2005-06-26 07:06:51 +08:00
|
|
|
|
|
2005-11-26 03:23:13 +08:00
|
|
|
|
|
2006-02-01 02:23:30 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Network Working Group A. Sciberras, Ed.
|
|
|
|
|
Request for Comments: 4519 eB2Bcom
|
|
|
|
|
Obsoletes: 2256 June 2006
|
|
|
|
|
Updates: 2247, 2798, 2377
|
|
|
|
|
Category: Standards Track
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Lightweight Directory Access Protocol (LDAP):
|
|
|
|
|
Schema for User Applications
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Status of This Memo
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
This document specifies an Internet standards track protocol for the
|
|
|
|
|
Internet community, and requests discussion and suggestions for
|
|
|
|
|
improvements. Please refer to the current edition of the "Internet
|
|
|
|
|
Official Protocol Standards" (STD 1) for the standardization state
|
|
|
|
|
and status of this protocol. Distribution of this memo is unlimited.
|
2005-11-26 03:23:13 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Copyright Notice
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Copyright (C) The Internet Society (2006).
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
Abstract
|
|
|
|
|
|
|
|
|
|
This document is an integral part of the Lightweight Directory Access
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Protocol (LDAP) technical specification. It provides a technical
|
|
|
|
|
specification of attribute types and object classes intended for use
|
|
|
|
|
by LDAP directory clients for many directory services, such as White
|
|
|
|
|
Pages. These objects are widely used as a basis for the schema in
|
|
|
|
|
many LDAP directories. This document does not cover attributes used
|
|
|
|
|
for the administration of directory servers, nor does it include
|
|
|
|
|
directory objects defined for specific uses in other documents.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Sciberras Standards Track [Page 1]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Table of Contents
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
1. Introduction ....................................................3
|
|
|
|
|
1.1. Relationship with Other Specifications .....................3
|
|
|
|
|
1.2. Conventions ................................................4
|
|
|
|
|
1.3. General Issues .............................................4
|
|
|
|
|
2. Attribute Types .................................................4
|
|
|
|
|
2.1. 'businessCategory' .........................................5
|
|
|
|
|
2.2. 'c' ........................................................5
|
|
|
|
|
2.3. 'cn' .......................................................5
|
|
|
|
|
2.4. 'dc' .......................................................6
|
|
|
|
|
2.5. 'description' ..............................................6
|
|
|
|
|
2.6. 'destinationIndicator' .....................................7
|
|
|
|
|
2.7. 'distinguishedName' ........................................7
|
|
|
|
|
2.8. 'dnQualifier' ..............................................8
|
|
|
|
|
2.9. 'enhancedSearchGuide' ......................................8
|
|
|
|
|
2.10. 'facsimileTelephoneNumber' ................................9
|
|
|
|
|
2.11. 'generationQualifier' .....................................9
|
|
|
|
|
2.12. 'givenName' ...............................................9
|
|
|
|
|
2.13. 'houseIdentifier' .........................................9
|
|
|
|
|
2.14. 'initials' ...............................................10
|
|
|
|
|
2.15. 'internationalISDNNumber' ................................10
|
|
|
|
|
2.16. 'l' ......................................................10
|
|
|
|
|
2.17. 'member' .................................................11
|
|
|
|
|
2.18. 'name' ...................................................11
|
|
|
|
|
2.19. 'o' ......................................................11
|
|
|
|
|
2.20. 'ou' .....................................................12
|
|
|
|
|
2.21. 'owner' ..................................................12
|
|
|
|
|
2.22. 'physicalDeliveryOfficeName' .............................12
|
|
|
|
|
2.23. 'postalAddress' ..........................................13
|
|
|
|
|
2.24. 'postalCode' .............................................13
|
|
|
|
|
2.25. 'postOfficeBox' ..........................................14
|
|
|
|
|
2.26. 'preferredDeliveryMethod' ................................14
|
|
|
|
|
2.27. 'registeredAddress' ......................................14
|
|
|
|
|
2.28. 'roleOccupant' ...........................................15
|
|
|
|
|
2.29. 'searchGuide' ............................................15
|
|
|
|
|
2.30. 'seeAlso' ................................................15
|
|
|
|
|
2.31. 'serialNumber' ...........................................16
|
|
|
|
|
2.32. 'sn' .....................................................16
|
|
|
|
|
2.33. 'st' .....................................................16
|
|
|
|
|
2.34. 'street' .................................................17
|
|
|
|
|
2.35. 'telephoneNumber' ........................................17
|
|
|
|
|
2.36. 'teletexTerminalIdentifier' ..............................17
|
|
|
|
|
2.37. 'telexNumber' ............................................18
|
|
|
|
|
2.38. 'title' ..................................................18
|
|
|
|
|
2.39. 'uid' ....................................................18
|
|
|
|
|
2.40. 'uniqueMember' ...........................................19
|
|
|
|
|
2.41. 'userPassword' ...........................................19
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 2]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2.42. 'x121Address' ............................................20
|
|
|
|
|
2.43. 'x500UniqueIdentifier' ...................................20
|
|
|
|
|
3. Object Classes .................................................20
|
|
|
|
|
3.1. 'applicationProcess' ......................................21
|
|
|
|
|
3.2. 'country' .................................................21
|
|
|
|
|
3.3. 'dcObject' ................................................21
|
|
|
|
|
3.4. 'device' ..................................................21
|
|
|
|
|
3.5. 'groupOfNames' ............................................22
|
|
|
|
|
3.6. 'groupOfUniqueNames' ......................................22
|
|
|
|
|
3.7. 'locality' ................................................23
|
|
|
|
|
3.8. 'organization' ............................................23
|
|
|
|
|
3.9. 'organizationalPerson' ....................................24
|
|
|
|
|
3.10. 'organizationalRole' .....................................24
|
|
|
|
|
3.11. 'organizationalUnit' .....................................24
|
|
|
|
|
3.12. 'person' .................................................25
|
|
|
|
|
3.13. 'residentialPerson' ......................................25
|
|
|
|
|
3.14. 'uidObject' ..............................................26
|
|
|
|
|
4. IANA Considerations ............................................26
|
|
|
|
|
5. Security Considerations ........................................28
|
|
|
|
|
6. Acknowledgements ...............................................28
|
|
|
|
|
7. References .....................................................29
|
|
|
|
|
7.1. Normative References ......................................29
|
|
|
|
|
7.2. Informative References ....................................30
|
|
|
|
|
Appendix A Changes Made Since RFC 2256 ...........................32
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
1. Introduction
|
|
|
|
|
|
|
|
|
|
This document provides an overview of attribute types and object
|
|
|
|
|
classes intended for use by Lightweight Directory Access Protocol
|
2006-06-09 11:19:14 +08:00
|
|
|
|
(LDAP) directory clients for many directory services, such as White
|
2005-06-26 07:06:51 +08:00
|
|
|
|
Pages. Originally specified in the X.500 [X.500] documents, these
|
|
|
|
|
objects are widely used as a basis for the schema in many LDAP
|
|
|
|
|
directories. This document does not cover attributes used for the
|
|
|
|
|
administration of directory servers, nor does it include directory
|
|
|
|
|
objects defined for specific uses in other documents.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
1.1. Relationship with Other Specifications
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
This document is an integral part of the LDAP technical specification
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4510], which obsoletes the previously defined LDAP technical
|
2005-06-26 07:06:51 +08:00
|
|
|
|
specification, RFC 3377, in its entirety. In terms of RFC 2256,
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Sections 6 and 8 of RFC 2256 are obsoleted by [RFC4517]. Sections
|
|
|
|
|
5.1, 5.2, 7.1, and 7.2 of RFC 2256 are obsoleted by [RFC4512]. The
|
|
|
|
|
remainder of RFC 2256 is obsoleted by this document. The technical
|
|
|
|
|
specification for the 'dc' attribute type and 'dcObject' object class
|
|
|
|
|
found in RFC 2247 are superseded by sections 2.4 and 3.3 of this
|
|
|
|
|
document. The remainder of RFC 2247 remains in force.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 3]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
This document updates RFC 2798 by replacing the informative
|
2006-06-09 11:19:14 +08:00
|
|
|
|
description of the 'uid' attribute type with the definitive
|
2005-06-26 07:06:51 +08:00
|
|
|
|
description provided in Section 2.39 of this document.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
This document updates RFC 2377 by replacing the informative
|
|
|
|
|
description of the 'uidObject' object class with the definitive
|
|
|
|
|
description provided in Section 3.14 of this document.
|
|
|
|
|
|
|
|
|
|
A number of schema elements that were included in the previous
|
2005-06-26 07:06:51 +08:00
|
|
|
|
revision of the LDAP Technical Specification are not included in this
|
|
|
|
|
revision of LDAP. PKI-related schema elements are now specified in
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4523]. Unless reintroduced in future technical specifications,
|
2005-06-26 07:06:51 +08:00
|
|
|
|
the remainder are to be considered Historic.
|
|
|
|
|
|
|
|
|
|
The descriptions in this document SHALL be considered definitive for
|
|
|
|
|
use in LDAP.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
1.2. Conventions
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
|
2005-11-26 03:23:13 +08:00
|
|
|
|
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
|
2005-06-26 07:06:51 +08:00
|
|
|
|
document are to be interpreted as described in RFC 2119 [RFC2119].
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
1.3. General Issues
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
This document references Syntaxes defined in Section 3 of [RFC4517]
|
|
|
|
|
and Matching Rules defined in Section 4 of [RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The definitions of Attribute Types and Object Classes are written
|
2006-02-01 02:23:30 +08:00
|
|
|
|
using the Augmented Backus-Naur Form (ABNF) [RFC4234] of
|
2005-06-26 07:06:51 +08:00
|
|
|
|
AttributeTypeDescription and ObjectClassDescription given in
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4512]. Lines have been folded for readability. When such values
|
|
|
|
|
are transferred as attribute values in the LDAP Protocol, the values
|
2005-06-26 07:06:51 +08:00
|
|
|
|
will not contain line breaks.
|
|
|
|
|
|
|
|
|
|
2. Attribute Types
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The attribute types contained in this section hold user information.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
There is no requirement that servers implement the 'searchGuide' and
|
|
|
|
|
'teletexTerminalIdentifier' attribute types. In fact, their use is
|
|
|
|
|
greatly discouraged.
|
|
|
|
|
|
|
|
|
|
An LDAP server implementation SHOULD recognize the rest of the
|
|
|
|
|
attribute types described in this section.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 4]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2.1. 'businessCategory'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'businessCategory' attribute type describes the kinds of business
|
|
|
|
|
performed by an organization. Each kind is one value of this
|
|
|
|
|
multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.15 NAME 'businessCategory'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Examples: "banking", "transportation", and "real estate".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.2. 'c'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'c' ('countryName' in X.500) attribute type contains a two-letter
|
|
|
|
|
ISO 3166 [ISO3166] country code.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.6 NAME 'c'
|
|
|
|
|
SUP name
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
|
|
|
|
|
SINGLE-VALUE )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.11 refers to the Country String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
Examples: "DE", "AU" and "FR".
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.3. 'cn'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'cn' ('commonName' in X.500) attribute type contains names of an
|
|
|
|
|
object. Each name is one value of this multi-valued attribute. If
|
|
|
|
|
the object corresponds to a person, it is typically the person's full
|
|
|
|
|
name.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.3 NAME 'cn'
|
|
|
|
|
SUP name )
|
|
|
|
|
|
|
|
|
|
Examples: "Martin K Smith", "Marty Smith" and "printer12".
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Sciberras Standards Track [Page 5]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
2006-02-01 02:23:30 +08:00
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.4. 'dc'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'dc' ('domainComponent' in RFC 1274) attribute type is a string
|
|
|
|
|
holding one component, a label, of a DNS domain name
|
|
|
|
|
[RFC1034][RFC2181] naming a host [RFC1123]. That is, a value of this
|
|
|
|
|
attribute is a string of ASCII characters adhering to the following
|
|
|
|
|
ABNF [RFC4234]:
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
label = (ALPHA / DIGIT) [*61(ALPHA / DIGIT / HYPHEN) (ALPHA / DIGIT)]
|
|
|
|
|
ALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z"
|
|
|
|
|
DIGIT = %x30-39 ; "0"-"9"
|
|
|
|
|
HYPHEN = %x2D ; hyphen ("-")
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The encoding of IA5String for use in LDAP is simply the characters of
|
|
|
|
|
the ASCII label. The equality matching rule is case insensitive, as
|
|
|
|
|
is today's DNS. (Source: RFC 2247 [RFC2247] and RFC 1274 [RFC 1274])
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
( 0.9.2342.19200300.100.1.25 NAME 'dc'
|
|
|
|
|
EQUALITY caseIgnoreIA5Match
|
|
|
|
|
SUBSTR caseIgnoreIA5SubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
|
|
|
SINGLE-VALUE )
|
2006-02-01 02:23:30 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.26 refers to the IA5 String syntax
|
|
|
|
|
[RFC4517].
|
2006-02-01 02:23:30 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Examples: Valid values include "example" and "com" but not
|
|
|
|
|
"example.com". The latter is invalid as it contains multiple domain
|
|
|
|
|
components.
|
2006-02-01 02:23:30 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
It is noted that the directory service will not ensure that values of
|
|
|
|
|
this attribute conform to the host label restrictions [RFC1123]
|
|
|
|
|
illustrated by the <label> production provided above. It is the
|
|
|
|
|
directory client's responsibility to ensure that the labels it stores
|
|
|
|
|
in this attribute are appropriately restricted.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Directory applications supporting International Domain Names SHALL
|
|
|
|
|
use the ToASCII method [RFC3490] to produce the domain component
|
|
|
|
|
label. The special considerations discussed in Section 4 of RFC 3490
|
|
|
|
|
[RFC3490] should be taken, depending on whether the domain component
|
|
|
|
|
is used for "stored" or "query" purposes.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.5. 'description'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'description' attribute type contains human-readable descriptive
|
|
|
|
|
phrases about the object. Each description is one value of this
|
|
|
|
|
multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 6]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
( 2.5.4.13 NAME 'description'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
Examples: "a color printer", "Maintenance is done every Monday, at
|
2006-06-09 11:19:14 +08:00
|
|
|
|
1pm.", and "distribution list for all technical staff".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.6. 'destinationIndicator'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'destinationIndicator' attribute type contains country and city
|
2006-06-09 11:19:14 +08:00
|
|
|
|
strings associated with the object (the addressee) needed to provide
|
|
|
|
|
the Public Telegram Service. The strings are composed in accordance
|
|
|
|
|
with CCITT Recommendations F.1 [F.1] and F.31 [F.31]. Each string is
|
|
|
|
|
one value of this multi-valued attribute.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.27 NAME 'destinationIndicator'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.44 refers to the Printable String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
Examples: "AASD" as a destination indicator for Sydney, Australia.
|
|
|
|
|
"GBLD" as a destination indicator for London, United
|
|
|
|
|
Kingdom.
|
|
|
|
|
|
|
|
|
|
It is noted that the directory will not ensure that values of this
|
2006-06-09 11:19:14 +08:00
|
|
|
|
attribute conform to the F.1 and F.31 CCITT Recommendations. It is
|
2005-06-26 07:06:51 +08:00
|
|
|
|
the application's responsibility to ensure destination indicators
|
|
|
|
|
that it stores in this attribute are appropriately constructed.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.7. 'distinguishedName'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'distinguishedName' attribute type is not used as the name of the
|
|
|
|
|
object itself, but it is instead a base type from which some user
|
|
|
|
|
attribute types with a DN syntax can inherit.
|
|
|
|
|
|
|
|
|
|
It is unlikely that values of this type itself will occur in an
|
2006-06-09 11:19:14 +08:00
|
|
|
|
entry. LDAP server implementations that do not support attribute
|
2005-06-26 07:06:51 +08:00
|
|
|
|
subtyping need not recognize this attribute in requests. Client
|
|
|
|
|
implementations MUST NOT assume that LDAP servers are capable of
|
|
|
|
|
performing attribute subtyping.
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 7]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.49 NAME 'distinguishedName'
|
|
|
|
|
EQUALITY distinguishedNameMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.12 refers to the DN syntax [RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.8. 'dnQualifier'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'dnQualifier' attribute type contains disambiguating information
|
|
|
|
|
strings to add to the relative distinguished name of an entry. The
|
|
|
|
|
information is intended for use when merging data from multiple
|
2006-06-09 11:19:14 +08:00
|
|
|
|
sources in order to prevent conflicts between entries that would
|
2005-06-26 07:06:51 +08:00
|
|
|
|
otherwise have the same name. Each string is one value of this
|
|
|
|
|
multi-valued attribute. It is recommended that a value of the
|
|
|
|
|
'dnQualifier' attribute be the same for all entries from a particular
|
|
|
|
|
source.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.46 NAME 'dnQualifier'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
ORDERING caseIgnoreOrderingMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.44 refers to the Printable String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
Examples: "20050322123345Z" - timestamps can be used to disambiguate
|
|
|
|
|
information.
|
|
|
|
|
"123456A" - serial numbers can be used to disambiguate
|
|
|
|
|
information.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.9. 'enhancedSearchGuide'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'enhancedSearchGuide' attribute type contains sets of information
|
|
|
|
|
for use by directory clients in constructing search filters. Each
|
|
|
|
|
set is one value of this multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
( 2.5.4.47 NAME 'enhancedSearchGuide'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.21 refers to the Enhanced Guide syntax
|
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Sciberras Standards Track [Page 8]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2005-11-26 03:23:13 +08:00
|
|
|
|
Examples: "person#(sn$APPROX)#wholeSubtree" and
|
|
|
|
|
"organizationalUnit#(ou$SUBSTR)#oneLevel".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.10. 'facsimileTelephoneNumber'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'facsimileTelephoneNumber' attribute type contains telephone
|
|
|
|
|
numbers (and, optionally, the parameters) for facsimile terminals.
|
|
|
|
|
Each telephone number is one value of this multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.23 NAME 'facsimileTelephoneNumber'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.22 refers to the Facsimile Telephone
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Number syntax [RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2005-11-26 03:23:13 +08:00
|
|
|
|
Examples: "+61 3 9896 7801" and "+81 3 347 7418$fineResolution".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.11. 'generationQualifier'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'generationQualifier' attribute type contains name strings that
|
2006-06-09 11:19:14 +08:00
|
|
|
|
are typically the suffix part of a person's name. Each string is one
|
|
|
|
|
value of this multi-valued attribute.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.44 NAME 'generationQualifier'
|
|
|
|
|
SUP name )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Examples: "III", "3rd", and "Jr.".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.12. 'givenName'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'givenName' attribute type contains name strings that are the
|
2006-06-09 11:19:14 +08:00
|
|
|
|
part of a person's name that is not their surname. Each string is
|
2005-06-26 07:06:51 +08:00
|
|
|
|
one value of this multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.42 NAME 'givenName'
|
|
|
|
|
SUP name )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Examples: "Andrew", "Charles", and "Joanne".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.13. 'houseIdentifier'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'houseIdentifier' attribute type contains identifiers for a
|
|
|
|
|
building within a location. Each identifier is one value of this
|
|
|
|
|
multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 9]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
( 2.5.4.51 NAME 'houseIdentifier'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Example: "20" to represent the house number 20.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.14. 'initials'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'initials' attribute type contains strings of initials of some or
|
|
|
|
|
all of an individual's names, except the surname(s). Each string is
|
|
|
|
|
one value of this multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.43 NAME 'initials'
|
|
|
|
|
SUP name )
|
|
|
|
|
|
|
|
|
|
Examples: "K. A." and "K".
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.15. 'internationalISDNNumber'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'internationalISDNNumber' attribute type contains Integrated
|
|
|
|
|
Services Digital Network (ISDN) addresses, as defined in the
|
|
|
|
|
International Telecommunication Union (ITU) Recommendation E.164
|
|
|
|
|
[E.164]. Each address is one value of this multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.25 NAME 'internationalISDNNumber'
|
|
|
|
|
EQUALITY numericStringMatch
|
|
|
|
|
SUBSTR numericStringSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.36 refers to the Numeric String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2005-11-26 03:23:13 +08:00
|
|
|
|
Example: "0198 333 333".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.16. 'l'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'l' ('localityName' in X.500) attribute type contains names of a
|
|
|
|
|
locality or place, such as a city, county, or other geographic
|
|
|
|
|
region. Each name is one value of this multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Sciberras Standards Track [Page 10]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
( 2.5.4.7 NAME 'l'
|
|
|
|
|
SUP name )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Examples: "Geneva", "Paris", and "Edinburgh".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.17. 'member'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'member' attribute type contains the distinguished names of
|
2005-06-26 07:06:51 +08:00
|
|
|
|
objects that are on a list or in a group. Each name is one value of
|
|
|
|
|
this multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.31 NAME 'member'
|
|
|
|
|
SUP distinguishedName )
|
|
|
|
|
|
|
|
|
|
Examples: "cn=James Clarke,ou=Finance,o=Widget\, Inc." and
|
2005-11-26 03:23:13 +08:00
|
|
|
|
"cn=John Xerri,ou=Finance,o=Widget\, Inc." may
|
2005-06-26 07:06:51 +08:00
|
|
|
|
be two members of the financial team (group) at Widget,
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Inc., in which case, both of these distinguished names
|
|
|
|
|
would be present as individual values of the member
|
|
|
|
|
attribute.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.18. 'name'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'name' attribute type is the attribute supertype from which user
|
|
|
|
|
attribute types with the name syntax inherit. Such attribute types
|
|
|
|
|
are typically used for naming. The attribute type is multi-valued.
|
|
|
|
|
|
|
|
|
|
It is unlikely that values of this type itself will occur in an
|
2006-06-09 11:19:14 +08:00
|
|
|
|
entry. LDAP server implementations that do not support attribute
|
2005-06-26 07:06:51 +08:00
|
|
|
|
subtyping need not recognize this attribute in requests. Client
|
|
|
|
|
implementations MUST NOT assume that LDAP servers are capable of
|
|
|
|
|
performing attribute subtyping.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.41 NAME 'name'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.19. 'o'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'o' ('organizationName' in X.500) attribute type contains the
|
|
|
|
|
names of an organization. Each name is one value of this
|
|
|
|
|
multi-valued attribute.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Sciberras Standards Track [Page 11]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.10 NAME 'o'
|
|
|
|
|
SUP name )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Examples: "Widget", "Widget, Inc.", and "Widget, Incorporated.".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.20. 'ou'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'ou' ('organizationalUnitName' in X.500) attribute type contains
|
|
|
|
|
the names of an organizational unit. Each name is one value of this
|
|
|
|
|
multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.11 NAME 'ou'
|
|
|
|
|
SUP name )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Examples: "Finance", "Human Resources", and "Research and
|
2005-06-26 07:06:51 +08:00
|
|
|
|
Development".
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.21. 'owner'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'owner' attribute type contains the distinguished names of
|
2005-06-26 07:06:51 +08:00
|
|
|
|
objects that have an ownership responsibility for the object that is
|
|
|
|
|
owned. Each owner's name is one value of this multi-valued
|
|
|
|
|
attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.32 NAME 'owner'
|
|
|
|
|
SUP distinguishedName )
|
|
|
|
|
|
|
|
|
|
Example: The mailing list object, whose DN is "cn=All Employees,
|
|
|
|
|
ou=Mailing List,o=Widget\, Inc.", is owned by the Human
|
|
|
|
|
Resources Director.
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
2005-11-26 03:23:13 +08:00
|
|
|
|
Therefore, the value of the 'owner' attribute within the
|
2005-06-26 07:06:51 +08:00
|
|
|
|
mailing list object, would be the DN of the director (role):
|
|
|
|
|
"cn=Human Resources Director,ou=employee,o=Widget\, Inc.".
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.22. 'physicalDeliveryOfficeName'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'physicalDeliveryOfficeName' attribute type contains names that a
|
|
|
|
|
Postal Service uses to identify a post office.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 12]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
Examples: "Bremerhaven, Main" and "Bremerhaven, Bonnstrasse".
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.23. 'postalAddress'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'postalAddress' attribute type contains addresses used by a
|
|
|
|
|
Postal Service to perform services for the object. Each address is
|
|
|
|
|
one value of this multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.16 NAME 'postalAddress'
|
|
|
|
|
EQUALITY caseIgnoreListMatch
|
|
|
|
|
SUBSTR caseIgnoreListSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.41 refers to the Postal Address syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
Example: "15 Main St.$Ottawa$Canada".
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.24. 'postalCode'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'postalCode' attribute type contains codes used by a Postal
|
|
|
|
|
Service to identify postal service zones. Each code is one value of
|
|
|
|
|
this multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.17 NAME 'postalCode'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Example: "22180", to identify Vienna, VA, in the USA.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 13]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.25. 'postOfficeBox'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'postOfficeBox' attribute type contains postal box identifiers
|
|
|
|
|
that a Postal Service uses when a customer arranges to receive mail
|
|
|
|
|
at a box on the premises of the Postal Service. Each postal box
|
2005-06-26 07:06:51 +08:00
|
|
|
|
identifier is a single value of this multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.18 NAME 'postOfficeBox'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
Example: "Box 45".
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.26. 'preferredDeliveryMethod'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'preferredDeliveryMethod' attribute type contains an indication
|
|
|
|
|
of the preferred method of getting a message to the object.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.28 NAME 'preferredDeliveryMethod'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
|
|
|
|
|
SINGLE-VALUE )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.14 refers to the Delivery Method syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
Example: If the mhs-delivery Delivery Method is preferred over
|
|
|
|
|
telephone-delivery, which is preferred over all other
|
2005-11-26 03:23:13 +08:00
|
|
|
|
methods, the value would be: "mhs $ telephone".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.27. 'registeredAddress'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'registeredAddress' attribute type contains postal addresses
|
|
|
|
|
suitable for reception of telegrams or expedited documents, where it
|
|
|
|
|
is necessary to have the recipient accept delivery. Each address is
|
|
|
|
|
one value of this multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.26 NAME 'registeredAddress'
|
|
|
|
|
SUP postalAddress
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Sciberras Standards Track [Page 14]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.41 refers to the Postal Address syntax
|
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Example: "Receptionist$Widget, Inc.$15 Main St.$Ottawa$Canada".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.28. 'roleOccupant'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'roleOccupant' attribute type contains the distinguished names of
|
2005-06-26 07:06:51 +08:00
|
|
|
|
objects (normally people) that fulfill the responsibilities of a role
|
|
|
|
|
object. Each distinguished name is one value of this multi-valued
|
|
|
|
|
attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.33 NAME 'roleOccupant'
|
|
|
|
|
SUP distinguishedName )
|
|
|
|
|
|
|
|
|
|
Example: The role object, "cn=Human Resources
|
|
|
|
|
Director,ou=Position,o=Widget\, Inc.", is fulfilled by two
|
|
|
|
|
people whose object names are "cn=Mary
|
|
|
|
|
Smith,ou=employee,o=Widget\, Inc." and "cn=James
|
|
|
|
|
Brown,ou=employee,o=Widget\, Inc.". The 'roleOccupant'
|
|
|
|
|
attribute will contain both of these distinguished names,
|
|
|
|
|
since they are the occupants of this role.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.29. 'searchGuide'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'searchGuide' attribute type contains sets of information for use
|
|
|
|
|
by clients in constructing search filters. It is superseded by
|
2006-06-09 11:19:14 +08:00
|
|
|
|
'enhancedSearchGuide', described above in Section 2.9. Each set is
|
2005-06-26 07:06:51 +08:00
|
|
|
|
one value of this multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.14 NAME 'searchGuide'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.25 refers to the Guide syntax [RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2005-11-26 03:23:13 +08:00
|
|
|
|
Example: "person#sn$EQ".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.30. 'seeAlso'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'seeAlso' attribute type contains the distinguished names of
|
|
|
|
|
objects that are related to the subject object. Each related object
|
|
|
|
|
name is one value of this multi-valued attribute.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.34 NAME 'seeAlso'
|
|
|
|
|
SUP distinguishedName )
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Sciberras Standards Track [Page 15]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Example: The person object "cn=James Brown,ou=employee,o=Widget\,
|
|
|
|
|
Inc." is related to the role objects "cn=Football Team
|
|
|
|
|
Captain,ou=sponsored activities,o=Widget\, Inc." and
|
|
|
|
|
"cn=Chess Team,ou=sponsored activities,o=Widget\, Inc.".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
Since the role objects are related to the person object, the
|
|
|
|
|
'seeAlso' attribute will contain the distinguished name of
|
|
|
|
|
each role object as separate values.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.31. 'serialNumber'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'serialNumber' attribute type contains the serial numbers of
|
|
|
|
|
devices. Each serial number is one value of this multi-valued
|
|
|
|
|
attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.5 NAME 'serialNumber'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.44 refers to the Printable String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
Examples: "WI-3005" and "XF551426".
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.32. 'sn'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'sn' ('surname' in X.500) attribute type contains name strings
|
|
|
|
|
for the family names of a person. Each string is one value of this
|
|
|
|
|
multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.4 NAME 'sn'
|
|
|
|
|
SUP name )
|
|
|
|
|
|
2005-11-26 03:23:13 +08:00
|
|
|
|
Example: "Smith".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.33. 'st'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'st' ('stateOrProvinceName' in X.500) attribute type contains the
|
|
|
|
|
full names of states or provinces. Each name is one value of this
|
|
|
|
|
multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.8 NAME 'st'
|
|
|
|
|
SUP name )
|
|
|
|
|
|
|
|
|
|
Example: "California".
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Sciberras Standards Track [Page 16]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.34. 'street'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'street' ('streetAddress' in X.500) attribute type contains site
|
|
|
|
|
information from a postal address (i.e., the street name, place,
|
2006-06-09 11:19:14 +08:00
|
|
|
|
avenue, and the house number). Each street is one value of this
|
2005-06-26 07:06:51 +08:00
|
|
|
|
multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.9 NAME 'street'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2005-11-26 03:23:13 +08:00
|
|
|
|
Example: "15 Main St.".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.35. 'telephoneNumber'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'telephoneNumber' attribute type contains telephone numbers that
|
|
|
|
|
comply with the ITU Recommendation E.123 [E.123]. Each number is one
|
|
|
|
|
value of this multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.20 NAME 'telephoneNumber'
|
|
|
|
|
EQUALITY telephoneNumberMatch
|
|
|
|
|
SUBSTR telephoneNumberSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.50 refers to the Telephone Number syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
Example: "+1 234 567 8901".
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.36. 'teletexTerminalIdentifier'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The withdrawal of Recommendation F.200 has resulted in the withdrawal
|
|
|
|
|
of this attribute.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.22 NAME 'teletexTerminalIdentifier'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.51 refers to the Teletex Terminal
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Identifier syntax [RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Sciberras Standards Track [Page 17]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.37. 'telexNumber'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'telexNumber' attribute type contains sets of strings that are a
|
2005-06-26 07:06:51 +08:00
|
|
|
|
telex number, country code, and answerback code of a telex terminal.
|
|
|
|
|
Each set is one value of this multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.21 NAME 'telexNumber'
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.52 refers to the Telex Number syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2005-11-26 03:23:13 +08:00
|
|
|
|
Example: "12345$023$ABCDE".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.38. 'title'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'title' attribute type contains the title of a person in their
|
|
|
|
|
organizational context. Each title is one value of this multi-valued
|
|
|
|
|
attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.12 NAME 'title'
|
|
|
|
|
SUP name )
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Examples: "Vice President", "Software Engineer", and "CEO".
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.39. 'uid'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'uid' ('userid' in RFC 1274) attribute type contains computer
|
|
|
|
|
system login names associated with the object. Each name is one
|
|
|
|
|
value of this multi-valued attribute.
|
|
|
|
|
(Source: RFC 2798 [RFC2798] and RFC 1274 [RFC1274])
|
|
|
|
|
|
|
|
|
|
( 0.9.2342.19200300.100.1.1 NAME 'uid'
|
|
|
|
|
EQUALITY caseIgnoreMatch
|
|
|
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.15 refers to the Directory String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
|
|
|
|
|
|
|
|
|
Examples: "s9709015", "admin", and "Administrator".
|
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 18]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.40. 'uniqueMember'
|
|
|
|
|
|
|
|
|
|
The 'uniqueMember' attribute type contains the distinguished names of
|
|
|
|
|
an object that is on a list or in a group, where the relative
|
|
|
|
|
distinguished names of the object include a value that distinguishes
|
2005-06-26 07:06:51 +08:00
|
|
|
|
between objects when a distinguished name has been reused. Each
|
|
|
|
|
distinguished name is one value of this multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.50 NAME 'uniqueMember'
|
|
|
|
|
EQUALITY uniqueMemberMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.34 refers to the Name and Optional UID
|
2006-06-09 11:19:14 +08:00
|
|
|
|
syntax [RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
Example: If "ou=1st Battalion,o=Defense,c=US" is a battalion that was
|
|
|
|
|
disbanded, establishing a new battalion with the "same" name
|
|
|
|
|
would have a unique identifier value added, resulting in
|
|
|
|
|
"ou=1st Battalion, o=Defense,c=US#'010101'B".
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.41. 'userPassword'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'userPassword' attribute contains octet strings that are known
|
|
|
|
|
only to the user and the system to which the user has access. Each
|
|
|
|
|
string is one value of this multi-valued attribute.
|
|
|
|
|
|
|
|
|
|
The application SHOULD prepare textual strings used as passwords by
|
2005-11-26 03:23:13 +08:00
|
|
|
|
transcoding them to Unicode, applying SASLprep [RFC4013], and
|
2005-06-26 07:06:51 +08:00
|
|
|
|
encoding as UTF-8. The determination of whether a password is
|
|
|
|
|
textual is a local client matter.
|
|
|
|
|
(Source: X.509 [X.509])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.35 NAME 'userPassword'
|
|
|
|
|
EQUALITY octetStringMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.40 refers to the Octet String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
Passwords are stored using an Octet String syntax and are not
|
|
|
|
|
encrypted. Transfer of cleartext passwords is strongly discouraged
|
|
|
|
|
where the underlying transport service cannot guarantee
|
|
|
|
|
confidentiality and may result in disclosure of the password to
|
|
|
|
|
unauthorized parties.
|
|
|
|
|
|
|
|
|
|
An example of a need for multiple values in the 'userPassword'
|
2006-06-09 11:19:14 +08:00
|
|
|
|
attribute is an environment where every month the user is expected to
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
2005-11-26 03:23:13 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Sciberras Standards Track [Page 19]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
use a different password generated by some automated system. During
|
|
|
|
|
transitional periods, like the last and first day of the periods, it
|
|
|
|
|
may be necessary to allow two passwords for the two consecutive
|
|
|
|
|
periods to be valid in the system.
|
|
|
|
|
|
|
|
|
|
2.42. 'x121Address'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'x121Address' attribute type contains data network addresses as
|
|
|
|
|
defined by ITU Recommendation X.121 [X.121]. Each address is one
|
|
|
|
|
value of this multi-valued attribute.
|
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.24 NAME 'x121Address'
|
|
|
|
|
EQUALITY numericStringMatch
|
|
|
|
|
SUBSTR numericStringSubstringsMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.36 refers to the Numeric String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
Example: "36111222333444555".
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
2.43. 'x500UniqueIdentifier'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'x500UniqueIdentifier' attribute type contains binary strings
|
|
|
|
|
that are used to distinguish between objects when a distinguished
|
|
|
|
|
name has been reused. Each string is one value of this multi-valued
|
|
|
|
|
attribute.
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
In X.520 [X.520], this attribute type is called 'uniqueIdentifier'.
|
|
|
|
|
This is a different attribute type from both the 'uid' and
|
|
|
|
|
'uniqueIdentifier' LDAP attribute types. The 'uniqueIdentifier'
|
2006-06-09 11:19:14 +08:00
|
|
|
|
attribute type is defined in [RFC4524].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
(Source: X.520 [X.520])
|
|
|
|
|
|
|
|
|
|
( 2.5.4.45 NAME 'x500UniqueIdentifier'
|
|
|
|
|
EQUALITY bitStringMatch
|
|
|
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
|
|
|
|
|
|
|
|
|
|
1.3.6.1.4.1.1466.115.121.1.6 refers to the Bit String syntax
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
3. Object Classes
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
LDAP servers SHOULD recognize all the Object Classes listed here as
|
|
|
|
|
values of the 'objectClass' attribute (see [RFC4512]).
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2005-11-26 03:23:13 +08:00
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Sciberras Standards Track [Page 20]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
3.1. 'applicationProcess'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'applicationProcess' object class definition is the basis of an
|
2006-06-09 11:19:14 +08:00
|
|
|
|
entry that represents an application executing in a computer system.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
(Source: X.521 [X.521])
|
|
|
|
|
|
|
|
|
|
( 2.5.6.11 NAME 'applicationProcess'
|
|
|
|
|
SUP top
|
|
|
|
|
STRUCTURAL
|
|
|
|
|
MUST cn
|
|
|
|
|
MAY ( seeAlso $
|
|
|
|
|
ou $
|
|
|
|
|
l $
|
|
|
|
|
description ) )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
3.2. 'country'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'country' object class definition is the basis of an entry that
|
2005-06-26 07:06:51 +08:00
|
|
|
|
represents a country.
|
|
|
|
|
(Source: X.521 [X.521])
|
|
|
|
|
|
|
|
|
|
( 2.5.6.2 NAME 'country'
|
|
|
|
|
SUP top
|
|
|
|
|
STRUCTURAL
|
|
|
|
|
MUST c
|
|
|
|
|
MAY ( searchGuide $
|
|
|
|
|
description ) )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
3.3. 'dcObject'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'dcObject' object class permits an entry to contains domain
|
|
|
|
|
component information. This object class is defined as auxiliary,
|
|
|
|
|
because it will be used in conjunction with an existing structural
|
|
|
|
|
object class.
|
|
|
|
|
(Source: RFC 2247 [RFC2247])
|
|
|
|
|
|
|
|
|
|
( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
|
|
|
|
|
SUP top
|
|
|
|
|
AUXILIARY
|
|
|
|
|
MUST dc )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
3.4. 'device'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'device' object class is the basis of an entry that represents an
|
|
|
|
|
appliance, computer, or network element.
|
|
|
|
|
(Source: X.521 [X.521])
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Sciberras Standards Track [Page 21]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
( 2.5.6.14 NAME 'device'
|
|
|
|
|
SUP top
|
|
|
|
|
STRUCTURAL
|
|
|
|
|
MUST cn
|
|
|
|
|
MAY ( serialNumber $
|
|
|
|
|
seeAlso $
|
|
|
|
|
owner $
|
|
|
|
|
ou $
|
|
|
|
|
o $
|
|
|
|
|
l $
|
|
|
|
|
description ) )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
3.5. 'groupOfNames'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'groupOfNames' object class is the basis of an entry that
|
2005-06-26 07:06:51 +08:00
|
|
|
|
represents a set of named objects including information related to
|
|
|
|
|
the purpose or maintenance of the set.
|
|
|
|
|
(Source: X.521 [X.521])
|
|
|
|
|
|
|
|
|
|
( 2.5.6.9 NAME 'groupOfNames'
|
|
|
|
|
SUP top
|
|
|
|
|
STRUCTURAL
|
|
|
|
|
MUST ( member $
|
|
|
|
|
cn )
|
|
|
|
|
MAY ( businessCategory $
|
|
|
|
|
seeAlso $
|
|
|
|
|
owner $
|
|
|
|
|
ou $
|
|
|
|
|
o $
|
|
|
|
|
description ) )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
3.6. 'groupOfUniqueNames'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'groupOfUniqueNames' object class is the same as the
|
|
|
|
|
'groupOfNames' object class except that the object names are not
|
|
|
|
|
repeated or reassigned within a set scope.
|
|
|
|
|
(Source: X.521 [X.521])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 22]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
( 2.5.6.17 NAME 'groupOfUniqueNames'
|
|
|
|
|
SUP top
|
|
|
|
|
STRUCTURAL
|
|
|
|
|
MUST ( uniqueMember $
|
2005-06-26 07:06:51 +08:00
|
|
|
|
cn )
|
|
|
|
|
MAY ( businessCategory $
|
|
|
|
|
seeAlso $
|
|
|
|
|
owner $
|
|
|
|
|
ou $
|
|
|
|
|
o $
|
|
|
|
|
description ) )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
3.7. 'locality'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'locality' object class is the basis of an entry that represents
|
2005-06-26 07:06:51 +08:00
|
|
|
|
a place in the physical world.
|
|
|
|
|
(Source: X.521 [X.521])
|
|
|
|
|
|
|
|
|
|
( 2.5.6.3 NAME 'locality'
|
|
|
|
|
SUP top
|
|
|
|
|
STRUCTURAL
|
|
|
|
|
MAY ( street $
|
|
|
|
|
seeAlso $
|
|
|
|
|
searchGuide $
|
|
|
|
|
st $
|
|
|
|
|
l $
|
|
|
|
|
description ) )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
3.8. 'organization'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'organization' object class is the basis of an entry that
|
2005-06-26 07:06:51 +08:00
|
|
|
|
represents a structured group of people.
|
|
|
|
|
(Source: X.521 [X.521])
|
|
|
|
|
|
|
|
|
|
( 2.5.6.4 NAME 'organization'
|
|
|
|
|
SUP top
|
|
|
|
|
STRUCTURAL
|
|
|
|
|
MUST o
|
|
|
|
|
MAY ( userPassword $ searchGuide $ seeAlso $
|
|
|
|
|
businessCategory $ x121Address $ registeredAddress $
|
|
|
|
|
destinationIndicator $ preferredDeliveryMethod $
|
|
|
|
|
telexNumber $ teletexTerminalIdentifier $
|
2006-06-09 11:19:14 +08:00
|
|
|
|
telephoneNumber $ internationalISDNNumber $
|
2005-06-26 07:06:51 +08:00
|
|
|
|
facsimileTelephoneNumber $ street $ postOfficeBox $
|
|
|
|
|
postalCode $ postalAddress $ physicalDeliveryOfficeName $
|
|
|
|
|
st $ l $ description ) )
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Sciberras Standards Track [Page 23]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
3.9. 'organizationalPerson'
|
|
|
|
|
|
|
|
|
|
The 'organizationalPerson' object class is the basis of an entry that
|
|
|
|
|
represents a person in relation to an organization.
|
|
|
|
|
(Source: X.521 [X.521])
|
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
( 2.5.6.7 NAME 'organizationalPerson'
|
|
|
|
|
SUP person
|
|
|
|
|
STRUCTURAL
|
|
|
|
|
MAY ( title $ x121Address $ registeredAddress $
|
|
|
|
|
destinationIndicator $ preferredDeliveryMethod $
|
|
|
|
|
telexNumber $ teletexTerminalIdentifier $
|
2006-06-09 11:19:14 +08:00
|
|
|
|
telephoneNumber $ internationalISDNNumber $
|
2005-06-26 07:06:51 +08:00
|
|
|
|
facsimileTelephoneNumber $ street $ postOfficeBox $
|
|
|
|
|
postalCode $ postalAddress $ physicalDeliveryOfficeName $
|
|
|
|
|
ou $ st $ l ) )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
3.10. 'organizationalRole'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'organizationalRole' object class is the basis of an entry that
|
|
|
|
|
represents a job, function, or position in an organization.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
(Source: X.521 [X.521])
|
|
|
|
|
|
|
|
|
|
( 2.5.6.8 NAME 'organizationalRole'
|
|
|
|
|
SUP top
|
|
|
|
|
STRUCTURAL
|
|
|
|
|
MUST cn
|
|
|
|
|
MAY ( x121Address $ registeredAddress $ destinationIndicator $
|
|
|
|
|
preferredDeliveryMethod $ telexNumber $
|
|
|
|
|
teletexTerminalIdentifier $ telephoneNumber $
|
2006-06-09 11:19:14 +08:00
|
|
|
|
internationalISDNNumber $ facsimileTelephoneNumber $
|
2005-06-26 07:06:51 +08:00
|
|
|
|
seeAlso $ roleOccupant $ preferredDeliveryMethod $
|
|
|
|
|
street $ postOfficeBox $ postalCode $ postalAddress $
|
|
|
|
|
physicalDeliveryOfficeName $ ou $ st $ l $
|
|
|
|
|
description ) )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
3.11. 'organizationalUnit'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'organizationalUnit' object class is the basis of an entry that
|
2005-06-26 07:06:51 +08:00
|
|
|
|
represents a piece of an organization.
|
|
|
|
|
(Source: X.521 [X.521])
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 24]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
( 2.5.6.5 NAME 'organizationalUnit'
|
|
|
|
|
SUP top
|
|
|
|
|
STRUCTURAL
|
|
|
|
|
MUST ou
|
|
|
|
|
MAY ( businessCategory $ description $ destinationIndicator $
|
2006-06-09 11:19:14 +08:00
|
|
|
|
facsimileTelephoneNumber $ internationalISDNNumber $ l $
|
2005-06-26 07:06:51 +08:00
|
|
|
|
physicalDeliveryOfficeName $ postalAddress $ postalCode $
|
|
|
|
|
postOfficeBox $ preferredDeliveryMethod $
|
|
|
|
|
registeredAddress $ searchGuide $ seeAlso $ st $ street $
|
|
|
|
|
telephoneNumber $ teletexTerminalIdentifier $
|
|
|
|
|
telexNumber $ userPassword $ x121Address ) )
|
|
|
|
|
|
|
|
|
|
3.12 'person'
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'person' object class is the basis of an entry that represents a
|
2005-06-26 07:06:51 +08:00
|
|
|
|
human being.
|
|
|
|
|
(Source: X.521 [X.521])
|
|
|
|
|
|
|
|
|
|
( 2.5.6.6 NAME 'person'
|
|
|
|
|
SUP top
|
|
|
|
|
STRUCTURAL
|
|
|
|
|
MUST ( sn $
|
|
|
|
|
cn )
|
|
|
|
|
MAY ( userPassword $
|
|
|
|
|
telephoneNumber $
|
|
|
|
|
seeAlso $ description ) )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
3.13. 'residentialPerson'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The 'residentialPerson' object class is the basis of an entry that
|
2005-06-26 07:06:51 +08:00
|
|
|
|
includes a person's residence in the representation of the person.
|
|
|
|
|
(Source: X.521 [X.521])
|
|
|
|
|
|
|
|
|
|
( 2.5.6.10 NAME 'residentialPerson'
|
|
|
|
|
SUP person
|
|
|
|
|
STRUCTURAL
|
|
|
|
|
MUST l
|
|
|
|
|
MAY ( businessCategory $ x121Address $ registeredAddress $
|
|
|
|
|
destinationIndicator $ preferredDeliveryMethod $
|
|
|
|
|
telexNumber $ teletexTerminalIdentifier $
|
2006-06-09 11:19:14 +08:00
|
|
|
|
telephoneNumber $ internationalISDNNumber $
|
2005-06-26 07:06:51 +08:00
|
|
|
|
facsimileTelephoneNumber $ preferredDeliveryMethod $
|
|
|
|
|
street $ postOfficeBox $ postalCode $ postalAddress $
|
|
|
|
|
physicalDeliveryOfficeName $ st $ l ) )
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 25]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3.14. 'uidObject'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
The 'uidObject' object class permits an entry to contains user
|
|
|
|
|
identification information. This object class is defined as
|
|
|
|
|
auxiliary, because it will be used in conjunction with an existing
|
|
|
|
|
structural object class.
|
|
|
|
|
(Source: RFC 2377 [RFC2377])
|
|
|
|
|
|
|
|
|
|
( 1.3.6.1.1.3.1 NAME 'uidObject'
|
|
|
|
|
SUP top
|
|
|
|
|
AUXILIARY
|
|
|
|
|
MUST uid )
|
|
|
|
|
|
|
|
|
|
4. IANA Considerations
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
The Internet Assigned Numbers Authority (IANA) has updated the LDAP
|
|
|
|
|
descriptors registry as indicated in the following template:
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
Subject: Request for LDAP Descriptor Registration Update
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Descriptor (short name): see comments
|
|
|
|
|
Object Identifier: see comments
|
2005-06-26 07:06:51 +08:00
|
|
|
|
Person & email address to contact for further information:
|
|
|
|
|
Andrew Sciberras <andrew.sciberras@eb2bcom.com>
|
|
|
|
|
Usage: (A = attribute type, O = Object Class) see comment
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Specification: RFC 4519
|
2005-06-26 07:06:51 +08:00
|
|
|
|
Author/Change Controller: IESG
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
Comments
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
In the LDAP descriptors registry, the following descriptors (short
|
|
|
|
|
names) have been updated to refer to RFC 4519. Names that need to
|
|
|
|
|
be reserved, rather than assigned to an Object Identifier, will
|
|
|
|
|
contain an Object Identifier value of RESERVED.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
NAME Type OID
|
|
|
|
|
------------------------ ---- ----------------------------
|
|
|
|
|
applicationProcess O 2.5.6.11
|
|
|
|
|
businessCategory A 2.5.4.15
|
|
|
|
|
c A 2.5.4.6
|
|
|
|
|
cn A 2.5.4.3
|
|
|
|
|
commonName A 2.5.4.3
|
|
|
|
|
country O 2.5.6.2
|
|
|
|
|
countryName A 2.5.4.6
|
2006-06-09 11:19:14 +08:00
|
|
|
|
dc A 0.9.2342.19200300.100.1.25
|
2005-06-26 07:06:51 +08:00
|
|
|
|
dcObject O 1.3.6.1.4.1.1466.344
|
|
|
|
|
description A 2.5.4.13
|
|
|
|
|
destinationIndicator A 2.5.4.27
|
|
|
|
|
device O 2.5.6.14
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 26]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
NAME Type OID
|
|
|
|
|
------------------------ ---- ----------------------------
|
2005-06-26 07:06:51 +08:00
|
|
|
|
distinguishedName A 2.5.4.49
|
|
|
|
|
dnQualifier A 2.5.4.46
|
|
|
|
|
domainComponent A 0.9.2342.19200300.100.1.25
|
|
|
|
|
enhancedSearchGuide A 2.5.4.47
|
|
|
|
|
facsimileTelephoneNumber A 2.5.4.23
|
|
|
|
|
generationQualifier A 2.5.4.44
|
|
|
|
|
givenName A 2.5.4.42
|
2006-06-09 11:19:14 +08:00
|
|
|
|
gn A RESERVED
|
2005-06-26 07:06:51 +08:00
|
|
|
|
groupOfNames O 2.5.6.9
|
|
|
|
|
groupOfUniqueNames O 2.5.6.17
|
2005-11-26 03:23:13 +08:00
|
|
|
|
houseIdentifier A 2.5.4.51
|
|
|
|
|
initials A 2.5.4.43
|
2005-06-26 07:06:51 +08:00
|
|
|
|
internationalISDNNumber A 2.5.4.25
|
2006-06-09 11:19:14 +08:00
|
|
|
|
l A 2.5.4.7
|
2005-06-26 07:06:51 +08:00
|
|
|
|
locality O 2.5.6.3
|
|
|
|
|
localityName A 2.5.4.7
|
|
|
|
|
member A 2.5.4.31
|
|
|
|
|
name A 2.5.4.41
|
|
|
|
|
o A 2.5.4.10
|
|
|
|
|
organization O 2.5.6.4
|
|
|
|
|
organizationName A 2.5.4.10
|
|
|
|
|
organizationalPerson O 2.5.6.7
|
|
|
|
|
organizationalRole O 2.5.6.8
|
|
|
|
|
organizationalUnit O 2.5.6.5
|
|
|
|
|
organizationalUnitName A 2.5.4.11
|
|
|
|
|
ou A 2.5.4.11
|
|
|
|
|
owner A 2.5.4.32
|
|
|
|
|
person O 2.5.6.6
|
|
|
|
|
physicalDeliveryOfficeName A 2.5.4.19
|
|
|
|
|
postalAddress A 2.5.4.16
|
|
|
|
|
postalCode A 2.5.4.17
|
|
|
|
|
postOfficeBox A 2.5.4.18
|
|
|
|
|
preferredDeliveryMethod A 2.5.4.28
|
|
|
|
|
registeredAddress A 2.5.4.26
|
|
|
|
|
residentialPerson O 2.5.6.10
|
|
|
|
|
roleOccupant A 2.5.4.33
|
|
|
|
|
searchGuide A 2.5.4.14
|
|
|
|
|
seeAlso A 2.5.4.34
|
|
|
|
|
serialNumber A 2.5.4.5
|
|
|
|
|
sn A 2.5.4.4
|
|
|
|
|
st A 2.5.4.8
|
|
|
|
|
street A 2.5.4.9
|
|
|
|
|
surname A 2.5.4.4
|
|
|
|
|
telephoneNumber A 2.5.4.20
|
|
|
|
|
teletexTerminalIdentifier A 2.5.4.22
|
|
|
|
|
telexNumber A 2.5.4.21
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 27]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
NAME Type OID
|
|
|
|
|
------------------------ ---- ----------------------------
|
2005-06-26 07:06:51 +08:00
|
|
|
|
title A 2.5.4.12
|
|
|
|
|
uid A 0.9.2342.19200300.100.1.1
|
|
|
|
|
uidObject O 1.3.6.1.1.3.1
|
|
|
|
|
uniqueMember A 2.5.4.50
|
2006-06-09 11:19:14 +08:00
|
|
|
|
userid A 0.9.2342.19200300.100.1.1
|
2005-06-26 07:06:51 +08:00
|
|
|
|
userPassword A 2.5.4.35
|
|
|
|
|
x121Address A 2.5.4.24
|
|
|
|
|
x500UniqueIdentifier A 2.5.4.45
|
|
|
|
|
|
|
|
|
|
5. Security Considerations
|
|
|
|
|
|
|
|
|
|
Attributes of directory entries are used to provide descriptive
|
2005-11-26 03:23:13 +08:00
|
|
|
|
information about the real-world objects they represent, which can be
|
2006-06-09 11:19:14 +08:00
|
|
|
|
people, organizations, or devices. Most countries have privacy laws
|
2005-06-26 07:06:51 +08:00
|
|
|
|
regarding the publication of information about people.
|
|
|
|
|
|
|
|
|
|
Transfer of cleartext passwords is strongly discouraged where the
|
2006-02-01 02:23:30 +08:00
|
|
|
|
underlying transport service cannot guarantee confidentiality and
|
|
|
|
|
integrity, since this may result in disclosure of the password to
|
|
|
|
|
unauthorized parties.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2005-11-26 03:23:13 +08:00
|
|
|
|
Multiple attribute values for the 'userPassword' attribute need to be
|
2006-06-09 11:19:14 +08:00
|
|
|
|
used with care. Especially reset/deletion of a password by an
|
|
|
|
|
administrator without knowing the old user password gets tricky or
|
|
|
|
|
impossible if multiple values for different applications are present.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Certainly, applications that intend to replace the 'userPassword'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
value(s) with new value(s) should use modify/replaceValues (or
|
2006-06-09 11:19:14 +08:00
|
|
|
|
modify/deleteAttribute+addAttribute). In addition, server
|
2005-06-26 07:06:51 +08:00
|
|
|
|
implementations are encouraged to provide administrative controls
|
2006-06-09 11:19:14 +08:00
|
|
|
|
that, if enabled, restrict the 'userPassword' attribute to one value.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Note that when used for authentication purposes [RFC4513], the user
|
2005-06-26 07:06:51 +08:00
|
|
|
|
need only prove knowledge of one of the values, not all of the
|
|
|
|
|
values.
|
|
|
|
|
|
|
|
|
|
6. Acknowledgements
|
|
|
|
|
|
|
|
|
|
The definitions, on which this document is based, have been developed
|
|
|
|
|
by committees for telecommunications and international standards.
|
|
|
|
|
|
|
|
|
|
This document is an update of RFC 2256 by Mark Wahl. RFC 2256 was a
|
|
|
|
|
product of the IETF ASID Working Group.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 28]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
The 'dc' attribute type definition and the 'dcObject' object class
|
|
|
|
|
definition in this document supersede the specification in RFC 2247
|
|
|
|
|
by S. Kille, M. Wahl, A. Grimstad, R. Huber, and S. Sataluri.
|
|
|
|
|
|
|
|
|
|
The 'uid' attribute type definition in this document supersedes the
|
|
|
|
|
specification of the 'userid' in RFC 1274 by P. Barker and S. Kille
|
|
|
|
|
and of the uid in RFC 2798 by M. Smith.
|
|
|
|
|
|
|
|
|
|
The 'uidObject' object class definition in this document supersedes
|
|
|
|
|
the specification of the 'uidObject' in RFC 2377 by A. Grimstad, R.
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Huber, S. Sataluri, and M. Wahl.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
This document is based upon input of the IETF LDAPBIS working group.
|
|
|
|
|
The author wishes to thank S. Legg and K. Zeilenga for their
|
|
|
|
|
significant contribution to this update. The author would also like
|
2006-06-09 11:19:14 +08:00
|
|
|
|
to thank Kathy Dally, who edited early versions of this document.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
7. References
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
7.1. Normative References
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[E.123] Notation for national and international telephone numbers,
|
|
|
|
|
ITU-T Recommendation E.123, 1988
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[E.164] The international public telecommunication numbering plan,
|
|
|
|
|
ITU-T Recommendation E.164, 1997
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[F.1] Operational Provisions For The International Public
|
|
|
|
|
Telegram Service Transmission System, CCITT Recommendation
|
|
|
|
|
F.1, 1992
|
|
|
|
|
|
|
|
|
|
[F.31] Telegram Retransmission System, CCITT Recommendation F.31,
|
|
|
|
|
1988
|
|
|
|
|
|
|
|
|
|
[ISO3166] ISO 3166, "Codes for the representation of names of
|
|
|
|
|
countries".
|
|
|
|
|
|
|
|
|
|
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
|
|
|
|
|
STD 13, RFC 1034, November 1987.
|
|
|
|
|
|
|
|
|
|
[RFC1123] Braden, R., "Requirements for Internet Hosts - Application
|
|
|
|
|
and Support", STD 3, RFC 1123, October 1989.
|
|
|
|
|
|
|
|
|
|
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
|
|
|
|
|
Requirement Levels", BCP 14, RFC 2119, March 1997.
|
|
|
|
|
|
|
|
|
|
[RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
|
|
|
|
|
Specification", RFC 2181, July 1997.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 29]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC3490] Faltstrom, P., Hoffman, P., and A. Costello,
|
|
|
|
|
"Internationalizing Domain Names in Applications (IDNA)",
|
|
|
|
|
RFC 3490, March 2003.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4013] Zeilenga, K., "SASLprep: Stringprep Profile for User Names
|
|
|
|
|
and Passwords", RFC 4013, February 2005.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
|
|
|
|
|
Specifications: ABNF", RFC 4234, October 2005.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4510] Zeilenga, K., Ed., "Lightweight Directory Access Protocol
|
|
|
|
|
(LDAP): Technical Specification Road Map", RFC 4510, June
|
|
|
|
|
2006.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4512] Zeilenga, K., "Lightweight Directory Access Protocol
|
|
|
|
|
(LDAP): Directory Information Models", RFC 4512, June
|
|
|
|
|
2006.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4517] Legg, S., Ed., "Lightweight Directory Access Protocol
|
|
|
|
|
(LDAP): Syntaxes and Matching Rules", RFC 4517, June 2006.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[X.121] International numbering plan for public data networks,
|
|
|
|
|
ITU-T Recommendation X.121, 1996
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[X.509] The Directory: Authentication Framework, ITU-T
|
|
|
|
|
Recommendation X.509, 1993
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[X.520] The Directory: Selected Attribute Types, ITU-T
|
|
|
|
|
Recommendation X.520, 1993
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[X.521] The Directory: Selected Object Classes. ITU-T
|
|
|
|
|
Recommendation X.521, 1993
|
2005-11-26 03:23:13 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
7.2. Informative References
|
2006-02-01 02:23:30 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC1274] Barker, P. and S. Kille, "The COSINE and Internet X.500
|
|
|
|
|
Schema", RFC 1274, November 1991.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC2247] Kille, S., Wahl, M., Grimstad, A., Huber, R., and S.
|
|
|
|
|
Sataluri, "Using Domains in LDAP/X.500 Distinguished
|
|
|
|
|
Names", RFC 2247, January 1998.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC2377] Grimstad, A., Huber, R., Sataluri, S., and M. Wahl,
|
|
|
|
|
"Naming Plan for Internet Directory-Enabled Applications",
|
|
|
|
|
RFC 2377, September 1998.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC2798] Smith, M., "Definition of the inetOrgPerson LDAP Object
|
|
|
|
|
Class", RFC 2798, April 2000.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 30]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4513] Harrison R., Ed., "Lightweight Directory Access Protocol
|
|
|
|
|
(LDAP): Authentication Methods and Security Mechanisms",
|
|
|
|
|
RFC 4513, June 2006.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4523] Zeilenga, K., "Lightweight Directory Access Protocol
|
|
|
|
|
(LDAP) Schema Definitions for X.509 Certificates", RFC
|
|
|
|
|
4523, June 2006.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[RFC4524] Zeilenga, E., Ed., "COSINE LDAP/X.500 Schema", RFC 4524,
|
|
|
|
|
June 2006.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
[X.500] ITU-T Recommendations X.500 (1993) | ISO/IEC 9594-1:1994,
|
|
|
|
|
Information Technology - Open Systems Interconnection -
|
|
|
|
|
The Directory: Overview of concepts, models and services.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2005-11-26 03:23:13 +08:00
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2005-11-26 03:23:13 +08:00
|
|
|
|
|
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 31]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Appendix A. Changes Made Since RFC 2256
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
This appendix lists the changes that have been made from RFC 2256 to
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
This appendix is not a normative part of this specification, which
|
|
|
|
|
has been provided for informational purposes only.
|
|
|
|
|
|
|
|
|
|
1. Replaced the document title.
|
|
|
|
|
|
|
|
|
|
2. Removed the IESG Note.
|
|
|
|
|
|
|
|
|
|
3. Dependencies on RFC 1274 have been eliminated.
|
|
|
|
|
|
|
|
|
|
4. Added a Security Considerations section and an IANA
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Considerations section.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
5. Deleted the conformance requirement for subschema object
|
2006-06-09 11:19:14 +08:00
|
|
|
|
classes in favor of a statement in [RFC4517].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
6. Added explanation to attribute types and to each object class.
|
|
|
|
|
|
|
|
|
|
7. Removed Section 4, Syntaxes, and Section 6, Matching Rules,
|
2006-06-09 11:19:14 +08:00
|
|
|
|
(moved to [RFC4517]).
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
8. Removed the certificate-related attribute types:
|
|
|
|
|
authorityRevocationList, cACertificate,
|
|
|
|
|
certificateRevocationList, crossCertificatePair,
|
|
|
|
|
deltaRevocationList, supportedAlgorithms, and userCertificate.
|
|
|
|
|
|
|
|
|
|
Removed the certificate-related Object Classes:
|
|
|
|
|
certificationAuthority, certificationAuthority-V2,
|
|
|
|
|
cRLDistributionPoint, strongAuthenticationUser, and
|
|
|
|
|
userSecurityInformation
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
LDAP PKI is now discussed in [RFC4523].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
9. Removed the dmdName, knowledgeInformation,
|
|
|
|
|
presentationAddress, protocolInformation, and
|
|
|
|
|
supportedApplicationContext attribute types and the dmd,
|
|
|
|
|
applicationEntity, and dSA object classes.
|
|
|
|
|
|
|
|
|
|
10. Deleted the aliasedObjectName and objectClass attribute type
|
|
|
|
|
definitions. Deleted the alias and top object class
|
2006-06-09 11:19:14 +08:00
|
|
|
|
definitions. They are included in [RFC4512].
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 32]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
11. Added the 'dc' attribute type from RFC 2247, making the
|
|
|
|
|
distinction between 'stored' and 'query' values when preparing
|
|
|
|
|
IDN strings.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
12. Numerous editorial changes.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
13. Removed upper bound after the SYNTAX oid in all attribute
|
|
|
|
|
definitions where it appeared.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
14. Added text about Unicode, SASLprep [RFC4013], and UTF-8 for
|
|
|
|
|
userPassword.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
15. Included definitions, comments and references for 'dcObject'
|
2005-06-26 07:06:51 +08:00
|
|
|
|
and 'uidObject'.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
16. Replaced PKI schema references to use RFC 4523.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
17. Spelt out and referenced ABNF on first usage.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
18. Removed Section 2.4 (Source). Replaced the source table with
|
2005-06-26 07:06:51 +08:00
|
|
|
|
explicit references for each definition.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
19. All references to an attribute type or object class are
|
2005-06-26 07:06:51 +08:00
|
|
|
|
enclosed in single quotes.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
20. The layout of attribute type definitions has been changed to
|
2005-06-26 07:06:51 +08:00
|
|
|
|
provide consistency throughout the document:
|
|
|
|
|
> Section Heading
|
|
|
|
|
> Description of Attribute type
|
|
|
|
|
> Multivalued description
|
|
|
|
|
> Source Information
|
|
|
|
|
> Definition
|
|
|
|
|
> Example
|
|
|
|
|
> Additional Comments
|
|
|
|
|
|
|
|
|
|
Adding this consistent output included the addition of
|
|
|
|
|
examples to some definitions.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
21. References to alternate names for attributes types are
|
2005-06-26 07:06:51 +08:00
|
|
|
|
provided with a reference to where they were originally
|
|
|
|
|
specified.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
22. Clarification of the description of 'distinguishedName' and
|
2005-06-26 07:06:51 +08:00
|
|
|
|
'name', in regards to these attribute types being supertypes.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
23. Spelt out ISDN on first usage.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Sciberras Standards Track [Page 33]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
24. Inserted a reference to [RFC4517] for the
|
2005-06-26 07:06:51 +08:00
|
|
|
|
'teletexTerminalIdentifier' definition's SYNTAX OID.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
25. Additional names were added to the IANA Considerations. Names
|
2005-06-26 07:06:51 +08:00
|
|
|
|
include 'commonName', 'dcObject', 'domainComponent', 'GN',
|
|
|
|
|
'localityName', 'organizationName', 'organizationUnitName',
|
|
|
|
|
'surname', 'uidObject' and 'userid'.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
26. Renamed all instances of supercede to supersede.
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
27. Moved [F.1], [F.31] and [RFC4013] from informative to
|
2005-06-26 07:06:51 +08:00
|
|
|
|
normative references.
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
28. Changed the 'c' definition to be consistent with X.500.
|
|
|
|
|
|
|
|
|
|
Author's Address
|
|
|
|
|
|
|
|
|
|
Andrew Sciberras
|
|
|
|
|
eB2Bcom
|
|
|
|
|
Suite 3, Woodhouse Corporate Centre,
|
|
|
|
|
935 Station Street,
|
|
|
|
|
Box Hill North, Victoria 3129
|
|
|
|
|
AUSTRALIA
|
|
|
|
|
|
|
|
|
|
Phone: +61 3 9896 7833
|
|
|
|
|
EMail: andrew.sciberras@eb2bcom.com
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sciberras Standards Track [Page 34]
|
|
|
|
|
|
|
|
|
|
RFC 4519 LDAP: Schema for User Applications June 2006
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Full Copyright Statement
|
|
|
|
|
|
|
|
|
|
Copyright (C) The Internet Society (2006).
|
|
|
|
|
|
|
|
|
|
This document is subject to the rights, licenses and restrictions
|
|
|
|
|
contained in BCP 78, and except as set forth therein, the authors
|
|
|
|
|
retain all their rights.
|
|
|
|
|
|
|
|
|
|
This document and the information contained herein are provided on an
|
|
|
|
|
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
|
|
|
|
|
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
|
|
|
|
|
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
|
|
|
|
|
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
|
|
|
|
|
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
|
|
|
|
|
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
|
|
|
|
|
|
Intellectual Property
|
|
|
|
|
|
|
|
|
|
The IETF takes no position regarding the validity or scope of any
|
|
|
|
|
Intellectual Property Rights or other rights that might be claimed to
|
|
|
|
|
pertain to the implementation or use of the technology described in
|
|
|
|
|
this document or the extent to which any license under such rights
|
|
|
|
|
might or might not be available; nor does it represent that it has
|
|
|
|
|
made any independent effort to identify any such rights. Information
|
|
|
|
|
on the procedures with respect to rights in RFC documents can be
|
|
|
|
|
found in BCP 78 and BCP 79.
|
|
|
|
|
|
|
|
|
|
Copies of IPR disclosures made to the IETF Secretariat and any
|
|
|
|
|
assurances of licenses to be made available, or the result of an
|
|
|
|
|
attempt made to obtain a general license or permission for the use of
|
|
|
|
|
such proprietary rights by implementers or users of this
|
|
|
|
|
specification can be obtained from the IETF on-line IPR repository at
|
|
|
|
|
http://www.ietf.org/ipr.
|
|
|
|
|
|
|
|
|
|
The IETF invites any interested party to bring to its attention any
|
|
|
|
|
copyrights, patents or patent applications, or other proprietary
|
|
|
|
|
rights that may cover technology that may be required to implement
|
|
|
|
|
this standard. Please address the information to the IETF at
|
|
|
|
|
ietf-ipr@ietf.org.
|
|
|
|
|
|
|
|
|
|
Acknowledgement
|
|
|
|
|
|
|
|
|
|
Funding for the RFC Editor function is provided by the IETF
|
|
|
|
|
Administrative Support Activity (IASA).
|
|
|
|
|
|
|
|
|
|
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-06-09 11:19:14 +08:00
|
|
|
|
Sciberras Standards Track [Page 35]
|
2005-06-26 07:06:51 +08:00
|
|
|
|
|