Network Working Group J. Kempf Request for Comments: 2926 Sun Microsystems, Inc. Category: Informational R. Moats Coreon, Inc. P. St. Pierre Sun Microsystems, Inc. September 2000
Network Working Group J. Kempf Request for Comments: 2926 Sun Microsystems, Inc. Category: Informational R. Moats Coreon, Inc. P. St. Pierre Sun Microsystems, Inc. September 2000
Conversion of LDAP Schemas to and from SLP Templates
LDAP模式与SLP模板之间的转换
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
Abstract
摘要
This document describes a procedure for mapping between Service Location Protocol (SLP) service advertisements and lightweight directory access protocol (LDAP) descriptions of services. The document covers two aspects of the mapping. One aspect is mapping between SLP service type templates and LDAP directory schema. Because the SLP service type template grammar is relatively simple, mapping from service type templates to LDAP types is straightforward. Mapping in the other direction is straightforward if the attributes are restricted to use just a few of the syntaxes defined in RFC 2252. If arbitrary ASN.1 types occur in the schema, then the mapping is more complex and may even be impossible. The second aspect is representation of service information in an LDAP directory. The recommended representation simplifies interoperability with SLP by allowing SLP directory agents to backend into LDAP directory servers. The resulting system allows service advertisements to propagate easily between SLP and LDAP.
本文档描述了服务位置协议(SLP)服务公告和服务的轻量级目录访问协议(LDAP)描述之间的映射过程。本文件涵盖了映射的两个方面。一个方面是SLP服务类型模板和LDAP目录模式之间的映射。因为SLP服务类型模板语法相对简单,所以从服务类型模板到LDAP类型的映射非常简单。如果属性仅限于使用RFC2252中定义的几个语法,则在另一个方向上的映射是简单的。如果模式中出现任意ASN.1类型,那么映射会更复杂,甚至可能不可能。第二个方面是LDAP目录中服务信息的表示。推荐的表示方式通过允许SLP目录代理后端到LDAP目录服务器,简化了与SLP的互操作性。由此产生的系统允许服务广告在SLP和LDAP之间轻松传播。
Table of Contents
目录
1.0 Introduction ................................................ 2 2.0 Mapping SLP Templates to LDAP Schema ........................ 3 2.1 Mapping from SLP Attribute Types to LDAP Attribute Types .. 8 2.1.1 Integer ............................................... 8 2.1.2 String ................................................ 8 2.1.3 Boolean ............................................... 9 2.1.4 Opaque ................................................ 9 2.2 Keyword Attributes ........................................ 9 2.3 Template Flags ............................................ 9 2.3.1 Multi-valued .......................................... 9 2.3.2 Optional .............................................. 10 2.3.3 Literal ............................................... 10 2.3.4 Explicit Matching ..................................... 10 2.4 Default and Allowed Value Lists ........................... 10 2.5 Descriptive Text .......................................... 11 2.6 Generating LDAP Attribute OIDs ............................ 11 2.7 Example ................................................... 11 3.0 Attribute Name Conflicts .................................... 15 4.0 Mapping from Schema to Templates ............................ 15 4.1 Mapping LDAP Attribute Types to SLP Attribute Types ....... 16 4.2 Mapping ASN.1 Types to SLP Types .......................... 17 4.2.1 Integer ............................................... 18 4.2.2 Boolean ............................................... 18 4.2.3 Enumerated ............................................ 18 4.2.4 Object Identifier ..................................... 19 4.2.5 Octet String .......................................... 19 4.2.6 Real .................................................. 19 4.3 Example ASN.1 Schema ...................................... 19 5.0 Representing SLP Service Advertisements in an LDAP DIT ...... 22 6.0 Internationalization Considerations ......................... 24 7.0 Security Considerations ..................................... 24 8.0 References .................................................. 25 9.0 Authors' Addresses .......................................... 26 10.0 Full Copyright Statement ................................... 27
1.0 Introduction ................................................ 2 2.0 Mapping SLP Templates to LDAP Schema ........................ 3 2.1 Mapping from SLP Attribute Types to LDAP Attribute Types .. 8 2.1.1 Integer ............................................... 8 2.1.2 String ................................................ 8 2.1.3 Boolean ............................................... 9 2.1.4 Opaque ................................................ 9 2.2 Keyword Attributes ........................................ 9 2.3 Template Flags ............................................ 9 2.3.1 Multi-valued .......................................... 9 2.3.2 Optional .............................................. 10 2.3.3 Literal ............................................... 10 2.3.4 Explicit Matching ..................................... 10 2.4 Default and Allowed Value Lists ........................... 10 2.5 Descriptive Text .......................................... 11 2.6 Generating LDAP Attribute OIDs ............................ 11 2.7 Example ................................................... 11 3.0 Attribute Name Conflicts .................................... 15 4.0 Mapping from Schema to Templates ............................ 15 4.1 Mapping LDAP Attribute Types to SLP Attribute Types ....... 16 4.2 Mapping ASN.1 Types to SLP Types .......................... 17 4.2.1 Integer ............................................... 18 4.2.2 Boolean ............................................... 18 4.2.3 Enumerated ............................................ 18 4.2.4 Object Identifier ..................................... 19 4.2.5 Octet String .......................................... 19 4.2.6 Real .................................................. 19 4.3 Example ASN.1 Schema ...................................... 19 5.0 Representing SLP Service Advertisements in an LDAP DIT ...... 22 6.0 Internationalization Considerations ......................... 24 7.0 Security Considerations ..................................... 24 8.0 References .................................................. 25 9.0 Authors' Addresses .......................................... 26 10.0 Full Copyright Statement ................................... 27
SLP templates [1] are intended to create a simple encoding of the syntactic and semantic conventions for individual service types, their attributes, and conventions. They can easily be generated, transmitted, read by humans and parsed by programs, as it is a string based syntax with required comments. Directory schemas serve to formalize directory entry structures for use with LDAP [2] These directories serve to store information about many types of entities. Network services are an example of one such entity.
SLP模板[1]旨在为单个服务类型及其属性和约定创建语法和语义约定的简单编码。它们可以很容易地被生成、传输、人工读取和程序解析,因为它是一种基于字符串的语法,带有必需的注释。目录模式用于形式化目录条目结构,以便与LDAP一起使用[2]。这些目录用于存储有关许多类型实体的信息。网络服务就是这样一个实体的例子。
Interoperability between SLP and LDAP is important so clients using one protocol derive benefit from services registered through the other. In addition, LDAP directory servers can serve as the backend for SLP directory agents (DAs) if interoperability is possible In order to facilitate interoperability, this document creates mappings between the SLP template grammar and LDAP directory schema, and establishes some conventions for representing service advertisements in LDAP directories. The goal of the translation is to allow SLPv2 queries (which are syntactically and semantically equivalent to LDAPv3 string queries [7]) to be submitted to an LDAP directory server by an SLP DA backended into LDAP without extensive processing by the DA.
SLP和LDAP之间的互操作性非常重要,因此使用一种协议的客户端可以从通过另一种协议注册的服务中获益。此外,LDAP目录服务器可以作为SLP目录代理(DAs)的后端。如果可以实现互操作性,为了促进互操作性,本文档将在SLP模板语法和LDAP目录架构之间创建映射,并建立了一些在LDAP目录中表示服务广告的约定。翻译的目标是允许SLP DA将SLPv2查询(在语法和语义上等同于LDAPv3字符串查询[7])提交到LDAP目录服务器,而无需DA进行大量处理。
The simple notation and syntactic/semantic attribute capabilities of SLP templates map easily into directory schemas, and are easily converted into directory schemas, even by automated means. The reverse may not be true. If the LDAP schema contains attributes with unrecognized or complex syntaxes, the translation may be difficult or impossible. If, however, the LDAP schema only uses a few of the common syntaxes defined in RFC 2252 [8], then the translation is more straightforward. In addition, to foster complete bidirectionality, the mapping must follow a very specific representation in its DESC attributes.
SLP模板的简单表示法和语法/语义属性功能很容易映射到目录模式,并且很容易转换为目录模式,即使是通过自动化的方式。相反的情况可能并非如此。如果LDAP模式包含语法无法识别或复杂的属性,则转换可能会很困难或不可能。但是,如果LDAP模式只使用RFC2252[8]中定义的一些公共语法,那么转换就更简单了。此外,为了培养完全的双向性,映射必须在其DESC属性中遵循非常具体的表示。
This document outlines the correct mappings for SLP templates into the syntactic representation specified for LDAP directory schema by RFC 2252 [8]. This syntax is a subset of the ASN.1/BER described in the X.209 specification [9], and is used by the LDAPv3 [2] directory schema. Likewise, rules and guidelines are proposed to facilitate consistent mapping of ASN.1 based schemas to be translated in the SLP template grammar. Finally, a proposal for a representation of service advertisements in LDAP directory services is made that facilitates SLP interoperability.
本文档概述了SLP模板到RFC 2252[8]为LDAP目录模式指定的语法表示的正确映射。此语法是X.209规范[9]中描述的ASN.1/BER的子集,由LDAPv3[2]目录模式使用。同样,还提出了一些规则和指导原则,以便于在SLP模板语法中翻译基于ASN.1的模式的一致映射。最后,提出了在LDAP目录服务中表示服务广告的建议,以促进SLP互操作性。
Except when used as elements in the definition of LDAP schemas, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [16].
除非用作LDAP模式定义中的元素,否则本文件中的关键词“必须”、“不得”、“必需”、“应”、“不得”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[16]中的描述进行解释。
We define the following abstract object class as the parent class for all services. Any specific service type is a subclass of this, with its own attributes:
我们将以下抽象对象类定义为所有服务的父类。任何特定的服务类型都是其子类,具有自己的属性:
( 1.3.6.1.4.1.6252.2.27.6.2.1 NAME 'slpService' DESC 'parent superclass for SLP services' ABSTRACT SUP top MUST ( template-major-version-number $ template-minor-version-number $ description $ template-url-syntax $ service-advert-service-type $ service-advert-scopes ) MAY ( service-advert-url-authenticator $ service-advert-attribute-authenticator ) )
(1.3.6.1.4.1.6252.2.27.6.2.1名称“SLP服务”描述“SLP服务的父超类”摘要支持必须(模板主要版本号$模板次要版本号$说明$模板url语法$服务广告服务类型$服务广告范围)可以(服务广告url验证器$服务广告属性验证器) )
The attributes correspond to various parts of the SLP service template and SLP service advertisement.
这些属性对应于SLP服务模板和SLP服务广告的各个部分。
SLP service type templates begin with four definitions that set the context of the template:
SLP服务类型模板以设置模板上下文的四个定义开始:
template-type - This defines the service type of the template. The service type can be a simple service type, like "service:ftp", an abstract service type, like "service:printer" or a concrete service type, like "service:printer:lpr". The type name can additionally include a naming authority, for example "service:printer.sun:local". The name that appears in this field omits the "service:" prefix.
模板类型-定义模板的服务类型。服务类型可以是简单的服务类型,如“service:ftp”;抽象的服务类型,如“service:printer”;或具体的服务类型,如“service:printer:lpr”。类型名称还可以包括命名机构,例如“service:printer.sun:local”。此字段中出现的名称省略了“服务:”前缀。
template-version - A string containing a major and minor version number, separated by a period.
模板版本-包含主版本号和次版本号的字符串,用句点分隔。
template-description - A block of human readable text describing what the service type does.
模板描述-描述服务类型的一块可读文本。
template-url-syntax - An ABNF [6] grammar describing the service type specific part of the service URL.
模板url语法-描述服务url中服务类型特定部分的ABNF[6]语法。
The SLP template-type definition is used as the name of the LDAP object class for the template, a subclass of the "slpService" class, together with the "service" prefix to indicate that the name is for a service. In the translating service type name, colons and the period separating the naming authority are converted into hyphens. If the template defines an SLP concrete type, the concrete type name is used; the abstract type name is never used. For example, the template for "service:printer:lpr" is translated into an LDAP object class called "service-printer-lpr". Furthermore, if the type name contains a naming authority, the naming authority name must be
SLP模板类型定义用作模板的LDAP对象类的名称,“SLP服务”类的子类,以及“服务”前缀,以指示该名称用于服务。在转换服务类型名称中,冒号和分隔命名机构的句点转换为连字符。如果模板定义了SLP混凝土类型,则使用混凝土类型名称;从不使用抽象类型名称。例如,“service:printer:lpr”的模板被转换为一个名为“service-printer-lpr”的LDAP对象类。此外,如果类型名称包含命名机构,则命名机构名称必须为
included. For example, the service type name "service:printer.sun:local" becomes "service-printer-sun-local". The LDAP object class is always "STRUCTURAL".
包括。例如,服务类型名称“service:printer.sun:local”变为“service printer sun local”。LDAP对象类始终是“结构化的”。
The template-version definition is partitioned into two attributes, template-major-version-number and template-minor-version-number. The LDAP definition for these attributes is:
模板版本定义分为两个属性:模板主版本号和模板次版本号。这些属性的LDAP定义为:
( 1.3.6.1.4.1.6252.2.27.6.1.1 NAME 'template-major-version-number' DESC 'The major version number of the service type template' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
(1.3.6.1.4.1.6252.2.27.6.1.1 NAME“模板主要版本号”DESC“服务类型模板的主要版本号”EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27单值)
( 1.3.6.1.4.1.6252.2.27.6.1.2 NAME 'template-minor-version-number' DESC 'The minor version number of the service type template' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
(1.3.6.1.4.1.6252.2.27.6.1.2 NAME“模板次要版本号”DESC“服务类型模板的次要版本号”EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27单值)
The template-url-syntax definition in the SLP template is described by the following attribute:
SLP模板中的模板url语法定义由以下属性描述:
( 1.3.6.1.4.1.6252.2.27.6.1.3 NAME 'template-url-syntax' DESC 'An ABNF grammar describing the service type specific part of the service URL' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
(1.3.6.1.4.1.6252.2.27.6.1.3 NAME“模板url语法”DESC“描述服务url中服务类型特定部分的ABNF语法”EQUALITY caseExactIA5Match语法1.3.6.1.4.1.1466.115.121.1.26单值)
The template-description attribute is translated into the X.520 standard attribute "description" [3].
模板描述属性转换为X.520标准属性“描述”[3]。
We further establish the convention that SLP template characteristics that can't be translated into LDAP are inserted into the DESC field of the object class definition. The items are separated by empty lines (consisting of two "LINE FEED" characters), are preceded by a LINE FEED character, and are tagged at the beginning of the line to indicate what they represent. This allows the template to be reconstructed from the schema by properly parsing the comments.
我们进一步建立了这样的约定,即无法转换为LDAP的SLP模板特征被插入到对象类定义的DESC字段中。项目由空行(由两个“换行”字符组成)分隔,前面有换行字符,并在行首标记以指示它们代表的内容。这允许通过正确解析注释从模式重构模板。
The bulk of an SLP template consists of attribute definitions. There are four items in an SLP template attribute definition that need to be mapped into LDAP:
SLP模板的大部分由属性定义组成。SLP模板属性定义中有四项需要映射到LDAP:
Attribute Name - Since SLPv2 attribute names are defined to be compatible with LDAPv3, SLP attributes map directly into LDAP attributes with no change. Similarly, LDAP attributes map directly to SLP attributes.
属性名称-由于SLPv2属性名称被定义为与LDAPv3兼容,因此SLP属性直接映射到LDAP属性,而不做任何更改。类似地,LDAP属性直接映射到SLP属性。
Attribute Type - The SLP attribute type is mapped into the LDAP attribute type.
属性类型-SLP属性类型映射到LDAP属性类型。
Attribute Flags - The SLP attribute flags are mapped into characteristics of the LDAP attribute definition, or into the DESC field if no equivalent LDAP attribute definition characteristic occurs.
属性标志-SLP属性标志映射到LDAP属性定义的特征中,如果没有出现等效的LDAP属性定义特征,则映射到DESC字段中。
Default and Allowed Values - These must be handled by the client or a DA enabled to handle templates, as in SLP. For reference, however, they should be included in the DESC field of the LDAP attribute definition.
默认值和允许值-这些值必须由客户端或启用DA来处理模板,如在SLP中。但是,作为参考,它们应该包含在LDAP属性定义的DESC字段中。
Descriptive Text - The SLP template descriptive text should be mapped into the DESC field.
描述性文本-SLP模板描述性文本应映射到描述字段。
We discuss mapping of types, flags, default and allowed values, and descriptive text in the subsections below.
我们将在下面的小节中讨论类型、标志、默认值和允许值以及描述性文本的映射。
OIDs for SLP template conversion schema elements are standardized under the enterprise number of SrvLoc.Org (6252) [18].
SLP模板转换模式元素的OID在企业编号SrvLoc.Org(6252)[18]下标准化。
For purposes of representing an SLP entry, we also define two standardized LDAP syntaxes and attributes with standardized OIDs.
为了表示SLP条目,我们还使用标准化的OID定义了两个标准化的LDAP语法和属性。
( 1.3.6.1.4.1.6252.2.27.6.2.2 DESC 'SLP Service Type' )
(1.3.6.1.4.1.6252.2.27.6.2.2描述“SLP服务类型”)
Defines the syntax for the service type name. The syntax is defined in the BNF for the service URL in RFC 2609 Section 2.1 [1].
定义服务类型名称的语法。RFC 2609第2.1节[1]中服务URL的BNF中定义了语法。
( 1.3.6.1.4.1.6252.2.27.6.2.3 DESC 'SLP Scope' )
(1.3.6.1.4.1.6252.2.27.6.2.3说明“SLP范围”)
Defines the syntax for the scope name. The syntax is defined in the BNF for scope names in RFC 2608 Section 6.4.1 [5].
定义作用域名称的语法。RFC 2608第6.4.1节[5]中范围名称的BNF中定义了语法。
( 1.3.6.1.4.1.6252.2.27.6.1.4 NAME 'service-advert-service-type' DESC 'The service type of the service advertisement, including the "service:" prefix.' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.6252.2.27.6.2.2 SINGLE-VALUE )
(1.3.6.1.4.1.6252.2.27.6.1.4名称“服务广告服务类型”“描述”服务广告的服务类型,包括“服务:”前缀。等式caseExactIA5Match语法1.3.6.1.4.1.6252.2.27.6.2.2单值)
Defines an attribute for the service type name.
定义服务类型名称的属性。
( 1.3.6.1.4.1.6252.2.27.6.1.5 NAME 'service-advert-scopes' DESC 'A list of scopes for a service advertisement.' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.6252.2.27.6.2.3 )
(1.3.6.1.4.1.6252.2.27.6.1.5名称“服务广告范围”描述“服务广告范围列表”。“相等情况精确匹配语法1.3.6.1.4.1.6252.2.27.6.2.3”)
Defines a multivalued attribute for the scopes.
为作用域定义多值属性。
Searches for abstract types can be made with an LDAP query that wildcards the concrete type. For example, a search for all service advertisements of the printer abstract type can be made with the following query:
可以使用对具体类型进行通配符的LDAP查询来搜索抽象类型。例如,可以通过以下查询搜索打印机摘要类型的所有服务广告:
(service-advert-service-type=service:printer:*)
(service-advert-service-type=service:printer:*)
SLP specifies that service URLs and attribute lists can be accompanied by a structured authenticator consisting of a digital signature and information necessary to verify the signature. A syntax and two standardized SLP attributes are defined for this purpose:
SLP指定服务URL和属性列表可以附带一个结构化的验证器,该验证器由数字签名和验证签名所需的信息组成。为此,定义了一个语法和两个标准化的SLP属性:
( 1.3.6.1.4.1.6252.2.27.6.2.3 DESC 'SLP Authenticator')
(1.3.6.1.4.1.6252.2.27.6.2.3描述“SLP验证器”)
The syntax of an SLP authenticator is the bytes of the authenticator in network byte order, see RFC 2608, Section 9.2 [5].
SLP验证器的语法是按网络字节顺序排列的验证器字节,请参见RFC 2608,第9.2节[5]。
( 1.3.6.1.4.1.6252.2.27.6.1.6 NAME 'service-advert-url-authenticator' DESC 'The authenticator for the URL, null if none.' SYNTAX 1.3.6.1.4.1.6252.2.27.6.2.3 SINGLE-VALUE )
(1.3.6.1.4.1.6252.2.27.6.1.6名称“服务广告url验证器”“描述”url的验证器,如果没有,则为null。语法1.3.6.1.4.1.6252.2.27.6.2.3单值)
This attribute contains the SLP URL authenticator, as defined in RFC 2608, Section 9.2 [5].
此属性包含RFC 2608第9.2节[5]中定义的SLP URL验证器。
( 1.3.6.1.4.1.6252.2.27.6.1.7 NAME 'service-advert-attribute-authenticator' DESC 'The authenticator for the attribute list, null if none.' SYNTAX 1.3.6.1.4.1.6252.2.27.6.2.3 SINGLE_VALUE )
(1.3.6.1.4.1.6252.2.27.6.1.7名称“服务广告属性验证器”“描述”属性列表的验证器,如果没有,则为空。语法1.3.6.1.4.1.6252.2.27.6.2.3单_值)
This attribute contains the SLP attribute authenticator, as defined in RFC 2608, Section 9.2 [5].
该属性包含RFC 2608第9.2节[5]中定义的SLP属性验证器。
We define the mapping from SLP attribute types to LDAP as follows:
我们定义了从SLP属性类型到LDAP的映射,如下所示:
SLP Type ASN.1 Type LDAP Type --------------------------------------------------- Integer INTEGER INTEGER String DirectoryString Directory String Boolean BOOLEAN Boolean Opaque OCTET STRING Octet String Keyword (N/A) IA5 String
SLP Type ASN.1 Type LDAP Type --------------------------------------------------- Integer INTEGER INTEGER String DirectoryString Directory String Boolean BOOLEAN Boolean Opaque OCTET STRING Octet String Keyword (N/A) IA5 String
The following subsections discuss further details of the mapping.
以下小节将讨论映射的进一步细节。
SLP integers compare as integers when performing a query. LDAP integers behave similarly. Consequently, the mapping from the SLP integer type to LDAP is INTEGER, with the integerMatch matching rule.
SLP整数在执行查询时比较为整数。LDAP整数的行为类似。因此,使用integerMatch匹配规则,从SLP integer类型到LDAP的映射是integer。
SLP strings are encoded as described in the SLP protocol specification [5]. All value strings are considered case insensitive for matching operations. SLP strings are not null terminated and are encoded in UTF-8.
SLP字符串按照SLP协议规范[5]中的描述进行编码。对于匹配操作,所有值字符串都不区分大小写。SLP字符串不以null结尾,并以UTF-8编码。
SLP strings are mapped to the LDAP Directory String type. The Directory String type exactly matches the SLP string type, i.e. it is a non-null terminated UTF-8 string. The caseIgnoreMatch equality rule, caseIgnoreOrderingMatch ordering rule, and caseIgnoreSubstringsMatch substring rule are used for comparing string attribute values.
SLP字符串映射到LDAP目录字符串类型。目录字符串类型与SLP字符串类型完全匹配,即它是一个以非空结尾的UTF-8字符串。caseIgnoreMatch相等规则、caseIgnoreOrderingMatch排序规则和caseIgnoreSubstringsMatch子字符串规则用于比较字符串属性值。
Boolean attributes may have one of two possible values. In SLP, these values are represented as strings, TRUE and FALSE. In SLP's string encoding of a boolean value, case does not matter.
布尔属性可以有两个可能的值之一。在SLP中,这些值表示为字符串,TRUE和FALSE。在SLP的布尔值字符串编码中,大小写并不重要。
The SLP Boolean type maps directly into an LDAP BOOLEAN. The caseIgnoreMatch rule is used for equality matching.
SLP布尔类型直接映射到LDAP布尔类型。caseIgnoreMatch规则用于相等匹配。
SLP attribute values of type Opaque are represented as OCTET STRING in LDAP, and the octetStringMatch matching rule is used to compare them.
在LDAP中,不透明类型的SLP属性值表示为八位字符串,并使用octetStringMatch匹配规则对它们进行比较。
SLP service type templates allow the definition of keyword attributes. Keyword attributes are attributes whose only characteristic is their presence. Keyword attributes have no flag information, nor any default or allowed values (since, by definition, they have no values).
SLP服务类型模板允许定义关键字属性。关键字属性是其唯一特征是其存在性的属性。关键字属性没有标志信息,也没有任何默认值或允许值(因为根据定义,它们没有值)。
ASN.1 has no concept of keyword attributes. Keyword attributes are translated into a "May" clause in the ASN.1 class definition for the service type. If the keyword attribute is present, then its value is of no consequence, but for consistency we make it simply the NUL character, "\00".
ASN.1没有关键字属性的概念。关键字属性在ASN.1类定义中转换为服务类型的“May”子句。如果关键字属性存在,则其值无关紧要,但为了一致性,我们仅将其设置为NUL字符“\00”。
SLP template flags can be handled as described in the following subsections.
SLP模板标志可以按照以下小节中所述进行处理。
Multi-valued attributes are defined in an SLP template using the one value. All values for a given attribute must be of the same type.
在SLP模板中使用一个值定义多值属性。给定属性的所有值必须是同一类型。
LDAP attribute definitions require that a single valued attribute include the SINGLE-VALUE tag if the attribute is single valued. Otherwise, the attribute is assumed to be multivalued by default.
LDAP属性定义要求单值属性包含单值标记(如果该属性是单值的)。否则,默认情况下假定该属性是多值的。
SLP uses the 'O' flag to indicate an attribute may or may not be present. These optional attributes are defined using the "May" clause in the ASN.1 definition class definition for the service type. All other attributes must be defined as a "Must".
SLP使用“O”标志指示属性可能存在或不存在。这些可选属性是使用服务类型的ASN.1定义类定义中的“May”子句定义的。所有其他属性必须定义为“必须”。
ASN.1 does not have a mechanism to indicate that the values of an attribute may not be translated from one language to another, since ASN.1 schema are not typically translated. This flag is dropped when translating a template, but presence of the flag should be noted in the DESC field. It should be placed on a separate line and tagged with "Literal:" so the template can be reconstructed from the schema.
ASN.1没有一种机制来指示属性值不能从一种语言转换为另一种语言,因为ASN.1模式通常不会被转换。翻译模板时会删除此标志,但应在DESC字段中注明是否存在该标志。它应该放在一个单独的行上,并用“Literal:”标记,这样就可以从模式中重建模板。
The SLP template syntax uses a flag of 'X' to indicate that an attribute must be present in order for the query to be properly satisfied. There is no provision for requiring that particular attributes be in a query. Consequently, this flag is dropped when translating a template, but presence of the flag should be noted in the DESC field. It should be placed on a separate line and tagged with "Explicit:" so the template can be reconstructed from the schema.
SLP模板语法使用“X”标志指示必须存在属性才能正确满足查询。没有规定要求查询中必须包含特定属性。因此,在翻译模板时会删除该标志,但应在DESC字段中注明该标志的存在。它应该放在一个单独的行上,并标记为“Explicit:”,这样就可以从模式中重建模板。
The SLP template grammar provides the capability to define default and allowed values for an attribute. The SLP protocol does not enforce these restrictions on registered attributes, however. The default and allowed values may be used by client side applications, or alternatively it may also be used by DAs to initialize registrations having no attributes and to limit attribute values to the template allowed values.
SLP模板语法提供了为属性定义默认值和允许值的功能。但是,SLP协议不对已注册的属性实施这些限制。客户端应用程序可以使用默认值和允许值,或者DAs也可以使用默认值和允许值初始化没有属性的注册,并将属性值限制为模板允许值。
LDAP servers also do not support default and allowed values on attributes. Therefore, enforcement of default and allowed values in SLP templates is left up to the clients or a DA, if the DA is backending into LDAP. The default and allowed values should be included in the DESC field. The comments should be placed on separate lines and labeled with the "Default:" and "Allowed:" tags to allow reconstruction of the template.
LDAP服务器也不支持属性上的默认值和允许值。因此,如果DA正在回溯到LDAP,则SLP模板中默认值和允许值的强制执行将由客户端或DA决定。默认值和允许值应包含在DESC字段中。注释应放在单独的行上,并用“Default:”和“Allowed:”标记进行标记,以允许重建模板。
The descriptive text associated with an attribute definition should be included in the DESC field. It should start on a separate line and begin with the "Description:" tag.
与属性定义关联的描述性文本应包含在描述字段中。它应该从单独的一行开始,并以“Description:”标记开始。
LDAP attributes require an OID. In general, there is no a priori way that an algorithm can be defined for generating OIDs, because it will depend on the conventions used by the organization developing the template. In some cases, an organization's procedure for generating OIDs may be regular enough that a template developer can algorithmically generate OIDs off of an assigned root. Whatever means is used, the template developer should assure that unique OIDs are assigned to each SLP attribute that is translated into an LDAP attribute.
LDAP属性需要一个OID。一般来说,没有一种先验方法可以定义生成OID的算法,因为它将取决于开发模板的组织使用的约定。在某些情况下,组织生成OID的过程可能足够规则,模板开发人员可以通过算法从指定的根生成OID。无论使用何种方法,模板开发人员都应确保为每个转换为LDAP属性的SLP属性分配唯一的OID。
The template included below is a hypothetical abstract printer service template, similar to that described in [10].
下面包含的模板是一个假设的抽象打印机服务模板,类似于[10]中描述的模板。
template-type = printer
template-type = printer
template-version = 0.0
模板版本=0.0
template-description = The printer service template describes the attributes supported by network printing devices. Devices may be either directly connected to a network, or connected to a printer spooler that understands the a network queuing protocol such as IPP, lpr or the Salutation Architecture.
template description=打印机服务模板描述网络打印设备支持的属性。设备可以直接连接到网络,也可以连接到理解网络排队协议(如IPP、lpr或称呼体系结构)的打印机后台处理程序。
template-url-syntax = ;The URL syntax is specific to the printing protocol being ;employed
模板url语法=;URL语法特定于正在使用的打印协议;雇佣
description = STRING # This attribute is a free form string that can contain any # site-specific descriptive information about this printer.
description=STRING#此属性是一个自由格式的字符串,可以包含有关此打印机的任何#站点特定的描述性信息。
printer-security-mechanisms-supported = STRING L M none # This attribute indicates the security mechanisms supported tls, ssl, http-basic, http-digest, none
支持的打印机安全机制=字符串L M none#此属性表示支持的tls、ssl、http basic、http摘要、none等安全机制
printer-operator = STRING O L M # A person, or persons responsible for maintaining a # printer on a day-to-day basis, including such tasks # as filling empty media trays, emptying full output # trays, replacing toner cartridges, clearing simple # paper jams, etc.
打印机操作员=STRING O L M#一名或多名负责日常维护打印机的人员,包括填充空介质托盘、清空全部输出托盘、更换碳粉盒、清除简单卡纸等任务。
printer-location-address = STRING O # Physical/Postal address for this device. Useful for # nailing down a group of printers in a very large corporate # network. For example: 960 Main Street, San Jose, CA 95130
printer-location-address = STRING O # Physical/Postal address for this device. Useful for # nailing down a group of printers in a very large corporate # network. For example: 960 Main Street, San Jose, CA 95130
printer-priority-queue = BOOLEAN O FALSE # TRUE indicates this printer or print queue is a priority # queuing device.
打印机优先级队列=布尔O FALSE#TRUE表示此打印机或打印队列是优先级队列设备。
printer-number-up = INTEGER O 1 # This job attribute specifies the number of source # page-images to impose upon a single side of an instance # of a selected medium. 1, 2, 4
printer number up=整数O 1#此作业属性指定要施加在选定介质实例#单面上的源页面图像数。1, 2, 4
printer-paper-output = STRING M L O standard # This attribute describes the mode in which pages output # are arranged.
打印机纸张输出=字符串M L O standard#此属性描述页面输出的排列模式。
standard, noncollated sort, collated sort, stack, unknown
标准,非合并排序,合并排序,堆栈,未知
We assume that the concrete type "service:printer:lpr" for printers that speak the LPR protocol [4] has the following template definition:
我们假设使用lpr协议[4]的打印机的具体类型“service:printer:lpr”具有以下模板定义:
template-type = printer:lpr
模板类型=打印机:lpr
template-version = 0.0
模板版本=0.0
template-description = The printer:lpr service template describes the attributes supported by network printing devices that speak the LPR protocol. No new attributes are included.
template description=打印机:lpr服务模板描述使用lpr协议的网络打印设备支持的属性。不包括新属性。
template-url-syntax = queue queue = ;The queue name, see RFC 1179.
模板url语法=队列=;队列名称,请参阅RFC 1179。
The LDAP class definition for the "service:printer:lpr" concrete service type is translated as follows:
“service:printer:lpr”具体服务类型的LDAP类定义翻译如下:
( ---place the assigned OID here--- NAME 'service-printer-lpr' DESC 'Description: The printer:lpr service template describes the attributes supported by network printing devices that speak the LPR protocol. No new attributes are included.
( ---place the assigned OID here--- NAME 'service-printer-lpr' DESC 'Description: The printer:lpr service template describes the attributes supported by network printing devices that speak the LPR protocol. No new attributes are included.
URL Syntax: queue queue = ;The queue name, see RFC 1179.' SUP slpService MUST ( description $ security-mechanisms-supported $ labeledURI) MAY ( operator $ location-address $ priority-queue $ number-up $ paper-output) )
URL语法:队列=;队列名称,请参阅RFC 1179。'SUP slpService MUST(description$受支持的安全机制$labeledURI)MAY(operator$location address$priority queue$number up$paper output))
The attribute definitions are translated as follows:
属性定义的转换如下所示:
( ---place the assigned OID here--- NAME 'printer-security-mechanisms-supported' DESC 'Description: This attribute indicates the security mechanisms supported.
( ---place the assigned OID here--- NAME 'printer-security-mechanisms-supported' DESC 'Description: This attribute indicates the security mechanisms supported.
Default: value
默认值:value
Allowed: tls, ssl, http-basic, http-digest, none
允许:tls、ssl、http basic、http摘要、无
Literal:' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
文字:“相等caseIgnoreMatch排序caseIgnoreOrderingMatch子字符串匹配语法1.3.6.1.4.1.1466.115.121.1.15)
( ---place the assigned OID here--- NAME 'printer-operator' DESC 'Description: A person, or persons responsible for maintaining a printer on a day-to-day basis, including such tasks as filling empty media trays, emptying full output trays, replacing toner cartridges, clearing simple paper jams, etc.
( ---place the assigned OID here--- NAME 'printer-operator' DESC 'Description: A person, or persons responsible for maintaining a printer on a day-to-day basis, including such tasks as filling empty media trays, emptying full output trays, replacing toner cartridges, clearing simple paper jams, etc.
Literal:' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
文字:“相等caseIgnoreMatch排序caseIgnoreOrderingMatch子字符串匹配语法1.3.6.1.4.1.1466.115.121.1.15)
( --place the assigned OID here--- NAME 'printer-location-address' DESC 'Description Physical/Postal address for this device. Useful for nailing down a group of printers in a very large corporate network. For example: 960 Main Street, San Jose, CA 95130.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
( --place the assigned OID here--- NAME 'printer-location-address' DESC 'Description Physical/Postal address for this device. Useful for nailing down a group of printers in a very large corporate network. For example: 960 Main Street, San Jose, CA 95130.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
( ---place the assigned OID here--- NAME 'printer-priority-queue' DESC 'Description: TRUE indicates this printer or print queue is a priority queuing device.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
( ---place the assigned OID here--- NAME 'printer-priority-queue' DESC 'Description: TRUE indicates this printer or print queue is a priority queuing device.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
( ---place the assigned OID here--- NAME 'printer-number-up' DESC 'Description: This job attribute specifies the number of source page-images to impose upon a single side of an instance of a selected medium. This attribute is INTEGER.
( ---place the assigned OID here--- NAME 'printer-number-up' DESC 'Description: This job attribute specifies the number of source page-images to impose upon a single side of an instance of a selected medium. This attribute is INTEGER.
Default: 1
默认值:1
Allowed: 1, 2, 3, 4' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
允许:1,2,3,4'相等整数匹配语法1.3.6.1.4.1.1466.115.121.1.27单值)
( ---place the assigned OID here--- NAME 'printer-paper-output' DESC 'Description: This attribute describes the mode in which pages output are arranged. Default value is standard.
( ---place the assigned OID here--- NAME 'printer-paper-output' DESC 'Description: This attribute describes the mode in which pages output are arranged. Default value is standard.
Default: standard
默认值:标准
Allowed: standard, noncollated sort, collated sort, stack, unknown. Literal:' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
允许:标准、非合并排序、整理排序、堆栈、未知。文字:“相等caseIgnoreMatch排序caseIgnoreOrderingMatch子字符串匹配语法1.3.6.1.4.1.1466.115.121.1.15)
LDAP has a flat name space, and attribute names and OIDs must be unique in a directory server. In order to avoid name conflicts in the translation of SLP templates to LDAP schemas, template developers may want to consider prepending the name of the service type to the attribute. Postprocessing attribute names to make them unique when translated is not possible, because it would require the DA to rewrite queries before submitting them to the directory server. In addition, developers should use standard LDAP attributes when such attributes are available.
LDAP有一个扁平的名称空间,属性名和OID在目录服务器中必须是唯一的。为了避免SLP模板到LDAP模式的转换中的名称冲突,模板开发人员可能想考虑将服务类型的名称提前添加到属性中。不可能对属性名称进行后处理以使其在翻译时唯一,因为这需要DA在将查询提交到目录服务器之前重写查询。此外,当标准LDAP属性可用时,开发人员应该使用这些属性。
In the above example template, the abstract type name "printer" is prepended to attributes to avoid conflicts. The standard "description" attribute defined by X.520 [3] is used to translate the template description attribute.
在上面的示例模板中,抽象类型名称“printer”在属性前面,以避免冲突。X.520[3]定义的标准“描述”属性用于转换模板描述属性。
The reverse mapping from LDAP schema to SLP service type templates requires dealing with both LDAP and ASN.1 data types. RFC 2252 defines 33 attribute syntaxes that should be supported by LDAP directory servers. These syntaxes are defined using BNF for strings or using ASN.1 for binary valued attributes defined by X.520.
从LDAP模式到SLP服务类型模板的反向映射需要同时处理LDAP和ASN.1数据类型。RFC2252定义了LDAP目录服务器应该支持的33个属性语法。这些语法是使用BNF为字符串定义的,或使用ASN.1为X.520定义的二进制值属性定义的。
Mapping of the LDAP data types into SLP template types is fairly straightforward, but mapping arbitrary ASN.1 data types is somewhat more complicated and requires encoding the ASN.1 data type into a string. To a certain extent, this masks the ASN.1 data type because it becomes impossible to distinguish between a native string having
将LDAP数据类型映射到SLP模板类型相当简单,但映射任意ASN.1数据类型稍微复杂一些,需要将ASN.1数据类型编码为字符串。在某种程度上,这会屏蔽ASN.1数据类型,因为无法区分具有
content equivalent to an encoded ASN.1 string. However, inclusion of the ASN.1 data type in the comment provides additional information should a reverse transformation from SLP to ASN.1 be required.
内容相当于编码的ASN.1字符串。但是,如果需要从SLP到ASN.1的反向转换,注释中包含ASN.1数据类型将提供额外的信息。
The following subsections deal with both LDAP and ASN.1 attribute data type mappings.
以下小节处理LDAP和ASN.1属性数据类型映射。
The following table contains the mappings for LDAP syntaxes to SLP data types:
下表包含LDAP语法到SLP数据类型的映射:
LDAP Type SLP Type -------------------------------------------------------- ACI Item NA Access Point NA Attribute Type Description NA Audio Opaque Binary ASN.1 escape Bit String String Boolean Boolean Certificate Opaque Certificate List Opaque Certificate Pair Opaque Country String String DN String Data Quality Syntax NA Delivery Method NA Directory String String DIT Content Rule Description NA DIT Structure Rule Description NA DL Submit Permission NA DSA Quality Syntax NA Enhanced Guide NA Facsimile Telephone Number String Fax Opaque Generalized Time String Guide NA IA5 String String INTEGER Integer JPEG Opaque LDAP Syntax Description NA LDAP Schema Definition NA LDAP Schema Description NA Master and Shadow Access Points NA Matching Rule Description NA Matching Rule Use Description NA Mail Preference NA
LDAP Type SLP Type -------------------------------------------------------- ACI Item NA Access Point NA Attribute Type Description NA Audio Opaque Binary ASN.1 escape Bit String String Boolean Boolean Certificate Opaque Certificate List Opaque Certificate Pair Opaque Country String String DN String Data Quality Syntax NA Delivery Method NA Directory String String DIT Content Rule Description NA DIT Structure Rule Description NA DL Submit Permission NA DSA Quality Syntax NA Enhanced Guide NA Facsimile Telephone Number String Fax Opaque Generalized Time String Guide NA IA5 String String INTEGER Integer JPEG Opaque LDAP Syntax Description NA LDAP Schema Definition NA LDAP Schema Description NA Master and Shadow Access Points NA Matching Rule Description NA Matching Rule Use Description NA Mail Preference NA
MHS OR Address String Modify Rights NA Name and Optional UID NA Name Form Description NA Numeric String String Object Class Description NA Octet String Opaque OID String Other Mailbox String Postal Address String Protocol Information NA Presentation Address String Printable String String Substring Assertion NA Subtree Specification NA Supplier Information NA Supplier or Consumer NA Supplier And Consumer NA Supported Algorithm NA DSE Type NA Telephone Number String Teletex Terminal Identifier String Telex Number String UTC Time String
MHS或地址字符串修改权限NA名称和可选UID NA名称表单描述NA数字字符串字符串对象类描述NA八进制字符串不透明OID字符串其他邮箱字符串邮政地址字符串协议信息NA表示地址字符串可打印字符串子字符串断言NA子树规范NA供应商信息NA供应商或消费者NA供应商和消费者NA支持的算法NA DSE类型NA电话号码字符串电传终端标识符字符串电传号码字符串UTC时间字符串
ASN.1 employs a much richer set of data types than provided by SLP. The table below show the mapping of selected ASN.1 data type to their nearest SLP equivalent. Because of the complexity and flexibility of ASN.1, a complete list cannot be provided.
ASN.1使用了比SLP提供的更丰富的数据类型集。下表显示了所选ASN.1数据类型到最接近的SLP等效数据类型的映射。由于ASN.1的复杂性和灵活性,无法提供完整的列表。
As sample of some ASN.1 encodings and their mappings to SLP:
作为一些ASN.1编码及其到SLP的映射的示例:
ASN.1 type SLP type ----------------------------------------- INTEGER Integer BOOLEAN Boolean ENUMERATED String OBJECT IDENTIFIER String OCTET STRING Opaque REAL String
ASN.1 type SLP type ----------------------------------------- INTEGER Integer BOOLEAN Boolean ENUMERATED String OBJECT IDENTIFIER String OCTET STRING Opaque REAL String
Data types that do not map directly to SLP data types should be defined as either a String, or as Opaque. ASN.1 types that may only contain valid characters for Strings, as defined in X.680 [9] should be encoded as strings. ASN.1 types such as GraphicString that change their character set encoding in part way through a value should not
不直接映射到SLP数据类型的数据类型应定义为字符串或不透明。ASN.1类型只能包含X.680[9]中定义的字符串的有效字符,应将其编码为字符串。ASN.1类型(如GraphicsString)不应通过值部分更改其字符集编码
be encoded as strings, however, If such types are required, the SLP Opaque type should be used. In either case, the first line of the help text is used to indicate the original ASN.1 data type.
但是,如果需要此类类型,则应使用SLP不透明类型。无论哪种情况,帮助文本的第一行都用于指示原始ASN.1数据类型。
The following subsections describe how to convert from the ASN.1 BER [9] to the SLP template for the different types in the table above.
以下小节描述了如何将上表中不同类型的ASN.1 BER[9]转换为SLP模板。
Both SLP templates and ASN.1 support Integers, so there is a one to one mapping between an SLP Integer attribute and an ASN.1 Integer attribute. Details on the encoding of integers is summarized in the SLP template to ASN.1 section above.
SLP模板和ASN.1都支持整数,因此SLP Integer属性和ASN.1 Integer属性之间存在一对一映射。有关整数编码的详细信息,请参见上文ASN.1部分的SLP模板。
Boolean values are supported by both SLP and ASN.1, though on wire encodings differ. X.680 [9] specifies zero and non-zero encoding for booleans, where SLP encodes booleans using the strings TRUE and FALSE. In general, most LDAP servers will use the LDAP Boolean type (which is a string), so again the ASN.1 type should be recorded in the comment or it will be lost.
SLP和ASN.1都支持布尔值,尽管有线编码不同。X.680[9]指定布尔值的零和非零编码,其中SLP使用字符串TRUE和FALSE对布尔值进行编码。一般来说,大多数LDAP服务器将使用LDAP布尔类型(这是一个字符串),因此ASN.1类型也应记录在注释中,否则将丢失。
SLP templates support the concept of enumerations through the listing of allowed values in the attribute definition. These enumerations are not strictly binding on clients or DAs, but they are similar to the ASN.1 definition of enumerations. BER encodes the ASN.1 enumeration by passing the number of the element's position in the enumeration. This requires both sides to have knowledge of the specific enumeration prior to decoding an enumeration's value. SLP provides no specific support for transmitting enumerations. They are simply String types. Information on the ASN.1 type and ASN.1 encoding of the enumeration values is recorded in the comment.
SLP模板通过在属性定义中列出允许的值来支持枚举的概念。这些枚举对客户机或DAs没有严格的约束,但它们类似于ASN.1对枚举的定义。BER通过传递元素在枚举中的位置编号对ASN.1枚举进行编码。这要求双方在解码枚举值之前都了解特定的枚举。SLP不提供传输枚举的特定支持。它们只是字符串类型。有关枚举值的ASN.1类型和ASN.1编码的信息记录在注释中。
Example:
例子:
color-supported = STRING M none # ASN.1: Enumeration. # ASN.1 Mapping: none = 0, highlight = 1, three color = 2, # four color = 4, monochromatic = 5 #This attribute specifies whether the Printer supports # color and, if so, what type. none,highlight,three color,four color,monochromatic
color-supported = STRING M none # ASN.1: Enumeration. # ASN.1 Mapping: none = 0, highlight = 1, three color = 2, # four color = 4, monochromatic = 5 #This attribute specifies whether the Printer supports # color and, if so, what type. none,highlight,three color,four color,monochromatic
Object identifiers(OIDs) are commonly used in the ASN.1 world to identify object and attributes. OIDs are a numerical representation of an element's place in the naming hierarchy. Each element at a particular level of a hierarchy has a unique number assigned within that level of the hierarchy. A sample OID would be the naming tree for SNMP MIBs: iso(1) org(3) dod(6) internet(1) mgmt(2) mib(1) would be written as the string "1.3.6.1.2.1".
对象标识符(OID)在ASN.1世界中常用来标识对象和属性。OID是元素在命名层次中位置的数字表示。层次结构特定级别上的每个元素在该层次结构级别内都有一个唯一的编号。示例OID将是SNMP mib的命名树:iso(1)组织(3)国防部(6)互联网(1)管理(2)mib(1)将写入字符串“1.3.6.1.2.1”。
Because this representation reduces down to a string of dot separated numbers, this maps easily to the SLP String type. The help text for this element should indicate it is an ASN.1 OID
因为这种表示法减少到一个由点分隔的数字组成的字符串,所以很容易映射到SLP字符串类型。此元素的帮助文本应指示它是ASN.1 OID
identifier = STRING # ASN.1: OID # The object identifier for this SNMP agent.
identifier=STRING#ASN.1:OID#此SNMP代理的对象标识符。
An ASN.1 octet string should be mapped to an Opaque in an SLP template. An octet string is a sequence of bytes, whereas an Opaque is a a string that encodes a sequence of bytes. Again, the ASN.1 type is lost unless recorded in the comment.
ASN.1八位组字符串应映射到SLP模板中的不透明字符串。八位字节字符串是字节序列,而不透明字符串是编码字节序列的字符串。同样,ASN.1类型将丢失,除非记录在注释中。
There is no direct mapping between floating point numbers and any SLP data types. Attributes having the ASN.1 type of Real are mapped to SLP type String. Comments are added to the attribute help text indicating the value was originally an ASN.1 real. For example:
浮点数和任何SLP数据类型之间没有直接映射。ASN.1类型为Real的属性映射到SLP类型字符串。注释添加到属性帮助文本中,指示该值最初是ASN.1实数。例如:
weight = STRING # ASN.1: Real # The objects weight in pounds.
重量=弦#ASN.1:真实#物体的重量以磅为单位。
The following is an example schema for an exported filesystem. The section presents it as in ASN.1 and the following section shows the SLP template translation. The template translation does not capture the actual attribute format for the Set type, that would be done in the LDAP client software making the translation. Note that even though the class definition does not conform with the previously defined conventions for SLP classes, the schema can still be translated into an SLP template. The syntax used in this example follows
以下是导出文件系统的模式示例。本节如ASN.1所示,下一节显示SLP模板翻译。模板转换不会捕获集合类型的实际属性格式,这将在进行转换的LDAP客户端软件中完成。请注意,即使类定义不符合之前为SLP类定义的约定,模式仍然可以转换为SLP模板。本例中使用的语法如下
-- Abstraction of a fstab entry (a "mount"). -- These lookups would likely be performed by an -- an automounter type application. mount OBJECT-CLASS ::= { SUBCLASS OF { top } MUST CONTAIN { mountHost | mountDirectory | mountType } MAY CONTAIN { mountOption | mountDumpFrequency | mountPassNo } ID { <oid1> } }
-- Abstraction of a fstab entry (a "mount"). -- These lookups would likely be performed by an -- an automounter type application. mount OBJECT-CLASS ::= { SUBCLASS OF { top } MUST CONTAIN { mountHost | mountDirectory | mountType } MAY CONTAIN { mountOption | mountDumpFrequency | mountPassNo } ID { <oid1> } }
- The mount host. mountHost ATTRIBUTE ::= { WITH SYNTAX caseIgnoreString EQUALITY MATCHING RULE caseIgnoreMatch SINGLE VALUE ID { <oid2> } }
- 装载主机。mountHost属性::={语法为CaseIgnorString相等匹配规则caseIgnoreMatch单值ID{<oid2>}
- The file system to mount. mountDirectory ATTRIBUTE ::= { WITH SYNTAX caseIgnoreString EQUALITY MATCHING RULE caseIgnoreMatch SINGLE VALUE ID { <oid3> } }
- 要装载的文件系统。mountDirectory属性::={语法为caseIgnoreString相等匹配规则caseIgnoreMatch单值ID{<oid3>}
- The type of file system being mounted. mountType ATTRIBUTE ::= { WITH SYNTAX INTEGER { ufs(1), hsfs(2), nfs(3), rfs(4) } EQUALITY MATCHING RULE integerMatch SINGLE VALUE ID { <oid4> } }
- 正在装入的文件系统的类型。mountType属性::={WITH SYNTAX INTEGER{ufs(1)、hsfs(2)、nfs(3)、rfs(4)}相等匹配规则integerMatch SINGLE VALUE ID{<oid4>}
- Options for the mount operation. mountOption ATTRIBUTE ::= { WITH SYNTAX caseIgnoreString EQUALITY MATCHING RULE caseIgnoreString ID { <oid5> } }
- 装载操作的选项。mountOption属性::={语法为CaseIgnorString相等匹配规则CaseIgnorString ID{<oid5>}
- How often to dump the file system. mountDumpFrequency ATTRIBUTE :: = { WITH SYNTAX INTEGER (0..9) EQUALITY MATCHING RULE integerMatch SINGLE VALUE ID { <oid6> } }
- 转储文件系统的频率。mountDumpFrequency属性::={WITH SYNTAX INTEGER(0..9)相等匹配规则integerMatch SINGLE VALUE ID{<oid6>}
- Boot time mount pass number. mountPassNo ATTRIBUTE ::= { WITH SYNTAX INTEGER EQUALITY MATCHING RULE integerMatch SINGLE VALUE ID { <oid7> } }
- 启动时装载密码。mountPassNo属性::={WITH SYNTAX INTEGER EQUALITY match RULE integerMatch SINGLE VALUE ID{<oid7>}
The translated SLP template is:
翻译后的SLP模板为:
template-type = mount
template-type = mount
template-version = 1.0
模板版本=1.0
template-description = "Describes a remote filesystem access protocol"
template description=“描述远程文件系统访问协议”
template-url-syntax = filesystem = 1*[ DIGIT / ALPHA ] urlpath = "/" filesystem
template-url-syntax = filesystem = 1*[ DIGIT / ALPHA ] urlpath = "/" filesystem
mountHost = STRING L # ASN.1: Case Ignore String, Single Value # The mount host
mountHost=STRING L#ASN.1:大小写忽略字符串,单值#装载主机
mountDirectory = STRING L # ASN.1: Case Ignore String, Single Value # The filesystem to mount
mountDirectory=STRING L#ASN.1:大小写忽略字符串,单值#要装载的文件系统
mountType = STRING L ufs # ASN.1: Enumeration, Single Value # ASN.1 Mapping: ufs = 1, hsfs = 2, nfs = 3, rfs = 4 # The type of the filesystem being mounted ufs, hsfs, nfs, rfs
mountType = STRING L ufs # ASN.1: Enumeration, Single Value # ASN.1 Mapping: ufs = 1, hsfs = 2, nfs = 3, rfs = 4 # The type of the filesystem being mounted ufs, hsfs, nfs, rfs
mountOption = STRING M O L # ASN.1: Case Ignore String # mount options for this filesystem
mountOption=STRING M O L#ASN.1:大小写忽略字符串#此文件系统的装载选项
mountDumpFrequency = INTEGER O 0 # ASN.1: Integer Range, Single Value # How often to dump this filesystem 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
mountDumpFrequency=INTEGER O 0#ASN.1:整数范围,单值#转储此文件系统的频率0、1、2、3、4、5、6、7、8、9
mountPassNo = INTEGER O # ASN.1: Integer, Single Value # Boot time mount pass number
mountPassNo=INTEGER O#ASN.1:整数,单值#启动时装载过程编号
In addition to translating between SLP templates and LDAP schema, another area requiring compatibility is the representation of SLP service advertisements in an LDAP DIT. A standardized representation for service information allows SLP DAs to store service advertisements in LDAP, and for LDAP clients to query the DIT for those services. Similarly, if LDAP clients represent service information in the same form, SLP clients can benefit from interoperability.
除了在SLP模板和LDAP模式之间进行转换外,另一个需要兼容性的领域是在LDAP DIT中表示SLP服务广告。服务信息的标准化表示允许SLP DAs在LDAP中存储服务广告,并允许LDAP客户端查询这些服务的DIT。类似地,如果LDAP客户端以相同的形式表示服务信息,则SLP客户端可以从互操作性中获益。
A service advertisement contains the service URL in a 'labeledURI' attribute [11]. The labeledURI attribute in a service advertisement should only contain the service URL for the service, with no additional label. It is recommended that the labeledURI be used as the RDN for the service object in the DIT.
服务广告在“labeledURI”属性中包含服务URL[11]。服务广告中的labeledURI属性应仅包含服务的服务URL,而不包含其他标签。建议将labeledURI用作DIT中服务对象的RDN。
Although service advertisements can appear anywhere within the DIT, it is recommended that all services be stored under a single common point, or root node, to facilitate searching in a domain. This allows a client to search for all of advertisements of a particular service type, say, for all printers. The recommended parent entry is one named "ou=service" below the entry which is the representation of the domain, as described in RFC 2247.
尽管服务广告可以出现在DIT中的任何位置,但建议将所有服务存储在单个公共点或根节点下,以便于在域中进行搜索。这允许客户端搜索特定服务类型的所有广告,例如,搜索所有打印机。建议的父条目是一个名为“ou=service”的条目,位于表示域的条目下方,如RFC 2247中所述。
For example, a printer service with labeledURI of "service:lpr://printsrv/queue1" in the domain foobar.com advertised in the LDAP server that holds the entry "dc=foobar,dc=com" tree has the following DN:
例如,标签为“服务:lpr://printsrv/queue1在LDAP服务器中公布的域foobar.com中,包含条目“dc=foobar,dc=com”树的DN如下:
"labeledURI=service:lpr://printsrv/queue1, ou=service, dc=foobar, dc=com"
"labeledURI=service:lpr://printsrv/queue1, ou=service, dc=foobar, dc=com"
While this leads to a flat space of service storage, since SLP uses search filters from LDAP for searches, these filters can be used for one-level searches from the root node.
虽然这会导致服务存储的平坦空间,但由于SLP使用LDAP中的搜索过滤器进行搜索,因此这些过滤器可用于根节点的一级搜索。
The following example illustrates how an advertisement having a simple service type is represented. The advertisement (in conceptual form) for a printer is:
下面的示例说明了如何表示具有简单服务类型的广告。打印机广告(概念形式)为:
Service Type: service:lpr://printsrv/queue1 Scopes: eng,corp Attributes: description = A general printer for all to use. security-mechanisms-supported = none Authentication: none
Service Type: service:lpr://printsrv/queue1 Scopes: eng,corp Attributes: description = A general printer for all to use. security-mechanisms-supported = none Authentication: none
The RDN of the object is labeledURI=service:lpr://printsrv/queue1, and the following LDAP search filter will return this object, along with any others of the service type "service:lpr" that match the other attributes:
对象的RDN为labeledURI=服务:lpr://printsrv/queue1,以下LDAP搜索筛选器将返回此对象,以及与其他属性匹配的任何其他服务类型“service:lpr”:
(&(service-advert-service-type=service:lpr) (service-advert-scopes=eng) (service-advert-scopes=corp) (description=A general printer for all to use.) (security-mechanisms-supported=none))
(&(service-advert-service-type=service:lpr) (service-advert-scopes=eng) (service-advert-scopes=corp) (description=A general printer for all to use.) (security-mechanisms-supported=none))
Service advertisements in SLP also have a lease time associated with them. In LDAP servers that support the extensions for dynamic directory services [12], the service advertisement entry objectClass should be extended with the dynamicObject class. This allows the service advertisement to time out within the LDAP directory server. If the LDAP directory server does not support the dynamic directory services extension, then advertisement lease timeouts must be handled by the SLP agent.
SLP中的服务广告还具有与其关联的租赁时间。在支持动态目录服务扩展的LDAP服务器[12]中,应该使用dynamicObject类扩展服务广告条目objectClass。这允许服务公告在LDAP目录服务器中超时。如果LDAP目录服务器不支持动态目录服务扩展,则播发租约超时必须由SLP代理处理。
While the service advertisement schema outlined in this section is primarily for SLP DAs that use LDAP as a backing store, if LDAP agents register services using the same format, complete interoperability with SLP is achieved.
虽然本节中概述的服务广告模式主要针对使用LDAP作为备份存储的SLP DAs,但如果LDAP代理使用相同的格式注册服务,则可以实现与SLP的完全互操作性。
SLP specifies that an RFC 1766 [13] language code accompanies every service advertisement. Language codes for service advertisements in LDAP must be represented according to RFC 2596 [14].
SLP指定每个服务广告都附带RFC1766[13]语言代码。LDAP中服务广告的语言代码必须根据RFC 2596[14]表示。
RFC 2596 prohibits language codes in DNs, and specifies that a directory server which does not support language codes must treat an attribute with a language code as an unrecognized attributes. According to RFC 2596, language codes are appended to attribute names with a semicolon (";"). For example, the following attribute/value pair is in the German locale:
RFC 2596禁止DNs中的语言代码,并指定不支持语言代码的目录服务器必须将具有语言代码的属性视为无法识别的属性。根据RFC2596,语言代码用分号(;)附加到属性名称之后。例如,以下属性/值对为德语区域设置:
(address;lang-de=44 Bahnhofstrasse, 2365 Weibstadt, Deutschland)
(地址:德国威布施塔特2365 Bahnhofstrasse lang de=44)
An attribute with a language tag in a specific locale is considered a separate attribute from attributes in other locales.
在特定区域设置中具有语言标记的属性被视为与其他区域设置中的属性不同的属性。
If the service advertisement is in the default SLP locale ("en", no dialect), then the language code need not be appended to the attribute name.
如果服务广告使用默认的SLP语言环境(“en”,无方言),则不需要将语言代码附加到属性名称。
SLP queries in locales other than the default need not be rewritten to include language tags before being submitted to the directory server. RFC 2596 specifies that all entries that match are returned, including those with language tags, without requiring the language tags to be explicitly present in the query. The SLP DA can then postprocess the result to select the entries from the required locale.
在提交到目录服务器之前,不需要重写默认语言环境以外的语言环境中的SLP查询以包含语言标记。RFC2596指定返回所有匹配的条目,包括带有语言标记的条目,而无需在查询中显式显示语言标记。然后,SLP DA可以对结果进行后处理,以从所需的语言环境中选择条目。
SLP authenticators are stored with the service advertisement in the DIT, as discussed in Section~7ef{slpdit}. LDAP clients need to use LDAP authentication [15] to assure that they are connecting with a secure server. In particular, SLP DAs that use LDAP as a back end store and that implement SLP authentication MUST use LDAP authentication to assure that the LDAP entries for their service registrations are secure.
SLP验证器与服务公告一起存储在DIT中,如第7ef{slpdit}节所述。LDAP客户端需要使用LDAP身份验证[15],以确保它们与安全服务器连接。特别是,使用LDAP作为后端存储并实现SLP身份验证的SLP DAs必须使用LDAP身份验证,以确保其服务注册的LDAP条目是安全的。
Acknowledgements
致谢
Many thanks are due to Mark Wahl whose detailed and insightful comments were instrumental in helping improve the technical accuracy of this document with respect to LDAP.
非常感谢Mark Wahl,他详细而深刻的评论有助于提高本文档关于LDAP的技术准确性。
[1] Guttman, E., Perkins, C. and J. Kempf, "Service Templates and service: Schemes", RFC 2609, April 1999.
[1] Guttman,E.,Perkins,C.和J.Kempf,“服务模板和服务:方案”,RFC 26091999年4月。
[2] Wahl, W., Howes, T. and S. Kille, "Lightweight Directory Access Protocol (v3)", RFC 2251, December 1997.
[2] Wahl,W.,Howes,T.和S.Kille,“轻量级目录访问协议(v3)”,RFC 2251,1997年12月。
[3] International Telecommunications Union. The Directory:Selected Attribute Types. ITU Recommendation X.520. August, 1997.
[3] 国际电信联盟。目录:选定的属性类型。国际电联建议X.520。1997年8月。
[4] McLaughlin, L., "Line Printer Daemon Protocol, RFC 1179, August 1990.
[4] McLaughlin,L.,“行打印机守护程序协议,RFC1179,1990年8月。
[5] Guttman, E., Perkins, C., Veizades, J. and M. Day, "Service Location Protocol Version 2", RFC 2608, April 1999.
[5] Guttman,E.,Perkins,C.,Veizades,J.和M.Day,“服务位置协议版本2”,RFC 26081999年4月。
[6] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, November 1997.
[6] Crocker,D.和P.Overell,“语法规范的扩充BNF:ABNF”,RFC 2234,1997年11月。
[7] Howes, T., "The String Representation of LDAP Search Filters", RFC 2254, December 1997.
[7] Howes,T.,“LDAP搜索过滤器的字符串表示”,RFC 2254,1997年12月。
[8] Wahl, W., Coulbeck, A., Howe, T. and S. Kille, "Lightweight Directory Access Protocol (v3): Attribute Syntax Definition", RFC 2252, December 1997.
[8] Wahl,W.,Coulbeck,A.,Howe,T.和S.Kille,“轻量级目录访问协议(v3):属性语法定义”,RFC2252,1997年12月。
[9] ITU-T Rec. X.680. Abstract Syntax Notation One (ASN.1) - Specification of Basic Notation. 1994.
[9] ITU-T Rec.X.680。抽象语法符号1(ASN.1).基本符号规范。1994
[10] Fleming, P., Jones, K., Lewis, H., and McDonald, I., "Internet Printing Protocol (IPP): LDAP Schema for Printer Services", Work in Progress.
[10] Fleming,P.,Jones,K.,Lewis,H.,和McDonald,I.,“互联网打印协议(IPP):打印机服务的LDAP模式”,正在进行的工作。
[11] Smith, M., "Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifiers (URIs)", RFC 2079, January 1997.
[11] Smith,M.,“X.500属性类型和用于保存统一资源标识符(URI)的对象类的定义”,RFC 2079,1997年1月。
[12] Yaacovi, Y., Wahl, M. and T. Genovese, "Lightweight Directory Access Protocol (v3): Extensions for Dynamic Directory Services", RFC 2589, May 1999.
[12] Yaacovi,Y.,Wahl,M.和T.Genovese,“轻量级目录访问协议(v3):动态目录服务的扩展”,RFC2589,1999年5月。
[13] Alvestrand, H., "Tags for the Identification of Languages", RFC 1766, December 1997.
[13] Alvestrand,H.,“语言识别标签”,RFC1766,1997年12月。
[14] Wahl, M. and T. Howes, "Use of Language Codes in LDAP", RFC 2596, May 1999.
[14] Wahl,M.和T.Howes,“LDAP中语言代码的使用”,RFC2596,1999年5月。
[15] Wahl, M., Alvestrand, H., Hodges, J. and R. Morgan, "Authentication Methods for LDAP", RFC 2829, May 2000.
[15] Wahl,M.,Alvestrand,H.,Hodges,J.和R.Morgan,“LDAP的身份验证方法”,RFC 28292000年5月。
[16] Bradner, S., "Key Words for Use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[16] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[17] Dubuisson, O. ASN.1: Communication between Heterogeneous Systems. OSS Nokalva, 2000.
[17] Dubuisson,O.ASN.1:异构系统之间的通信。OSS Nokalva,2000年。
[18] http://www.srvloc.org
[18] http://www.srvloc.org
James Kempf Sun Microsystems 901 San Antonio Avenue Palo Alto, CA 94303 USA
美国加利福尼亚州帕洛阿尔托市圣安东尼奥大道901号詹姆斯·肯普夫太阳微系统公司,邮编94303
Phone: +1 650 786-5890 EMail: james.kempf@sun.com
Phone: +1 650 786-5890 EMail: james.kempf@sun.com
Ryan Moats Coreon, Inc. 15621 Drexel Circle Omaha, NE, 68135 USA
Ryan Moats Coreon,Inc.15621 Drexel Circle奥马哈,美国东北部,68135
EMail: rmoats@coreon.net
EMail: rmoats@coreon.net
Pete St. Pierre Sun Microsystems 901 San Antonio Avenue Palo Alto, CA 94303 USA
美国加利福尼亚州帕洛阿尔托圣安东尼奥大道901号皮特圣皮埃尔太阳微系统公司,邮编94303
Phone: +1 415 786-5790 EMail: Pete.StPierre@Eng.Sun.COM
Phone: +1 415 786-5790 EMail: Pete.StPierre@Eng.Sun.COM
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。