mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-18 11:05:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

RFC/I-D updates from HEAD

Browse Source
This commit is contained in:
Kurt Zeilenga 2004-03-17 21:03:32 +00:00
parent 65cadcaed9
commit 32449de89d
6 changed files with 3508 additions and 2429 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1566
doc/drafts/draft-ietf-ldapbis-user-schema-xx.txt
View File

File diff suppressed because it is too large Load Diff

4
doc/rfc/INDEX
View File

@ -37,6 +37,10 @@ rfc3671.txt Collective Attributes in LDAP (PS)
rfc3672.txt Subentries in the LDAP (PS)
rfc3673.txt LDAPv3: All Operational Attributes (PS)
rfc3674.txt Feature Discovery in LDAP (PS)
rfc3687.txt LDAP Component Matching Rules (PS)
rfc3698.txt LDAP: Additional Matching Rules (PS)
rfc3712.txt LDAP: Schema for Printer Services (I)
rfc3727.txt ASN.1 Module for LDAP Component Matching Rules (PS)
Legend:
STD Standard

1726
doc/drafts/draft-legg-ldapext-component-matching-xx.txt → doc/rfc/rfc3687.txt
View File

File diff suppressed because it is too large Load Diff

507
doc/rfc/rfc3698.txt Normal file
View File

@ -0,0 +1,507 @@
Network Working Group K. Zeilenga, Ed.
Request for Comments: 3698 OpenLDAP Foundation
Updates: 2798 February 2004
Category: Standards Track
Lightweight Directory Access Protocol (LDAP):
Additional Matching Rules
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract
This document provides a collection of matching rules for use with
the Lightweight Directory Access Protocol (LDAP). As these matching
rules are simple adaptations of matching rules specified for use with
the X.500 Directory, most are already in wide use.
Table of Contents
1. Background and Intended Use. . . . . . . . . . . . . . . . . . 2
2. Matching Rules . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1. booleanMatch . . . . . . . . . . . . . . . . . . . . . . 2
2.2. caseExactMatch . . . . . . . . . . . . . . . . . . . . . 2
2.3. caseExactOrderingMatch . . . . . . . . . . . . . . . . . 3
2.4. caseExactSubstringsMatch . . . . . . . . . . . . . . . . 3
2.5. caseIgnoreListSubstringsMatch. . . . . . . . . . . . . . 3
2.6. directoryStringFirstComponentMatch . . . . . . . . . . . 4
2.7. integerOrderingMatch . . . . . . . . . . . . . . . . . . 4
2.8. keywordMatch . . . . . . . . . . . . . . . . . . . . . . 4
2.9. numericStringOrderingMatch . . . . . . . . . . . . . . . 5
2.10. octetStringOrderingMatch . . . . . . . . . . . . . . . . 5
2.11. storedPrefixMatch. . . . . . . . . . . . . . . . . . . . 5
2.12. wordMatch. . . . . . . . . . . . . . . . . . . . . . . . 6
3. Security Considerations. . . . . . . . . . . . . . . . . . . . 6
4. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 6
5. Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . 7
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Zeilenga Standards Track [Page 1]
RFC 3698 LDAP: Additional Matching Rules February 2004
6.1. Normative References . . . . . . . . . . . . . . . . . . 7
6.2. Informative References . . . . . . . . . . . . . . . . . 7
7. Author's Address . . . . . . . . . . . . . . . . . . . . . . . 8
8. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 9
1. Background and Intended Use
This document adapts additional X.500 Directory [X.500] matching
rules [X.520] for use with the Lightweight Directory Access Protocol
(LDAP) [RFC3377]. Most of these rules are widely used today on the
Internet, such as in support of the inetOrgPerson [RFC2798] and
Policy Core Information Model [RFC3703] LDAP schemas. The rules are
applicable to many other applications.
This document supersedes the informational matching rules
descriptions provided in RFC 2798 that are now provided in this
document. Specifically, section 2 of this document replaces section
9.3.3 of RFC 2798.
Schema definitions are provided using LDAP description formats
[RFC2252]. Definitions provided here are formatted (line wrapped)
for readability.
2. Matching Rules
2.1. booleanMatch
The booleanMatch rule compares for equality a asserted Boolean value
with an attribute value of BOOLEAN syntax. The rule returns TRUE if
and only if the values are the same, i.e., both are TRUE or both are
FALSE. (Source: X.520)
( 2.5.13.13 NAME 'booleanMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
The BOOLEAN (1.3.6.1.4.1.1466.115.121.1.7) syntax is described in
[RFC2252].
2.2. caseExactMatch
The caseExactMatch rule compares for equality the asserted value with
an attribute value of DirectoryString syntax. The rule is identical
to the caseIgnoreMatch [RFC2252] rule except that case is not
ignored. (Source: X.520)
Zeilenga Standards Track [Page 2]
RFC 3698 LDAP: Additional Matching Rules February 2004
( 2.5.13.5 NAME 'caseExactMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax is
described in [RFC2252].
2.3. caseExactOrderingMatch
The caseExactOrderingMatch rule compares the collation order of the
asserted string with an attribute value of DirectoryString syntax.
The rule is identical to the caseIgnoreOrderingMatch [RFC2252] rule
except that letters are not folded. (Source: X.520)
( 2.5.13.6 NAME 'caseExactOrderingMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax is
described in [RFC2252].
2.4. caseExactSubstringsMatch
The caseExactSubstringsMatch rule determines whether the asserted
value(s) are substrings of an attribute value of DirectoryString
syntax. The rule is identical to the caseIgnoreSubstringsMatch
[RFC2252] rule except that case is not ignored. (Source: X.520)
( 2.5.13.7 NAME 'caseExactSubstringsMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
The SubstringsAssertion (1.3.6.1.4.1.1466.115.121.1.58) syntax is
described in [RFC2252].
2.5. caseIgnoreListSubstringsMatch
The caseIgnoreListSubstringMatch rule compares the asserted substring
with an attribute value which is a sequence of DirectoryStrings, but
where the case (upper or lower) is not significant for comparison
purposes. The asserted value matches a stored value if and only if
the asserted value matches the string formed by concatenating the
strings of the stored value. This matching is done according to the
caseIgnoreSubstringsMatch [RFC2252] rule; however, none of the
initial, any, or final values of the asserted value are considered to
match a substring of the concatenated string which spans more than
one of the strings of the stored value. (Source: X.520)
( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
Zeilenga Standards Track [Page 3]
RFC 3698 LDAP: Additional Matching Rules February 2004
The SubstringsAssertion (1.3.6.1.4.1.1466.115.121.1.58) syntax is
described in [RFC2252].
2.6. directoryStringFirstComponentMatch
The directoryStringFirstComponentMatch rule compares for equality the
asserted DirectoryString value with an attribute value of type
SEQUENCE whose first component is mandatory and of type
DirectoryString. The rule returns TRUE if and only if the attribute
value has a first component whose value matches the asserted
DirectoryString using the rules of caseIgnoreMatch [RFC2252]. A
value of the assertion syntax is derived from a value of the
attribute syntax by using the value of the first component of the
SEQUENCE. (Source: X.520)
( 2.5.13.31 NAME 'directoryStringFirstComponentMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax is
described in [RFC2252].
2.7. integerOrderingMatch
The integerOrderingMatch rule compares the ordering of the asserted
integer with an attribute value of INTEGER syntax. The rule returns
True if the attribute value is less than the asserted value. (Source:
X.520)
( 2.5.13.15 NAME 'integerOrderingMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
The INTEGER (1.3.6.1.4.1.1466.115.121.1.27) syntax is described in
[RFC2252].
2.8. keywordMatch
The keywordMatch rule compares the asserted string with keywords in
an attribute value of DirectoryString syntax. The rule returns TRUE
if and only if the asserted value matches any keyword in the
attribute value. The identification of keywords in an attribute
value and of the exactness of match are both implementation specific.
(Source: X.520)
( 2.5.13.33 NAME 'keywordMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax is
described in [RFC2252].
Zeilenga Standards Track [Page 4]
RFC 3698 LDAP: Additional Matching Rules February 2004
2.9. numericStringOrderingMatch
The numericStringOrderingMatch rule compares the collation order of
the asserted string with an attribute value of NumericString syntax.
The rule is identical to the caseIgnoreOrderingMatch [RFC2252] rule
except that all space characters are skipped during comparison (case
is irrelevant as characters are numeric). (Source: X.520)
( 2.5.13.9 NAME 'numericStringOrderingMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
The NumericString (1.3.6.1.4.1.1466.115.121.1.36) syntax is described
in [RFC2252].
2.10. octetStringOrderingMatch
The octetStringOrderingMatch rule compares the collation order of the
asserted octet string with an attribute value of OCTET STRING syntax.
The rule compares octet strings from first octet to last octet, and
from the most significant bit to the least significant bit within the
octet. The first occurrence of a different bit determines the
ordering of the strings. A zero bit precedes a one bit. If the
strings are identical but contain different numbers of octets, the
shorter string precedes the longer string. (Source: X.520)
( 2.5.13.18 NAME 'octetStringOrderingMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
The OCTET STRING (1.3.6.1.4.1.1466.115.121.1.40) syntax is described
in [RFC2252].
2.11. storedPrefixMatch
The storedPrefixMatch rule determines whether an attribute value,
whose syntax is DirectoryString is a prefix (i.e., initial substring)
of the asserted value, without regard to the case (upper or lower) of
the strings. The rule returns TRUE if and only if the attribute
value is an initial substring of the asserted value with
corresponding characters identical except possibly with regard to
case. (Source: X.520)
( 2.5.13.41 NAME 'storedPrefixMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Zeilenga Standards Track [Page 5]
RFC 3698 LDAP: Additional Matching Rules February 2004
Note: This rule can be used, for example, to compare values in the
Directory which are telephone area codes with a purported value
which is a telephone number.
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax is
described in [RFC2252].
2.12. wordMatch
The wordMatch rule compares the asserted string with words in an
attribute value of DirectoryString syntax. The rule returns TRUE if
and only if the asserted word matches any word in the attribute
value. Individual word matching is as for the caseIgnoreMatch
[RFC2252] matching rule. The precise definition of a "word" is
implementation specific. (Source: X.520)
( 2.5.13.32 NAME 'wordMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax is
described in [RFC2252].
3. Security Considerations
General LDAP security considerations [RFC3377] is applicable to the
use of this schema. Additional considerations are noted above where
appropriate.
4. IANA Considerations
The Internet Assigned Numbers Authority (IANA) has updated the LDAP
descriptors registry [RFC3383] as indicated in the following
template:
Subject: Request for LDAP Descriptor Registration Update
Descriptor (short name): see comment
Object Identifier: see comments
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Usage: see comments
Specification: RFC 3698
Author/Change Controller: IESG
Comments:
Zeilenga Standards Track [Page 6]
RFC 3698 LDAP: Additional Matching Rules February 2004
The following descriptors have been added:
NAME Type OID
------------------------ ---- ---------
booleanMatch M 2.5.13.13
caseExactMatch M 2.5.13.5
caseExactOrderingMatch M 2.5.13.6
caseExactSubstringsMatch M 2.5.13.7
caseIgnoreListSubstringsMatch M 2.5.13.12
directoryStringFirstComponentMatch M 2.5.13.31
integerOrderingMatch M 2.5.13.15
keywordMatch M 2.5.13.33
numericStringOrderingMatch M 2.5.13.9
octetStringOrderingMatch M 2.5.13.18
storedPrefixMatch M 2.5.13.41
wordMatch M 2.5.13.32
where Type M is Matching Rule.
This document makes no new OID assignments. It only associates LDAP
matching rule descriptions with existing X.500 matching rules.
5. Acknowledgments
This document borrows from [X.520], an ITU-T Recommendation.
6. References
6.1. Normative References
[RFC2252] Wahl, M., Coulbeck, A., Howes, T. and S. Kille,
"Lightweight Directory Access Protocol (v3): Attribute
Syntax Definitions", RFC 2252, December 1997.
[RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access
Protocol (v3): Technical Specification", RFC 3377,
September 2002.
6.2. Informative References
[RFC2798] Smith, M., "The LDAP inetOrgPerson Object Class", RFC
2798, April 2000.
[RFC3383] Zeilenga, K., "IANA Considerations for LDAP", BCP 64
RFC 3383, September 2002.
[RFC3703] Strassner, J., Moore, B., Moats, R. and E. Ellesson,
"Policy Core LDAP Schema", RFC 3703, February 2004.
Zeilenga Standards Track [Page 7]
RFC 3698 LDAP: Additional Matching Rules February 2004
[X.500] International Telecommunication Union -
Telecommunication Standardization Sector, "The
Directory -- Overview of concepts, models and
services," X.500(1993) (also ISO/IEC 9594-1:1994).
[X.520] International Telecommunication Union -
Telecommunication Standardization Sector, "The
Directory: Selected Attribute Types", X.520(1997).
7. Author's Address
Kurt D. Zeilenga
OpenLDAP Foundation
EMail: Kurt@OpenLDAP.org
Zeilenga Standards Track [Page 8]
RFC 3698 LDAP: Additional Matching Rules February 2004
8. Full Copyright Statement
Copyright (C) The Internet Society (2004). This document is subject
to the rights, licenses and restrictions contained in BCP 78 and
except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed
to pertain to the implementation or use of the technology
described in this document or the extent to which any license
under such rights might or might not be available; nor does it
represent that it has made any independent effort to identify any
such rights. Information on the procedures with respect to
rights in RFC documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use
of such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository
at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention
any copyrights, patents or patent applications, or other
proprietary rights that may cover technology that may be required
to implement this standard. Please address the information to the
IETF at ietf-ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Zeilenga Standards Track [Page 9]

1851
doc/rfc/rfc3712.txt Normal file
View File

File diff suppressed because it is too large Load Diff

283
doc/rfc/rfc3727.txt Normal file
View File

@ -0,0 +1,283 @@
Network Working Group S. Legg
Request for Comments: 3727 Adacel Technologies
Category: Standards Track February 2004
ASN.1 Module Definition for the
LDAP and X.500 Component Matching Rules
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract
This document updates the specification of the component matching
rules for Lightweight Directory Access Protocol (LDAP) and X.500
directories (RFC3687) by collecting the Abstract Syntax Notation One
(ASN.1) definitions of the component matching rules into an
appropriately identified ASN.1 module so that other specifications
may reference the component matching rule definitions from within
their own ASN.1 modules.
1. Introduction
The structure or data type of data held in an attribute of a
Lightweight Directory Access Protocol (LDAP) [LDAP] or X.500 [X500]
directory is described by the attribute's syntax. Attribute syntaxes
range from simple data types, such as text string, integer, or
boolean, to complex data types, for example, the syntaxes of the
directory schema operational attributes. RFC 3687 [CMR] defines a
generic way of matching user selected components in a directory
attribute value of any arbitrarily complex attribute syntax.
This document updates RFC 3687 by collecting the Abstract Syntax
Notation One (ASN.1) [ASN1] definitions of RFC 3687 into an
appropriately identified ASN.1 module so that other specifications
may reference these definitions from within their own ASN.1 modules.
Legg Standards Track [Page 1]
RFC 3727 Module for Component Matching February 2004
2. Module Definition for Component Matching
ComponentMatching
{iso(1) 2 36 79672281 xed(3) module(0) component-matching(4)}
-- Copyright (C) The Internet Society (2004). This version of
-- this ASN.1 module is part of RFC 3727; see the RFC itself
-- for full legal notices.
DEFINITIONS
EXPLICIT TAGS
EXTENSIBILITY IMPLIED ::= BEGIN
IMPORTS
MATCHING-RULE,
RelativeDistinguishedName
FROM InformationFramework
{joint-iso-itu-t ds(5) module(1)
informationFramework(1) 4} ;
ComponentAssertion ::= SEQUENCE {
component ComponentReference (SIZE(1..MAX)) OPTIONAL,
useDefaultValues BOOLEAN DEFAULT TRUE,
rule MATCHING-RULE.&id,
value MATCHING-RULE.&AssertionType }
ComponentReference ::= UTF8String
ComponentFilter ::= CHOICE {
item [0] ComponentAssertion,
and [1] SEQUENCE OF ComponentFilter,
or [2] SEQUENCE OF ComponentFilter,
not [3] ComponentFilter }
componentFilterMatch MATCHING-RULE ::= {
SYNTAX ComponentFilter
ID { 1 2 36 79672281 1 13 2 } }
allComponentsMatch MATCHING-RULE ::= {
ID { 1 2 36 79672281 1 13 6 } }
directoryComponentsMatch MATCHING-RULE ::= {
ID { 1 2 36 79672281 1 13 7 } }
-- Additional Useful Matching Rules --
rdnMatch MATCHING-RULE ::= {
Legg Standards Track [Page 2]
RFC 3727 Module for Component Matching February 2004
SYNTAX RelativeDistinguishedName
ID { 1 2 36 79672281 1 13 3 } }
presentMatch MATCHING-RULE ::= {
SYNTAX NULL
ID { 1 2 36 79672281 1 13 5 } }
END
The InformationFramework ASN.1 module from which the MATCHING-RULE
and RelativeDistinguishedName definitions are imported is defined in
X.501 [X501].
The object identifiers used in this document have been assigned for
use in specifying the component matching rules by Adacel
Technologies, under an arc assigned to Adacel by Standards Australia.
3. Security Considerations
This document collects together the ASN.1 definitions of the
component matching rules into an ASN.1 module, but does not modify
those definitions in any way. See RFC 3687 [CMR] for the security
considerations of using the component matching rules.
4. References
4.1. Normative References
[CMR] Legg, S., "Lightweight Directory Access Protocol (LDAP) and
X.500 Component Matching Rules", RFC 3687, February 2004.
[X501] ITU-T Recommendation X.501 (1993) | ISO/IEC 9594-2:1994,
Information Technology - Open Systems Interconnection - The
Directory: Models
[ASN1] ITU-T Recommendation X.680 (07/02) | ISO/IEC 8824-1:2002,
Information technology - Abstract Syntax Notation One
(ASN.1): Specification of basic notation
4.2. Informative References
[LDAP] Hodges, J. and R. Morgan, "Lightweight Directory Access
Protocol (v3): Technical Specification", RFC 3377, September
2002.
[X500] ITU-T Recommendation X.500 (1993) | ISO/IEC 9594-1:1994,
Information Technology - Open Systems Interconnection - The
Directory: Overview of concepts, models and services
Legg Standards Track [Page 3]
RFC 3727 Module for Component Matching February 2004
5. Author's Address
Steven Legg
Adacel Technologies Ltd.
250 Bay Street
Brighton, Victoria 3186
AUSTRALIA
Phone: +61 3 8530 7710
Fax: +61 3 8530 7888
EMail: steven.legg@adacel.com.au
Legg Standards Track [Page 4]
RFC 3727 Module for Component Matching February 2004
6. Full Copyright Statement
Copyright (C) The Internet Society (2004). This document is subject
to the rights, licenses and restrictions contained in BCP 78 and
except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed
to pertain to the implementation or use of the technology
described in this document or the extent to which any license
under such rights might or might not be available; nor does it
represent that it has made any independent effort to identify any
such rights. Information on the procedures with respect to
rights in RFC documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use
of such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository
at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention
any copyrights, patents or patent applications, or other
proprietary rights that may cover technology that may be required
to implement this standard. Please address the information to the
IETF at ietf-ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Legg Standards Track [Page 5]