Recommendation H.350.1 Directory Services Architecture for H.323
Summary
This Recommendation describes an LDAP schema to represent H.323 endpoints. It is an auxiliary class related to H.350 and derives much of its functionality from that architecture. Implementers should review H.350 in detail before proceeding with this Recommendation. Its attributes include all H.323 Alias types. These aliases can be downloaded to an endpoint for automatic configuration, accessed by a gatekeeper for call signalling and authorization, and published to white pages to create user dialling directories.
The scope of this Recommendation does not include normative methods for the use of the LDAP directory itself or the data it contains. The purpose of the schema is not to represent all possible data elements in the H.323 protocol, but rather to represent the minimal set required to accomplish the design goals enumerated in H.350.
Keywords
LDAP, Directory Services, H.323, H.320, H.235, SIP
Table of Contents
1.1........ Extending the Schema
2.1........ Normative References
2.2........ Non-Normative References
6.2........ h323IdentityGKDomain
6.3........ h323Identityh323-ID
6.4........ h323IdentitydialedDigits
6.5........ h323Identityemail-ID
6.6........ h323IdentityURL-ID
6.7........ h323IdentitytransportID
6.8........ h323IdentitypartyNumber
6.9........ h323IdentitymobileUIM
6.10...... h323IdentityEndpointType
6.11...... h323IdentityServiceLevel
Full text only in electronic version
1 Scope
This Recommendation describes an LDAP schema to represent H.323 endpoints. It is an auxiliary class related to H.350 and derives much of its functionality from that architecture. Implementers should review H.350 in detail before proceeding with this Recommendation. Its attributes include all H.323 Alias types. These aliases can be downloaded to an endpoint for automatic configuration, accessed by a gatekeeper for call signalling and authorization, and published to white pages to create user dialling directories.
The scope of this Recommendation does not include normative methods for the use of the LDAP directory itself or the data it contains. The purpose of the schema is not to represent all possible data elements in the H.323 protocol, but rather to represent the minimal set required to accomplish the design goals enumerated in H.350.
1.1 Extending the Schema
The h323Identity classes may be extended as necessary for specific implementations. See the base H.350 document for a discussion on schema extension.
2 References
The following ITU-T Recommendations and other references contain provisions, which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published.
2.1 Normative References
The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation
- ITU-T Recommendation H.350 (2003), Directory Services Architecture for Multimedia Conferencing.
- ITU-T Recommendation H.323 (2000), Packet-based multimedia communications systems.
- ITU-T Recommendation H.225.0 (2000), Call signalling protocols and media stream packetization for packet-based multimedia communications systems.
- IETF RFC 3377 (2002), Lightweight Directory Access Protocol (v3): Technical Specification.
2.2 Non-Normative References
- Timothy A. Howes, PhD, Mark C. Smith, Gordon S. Good, New Riders Publishing (1999),ISBN: 1578700701, Understanding And Deploying LDAP Directory Services.
- Timothy A. Howes, PhD, Mark C. Smith, New Riders Publishing (1997), ISBN: 1578700000, LDAP Programming Directory-Enabled Applications with Lightweight Directory Access Protocol.
3 Definitions
The following terms used throughout the document:
call server: a protocol-specific signalling engine that routes video or voice calls on the network. In H.323 this entity is a gatekeeper. In SIP, this entity is a SIP Proxy Server. Note that not all signalling protocols use a call server.
commObject: An LDAP object class defined in ITU-T H.350 that represents generic multimedia conferencing endpoints.
endpoint: a logical device that provides video and/or voice media encoding/decoding, and signalling functions. Examples include:
1. a group teleconferencing appliance that is located in a conference room
2. an IP telephone.
3. a software program that takes video and voice from a camera and microphone and encodes it and applies signalling using a host computer.
Note that from the perspective of most signalling protocols, gateways and MCUs are special cases of endpoints.
enterprise directory: A canonical collection of information about users in an organization. Typically this information is collected from a variety of organizational units to create a whole. For example, Human Resources may provide name and address, Telecommunications may provide the telephone number, Information Technology may provide the email address, etc. For the purposes of this architecture, it is assumed that an enterprise directory is accessible via LDAP.
gateway: A device that translates from one protocol to another. Often gateways translate between the IP network and the public switched voice network to allow integration of the two.
MCU: Multipoint Control Unit. A device capable of mixing audio/video from multiple endpoints to create a virtual meeting space.
Resource: A non-human entity to which an endpoint is associated. For example, and endpoint may be associated with a conference room, classroom, office, or other physical or virtual location.
White Pages: An application that allows end users to look up the address of another user.
4 Abbreviations
LDAP: Lightweight Directory Access Protocol as defined in RFC 1777.
5 Conventions
In this Recommendation, the following conventions are used:
"Shall" indicates a mandatory requirement.
"Should" indicates a suggested but optional course of action.
"May" indicates an optional course of action rather than a recommendation that something take place.
References to clauses, sub clauses, annexes and appendices refer to those items within this Recommendation unless another specification is explicitly listed.
6 Object Class Definitions
The h323Identity object class represents H.323 endpoints. It is an auxiliary class and is derived from the commObject class defined in H.350. Note that the following seven alias types are defined in H.323 as dialling methods. Each of these alias types are represented below with corresponding h323Identity definitions. Keep in mind that these are separate fields from other endpoint information in the enterprise directory. For example, email-ID is a separate field than a user’s email address as represented in the enterprise directory. For implementation purposes an administrator may set these values equal by direct entry or by referral.
* h323-ID
* dialedDigits
* email-ID
* URL-ID
* transportID
* partyNumber
* mobileUIM
6.1 h323Identity
OID: 0.0.8.350.1.1.3.2.1
objectclasses: (0.0.8.350.1.1.3.2.1
NAME 'h323Identity'
DESC 'h323Identity object'
SUP top AUXILIARY
MAY ( h323IdentityGKDomain $ h323Identityh323-ID $
h323IdentitydialedDigits $ h323Identityemail-ID $
h323IdentityURL-ID $ h323IdentitytransportID $
h323IdentitypartyNumber $ h323IdentitymobileUIM $
h323IdentityEndpointType $ h323IdentityServiceLevel )
)
6.2 h323IdentityGKDomain
OID: 0.0.8.350.1.1.3.1.1
attributetypes: (0.0.8.350.1.1.3.1.1
NAME 'h323IdentityGKDomain'
DESC 'FQDN of the Gatekeeper'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
Application utility class
standard
Number of values
multi
Definition
Specifies the FQDN name or IP address of the gatekeeper to which the endpoint should register.
Permissible values (if controlled)
Notes
In the case where endpoint gatekeeper location is configured via H323 URL, please note that this attribute will not hold an H.323 URL with a scheme name but will hold a valid DNS domain name. If an endpoint is provisioned for its Gatekeeper location with just a valid DNS domain name it is assumed that this DNS domain name is the value of the hostport of the H.323 URL. H.323 Annex O section O.8.2 describes this special case. In particular, the endpoint will attempt to retrieve from the specified domain name value an SRV record indicating the gatekeeper(s) address. If the SRV lookup fails, then the endpoint will attempt to retrieve an A record. H.323 Annex O describes the flow of the lookup process in section O.9.
Semantics
Example applications for which this attribute would be useful
A web page that displays a user’s proper endpoint configuration information.
Example (LDIF fragment)
h323IdentityGKDomain: gk.radvision.com // FQDN example
h323IdentityGKDomain: 1.1.1.1 // IP address example
6.3 h323Identityh323-ID
OID: 0.0.8.350.1.1.3.1.2
attributetypes: (0.0.8.350.1.1.3.1.2
NAME 'h323Identityh323-ID'
DESC 'specifies the endpoint address alias as specified in H.323'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
Application utility class
Standard
Number of values
multi
Definition
The endpoint’s h323-ID alias as defined in ITU-T H.225. This is one of the dialling attributes defined by H.323.
Permissible values (if controlled)
Notes
This field is often incorrectly referred to as ‘alias’ or ‘user name’ in many endpoints on the market.
Semantics
Example applications for which this attribute would be useful
white pages, directory of directories, a web page that displays a user’s correct configuration information.
Example (LDIF fragment)
h323Identityh323-ID: johnsmith
h323Identityh323-ID: conferenceroom201
6.4 h323IdentitydialedDigits
OID: 0.0.8.350.1.1.3.1.3
attributetypes: (0.0.8.350.1.1.3.1.3
NAME 'h323IdentitydialedDigits'
DESC 'Specifies the endpoint dialled digits as specified in H.323'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
Application utility class
Standard
Number of values
multi
Definition
The endpoint’s H.323 dialedDigits alias as defined in ITU-T H.225. This is one of the dialling attributes defined by H.323.
Permissible values (if controlled)
Notes
This field is often incorrectly referred to as ‘extension’, ‘E164’ or ‘user number’ in many endpoints on the market.
Semantics
Example applications for which this attribute would be useful
white pages, directory of directories, a web page that displays a user’s correct configuration information.
Example (LDIF fragment)
h323IdentitydialedDigits: 2266126
6.5 h323Identityemail-ID
OID: 0.0.8.350.1.1.3.1.4
attributetypes: (0.0.8.350.1.1.3.1.4
NAME 'h323Identityemail-ID'
DESC 'Specifies an H.323 entity that can be reached using H.323'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
Application utility class
Standard
Number of values
multi
Definition
The endpoint’s H.323 email-ID alias as defined in ITU-T H.225. This is one of the dialling attributes defined by H.323.
Permissible values (if controlled)
Notes
In some implementations it may be possible to have this field refer to the commOwner’s email address in the enterprise directory.
Semantics
Example applications for which this attribute would be useful
white pages, directory of directories, a web page that displays a user’s correct configuration information.
Example (LDIF fragment)
h323Identityemail-ID: user@host
6.6 h323IdentityURL-ID
OID: 0.0.8.350.1.1.3.1.5
attributetypes: (0.0.8.350.1.1.3.1.5
NAME 'h323IdentityURL-ID'
DESC 'H.323 specs'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Application utility class
Standard
Number of values
multi
Definition
The endpoint’s H.323 URL-ID alias as defined in ITU-T H.323 version 4. This is one of the dialling attributes defined by H.323.
Permissible values (if controlled)
Notes
The H.323 URL has the general form of user@hostport where either both of the parts (i.e. user and host) or only one of the parts (i.e. user alone or @host alone) is present. The user part corresponds to an H.323 user or service name. The host part is a legal numeric IP address or a fully qualified domain name, thus providing means for address resolution using the DNS infrastructure. Examples include h323:9198437008, h323:dumbledore@gatekeeper.hsww.edu, h323:dumbledore@152.2.2.203, etc. Note that this dialling mechanism is expected to become the preferred addressing scheme for H.323.
Semantics
Example applications for which this attribute would be useful
white pages, directory of directories, a web page that displays a user’s correct configuration information.
Example (LDIF fragment)
h323IdentityURL-ID: h323:dumbledore@gatekeeper.hsww.edu
6.7 h323IdentitytransportID
OID: 0.0.8.350.1.1.3.1.6
attributetypes: (0.0.8.350.1.1.3.1.6
NAME 'h323IdentitytransportID'
DESC 'specifies endpoint transport Id as defined in H.323'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
Application utility class
Standard
Number of values
multi
Definition
The endpoint’s H.323 transport ID as defined in ITU-T H.225. This is one of the dialling attributes defined by H.323.
Permissible values (if controlled)
Notes
Semantics
Example applications for which this attribute would be useful
Example (LDIF fragment)
h323IdentitytransportID: 161.58.151.216
6.8 h323IdentitypartyNumber
OID: 0.0.8.350.1.1.3.1.7
attributetypes: (0.0.8.350.1.1.3.1.7
NAME 'h323IdentitypartyNumber'
DESC 'endpoint party Number as defined in H.323'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
Application utility class
Standard
Number of values
multi
Definition
The endpoint’s H.323 partyNumber alias as defined in ITU-T H.225. This is one of the dialling attributes defined by H.323.
Permissible values (if controlled)
Notes
Semantics
Example applications for which this attribute would be useful
Example (LDIF fragment)
h323IdentitypartyNumber: 2266126
6.9 h323IdentitymobileUIM
OID: 0.0.8.350.1.1.3.1.8
attributetypes: (0.0.8.350.1.1.3.1.8
NAME 'h323IdentitymobileUIM'
DESC 'endpoint mobile UIM as defined in H.323 document'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
Application utility class
Standard
Number of values
multi
Definition
The endpoint’s H.323 mobileUIM alias as defined in ITU-T H.225. This is one of the dialling attributes defined by H.323.
Permissible values (if controlled)
Notes
Semantics
Example applications for which this attribute would be useful
Example (LDIF fragment)
h323IdentitymobileUIM: EXAMPLE
6.10 h323IdentityEndpointType
OID: 0.0.8.350.1.1.3.1.9
attributetypes: (0.0.8.350.1.1.3.1.9
NAME 'h323IdentityEndpointType'
DESC 'The endpoint H.323 type as defined in ITU-T H.323v4.'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Application utility class
Standard
Number of values
multi
Definition
This describes the type of endpoint as defined in H.323. Values must be one of the following:
1. terminal
2. mcu
3. gateway
Permissible values (if controlled)
Notes
This attribute can be used to search the directory for the presence of MCUs, gateways or terminals, by searching for the presence of attributes of this type.
Semantics
Example applications for which this attribute would be useful
Example (LDIF fragment)
h323IdentityEndpointType:gateway
6.11 h323IdentityServiceLevel
OID: 0.0.8.350.1.1.3.1.10
attributetypes: (0.0.8.350.1.1.3.1.10
NAME 'h323IdentityServiceLevel'
DESC 'To define services that a user can belong to.'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Application utility class
Standard
Number of values
multi
Definition
This describes the type of services a user can belong to.
Permissible values (if controlled)
Notes
Semantics
Example applications for which this attribute would be useful
Example (LDIF fragment)
h323IdentityServiceLevel:deluxe
7 h323Identity LDIF Files
This section contains a schema configuration file for h323Identity that can be used to configure an LDAP server to support this class.
# h323Identity Object Schema
#
# Schema for representing h323Identity Object in an LDAP Directory
#
# Abstract
#
# This document defines the schema for representing h323Identity
# object in an LDAP directory [LDAPv3]. It defines schema elements
# to represent an h323Identity object [h323Identity].
#
# .1 = Communication related work
# .1.3 = h323Identity
# .1.3.1 = attributes
# .1.3.2 = objectclass
# .1.3.3 = syntax
#
#
#
# Attribute Type Definitions
#
# The following attribute types are defined in this document:
#
# h323IdentityGKDomain
# h323Identityh323-ID
# h323IdentitydialedDigits
# h323Identityemail-ID
# h323IdentityURL-ID
# h323IdentitytransportID
# h323IdentitypartyNumber
# h323IdentitymobileUIM
# h323IdentityEndpointType
# h323IdentityServiceLevel
dn: cn=schema
changetype: modify
#
# if you need to change the definition of an attribute,
# then first delete and re-add in one step
#
# if this is the first time you are adding the h323Identity
# objectclass using this LDIF file, then you should comment
# out the delete attributetypes modification since this will
# fail. Alternatively, if your ldapmodify has a switch to continue
# on errors, then just use that switch -- if you're careful
#
delete: attributetypes
attributetypes: (0.0.8.350.1.1.3.1.1 NAME 'h323IdentityGKDomain' )
attributetypes: (0.0.8.350.1.1.3.1.2 NAME 'h323Identityh323-ID' )
attributetypes: (0.0.8.350.1.1.3.1.3 NAME 'h323IdentitydialedDigits' )
attributetypes: (0.0.8.350.1.1.3.1.4 NAME 'h323Identityemail-ID' )
attributetypes: (0.0.8.350.1.1.3.1.5 NAME 'h323IdentityURL-ID' )
attributetypes: (0.0.8.350.1.1.3.1.6 NAME 'h323IdentitytransportID' )
attributetypes: (0.0.8.350.1.1.3.1.7 NAME 'h323IdentitypartyNumber' )
attributetypes: (0.0.8.350.1.1.3.1.8 NAME 'h323IdentitymobileUIM' )
attributetypes: (0.0.8.350.1.1.3.1.9 NAME 'h323IdentityEndpointType' )
attributetypes: (0.0.8.350.1.1.3.1.10 NAME 'h323IdentityServiceLevel' )
-
#
# re-add the attributes -- in case there is a change of definition
#
#
add: attributetypes
attributetypes: (0.0.8.350.1.1.3.1.1
NAME 'h323IdentityGKDomain'
DESC 'FQDN of the Gatekeeper'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: (0.0.8.350.1.1.3.1.2
NAME 'h323Identityh323-ID'
DESC 'specifies the endpoint address alias as specified in H.323'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: (0.0.8.350.1.1.3.1.3
NAME 'h323IdentitydialedDigits'
DESC 'Specifies the endpoint dialled digits as specified in H.323'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: (0.0.8.350.1.1.3.1.4
NAME 'h323Identityemail-ID'
DESC 'Specifies an H.323 entity that can be reached using H.323'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: (0.0.8.350.1.1.3.1.5
NAME 'h323IdentityURL-ID'
DESC 'H.323 specs'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetypes: (0.0.8.350.1.1.3.1.6
NAME 'h323IdentitytransportID'
DESC 'specifies endpoint transport Id as defined in H.323'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: (0.0.8.350.1.1.3.1.7
NAME 'h323IdentitypartyNumber'
DESC 'endpoint party Number as defined in H.323'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: (0.0.8.350.1.1.3.1.8
NAME 'h323IdentitymobileUIM'
DESC 'endpoint mobile UIM as defined in H.323 document'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes: (0.0.8.350.1.1.3.1.9
NAME 'h323IdentityEndpointType'
DESC 'The endpoint H.323 type as defined in ITU-T H.323v4.'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetypes: (0.0.8.350.1.1.3.1.10
NAME 'h323IdentityServiceLevel'
DESC 'To define services a user can belong to.'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
# Object Class Definitions
#
# The following object class is defined in this document:
#
# h323Identity
#
# h323Identity
#
#
delete: objectclasses
objectclasses: (0.0.8.350.1.1.3.2.1 NAME 'h323Identity' )
-
add: objectclasses
objectclasses: (0.0.8.350.1.1.3.2.1
NAME 'h323Identity'
DESC 'h323Identity object'
SUP top AUXILIARY
MAY ( h323IdentityGKDomain $ h323Identityh323-ID $
h323IdentitydialedDigits $ h323Identityemail-ID $
h323IdentityURL-ID $ h323IdentitytransportID $
h323IdentitypartyNumber $ h323IdentitymobileUIM $
h323IdentityEndpointType $ h323IdentityServiceLevel )
)
-
#
# end of LDIF
#
Annex A: Indexing Profile
A Annex A Indexing Profile
Indexing of attributes is an implementation-specific activity and depends upon the desired application. Non-indexed attributes can result in search times sufficiently long to render some applications unusable. Notably, user and alias lookup should be fast. The Annex A Indexing Profile describes an indexing configuration for h323Identity directories that will be optimized for use in directory of directories applications. Use of this profile is optional.
h323IdentityGKDomain: no recommendation
h323Identityh323-ID: equality
h323IdentitydialedDigits: equality
h323Identityemail-ID: equality
h323IdentityURL-ID: equality
h323IdentitytransportID: equality
h323IdentitypartyNumber: equality
h323IdentitymobileUIM: equality
h323IdentityEndpointType: equality
h323IdentityServiceLevel: equality
Appendix I Electronic Attachment
I Electronic Attachment
The attached file h323Identity.ldif.txt contains a text only version of the LDIF file described in section 7.
