [Page 43] RFC 2116 X.500 Implementations Catalog-96 April 1997 d) security levels none and simple as supported with the delivered product. However, the product is architectured to interface to an external security module to support strong authentication. e) DC X500 supports the selected attribute types defined in X.520. f) DC X500 supports the selected object classes defined in X.521. 9.2.2 Static Requirements DC X500 supports the static requirements implied by the above statement. 9.2.3 Dynamic Requirements DC X500 supports the dynamic requirements implied by the above statement. COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs) From 1993 X.519 9.2 Conformance by DSAs 9.2.1 Statement Requirements a) directoryAccessAC and directorySystemAC are both supported b) n/a c) the DSA can act as a first level DSA d) the chained mode of ooperation is supported. e) security levels none and simple as supported with the delivered product. However, the product is architectured to interface to an external security module to support strong authentication. f) DC X500 supports the selected attribute types defined in X.520. Attributes based on the syntax DirectoryString using the UNIVERSAL STRING choice can be stored however the UNIVERSAL STRING choice cannot be used for matching rules. g) DC X500 supports the selected object classes defined in X.521. Apple & Rossen Informational [Page 44] RFC 2116 X.500 Implementations Catalog-96 April 1997 h) DC X500 supports the following extensions subentries Y copyShallDo Y attributeSizeLimit Y extraAttributes Y modifyRightsRequest N pagedResultsRequest N matchedValuesOnly N extendedFilter N targetSystem N useAliasOnUpdate Y newSuperior Y i) DC X500 does not support collective attributes j) DC X500 does not support hierarchical attributes k) DC X500 supports the following operational attributes Directory Operational Attributes: structural object class governing structural rule create timestamp modify timestamp creators name modifiers name prescriptive ACI entry ACI subentry ACI DSA Operational Attributes: myAccessPoint superiorKnowledge supplierKnowledge (*) consumerKnowledge(*) secondaryShadows (*) * - supported using local proprietary extension Distributed Operation Attributes (dsa-shared): specificKnowledge nonSpecificKnowledge Apple & Rossen Informational [Page 45] RFC 2116 X.500 Implementations Catalog-96 April 1997 l) DC X500 supports return of alias names m) DC X500 supports indicating that returned entry information is complete n) DC X500 supports modifying the object class attribute to add and/or remove values identifying auxiliary object classes o) DC X500 supports Basic Access Control p) DC X500 supports Simplified Access Control q) DC X500 does not support subschema administration as defined in X.501. r) DC X500 supports the name binding defined in X.521 s) DC X500 cannot administer collective attributes. 9.2.2 Static Requirements DC X500 supports the static requirements implied by the above statement. 9.2.3 Dynamic Requirements DC X500 supports the dynamic requirements implied by the above statement. 9.3 Conformance By Shadow Supplier 9.3.1 Statement Requirements a) shadowSupplierInitiatedAC and shadowConsumerInitiatedAC are supported. b) security levels none and simple as supported with the delivered product. However, the product is architectured to interface to an external security module to support strong authentication. c) DC X500 supports the following UnitOfReplication: * Entry filtering on object class is supported * Selection/Exclusion of attributes via a AttributeSelection is not supported Apple & Rossen Informational [Page 46] RFC 2116 X.500 Implementations Catalog-96 April 1997 * Inclusion of subordinate knowledge in the replicated area is supported * Inclusion of extended knowledge in addition to subordinate knowledge is supported 9.3.2 Static Requirements a) DC X500 supports the shadowSupplierInitiatedAC and shadowConsumerInitiatedAC b) DC X500 provides support for modifyTimestamp and createTimestamp operational attributes 9.3.3 Dynamic Requirements a) DC X500 conforms to the mapping onto used services defined in clause 8 b) DC X500 conforms to the procedures of X.525 as they relate to DISP. 9.4 Conformance by a Shadow Consumer 9.4.1 Statement Requirements a) shadowSupplierInitiatedAC and shadowConsumerInitiatedAC are supported. b) security levels none and simple as supported with the delivered product. However, the product is architectured to interface to an external security module to support strong authentication. c) DC X500 can act as a secondary supplier. d) DC X500 does not support shadowing o overlapping units of replication. (Overlapping Administration Points are supported though). 9.4.2 Static Requirements a) DC X500 supports both shadowSupplierInitiatedAC and shadowConsumerInitiatedAC. b) DC X500 supports the modifyTimestamp and createTimestamp operational attributes. Apple & Rossen Informational [Page 47] RFC 2116 X.500 Implementations Catalog-96 April 1997 c) DC X500 supports the copyShallDo service element 9.4.3 Dynamic Requirements a) DC X500 conforms to the mapping onto used services defined in clause 8 b) DC X500 conforms to the procedures of X.525 as they relate to DISP. CONFORMANCE WITH PROPOSED INTERNET STANDARDS [No information provided. -- Ed.] CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs [No information provided. -- Ed.] INTEROPERABILITY DC X500 has interoperated with the following implementations: DUAs: ICL SNI Net-tel Bull AT&T CDC Digital ICL Nexor DSAs: SNI ICL AT&T CDC Digital ICL Net-tel Nexor Apple & Rossen Informational [Page 48] RFC 2116 X.500 Implementations Catalog-96 April 1997 PILOT CONNECTIVITY DC X500 has been tested and approved for connectivity to the PARADISE pilot project. BUGS [No information provided. -- Ed.] CAVEATS AND GENERAL LIMITATIONS [No information provided. -- Ed.] INTERNETWORKING ENVIRONMENT DC X500 supports the following network connectivity: * [RFC 1006] with TCP/IP * TP0 with X.25 HARDWARE PLATFORMS DC X500 is a portable product SOFTWARE PLATFORMS DC X500 is a portable product. It is available on the following plaforms: * UNIX, including * IBM AIX * HP UX * Sun Solaris * Windows NT * OS/2. Porting to further UNIX platforms is very straightforward, in particular where existing transport services are available. Other proprietary systems (such as Novell's Netware, Digital's VMS or fault tolerant or mainframe environments) can also be supported if required. Apple & Rossen Informational [Page 49] RFC 2116 X.500 Implementations Catalog-96 April 1997 NUMBER OF IMPLEMENTATIONS IN THE FIELD [No information provided. -- Ed.] AVAILABILITY DC X500 is commercially available. For further details, please contact: Nigel Ratcliffe Data Connection Ltd 100 Church Street Enfield Middlesex EN2 6BQ UK Tel: +44 181 366 1177 E-mail: nr@datcon.co.uk DATE LAST UPDATED or CHECKED February 1996 ADDITIONAL INFORMATION and/or COMMENTS Data Connection provides a whole series of directory applications, including a corporate telephone directory, e-mail synchronisation, security services, groupware directory integration and a directory publishing application. These can be accessed by Windows applications or standard web browsers. Further information can be found at http://www.datcon.co.uk. Apple & Rossen Informational [Page 50] RFC 2116 X.500 Implementations Catalog-96 April 1997 NAME DE ABSTRACT DE (Directory Enquiries) is intended to be a simple-to-use DUA interface, suitable for the naive user, and suitable for running as a public access dua. it will work on any terminal. The user is presented with a series of (verbose) prompts asking for person's name department organization country. There is extensive on-line help. The matching algorithms are such that near matches are presented to the user before less good matches. There have been a few minor enhancements since the description in [RFC 1632]. The power searching feature still sets DE apart from most other DUAs - this allows a user to search for an entry even when they do not know the name of the organisation in which the person works - you still have to specify the country. DE also allows UFN style searching. DE uses slightly different search algorithms depending on whether it is accessing part of the Directory mastered by a Quipu DSA - Quipu DSAs tend to use lots of replication and so encourage searching. DE incorporates a QOS feature where it maintains a database of past information availability and DSA responsiveness. Translations exist into at least 4 different languages. DE runs over ISODE DAP and University of Michigan LDAP. There is a version of DE, called DOS-DE, which has been ported to DOS, and this uses LDAP. DE was funded by the COSINE PARADISE project, and DE is used as the PARADISE public access dua. You can test the software by telnet to directory.ja.net and logging in as dua -- no password required. COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs) N/A COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs) [No information provided -- Ed.] CONFORMANCE WITH PROPOSED INTERNET STANDARDS [RFC 1274] and [RFC 1487] Yes and yes Apple & Rossen Informational [Page 51] RFC 2116 X.500 Implementations Catalog-96 April 1997 CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs [RFC 1484]. yes INTEROPERABILITY N/A PILOT CONNECTIVITY The interface is widely used in the publicly accessible PARADISE directory. BUGS Doesn't handle aliases well when power searching. Send bug reports to: p.barker@cs.ucl.ac.uk CAVEATS AND GENERAL LIMITATIONS DE tries to cater well for the general case, at the expense of not dealing with the less typical. The main manifestation of this is that the current version does not handle searching under localities very well. It can handle photographs and reproduce sound attributes if these are dealt with by ancillary programs. INTERNETWORKING ENVIRONMENT [RFC 1006] with TCP/IP, TP0 or TP4 with X.25, and LDAP. HARDWARE PLATFORMS UNIX + DOS platforms SOFTWARE PLATFORMS UNIX + DOS NUMBER OF IMPLEMENTATIONS IN THE FIELD [No information provided. -- Ed.] Apple & Rossen Informational [Page 52] RFC 2116 X.500 Implementations Catalog-96 April 1997 AVAILABILITY The software is freely available from ftp://cs.ucl.ac.uk/dirpilot/de-7.0.tar.Z The DOS version is freely available. Look in the following directory: ftp://ftp.bath.ac.uk/pub/x500/dosde7/ DATE LAST UPDATED or CHECKED March 96 ADDITIONAL INFORMATION and/or COMMENTS [No Information Provided -- Ed.] Apple & Rossen Informational [Page 53] RFC 2116 X.500 Implementations Catalog-96 April 1997 NAME Digital X.500 Directory Server Digital Equipment Corporation This single entry covers a number of different products ABSTRACT The Digital X.500 Directory Services product set includes a directory server product and a variety directory user agents, as well as a directory synchronizer utility. The Digital X.500 Directory Server product provides a high performance DSA implemented according to the 1993 edition of the standard. The InfoBroker Server product extends this to provide the server component for LDAP and WWW user agents. Features of these servers include: * Integrated multi-protocol support allowing concurrent DAP, DSP, DISP and DOP access over OSI and TCP/IP (using [RFC 1006]) protocols. * Indexed database (DIB) to support high-performance searching and sophisticated matching including approximate match. * A DIB based on the 1993 edition Extended Information Models. * Support for chaining and referrals in support of a distributed DIB * Support for the 1993 edition Basic Access Control scheme. * Configurable schema based on the 1993 edition (including attributes, object classes, structure rules, name forms). * Support for 1993 edition Shadowing using the DISP and DOP protocol, including both incremental and on-change features for high performance. * Remote management to control DSAs and log significant events. * Support for the LDAP protocols using the InfoBroker Server product across either TCP/IP or DECnet transport protocols. * A Look-up Daemon that accepts requests from Web Browsers, allowing access to the directory from any web browser. * Both X/OPEN XDS/XOM and LDAP APIs. Apple & Rossen Informational [Page 54] RFC 2116 X.500 Implementations Catalog-96 April 1997 * An award winning documentation set. The Digital X.500 Administration Facility, X.500 Information Manager and InfoBroker Client products provide MS-Windows, Motif and command line interfaces to access and manage the information stored in the X.500 directory, including: * Support for different ways of accessing the directory, either by browsing or searching based on an extensible set of filters. * Support for bulk load, unload and reload of entries. * Driven off the same configurable schema information as the DSA allowing extensibility of window layouts and text to support customer-defined object classes and attributes. The Synchronizer-500 is an X.500 DUA which: * Enables bi-directional synchronization between X.500 and virtually ANY other non-X.500 directory facilitating common management. * Maps incoming data into X.500 using flexible configuration files * Facilitates creation of a multivendor electronic mail database, creating addresses in the appropriate syntax for any mail system. * Provides uniqueness checking on mnemonic O/R addresses, preventing address duplication COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs) The Digital X.500 Directory Services products are based on the 1993 edition standard. They are compatible with, and interwork with, 1988 edition DUAs and DSAs, and are implemented to conform to relevant NIST OIW and EWOS agreements and the X.500 Implementors Guide. OSTC conformance testing (1988 DUA/DAP, DSA/DAP) has been completed and registered successfully. The X.500 Directory Server is registered as conformant to US-GOSIP. Apple & Rossen Informational [Page 55] RFC 2116 X.500 Implementations Catalog-96 April 1997 COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs) Conformance with respect to clause 9.2 of ISO/IEC 9594-5:1993: * Supports the directoryAccessAC (DAP) and directorySystemAC (DSP) application contexts. * The DSA is capable of acting as a first-level DSA. * Chaining is supported. * Bind security levels of simple (unprotected password) and none are supported. * Supports the shadowSupplierInitiatedAC and shadowConsumerInitiatedAC in both synchronous and asynchronous variants (DISP protocol) and the directoryOperationalBindingManagementAC (DOP protocol) for shadowing * All attribute types defined in ISO/IEC 9594-6:1993 are supported except for 1993 edition supertypes and collective attributes and EnhancedSearchGuide. Customers can define new attribute types. UNIVERSAL STRING is not supported for attributes based on DirectoryString. * All object classes defined in ISO/IEC 9594-7:1993 are supported. Customers can define new object classes. * The following operational attributes are supported: governingStructureRule myAccessPoint modifyTimestamp supplierKnowledge superiorKnowledge specificKnowledge consumerKnowledge prescriptiveACI dseType entryACI createTimestamp * Dynamic modification of object class is permitted * Basic Access Control is supported with some restrictions. * All name forms defined in ISO/IEC 9594-7:1993 are supported. Customers can defined new name forms and structure rules. Apple & Rossen Informational [Page 56] RFC 2116 X.500 Implementations Catalog-96 April 1997 CONFORMANCE WITH PROPOSED INTERNET STANDARDS The InfoBroker products support the V1 and V2 LDAP protocols for easy integration into LDAP-compliant client and server environments. Standards supported include [RFC 1006], [RFC 1274], [RFC 1277], [RFC 1777], [RFC 1779]. CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs RFCs supported include [RFC 1278], [RFC 1558] INTEROPERABILITY Digital has performed X.500 interoperability testing at various Eurosinet and OSInet events, during the COS Pilot activity and in- house. In addition, Digital's products were part of the EEMA Interoperability Demonstration in Amsterdam 1995. Digital has achieved successful DAP and DSP interworking with a number of vendors. In the a recent Eurosinet Interoperability event, tests were performed against: AT&T ISOCOR Control Data Systems NET-TEL Computer Systems Ltd DCL (Data Connection Ltd) NEXOR ICL SNI (Siemens Nixdorf) In addition, previous interoperability tests have been performed against: Hewlett Packard Telstra ISODE Consortium UNISYS QUIPU Digital has performed limited successful 1993 DISP (Replication) interworking with two vendors at a Eurosinet Interoperability event. These were: ICL NEXOR All interoperability test results will be available on request from Digital. PILOT CONNECTIVITY Digital is actively involved in both public and private pilots of X.500. Apple & Rossen Informational [Page 57] RFC 2116 X.500 Implementations Catalog-96 April 1997 BUGS Digital provides complete software maintenance services with products on a worldwide basis. CAVEATS AND GENERAL LIMITATIONS None INTERNETWORKING ENVIRONMENT The Digital X.500 Services products operate over: * [RFC 1006] over TCP/IP * OSI TP0, TP2 and TP4 over CLNS and CONS as appropriate * TCP/IP or DECnet transport protocols to communicate with an LDAP server. HARDWARE PLATFORMS The Digital X.500 Directory Service products run on: * Alpha processors supported by Digital UNIX * Alpha and VAX processors supported by OpenVMS SOFTWARE PLATFORMS The Digital X.500 Directory Service products currently run on: * Digital UNIX running DECnet/OSI * OpenVMS/AXP running DECnet/OSI * OpenVMS/VAX running DECnet/OSI For the latest availability on these and other other hardware and software platforms please contact Digital. NUMBER OF IMPLEMENTATIONS IN THE FIELD [No information provided. -- Ed.] Apple & Rossen Informational [Page 58] RFC 2116 X.500 Implementations Catalog-96 April 1997 AVAILABILITY The Digital X.500 Directory Service products are commercially available from Digital Equipment Corporation. For further information please contact your local Digital office and quote SPD numbers 40.77.XX, 53.32.XX, 53.33.XX and 60.43.XX, or contact one of: Ian Gunn, Product Manager: Nick Tatham, Engineering Manager: Tel: +1 603 881 0762 Tel: +44 1734 203635 Email: ian.gunn@zko.mts.dec.com Email: nick.tatham@reo.mts.dec.com Digital Equipment Corporation Digital Equipment Co. Ltd Corporate Software Engineering Corporate Software Engineering 110 Spit Brook Road PO Box 121 Nashua, NH. 03062-2698 Reading, RG2 0TU USA UK DATE LAST UPDATED or CHECKED 13th November 1995 ADDITIONAL INFORMATION and/or COMMENTS None Apple & Rossen Informational [Page 59] RFC 2116 X.500 Implementations Catalog-96 April 1997 NAME DIR.D(tm) V2.6 Siemens Nixdorf Informationssysteme AG ABSTRACT DIR.D V2.6 is Siemens Nixdorf's directory browser product. Through its file manager like user interface only retrieval operations are supported. The DDE interface also allows for modification operations. DIR.D is an MS-Windows application acting as an LDAP client. Among others, DIR.D has the following features: * Graphical representation of the DIT * Tree browsing * Simple and complex searches, including approximate search * Adaptable to any directory schema * Configurable user interface * Automatic unbind after idle time * Anonymous and simple unprotected bind * Tight integration with SNI's X.400 user agent MAIL.D and CIT product ComfoPhone * Data transfer to Windows applications via clipboard, file, Drag&Drop, and DDE COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs) DIR.D V2.6 is an LDAP client. COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs) DIR.D V2.6 is an LDAP client. CONFORMANCE WITH PROPOSED INTERNET STANDARDS DIR.D V2.6 is compliant with the following RFCs: [RFC 1777], [RFC 1778], [RFC 1779]. Apple & Rossen Informational [Page 60] RFC 2116 X.500 Implementations Catalog-96 April 1997 CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs DIR.D V2.6 is compliant with the following RFCs: [RFC 1278], [RFC 1558]. INTEROPERABILITY DIR.D V2.6 is based on University of Michigan's LDAP implementation V3.0. It can interoperate with any LDAP server. PILOT CONNECTIVITY DIR.D V2.6 is used to browse in the European NameFLOW-PARADISE pilot network. BUGS To report bugs and/or to retrieve additional information on SNI's directory products please send mail to infoline- com@s41.mch1.x400scn.sni.de. CAVEATS AND GENERAL LIMITATIONS DIR.D V2.6 was designed for information retrieval. INTERNETWORKING ENVIRONMENT LDAP with TCP/IP HARDWARE PLATFORMS PC (Intel) SOFTWARE PLATFORMS Windows 3.1 + Winsockets Windows for Workgroups 3.11 + Winsockets Windows 95 Windows NT 3.5 OS/2 3.0 + Windows for OS/2 + Winsockets NUMBER OF IMPLEMENTATIONS IN THE FIELD > 10,000 Apple & Rossen Informational [Page 61] RFC 2116 X.500 Implementations Catalog-96 April 1997 AVAILABILITY DIR.D V2.6 can be delivered as a binary product. It is commercially available from: Siemens Nixdorf Informationssysteme AG ASW BA COM 1 D-81730 Munich Germany Please contact Giovanni Rabaioli Voice: +49/89-636-41095 Fax: +49/89-636-42552 Mail: Giovanni.Rabaioli@mch.sni.de DATE LAST UPDATED or CHECKED April 1996 ADDITIONAL INFORMATION and/or COMMENTS The following X.500 products are also part of SNI's X.500 product family: DIR.X V4.0 1993 X.500 Directory Service DIR.X V3.1 1988 X.500 Directory Service ORG.D V2.1 Full administrative LDAP browser DIR.X-SYNC V2.0 Directory synchronization Apple & Rossen Informational [Page 62] RFC 2116 X.500 Implementations Catalog-96 April 1997 NAME DIR.X (tm) V3.1 Siemens Nixdorf Informationssysteme AG ABSTRACT DIR.X V3.1 is Siemens Nixdorf's Directory Service product compliant with the 1988 ITU-T X.500 recommendations. Siemens Nixdorf has supplied its Directory Service product as the GDS (Global Directory Service) component to OSF DCE. However, DIR.X V3.1 has a number of features and enhancements which are not available in the GDS component of OSF DCE. DIR.X V3.1 is a distributed, replicated Directory Service. It consists of DSA, DUA and a tools package including comfortable administration and management utilities. DIR.X implements the protocol stack ranging from LDAP, DAP, DSP over ACSE, ROSE, Presentation, Session down to [RFC 1006]. On transport layer it supports TCP/IP and OSI LAN/WAN protocols. Data stored by DIR.X can be accessed via * the MS-Windows user interfaces DIR.D/ORG.D which are available as separate products from Siemens Nixdorf * any third-party LDAP or DAP browser * directory applications using the standardized X/Open XDS/XOM APIs (Directory Service / OSI Abstract Data Manipulation). The Siemens Nixdorf implementation was the first to gain XPG4-certification. * a command-line administration program * a menu-driven administration program * WWW * a shell interface * the Query-by-mail interface of SNI's directory synchronization product DIR.X-SYNC DIR.X enables * The storage of globally-unique, tree-like name structures which can be mapped onto organizations. Apple & Rossen Informational [Page 63] RFC 2116 X.500 Implementations Catalog-96 April 1997 * The use of several alternative names (aliases) for one and the same directory entry. * Search queries that allow the user to select objects on the basis of specific attributes and their values, as with a "Yellow Pages" telephone directory * Treemanagement functions which can cover entire subtrees. * The creation and automatic updating of copies ("shadows") from remote computers. * Access protection at attribute level, which regulates access on an object-specific basis. * The storage of unstructured attributes (graphics, pixels). The tools package of DIR.X V3.1 includes: * gdssetup: A simple-to-use tool for the generation and initialization of a directory configuration. * gdshdsch: Enables the directory administrator to modify the directory schema off-line. * X.500 MIB access via SNMP * gdscp: A TCL based administration tool for UNIX clients with full XDS functionality * gdshd: A powerful import/export tool Additional features include: * support for ISO 8859-1 characters * dynamic schema modifications * caching. Apple & Rossen Informational [Page 64] RFC 2116 X.500 Implementations Catalog-96 April 1997 COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs) DIR.X V3.1 fully complies with the following ITU-T recommendations and ISO/IEC standards: ITU-T ISO/IEC Title X.500 9594-1 Overview of Concepts, Models, and Services X.501 9594-2 Models X.511 9594-3 Abstract Service Definition X.518 9594-4 Procedures for Distributed Operations X.519 9594-5 Protocol Specifications X.520 9594-6 Selected Attribute Types X.521 9594-7 Selected Object Classes X.509 9594-8 Authentication Framework DIR.X V3.1 was successfully conformance tested by the OSI Test Laboratory of Siemens Nixdorf. The OSI Test Laboratory is accredited by BAPT/DEKITZ (registration number TTI-P-G055/92-40). Test reports, PICS per X.581/X.582 and PIXITs are available for all tested protocols: DSA/DAP, DUA/DAP, Presentation, ACSE, and Session embedded in X.500. COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs) DIR.X V3.1 is not compliant with the 1993 ITU-T recommendations. Please refer to the DIR.X V4.0 implementation description. CONFORMANCE WITH PROPOSED INTERNET STANDARDS DIR.X V3.1 is compliant with the following RFCs: [RFC 1274], [RFC 1277], [RFC 1565], [RFC 1567], [RFC 1777], [RFC 1778], [RFC 1779]. CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs DIR.X V3.1 is compliant with the following RFCs: [RFC 1278], [RFC 1558], [RFC 1801]. INTEROPERABILITY DIR.X V3.1 can interoperate with: * OSF DCE Global Directory Service (GDS) * ISODE Consortium Quipu V8.0 * ISODE Consortium 93 DSA R3.0 * AT&T OpenDirectory 2.0.1 Apple & Rossen Informational [Page 65] RFC 2116 X.500 Implementations Catalog-96 April 1997 * Bull X.500-DS and X.500-DUA * Control Data MailHub 2.4 * Data Connection DC X500 V1 * Digital DEC X.500 Directory Services V2.0 * ICL I500 DSA V5.2 * ISOCOR ISOPLEX DS V1.00 * NET-TEL RouteFinder 500 DSA 1.0 * NEXOR Messageware Directory Server V0.9 * Olivetti UX_X500 V1.1 * Unisys TransIT X.500 V7.1 PILOT CONNECTIVITY Several DIR.X V3.1 DSAs and DUAs are connected to the European NameFLOW- PARADISE pilot network. BUGS To report bugs and/or to retrieve additional information on SNI's directory products please send mail to infoline- com@s41.mch1.x400scn.sni.de. CAVEATS AND GENERAL LIMITATIONS DIR.X V3.1 is highly portable and without any general limitation. SNMP support is available for SNI platforms only. INTERNETWORKING ENVIRONMENT [RFC 1006] with TCP/IP OSI TP0, TP2 with X.25 OSI TP4 with CLNP OSI TP4 with CONS (LAN) HARDWARE PLATFORMS SNI platforms (RM200/300/400/600, Pyramid Nile 100/150, MX300i/500i) for X.25: X.25 board needed Apple & Rossen Informational [Page 66] RFC 2116 X.500 Implementations Catalog-96 April 1997 IBM RS/6000 for X.25: X.25 board needed HP 9000 for X.25: X.25 board needed Sun Sparc no X.25 board needed (X.25 can use the serial line) PC (Intel) for X.25: X.25 board needed SOFTWARE PLATFORMS SINIX 5.42 + CMX + XTI for X.25: WAN-CCP needed Pyramid Nile 100/150 DC/OSx1.1 Unixware AIX 3.2 for X.25: OSI/6000 needed HP-UX 9.01 for X.25: OTS 9000 needed Solaris 2.3 for X.25: SunLink X.25 and SunLink OSI needed NUMBER OF IMPLEMENTATIONS IN THE FIELD 100 and growing AVAILABILITY DIR.X V3.1 can be delivered as a binary product or as source to OEM customers. It is commercially available from: Siemens Nixdorf Informationssysteme AG ASW BA COM 1 D- 81730 Munich Germany Please contact Giovanni Rabaioli Voice: +49/89-636-41095 Fax: +49/89-636-42552 Mail: Giovanni.Rabaioli@mch.sni.de Apple & Rossen Informational [Page 67] RFC 2116 X.500 Implementations Catalog-96 April 1997 DATE LAST UPDATED or CHECKED April 1996 ADDITIONAL INFORMATION and/or COMMENTS The following X.500 products are also part of SNI's X.500 product family: DIR.X V4.0 1993X.500 Directory Service DIR.D V2.6 LDAP browser for information retrieval ORG.D V2.1 Full administrative LDAP browser DIR.X-SYNC V2.0 Directory synchronization Apple & Rossen Informational [Page 68] RFC 2116 X.500 Implementations Catalog-96 April 1997 NAME DIR.X (tm) V4.0 Siemens Nixdorf Informationssysteme AG ABSTRACT DIR.X V4.0 is Siemens Nixdorf's Directory Service product compliant with the 1993 ITU-T X.500 recommendations. The implementation incorporates SNI's experience of 10 years development, support and maintenance of the DIR.X products conformant to the 1988 Directory Standards, and has the following main features: * It conforms to the 1993 Directory standards, with particular emphasis on the requirements for interoperability with other X.500 implementations * The implementation is scaleable: it handles small-scale workgroup directories as well as very large directories for backbone solutions in large organisations * The implementation is extensible: new functionality can easily be incorporated * Existing databases and proprietary directory services can be accessed or integrated with the implementation. * Particular emphasis is placed on ease of administration of the Directory Service a service based on DIR.X V4.0 can be administered effectively from a central site, including the management of configuration and monitoring options * The implementation has a high throughput performing well not only on small systems, but also on high-performance backend servers, handling hundreds of requests in parallel on a multiprocessor machine. DIR.X V4.0 is a distributed, replicated Directory Service. It consists of: * DSA * DUA * Command-line DUA using a TCL (Tool Control Language) shell interface (dirxcp) * Management centre (dirxadm) Apple & Rossen Informational [Page 69] RFC 2116 X.500 Implementations Catalog-96 April 1997 * Toolkit for application development Data stored by DIR.X can be accessed via * the MS-Windows user interfaces DIR.D/ORG.D which are available as separate products from Siemens Nixdorf * any third-party LDAP or DAP browser * directory applications using the standardized X/Open XDS/XOM APIs (Directory Service / OSI Abstract Data Manipulation). The Siemens Nixdorf implementation was the first to gain XPG4-certification. * a command-line administration program * a menu-driven administration program * WWW * a shell interface * the Query-by-mail interface of SNI's directory synchronization product DIR.X-SYNC DIR.X V4.0 is fully backwards compatible with 1988 DSAs and DUAs. COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs) DIR.X V4.0 is fully backwards compatible with the following ITU-T recommendations and ISO/IEC standards: ITU-T ISO/IEC Title X.500 9594-1 Overview of Concepts, Models, and Services X.501 9594-2 Models X.511 9594-3 Abstract Service Definition X.518 9594-4 Procedures for Distributed Operations X.519 9594-5 Protocol Specifications X.520 9594-6 Selected Attribute Types X.521 9594-7 Selected Object Classes X.509 9594-8 Authentication Framework Apple & Rossen Informational [Page 70] RFC 2116 X.500 Implementations Catalog-96 April 1997 COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs) DIR.X V4.0 fully complies with the following ITU-T recommendations and ISO/IEC standards: ITU-T ISO/IEC Title X.500 9594-1 Overview of Concepts, Models, and Services X.501 9594-2 Models X.511 9594-3 Abstract Service Definition X.518 9594-4 Procedures for Distributed Operations X.519 9594-5 Protocol Specifications X.520 9594-6 Selected Attribute Types X.521 9594-7 Selected Object Classes X.509 9594-8 Authentication Framework X.525 9594-9 Replication CONFORMANCE WITH PROPOSED INTERNET STANDARDS DIR.X V4.0 is compliant with the following RFCs: [RFC 1274], [RFC 1277], [RFC 1565], [RFC 1567], [RFC 1777], [RFC 1778], [RFC 1779]. CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs DIR.X V4.0 is compliant with the following RFCs: [RFC 1278], [RFC 1558], [RFC 1801]. INTEROPERABILITY Interoperability tests have not been completed yet. PILOT CONNECTIVITY [No information provided. -- Ed.] BUGS To report bugs and/or to retrieve additional information on SNI's directory products please send mail to infoline- com@s41.mch1.x400scn.sni.de. CAVEATS AND GENERAL LIMITATIONS DIR.X V4.0 is highly portable and without any general limitation. Apple & Rossen Informational [Page 71] RFC 2116 X.500 Implementations Catalog-96 April 1997 INTERNETWORKING ENVIRONMENT [RFC-1006] with TCP/IP OSI TP0, TP2 with X.25 OSI TP4 with CLNP OSI TP4 with CONS (LAN) HARDWARE PLATFORMS SNI platforms (RM200/300/400/600, Pyramid Nile 100/150) for X.25: X.25 board needed IBM RS/6000 for X.25: X.25 board needed HP 9000 for X.25: X.25 board needed Sun Sparc no X.25 board needed (X.25 can use the serial line) PC (Intel) for X.25: X.25 board needed SOFTWARE PLATFORMS SINIX 5.42 + CMX + XTI for X.25: WAN-CCP needed Pyramid Nile 100/150 DC/OSx1.1 Windows NT 3.51 AIX 4.1 for X.25: OSI/6000 needed HP-UX 10.0 for X.25: OTS 9000 needed Solaris 2.5 for X.25: SunLink X.25 and SunLink OSI needed NUMBER OF IMPLEMENTATIONS IN THE FIELD Field testing to be started in Summer 1996. Apple & Rossen Informational [Page 72] RFC 2116 X.500 Implementations Catalog-96 April 1997 AVAILABILITY DIR.X V4.0 can be delivered as a binary product or as source to OEM customers. It is commercially available from: Siemens Nixdorf Informationssysteme AG ASW BA COM 1 D-81730 Munich Germany Please contact Giovanni Rabaioli Voice: +49/89-636-41095 Fax: +49/89-636-42552 Mail: Giovanni.Rabaioli@mch.sni.de DATE LAST UPDATED or CHECKED April 1996 ADDITIONAL INFORMATION and/or COMMENTS The following X.500 products are also part of SNI's X.500 product family: DIR.X V3.1 1988 X.500 Directory Service DIR.D V2.6 LDAP browser for information retrieval ORG.D V2.1 Full administrative LDAP browser DIR.X-SYNC V2.0 Directory synchronization Apple & Rossen Informational [Page 73] RFC 2116 X.500 Implementations Catalog-96 April 1997 NAME DIR.X-SYNC (tm) V2.0 Siemens Nixdorf Informationssysteme AG ABSTRACT DIR.X-SYNC V2.0 enables the synchronization of existing e-mail address directories in the X.500-based DIR.X directory service. The standard DIR.X, DIR.X-SYNC and DIR.D (all available from Siemens Nixdorf) products are the foundations on which the corporate directory solutions can be tailored to meet the customer's needs. The corporate directory then becomes the universal information system within the company. The user can access corporate directory information in different ways: * Using DIR.D, SNI's Windows client for the X.500 service, PC users can gain easy access to the DIR.X server containing the corporate directory data. The data found can be transferred to other applications by means of DDE, drag and drop or cut and paste. (See DIR.D V2.6 for further information). * Query by mail: Authorized users can access data stored in the central or distributed directory system over their own mail system. DIR.X-SYNC retrieves the inquiry transmitted by mail and directs it on to the X.500 service. The search results are then delivered back to the user by mail. Using a WWW interface based on TCL scripts Query by mail does not require additional software on the end system. Each mail system connected to the X.400 backbone (e.g. MS-Mail, cc:Mail etc.) can use this function. DIR.X-SYNC currently supports the address formats of the following e-mail systems: * MAIL.X-OD V2.3 * MAIL.2000 V1.2, AKOM * MS-Mail * cc:Mail * Intelligent Messaging Mail (Banyan) Apple & Rossen Informational [Page 74] RFC 2116 X.500 Implementations Catalog-96 April 1997 The standardized ISO-10021 interface for X.400 addresses is supported, enabling need for extension. This means that any type of system capable of generating this format (e.g. WordPerfect, Lotus Notes) can be connected. Address acknowledgment is carried out in ISO format. Functions for the administrator: * Export: Addresses can be exported from local directories. They are delivered as mail messages in ASCII format to the DIR.X-SYNC server. * Upload: The upload server stores the exported local addresses in DIR.X as globally valid X.400 addresses. * Query by Mail: DIR.X-SYNC enables mail members to send a search to the DIR.X-SYNC server by e-mail. Using this function, authorized administrators of the synchronized directories can acquire copies of the corporate directory data. * Administration of the DIR.X-SYNC server with an administration tool which can be used via command line or a command file. Other features include: * Replication and distribution: In addition to the central solution with a single corporate directory server, DIR.X-SYNC also supports replicated or distributed data storage in DIR.X-SYNC server. * Authentication/Authorization: To prevent unauthorized use of the corporate directory system, the O/R addresses of the authorized administrators and users are configured by the DIR.X-SYNC administrator. When a query by mail or an update arrives, the sender address is compared with this address. * Logging: In the case of error, e.g. incorrect file format, the sender (and the administrator configurable) are informed of the fault by mail. At the same time, the error message is saved in a log file for the DIR.X-SYNC administrator. In addition, a "history file" enables the monitoring of the uploads that have run or are currently running COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs) DIR.X-SYNC is a directory application. Apple & Rossen Informational [Page 75] RFC 2116 X.500 Implementations Catalog-96 April 1997 COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs) DIR.X-SYNC is a directory application. CONFORMANCE WITH PROPOSED INTERNET STANDARDS [No information provided. -- Ed.] CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs [No information provided. -- Ed.] INTEROPERABILITY [No information provided. -- Ed.] PILOT CONNECTIVITY [No information provided. -- Ed.] BUGS To report bugs and/or to retrieve additional information on SNI's directory products please send mail to infoline- com@s41.mch1.x400scn.sni.de. CAVEATS AND GENERAL LIMITATIONS The DIR.X-SYNC server runs with SNI's mail service products MAIL.X V2.3 or MAIL.X V3.0. INTERNETWORKING ENVIRONMENT [No information provided. -- Ed.] HARDWARE PLATFORMS SNI platforms (RM200/300/400/600, MX300i/500i) HP 9000 SOFTWARE PLATFORMS SINIX 5.42 HP-UX 10.0 Apple & Rossen Informational [Page 76] RFC 2116 X.500 Implementations Catalog-96 April 1997 NUMBER OF IMPLEMENTATIONS IN THE FIELD 100 AVAILABILITY DIR.X-SYNC V2.0 can be delivered as a binary product. It is commercially available from: Siemens Nixdorf Informationssysteme AG ASW BA COM 1 D- 81730 Munich Germany Please contact Giovanni Rabaioli Voice: +49/89-636-41095 Fax: +49/89-636-42552 Mail: Giovanni.Rabaioli@mch.sni.de DATE LAST UPDATED or CHECKED April 1996 ADDITIONAL INFORMATION and/or COMMENTS The following X.500 products are also part of SNI's X.500 product family: DIR.X V4.0 1993 X.500 Directory Service DIR.X V3.1 1988 X.500 Directory Service DIR.D V2.6 LDAP browser for information retrieval ORG.D V2.1 Full administrative LDAP browser Apple & Rossen Informational [Page 77] RFC 2116 X.500 Implementations Catalog-96 April 1997 NAME DX500 OpenDirectory(tm) Datacraft Australia Pty Ltd ABSTRACT DX500 OpenDirectory is a family of carrier grade, version 1993 X.500 conformant products COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs) [No information provided. -- Ed.] COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs) See WEB page: http://www.datacraft.com.au/dx500ovr.html for up to date details. PICS are available upon request. CONFORMANCE WITH PROPOSED INTERNET STANDARDS [No information provided. -- Ed.] CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs [No information provided. -- Ed.] INTEROPERABILITY OpenDirectory DSA supports: * DX-plorer, 93 full DAP stack, [RFC 1006] client over Winsock * ISOPRO 1.5+ messaging clients * ISOPRO for MAPI messaging clients * ISOPLEX Navigator * ISOPLEX Management Centre * ISOPLEX DS * ISOPLEX Web Gateway * Uni of Mich. - WAX500 * Quipu emulation mode Apple & Rossen Informational [Page 78] RFC 2116 X.500 Implementations Catalog-96 April 1997 PILOT CONNECTIVITY [No information provided. -- Ed.] BUGS [No information provided. -- Ed.] CAVEATS AND GENERAL LIMITATIONS [No information provided. -- Ed.] INTERNETWORKING ENVIRONMENT [No information provided. -- Ed.] HARDWARE PLATFORMS [No information provided. -- Ed.] SOFTWARE PLATFORMS [No information provided. -- Ed.] NUMBER OF IMPLEMENTATIONS IN THE FIELD [No information provided. -- Ed.] AVAILABILITY The software is commercially available from Datacraft, or its distributors. DATE LAST UPDATED or CHECKED March, 96 ADDITIONAL INFORMATION and/or COMMENTS Capable of supporting a million entries, with subsecond response time, on small Unix, with 32 mgbytes of ram, due to a unique patented meta-data design. Apple & Rossen Informational [Page 79] RFC 2116 X.500 Implementations Catalog-96 April 1997 NAME Forum LOOK'UP (tm) Telis Systemes & Communications ABSTRACT Forum LOOK'UP (tm) is a Corporate directory solution based on the X.500 recommendations. It includes: * a Directory System Agent (DSA), * Directory User Agents (DUAs). * local network connections * remote workstation access * a WEB and videotex access * data updating tools * a directory editing tool Forum LOOK'UP is a product based on PIZARRO, the research prototype developed at INRIA by Christian Huitema's team, and commercialized by Telis, a member of the France Telecom group. Characteristics of the DSA are: * The DAP and DSP protocols are provided conformant with X.500 (88). * The DIB is maintained in ASN.1 encoded format in the Unix file system. * Utilities are provided to load and dump the DIB from and to ASCII text files. * As an option, an ORACLE V7 database can also be used. * The DIT structure is held in main memory. Frequently used attributes may be held in inverted tables in memory to speed up searches. * Knowledge management: knowledge on managed domains is stored in Forum LOOK'UP specific attributes of the DSA entries. Apple & Rossen Informational [Page 80] RFC 2116 X.500 Implementations Catalog-96 April 1997 * Schema: The X.500 (88), X.400 (88) and most of the Cosine and Internet Schema are supported. Object class and attribute definitions are enforced. Users may define their own. * Simple authentication is provided strong authentication and signed operations have been tested operationally through Telis's participation in PASSWORD, a VALUE project with aim to pilot a European security infrastructure for network applications. * Access control : the DSA offers a mechanism defined by Telis that is functionally equivalent to a profile of the X500 '93 access control mechanism. The mechanism is based on the notion of administrative domains (autonomous and semi- autonomous). A domain defines the user groups (categories) and their access rights (consult, modify) to specified attribute types. The access rights are defined in prescriptive and entry ACI attributes. * Phonetic searches : administrators may specify a language (English, French, ...) for a subtree of the DIT. Approximate (phonetic) searches will then be carried out in the given language. The software loads a rule database to which new languages and new rules may be added easily. * Management: a Forum LOOK'UP DSA object has been defined to allow operational parameters of the DSA to be managed via DAP. Forum LOOK'UP conforms to X.500 (88) as specified in poaragraph 9 of X.519 Administration tools are provided : * to generate usage statistics automatically and distribute these by mail to administrators * to replicate subtrees of the DIT to other FORUM LOOK'UP DSAs and automatically update shadow copies, * to extract hardcopy listings from the database in an Excel compatible format for "paper" directories, all the management tasks are performed through a GUI (X/Motif). * The GUI includes a "dashboard" for monitoring of servers and the hardware they are installed on. * The DUAs include a graphical directory browser with powerful search functionality for PCs and Macintosh. Apple & Rossen Informational [Page 81] RFC 2116 X.500 Implementations Catalog-96 April 1997 COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs) Forum LOOK'UP conforms to X.500 (88) as specified in paragraph 9 of X.519 COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs) [No information provided. -- Ed.] CONFORMANCE WITH PROPOSED INTERNET STANDARDS [RFC 1274], [RFC 1277], [RFC 1778], [RFC 1779] are supported CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs [RFC 1278], [RFC 1279] are supported INTEROPERABILITY Through the use of Forum LOOK'UP in the French Paradise pilot, interoperability has been informally but extensively tested with Quipu, Marben, SNI DIR/X. PILOT CONNECTIVITY DSA connectivity to the PARADISE pilot. BUGS Forum LOOK'UP is a commercial product. As such, it is supported and bugs are fixed when detected. Bug reports can be sent to our support team via electronic mail. CAVEATS AND GENERAL LIMITATIONS * The DIT structure and inverted attribute tables are stored in main memory. * The recommended main memory size for a DSA is 1kb per node, i.e., 10 Mb for a database of 10,000 objects. * The current recommended maximum for the proprietary database (based on the Unix file system) is a database size of the order of 100,000 objects. * For a larger database one unique server (up to 300,000 objects), the use of the Oracle database is recommended Apple & Rossen Informational [Page 82] RFC 2116 X.500 Implementations Catalog-96 April 1997 * Of the selected attribute types defined in X.500 (88), the searchGuide attribute is not supported * neither are the following attributes from the Cosine and Internet Schema [RFC 1274]: OtherMailbox, MailPreferenceOption and the various quality attributes. INTERNETWORKING ENVIRONMENT Forum LOOK'UP includes a transport stack for TP0 with TCP/IP [RFC 1006] and X.25. The stack has been ported to SunNet OSI for TP4 with CLNP. DUAs on a LAN (Novell Netware, Microsoft Lan Manager, IBM Lan Server) can access the DSA without the need for IP on every Workstation. A module (called SOLO server) available on Novell, OS/2 and UNIX allows to have an IP or X.25 stack only on the file server. It is in charge of forwarding the request to a DSA. A direct access (DUA / DSA) through IP, X.25, PSTN or ISDN is also available. HARDWARE PLATFORMS Forum LOOK'UP can easily be ported to any UNIX machine. It currently runs on: Sun Solaris and Hewlett Packard. A port on IBM AIX is to be completed. SOFTWARE PLATFORMS The Forum LOOK'UP server is portable to any UNIX-like operating system. X/Motif is the interface used for management. The DUAs are available on Windows and Macintosh. ORACLE V7 can be used as a database (option). NUMBER OF IMPLEMENTATIONS IN THE FIELD 30 servers Apple & Rossen Informational [Page 83] RFC 2116 X.500 Implementations Catalog-96 April 1997 AVAILABILITY Forum LOOK'UP is commercially available. For further information contact: Laurence Puvilland, Product manager Email: C=fr A=atlas P=telis-sc O=telis-sc OU1=paris S=puvil