Applying X.500 Naming Conventions to NDS
Articles and Tips: article
Consultant
Novell Consulting Services, Europe
01 Jan 1996
Since its introduction in 1993, NetWare Directory Services (NDS) has become the standard for business-oriented implementation of the X.500 directory service. This Application Note explores the heritage of NDS and offers considerations for X.500-based naming standards for use in the business environment.
- Introduction
- Why Are Naming Conventions Needed?
- General Naming Considerations
- Object Naming Guidelines
- Naming Network Resources
- Documentation Issues
- Browsing the Directory
- Registering an Organization Name
- Summary
- Glossary
- Bibliography
- Appendix A: ISO 3166 Country Codes
- Appendix B: Selected Objects and Attributes
Introduction
As global networking becomes a standard demand, so it has become necessary to store information describing the global network in a way which is accessible to both users and system administrators.
Administering and using information about services and people on a global network requires a directory which stores all the relevant data. To accomplish this, Novell introduced NDS (NetWare Directory Services) with NetWare 4 in 1993. However, Novell did not invent the idea of a global directory. This AppNote will begin with a brief overview of X.500 and the heritage of NDS. Subsequent sections deal with naming standards and naming considerations.
X.500 Overview
The past decade has seen tremendous growth in the deployment of technology for person-to-person communications. Today's electronic infrastructure allows this communication to occur, provided that a communication path to that person is known. Historically, this issue has long ago been seen and resolved in the area of telephone communication. Telephone technology had a similar growth rate, which necessitated rapid development of a phone directory system.
CCITT proposed a solution to the electronic communication problem by providing definitions for a directory containing both humans and resources on a network. This was the birth of the X.500 recommendations.
It is important to understand that the X.500 recommendations do not describe a readily available application. X.500 is simply a definition of services and data. The application development forming the user interface and the system code is left to the computer industry.
Heritage of NDS
As a standard, X.500 forms the foundation of NDS. However, the basic X.500 objects and attributes did not scale very well in a business environment. Without object types defining resources such as computers, printers, and file servers, a directory is limited to Yellow Pages functionality.
In order to introduce these new object and attribute types to NDS, Novell followed the CCITT recommendations and added them in a transparent and portable way.
For utmost flexibility the directory contains within itself definitions for objects, attributes and various administrative values which are not visible to the user. These definitions reside in an invisible portion of the directory tree called the schema. If you are a developer, think of the schema as a Class Library which contains basic object definitions. In order to create a new object one takes an existing object and adds new features to it. This way the class which was inherited remains intact and the new object type is placed in the Class Library as well. An application which needs to now the in and outs of an object type does not need to have these information hardcoded but reads the schema definition of the object. Changes made to object types do not require change of application source code.
From a user's or administrator's perspective, think of the schema as the "social rules" which are passed between generations. Each generation inherits a set of rules, adds new features to them, and passes the new set on to the next generation.
Why Are Naming Conventions Needed?
The requirements for naming standards are obvious. How would one use a phone directory in which the entries were sorted by date of entry instead of alphabetically?
As the requirements are obvious, the question of which naming standard remains. Fortunately some work has already been done on this. The Internet community has come up with documents discussing naming standards and naming considerations: "RFC1617: Naming and Structuring Guidelines for X.500" and "RFC1781: Using the OSI Directory to Achieve User Friendly Naming".
As with other distributed databases, such as DNS, one administrator may not be sufficient to administer the entire directory tree alone. In order to share the work among multiple persons, authority over a portion of the Directory tree (also called an Administrative Area or a Directory Management Domain) is handed to other administrators.
The logistical problem is clear. If, for instance, three administrators are setting up naming standards for their Administrative Area, chances are that all three will implement a different standard.
In the sample tree shown in Figure 1, the administrator at the O=Novell level authorizes the administrator at OU=Eng to manage all objects below it. In turn, the administrator at OU=Eng may authorize the administrator at OU=NDS to manage its area of the directory.
Figure 1: Sample hierarchical tree structure.
General Naming Considerations
Creation of a naming standard includes documenting these standards so that users of the global network are enabled to set up the correct search patterns and transmit them to the directory.
Search patterns are used to locate services or people in the Directory tree. For example, if an HP printer is needed for use with a specific application like a word processor, the user simply uses the NLIST command to search the tree beginning at the current context for the object. A sample search with NLIST would be initiated with this command line:
NLIST Printer=*HP* /s
The search begins with the current container and continues searching all subcontainers.
Here are some other issues to be considered:
Plan the tree with growth in mind. While the Directory tree is relatively small, it is easy to keep location and function of objects in mind. Once the tree grows, however, self-explanatory names are more convenient to work with.
Names shall be short, descriptive and easy to remember. Keep in mind that resources in the tree are used frequently by users of the tree. Long and cryptic names lead to counter-productivity and frustration. Shortand descriptive names, on the other hand, can easily be remembered and reduce training time for new or migrated employees.
Usage of international standards is preferred. It is important to apply international rules, especially in a global tree. For example, the country codes listed in Appendix A are derived from an international standard [ISO 3166].
Use national standards where international standards do not apply. Various countries may have individual specifications for data-for example, street address conventions vary from country to country. Also, ZIP codes and telephone number formats are standardized within individual countries.
Use of national characters. Novell went well beyond the X.500 recommendations by introducing UNICODE character mapping to ensure that national characters like Æ,Æ and Ñ are represented correctly regardless of where in the world the user of the directory resides. While NDS does support national characters, it is worth while to notice that this is advantageous since very few of the current X.500 implementations deal with this sort of issue. Typical users will browse the directory tree using Graphical User Interface applications. Administrators and advanced users who may wish to perform non-GUI searches on the tree may want to use the national characters in the Common Name attribute and use ASCII characters only in the Other Names attribute. For instance, use Hans SÖrensen as the Common Name and Hans Soerensen as Other Names. Umlauts like Ö Ö Ö then appear as oe, ae and ue in Other Names, ß appears as ss, and so on.
Use logical rules where both international and national characters do not apply. In the likely event that no naming conventions for certain objects exist, human-interpretable templates should be used to support naming, using and searching the tree. The section "Naming Network Resources" details examples for templates.
Should spaces be used in names? Spaces within names are allowed. Certain implications are present with the use of the space character. Non-GUI users may need to use quotation marks for the name. For example, the user object Bernd Kunze would log in through login" Bernd Kunze".users.novell. Using spaces in object naming may confuse users of the Directory since a name like Bernd Kunze is not viewed as a single entity but as two words.
Provide user documentation about the company wide naming standard as a reference. It is a good idea to document the naming standards before implementing them. The documented standard leads to higher discipline in naming during tree design and can be used to better support users and administrators in case of questions.
Exceptions to the Rules
Keep exceptions as minimal as possible. Although there will always be exceptions to the naming standards, avoid having exceptions as much as possible to keep things easy for administrators and users. Each time an exception is proposed, consider carefully whether the exception is really needed. Document any necessary exceptions from the rules in the user reference.
Object Naming Guidelines
Country Objects. Country objects (also shown as C=<country code>) should be named in a unique way so that international directory users are able to specify the correct country in search operations. [ISO 3166] defines country codes for almost all countries (see Appendix A). Hence the use of these internationally agreed-upon country codes is suggested. The national representation of the country name can be placed into the Description attribute of the Country object (Figure 2).
Figure 2: Sample Country object information screen.
Organization Objects. Organizations (abbreviated as O=<organization name> are to be named according to their commonly-used names. If the mainly-used name is an abbreviation, use the abbreviation as the organization name and the unabbrevi-ated name as the Other Name for the organization. If the tree is supposed to be visible from outside of the organization, contact information such as Telephone and Fax Number should be provided in the associated attributes (see Figure 3).
Figure 3: Sample Organization object definition screen.
Organizational Unit Objects. OrganizationalUnits (OU=<organizational unit name>) shall reflect the organization scheme of the organization. If the organization scheme already features distinguishable names for departments, they shall be used.
User Objects. Naming human users in a consistent way is particularly critical. The name of a user is defined as a Common Name(CN=<common name<). It is suggested that the naming of those objects follow a standard format. For most countries the format <first-name< <surname< is the most sensible approach. You can use Other Name for an alternative naming of the object (see Figure 4). [RFC 1617] gives an example:
Steve Kille is the name most commonly used to identify this particular human while Stephen E. Kille is the syntactically correct but less often used name. The former would be used as the Common Name while the latter would be used in Other Name.
Alternatively, it is common to form eight-character names by taking the first character from the first name and up to seven characters from the surname. So Steve Kille would become skille. Another example would be bfranken for Bob Frankenberg.
Titles should not be used in the Common Name, but should be specified in the Title attribute.
Figure 4: Sample User object information screen.
Street Address information (including State or Province, Postal Address, and so on) needs to follow the postal mail rules of the country where the object physically resides. Every local postal office should be able to provide syntactical rules for the given country. For example, in some countries like France and the USA, the street address is formed by placing the house number before the street name. Other European countries prefer the house number after the street name.
Access information such as Telephone Number and Facsimile Telephone Number should follow a common format throughout the tree. A typical scheme could be:
+<country code< <area code< <phone number<
or country-code area code phone number>
For example:
+49 211 56310
or 0049 211 56310
The first scheme is the more flexible approach. Some countries dial other codes than 00 before the country codes. The first format leaves it up to the user to know the prefix dial code. The second scheme tells the user exactly what to dial. The tradeoff here is that this scheme is not suitable if the tree covers countries where the country prefix differs from the quasi-standard of 00 (at least in Europe).
|
Note: There is no norm for international telephone country codes. Although most countriesuse a common scheme, some countries differ from it. |
Electronic access information like E-mail Address is dependent on the E-mail system used. Check out the administrative tools of your E-mail software to see if they provide a way to copy this information into the attribute.
Group Objects. Group Names (CN=<group name<) should reflect the activity of the group. Samples are Devp, Eng, Sales, IS, and so on (see Figure 5).
Figure 5: Sample Group object information screen.
Organizational Role Objects. Organizational Roles should reflect the actual role performed in the format:
<Function<_OR
For example: Mail_Administrator_OR.
Naming Network Resources
Since there are no commonly agreed-upon naming conventions for network resources, a naming scheme must be present at the time the tree is designed. Forming names for resources on the network should follow common rules as well so that names can be interpreted and services can be looked up easily. It is essential to balance naming between usability and prediction. Following is a diagram plus a naming example which shows the name and associated attribute (Print Queue Volume) for a Print Queue object.
|
Object |
NamingScheme /Example |
Key |
|
File ServerPrint ServerQueue ServerComputer |
XXX-YY-Z-## - Examples - DUS-IS-F-01 PRV-HR-T-14GER-NC-E-01 |
XXX = Company or Location(i.e. PRV, DUS, LON) YY = Department(i.e. HR, IS) Z = machine typeF = File Server,T = Test Server,P= Print Server,C = Communication Server,S= SAA Server,E = E-MAIL Server,R =Dial in/out Server,M = Network Management,X= FAX Server,D = Database/SQL Server,A= Application Server,U = Unix Workstation,O= OS/2 Workstation,W = Windows Workstation, ## = Numbering (01 .. 99) |
|
Printers |
YY-TTT-LLL-##P - Examples - IS-LJT-PCL-01PHR-HP4-PS-00P |
See below |
|
Print Queues |
YY-TTT-LLL-##Q - Examples - IS-LJT-PCL-01QHR-HP4-PS-12Q |
YY = Departmentor SiteTTT = Type(LJT, DJT, PLT, etc).LLL= Printer Language(PCL or PS)## = Numbering(01 .. 99) |
|
Volumes |
Unspecific |
Short andrecognizable names, i.e.APPS, HOME, DATA, DEV |
Please keep in mind that the above is an example. Although it can be implemented as-is, you should verify whether this naming scheme fits the organization. For instance, in large organizations it may be necessary to include the physical location of the object in the name (floor and/or room numbers). In smaller organizations, inclusion of the physical location would lead to unnecessarily long names and can be omitted.
Figure 6: Sample Print Queue Object definition screen.
Documentation Issues
It is probably best to provide two different sets of naming documentation: one for administrators of the tree as a common naming standards platform, and a second set for users of the tree. Whether the documentation is provided on paper or electronically depends on the frequency of structural changes planned. In general, a good naming standard shouldn't change much once it has gone through testing and implementation.
Readily available documentation also eases the start-up process for new employees and new administrators.
Browsing the Directory
Being able to browse the directory for information is a key feature of a directory device. In large trees, however, this can be a time consuming task. NDS offers client utilities such as NLIST for automation of this task. However, users need to know the syntactical rules used to name the object so that the same rules can be applied to search requests.
The user-visible representation of objects and attributes is different among the various NDS utilities at this time. As a convenience, a list is provided in Appendix B reflecting objects and attribute naming across X.500, NDS Schema, NetAdmin/NWAdmin, NLIST and Login Script usage. Appendix B also demonstrates that NDS is not only implemented using the X.500 Specifications, but is also extending the schema suggested by CCITT. Many objects which are found in NDS are not found in X.500. As we have seen above, this is no contradiction to the X.500 recommendations since the recommendations explicitly encourage schema extension.
Registering an Organization Name
Novell recently announced its strategy for the future including a global network maintained by NetWare Directory Services. Novell will cooperate with national telecom providers such as AT&T, Deutsche Telekom, Unisource of Netherlands, Telstra of Australia and NTT of Japan to provide global access. In order to provide uniqueness of organization names, it may be required to register the organization name with the specific telecom provider.
In the US, a forum called the North American Directory Forum (NADF) defined naming rules. For instance, any organization which has already acquired a registered name (through legal services or the American National Standards Institute) shall use this name. However, NADF is restricted to the US and Canada. Individual countries may have individual naming rules.
Linking an organization tree into a global tree can be done through service providers (AT&T, Deutsche TeleCom, and others) once the infrastructure is fully available. Joining the global tree requires the organization name to be registered so that naming collisions are avoided. The service provider handles the registration details.
This step may also require minor changes in tree design affecting the order of the objects in the tree. The change in order would be necessary if the service provider features a geographical tree design and requires the Organization object at the top of each subtree.
In this context, it is important to understand the differences between international organizations and multi-national organizations. International organizations are defined as supra-national, quasi-governmental organizations (for example, the United Nations), whereas multi-national organizations are mostly commercial organizations operating in various countries.
International organizations are allowed to be placed directly under [Root]. Multi-national organizations are not allowed to follow the same order, with the exception of commercial organizations which are indispensable for the networks infrastructure (for example, the Internet).
Summary
NDS takes the CCITT X.500 definition of a directory service towards a truly business-oriented implementation, allowing the use of a global tree in day-to-day business and world-wide use. New object and attributes have been added to NDS using the X.500 recommendations for schema extensions.
By investing in establishing a naming convention, tree administrators greatly enhance the usability of the Directory. Preferably, international and national defined conventions are used; in absence of these, logical rules are set in place. However, there is no right or wrong way of naming. If users and administrators are satisfied with the usability, the goal of naming is achieved. Finally, documenting the naming conventions and the standards used concludes the process and acts as a reference point for the users of the tree.
Glossary
Attribute. A value attached to an object that describes the object (also known as a property)
CCITT. International Telephone and Telegraph Consultative Committee
Directory. Collection of information structured logically (for instance, a phone directory)
Directory Tree. Entries of the Directory Services database represented in hierarchical format
NDS. NetWare Directory Services
Object. An entry in the Directory Services database
White Pages. Telephone directory containing participants in the phone system, sorted alphabetically by name. On the Internet, also known as browsable directory of users at a specific campus.
Yellow Pages. Telephone directory sorted by facilities in the phone system. Contains companies and service providers. Used as a synonym for Network Information Services (NIS) in the UNIX world.
Bibliography
RFCs
|
Number |
Author & Title |
|
1617 |
Barker, P.; Hardcastle-Kille, S.; Lenggenhager,T. Namingand Structuring Guidelines for X.500 Directory Pilots. 1994 May; 28p. |
|
1781 |
Kille, S. Using the OSI Directory to Achieve User FriendlyNaming.1995 March; 26p. |
|
1837 |
Kille, S. Representing Tables and Subtreesin the X.500Directory. 1995 August; |
|
1804 |
Mansfield, G.; Rajeev, P.; Raghavan, S.; Howes,T. SchemaPublishing in X.500 Directory. 1995 June; |
|
1803 |
Wright, R.; Getchell, A.; Howes, T.; Sataluri, S.; Yee, P.; Yeong, W. Recommendations for an X.500 Production Directory Service. 1995 June; |
|
1309 |
Weider, C.; Reynolds, J.; Heker, S. Technical Overviewof Directory Services Using the X.500 Protocol. 1992 March; 16 p. |
|
1308 |
Weider, C.; Reynolds, J. Executive Introduction to DirectoryServices Using the X.500 Protocol. 1992 March; 4p. |
|
1276 |
Hardcastle-Kille, S. Replication and Distributed Operationsextensions to provide an Internet Directory using X.500. 1991, November; 17 p. |
|
1275 |
Hardcastle-Kille, S. Replication Requirements to provide anInternet Directory using X.500. 1991 November; 3 p. |
|
1274 |
Barker, P.; Kille, S. The COSINE and Internet X.500 Schema.1991 November; 60 p. |
Retrieving RFCs
RFCs are stored on many servers in the world. The official "home" of the RFCs is on a Unix server named nic.ddn.mil. They are available via either ftp or E-mail. For ftp access, the ftp service will detail information on how to navigate with your ftp client. For Email access, send a message to:
service@nic.ddn.mil
with the word "help" in the subject field.
A number of World Wide Web servers offer access to the RFCs. To find a server holding the RFCs, set your browser to the URL http://www.yahoo.com/ and specify "RFC" in the search field.
OSI/ISO Documentation
[X521] X.521 - The Directory: Selected Object Classes (ISO/IEC 9594-7) (Open Systems Interconnection)
[ISO-3166] - ISO country codes
Novell Documentation
Novell Application Notes, April 1993, page 55: "Planning a NetWare 4.0 Directory Tree"
Novell Application Notes, February 1994, page 5: "Implementing Naming Standards for NetWare Directory Services"
Appendix A: ISO 3166 Country Codes
|
CountryName
|
Code
|
|
Afghanistan |
AF |
|
Albania |
AL |
|
Algeria |
DZ |
|
Andorra |
AD |
|
Angola |
AO |
|
Anguilla |
AI |
|
Antarctica |
AQ |
|
Antiguaand Barbuda |
AG |
|
Argentina |
AR |
|
Armenia |
AM |
|
Aruba |
AW |
|
Australia |
AU |
|
Austria |
AT |
|
Azerbaijan |
AZ |
|
Bahamas |
BS |
|
Bahrain |
BH |
|
Bangladesh |
BD |
|
Barbados |
BB |
|
Belarus |
BY |
|
Belgium |
BE |
|
Belize |
BZ |
|
Benin |
BJ |
|
Bermuda |
BM |
|
Bhutan |
BT |
|
Bolivia |
BO |
|
Botswana |
BW |
|
BouvetIsland |
BV |
|
Brazil |
BR |
|
BritishIndian Ocean Territory |
IO |
|
Brunei |
BN |
|
Bulgaria |
BG |
|
BurkinaFaso |
BF |
|
Burundi |
BI |
|
Cambodia(Kampuchea) |
KH |
|
Cameroon |
CM |
|
Canada |
CA |
|
Cape Verde |
CV |
|
CaymanIslands |
KY |
|
CentralAfrican Republic |
CF |
|
Chad |
TD |
|
Chile |
CL |
|
China |
CN |
|
ChristmasIsland |
CX |
|
Cocos (Keeling)Islands |
CC |
|
Colombia |
CO |
|
ComoroIslands |
KM |
|
Congo |
CG |
|
Cook Islands |
CK |
|
Costa Rica |
CR |
|
Croatia |
HR |
|
Cuba |
CU |
|
Cyprus |
CY |
|
Czech Republic |
CZ |
|
Denmark |
DK |
|
Djibouti |
DJ |
|
Dominica |
DM |
|
DominicanRepublic |
DO |
|
Ecuador |
EC |
|
Egypt |
EG |
|
El Salvador |
SV |
|
EquatorialGuinea |
GQ |
|
Estonia |
EE |
|
Ethiopia |
ET |
|
FalklandIslands (Malvinas) |
FK |
|
Faroe Islands |
FO |
|
Fiji |
FJ |
|
Finland |
FI |
|
France |
FR |
|
Gabon |
GA |
|
Gambia |
GM |
|
Georgia |
GE |
|
Germany |
DE |
|
Ghana |
GH |
|
Gibraltar |
GI |
|
Greece |
GR |
|
Greenland |
GL |
|
Grenada |
GD |
|
Guadeloupe |
GP |
|
Guam |
GU |
|
Guatemala |
GT |
|
Guiana(French) |
GF |
|
Guinea |
GN |
|
GuineaBissau |
GW |
|
Guyana |
GY |
|
Haiti |
HT |
|
Honduras |
HN |
|
Hong Kong |
HK |
|
Hungary |
HU |
|
Iceland |
IS |
|
India |
IN |
|
Indonesia |
ID |
|
Iran |
IR |
|
Iraq |
IQ |
|
Ireland |
IE |
|
Israel |
IL |
|
Italy |
IT |
|
Ivory Coast |
CI |
|
Jamaica |
JM |
|
Japan |
JP |
|
Johnston Island |
JT |
|
Jordan |
JO |
|
Kazakhstan |
KZ |
|
Kenya |
KE |
|
Kiribati |
KI |
|
Korea (North) |
KP |
|
Korea (South) |
KR |
|
Kuwait |
KW |
|
Kyrgyzstan |
KG |
|
Laos |
LA |
|
Latvia |
LV |
|
Lebanon |
LB |
|
Lesotho |
LS |
|
Liberia |
LR |
|
Libya |
LY |
|
Liechtenstein |
LI |
|
Lithuania |
LT |
|
Luxembourg |
LU |
|
Macau |
MO |
|
Madagascar |
MG |
|
Malawi |
MW |
|
Malaysia |
MY |
|
Maldives |
MV |
|
Mali |
ML |
|
Malta |
MT |
|
MarshallIslands |
MH |
|
Martinique |
MQ |
|
Mauritania |
MR |
|
Mauritius |
MU |
|
Mexico |
MX |
|
Micronesia |
FM |
|
Midway Islands |
MI |
|
Moldavia |
MD |
|
Monaco |
MC |
|
Mongolia |
MN |
|
Montserrat |
MS |
|
Morocco |
MA |
|
Mozambique |
MZ |
|
Myanmar |
MM |
|
Namibia |
NA |
|
Nauru |
NR |
|
Nepal |
NP |
|
Netherlands |
NL |
|
Netherlands Antilles |
AN |
|
New Caledonia |
NC |
|
New Zealand |
NZ |
|
Nicaragua |
NI |
|
Niger |
NE |
|
Nigeria |
NG |
|
Niue |
NU |
|
Norfolk Island |
NF |
|
Norway |
NO |
|
Oman |
OM |
|
Pacific Islands (US) |
PC |
|
Pakistan |
PK |
|
Panama |
PA |
|
Papua New Guinea |
PG |
|
Paraguay |
PY |
|
Peru |
PE |
|
Philippines |
PH |
|
Pitcairn Islands |
PN |
|
Poland |
PL |
|
Polynesia (French) |
PF |
|
Portugal |
PT |
|
Puerto Rico |
PR |
|
Qatar |
QA |
|
Reunion |
RE |
|
Romania |
RO |
|
Russia |
RU |
|
Rwanda |
RW |
|
Sahara (Western) |
EH |
|
Saint Helena |
SH |
|
Saint Kitts and Nevis |
KN |
|
Saint Lucia |
LC |
|
Saint Pierre and Miquelon |
PM |
|
Saint Vincent and Grenadines |
VC |
|
Samoa (American) |
AS |
|
Samoa (Western) |
WS |
|
San Marino |
SM |
|
Sao Tome and Principe |
ST |
|
Saudi Arabia |
SA |
|
Senegal |
SN |
|
Seychelles |
SC |
|
Sierra Leone |
SL |
|
Singapore |
SG |
|
Slovakia |
SK |
|
Slovenia |
SI |
|
Solomon Islands |
SB |
|
Somalia |
SO |
|
South Africa |
ZA |
|
Spain |
ES |
|
Sri Lanka |
LK |
|
Sudan |
SD |
|
Surinam |
SR |
|
Swaziland |
SZ |
|
Sweden |
SE |
|
Switzerland |
CH |
|
Syria |
SY |
|
Tadzhikistan |
TJ |
|
Taiwan |
TW |
|
Tanzania |
TZ |
|
Thailand |
TH |
|
Timor (East) |
TP |
|
Togo |
TG |
|
Tokelau |
TK |
|
Tonga |
TO |
|
Trinidad and Tobago |
TT |
|
Tunisia |
TN |
|
Turkey |
TR |
|
Turkmenistan |
TM |
|
Turks and Caicos Islands |
TC |
|
Tuvalu |
TV |
|
Uganda |
UG |
|
Ukraine |
UA |
|
United Arab Emirates |
AE |
|
United Kingdom |
GB |
|
United States of America |
US |
|
Uruguay |
UY |
|
Uzbekistan |
UZ |
|
Vanuatu |
VU |
|
Vatican |
VA |
|
Venezuela |
VE |
|
Vietnam |
VN |
|
Virgin Islands (British) |
VG |
|
Virgin Islands (US) |
VI |
|
Wake Island |
WK |
|
Wallis and Futuna Islands |
WF |
|
Yemen |
YE |
|
Yugoslavia |
YU |
|
Zaire |
ZR |
|
Zambia |
ZM |
|
Zimbabwe |
ZW |
Appendix BY: Selected Objects and Attributes
Table 1: Object Class Reference.
|
X.500 (X.521)
|
NDS
|
NetAdmin Nwadmin NLIST
|
UIMPORT
|
Login Script
|
|
Country |
Country |
Country |
||
|
Locality |
Locality |
Locality |
||
|
Organization |
Organization |
Organization |
||
|
Organizational Unit |
Organizational Unit |
Organizational Unit |
||
|
Person |
Person |
Person |
||
|
Organizational Person |
Organizational Person |
Organizational Person |
||
|
Organizational Role |
Organizational Role |
Organizational Role |
||
|
Group of Names |
Group |
Group |
||
|
Group Of Unique Names |
||||
|
Residential Person |
||||
|
Application Process |
||||
|
Application Entity |
||||
|
DSA |
||||
|
Device |
Device |
Device |
||
|
Strong Authentication User |
User |
User |
User |
|
|
Certification Authority |
||||
|
Alias |
Alias |
|||
|
Computer |
Computer |
|||
|
Printer |
Printer |
|||
|
Resource |
Resource |
|||
|
Queue |
Queue |
|||
|
Volume |
Volume |
Volume |
||
|
Directory Map |
Directory Map |
|||
|
Profile |
Profile |
|||
|
Server |
Server |
|||
|
NCP Server |
NCP Server |
|||
|
Print Server |
Print Server |
|||
|
CommExec |
CommExec |
|||
|
Bindery Object |
Bindery Object |
|||
|
AFP Server |
AFP Server |
|||
|
Messaging Server |
Messaging Server |
|||
|
Message Routing Group |
Message Routing Group |
|||
|
External Entity |
External Entity |
|||
|
List |
List |
Table 2: Attribute Reference.
|
X.500 (X.520)
|
NDS
|
NetAdminNWAdminNLIST
|
UIMPORT
|
Login Script
|
|
Object Class |
Object Class |
Object Class |
OBJECT_CLASS |
|
|
Aliased Object Name |
ALiased Object Name |
Aliased Object Name |
||
|
Knowledge Information |
||||
|
Common Name |
CN (Common Name) |
Name /Other Names |
NameOther names |
CN / LOGIN_NAME |
|
Surname |
Surname |
Last Name |
Last Name |
LAST_NAME/SURNAME |
|
Serial Number |
||||
|
Country Name |
C (Country Name) |
Country Name |
||
|
Locality Name |
L (Locality Name) |
Locality |
L |
|
|
State or Province Name |
S (State or Province Name) |
State or Province /Mailing Label Information |
State orProvince / Mailing Label Information |
S |
|
Street Address |
SA (Street Address) |
Street Address / Mailing Label Information |
Street Address / Mailing Label Information |
SA |
|
Organization Name |
O (Organization Name) |
Organization Name |
||
|
Organizational Unit Name |
OU (Organizational Unit Name) |
Department |
Department |
OU |
|
Title |
Title |
Title |
Title |
TITLE |
|
Description |
Description |
Description |
Description |
DESCRIPTION |
|
Search Guide |
||||
|
Business Category |
||||
|
Postal Address |
Postal Address |
Postal Address /Mailing Label Information |
City /Mailing Label Information |
POSTAL_ADDRESS |
|
Postal Code |
Postal Code |
Post Code/Mailing Label Information |
Postal (zip) code / Mailing Label Information |
POSTAL_CODE |
|
Post Office Box |
Postal Office Box |
Post Office Box /Mailing Label Information |
Post Office Box / Mailing Label Information |
POSTAL_OFFICE_BOX |
|
Physical Delivery Office Name |
Physical Delivery Office Name |
Physical Delivery Office Name |
PHYSICAL_DELIVERY_OFFICE_NAME |
|
|
Telephone Number |
Telephone Number |
Telephone Number |
Telephone |
TELEPHONE_NUMBER |
|
Telex Number |
||||
|
Teletex Terminal Indentifier |
||||
|
Facsimilie Telephone Number |
Facsimile Telephone Number |
Facsimile Telephone Number |
FACSIMILE_TELEPHONE_NUMBER |
|
|
X.121 Address |
||||
|
International ISDN Number |
||||
|
Registered Address |
||||
|
Destination Indicator |
||||
|
Preferred Delivery Method |
||||
|
Presentation Address |
||||
|
Supported Application Context |
||||
|
Member |
Member |
Member |
||
|
Owner |
||||
|
Role Occupant |
Role Occupant |
Role Occupant |
||
|
See Also |
See Also |
See Also |
SEE_ALSO |
|
|
User Password |
||||
|
CA Certificate |
CA Public Key |
CA Public Key |
||
|
Authority Revocation List |
Authority Revocation |
Authority Revocation |
||
|
Certificate Revocation List |
Certificate Revocation |
Certificate Revocation |
||
|
Cross Certificate Pair |
Cross Certificate Pair |
Cross Certificate Pair |
||
|
CA Private Key |
||||
|
ACL |
Object Trusstees |
|||
|
Back Link |
||||
|
Bindery Property |
||||
|
Bindery Object Restriction |
||||
|
Bindery Type |
||||
|
Cartridge |
Cartridge |
|||
|
Printer Configuration |
Printer Configuration |
|||
|
Convergence Attribute |
Convergence |
|||
|
Default Queue |
Default Queue |
|||
|
Partition Creation Time |
||||
|
High Convergence Sync Interval |
||||
|
Group Membership |
Group Membership |
Group membership |
GROUP_MEMBERSHIP |
|
|
Home Directory |
Home Directory |
HOME_DIRECTORY |
||
|
Host Device |
Host Device |
|||
|
Host Resource |
Host Resource Name |
|||
|
Host Server |
Host Server |
|||
|
Inherited ACL |
Inherited ACL |
|||
|
Login Allowed Time Map |
Login Allowed Time Map |
|||
|
Login Disabled |
Login Disabled |
Account disabled |
LOGIN_DISABLED |
|
|
Login Expiration Time |
Login Expiration Time |
Account Has Expiration Date |
||
|
Login Grace Limit |
Login Grace Limit |
Limit Grace Logins |
LOGIN_GRACE_LIMIT |
|
|
Login Grace Remaining |
Login Grace Remaining |
Remaining Grace Logins |
LOGIN_GRACE_REMAINING |
|
|
Login Intruder Address |
Login Intruder Address |
|||
|
Login Intruder Attempts |
Login Intruder Attempts |
|||
|
Login Intruder Limit |
Login Intruder Limit |
|||
|
Intruder Attempt Reset Interval |
Intruder Attempt Reset Interval |
|||
|
Login Intruder Reset Time |
Login Intruder Reset Time |
|||
|
Login Maximum Simultaneous |
Login Maximum Simultaneous |
Maximum Connections |
LOGIN_MAXIMUM_SIMULTANEOUS |
|
|
Login Script |
Login Script |
Login Script |
||
|
Login Time |
Login Time |
|||
|
Memory |
Memory |
|||
|
Email Address |
Email Address |
EMAIL_ADDRESS |
||
|
Network Address |
Network Address |
NETWORK |
||
|
Network Address Restriction |
Network Address Restriction |
|||
|
Notify |
Notify |
|||
|
Operator |
Operator |
|||
|
Operator |
Operator |
|||
|
Owner |
Owner |
|||
|
Obituary |
||||
|
Page Description Language |
Page Description Language |
|||
|
Passwords Used |
Passwords Used |
PASSWORDS_USED |
||
|
Password Allow Change |
Password Allow Change |
Allow user to change password |
PASSWORD_ALLOW_CHANGE |
|
|
Password Expiration Interval |
Password Expiration Interval |
Days between forced changes |
||
|
Password Expiration Time |
Password Expiration Time |
Date password expires |
PASSWORD_EXPIRATION_TIME |
|
|
Password Minimum Length |
Password Minimum Length |
Minimum password length |
PASSWORD_MINIMUM_LENGTH |
|
|
Password Required |
Password Required |
Require a password |
PASSWORD_REQUIRED |
|
|
Password Unique Required |
Password Unique Required |
Require unique passwords |
PASSWORD_UNIQUE_REQUIRED |
|
|
Path |
Path |
|||
|
Print Job Configuration |
Print Job Configuration |
|||
|
Printer Control |
Printer Control |
|||
|
Private Key |
||||
|
Profile |
Profile |
Profile |
PROFILE |
|
|
Public Key |
||||
|
Queue |
||||
|
Queue Directory |
Queue Directory |
|||
|
Reference |
||||
|
Replica |
Replica |
|||
|
Resource |
Resource |
|||
|
Higher Privileges |
Higher Privileges |
HIGHER_PRIVILEGES |
||
|
Security Equals |
Security Equals |
SECURITY_EQUAL |
||
|
Serial Number |
Serial Number |
|||
|
Server |
Server |
|||
|
Status |
Status |
|||
|
Supported Typefaces |
Supported Typefaces |
|||
|
Supported Services |
Supported Services |
|||
|
Unknown |
Unknown |
|||
|
User |
||||
|
Version |
Version |
|||
|
Account Balance |
Account Balance |
Account Balance |
ACCOUNT_BALANCE |
|
|
Allow Unlimited Credit |
Allow Unlimited Credit |
Allow Unlimited Credit |
ALLOW_UNLIMITED_CREDIT |
|
|
Low Convergency Reset Time |
||||
|
Minimum Account Balance |
Minimum Account Balance |
Low Balance Limut |
MINIMUM_ACCOUNT_BALANCE |
|
|
Low Convergency Sync Interval |
||||
|
Device |
Device |
|||
|
Message Server |
MESSAGE_SERVER |
|||
|
Language |
Language |
Language |
LANGUAGE |
|
|
Supported Connections |
Supported Connections |
|||
|
Type Creator Map |
Type Creator Map |
|||
|
Locked By Intruder |
Locked By Intruder |
LOCKED_BY_INTRUDER |
||
|
UID |
UID |
|||
|
GID |
GID |
|||
|
Unknown Base Class |
Unknown Base Class |
|||
|
Received Up To |
||||
|
Synchronized Up To |
||||
|
Locked By Intruder |
||||
|
Printer |
Printer |
|||
|
Detect Intruder |
Detect Intruder |
|||
|
Lockout After Detection |
Lockout After Detection |
|||
|
Intruder Lockout Reset Interval |
Intruder Lockout Reset Interval |
|||
|
Server Holds |
Server Holds |
SERVER_HOLDS |
||
|
SAP Name |
SAP Name |
|||
|
Volume |
Volume |
|||
|
Last Login Time |
Last Login Time |
|||
|
Print Server |
Print Server |
|||
|
NNS Domain |
NNS Domain |
|||
|
Full Name |
Full Name |
Full Name |
FULL_NAME |
|
|
Partition Control |
Partition Control |
|||
|
Revision |
Revision |
|||
|
Certificate Validity Interval |
Certificate Validity Interval |
CERTIFICATE_VALIDITY_INTERVAL |
||
|
External Synchronizer |
External Synchronizer |
|||
|
Messaging Database Location |
Messaging Database Location |
|||
|
Message Routing Group |
Message Routing Group |
|||
|
Postmaster |
Postmaster |
|||
|
Mailbox Location |
Mailbox Location |
MAILBOX_LOCATION |
||
|
Mailbox ID |
Mailbox ID |
MAILBOX_ID |
||
|
External Name |
External Name |
|||
|
Security Flags |
Security Flags |
SECURITY_FLAGS |
||
|
Messaging Server Type |
Messaging Server Type |
|||
|
Given Name |
Given Name |
Given Name |
GIVEN_NAME |
|
|
Initials |
Initials |
Initials |
INITIALS |
|
|
Generational Qualifier |
Generational Qualifier |
GENERATIONAL_QUALIFIER |
||
|
Profile Membership |
Profile Membership |
|||
|
DS Revision Attribute |
||||
|
Supported Gateway |
Supported Gateway |
|||
|
Equivalent To Me |
Equivalent To Me |
EQUIVALENT_TO_ME |
||
|
Replica Up To |
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.