X.500

What is X.500

X.500 is a protocol which specifies a model for connecting local directory services to form one distributed global directory. Local databases hold and maintain a part of the global database and the directory information is made available via a local server called a Directory System Agent (DSA). The user perceives the entire directory to be accessible from the local server. X.500 also supports data management functions (addition, modification and deletion of entries).

Each item (entry) in the X.500 directory describes one object (e.g. a person, a network resource, an organization) and has a unique identifier called a Distinguished Name (DN). The entry consists of a collection of attributes (e.g. for a person this might be last name, organization name, e-mail address). The entries are found by navigating through a Directory Information Tree (DIT). At the top of the tree is the World, which is subdivided at the next level into countries, and at the next into organizations. Information on people, resources, etc., is stored within organizations.

While most of the information available today via X.500 is about people and organizations, the design of the X.500 directory is also suitable for storing information about other entities (or objects), such as network resources, applications or hardware. Several projects utilize these directory capabilities (e.g. the Internet RFCs (Request For Comments) are listed in the global directory).

X.500 is an OSI (Open System Interconnection) protocol, named after the number of the CCITT (International Telegraph and Telephone Consultative Committee) Recommendation document containing its specification. The Paradise project aims to encourage the use of X.500 in European countries.

Who can use X.500

Although X.500 is part of the OSI standard definition, OSI access is not necessary to use the directory services. Many X.500 services are available both on the Internet, and by electronic mail. See the section Using X.500 below for details.

How to get to X.500

There are three ways to access the X.500 services: via a local client, via an interactive session (Telnet or X.25 access) to a remote client, or by electronic mail. Each type of access is described below in the Using X.500 section.

In addition, network tools such as WWW and Gopher provide access to X.500 directory services through gateways.

Public access to an X.500 client via Telnet or X.25 is an easy way to start querying the X.500 directory. Public access user interfaces are available at:

Telnet (login)                  Public X.25      Country

jethro.ucc.su.oz.au (fred)                       Australia
sun1.iihe.ac.be (dua)           222100611        Belgium
x500.denet.dk (de)                               Denmark
login.dkuug.dk (ds)                              Denmark
nic.funet.fi (dua)                               Finland
x500.tu-chemnitz.de (x500)                       Germany
ashe.cs.tcd.ie (de)                              Ireland
x500.ieunet.ie (de)             272432590024     Ireland
jolly.nis.garr.it (de or fred)  22225010083212   Italy
zoek.nic.surfnet.nl (no login)                   Netherlands
elc1.mat.torun.edu.pl (de or dish)               Poland
chico.rediris.es (directorio)   2142160234013    Spain
hypatia.umdc.umu.se (de)        240374810306     Sweden
nic.switch.ch (dua)             22847971014540   Switzerland
dir.ulcc.ac.uk (dua)                             UK
paradise.ulcc.ac.uk (dua)       23421920014853   Paradise

To connect to one of these sites, use either Telnet or X.25 and at the login: prompt type the appropriate login name (given above in brackets). Most remote clients use the national language, with the facility of switching into English.

Using X.500

X.500 is used primarily to search for information about people (postal address, telephone number, e-mail address, etc.). The basic fields for searching are a person's name, the name of the person's organization (and department within the organization) and the country.

In the following, angle brackets (<>) indicate an optional parameter; a vertical bar (|) indicates a choice of parameters.

Using a local client

In the X.500 world, a local client is called a Directory User Agent (DUA). Public domain and commercial DUAs are available for numerous platforms ranging from mainframes to personal computers. They range from simple command-line based clients to clients based on sophisticated graphical user interfaces which require a pointing device. For a comprehensive list of DUAs, their description and where to find them, consult the Internet document RFC 1292 / FYI 11 - A Catalog of Available X.500 Implementations.

Using Telnet or X.25

DUAs provided by remote sites may have line-oriented, menu-driven or X Window System based user interfaces; examples of each are given below:

line-oriented: de, dish, fred
menu-driven: sd (formerly known as widget)
X Window System: Xdi, Xlookup (or xlu), pod

The capabilities of these DUAs range from basic search facilities to full X.500 functionality. The X-Windows based DUAs require a local setup.

Novice users are recommended to try de (directory enquiries) since it has a very simple user interface. de was designed as a public access DUA and is accessible from any kind of terminal. It supports the basic X.500 functions: read, search, and list. Users who are new to querying the X.500 directory should use de's Simple query mode.

de: invokes the X.500 interrogation user-interface.
q: exits de.
?<topic>: displays the on-line help on the specified topic, or general help if no topic is specified.
^C: (Ctrl-C) is the interrupt character. It aborts a search in progress or resets the current query specification.
*: (asterisk) will list all entries of the specified field. It is also the wildcard character and can replace any other character in a name. It can appears anywhere in the name, e.g. smit* or *smit* are valid string formats.
-: (dash) resets the default value to a blank string.

When de is invoked, the user is requested to fill in four fields to specify a request. In all fields, the value from the previous request is the default value. Press the RETURN key to accept it, or enter a new value. All searches are case insensitive.

The four fields to be filled in are:

Person's name: Wildcard characters may be used anywhere in the name. All matching names will be listed. Typing only "*" will match all people of the specified department or organization. If this field is blank, the search will be on department or organization only.
Department name: The name (or an acronym) of the department in the organization where the person works. Wildcard characters may be used anywhere in the name. Typing only "*" will match all departments. If no person's name has been entered, details on the department are displayed. If no department name is given, all departments will be searched. This field could be omitted in small organizations.
Organization name: The name (or an acronym) of the organization where the person works. Wildcard characters may be used anywhere in the name. Typing only "*" will match all organizations. If no person's name or department name has been entered, details of the organization are displayed.
Country name: The name of the country where the person works. Typing "*" will list all countries. The country name could be the 2-letter country code (e.g. DK stands for Denmark), the name or a part of it without wildcards (e.g. nether instead of The Netherlands).

If a large number of matching entries are found, they are listed so that the user can select one entry to get further details.

Using electronic mail

The Norwegian networking organization (UNINETT) offers an e-mail interface to X.500. To use it, send a mail message to: Directory@UNINETT.NO with the word find in the Subject: field. The body part contains the search request, one per message. A help file is returned if the message body contains the word help.

The format of the search request is:

find <person-name>  <: org-name  <; country-name>>  |  <;country-name>

If org-name and country-name are omitted, the sender's organization name and country name are used as default values. The mail interface guesses these values from the From: field of your mail, so the results can be surprising if your address ends with .bitnet!

"*" (asterisk) is the wildcard character and can replace any other characters in any name. It can appear anywhere in the name.

The result of the query is sent back in a mail message. The search is case insensitive. Note: To avoid overloading the directory service, users are not allowed to search for a person without selecting an organization.

Examples

Using de, you can search for the Anthropology department of the University College, London, United Kingdom, with the following request:

Person's name, q to quit, * to browse, ? for help
:-
Department name, * to browse, ? for help
:- a*
Organisation name, * to browse, ? for help
:- ucl
Country name, * to browse, ? for help
:- uk

A few entries match the selected department, all are listed for further selection:

United Kingdom
  University College London

Got the following matches.  Please select one from the list
by typing the number corresponding to the entry you want.

United Kingdom
  University College London
      1 A.U.T. Office
      2 Academic Enterprise and Training Unit
      3 Anatomy and Developmental Biology
      4 Anthropology
      5 Audio Visual Centre
Department name, * to browse, ? for help
:- 4
United Kingdom
  University College London
    Anthropology
        Telephone Number      +44 71-387-7050 x2455
        fax                   +44 71 380 7728

If you are looking for Erik Lawaetz from UNI-C in Denmark, you can enter the following request:

Person's name, q to quit, * to browse, ? for help
:- law*
Department name, * to browse,  to search all depts, ? for help
:-
Organisation name, * to browse, ? for help
:- uni-c
Country name, * to browse, ? for help
:- dk

One entry matches the selected criteria, details are displayed:

Denmark
  UNI-C
      Erik Lawaetz
        surname               Lawaetz
        postalAddress         UNI-C
                              DTH
                              Bygning 305
                              DK-2800 Lyngby
        Post Code             DK-2800
        Telephone Number      +45 45 93 83 55
                              +45 42 88 39 99 x2018
        fax                   +45 45 93 02 20
        electronic mail       Erik.Lawaetz@uni-c.dk

If you send mail to Directory@UNINETT.NO with the request:

find geir ped* : *oslo ; no

you'll get the following result:

This message is in response to your request to the directory to
find

                         geir ped* : *oslo ; no

This is  interpreted as a  request to find  a person with  a name
matching  "geir  ped*"  in  an organisation  with  name  matching
"*oslo" in a country with a name matching "no".

There   were   8  organisations   with   a   name  matching   the
organizational  name you  specified.  Within those  organisations
there were 7  persons that had a name matching  the personal name
you specified.  Directory information for the  located persons is
shown below.

Geir Pedersen : Universitetet i Oslo ; Norway

  Alternate        Geir Kenneth Pedersen
  Alternate        Geir K. Pedersen
  E-Mail (RFC)     Geir.Pedersen@usit.uio.no
  E-Mail (X.400)   /G=geir/S=pedersen/OU=usit/O=uio/PRMD=uninett/
                   ADMD= /C=no/
  Postal Address   Postboks 1059 - Blindern
                   0316 Oslo 3
                   NORWAY
  Phone            +47-22-852478
  Phone            +47-22-852470 (front-office)
  Fax-phone        +47-22-852730
  Description      Project leader for UNINETTs X.500 projects
  User ID          geirp
  Favorite Drink   Farris
  Street Address   Gaustadalleen 23
  Home Address     Gaustadveien 17A
                   0372 Oslo 3
                   NORWAY
  See also         Geir Pedersen : UNINETT ; Norway
  Entry updated    Tue Jun 15 11:51:31 1993

There will be six more lists of information in addition to this one.

Learning more about X.500

Several Internet RFC documents deal with X.500:

RFC 1292: A Catalog of Available X.500 Implementations,
RFC 1308: Executive Introduction to Directory Services Using the X.500 Protocol,
RFC 1309: Technical Overview of Directory Services Using the X.500 Protocol.

The official source of information on X.500 is the X.500 recommendation published by the CCITT (Blue Book, Volume VIII - Fascicle VIII.8, Data Communication Networks Directory, Recommendations X.500-X.521, CCITT, 1988, ISBN 92-61-03731-3). This document is also available electronic mail: send the command GET ITU-5233 to itudoc@itu.ch; or via Gopher at gopher.itu.ch. This is not intended for the casual user!