H.1.4 Transactions

H.1.4.1 Find LDAP Server

H.1.4.1.1 Scope

The RFC-2782 A DNS RR for specifying the location of services (DNS SRV) specifies a mechanism for requesting the names and rudimentary descriptions for machines that provide network services. The DNS client requests the descriptions for all machines that are registered as offering a particular service name. In this case the service name requested will be “LDAP”. The DNS server may respond with multiple names for a single request.

H.1.4.1.2 Use Case Roles

[pic]

Figure H.1-3 Find LDAP Server

DNS Server Provides list of LDAP servers

LDAP Client Requests list of LDAP servers

H.1.4.1.3 Referenced Standards

RFC-2181 Clarifications to the DNS Specification

RFC-2219 Use of DNS Aliases for Network Services

RFC-2782 A DNS RR for specifying the location of services (DNS SRV)

other RFC’s are included by reference from RFC-2181, RFC-2219, and RFC-2782.

H.1.4.1.4 Interaction Diagram

[pic]

Figure H.1-4 Select LDAP Server

The DNS client shall request a list of all the LDAP servers available. It will use the priority, capacity, and location information provided by DNS to select a server. (RFC-2782 recommends the proper use of these parameters.) It is possible that there is no LDAP server, or that the DNS server does not support the SRV RR request.

Notes: 1. Multiple LDAP servers providing access to a common replicated LDAP database is a commonly supported configuration. This permits LDAP servers to be located where appropriate for best performance and fault tolerance. The DNS server response information provides guidance for selecting the most appropriate server.

2. There may also be multiple LDAP servers providing different databases. In this situation the client may have to examine several servers to find the one that supports the DICOM configuration database. Similarly a single LDAP server may support multiple base DNs, and the client will need to check each of these DNs to determine which is the DICOM supporting tree.

H.1.4.1.5 Alternative Paths

The client may have a mechanism for manual default selection of the LDAP server to be used if the DNS server does not provide an LDAP server location.

H.1.4.2 Query LDAP Server

H.1.4.2.1 Scope

The RFC-2251 “Lightweight Directory Access Protocol (v3)” specifies a mechanism for making queries of a database corresponding to an LDAP schema. The LDAP client can compose requests in the LDAP query language, and the LDAP server will respond with the results for a single request.

H.1.4.2.2 Use Case Roles

[pic]

Figure H.1-5 Query LDAP Server

LDAP Server Provides query response

LDAP Client Requests LDAP information

H.1.4.2.3 Referenced Standards

RFC-2251 Lightweight Directory Access Protocol (v3). LDAP support requires compliance with other RFC’s invoked by reference.

H.1.4.2.4 Interaction Description

The LDAP client may make a wide variety of queries and cascaded queries using LDAP. The LDAP client and server shall support the Application Configuration Data Model .

Note: Multiple LDAP servers providing access to a common replicated LDAP database is a commonly supported configuration. This permits LDAP servers to be located where appropriate for best performance and fault tolerance. The replications rules chosen for the LDAP servers affect the visible data consistency. LDAP permits inconsistent views of the database during updates and replications.

H.1.4.3 Update LDAP Server

H.1.4.3.1 Scope

The RFC-2251 “Lightweight Directory Access Protocol (v3)” specifies a mechanism for making updates to a database corresponding to an LDAP schema. The LDAP client can compose updates in the LDAP query language, and the LDAP server will respond with the results for a single request. Update requests may be refused for security reasons.

H.1.4.3.2 Use Case Roles

[pic]

Figure H.1-6 Update LDAP Server

LDAP Server Maintains database

LDAP Client Updates LDAP information

H.1.4.3.3 Referenced Standards

RFC-2251 Lightweight Directory Access Protocol (v3). LDAP support requires compliance with other RFC’s invoked by reference.

H.1.4.3.4 Interaction Description

The LDAP client may make a request to update the LDAP database. The LDAP client shall support the data model described above. The LDAP server may choose to refuse the update request for security reasons. If the LDAP server permits update requests, is shall support the data model described above.

Note: Multiple LDAP servers providing access to a common replicated LDAP database is a commonly supported configuration. This permits LDAP servers to be located where appropriate for best performance and fault tolerance. Inappropriate selection of replication rules in the configuration of the LDAP server will result in failure for AE-title uniqueness when creating the AE-titles objects.

H.1.4.3.5 Special Update for Network AE Creation

The creation of a new Network AE requires special action. The following steps shall be followed:

  1. A tentative AE title shall be selected. Various algorithms are possible, ranging from generating a random name to starting with a preset name template and incrementing a counter field. The client may query the Unique AE Titles Registry sub-tree to obtain the complete list of names that are presently in use as part of this process.

  2. A new Unique AE Title object shall be created in the Unique AE Titles Registry portion of the hierarchy with the tentative name. The LDAP server enforces uniqueness of names at any specific point in the hierarchy.

  3. If the new object creation was successful, this shall be the AE Title used for the new Network AE.

  4. If the new object creation fails due to non-unique name, return to a) and select another name.

H.1.4.4 Maintain LDAP Server

The LDAP server shall support a separate manual or automated means of maintaining the LDAP database contents. The LDAP server shall support the RFC-2849 file format mechanism for updating the LDAP database. The LDAP Client or service installation tools shall provide RFC-2849 formatted files to update LDAP server databases manually. The LDAP server may refuse client network updates for security reasons. If this is the case, then the maintenance process will be used to maintain the LDAP database.

The manual update procedures are not specified other than the requirement above that at least the minimal LDAP information exchange file format from RFC 2849 be supported. The exact mechanisms for transferring this information remain vendor and site specific. In some situations, for example the creation of AE-titles, a purely manual update mechanism may be easier than exchanging files.

The conformance statement shall document the mechanisms available for transferring this information. Typical mechanisms include:

  1. floppy disk

  2. CD-R

  3. SSH

  4. Secure FTP

  5. FTP

  6. email

  7. HTTPS

Notes: 1. There are many automated and semi-automatic tools for maintaining LDAP databases. Many LDAP servers provide GUI interfaces and updating tools. The specifics of these tools are outside the scope of DICOM. The LDAP RFC-2849 requires at least a minimal data exchange capability. There are also XML based tools for creating and maintaining these files.

2. This mechanism may also be highly effective for preparing a new network installation by means of a single pre-planned network configuration setup rather than individual machine updates.