UNPKG

@wildboar/meerkat-dsa

Version:

X.500 Directory Server (DSA) and LDAP Server by Wildboar Software.

github.com/Wildboar-Software/directory

Wildboar-Software/directory

260 lines (182 loc) 11 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
# Conformance In the statements below, the term "Meerkat DSA" refers to version 1.0.0 of Meerkat DSA, hence these statements are only claimed for version 1.0.0 of Meerkat DSA. ## X.519 Conformance Statement The following conformance statement is intended to conform to the conformance statement requirements specified in International Telecommunications Union Recommendation X.519 (2016), Section 13. ### Section 13.2.1 Conformance #### A. Protocol Support Meerkat DSA does not support any application contexts. The following table indicates Meerkat DSA's IDM protocol support. | Supported? | Protocol | Object Identifier | |------------|---------------------------------------------------------|--------------------| | Yes | Directory Access Protocol (DAP) | 2.5.33.0 | | Yes | Directory System Protocol (DSP) | 2.5.33.1 | | No | Directory Information Shadowing Protocol (DISP) | 2.5.33.2 | | Yes | Directory Operational Binding Management Protocol (DOP) | 2.5.33.3 | #### B. Operational Binding Support | Supported? | Operational Binding Type | Object Identifier | |------------|----------------------------------------------------|--------------------| | Yes | Hierarchical Operational Binding (HOB) | 2.5.19.2 | | No | Non-Specific Hierarchical Operation Binding (NHOB) | 2.5.19.3 | | No | Shadowing Operational Binding (SOB) | 2.5.19.1 | #### C. First-Level DSA Support Meerkat DSA is capable of acting as a first-level DSA. #### D. Chaining Support Meerkat DSA supports chaining. #### E. Directory Access Protocol (DAP) Authentication Meerkat DSA supports the following bind authentication mechanisms for the Directory Access Protocol (DAP). | Supported? | Credential Type | |------------|-----------------| | Yes | Simple | | No | Strong | | No | External | | No | SPKM | | Yes | SASL | Meerkat DSA supports simple authentication: - Without a password, - With a password, and - With a protected password. For SASL Authentication, Meerkat DSA supports the following mechanisms: - `PLAIN` Meerkat DSA Supports identity-based originator authentication as described in the International Telecommunication Union's Recommendation X.518 (2016), Section 22.1,1, but **not** signature-based originator authentication as described in the International Telecommunication Union's Recommendation X.518 (2016), Section 22.1.2. Meerkat DSA does not support result authentication. #### F. Directory System Protocol (DSP) Authentication Meerkat DSA supports the following bind authentication mechanisms for the Directory System Protocol (DSP). | Supported? | Credential Type | |------------|-----------------| | Yes | Simple | | No | Strong | | No | External | | No | SPKM | Meerkat DSA supports simple authentication: - Without a password, - With a password, and - With a protected password. Meerkat DSA Supports identity-based originator authentication as described in the International Telecommunication Union's Recommendation X.518 (2016), Section 22.1,1, but **not** signature-based originator authentication as described in the International Telecommunication Union's Recommendation X.518 (2016), Section 22.1.2. Meerkat DSA does not support result authentication. #### G. Attribute Types Meerkat DSA supports all of the attribute types defined in the International Telecommunication Union's Recommendation X.520 (2019). For attributes having the `DirectoryString` syntax, support is present for all defined alternatives. In addition to this, Meerkat DSA is extensible, such that it can be configured to accommodate any attribute type. Despite this, Meerkat DSA is hard-coded to support the Recommendation X.520 selected attribute types, so those will always be supported. #### H. Object Classes Meerkat DSA supports all of the object classes defined in the International Telecommunication Union's Recommendation X.521 (2019). In addition to this, Meerkat DSA is extensible, such that it can be configured to accommodate any object class. Despite this, Meerkat DSA is hard-coded to support the Recommendation X.521 selected object classes, so those will always be supported. #### I. Extensions Supported These extensions are defined in International Telecommunications Union's Recommendation X.511 (2016), Section 7.3.1. | Extension | Identifier | Supported? | |----------------------------------------------------|------------|------------| | Subentries | 1 | Yes | | Copy Shall Do | 2 | Yes | | Attribute Size Limit | 3 | Yes | | Extra Attributes | 4 | Yes | | Modify Rights Request | 5 | Yes | | Paged Results Request | 6 | Yes | | Matched Values Only | 7 | No | | Extended Filter | 8 | No | | Target System | 9 | Yes | | Use Alias On Update | 10 | No | | New Superior | 11 | Yes | | Manage DSAIT | 12 | Yes | | Use of Contexts | 13 | Yes | | Partial Name Resolution | 14 | Yes | | Overspec Filter | 15 | No | | Selection On Modify | 16 | Yes | | Security Parameters - Operation Code | 18 | Yes | | Security Parameters - Attribute Certification Path | 19 | Yes | | Security Parameters - Error Protection | 20 | Yes | | Service Administration | 25 | No | | Entry Count | 26 | Yes | | Hierarchy Selections | 27 | No | | Relaxation | 28 | No | | Family Grouping | 29 | Yes | | Family Return | 30 | Yes | | Search Distinguished Name Attributes | 31 | Yes | | Friend Attributes | 32 | Yes | | Abandon of Paged Results | 33 | Yes | | Paged Results on the DSP | 34 | No | | Entry Modification `replaceValues` | 35 | Yes | #### J. Collective Attributes Support Collective Attributes are completely supported by Meerkat DSA. #### K. Hierarchical Attributes Support Hierarchy selections are not supported by Meerkat DSA. The related hierarchy attributes _are_ supported by Meerkat DSA, but they are not used by any functionality. #### L. Operational Attribute Types Support All operational attribute types defined in the International Telecommunications Union's Recommendation X.501 are supported by Meerkat DSA. However, the hierarchy attributes do not provide any functionality. #### M. Alias Dereferencing Support Meerkat DSA fully supports alias dereferencing as described in the International Telecommunication Union's Recommendation X.511 (2016), Section 7.7.1. #### N. Entry Incompleteness Indication Meerkat DSA supports the `incompleteEntry` field in `EntryInformation` data types to indicate that not all attributes or values requested were returned. #### O. Object Class Modification Meerkat DSA supports adding auxiliary object classes. #### P. Basic Access Control Meerkat DSA supports the Basic Access Control defined in International Telecommunication Union's Recommendation X.501 (2016). #### Q. Simplified Access Control Meerkat DSA supports the Simplified Access Control defined in International Telecommunication Union's Recommendation X.501 (2016). #### R. Subschema Administration Meerkat DSA supports subschema administration, and validates entries and their names and locations against subschema, if present, as defined in International Telecommunication Union's Recommendation X.501 (2016). #### S. Name Forms Meerkat DSA supports all of the name forms defined in the International Telecommunication Union's Recommendation X.521 (2019). In addition to this, Meerkat DSA is extensible, such that it can be configured to accommodate any name form. Despite this, Meerkat DSA is hard-coded to support the Recommendation X.521 name forms, so those will always be supported. #### T. Collective Attribute Administration Collective Attributes are completely supported by Meerkat DSA. #### U. Contexts Meerkat DSA supports all of the context types defined in the International Telecommunication Union's Recommendation X.520 (2019). In addition to this, Meerkat DSA is extensible, such that it can be configured to accommodate any context type. Despite this, Meerkat DSA is hard-coded to support the Recommendation X.520 context types, so those will always be supported. #### V. Context Support Meerkat DSA fully supports the use of contexts as defined in the International Telecommunication Union's Recommendation X.501 (2016). #### W. DSA Information Tree Management Meerkat DSA supports management of the DSA Information Tree. #### X. Rule-Based Access Control Meerkat DSA **does not** support Rule-Based Access Control. #### Y. Integrity of Directory Operations This requirement is not understood by the author of Meerkat DSA, but it is believed that this refers to the usage of attribute integrity information, which is not supported by Meerkat DSA. #### Z. Encrypted and Digitally-Signed Information Meerkat DSA cannot provide access to encrypted and/or signed attributes. For clarification, this does not mean that communications with Meerkat DSA cannot be secured with TLS, STARTTLS, digitally-signed responses, etc: those things are supported. #### AA. Strong Authentication Certificate and CRL Extensions Supported Meerkat DSA does not support strong authentication.