With scopes, you can provision services that depend on the logical, physical,
and administrative groupings of users. You can use scopes to administer access to
Use the net.slp.useScopes property to create scopes. For example, in the /etc/inet/slp.conf file
on a host, add a new scope, called newscope, as shown:
Your organization might, for example, have an alcove of networked devices,such as
printers and fax machines, at the end of the south hall on the
second floor of Building 6. These devices could be used by everyone on
the second floor, or you might restrict the usage to members of a
certain department. Scopes provide a way for you to provision access to the
service advertisements for these machines.
If the devices are dedicated to a single department, you can create a
scope with the department name, for example, mktg. Devices that belong to other
departments can be configured with different scope names.
In another scenario, the departments might be dispersed. For instance, the mechanical engineering
and the CAD/CAM departments might be split between floors 1 and 2. However,
you can provide the floor 2 machines for the hosts on both floors
by assigning them to the same scope. You can deploy scopes in any
manner that operates well with your network and users.
Note - UAs that have particular scope are not prevented from actually using services that
are advertised in other scopes. Configuring scopes controls only which service advertisements a
UA detects. The service is responsible for enforcing any access control restrictions.
When to Configure Scopes
SLP can function adequately without any scope configuration. In the Solaris operating environment,
the default scope for SLP is default. If no scopes are configured, default
is the scope of all SLP messages.
You can configure scopes in any of the following circumstances.
The organizations you support want to restrict service advertisement access to their own members.
The physical layout of the organization you support suggests that services in a certain area be accessed by particular users.
The service advertisements that are appropriate for specific users to see must be partitioned.
An example of the first circumstance was cited in Configuring DA Discovery for Dial-up Networks. An example of
the second is a situation in which an organization is spread between two
buildings, and you want users in a building to access local services in
that building. You can configure users in Building 1 with the B1
scope, while you configure users in Building 2 with the B2 scope.
Considerations When Configuring Scopes
When you modify the net.slp.useScopes property in the slpd.conf file, you configure scopes
for all agents on the host. If the host is running any SAs
or is acting as a DA, you must configure this property if you
want to configure the SAs or DA into scopes other than default. If
only UAs are running on the machine and the UAs should discover SAs
and DAs supporting scopes other than default, you do not need to
configure the property unless you want to restrict the scopes the UAs use.
If the property is not configured, UAs can automatically discover available DAs and
scopes through slpd. The SLP daemon uses active and passive DA discovery to
find DAs, or it uses SA discovery if no DAs are running. Alternatively,
if the property is configured, UAs use only the configured scopes and do
not discard them.
If you decide to configure scopes, you should consider keeping the default scope
on the list of configured scopes unless you are sure that all SAs
in the network have scopes configured. If any SAs are left unconfigured, UAs
with configured scopes are unable to find them. This situation occurs because the
unconfigured SAs automatically have scope default, but the UAs have the configured
If you also decide to configure DAs by setting the net.slp.DAAddresses property,
be sure that the scopes that are supported by the configured DAs are
the same as the scopes that you have configured with the net.slp.useScopes
property. If the scopes are different, slpd prints an error message when it
How to Configure Scopes
Use the following procedure to add scope names to the net.slp.useScopes property
in the slp.conf file.
- Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
- Stop slpd and all SLP activity on the host.
# svcadm disable network/slp
- Back up the default /etc/inet/slp.conf file before you change the configuration settings.
- Change the net.slp.useScopes property in the slpd.conf file:
- scope names
A list of strings that indicate which scopes a DA or SA is allowed to use when making requests, or which scopes a DA must support
Default Value=Default for SA and DA/Unassigned for UA
Use the following to construct scope names:
Any alphanumeric characters, uppercase or lowercase
Any punctuation characters (except for: '', \, !, <, =, >, and ~)
Spaces that are considered part of the name
You use a backslash to escape non-ASCII characters. For example, UTF-8 encoding uses 0xc3a9 hex code to represent the letter e with the French aigue accent. If the platform does not support UTF-8, you use the UTF-8 hex code as the escape sequence \c3\a9.
For example, to specify scopes for eng and mktg groups in bldg6,
you change the net.slp.useScopes line to the following.
- Save your changes and close the file.
- Restart slpd to activate your changes.
# svcadm enable network/slp