openldap/doc/drafts/draft-zeilenga-ldap-user-schema-xx.txt

1124 lines
36 KiB
Plaintext
Raw Normal View History

2001-08-01 13:42:28 +08:00
INTERNET-DRAFT Editor: Kurt D. Zeilenga
Intended Category: Standard Track OpenLDAP Foundation
2002-06-07 09:58:40 +08:00
Expires in six months 17 May 2002
2001-08-01 13:42:28 +08:00
Obsoletes: RFC 1274
2001-10-26 10:10:30 +08:00
Updates: RFC 2798
2001-08-01 13:42:28 +08:00
LDAPv3: A Collection of User Schema
2002-06-07 09:58:40 +08:00
<draft-zeilenga-ldap-user-schema-06.txt>
2001-08-01 13:42:28 +08:00
Status of this Memo
This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.
This document is intended to be, after appropriate review and
revision, submitted to the RFC Editor as a Standard Track document.
Distribution of this memo is unlimited. Technical discussion of this
2001-10-26 10:10:30 +08:00
document will take place on the IETF Directory Interest mailing list
<directory@apps.ietf.org>. Please send editorial comments directly to
the author <Kurt@OpenLDAP.org>.
2001-08-01 13:42:28 +08:00
Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as ``work in progress.''
The list of current Internet-Drafts can be accessed at
<http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
Internet-Draft Shadow Directories can be accessed at
<http://www.ietf.org/shadow.html>.
2002-06-07 09:58:40 +08:00
Copyright 2002, The Internet Society. All Rights Reserved.
2001-08-01 13:42:28 +08:00
Please see the Copyright section near the end of this document for
more information.
Abstract
This document provides a collection of user schema elements for use
2002-06-07 09:58:40 +08:00
with LDAP (Lightweight Directory Access Protocol) from both ITU-T
Recommendations for the X.500 Directory and COSINE and Internet X.500
pilot projects.
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 1]
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
2001-10-26 10:10:30 +08:00
Conventions
Schema definitions are provided using LDAPv3 description formats
[RFC2252]. Definitions provided here are formatted (line wrapped) for
readability.
2002-06-07 09:58:40 +08:00
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 [RFC2119].
2001-10-26 10:10:30 +08:00
Table of Contents (to be expanded by editor)
Status of this Memo 1
Abstract
Conventions 2
Table of Contents
1. Background and Intended Use 3
2. Matching Rules
2.1. booleanMatch 4
2.2. caseExactMatch
2.3. caseExactOrderingMatch
2.4. caseExactSubstringsMatch
2.5. caseIgnoreListSubstringsMatch
2.6. directoryStringFirstComponentMatch 5
2.7. integerOrderingMatch
2002-06-07 09:58:40 +08:00
2.8. keywordMatch
2001-10-26 10:10:30 +08:00
2.9. numericStringOrderingMatch 6
2.10. octetStringOrderingMatch
2.11. storedPrefixMatch
2002-06-07 09:58:40 +08:00
2.12. wordMatch 7
2001-10-26 10:10:30 +08:00
3. Attribute Types
3.1. associatedDomain
3.2. associatedName
3.3. buildingName
3.3. co 8
3.5. documentAuthor
2002-06-07 09:58:40 +08:00
3.6. documentIdentifier
2001-10-26 10:10:30 +08:00
3.7. documentLocation
2002-06-07 09:58:40 +08:00
3.8. documentPublisher 9
2001-10-26 10:10:30 +08:00
3.9. documentTitle
3.10. documentVersion
2002-06-07 09:58:40 +08:00
3.11. drink
3.12. homePhone 10
3.13. homePostalAddress
3.14. host
3.16. info
3.17. mail 11
2001-10-26 10:10:30 +08:00
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 2]
2001-10-26 10:10:30 +08:00
2002-06-07 09:58:40 +08:00
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
2001-10-26 10:10:30 +08:00
2002-06-07 09:58:40 +08:00
3.18. manager
2001-10-26 10:10:30 +08:00
3.19. mobile
3.20. organizationalStatus
2002-06-07 09:58:40 +08:00
3.21. otherMailbox 12
3.22. pager
2001-10-26 10:10:30 +08:00
3.23. personalTitle
2002-06-07 09:58:40 +08:00
3.24. roomNumber 13
2001-10-26 10:10:30 +08:00
3.25. secretary
2002-06-07 09:58:40 +08:00
3.26. uid
2001-10-26 10:10:30 +08:00
3.27. uniqueIdentifier
2002-06-07 09:58:40 +08:00
3.28. userClass 14
4. Object Classes
2001-10-26 10:10:30 +08:00
4.1. account
2002-06-07 09:58:40 +08:00
4.2. document 15
2001-10-26 10:10:30 +08:00
4.3. documentSeries
2002-06-07 09:58:40 +08:00
4.4. domainRelatedObject
2001-10-26 10:10:30 +08:00
4.5. friendlyCountry
2002-06-07 09:58:40 +08:00
4.6. rFC822LocalPart 16
4.7. room
2001-10-26 10:10:30 +08:00
4.8. simpleSecurityObject
2002-06-07 09:58:40 +08:00
5. Security Considerations 17
6. IANA Considerations
7. Acknowledgments 19
8. Author's Address
9. Normative References
10. Informative References
Full Copyright 20
2001-08-01 13:42:28 +08:00
1. Background and Intended Use
This document provides descriptions [RFC2252] of user schema for use
with LDAP [LDAPTS] collected from numerous sources.
2001-10-26 10:10:30 +08:00
This document includes a summary of select schema introduced for the
2001-08-01 13:42:28 +08:00
COSINE and Internet X.500 pilot projects [RFC1274]. This document
obsoletes RFC 1274.
2002-06-07 09:58:40 +08:00
This document includes a summary of X.500 user schema [X.520] not
previously specified for use with LDAP. Some of these items were
2001-10-26 10:10:30 +08:00
described in the inetOrgPerson [RFC2798] schema. This document
2002-06-07 09:58:40 +08:00
supersedes these descriptions, replacing sections 9.1.3 and 9.3.3 of
2001-10-26 10:10:30 +08:00
RFC 2798.
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
2. Matching Rules
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
This section introduces LDAP matching rules based upon descriptions of
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 3]
2001-10-26 10:10:30 +08:00
2002-06-07 09:58:40 +08:00
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
2001-08-01 13:42:28 +08:00
their X.500 counterparts.
2001-10-26 10:10:30 +08:00
2.1. booleanMatch
BooleanMatch compares for equality a asserted Boolean value with an
attribute value of BOOLEAN syntax. The rule returns TRUE if and only
if the values are the same, i.e. both are TRUE or both are FALSE.
(Source: X.520)
( 2.5.13.13 NAME 'booleanMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
2.2. caseExactMatch
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
CaseExactMatch compares for equality the asserted value with an
2001-08-01 13:42:28 +08:00
attribute value of DirectoryString syntax. The rule is identical to
the caseIgnoreMatch [RFC2252] rule except that case is not ignored.
(Source: X.520)
( 2.5.13.5 NAME 'caseExactMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
2001-10-26 10:10:30 +08:00
2.3. caseExactOrderingMatch
2001-08-01 13:42:28 +08:00
CaseExactOrderingMatch compares the collation order of the asserted
string with an attribute value of DirectoryString syntax. The rule is
identical to the caseIgnoreOrderingMatch [RFC2252] rule except that
letters are not folded. (Source: X.520)
( 2.5.13.6 NAME 'caseExactOrderingMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
2002-06-07 09:58:40 +08:00
2.4. caseExactSubstringsMatch
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
CaseExactSubstringsMatch determines whether the asserted value(s) are
2001-10-26 10:10:30 +08:00
substrings of an attribute value of DirectoryString syntax. The rule
2001-08-01 13:42:28 +08:00
is identical to the caseIgnoreSubstringsMatch [RFC2252] rule except
that case is not ignored. (Source: X.520)
( 2.5.13.7 NAME 'caseExactSubstringsMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
2002-06-07 09:58:40 +08:00
2.5. caseIgnoreListSubstringsMatch
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 4]
2001-10-26 10:10:30 +08:00
2002-06-07 09:58:40 +08:00
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
2001-08-01 13:42:28 +08:00
CaseIgnoreListSubstringMatch compares the asserted substring with an
attribute value which is a sequence of DirectoryStrings, but where the
case (upper or lower) is not significant for comparison purposes. The
asserted value matches a stored value if and only if the asserted
value matches the string formed by concatenating the strings of the
stored value. This matching is done according to the
caseIgnoreSubstringsMatch [RFC2252] rule; however, none of the
initial, any, or final values of the asserted value are considered to
match a substring of the concatenated string which spans more than one
of the strings of the stored value. (Source: X.520)
( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
2002-06-07 09:58:40 +08:00
2.6. directoryStringFirstComponentMatch
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
DirectoryStringFirstComponentMatch compares for equality the asserted
DirectoryString value with an attribute value of type SEQUENCE whose
first component is mandatory and of type DirectoryString. The rule
returns TRUE if and only if the attribute value has a first component
whose value matches the asserted DirectoryString using the rules of
caseIgnoreMatch [RFC2252]. A value of the assertion syntax is derived
from a value of the attribute syntax by using the value of the first
component of the SEQUENCE. (Source: X.520)
( 2.5.13.31 NAME 'directoryStringFirstComponentMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
2.7. integerOrderingMatch
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
The integerOrderingMatch rule compares the ordering of the asserted
integer with an attribute value of Integer syntax. The rule returns
True if the attribute value is less than the asserted value. (Source:
X.520)
( 2.5.13.15 NAME 'integerOrderingMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
2002-06-07 09:58:40 +08:00
2.8. keywordMatch
2001-10-26 10:10:30 +08:00
The keywordMatch rule compares the asserted string with keywords in an
attribute value of DirectoryString syntax. The rule returns TRUE if
and only if the asserted value matches any keyword in the attribute
value. The identification of keywords in an attribute value and of
the exactness of match are both implementation specific. (Source:
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 5]
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
2001-08-01 13:42:28 +08:00
X.520)
2001-10-26 10:10:30 +08:00
( 2.5.13.32 NAME 'keywordMatch'
2001-08-01 13:42:28 +08:00
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
2002-06-07 09:58:40 +08:00
2.9. numericStringOrderingMatch
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
NumericStringOrderingMatch compares the collation order of the
asserted string with an attribute value of NumericString syntax. The
rule is identical to the caseIgnoreOrderingMatch [RFC2252] rule except
that all space characters are skipped during comparison (case is
irrelevant as characters are numeric). (Source: X.520)
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
( 2.5.13.9 NAME 'numericStringOrderingMatch'
2001-10-26 10:10:30 +08:00
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
2.10. octetStringOrderingMatch
2001-08-01 13:42:28 +08:00
OctetStringOrderingMatch compares the collation order of the asserted
octet string with an attribute value of OCTET STRING syntax. The rule
compares octet strings from first octet to last octet, and from the
most significant bit to the least significant bit within the octet.
The first occurrence of a different bit determines the ordering of the
strings. A zero bit precedes a one bit. If the strings are identical
but contain different numbers of octets, the shorter string precedes
2001-10-26 10:10:30 +08:00
the longer string. (Source: X.520)
2001-08-01 13:42:28 +08:00
( 2.5.13.18 NAME 'octetStringOrderingMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
2002-06-07 09:58:40 +08:00
2.11. storedPrefixMatch
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
StoredPrefixMatch determines whether an attribute value, whose syntax
is DirectoryString, is a prefix (i.e. initial substring) of the
asserted value, without regard to the case (upper or lower) of the
strings. The rule returns TRUE if and only if the attribute value is
an initial substring of the asserted value with corresponding
characters identical except possibly with regard to case. (Source:
X.520)
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
( 2.5.13.41 NAME 'storedPrefixMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Note: This rule can be used, for example, to compare values in the
Directory which are telephone area codes with a purported value
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 6]
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
which is a telephone number.
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
2.12. wordMatch
2001-08-01 13:42:28 +08:00
The wordMatch rule compares the asserted string with words in an
attribute value of DirectoryString syntax. The rule returns TRUE if
and only if the asserted word matches any word in the attribute value.
Individual word matching is as for the caseIgnoreMatch [RFC2252]
matching rule. The precise definition of a "word" is implementation
specific. (Source: X.520)
( 2.5.13.32 NAME 'wordMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
2001-10-26 10:10:30 +08:00
3. Attribute Types
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
This section details attribute types for use in LDAP.
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
3.1. associatedDomain
2001-08-01 13:42:28 +08:00
The associatedDomain attribute type specifies a DNS domain [RFC1034]
which is associated with an object. For example, the entry in the DIT
with a distinguished name "DC=example,DC=com" might have an associated
domain of "example.com". (Source: RFC 1274)
( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
2001-10-26 10:10:30 +08:00
3.2. associatedName
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
The associatedName attribute type specifies an entry in the
2001-08-01 13:42:28 +08:00
organizational DIT associated with a DNS domain [RFC1034]. (Source:
RFC 1274)
( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
2001-10-26 10:10:30 +08:00
3.3. buildingName
2002-06-07 09:58:40 +08:00
The buildingName attribute type specifies the name of the building
2001-10-26 10:10:30 +08:00
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 7]
2001-10-26 10:10:30 +08:00
2002-06-07 09:58:40 +08:00
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
2001-10-26 10:10:30 +08:00
2001-08-01 13:42:28 +08:00
where an organization or organizational unit is based. (Source: RFC
1274)
( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
2001-10-26 10:10:30 +08:00
3.3. co
2001-08-01 13:42:28 +08:00
The co (Friendly Country Name) attribute type specifies names of
2002-06-07 09:58:40 +08:00
countries in human readable format. It is commonly used in
conjunction with the c (Country Name) [RFC2256] attribute type (which
restricted to one of the two-letter codes defined in [ISO3166]).
2001-08-01 13:42:28 +08:00
(Source: RFC 1274)
( 0.9.2342.19200300.100.1.43
NAME ( 'co' 'friendlyCountryName' )
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
2001-10-26 10:10:30 +08:00
3.5. documentAuthor
2001-08-01 13:42:28 +08:00
The documentAuthor attribute type specifies the distinguished name of
the author of a document. (Source: RFC 1274)
( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
2001-10-26 10:10:30 +08:00
3.6. documentIdentifier
2001-08-01 13:42:28 +08:00
The documentIdentifier attribute type specifies a unique identifier
for a document. (Source: RFC 1274)
( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
2001-10-26 10:10:30 +08:00
3.7. documentLocation
2001-08-01 13:42:28 +08:00
The documentLocation attribute type specifies the location of the
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 8]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
2001-08-01 13:42:28 +08:00
document original. (Source: RFC 1274)
( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
2001-10-26 10:10:30 +08:00
3.8. documentPublisher
2001-08-01 13:42:28 +08:00
The documentPublisher attribute is the person and/or organization that
published a document. (Source: RFC 1274)
( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
2001-10-26 10:10:30 +08:00
3.9. documentTitle
2001-08-01 13:42:28 +08:00
The documentTitle attribute type specifies the title of a document.
(Source: RFC 1274)
( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
2001-10-26 10:10:30 +08:00
3.10. documentVersion
2001-08-01 13:42:28 +08:00
The documentVersion attribute type specifies the version number of a
document. (Source: RFC 1274)
( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
2001-10-26 10:10:30 +08:00
3.11. drink
2001-08-01 13:42:28 +08:00
The drink (Favourite Drink) attribute type specifies the favorite
drink of an object (or person). (Source: RFC 1274)
( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' )
EQUALITY caseIgnoreMatch
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 9]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
2001-08-01 13:42:28 +08:00
SUBSTR caseIgnoreSubstringsMatch
2002-06-07 09:58:40 +08:00
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
3.12. homePhone
2001-08-01 13:42:28 +08:00
The homePhone (Home Telephone Number) attribute type specifies a home
telephone number (e.g., "+44 71 123 4567") associated with a person.
(Source: RFC 1274)
( 0.9.2342.19200300.100.1.20
NAME ( 'homePhone' 'homeTelephoneNumber' )
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
2002-06-07 09:58:40 +08:00
3.13. homePostalAddress
2001-08-01 13:42:28 +08:00
The homePostalAddress attribute type specifies a home postal address
2002-06-07 09:58:40 +08:00
for an object. This SHOULD be limited to up to 6 lines of 30
2001-08-01 13:42:28 +08:00
characters each. (Source: RFC 1274)
( 0.9.2342.19200300.100.1.39
NAME 'homePostalAddress'
EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
2002-06-07 09:58:40 +08:00
3.14. host
2001-08-01 13:42:28 +08:00
The host attribute type specifies a host computer. (Source: RFC 1274)
( 0.9.2342.19200300.100.1.9
NAME 'host'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
2001-10-26 10:10:30 +08:00
3.16. info
2001-08-01 13:42:28 +08:00
The info (Information) attribute type specifies any general
information pertinent to an object. It is RECOMMENDED that specific
usage of this attribute type is avoided, and that specific
requirements are met by other (possibly additional) attribute types.
2002-06-07 09:58:40 +08:00
Note that the description attribute type [RFC2256] is available for
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 10]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
specifying descriptive information pertinent to an object. (Source:
RFC 1274)
2001-08-01 13:42:28 +08:00
( 0.9.2342.19200300.100.1.4
NAME 'info'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
2001-10-26 10:10:30 +08:00
3.17. mail
2001-08-01 13:42:28 +08:00
The mail (rfc822mailbox) attribute type holds an the electronic mail
2002-06-07 09:58:40 +08:00
address in [RFC822] form (e.g.: user@example.com). Note that this
2001-08-01 13:42:28 +08:00
attribute SHOULD NOT be used to hold non-Internet addresses. (Source:
RFC 1274)
2001-10-26 10:10:30 +08:00
2001-08-01 13:42:28 +08:00
( 0.9.2342.19200300.100.1.3
NAME ( 'mail' 'rfc822Mailbox' )
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
2001-10-26 10:10:30 +08:00
3.18. manager
2001-08-01 13:42:28 +08:00
The Manager attribute type specifies the manager of an object
represented by an entry. (Source: RFC 1274)
( 0.9.2342.19200300.100.1.10
NAME 'manager'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
2001-10-26 10:10:30 +08:00
3.19. mobile
2001-08-01 13:42:28 +08:00
The mobile (Mobile Telephone Number) attribute type specifies a mobile
telephone number (e.g., "+44 71 123 4567") associated with a person.
(Source: RFC 1274)
( 0.9.2342.19200300.100.1.41
NAME ( 'mobile' 'mobileTelephoneNumber' )
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 11]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
2001-10-26 10:10:30 +08:00
3.20. organizationalStatus
2001-08-01 13:42:28 +08:00
The organizationalStatus attribute type specifies a category by which
a person is often referred to in an organization. Examples of usage
in academia might include undergraduate student, researcher, lecturer,
etc.
2002-06-07 09:58:40 +08:00
A Directory administrator SHOULD consider carefully the distinctions
between this and the title and userClass attributes. (Source: RFC
1274)
2001-08-01 13:42:28 +08:00
( 0.9.2342.19200300.100.1.45
NAME 'organizationalStatus'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
2001-10-26 10:10:30 +08:00
3.21. otherMailbox
2001-08-01 13:42:28 +08:00
The otherMailbox attribute type specifies values for electronic
mailbox types other than X.400 and RFC822. (Source: RFC 1274)
( 0.9.2342.19200300.100.1.22
NAME 'otherMailbox'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
2001-10-26 10:10:30 +08:00
3.22. pager
2001-08-01 13:42:28 +08:00
The pager (Pager Telephone Number) attribute type specifies a pager
telephone number (e.g., "+44 71 123 4567") for an object. (Source:
RFC 1274)
( 0.9.2342.19200300.100.1.42
NAME ( 'pager' 'pagerTelephoneNumber' )
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
2001-10-26 10:10:30 +08:00
3.23. personalTitle
2001-08-01 13:42:28 +08:00
The personalTitle attribute type specifies a personal title for a
person. Examples of personal titles are "Frau", "Dr", "Herr", and
"Prof". (Source: RFC 1274)
( 0.9.2342.19200300.100.1.40
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 12]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
2001-08-01 13:42:28 +08:00
NAME 'personalTitle'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
2001-10-26 10:10:30 +08:00
3.24. roomNumber
2001-08-01 13:42:28 +08:00
The roomNumber attribute type specifies the room number of an object.
2002-06-07 09:58:40 +08:00
Note that the cn (commonName) attribute type SHOULD be used for naming
room objects. (Source: RFC 1274)
2001-08-01 13:42:28 +08:00
( 0.9.2342.19200300.100.1.6
NAME 'roomNumber'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
2001-10-26 10:10:30 +08:00
3.25. secretary
2001-08-01 13:42:28 +08:00
The secretary attribute type specifies the secretary of a person. The
attribute value for Secretary is a distinguished name. (Source: RFC
1274)
( 0.9.2342.19200300.100.1.21
NAME 'secretary'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
2001-10-26 10:10:30 +08:00
3.26. uid
2001-08-01 13:42:28 +08:00
The uid (userid) attribute type specifies a computer system login
name. (Source: RFC 1274)
( 0.9.2342.19200300.100.1.1
NAME ( 'uid' 'userid' )
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
2001-10-26 10:10:30 +08:00
3.27. uniqueIdentifier
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
The Unique Identifier attribute type specifies a "unique identifier"
for an object represented in the Directory. The domain within which
the identifier is unique, and the exact semantics of the identifier,
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 13]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
2001-10-26 10:10:30 +08:00
are for local definition. For a person, this might be an institution-
wide payroll number. For an organizational unit, it might be a
department code. An attribute value for uniqueIdentifier is a
directoryString. (Source: RFC 1274)
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
2001-10-26 10:10:30 +08:00
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
Note: X.520 describes an attribute also called 'uniqueIdentifier'
(2.5.4.45) which is called 'x500UniqueIdentifier' in LDAP
[RFC2256]. The attribute detailed here ought not be confused
with x500UniqueIdentifier.
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
3.28. userClass
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
The userClass attribute type specifies a category of computer user.
The semantics placed on this attribute are for local interpretation.
Examples of current usage od this attribute in academia are
2001-08-01 13:42:28 +08:00
undergraduate student, researcher, lecturer, etc. Note that the
2002-06-07 09:58:40 +08:00
organizationalStatus attribute type is now often be preferred as it
makes no distinction between computer users and others. (Source: RFC
1274)
2001-08-01 13:42:28 +08:00
( 0.9.2342.19200300.100.1.8 NAME 'userClass'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
2001-10-26 10:10:30 +08:00
4. Object Classes
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
This section details object classes for use in LDAP.
2001-10-26 10:10:30 +08:00
4.1. account
2001-08-01 13:42:28 +08:00
The account object class is used to define entries representing
2002-06-07 09:58:40 +08:00
computer accounts. The uid (userid) attribute SHOULD be used for
2001-08-01 13:42:28 +08:00
naming entries of this object class. (Source: RFC 1274)
( 0.9.2342.19200300.100.4.5
NAME 'account'
SUP top STRUCTURAL
MUST uid
MAY ( description $ seeAlso $ l $ o $ ou $ host ) )
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 14]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
2001-10-26 10:10:30 +08:00
4.2. document
2001-08-01 13:42:28 +08:00
The document object class is used to define entries which represent
documents. (Source: RFC 1274)
( 0.9.2342.19200300.100.4.6
NAME 'document'
SUP top STRUCTURAL
MUST documentIdentifier
MAY ( cn $ description $ seeAlso $ l $ o $ ou $
documentTitle $ documentVersion $ documentAuthor $
documentLocation $ documentPublisher ) )
2001-10-26 10:10:30 +08:00
4.3. documentSeries
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
The documentSeries object class is used to define an entry which
represents a series of documents (e.g., The Request For Comments
memos). (Source: RFC 1274)
2001-08-01 13:42:28 +08:00
( 0.9.2342.19200300.100.4.9
NAME 'documentSeries'
SUP top STRUCTURAL
MUST cn
MAY ( description $ l $ o $ ou $ seeAlso $
telephonenumber ) )
2001-10-26 10:10:30 +08:00
4.4. domainRelatedObject
2001-08-01 13:42:28 +08:00
The domainRelatedObject object class is used to define entries which
represent DNS domains which are "equivalent" to an X.500 domain: e.g.,
an organization or organizational unit. (Source: RFC 1274)
( 0.9.2342.19200300.100.4.17
NAME 'domainRelatedObject'
SUP top AUXILIARY
MUST associatedDomain )
2001-10-26 10:10:30 +08:00
4.5. friendlyCountry
2001-08-01 13:42:28 +08:00
The friendlyCountry object class is used to define country entries in
the DIT. The object class is used to allow friendlier naming of
2002-06-07 09:58:40 +08:00
countries than that allowed by the object class country [RFC2256].
(Source: RFC 1274)
2001-08-01 13:42:28 +08:00
( 0.9.2342.19200300.100.4.18
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 15]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
2001-08-01 13:42:28 +08:00
NAME 'friendlyCountry'
SUP country STRUCTURAL
MUST co )
2001-10-26 10:10:30 +08:00
4.6. rFC822LocalPart
2001-08-01 13:42:28 +08:00
The rFC822LocalPart object class is used to define entries which
2002-06-07 09:58:40 +08:00
represent the local part of [RFC822] mail addresses. This treats this
part of an RFC 822 address as a domain [RFC2247]. (Source: RFC 1274)
2001-08-01 13:42:28 +08:00
( 0.9.2342.19200300.100.4.14
NAME 'rFC822localPart'
SUP domain STRUCTURAL
MAY ( cn $ description $ destinationIndicator $
2001-10-26 10:10:30 +08:00
facsimileTelephoneNumber $ internationaliSDNNumber $
physicalDeliveryOfficeName $ postalAddress $
postalCode $ postOfficeBox $ preferredDeliveryMethod $
registeredAddress $ seeAlso $ sn $ street $
2001-08-01 13:42:28 +08:00
telephoneNumber $ teletexTerminalIdentifier $
telexNumber $ x121Address ) )
2001-10-26 10:10:30 +08:00
4.7. room
2001-08-01 13:42:28 +08:00
The room object class is used to define entries representing rooms.
2002-06-07 09:58:40 +08:00
The cn (commonName) attribute SHOULD be used for naming entries of
2001-08-01 13:42:28 +08:00
this object class. (Source: RFC 1274)
( 0.9.2342.19200300.100.4.7 NAME 'room'
SUP top STRUCTURAL
MUST cn
MAY ( roomNumber $ description $
seeAlso $ telephoneNumber ) )
2001-10-26 10:10:30 +08:00
4.8. simpleSecurityObject
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
The simpleSecurityObject object class is used to require an entry to
have a userPassword attribute when the entry's structural object class
does not require (or allow) the userPassword attribute. (Source: RFC
1274)
2001-08-01 13:42:28 +08:00
( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
SUP top AUXILIARY
MUST userPassword )
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 16]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
2001-10-26 10:10:30 +08:00
Note: Security considerations related to the use of simple
authentication mechanisms in LDAP are discussed in RFC 2829
[RFC2829].
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
5. Security Considerations
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
General LDAP security considerations [LDAPTS] is applicable to the use
of this schema. Additional considerations are noted above where
appropriate.
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
6. IANA Considerations
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
It is requested that IANA update the LDAP descriptors registry as
indicated the following template:
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
Subject: Request for LDAP Descriptor Registration Update
Descriptor (short name): see comment
Object Identifier: see comment
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Usage: see comment
Specification: RFCXXXX
Author/Change Controller: IESG
Comments:
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
The following descriptors should be added:
2001-10-26 10:10:30 +08:00
2002-06-07 09:58:40 +08:00
NAME Type OID
------------------------ ---- ---------
booleanMatch M 2.5.13.13
caseExactMatch M 2.5.13.5
caseExactOrderingMatch M 2.5.13.6
caseExactSubstringsMatch M 2.5.13.7
caseIgnoreListSubstringsMatch M 2.5.13.12
directoryStringFirstComponentMatch M 2.5.13.31
integerOrderingMatch M 2.5.13.15
keywordMatch M 2.5.13.32
numericStringOrderingMatch M 2.5.13.9
octetStringOrderingMatch M 2.5.13.18
storedPrefixMatch M 2.5.13.41
wordMatch M 2.5.13.32
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
The following descriptors should be updated to refer to RFC XXXX.
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
NAME Type OID
------------------------ ---- --------------------------
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 17]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
account O 0.9.2342.19200300.100.4.5
associatedDomain A 0.9.2342.19200300.100.1.37
associatedName A 0.9.2342.19200300.100.1.38
buildingName A 0.9.2342.19200300.100.1.48
co A 0.9.2342.19200300.100.1.43
document O 0.9.2342.19200300.100.4.6
documentAuthor A 0.9.2342.19200300.100.1.14
documentIdentifier A 0.9.2342.19200300.100.1.11
documentLocation A 0.9.2342.19200300.100.1.15
documentPublisher A 0.9.2342.19200300.100.1.56
documentSeries O 0.9.2342.19200300.100.4.8
documentTitle A 0.9.2342.19200300.100.1.12
documentVersion A 0.9.2342.19200300.100.1.13
domainRelatedObject O 0.9.2342.19200300.100.4.17
drink A 0.9.2342.19200300.100.1.5
favouriteDrink A 0.9.2342.19200300.100.1.5
friendlyCountry O 0.9.2342.19200300.100.4.18
friendlyCountryName A 0.9.2342.19200300.100.1.43
homePhone A 0.9.2342.19200300.100.1.20
homePostalAddress A 0.9.2342.19200300.100.1.39
homeTelephone A 0.9.2342.19200300.100.1.20
host A 0.9.2342.19200300.100.1.9
info A 0.9.2342.19200300.100.1.4
mail A 0.9.2342.19200300.100.1.3
manager A 0.9.2342.19200300.100.1.10
mobile A 0.9.2342.19200300.100.1.41
mobileTelephoneNumber A 0.9.2342.19200300.100.1.41
organizationalStatus A 0.9.2342.19200300.100.1.45
otherMailbox A 0.9.2342.19200300.100.1.22
pager A 0.9.2342.19200300.100.1.42
pagerTelephoneNumber A 0.9.2342.19200300.100.1.42
personalTitle A 0.9.2342.19200300.100.1.40
RFC822LocalPart O 0.9.2342.19200300.100.4.14
RFC822Mailbox A 0.9.2342.19200300.100.1.3
room O 0.9.2342.19200300.100.4.7
roomNumber A 0.9.2342.19200300.100.1.6
secretary A 0.9.2342.19200300.100.1.21
simpleSecurityObject O 0.9.2342.19200300.100.4.19
singleLevelQuality A 0.9.2342.19200300.100.1.50
uid A 0.9.2342.19200300.100.1.1
uniqueIdentifier A 0.9.2342.19200300.100.1.44
userClass A 0.9.2342.19200300.100.1.8
userId A 0.9.2342.19200300.100.1.1
where Type A is Attribute, Type O is ObjectClass, and Type M
is Matching Rule.
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 18]
2001-10-26 10:10:30 +08:00
2002-06-07 09:58:40 +08:00
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
This document make no OID assignments, it only associates LDAP schema
descriptions with existing elements of X.500 schema.
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
7. Acknowledgments
This document borrows from a number of IETF documents including RFC
1274 by Paul Barker and Steve Kille. This document also borrows from
a number of ITU documents including X.520.
8. Author's Address
2001-08-01 13:42:28 +08:00
Kurt D. Zeilenga
OpenLDAP Foundation
<Kurt@OpenLDAP.org>
2002-06-07 09:58:40 +08:00
9. Normative References
2001-08-01 13:42:28 +08:00
[RFC822] D. Crocker, "Standard for the format of ARPA Internet text
2002-06-07 09:58:40 +08:00
messages", STD 11 (also RFC 822), August 1982.
2001-08-01 13:42:28 +08:00
[RFC1034] P.V. Mockapetris, "Domain names - concepts and facilities",
2002-06-07 09:58:40 +08:00
STD 13 (also RFC 1034), November 1987.
2001-08-01 13:42:28 +08:00
2002-06-07 09:58:40 +08:00
[RFC2119] S. Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14 (also RFC 2119), March 1997.
2001-08-01 13:42:28 +08:00
[RFC2247] S. Kille, M. Wahl, A. Grimstad, R. Huber, S. Sataluri,
"Using Domains in LDAP/X.500 Distinguished Names", January
1998.
[RFC2252] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight
Directory Access Protocol (v3): Attribute Syntax
Definitions", RFC 2252, December 1997.
[RFC2256] M. Wahl, "A Summary of the X.500(96) User Schema for use
with LDAPv3", RFC 2256, December 1997.
[RFC2829] M. Wahl, H. Alvestrand, J. Hodges, R. Morgan,
2001-10-26 10:10:30 +08:00
"Authentication Methods for LDAP", RFC 2829, May 2000.
2001-08-01 13:42:28 +08:00
2001-10-26 10:10:30 +08:00
[LDAPTS] J. Hodges, R. Morgan, "Lightweight Directory Access Protocol
(v3): Technical Specification", draft-ietf-ldapbis-
2001-08-01 13:42:28 +08:00
ldapv3-ts-00.txt.
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 19]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 17 May 2002
2001-10-26 10:10:30 +08:00
2002-06-07 09:58:40 +08:00
10. Informative References
[ISO3166] International Standards Organization, "Codes for the
representation of names of countries", ISO 3166.
[RFC1274] P. Barker, S. Kille, "The COSINE and Internet X.500 Schema",
November 1991.
[RFC2798] M. Smith, "The LDAP inetOrgPerson Object Class", RFC 2798,
April 2000.
[X.520] International Telephone Union, "The Directory: Selected
Attribute Types", X.520, 1997.
2001-08-01 13:42:28 +08:00
Full Copyright
2002-06-07 09:58:40 +08:00
Copyright 2002, The Internet Society. All Rights Reserved.
2001-08-01 13:42:28 +08:00
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be followed,
or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
2002-06-07 09:58:40 +08:00
Zeilenga draft-zeilenga-ldap-user-schema-06 [Page 20]
2001-08-01 13:42:28 +08:00