










            The directory user interface IDM

                     Hector Nunez
            Department of Computer Science

               University College London
                    United Kingdom

                     December 1992



1  Introduction

IDM (which stands for Interactive Directory Manager) is
a directory user interface primarily intended to serve
as a public access management interface.  It is a
companion to the PARADISE DE (Directory Enquiries)
interface and is primarily aimed as a simple to use
management tool, although more sophisticated users
should find that it is flexible enough to handle the
majority of their needs.
The interface is to be used as a tool for the remote
management of accounts in the X.500 Directory.
The primary aims of the design are that:

 o  The target audience are European SMEs,
    organisations who would otherwise not consider
    managing their own data in the Directory;

 o  It is a public access service running on one of the
    central PARADISE servers alongside DE;

 o  Users have the possibility to register
    organisations in the Directory and authenticated
    users are able to use IDM to add, modify and delete
    values in the organisational header as well as to
    add, modify and delete entries below the
    organisational level;


                           1







 o  Authenticated users are able to use IDM to add,
    modify and delete values in the organisational unit
    header as well as to add, modify and delete entries
    below the organisational unit level.

Secondary aims are that:

 o  It will be used as a public access service by
    national pilots on a national backbone server;

 o  Anyone is able to modify their own existing entry
    in the Directory;

 o  A properly configured version of IDM can be used by
    local Directory users;

 o  A properly configured version of IDM can be used by
    national pilot managers.

In order to satisfy the different needs of the
different users, a tailor file is used to identify the
preferences of a particular user/installation.
Due to the interactive nature of the tool, it is not
suitable for bulk data entry.  If the user has a very
large number of entries to be entered in the Directory,
there are other tools designed for such task (such as
the DMTOOLS distributed with ISODE version 8.0).
Real end-users (hereafter referred only as users),
should only need to read this introductory section and
Section 2.  Directory managers also need to read
Sections 4 and 5.  National managers who would like to
offer registration facilities for their country, also
need to read Section 3.
Section 2 describes the interface for the user.  Due to
the strong relationship between the tailor file and the
interface there are some notes intended for the
Directory Manager; these are enclosed between square
brackets ([]) and a user may skip them.
Section 3.  describes how to set up IDM for adding
organisations to the Directory.  Section 4 describes
the tailor file in detail, covering each variable
referred to in this document and Section 5 suggests
some possible configurations.


                           2







2  Using IDM

2.1  Starting up

Some terminal protocols do not propagate the screen
size correctly, therefore when this information is not
known to IDM, at start-up time, a message will be
displayed on the screen, to confirm your terminal size.

    Your terminal size is set to 65 lines.
    If that seems OK, press <CR>, otherwise enter
    the correct number (24 is normal)
    Length of screen in lines:

[Directory managers may disable this prompt by setting
the wanAccess variable in the tailor file to off.]

2.1.1  Authenticating the User

IDM, as a management tool, needs to authenticate the
user.  If the tailor file does not specify the user
[(username)] and the password [(password)], the user
must identify him/herself.  To facilitate this, the
system assists the user to navigate the directory tree.
In all the prompts described below, the user is allowed
to enter an asterisk, as a valid wildcard.  The system
will then list the entries from which the user can then
select one.
If the user wishes to quit from IDM while specifying
the user name, typing ``q'' will cause a prompt to
appear to confirm if the user wants to quit from the
service.  ``y'' will take the user out from the
service, and ``n'', will go back to the country prompt.
This option may also be helpful in case a wrong
country, organisation or department has been entered.

2.1.2  Country

The first prompt helps the user to set the country:

    Please enter the country of the organisation you wish to manage
    Country name, * to list countries  : GB
    GB  --  United Kingdom


                           3







Once the user has entered the country (in this case
GB), the system displays the two letter code, as well
as a longer form of the country name.

2.1.3  Organisation

The following prompt asks the user to specify the
organisation:

    Please enter the name of the organisation you wish to manage
    Organisation name, * to list organisations  : UCL
    University College London

In this case UCL matched a single entry, and the name
for the entry is displayed.  If more than one entry
matches the name specified, the entries will be listed
to allow the user to select one.
Entering the organisation name is mandatory, unless the
tailor file allows you to be authenticated directly
beneath the country level [(org_compel:n)].  In this
case, just enter <CR> at the prompt, and IDM will go
to the person's prompt.

2.1.4  Department

When an organisation has departments1, IDM will prompt
the user for the department name.

    Optional Department name, * to list departments  : cs
    Computer Science

Optionally, if the user is found beneath a department,
the user may enter the department name.  If the user
does not belong to a specific department, then just
press <CR>.  If there are no departments beneath the
organisation, the prompt is not displayed, and
continues with the next prompt.
[Directory managers may disable/force the department
prompt by setting the variable dept in the tailor
file.]

----------------------
    1. In X.500 terms, organizational units.


                           4







2.1.5  User Name and Password

IDM will search for the entry ``Directory Manager''.
If it is found, it will prompt for the password.
If the entry for ``Directory Manager''' is not found,
it will display the following message:

    Your name, * to list persons  :  Hector

Fuzzy matching is performed, (unless entering a name
registered directly under the country level).  If more
than one entry matches the criteria, a list is
displayed, otherwise a message like the following is
displayed:

    You have been identified as user: Hector Nunez
                                      Computer Science
                                      University College London
                                      GB

    Please enter your password :

The final step of the authentication process is to
enter the password.  The password will not be displayed
on the screen while the user types it.  Do no enter the
password until IDM requests it, as any previous input
will be discarded.  If the user fails to enter the
correct password, the system will request it again.  If
the user does not enter the correct password in three
consecutive attempts, IDM will exit.


2.2  Position in the Directory

There are three ways the initial position in the
directory can be determined.

 o  The tailor file defines it, [via the posdit
    variable].

 o  The position is derived from the interactive
    authentication of the user.  For example, if the
    user has specified:


                           5







             Hector Nunez
             Computer Science
             University College London
             GB

    The position will be:

         Computer Science
           University College London
             GB

 o  The username is specified in the tailor file, but
    the position is not.  [This is the least common of
    the cases, and is likely to be used only by
    Directory managers who require a different position
    in the directory every time they use IDM. The first
    prompt the Directory Manager will receive is to
    specify the directory position desired.]
    This will be in a similar way to the
    authentication, with the exception of the user's
    name and password.

Once the directory position is determined in any of the
three different ways, a message, like the one shown
below is displayed:

    You are managing the Directory at: Computer Science
                                       University College London
                                       GB

2.3  Initial Menu

Once the user has been authenticated and the position
in the directory has been determined, the initial menu
will be displayed:


    The following options are available
                 1  Maintain organisation entries
                 2  Update organisation header
                 3  Change manager's password
                 4  Help overview
    Enter number or q to quit  [1  Maintain organisation entries]:


                           6







Option Maintain organisation entries is explained in
Section 2.4.

2.3.1  Update Organisation Header

This option allows you to modify the header information
of an organisation or department, depending on your
position in the directory.  For example:

    Computer Science
      1  Telephone number     +44-71-380-7214
      2  Telex number: 28722, country: G, answerback: UCLPHYS
      3  Fax                  +44-71-387-1397

    Enter number of attribute, `new' for new attributes,
    q to quit this entry:

[In this case, the system displays the attributes
defined in the tailor file as of interest in the ouatt
variable.  If the position is at the organisation
level, the attributes orgatt defined in the tailor file
will be used.]
Typing ``1'' will cause, in this case, to modify the
telephone number.

    Telephone number [+44-71-380-7214]:

To delete the telephone number, type ``-''.  To modify
the telephone number, type the new number.  If you have
a new telephone number in addition to the existing one,
type <CR> and the system will prompt you for

    Optional additional Telephone number:


and then enter the new number.
A special attribute is the telex number, which is
composed of three different fields:  the number, the
country and the answerback.  Enter each of the fields
in a separate line.

    telexNumber (number, country and answerback)
    Number [28722 ]:
    Country [ G ]:

                           7







    Answerback [ UCLPHYS]:

2.3.2  Change Password

This option allows the user to change the password.
The user must first enter the old password, at the
prompt:

    Old password, q to quit changing password  :

If the user fails to enter the correct old password, it
will prompt for it again.  If the user fails three
consecutive times, the user will be thrown out of the
service.
Once the old password has been successfully entered,
IDM will prompt for the new password.  Then it will
prompt again for the new password for verification
purposes.  Throughout this operation passwords are not
displayed.  Entering ``q'' at any of the prompts, will
stop this operation.

2.3.3  Help Overview

This option displays a screen describing how to obtain
specific help at each prompt, how to quit, how to
accept default values and the action taken when
Control-C is typed.

2.4  Maintain Organisation Entries

When the user chooses this option IDM displays another
menu.


    The following options are available
         1  List all entries
         2  Read an entry
         3  Add a new entry
         4  Modify an existing entry
         5  Delete an existing entry
         6  View/Change directory position
    Enter number or q to quit  [1  List all entries]:



                           8







2.4.1  List All Entries

This option lists all the persons, roles or rooms found
under the current position of the directory.  It will
pause for every screen-full of text.  Typing ``q'' at
the pager prompt, or <CR> at the end of the listing
will bring back the menu.  Kindly note that this is not
an abbreviated listing (like in DE), but a full listing
of all attributes of interest for each entry.  If the
user is interested in having a smaller set of
attributes for all entries, (s)he may choose the Read
an entry option, and type an asterisk as the entry's
name.

2.4.2  Read an Entry

This option allows the user to select the entry or
entries to be displayed.  It is possible to type
strings with asterisks, like in the example below:

    Enter name of entry, * to list entries,
    q to quit to  previous menu: Bar*
      1  Barbara Segal  +44 71-380-7212        B.Segal@cs.ucl.ac.uk
      2  Joanne Barnett                        J.Barnett@cs.ucl.ac.uk
      3  John Baree     +44 71-387-7050 x3668  J.Baree@cs.ucl.ac.uk
      4  Paul Barker    +44 71-380-7366        P.Barker@cs.ucl.ac.uk
      5  Steven Barrett                        S.Barrett@cs.ucl.ac.uk

If several entries match the name, a brief listing is
displayed.  For more detailed information on a specific
entry from the list displayed, the user can choose the
number of the entry.

    Enter name of entry, * to list entries,
    q to quit to previous menu: 4

          Paul Barker
            Telephone number      +44 71-380-7366
            Electronic mail       P.Barker@cs.ucl.ac.uk
            Favourite drink       Guinness
                                  16 year old lagavulin
            Room number           G21
            Personal title        Mr


                           9







2.4.3  Add an Entry

This option allows the user to add persons, roles or
rooms.  The user is presented with the following menu:

    The following options are available
                 1  Add a person
                 2  Add a role
                 3  Add a room
    Enter number or q to quit to previous menu  [1  Add a person]:

2.4.4  Add a Person

The add a person operation, prompts for the surname of
the person and then for the person's first name.  It
then concatenates the first name and the surname and
tries to find a person with that name.

    Enter q to quit from this option at any time

    Enter surname, q to quit adding a person:  Bloggs
    Enter first name:  Joe
    Checking that entry is not already in... please wait
    Enter full name  [Joe Bloggs]:  Joe Fred Bloggs

It displays the first name and the surname as a default
for the full name.  For example you may wish to enter
here the name including the middle name.
Please note that the name by which the entry will be
stored in the directory is the combination of the first
name and the surname, and that no other entry can have
this unique name.  Also note that the name is a field
which you must enter, but can not change later,
therefore please be specially careful when entering the
name.
Enter then the values for the different attributes.
Special mention should be made of the address, which is
composed of six lines, each up to a maximum length of
thirty characters.  Enter one line at a time and press
<CR> after each line.  For example,


    Enter Postal address: (6 lines)
    line 1:  Department of Computer Science

                          10







    line 2:  University College London
    line 3:  Gower Street
    line 4:  London WC1E 6BT
    line 5:  England
    line 6:

The user doesn't need to enter a value for each
attribute, except, as mentioned above, for the name.
Once the values have been entered, they are displayed
and a prompt to confirm that the values are correct is
displayed,

    NAME OF ENTRY           - Joe Bloggs
    Full name               - Joe Fred Bloggs
    Telephone number        - +44 71 387 7050 ext. 3683
    Fax                     - +44 71 387 1397
    Electronic mail         - J.Bloggs@cs.ucl.ac.uk
    Room number             - G10
    Favourite drink         - Mineral water
    Personal title          - Mr.
    Postal address          - Department of Computer Science
                            - University College London
                            - Gower Street
                            - London WC1E 6BT
                            - England


Typing ``y'' at the confirmation prompt, will add the
entry.  Typing ``n'' will display one attribute at a
time, with the previous value entered (if any) as a
default.

2.4.5  Add a Role

The system prompts for the role name, and checks
whether a similar name already exists.
If the ``role occupant'' attribute is defined as of
interest in the tailor
file [(rlatt:roleOccupant)], then it will prompt for a
role occupant.  This is a special attribute, which
requires that the entry for the role occupant to be
already in the directory.  For example,



                          11







    Enter role name, q to quit adding a role: Paradise Project Manager
    Checking that entry is not already in... please wait
    Enter Telephone number: +44 71 387 7050 ext. 3695
    Enter Fax: +44 71 387 1397
    Enter Description:
                                       Computer Science
                                       University College London
                                       GB

    Is the Role occupant in the department listed above (y/n) [y]
    Enter Role occupant :  Goodman

    NAME OF ENTRY           - Paradise Project Manager
    Telephone number        - +44 71 387 7050 ext. 3695
    Fax                     - +44 71 387 1397
    Description             -
    Role occupant           - David Goodman
                              Computer Science
                              University College London
                              GB

In the example above, the entry for David Goodman
already existed in the directory.  Typing Goodman as
the role occupant resulted in a successful search of
the entry David Goodman.  Had the search failed to find
a matching entry, the user would had been notified, and
if more than one entry had been found, the list of
matching entries would be displayed to allow the user
to select the correct one, as in:

    Enter Role occupant :  Goo*
    Gotftherfollowingoapproximatemmatches.thPleaseeselectloneist by typing the number corresponding to the

    entry you want.
      12DavidSGoodmanuran G+44o81o450n3399atilake D.Goodman@cs.ucl.ac.uk+44 71-387-7050 x3719  S.Goonatilake@cs.ucl.ac.uk


As can be seen in the example above, there is another
prompt before the actual name of the role occupant is
entered, to confirm the position.

                                 Computer Science
                                 University College London


                          12







                                 GB

    Is the Role occupant in position above (y/n) [y]

Typing a ``n'' in this case would allow the user to
specify a new country, organisation and department for
the role occupant.  [Setting the value of change_posdn
to ``n'' would prevent this prompt te be displayed.
This variable must then be set to ``n'' for users who
only refer to entries within their organisation, and to
``y'' for organisations with positions filled with
persons located in any other position in the directory.
Specifying another position for these attributes does
not affect the user's position in the directory.]

2.4.6  Add a Room

Adding a room follows similar steps as the ``Add a
person'' and ``Add a role'' option.
[The attributes defined in the tailor file with the
variable rmatt are the ones used for rooms.]

2.4.7  Modify an Existing Entry

This option allows the user to change an existing
value, delete an existing value or add a new value to
an entry.  IDM does not allow you to change the name of
an entry.
The user must select first the entry to be modified.

    Enter name of entry to modify,
    q to quit to previous menu: Linda

          Linda Millington
            1  Telephone number   +44-71-405-8400 x 432
            2  Fax                +44 71 242 1845
            3  Electronic mail    L.Millington@noc.ulcc.ac.uk
            4  Favourite drink    Strong black coffee
                                  Red wine
                                  Blackcurrant tea
            5  Room number        LG08

When a single entry has been found, the existing values


                          13







are displayed, with a number at their left for quick
identification.  To modify one of the attributes
displayed, the user must enter the number associated
with it.  The attribute will be displayed with its
existing value as a default.
If the user types ``new'', IDM offers a list of
additional attributes,
To enter an alternative value for an attribute2, select
the attribute, type <CR> to leave the current value
intact, and at the prompt for an optional alternative
value, enter the new value.  For example:

    Electronic mail [L.Millington@noc.ulcc.ac.uk]:
    Optional alternative Electronic mail:  linda@uk.ac.ulcc.paradise

2.4.8  Delete an Existing Entry

This option will permanently delete an entry from the
directory.
First enter the name of the entry to delete.  When a
single entry has been found, the information on the
entry is displayed and a confirmation to delete the
entry requested.  For example,

    Enter name of entry to delete,
    q to quit to previous menu: Stewart Ferguson

          Stewart Ferguson
            Telephone number      +44 71-380-7289
                                  +44 71-380-7280
            Electronic mail       S.Ferguson@cs.ucl.ac.uk
            Room number           G09
            Personal title        Mr

    Are you sure you want to delete this entry  (y/n) [n]

Type ``y'' to delete the entry, or ``n'' to leave the
entry untouched.

----------------------
    2. multi-valued attribute in X.500 terms




                          14







2.4.9  View/Change Directory Position

This option is not available in all configurations.
[It is available if the tailor file has the variable
change_posdit set to ``y'', or if the organisation
where the user is registered has departments.]
When the user selects this option, the current
directory position is displayed, and the user is
prompted to select whether to change the position or
not, for example,

    You are managing the Directory at: Computer Science
                                       University College London
                                       GB


The user may then choose to change the position, and
will be prompted for the country, organisation and
department.  Typing ``q'' at the country or
organisation prompt results in the user remaining in
the same position as before.  [This behaviour is
affected by the dept and org_compel variables.]

2.5  Miscellaneous

2.5.1  Control-C and Control-D Handling

If the user types Control-C, IDM will go back to the
initial menu.  If Control-C is typed at the initial
menu, IDM will terminate3.
The same behaviour is followed when Control-D is typed.
This is to terminate the session, if the communication
line is broken.

2.5.2  Help

Independently of the help option in the initial menu,
help is available at each prompt by typing a ``?''
sign.  [There exists a file for each prompt/attribute.

----------------------
    3. The only exception to this is when the user is
expected to type the password.


                          15







Directory managers who may wish to include attributes
for which no help file exist, may add their own help
files in the ISODE directory ETCDIR/dm/etc.  Help files
in this directory start with dm followed by the name of
the attribute, for example, dmfavouriteDrink for the
favouriteDrink attribute.]

2.5.3  Quit

At all prompts (except the ``y/n'' ones), the user may
enter a ``q'' to quit the current operation.  As
mentioned above, during the authentication operation,
typing ``q'' will ask the user to confirm quitting from
the service.  Typing ``q'' at the initial menu, will
terminate the session.

2.5.4  Defaults

Prompts for user input may display some values between
square brackets ([]), these are called default values.
To accept this value simply type <CR>.
In the add and modify options, the previous value (if
any) is shown as default, to delete it, press ``-''.

3  Adding Organisations (Public Access)

This section describes how IDM can be tailored to add
new organisations in the Directory for IDM
installations for public access.  Please note that this
section is not intended for the novice user, but for
Directory managers providing a(n) (inter)national
service.  Please also note that due to the security
required (not defined in the X.500 1988 standard), this
part of the software is likely to work only in QUIPU
specific implementations.  Once the X.500 1992 standard
is implemented in the majority of the DSAs, IDM must be
changed to conform with the standard.
PARADISE offers a service by which a new organisation
can join the directory through the public access
interface.  The information is stored in a special
position in the directory, and then transferred to the
corresponding country manager.  National pilots wishing
to provide a similar service may do so with IDM.


                          16







The configuration variables are described in Section 4,
but the following paragraphs try to describe how this
facility operates.
In order to allow the user to add organisations, set
the variable addorg to ``y''.
Being a public access service, the variables username
and password must not be set.  A couple of new
variables need to be defined, init_user and init_pswd,
with the purpose of binding initially to the directory.
They must define a valid username and password
combination with write access to the position in the
directory where these organisations are to be entered.
The position in the directory where new organisations
are added must be specified with the variable
addorg_posdit.  This position should be different from
say the country level, because anyone can access this
service, therefore it is not possible to be certain
that the information provided by the user of the
service is valid.
There is finally another variable which must be
specified in the tailor file:  masterDSA. This is the
name of the DSA which will master the entries for the
organisation.
After entering the country, the user will enter the
organisation name, if it is not found, IDM will search
under the position specified by the variable
addorg_posdit, for the country specified, and under the
country, for the organisation, to ensure that the
organisation has not been recently added.
The country entries under addorg_posdit must be entered
manually by some other means (DISH?).  This is with the
intention of providing the national manager full
control over the organisations registering.  If the
country is not found, IDM simply notifies the user that
it is unable to add organisations in that country.
Once the organisation has been added, IDM prompts for
the password and adds the entry Directory manager, with
the password which has just been entered.  The
definition of the new organisation contains an acl, and
an inherited acl, which grants the Directory manager
access rights to the organisation, and the entries
beneath it.
If the user connects again to the service, and the
organisation is found in the addorg_posdit portion of

                          17







the tree, (s)he will be prompted for the password of
the Directory manager entry, even if the search_mgr
variable of the configuration file is set to ``n''.
The only slight difference the user perceives when the
new organisation has been added to this special area,
is that the default option for the
Maintain organisation entries menu is set to

    3  Add a new entry

instead of the usual

    1  List all entries

The following restrictions apply for organisations
stored in this special area:

 o  The option View/Change Directory position is
    disabled.

 o  Attributes whose values are distinguished names
    (DN), such as
    roleOccupant, can only point to entries which are
    in the same organisation.  This is irrespective of
    the value of the variable change_posdn.
    Furthermore, when the entry is added or displayed,
    the full position in the tree is not revealed, and
    only the last part of the DN printed.

 o  The search for the Directory Manager will be
    performed, even if the search_mgr variable is set
    to ``n''.

These restrictions have the intention of hiding from
the user the position where the entries are stored.


4  Tailor File

It is of utmost importance to get the tailor file
properly configured to get the desired behaviour out of
IDM. In general IDM follows the same line as DE, but a
number of other options and differences exist.
The most important difference, is that a user may have

                          18







in his/her HOME directory, a tailor file, thus, IDM can
be tailored according to individual needs/preferences.
The name of the tailor file in the HOME directory must
be .dmtailor.
If no .dmtailor file exists in the HOME directory, IDM
will attempt to read the file dmtailor in the ISODE
directory ETCDIR/dm/.
Please note the initial dot (``.'') for the file in the
HOME directory, whereas the one in the ISODE ETCDIR/dm/
directory does not have a dot.
If none of the tailor files are found, IDM terminates
Inside the tailor file, lines starting with a ``#'' are
treated as comments.

4.1  DSA to Contact and Access Mode

dsa_address: Specifies the address for the DSA.

        dsa_address:Internet=128.86.8.55+17003_IXI=20433450400255

wanAccess: This enables the feature where a user is
    asked to confirm that the size of their terminal is
    really greater than 24 lines.  This helps with
    telnet access, where the screen size may not be
    propagated correctly.

        wanAccess:on


4.2  Username, Password and Position

If the user wants to have a private tailor file, it is
convenient to define these variables, to skip the
interactive authentication dialogue.

username: Specifies the distinguished name of the user.

        username:@c=BE@o=SYSTEC@cn=Christopher Duxbury

password: Specifies the user's password.

        password:secret



                          19







posdit: Specifies the position in the directory.  It is
    convenient to define this variable, specially if
    you define the username, otherwise, at start-up
    time, you will be asked to specify it.  Do not
    specify it, only if you really want to switch from
    one position to another between one session to
    another.

        posdit:@c=GB@o=Zydeco Goodtimes Ltd

4.3  Behaviour

There are several variables which allow you to obtain
different behaviour from IDM.

change_posdit: This variable allows you to define
    whether you allow users to move from one position
    in the directory to another.  If users have limited
    knowledge about the directory, it is advisable to
    set this variable to ``n''.  More advanced users
    may want to set this to ``y''.  IDM sets it to
    ``y'' if the organisation has departments.  A value
    of ``n'' suppresses the
    View/Change directory position option in the
    Maintain organisation entries menu.

        change_posdit:y

change_posdn: This variable allows the user to specify
    values for attributes which are distinguished
    names, to refer to other portions of the directory.
    This is relevant for attributes such as
    roleOccupant or secretary.  If this is set to
    ``n'', it expects to find the entries in the
    current position of the directory.


        change_posdn:n

org_compel: When this variable is set to ``n'' the user
    is not forced to enter an organisation, at the
    authentication stage, when specifying a
    distinguished name value and in the
    Change Directory Position option.  When a person is

                          20







    specified beneath the country level, the user must
    enter an exact match.

        org_compel:n

dept: Once the user identifies an organisation, the
    default behaviour for IDM is to search for
    departments beneath it.  If departments are not
    found, it continues with the next prompt.  If
    departments are found, IDM prompts the user for the
    department name.
    It is possible to change this behaviour.  If dept
    is set to ``n'', IDM will not search for
    departments, nor will be the user be prompted for
    the department name.  If dept is set to ``y'', IDM
    will prompt for the department name, without
    checking first whether the organisation has
    departments or not.  This variable takes effect at
    time of authentication, when the user changes
    directory position, and when the user enters a
    value for an attribute which is a distinguished
    name.

        dept:n

search_mgr: By default, IDM searches for the entry
    ``Directory Manager'' before asking for the name of
    the user.  This is meant for directory managers in
    small-to-medium enterprises.  To suppress searching
    for this entry, set this variable to ``n''.


        search_mgr:n

addorg: Set this variable to ``y'' to allow users to
    add organisations in the directory.  When the
    organisation entered by the user is not found, it
    allows the user to add the organisation to the
    directory.  The variables associated with this
    facility are described below.





                          21







4.4  Adding Organisations (Public Access)

Please note that the values defined for the variables
search_mgr, change_posdn and change_posdit are
overridden when dealing with new organisations.

addorg: Set to ``y'' as described above.

        addorg:y

init_user: This variable defines the username with
    which IDM will bind to the directory, to add
    organisations.  This username must have write
    access to the position in the directory where the
    new organisations are to be added.

        init_user:@c=GB@o=University College@cn=Directory Manager


init_pswd: This variable defines the password for the
    username specified in the init_user variable.

        init_pswd:yourpswd

addorg_posdit: This variable defines the position in
    the directory where new organisations are to be
    added.  In this position add the country or
    countries for which you accept to register
    organisations.  Adding these countries is a manual
    process, to allow the provider of this service to
    exert full control.  If a user tries to add an
    organisation to a country which is not listed under
    this position, IDM will inform the user, that it is
    not possible to add organisations for that
    particular country.

masterDSA: This variable defines the DSA which will be
    the master for all the entries beneath the
    organisation.

        masterDSA:cn=Red Squirrel




                          22







4.5  Default Country, Organisation and Department

default_country: This variable sets a default country,
    for prompts relating to the country.  If a new
    value is entered, at run time, this will become the
    new default value.

        default_country:GB

default_org: This variable sets a default organisation,
    for prompts relating to an organisation.  If a new
    value is entered, at run time, this will become the
    new default value.

        default_org:University College London

default_dept: This variable sets a default department,
    for prompts relation to a department.  If a new
    value is entered, at run time, this will become the
    new default value.


4.6  Attribute Tailoring

The following configuration options concern the
attributes that will be managed by IDM.

commonatt: These attributes are displayed whatever type
    of object is being managed, be it an organisation,
    a department, a person, a role or a room.  The
    current version of IDM requires objectClass to be
    included in the list of commonatt attributes.

        commonatt:objectClass
             commonatt:telephoneNumber

orgatt: These attributes are managed if an entry for an
    organisation is updated.

        orgatt:telexNumber


ouatt: These attributes are managed if an entry for a
    department is updated.

                          23







        ouatt:facsimileTelephoneNumber

prratt: These attributes are managed if an entry for a
    person is updated.  Please note that this variable
    has the same name as in DE, but in the case of IDM,
    it does not affect roles or rooms.

        prratt:favouriteDrink

prrOC: If there are attributes for persons, which
    require a special object class, they can be
    specified here.  If more than one object class is
    required, separate them with ampersands (``"&'').
    At present the following object classes are added
    to all persons:  person, quipuObject,
    newPilotPerson and organizationalPerson.  If the
    tailor file defines the mhsORAddresses, and a value
    entered for the entry, then mhsUser is also
    included.  This variable is only taken into account
    when a new entry is added.

rlatt: These attributes are managed if an entry for a
    role is updated.

        rlatt:roleOccupant

rlOC: If the roles to be added, require object classes,
    other than quipuobject, organizationalRole and
    optionally mhsUser, enter the name of the object
    classes here.  (Refer to prrOC above).

rmatt: These attributes are managed if an entry for a
    room is updated.


        rmatt:roomNumber

rmOC: Similar to prrOC and rlOC but for rooms.  The
    object classes defined for a room are quipuobject,
    room and optionally mhsUser.  (Refer to prrOC
    above).

mapattname: This allow for a user friendly attribute
    name to be displayed to the user.

                          24







        mapattname:facsimileTelephoneNumber fax

mapphone: This allows for the mapping of international
    format phone numbers into a local format.  It is
    thus possible to display local phone numbers as
    extension numbers only and phone numbers in the
    same country correctly prefixed and without the
    country code.

        mapphone:+44 71 380-:
        mapphone:+44 71 380-7050 x:
        mapphone:+44 0

greybook: In the UK, big-endian domains are used in
    mail names.  By setting this variable on, it is
    possible to display e-mail addresses in this order
    rather than the default little-endian order.

        greybook:on


country: This allows for the mapping of the 2 letter
    ISO country codes (such as AU and FR) onto locally
    meaningful strings such as, Great Britain and
    France.

        country:AU Australia
        country:FR France

4.7  Miscellaneous

inverseVideo: Set this variable to off.  This variable
    is originally defined for DE usage.

        inverseVideo:off

remoteAlarmTime: A remote search is one where the
    country and organisation name searched for, ar not
    the same as the defaults.  If the search has not
    completed within a configurable number of seconds,
    a message is displayed warning the user that all
    may not be well.  The search continues until it
    returns or is interrupted by the user.  It is


                          25







    advisable to set this timer to a higher limit than
    DE.

        remoteAlarmTime:45

localAlarmTime: As for remoteAlarmTime, except for
    local entries.

        localAlarmTime:30

wanAccess: This enables the feature where a user is
    asked to confirm that the size of their terminal is
    really greater than 24 lines.  This helps with
    telnet access if the screen size is not propagated.


        wanAccess:on

5  Example Tailor Files

5.1  A Full Example of a Tailor File

This tailor file is similar to the public access
service operated by PARADISE.


dsa_address:TELEX+00728722+RFC-1006+03+128.86.8.56+17003
change_posdit:y
change_posdn:y
yes:y
no:n
wanAccess:on
org_compel:
remoteAlarmTime:45
localAlarmTime:30
inverseVideo:off
commonatt:telephoneNumber
commonatt:objectClass
commonatt:facsimileTelephoneNumber
addorg:y
init_user:@c=GB@o=University College London@cn=Directory Manager
init_pswd:password
search_mgr:n
addorg_posdit:@c=hidden@o=Paradise@ou=New organisations

                          26







masterDSA:cn=Ocellated Turkey
orgatt:description
orgatt:telexNumber
orgatt:postalAddress
orgatt:businessCategory
ouatt:telexNumber
ouatt:postalAddress
ouatt:description
prratt:rfc822Mailbox
prratt:mhsORAddresses
prratt:roomNumber
prratt:favouriteDrink
prratt:personalTitle
rlatt:telephoneNumber
rlatt:roleOccupant
rmatt:roomNumber

rmatt:telephoneNumber
rmatt:description
mapattname:facsimileTelephoneNumber Fax
mapattname:rfc822Mailbox Electronic mail
mapattname:businessCategory Business category
mapattname:mhsORAddresses X.400 address
mapattname:telephoneNumber Telephone number
mapattname:personalTitle Personal title
mapattname:favouriteDrink Favourite drink
mapattname:roomNumber Room number
mapattname:postalAddress Postal address
mapattname:description Description

country:AU Australia
country:AT Austria
country:BE Belgium
country:BR Brazil
country:CA Canada
country:CH Switzerland
country:DE Germany
country:DK Denmark
country:ES Spain
country:FI Finland
country:FR France
country:GB United Kingdom
country:GR Greece
country:IE Ireland

                          27







country:IS Iceland
country:IN India
country:IL Israel
country:IT Italy
country:NL The Netherlands
country:NO Norway
country:NZ New Zealand
country:PL Poland
country:PT Portugal
country:SE Sweden
country:US United States

What exactly is needed in the tailor file is very much
dependent on particular needs.  Below, there are some
examples, on a small set of variables in the tailor
file, on how they can be configured, according to some
more particular needs.

5.2  An Individual User, in an Organisation without
     Departments

username:@c=GB@o=Zydeco1Goodtimes Ltd@cn=Peter Williams

password:secret  2

posdit:@c=GB@o=Zydeco Goodtimes Ltd  3
dept:n  4
change_posdit:n  5
change_posdn:n  6

1.  Specify the username to avoid the prompts for
    country, organisation and name every time you use
    the service.

2.  Specify the directory password for the username
    specified above.  The combination of 1 and 2 will
    provide completely transparent authentication.

3.  Specify the position in the directory.  It is
    usually the same as the username, except for the
    name of the person.




                          28







4.  If the organisation has no departments, set it to
    ``n''.

5.  There is no use in changing to another position in
    the directory.

6.  Set it to ``n'', unless you are working for an
    international organisation.

5.3  A Common Tailor File in an Organisation with
     Departments

default_country:GB  1

default_org:University College London  2
default_dept:Computer Science  3
dept:y  4
change_posdn:y  5
search_mgr:n  6

wanAccess:on  7
This tailor file would suit a department.  Many persons
would be using this tailor file, therefore, no specific
username can be specified, but each one will have to
enter his/her name and password.

1.  This value will be shown as the default at the
    country prompt.  Together with the next two
    variables, it will help users to enter only a <CR>
    at the corresponding prompts.

2.  This value will be shown as the default
    organisation name.

3.  This value will be the default department name.

4.  It is known there are departments in this
    organisation.

5.  Set this variable to ``y'' only if you want users
    to be able to enter specify entries from say, other
    departments, as secretary or roleOccupant.



                          29







6.  Do not search for the Directory Manager entry, as
    this tailor file is meant for all users in the
    organisation.

7.  If the users will access the service remotely
    through telnet, set this variable to on, otherwise
    to off.

5.4  A DSA Manager

If the user is in charge of maintaining the directory
at the DSA level, it is convenient to define the
following variables:
username:@c=GB@o=Zydeco Goodtimes Ltd@cn=Directory
Manager
password:secret
posdit:@c=GB@o=Zydeco Goodtimes Ltd  1
org_compel:n  2

prrOC:  3
rlOC:
rmOC:
change_posdit:y  4
change_posdn:y  5
Apart from having the username and password variables
defined,

1.  Define the posdit variable if you have a position
    in the directory which is used most of the times.
    If the position in the directory changes every time
    you use the service, don't define it, but in this
    latter case, it may be convenient to define the
    variables default_country, default_org and
    default_dept.

2.  Set this variable to ``n'' if your entry is located
    directly beneath the country level (such as
    @c=XX@cn=Directory Manager).  Otherwise, if you
    don't have the username variable defined, IDM would
    force you to enter an organisation name.

3.  If you have attributes which require object classes
    not defined by IDM (as described in prrOC, rlOC and


                          30







    rmOC), you may use these variable to define them.
    The object classes defined here take effect only
    when entries are added, and will not be included
    during a modify operation.

4.  It is almost certain you will need to move to a
    different position in the directory.

5.  You may need to specify values for attributes like
    roleOccupants which are in a different part of the
    tree.


































                          31
