Page 1
Network Services
Location Manager
Network administrator’s guide
Page 2
Page 3
This document describes the Network Services Location (NSL) Manager and provides
information on setting up a network to take advantage of its services. Read this document if you
are a network administrator or are responsible for setting up or managing network services.
What Is the NSL Manager?
Part of the Mac OS, NSL Manager is software that helps network services advertise themselves
and helps applications find advertised services on the network.
In the past, finding services on a TCP/IP network was difficult unless an administrator took
steps to list available services.
With the NSL Manager, network services advertise themselves and applications can find those
services. When an application asks it to locate a network service, the NSL Manager uses
standard protocols to find available services. Located services are grouped into network
“neighborhoods” based on such attributes as the network segment in which the services are
found and the service location protocols operating in that segment.
Which Computers Use the NSL Manager?
The NSL Manager is available on all computers with a PowerPC™ microprocessor and Mac OS 8.5
or later installed. Details vary with the version of the Mac OS.
NSL Manager 1.0 in Mac OS 8.5
In version 1.0 of the NSL Manager in Mac OS 8.5, each service location protocol is
implemented as a plug-in, an extension that makes itself available to the NSL Manager when
the NSL Manager is initialized, but resides in memory only when it is responding to a request.
You can use the Extensions Manager to enable and disable individual NSL plug-ins.
When the NSL Manager is initialized, each NSL plug-in tells it the types of services the plug-in
can search for, such as HTTP and FTP, and the protocol the plug-in uses to conduct searches,
such as DNS or LDAP.
When the NSL Manager receives a request to advertise or locate a network service, it passes
the request to a plug-in that performs the actual registration or search.
NSL Manager 1.1 in Mac OS 9
In Mac OS 9, NSL Manager version 1.1 functions as described for OS 8.5 and includes four
plug-ins: Domain Name Service (DNS), Service Location Protocol (SLP), Lightweight Directory
Access Protocol (LDAP), and Name Binding Protocol (NBP).
3
Page 4
NSL Manager 1.1.3 in Mac OS 9.1
NSL Manager version 1.1.3 in Mac OS 9.1 no longer includes a DNS plug-in, and the SLP plug-in
uses a new algorithm to decide which network neighborhood to advertise a service in (see SLP
Registration in Mac OS 9.1 and Mac OS X, below).
NSL Manager 1.2 in Mac OS X
NSL Manager version 1.2 in Mac OS X uses its own SLP and NBP plug-ins for service registration
and discovery. LDAP and NetInfo searches are not supported in the first release of Mac OS X.
Setting Up Your Network to Work With the NSL Manager
How you set up your network affects which services the NSL Manager can locate. You may
need to make adjustments to allow hosts to find specific network services. Read the following
sections for protocol-specific information.
Setting Up for DNS Searches
The NSL Manager uses the DNS plug-in to find network services listed by Domain Name
Service (DNS) servers.
DNS and Mac OS 9
Your DNS server must be configured to allow anyone to request and receive zone transfers.
To make network services available to the NSL Manager through the DNS plug-in, you need to
manually add text records for network services to the DNS server. The format of the records is
as follows:
<hostname> <TTL> TXT <URL>
The following table explains each element of the record.
Field Contents
<hostname>
<TTL>
<URL>
The name of the host
The time-to-live for this information
The complete URL for this host (for example, http://www.apple.com/)
If you use more than one DNS server, make sure you add records for a particular host name to
the server responsible for that host and add the names of these servers to the search domain
lists in clients’ TCP/IP configurations.
DNS in Mac OS 9.1 and Mac OS X
The NSL Manager does not use DNS for service location in Mac OS 9.1 or Mac OS X.
4
Page 5
Setting Up for SLP Searches and Registrations
The NSL Manager uses the SLP plug-in to find and advertise network services using the Service
Location Protocol.
Network services running on the Mac OS can use the NSL SLP plug-in to advertise their
availability. (File sharing and Personal Web Sharing in Mac OS 9 and Mac OS 9.1, for example, use
SLP registration.) The SLP plug-in creates an SLP service agent on the host computer. This service
agent listens for and responds to requests. On networks that include an SLP Directory Agent
(DA), the SLP service agent registers its services with the DA. NSL search requests are then made
directly to the DA, reducing network traffic. (Most of this traffic is on the local subnet.)
Advertising and searching hosts must be running compatible versions of the SLP plug-in.
Services advertised by version 1.0 of the plug-in cannot be found by hosts running version 1.1
or later. Similarly, services advertised by version 1.1 or later of the plug-in cannot be found by
hosts running version 1.0.
To register or discover services outside the local subnet, IP Multicast Router capability must be
enabled. Neither MacIP nor PPP support multicasting.
SLP Registration in Mac OS 9
When advertising a service, the SLP plug-in in Mac OS 9 follows these steps to decide which
network neighborhood (SLP scope) to register the service in:
m If the registering application or service specifies a network neighborhood, the SLP plug-in
registers the service in that neighborhood.
m If no neighborhood is provided by the registering application or service, the SLP plug-in
registers the service in the first domain listed in the Search Domains list of the host’s
TCP/ IP settings.
m If no search domain is specified in the host’s TCP/IP settings, the plug-in tries to derive
a neighborhood from the domain of the service’s URL. For example, a service with the
URL http://me.mydomain.com is registered in the neighborhood mydomain.com and
http://me.sub.mydomain.com is registered in sub.mydomain.com
m If none of these steps yields a neighborhood, the plug-in registers the service in the default
SLP scope, which is listed as the Local Services neighborhood (or the localized equivalent).
5
Page 6
SLP Registration in Mac OS 9.1 and OS X
The SLP plug-in in Mac OS 9.1 and Mac OS X uses a different algorithm from the plug-in in
Mac OS 9 to decide which network neighborhood (SLP scope) to register the service in:
m If a mandated scope is specified by a Dynamic Host Configuration Protocol server (DHCP
SLP service scope option, code 79), the SLP plug-in registers the service in a neighborhood
named for that scope.
m If the DHCP server does not specify a mandatory scope, the plug-in registers the service in
the neighborhood specified in any known configuration or preference file (like the one set
using the AppleScript “Set my network neighborhood,” available in the OS 9.1 online help
topic “Sharing a USB Printer”).
m If no neighborhood is found in a configuration or preference file, the plug-in registers the
service in a neighborhood named for a voluntary scope specified by DHCP.
m If none of these steps yields a neighborhood, the plug-in registers the service in the default
SLP scope, which is listed as the Local Services neighborhood.
Setting Up for LDAP Searches
The NSL Manager uses its LDAP plug-in to search LDAP directories for network services.
LDAP in Mac OS 9 and Mac OS 9.1
The NSL Manager’s LDAP plug-in always searches the server and associated searchbase
specified in the LDAP Services fields in the Hosts settings on the Advanced tab of the Internet
control panel. Services discovered in this default directory are listed in a neighborhood that
has the same name as the LDAP server.
Applications and users can request the plug-in to search additional LDAP directories. Using the
Network Browser, for example, you can browse an LDAP directory by adding a neighborhood
with the name of the server and the searchbase in this form:
<servername>%2f<searchbase>
Example: ldap.example.com%2fc=us
Note: Choosing an item from the Favorites list in the Network Browser causes all active NSL
plug-ins to perform a search. When you choose an LDAP server from the Favorites list, the
DNS plug-in may also respond, generating a “nameserver not responding” message. If DNS
browsing is not needed, you can disable the DNS plug-in using the Extensions Manager control
panel. (The DNS plug-in is not included in Mac OS 9.1.)
6
Page 7
If you add an LDAP neighborhood without including a searchbase in the name, the LDAP
plug-in makes two attempts to get data from the server. First, it tries to access the directory
without specifying a searchbase. (Version 3 LDAP servers can return data when no searchbase
is provided.) If that fails, the plug-in tries again using a searchbase of
add a neighborhood named
m
ldap://ldap.example.com
ldap.example.com, the plug-in tries these searches:
c=us. For example, if you
m ldap://ldap.example.com/c=us
When you set up an LDAP directory to advertise services to NSL, keep these points in mind:
m The NSL plug-in searches for service URLs (for example, afp://asip.example.com,
ftp://www.example.com, or http://www.example.com) in both the
and
URL attributes. For best results, use the labeleduri attribute. See RFC 2079
labeleduri
for more information.
m Directory entries are displayed using distinguished names. When possible, use attributes
and names that are easy for a person to interpret, like
revealing names like
userID=2159.
cn=Joe Smith, rather than less
m You can improve performance and readability by organizing the directory so that service
lists contain fewer than 200 entries. For example, the searchbase
ou=printers, o=school
can be restructured as
service=printers, ou=HumanitiesBldg, o=school
service=printers, ou=ScienceBldg, o=school
service=printers, ou=AdminBldg, o=school
m You can create a separate branch in a directory specifically for NSL browsing.
Example:
ldap.example.com/ou=nsl,c=us
LDAP in Mac OS X
The NSL Manager cannot perform LDAP searches in the first release of Mac OS X.
Setting Up for NBP Searches
If AppleTalk is active on a host, AppleTalk zones and AppleShare servers on the network are
listed in the neighborhood named AppleTalk.
Setting Up for NetInfo Searches
NetInfo is the native directory service on Mac OS X. However NSL Manager does not support
NetInfo searches in the first release of Mac OS X.
7
Page 8
Security
The NSL Manager makes network services that were once difficult to find more readily
available to network users. It does not make sites less secure; it just makes it easier for clients
to find services that were already available.
If you use DNS to list your intranet’s services, you control which services clients can discover
through NSL searches. However, any network services that utilize SLP registration are
discoverable by the NSL Manager.
For More Information
For more information, see the following sources:
Request for Comments (RFC) Documents
Service Location Protocol, RFC 2165
Service Location Protocol, Version 2, RFC 2608
DHCP Options for Service Location Protocol, RFC 2610
Lightweight Directory Access Protocol, RFC 1777
Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource
Identifiers (URIs), RFC 2079
You can find RFC documents at the following Web address:
m www.rfc-editor.org
Books and Articles
DNS and Bind, 3rd edition, by Paul Albitz and Cricket Liu, O’Reilly & Associates, Inc. 1998
Inside Macintosh: Networking, Chapter 3, “Name Binding Protocol,” viewable at
developer.apple.com/techpubs/mac/Networking/Networking-61.html
SLP White Paper, at playground.sun.com/srvloc/slp_white_paper.html
© 2001 Apple Computer, Inc. All rights reserved.
Apple, the Apple logo, AppleShare, AppleTalk, Mac, and Macintosh are trademarks of Apple Computer, Inc.,
registered in the U.S. and other countries. Extensions Manager is a trademark of Apple Computer, Inc.
PowerPC is a trademark of International Business Machines Corporation, used under license therefrom.
Printed in U.S.A.
999-0038Z
Loading...