2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
INTERNET-DRAFT Editor: Kurt D. Zeilenga
|
|
|
|
|
Intended Category: Standard Track OpenLDAP Foundation
|
2002-06-07 09:58:40 +08:00
|
|
|
|
Expires in six months 17 May 2002
|
2001-08-01 13:42:28 +08:00
|
|
|
|
Obsoletes: RFC 1274
|
2001-10-26 10:10:30 +08:00
|
|
|
|
Updates: RFC 2798
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LDAPv3: A Collection of User Schema
|
2002-06-07 09:58:40 +08:00
|
|
|
|
<draft-zeilenga-ldap-user-schema-06.txt>
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Status of this Memo
|
|
|
|
|
|
|
|
|
|
This document is an Internet-Draft and is in full conformance with all
|
|
|
|
|
provisions of Section 10 of RFC2026.
|
|
|
|
|
|
|
|
|
|
This document is intended to be, after appropriate review and
|
|
|
|
|
revision, submitted to the RFC Editor as a Standard Track document.
|
|
|
|
|
Distribution of this memo is unlimited. Technical discussion of this
|
2001-10-26 10:10:30 +08:00
|
|
|
|
document will take place on the IETF Directory Interest mailing list
|
|
|
|
|
<directory@apps.ietf.org>. Please send editorial comments directly to
|
|
|
|
|
the author <Kurt@OpenLDAP.org>.
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
Internet-Drafts are working documents of the Internet Engineering Task
|
|
|
|
|
Force (IETF), its areas, and its working groups. Note that other
|
|
|
|
|
groups may also distribute working documents as Internet-Drafts.
|
|
|
|
|
Internet-Drafts are draft documents valid for a maximum of six months
|
|
|
|
|
and may be updated, replaced, or obsoleted by other documents at any
|
|
|
|
|
time. It is inappropriate to use Internet-Drafts as reference
|
|
|
|
|
material or to cite them other than as ``work in progress.''
|
|
|
|
|
|
|
|
|
|
The list of current Internet-Drafts can be accessed at
|
|
|
|
|
<http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
|
|
|
|
|
Internet-Draft Shadow Directories can be accessed at
|
|
|
|
|
<http://www.ietf.org/shadow.html>.
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
Copyright 2002, The Internet Society. All Rights Reserved.
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
Please see the Copyright section near the end of this document for
|
|
|
|
|
more information.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Abstract
|
|
|
|
|
|
|
|
|
|
This document provides a collection of user schema elements for use
|
2002-06-07 09:58:40 +08:00
|
|
|
|
with LDAP (Lightweight Directory Access Protocol) from both ITU-T
|
|
|
|
|
Recommendations for the X.500 Directory and COSINE and Internet X.500
|
|
|
|
|
pilot projects.
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 1]
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Conventions
|
|
|
|
|
|
|
|
|
|
Schema definitions are provided using LDAPv3 description formats
|
|
|
|
|
[RFC2252]. Definitions provided here are formatted (line wrapped) for
|
|
|
|
|
readability.
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
|
|
|
|
|
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
|
|
|
|
|
document are to be interpreted as described in BCP 14 [RFC2119].
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Table of Contents (to be expanded by editor)
|
|
|
|
|
|
|
|
|
|
Status of this Memo 1
|
|
|
|
|
Abstract
|
|
|
|
|
Conventions 2
|
|
|
|
|
Table of Contents
|
|
|
|
|
1. Background and Intended Use 3
|
|
|
|
|
2. Matching Rules
|
|
|
|
|
2.1. booleanMatch 4
|
|
|
|
|
2.2. caseExactMatch
|
|
|
|
|
2.3. caseExactOrderingMatch
|
|
|
|
|
2.4. caseExactSubstringsMatch
|
|
|
|
|
2.5. caseIgnoreListSubstringsMatch
|
|
|
|
|
2.6. directoryStringFirstComponentMatch 5
|
|
|
|
|
2.7. integerOrderingMatch
|
2002-06-07 09:58:40 +08:00
|
|
|
|
2.8. keywordMatch
|
2001-10-26 10:10:30 +08:00
|
|
|
|
2.9. numericStringOrderingMatch 6
|
|
|
|
|
2.10. octetStringOrderingMatch
|
|
|
|
|
2.11. storedPrefixMatch
|
2002-06-07 09:58:40 +08:00
|
|
|
|
2.12. wordMatch 7
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3. Attribute Types
|
|
|
|
|
3.1. associatedDomain
|
|
|
|
|
3.2. associatedName
|
|
|
|
|
3.3. buildingName
|
|
|
|
|
3.3. co 8
|
|
|
|
|
3.5. documentAuthor
|
2002-06-07 09:58:40 +08:00
|
|
|
|
3.6. documentIdentifier
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.7. documentLocation
|
2002-06-07 09:58:40 +08:00
|
|
|
|
3.8. documentPublisher 9
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.9. documentTitle
|
|
|
|
|
3.10. documentVersion
|
2002-06-07 09:58:40 +08:00
|
|
|
|
3.11. drink
|
|
|
|
|
3.12. homePhone 10
|
|
|
|
|
3.13. homePostalAddress
|
|
|
|
|
3.14. host
|
|
|
|
|
3.16. info
|
|
|
|
|
3.17. mail 11
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 2]
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
3.18. manager
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.19. mobile
|
|
|
|
|
3.20. organizationalStatus
|
2002-06-07 09:58:40 +08:00
|
|
|
|
3.21. otherMailbox 12
|
|
|
|
|
3.22. pager
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.23. personalTitle
|
2002-06-07 09:58:40 +08:00
|
|
|
|
3.24. roomNumber 13
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.25. secretary
|
2002-06-07 09:58:40 +08:00
|
|
|
|
3.26. uid
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.27. uniqueIdentifier
|
2002-06-07 09:58:40 +08:00
|
|
|
|
3.28. userClass 14
|
|
|
|
|
4. Object Classes
|
2001-10-26 10:10:30 +08:00
|
|
|
|
4.1. account
|
2002-06-07 09:58:40 +08:00
|
|
|
|
4.2. document 15
|
2001-10-26 10:10:30 +08:00
|
|
|
|
4.3. documentSeries
|
2002-06-07 09:58:40 +08:00
|
|
|
|
4.4. domainRelatedObject
|
2001-10-26 10:10:30 +08:00
|
|
|
|
4.5. friendlyCountry
|
2002-06-07 09:58:40 +08:00
|
|
|
|
4.6. rFC822LocalPart 16
|
|
|
|
|
4.7. room
|
2001-10-26 10:10:30 +08:00
|
|
|
|
4.8. simpleSecurityObject
|
2002-06-07 09:58:40 +08:00
|
|
|
|
5. Security Considerations 17
|
|
|
|
|
6. IANA Considerations
|
|
|
|
|
7. Acknowledgments 19
|
|
|
|
|
8. Author's Address
|
|
|
|
|
9. Normative References
|
|
|
|
|
10. Informative References
|
|
|
|
|
Full Copyright 20
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1. Background and Intended Use
|
|
|
|
|
|
|
|
|
|
This document provides descriptions [RFC2252] of user schema for use
|
|
|
|
|
with LDAP [LDAPTS] collected from numerous sources.
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
This document includes a summary of select schema introduced for the
|
2001-08-01 13:42:28 +08:00
|
|
|
|
COSINE and Internet X.500 pilot projects [RFC1274]. This document
|
|
|
|
|
obsoletes RFC 1274.
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
This document includes a summary of X.500 user schema [X.520] not
|
|
|
|
|
previously specified for use with LDAP. Some of these items were
|
2001-10-26 10:10:30 +08:00
|
|
|
|
described in the inetOrgPerson [RFC2798] schema. This document
|
2002-06-07 09:58:40 +08:00
|
|
|
|
supersedes these descriptions, replacing sections 9.1.3 and 9.3.3 of
|
2001-10-26 10:10:30 +08:00
|
|
|
|
RFC 2798.
|
|
|
|
|
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
2. Matching Rules
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
This section introduces LDAP matching rules based upon descriptions of
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 3]
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
their X.500 counterparts.
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
2.1. booleanMatch
|
|
|
|
|
|
|
|
|
|
BooleanMatch compares for equality a asserted Boolean value with an
|
|
|
|
|
attribute value of BOOLEAN syntax. The rule returns TRUE if and only
|
|
|
|
|
if the values are the same, i.e. both are TRUE or both are FALSE.
|
|
|
|
|
(Source: X.520)
|
|
|
|
|
|
|
|
|
|
( 2.5.13.13 NAME 'booleanMatch'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2.2. caseExactMatch
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
CaseExactMatch compares for equality the asserted value with an
|
2001-08-01 13:42:28 +08:00
|
|
|
|
attribute value of DirectoryString syntax. The rule is identical to
|
|
|
|
|
the caseIgnoreMatch [RFC2252] rule except that case is not ignored.
|
|
|
|
|
(Source: X.520)
|
|
|
|
|
|
|
|
|
|
( 2.5.13.5 NAME 'caseExactMatch'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
2.3. caseExactOrderingMatch
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
CaseExactOrderingMatch compares the collation order of the asserted
|
|
|
|
|
string with an attribute value of DirectoryString syntax. The rule is
|
|
|
|
|
identical to the caseIgnoreOrderingMatch [RFC2252] rule except that
|
|
|
|
|
letters are not folded. (Source: X.520)
|
|
|
|
|
|
|
|
|
|
( 2.5.13.6 NAME 'caseExactOrderingMatch'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
2.4. caseExactSubstringsMatch
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
CaseExactSubstringsMatch determines whether the asserted value(s) are
|
2001-10-26 10:10:30 +08:00
|
|
|
|
substrings of an attribute value of DirectoryString syntax. The rule
|
2001-08-01 13:42:28 +08:00
|
|
|
|
is identical to the caseIgnoreSubstringsMatch [RFC2252] rule except
|
|
|
|
|
that case is not ignored. (Source: X.520)
|
|
|
|
|
|
|
|
|
|
( 2.5.13.7 NAME 'caseExactSubstringsMatch'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
2.5. caseIgnoreListSubstringsMatch
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 4]
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
CaseIgnoreListSubstringMatch compares the asserted substring with an
|
|
|
|
|
attribute value which is a sequence of DirectoryStrings, but where the
|
|
|
|
|
case (upper or lower) is not significant for comparison purposes. The
|
|
|
|
|
asserted value matches a stored value if and only if the asserted
|
|
|
|
|
value matches the string formed by concatenating the strings of the
|
|
|
|
|
stored value. This matching is done according to the
|
|
|
|
|
caseIgnoreSubstringsMatch [RFC2252] rule; however, none of the
|
|
|
|
|
initial, any, or final values of the asserted value are considered to
|
|
|
|
|
match a substring of the concatenated string which spans more than one
|
|
|
|
|
of the strings of the stored value. (Source: X.520)
|
|
|
|
|
|
|
|
|
|
( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
2.6. directoryStringFirstComponentMatch
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
DirectoryStringFirstComponentMatch compares for equality the asserted
|
|
|
|
|
DirectoryString value with an attribute value of type SEQUENCE whose
|
|
|
|
|
first component is mandatory and of type DirectoryString. The rule
|
|
|
|
|
returns TRUE if and only if the attribute value has a first component
|
|
|
|
|
whose value matches the asserted DirectoryString using the rules of
|
|
|
|
|
caseIgnoreMatch [RFC2252]. A value of the assertion syntax is derived
|
|
|
|
|
from a value of the attribute syntax by using the value of the first
|
|
|
|
|
component of the SEQUENCE. (Source: X.520)
|
|
|
|
|
|
|
|
|
|
( 2.5.13.31 NAME 'directoryStringFirstComponentMatch'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
2.7. integerOrderingMatch
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
The integerOrderingMatch rule compares the ordering of the asserted
|
|
|
|
|
integer with an attribute value of Integer syntax. The rule returns
|
|
|
|
|
True if the attribute value is less than the asserted value. (Source:
|
|
|
|
|
X.520)
|
|
|
|
|
|
|
|
|
|
( 2.5.13.15 NAME 'integerOrderingMatch'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
2.8. keywordMatch
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
|
|
|
|
The keywordMatch rule compares the asserted string with keywords in an
|
|
|
|
|
attribute value of DirectoryString syntax. The rule returns TRUE if
|
|
|
|
|
and only if the asserted value matches any keyword in the attribute
|
|
|
|
|
value. The identification of keywords in an attribute value and of
|
|
|
|
|
the exactness of match are both implementation specific. (Source:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 5]
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
X.520)
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
( 2.5.13.32 NAME 'keywordMatch'
|
2001-08-01 13:42:28 +08:00
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
2.9. numericStringOrderingMatch
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
NumericStringOrderingMatch compares the collation order of the
|
|
|
|
|
asserted string with an attribute value of NumericString syntax. The
|
|
|
|
|
rule is identical to the caseIgnoreOrderingMatch [RFC2252] rule except
|
|
|
|
|
that all space characters are skipped during comparison (case is
|
|
|
|
|
irrelevant as characters are numeric). (Source: X.520)
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
( 2.5.13.9 NAME 'numericStringOrderingMatch'
|
2001-10-26 10:10:30 +08:00
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
2.10. octetStringOrderingMatch
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
OctetStringOrderingMatch compares the collation order of the asserted
|
|
|
|
|
octet string with an attribute value of OCTET STRING syntax. The rule
|
|
|
|
|
compares octet strings from first octet to last octet, and from the
|
|
|
|
|
most significant bit to the least significant bit within the octet.
|
|
|
|
|
The first occurrence of a different bit determines the ordering of the
|
|
|
|
|
strings. A zero bit precedes a one bit. If the strings are identical
|
|
|
|
|
but contain different numbers of octets, the shorter string precedes
|
2001-10-26 10:10:30 +08:00
|
|
|
|
the longer string. (Source: X.520)
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
( 2.5.13.18 NAME 'octetStringOrderingMatch'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
2.11. storedPrefixMatch
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
StoredPrefixMatch determines whether an attribute value, whose syntax
|
|
|
|
|
is DirectoryString, is a prefix (i.e. initial substring) of the
|
|
|
|
|
asserted value, without regard to the case (upper or lower) of the
|
|
|
|
|
strings. The rule returns TRUE if and only if the attribute value is
|
|
|
|
|
an initial substring of the asserted value with corresponding
|
|
|
|
|
characters identical except possibly with regard to case. (Source:
|
|
|
|
|
X.520)
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
( 2.5.13.41 NAME 'storedPrefixMatch'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
|
|
|
|
|
|
Note: This rule can be used, for example, to compare values in the
|
|
|
|
|
Directory which are telephone area codes with a purported value
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 6]
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
which is a telephone number.
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
2.12. wordMatch
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The wordMatch rule compares the asserted string with words in an
|
|
|
|
|
attribute value of DirectoryString syntax. The rule returns TRUE if
|
|
|
|
|
and only if the asserted word matches any word in the attribute value.
|
|
|
|
|
Individual word matching is as for the caseIgnoreMatch [RFC2252]
|
|
|
|
|
matching rule. The precise definition of a "word" is implementation
|
|
|
|
|
specific. (Source: X.520)
|
|
|
|
|
|
|
|
|
|
( 2.5.13.32 NAME 'wordMatch'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3. Attribute Types
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
This section details attribute types for use in LDAP.
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.1. associatedDomain
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The associatedDomain attribute type specifies a DNS domain [RFC1034]
|
|
|
|
|
which is associated with an object. For example, the entry in the DIT
|
|
|
|
|
with a distinguished name "DC=example,DC=com" might have an associated
|
|
|
|
|
domain of "example.com". (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
|
|
|
|
|
EQUALITY caseIgnoreIA5Match
|
|
|
|
|
SUBSTR caseIgnoreIA5SubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.2. associatedName
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
The associatedName attribute type specifies an entry in the
|
2001-08-01 13:42:28 +08:00
|
|
|
|
organizational DIT associated with a DNS domain [RFC1034]. (Source:
|
|
|
|
|
RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
|
|
|
|
|
EQUALITY distinguishedNameMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.3. buildingName
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
The buildingName attribute type specifies the name of the building
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 7]
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
where an organization or organizational unit is based. (Source: RFC
|
|
|
|
|
1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.3. co
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The co (Friendly Country Name) attribute type specifies names of
|
2002-06-07 09:58:40 +08:00
|
|
|
|
countries in human readable format. It is commonly used in
|
|
|
|
|
conjunction with the c (Country Name) [RFC2256] attribute type (which
|
|
|
|
|
restricted to one of the two-letter codes defined in [ISO3166]).
|
2001-08-01 13:42:28 +08:00
|
|
|
|
(Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.43
|
|
|
|
|
NAME ( 'co' 'friendlyCountryName' )
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.5. documentAuthor
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The documentAuthor attribute type specifies the distinguished name of
|
|
|
|
|
the author of a document. (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
|
|
|
|
|
EQUALITY distinguishedNameMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.6. documentIdentifier
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The documentIdentifier attribute type specifies a unique identifier
|
|
|
|
|
for a document. (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.7. documentLocation
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The documentLocation attribute type specifies the location of the
|
2002-06-07 09:58:40 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 8]
|
|
|
|
|
|
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
|
|
|
|
|
|
|
|
|
|
2001-08-01 13:42:28 +08:00
|
|
|
|
document original. (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.8. documentPublisher
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The documentPublisher attribute is the person and/or organization that
|
|
|
|
|
published a document. (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.9. documentTitle
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The documentTitle attribute type specifies the title of a document.
|
|
|
|
|
(Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.10. documentVersion
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The documentVersion attribute type specifies the version number of a
|
|
|
|
|
document. (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.11. drink
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The drink (Favourite Drink) attribute type specifies the favorite
|
|
|
|
|
drink of an object (or person). (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' )
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 9]
|
|
|
|
|
|
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
|
|
|
|
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
2002-06-07 09:58:40 +08:00
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
3.12. homePhone
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The homePhone (Home Telephone Number) attribute type specifies a home
|
|
|
|
|
telephone number (e.g., "+44 71 123 4567") associated with a person.
|
|
|
|
|
(Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.20
|
|
|
|
|
NAME ( 'homePhone' 'homeTelephoneNumber' )
|
|
|
|
|
EQUALITY telephoneNumberMatch
|
|
|
|
|
SUBSTR telephoneNumberSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
3.13. homePostalAddress
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The homePostalAddress attribute type specifies a home postal address
|
2002-06-07 09:58:40 +08:00
|
|
|
|
for an object. This SHOULD be limited to up to 6 lines of 30
|
2001-08-01 13:42:28 +08:00
|
|
|
|
characters each. (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.39
|
|
|
|
|
NAME 'homePostalAddress'
|
|
|
|
|
EQUALITY caseIgnoreListMatch
|
|
|
|
|
SUBSTR caseIgnoreListSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
3.14. host
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The host attribute type specifies a host computer. (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.9
|
|
|
|
|
NAME 'host'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
|
|
|
|
3.16. info
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The info (Information) attribute type specifies any general
|
|
|
|
|
information pertinent to an object. It is RECOMMENDED that specific
|
|
|
|
|
usage of this attribute type is avoided, and that specific
|
|
|
|
|
requirements are met by other (possibly additional) attribute types.
|
2002-06-07 09:58:40 +08:00
|
|
|
|
Note that the description attribute type [RFC2256] is available for
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 10]
|
|
|
|
|
|
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
specifying descriptive information pertinent to an object. (Source:
|
|
|
|
|
RFC 1274)
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.4
|
|
|
|
|
NAME 'info'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.17. mail
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The mail (rfc822mailbox) attribute type holds an the electronic mail
|
2002-06-07 09:58:40 +08:00
|
|
|
|
address in [RFC822] form (e.g.: user@example.com). Note that this
|
2001-08-01 13:42:28 +08:00
|
|
|
|
attribute SHOULD NOT be used to hold non-Internet addresses. (Source:
|
|
|
|
|
RFC 1274)
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
2001-08-01 13:42:28 +08:00
|
|
|
|
( 0.9.2342.19200300.100.1.3
|
|
|
|
|
NAME ( 'mail' 'rfc822Mailbox' )
|
|
|
|
|
EQUALITY caseIgnoreIA5Match
|
|
|
|
|
SUBSTR caseIgnoreIA5SubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.18. manager
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The Manager attribute type specifies the manager of an object
|
|
|
|
|
represented by an entry. (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.10
|
|
|
|
|
NAME 'manager'
|
|
|
|
|
EQUALITY distinguishedNameMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.19. mobile
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The mobile (Mobile Telephone Number) attribute type specifies a mobile
|
|
|
|
|
telephone number (e.g., "+44 71 123 4567") associated with a person.
|
|
|
|
|
(Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.41
|
|
|
|
|
NAME ( 'mobile' 'mobileTelephoneNumber' )
|
|
|
|
|
EQUALITY telephoneNumberMatch
|
|
|
|
|
SUBSTR telephoneNumberSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 11]
|
|
|
|
|
|
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.20. organizationalStatus
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The organizationalStatus attribute type specifies a category by which
|
|
|
|
|
a person is often referred to in an organization. Examples of usage
|
|
|
|
|
in academia might include undergraduate student, researcher, lecturer,
|
|
|
|
|
etc.
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
A Directory administrator SHOULD consider carefully the distinctions
|
|
|
|
|
between this and the title and userClass attributes. (Source: RFC
|
|
|
|
|
1274)
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.45
|
|
|
|
|
NAME 'organizationalStatus'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.21. otherMailbox
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The otherMailbox attribute type specifies values for electronic
|
|
|
|
|
mailbox types other than X.400 and RFC822. (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.22
|
|
|
|
|
NAME 'otherMailbox'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.22. pager
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The pager (Pager Telephone Number) attribute type specifies a pager
|
|
|
|
|
telephone number (e.g., "+44 71 123 4567") for an object. (Source:
|
|
|
|
|
RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.42
|
|
|
|
|
NAME ( 'pager' 'pagerTelephoneNumber' )
|
|
|
|
|
EQUALITY telephoneNumberMatch
|
|
|
|
|
SUBSTR telephoneNumberSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.23. personalTitle
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The personalTitle attribute type specifies a personal title for a
|
|
|
|
|
person. Examples of personal titles are "Frau", "Dr", "Herr", and
|
|
|
|
|
"Prof". (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.40
|
2002-06-07 09:58:40 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 12]
|
|
|
|
|
|
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
|
|
|
|
|
|
|
|
|
|
2001-08-01 13:42:28 +08:00
|
|
|
|
NAME 'personalTitle'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.24. roomNumber
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The roomNumber attribute type specifies the room number of an object.
|
2002-06-07 09:58:40 +08:00
|
|
|
|
Note that the cn (commonName) attribute type SHOULD be used for naming
|
|
|
|
|
room objects. (Source: RFC 1274)
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.6
|
|
|
|
|
NAME 'roomNumber'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.25. secretary
|
|
|
|
|
|
2001-08-01 13:42:28 +08:00
|
|
|
|
The secretary attribute type specifies the secretary of a person. The
|
|
|
|
|
attribute value for Secretary is a distinguished name. (Source: RFC
|
|
|
|
|
1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.21
|
|
|
|
|
NAME 'secretary'
|
|
|
|
|
EQUALITY distinguishedNameMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.26. uid
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The uid (userid) attribute type specifies a computer system login
|
|
|
|
|
name. (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.1
|
|
|
|
|
NAME ( 'uid' 'userid' )
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.27. uniqueIdentifier
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
The Unique Identifier attribute type specifies a "unique identifier"
|
|
|
|
|
for an object represented in the Directory. The domain within which
|
|
|
|
|
the identifier is unique, and the exact semantics of the identifier,
|
2002-06-07 09:58:40 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 13]
|
|
|
|
|
|
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
are for local definition. For a person, this might be an institution-
|
|
|
|
|
wide payroll number. For an organizational unit, it might be a
|
|
|
|
|
department code. An attribute value for uniqueIdentifier is a
|
|
|
|
|
directoryString. (Source: RFC 1274)
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
|
2001-10-26 10:10:30 +08:00
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
Note: X.520 describes an attribute also called 'uniqueIdentifier'
|
|
|
|
|
(2.5.4.45) which is called 'x500UniqueIdentifier' in LDAP
|
|
|
|
|
[RFC2256]. The attribute detailed here ought not be confused
|
|
|
|
|
with x500UniqueIdentifier.
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
3.28. userClass
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
The userClass attribute type specifies a category of computer user.
|
|
|
|
|
The semantics placed on this attribute are for local interpretation.
|
|
|
|
|
Examples of current usage od this attribute in academia are
|
2001-08-01 13:42:28 +08:00
|
|
|
|
undergraduate student, researcher, lecturer, etc. Note that the
|
2002-06-07 09:58:40 +08:00
|
|
|
|
organizationalStatus attribute type is now often be preferred as it
|
|
|
|
|
makes no distinction between computer users and others. (Source: RFC
|
|
|
|
|
1274)
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.8 NAME 'userClass'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
4. Object Classes
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
This section details object classes for use in LDAP.
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
|
|
|
|
4.1. account
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The account object class is used to define entries representing
|
2002-06-07 09:58:40 +08:00
|
|
|
|
computer accounts. The uid (userid) attribute SHOULD be used for
|
2001-08-01 13:42:28 +08:00
|
|
|
|
naming entries of this object class. (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.4.5
|
|
|
|
|
NAME 'account'
|
|
|
|
|
SUP top STRUCTURAL
|
|
|
|
|
MUST uid
|
|
|
|
|
MAY ( description $ seeAlso $ l $ o $ ou $ host ) )
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
|
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 14]
|
|
|
|
|
|
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
4.2. document
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The document object class is used to define entries which represent
|
|
|
|
|
documents. (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.4.6
|
|
|
|
|
NAME 'document'
|
|
|
|
|
SUP top STRUCTURAL
|
|
|
|
|
MUST documentIdentifier
|
|
|
|
|
MAY ( cn $ description $ seeAlso $ l $ o $ ou $
|
|
|
|
|
documentTitle $ documentVersion $ documentAuthor $
|
|
|
|
|
documentLocation $ documentPublisher ) )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
4.3. documentSeries
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
The documentSeries object class is used to define an entry which
|
|
|
|
|
represents a series of documents (e.g., The Request For Comments
|
|
|
|
|
memos). (Source: RFC 1274)
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.4.9
|
|
|
|
|
NAME 'documentSeries'
|
|
|
|
|
SUP top STRUCTURAL
|
|
|
|
|
MUST cn
|
|
|
|
|
MAY ( description $ l $ o $ ou $ seeAlso $
|
|
|
|
|
telephonenumber ) )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
4.4. domainRelatedObject
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The domainRelatedObject object class is used to define entries which
|
|
|
|
|
represent DNS domains which are "equivalent" to an X.500 domain: e.g.,
|
|
|
|
|
an organization or organizational unit. (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.4.17
|
|
|
|
|
NAME 'domainRelatedObject'
|
|
|
|
|
SUP top AUXILIARY
|
|
|
|
|
MUST associatedDomain )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
4.5. friendlyCountry
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The friendlyCountry object class is used to define country entries in
|
|
|
|
|
the DIT. The object class is used to allow friendlier naming of
|
2002-06-07 09:58:40 +08:00
|
|
|
|
countries than that allowed by the object class country [RFC2256].
|
|
|
|
|
(Source: RFC 1274)
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.4.18
|
2002-06-07 09:58:40 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 15]
|
|
|
|
|
|
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
|
|
|
|
|
|
|
|
|
|
2001-08-01 13:42:28 +08:00
|
|
|
|
NAME 'friendlyCountry'
|
|
|
|
|
SUP country STRUCTURAL
|
|
|
|
|
MUST co )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
4.6. rFC822LocalPart
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The rFC822LocalPart object class is used to define entries which
|
2002-06-07 09:58:40 +08:00
|
|
|
|
represent the local part of [RFC822] mail addresses. This treats this
|
|
|
|
|
part of an RFC 822 address as a domain [RFC2247]. (Source: RFC 1274)
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.4.14
|
|
|
|
|
NAME 'rFC822localPart'
|
|
|
|
|
SUP domain STRUCTURAL
|
|
|
|
|
MAY ( cn $ description $ destinationIndicator $
|
2001-10-26 10:10:30 +08:00
|
|
|
|
facsimileTelephoneNumber $ internationaliSDNNumber $
|
|
|
|
|
physicalDeliveryOfficeName $ postalAddress $
|
|
|
|
|
postalCode $ postOfficeBox $ preferredDeliveryMethod $
|
|
|
|
|
registeredAddress $ seeAlso $ sn $ street $
|
2001-08-01 13:42:28 +08:00
|
|
|
|
telephoneNumber $ teletexTerminalIdentifier $
|
|
|
|
|
telexNumber $ x121Address ) )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
4.7. room
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
The room object class is used to define entries representing rooms.
|
2002-06-07 09:58:40 +08:00
|
|
|
|
The cn (commonName) attribute SHOULD be used for naming entries of
|
2001-08-01 13:42:28 +08:00
|
|
|
|
this object class. (Source: RFC 1274)
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.4.7 NAME 'room'
|
|
|
|
|
SUP top STRUCTURAL
|
|
|
|
|
MUST cn
|
|
|
|
|
MAY ( roomNumber $ description $
|
|
|
|
|
seeAlso $ telephoneNumber ) )
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
4.8. simpleSecurityObject
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
The simpleSecurityObject object class is used to require an entry to
|
|
|
|
|
have a userPassword attribute when the entry's structural object class
|
|
|
|
|
does not require (or allow) the userPassword attribute. (Source: RFC
|
|
|
|
|
1274)
|
|
|
|
|
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
|
|
|
|
|
SUP top AUXILIARY
|
|
|
|
|
MUST userPassword )
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 16]
|
|
|
|
|
|
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
Note: Security considerations related to the use of simple
|
|
|
|
|
authentication mechanisms in LDAP are discussed in RFC 2829
|
|
|
|
|
[RFC2829].
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
5. Security Considerations
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
General LDAP security considerations [LDAPTS] is applicable to the use
|
|
|
|
|
of this schema. Additional considerations are noted above where
|
|
|
|
|
appropriate.
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
6. IANA Considerations
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
It is requested that IANA update the LDAP descriptors registry as
|
|
|
|
|
indicated the following template:
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
Subject: Request for LDAP Descriptor Registration Update
|
|
|
|
|
Descriptor (short name): see comment
|
|
|
|
|
Object Identifier: see comment
|
|
|
|
|
Person & email address to contact for further information:
|
|
|
|
|
Kurt Zeilenga <kurt@OpenLDAP.org>
|
|
|
|
|
Usage: see comment
|
|
|
|
|
Specification: RFCXXXX
|
|
|
|
|
Author/Change Controller: IESG
|
|
|
|
|
Comments:
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
The following descriptors should be added:
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
NAME Type OID
|
|
|
|
|
------------------------ ---- ---------
|
|
|
|
|
booleanMatch M 2.5.13.13
|
|
|
|
|
caseExactMatch M 2.5.13.5
|
|
|
|
|
caseExactOrderingMatch M 2.5.13.6
|
|
|
|
|
caseExactSubstringsMatch M 2.5.13.7
|
|
|
|
|
caseIgnoreListSubstringsMatch M 2.5.13.12
|
|
|
|
|
directoryStringFirstComponentMatch M 2.5.13.31
|
|
|
|
|
integerOrderingMatch M 2.5.13.15
|
|
|
|
|
keywordMatch M 2.5.13.32
|
|
|
|
|
numericStringOrderingMatch M 2.5.13.9
|
|
|
|
|
octetStringOrderingMatch M 2.5.13.18
|
|
|
|
|
storedPrefixMatch M 2.5.13.41
|
|
|
|
|
wordMatch M 2.5.13.32
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
The following descriptors should be updated to refer to RFC XXXX.
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
NAME Type OID
|
|
|
|
|
------------------------ ---- --------------------------
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 17]
|
|
|
|
|
|
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
account O 0.9.2342.19200300.100.4.5
|
|
|
|
|
associatedDomain A 0.9.2342.19200300.100.1.37
|
|
|
|
|
associatedName A 0.9.2342.19200300.100.1.38
|
|
|
|
|
buildingName A 0.9.2342.19200300.100.1.48
|
|
|
|
|
co A 0.9.2342.19200300.100.1.43
|
|
|
|
|
document O 0.9.2342.19200300.100.4.6
|
|
|
|
|
documentAuthor A 0.9.2342.19200300.100.1.14
|
|
|
|
|
documentIdentifier A 0.9.2342.19200300.100.1.11
|
|
|
|
|
documentLocation A 0.9.2342.19200300.100.1.15
|
|
|
|
|
documentPublisher A 0.9.2342.19200300.100.1.56
|
|
|
|
|
documentSeries O 0.9.2342.19200300.100.4.8
|
|
|
|
|
documentTitle A 0.9.2342.19200300.100.1.12
|
|
|
|
|
documentVersion A 0.9.2342.19200300.100.1.13
|
|
|
|
|
domainRelatedObject O 0.9.2342.19200300.100.4.17
|
|
|
|
|
drink A 0.9.2342.19200300.100.1.5
|
|
|
|
|
favouriteDrink A 0.9.2342.19200300.100.1.5
|
|
|
|
|
friendlyCountry O 0.9.2342.19200300.100.4.18
|
|
|
|
|
friendlyCountryName A 0.9.2342.19200300.100.1.43
|
|
|
|
|
homePhone A 0.9.2342.19200300.100.1.20
|
|
|
|
|
homePostalAddress A 0.9.2342.19200300.100.1.39
|
|
|
|
|
homeTelephone A 0.9.2342.19200300.100.1.20
|
|
|
|
|
host A 0.9.2342.19200300.100.1.9
|
|
|
|
|
info A 0.9.2342.19200300.100.1.4
|
|
|
|
|
mail A 0.9.2342.19200300.100.1.3
|
|
|
|
|
manager A 0.9.2342.19200300.100.1.10
|
|
|
|
|
mobile A 0.9.2342.19200300.100.1.41
|
|
|
|
|
mobileTelephoneNumber A 0.9.2342.19200300.100.1.41
|
|
|
|
|
organizationalStatus A 0.9.2342.19200300.100.1.45
|
|
|
|
|
otherMailbox A 0.9.2342.19200300.100.1.22
|
|
|
|
|
pager A 0.9.2342.19200300.100.1.42
|
|
|
|
|
pagerTelephoneNumber A 0.9.2342.19200300.100.1.42
|
|
|
|
|
personalTitle A 0.9.2342.19200300.100.1.40
|
|
|
|
|
RFC822LocalPart O 0.9.2342.19200300.100.4.14
|
|
|
|
|
RFC822Mailbox A 0.9.2342.19200300.100.1.3
|
|
|
|
|
room O 0.9.2342.19200300.100.4.7
|
|
|
|
|
roomNumber A 0.9.2342.19200300.100.1.6
|
|
|
|
|
secretary A 0.9.2342.19200300.100.1.21
|
|
|
|
|
simpleSecurityObject O 0.9.2342.19200300.100.4.19
|
|
|
|
|
singleLevelQuality A 0.9.2342.19200300.100.1.50
|
|
|
|
|
uid A 0.9.2342.19200300.100.1.1
|
|
|
|
|
uniqueIdentifier A 0.9.2342.19200300.100.1.44
|
|
|
|
|
userClass A 0.9.2342.19200300.100.1.8
|
|
|
|
|
userId A 0.9.2342.19200300.100.1.1
|
|
|
|
|
|
|
|
|
|
where Type A is Attribute, Type O is ObjectClass, and Type M
|
|
|
|
|
is Matching Rule.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 18]
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This document make no OID assignments, it only associates LDAP schema
|
|
|
|
|
descriptions with existing elements of X.500 schema.
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
7. Acknowledgments
|
|
|
|
|
|
|
|
|
|
This document borrows from a number of IETF documents including RFC
|
|
|
|
|
1274 by Paul Barker and Steve Kille. This document also borrows from
|
|
|
|
|
a number of ITU documents including X.520.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8. Author's Address
|
|
|
|
|
|
2001-08-01 13:42:28 +08:00
|
|
|
|
Kurt D. Zeilenga
|
|
|
|
|
OpenLDAP Foundation
|
|
|
|
|
<Kurt@OpenLDAP.org>
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
9. Normative References
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
[RFC822] D. Crocker, "Standard for the format of ARPA Internet text
|
2002-06-07 09:58:40 +08:00
|
|
|
|
messages", STD 11 (also RFC 822), August 1982.
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
[RFC1034] P.V. Mockapetris, "Domain names - concepts and facilities",
|
2002-06-07 09:58:40 +08:00
|
|
|
|
STD 13 (also RFC 1034), November 1987.
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
[RFC2119] S. Bradner, "Key words for use in RFCs to Indicate
|
|
|
|
|
Requirement Levels", BCP 14 (also RFC 2119), March 1997.
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
[RFC2247] S. Kille, M. Wahl, A. Grimstad, R. Huber, S. Sataluri,
|
|
|
|
|
"Using Domains in LDAP/X.500 Distinguished Names", January
|
|
|
|
|
1998.
|
|
|
|
|
|
|
|
|
|
[RFC2252] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight
|
|
|
|
|
Directory Access Protocol (v3): Attribute Syntax
|
|
|
|
|
Definitions", RFC 2252, December 1997.
|
|
|
|
|
|
|
|
|
|
[RFC2256] M. Wahl, "A Summary of the X.500(96) User Schema for use
|
|
|
|
|
with LDAPv3", RFC 2256, December 1997.
|
|
|
|
|
|
|
|
|
|
[RFC2829] M. Wahl, H. Alvestrand, J. Hodges, R. Morgan,
|
2001-10-26 10:10:30 +08:00
|
|
|
|
"Authentication Methods for LDAP", RFC 2829, May 2000.
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
2001-10-26 10:10:30 +08:00
|
|
|
|
[LDAPTS] J. Hodges, R. Morgan, "Lightweight Directory Access Protocol
|
|
|
|
|
(v3): Technical Specification", draft-ietf-ldapbis-
|
2001-08-01 13:42:28 +08:00
|
|
|
|
ldapv3-ts-00.txt.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 19]
|
|
|
|
|
|
|
|
|
|
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
|
2001-10-26 10:10:30 +08:00
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
10. Informative References
|
|
|
|
|
|
|
|
|
|
[ISO3166] International Standards Organization, "Codes for the
|
|
|
|
|
representation of names of countries", ISO 3166.
|
|
|
|
|
|
|
|
|
|
[RFC1274] P. Barker, S. Kille, "The COSINE and Internet X.500 Schema",
|
|
|
|
|
November 1991.
|
|
|
|
|
|
|
|
|
|
[RFC2798] M. Smith, "The LDAP inetOrgPerson Object Class", RFC 2798,
|
|
|
|
|
April 2000.
|
|
|
|
|
|
|
|
|
|
[X.520] International Telephone Union, "The Directory: Selected
|
|
|
|
|
Attribute Types", X.520, 1997.
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Full Copyright
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
Copyright 2002, The Internet Society. All Rights Reserved.
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|
|
|
|
|
This document and translations of it may be copied and furnished to
|
|
|
|
|
others, and derivative works that comment on or otherwise explain it
|
|
|
|
|
or assist in its implementation may be prepared, copied, published and
|
|
|
|
|
distributed, in whole or in part, without restriction of any kind,
|
|
|
|
|
provided that the above copyright notice and this paragraph are
|
|
|
|
|
included on all such copies and derivative works. However, this
|
|
|
|
|
document itself may not be modified in any way, such as by removing
|
|
|
|
|
the copyright notice or references to the Internet Society or other
|
|
|
|
|
Internet organizations, except as needed for the purpose of
|
|
|
|
|
developing Internet standards in which case the procedures for
|
|
|
|
|
copyrights defined in the Internet Standards process must be followed,
|
|
|
|
|
or as required to translate it into languages other than English.
|
|
|
|
|
|
|
|
|
|
The limited permissions granted above are perpetual and will not be
|
|
|
|
|
revoked by the Internet Society or its successors or assigns.
|
|
|
|
|
|
|
|
|
|
This document and the information contained herein is provided on an
|
|
|
|
|
"AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE INTERNET
|
|
|
|
|
ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
|
|
|
|
|
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
|
|
|
|
|
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
|
|
|
|
|
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-06-07 09:58:40 +08:00
|
|
|
|
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 20]
|
2001-08-01 13:42:28 +08:00
|
|
|
|
|