Isode Products

Directory Products

M-Vault in Depth

Directory Management

Directory Evaluations

Summary

Many applications need to access a directory in order to perform authentication and to obtain configuration information. Isode's Directory Client API provides a simple API to enable applications to do this. This API is designed so that it is easy for applications to access generic directory functionality, and also provides additional function for specific applications and markets.

Isode's Directory Client API uses X.500 Directory Access Protocol (DAP) and/or LDAP (Lightweight Directory Access Protocol) to access a Directory. X.500 DAP support is important for applications that require use of DAP, or need to make use of schema definitions that are only defined for used with X.500 (e.g., directory syntaxes defined in X.402 to support X.400 use of directory). LDAP is supported using the same API.

The Isode Directory Client API is of particular interest where there is (or may be) a requirement to use DAP. Its simple design and cross platform multi-language support will also make it useful for LDAP only applications. Strong authentication is supported, which is important for some secure environments.

The Directory Client API is intended for both standalone client applications and for Web applications. A 'C' language binding is provided and a Java binding is planned.

Deployment Targets

The Directory Client API provides a core set of functionality, which is useful to any directory enabled application. Functionality appropriate for specific markets is offered in addition to the core API, which is a mix of layered functionality and additional supporting routines. The first market specific API, which includes the core Directory Client API, is the ATN (Air Traffic Network) Directory API for the Air Traffic industry.

Key Benefits

The Isode Directory Client API offers the following benefits:

  • For developers of directory enabled applications, it provides a very simple abstraction.
  • The API is cross platform.
  • The API supports X.500 DAP.
  • LDAP and DAP can be used from the same application, without code changes.

Architecture and Functionality

The Directory Client API is used as illustrated below. The application uses the library to connect the application to M-Vault using X.500 DAP or LDAP.

 

This design means that any application making use of the Directory Client API need have no knowledge of which protocol is being used to communicate with the directory

The Directory Client API is designed to be easy to use for applications that access data in the directory. It is also suitable for applications that administer directory data. The following directory operations are supported:

  • Read
  • Search
  • Add
  • Delete
  • Modify
  • ModifyDN (Rename)

This API may be used in a synchronous manner for all operations, which allows for straightforward implementation. Read and search operations may also be used asynchronously. The API may be used with a multithreaded application. Note that each distinct DAP or LDAP connection is intended to be accessed by a single thread. If you need to have multiple threads accessing a single association, then contact Isode to review the suitability of this API.

Selecting DAP and/or LDAP

The API is designed so that a single application can create DAP and LDAP connections using exactly the same API and use a mix of DAP and LDAP calls. The choice of underlying protocol is as simple as choosing the connection address - for DAP connections an RFC 1278-format address such as '"X500"/Internet=dsa.example.com', and for LDAP connections an RFC 2255-format address such as 'ldap://ldap.example.com' is used instead.

API Layering

The Directory Client API provides a core set of functionality which is useful to any directory enabled application. Functionality appropriate for specific markets is offered in addition to the core API, which is a mix of layered functionality and additional supporting routines. The first market specific API, which include the core Directory Client API is the ATN (Air Traffic Network) Directory API for the Air Traffic industry.

Security

Simple authentication is supported for DAP and LDAP. Strong authentication based on X.509 is supported for DAP, using Isode's strong authentication infrastructure. SASL support is provided for LDAP. Password policy controls are available for LDAP.

 

The ATN Directory API

The aviation industry is adopting AMHS (Aeronautical Message Handling Systems) for provision of ground to ground communication. Isode provides a set of ICAO (International Civil Aviation Organization) SARPS (Standard and Recommended Practices) conformant server products (M-Switch X.400, X.400 Message Store, and M-Vault), to provide an AMHS infrastructure and an ATN (Air Traffic Network) Directory. These standards require use of DAP to communicate with the directory.

The ATN Directory API provides additional functionality to:

  • Handle ATN Directory structured attributes such as MTCU (Message Transfer and Conversion Unit) capabilities.
  • To provide ATN Directory based conversion between eight digit AFTN (Aeronautical Fixed Telecommunications Network) addresses and X.400 O/R Addresses.
  • To provide ATN Directory based conversion between eight digit AFTN (Aeronautical Fixed Telecommunications Network) addresses and Directory Names.

The mapping functionality follows a definition set out in the ATN Manual. The O/R Address/AFTN mapping provides a mapping functionality which is conformant to the ICAO specification for MTCU operation.

Isode distributes data suitable to populate a directory with mapping information. This is explained here.

Interoperability

The ATN Directory API has been primarily developed to integrate applications with the Isode server products. Because of its use of the X.500 DAP and LDAP protocols, applications developed with this library should also work with other conformant servers. For ATN Directory applications and some other X.400 applications, use of the API over LDAP relies on Isode proprietary attribute syntaxes.

Conformance

X.500 Directory Access Protocol

ITU X.500 The Directory: Overview of concepts, models and services, ISO/IEC 9594-1, 2005
ITU X.501 The Directory: Models, ISO/IEC 9594-2, 2005
ITU X.509 The Directory: Authentication framework, ISO/IEC 9594-8, 2005
ITU X.511 The Directory: Abstract service definition, ISO/IEC 9594-3, 2005
ITU X.519 The Directory: Protocol specifications, ISO/IEC 9594-5, 2005

LDAP

LDAP Version 3 (RFC 4510-4519).

ATN Directory (ICAO SARPs)

Manual of Technical Provisions for the Aeronautical Telecommunications Network (ATN). IACAO SARPS Doc 9880-AN/956:The ATN SARPS, Sub volume 7, Directory Services, Fourth edition.

AFTN Address Mappings

Chapter 6 (ATS Message Handling) of the Comprehensive Aeronautical Telecommunication Network (ATN) Manual (Part III. Applications guidance material), section 6.2.1.5.10-17.

API Definition

The Isode manual describing the Directory Client API and ATN Directory Client API is available here.

The core 'C' language Isode Directory Client API definitions are available here with sample applications available here. The 'C' language ATN Directory Client API comprises the core API plus the 'C' language ATN Directory Client API extensions to the core API. The definitions of these extensions are available here with an example program here.

The Java language equivalents are currently being developed. If you have a particular need for Java directory APIs, then please contact us for a status report.

Availability

The Isode Directory Client and ATN Directory Clients APIs are available on Solaris, Windows, Linux and HP-UX. More details on supported platforms and versions can be found here.

Copyright © 2008 Isode privacy   feedback Subscribe to our rss newsfeed