Skip to content
Snippets Groups Projects
Commit 30af73da authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

draft 04

parent 82fad7d0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
doc/drafts/draft-zeilenga-ldap-user-schema-xx.txt
+ 353
241
View file @ 30af73da
......@@ -6,13 +6,14 @@
INTERNET-DRAFT Editor: Kurt D. Zeilenga
Intended Category: Standard Track OpenLDAP Foundation
Expires: 26 December 2001 26 June 2001
Expires: 22 April 2002 22 October 2001
Obsoletes: RFC 1274
Updates: RFC 2798
LDAPv3: A Collection of User Schema
<draft-zeilenga-ldap-user-schema-01.txt>
<draft-zeilenga-ldap-user-schema-03.txt>
Status of this Memo
......@@ -23,9 +24,9 @@ Status of this Memo
This document is intended to be, after appropriate review and
revision, submitted to the RFC Editor as a Standard Track document.
Distribution of this memo is unlimited. Technical discussion of this
document will take place on the IETF LDAP Extension Working Group
mailing list <ietf-ldapext@netscape.com>. Please send editorial
comments directly to the author <Kurt@OpenLDAP.org>.
document will take place on the IETF Directory Interest mailing list
<directory@apps.ietf.org>. Please send editorial comments directly to
the author <Kurt@OpenLDAP.org>.
Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other
......@@ -49,15 +50,99 @@ Status of this Memo
Abstract
This document provides a collection of user schema elements for use
with LDAP collected from numerous sources.
with LDAP collected from numerous sources including RFC 1274, X.501,
and X.520.
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 1]
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 1]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
Conventions
Schema definitions are provided using LDAPv3 description formats
[RFC2252]. Definitions provided here are formatted (line wrapped) for
readability.
The key words "SHALL", "SHALL NOT", "MUST", "MUST NOT", "SHOULD",
"SHOULD NOT", "MAY" and "MAY NOT" used in this document are to be
interpreted as described in [RFC2119].
Table of Contents (to be expanded by editor)
Status of this Memo 1
Abstract
Conventions 2
Table of Contents
1. Background and Intended Use 3
2. Matching Rules
2.1. booleanMatch 4
2.2. caseExactMatch
2.3. caseExactOrderingMatch
2.4. caseExactSubstringsMatch
2.5. caseIgnoreListSubstringsMatch
2.6. directoryStringFirstComponentMatch 5
2.7. integerOrderingMatch
2.7. keywordMatch
2.9. numericStringOrderingMatch 6
2.10. octetStringOrderingMatch
2.11. storedPrefixMatch
2.12. wordMatch 7
3. Attribute Types
3.1. associatedDomain
3.2. associatedName
3.3. buildingName
3.3. co 8
3.4. destinationIndicator
3.5. documentAuthor
3.6. documentIdentifier 9
3.7. documentLocation
3.8. documentPublisher
3.9. documentTitle
3.10. documentVersion
3.11. drink 10
3.12. houseIdentifier
3.13. homePhone
3.14. homePostalAddress
3.15. host 11
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 2]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
3.16. info
3.17. mail
3.18. manager 12
3.19. mobile
3.20. organizationalStatus
3.21. otherMailbox
3.22. pager 13
3.23. personalTitle
3.24. roomNumber
3.25. secretary
3.26. uid 14
3.27. uniqueIdentifier
3.28. userClass
4. Object Classes 15
4.1. account
4.2. document
4.3. documentSeries
4.4. domainRelatedObject 16
4.5. friendlyCountry
4.6. rFC822LocalPart
4.7. room 17
4.8. simpleSecurityObject
5. Security Considerations
6. Acknowledgements
7. Author's Address
References 18
Full Copyright 19
1. Background and Intended Use
......@@ -65,33 +150,45 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
This document provides descriptions [RFC2252] of user schema for use
with LDAP [LDAPTS] collected from numerous sources.
The document includes a summary of select schema introduced for the
This document includes a summary of select schema introduced for the
COSINE and Internet X.500 pilot projects [RFC1274]. This document
obsoletes RFC 1274.
The document also contains a summary of X.500 user schema [X.520] not
included in LDAPv3 [RFC2256].
This document contains a summary of X.500 user schema [X.520] not
included in LDAPv3 [RFC2252][RFC2256]. Some of these items were
described in the inetOrgPerson [RFC2798] schema. This document
supercedes these descriptions, replacing sections 9.1.3 and 9.3.3 of
RFC 2798.
The key words ``MUST'', ``MUST NOT'', ``REQUIRED'', ``SHALL'', ``SHALL
NOT'', ``SHOULD'', ``SHOULD NOT'', ``RECOMMENDED'', and ``MAY'' in
this document are to be interpreted as described in RFC 2119
[RFC2119].
2. Matching Rules
This section introduces LDAP matching rules based upon descriptions of
2. Syntaxes
None (yet).
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 3]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
3. Matching Rules
This section introduces LDAP matching rules based upon descriptions of
their X.500 counterparts.
3.1. caseExactMatch
2.1. booleanMatch
BooleanMatch compares for equality a asserted Boolean value with an
attribute value of BOOLEAN syntax. The rule returns TRUE if and only
if the values are the same, i.e. both are TRUE or both are FALSE.
(Source: X.520)
( 2.5.13.13 NAME 'booleanMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
2.2. caseExactMatch
CaseExactMatch compares for equality the asserted string with an
CaseExactMatch compares for equality the asserted value with an
attribute value of DirectoryString syntax. The rule is identical to
the caseIgnoreMatch [RFC2252] rule except that case is not ignored.
(Source: X.520)
......@@ -100,7 +197,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
3.2. caseExactOrderingMatch
2.3. caseExactOrderingMatch
CaseExactOrderingMatch compares the collation order of the asserted
string with an attribute value of DirectoryString syntax. The rule is
......@@ -108,21 +205,13 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
letters are not folded. (Source: X.520)
( 2.5.13.6 NAME 'caseExactOrderingMatch'
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 2]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
3.3. caseExactSubstringsMatch
2.3. caseExactSubstringsMatch
CaseExactSubstringsMatch determines whether the asserted value is a
substring of an attribute value of DirectoryString syntax. The rule
CaseExactSubstringsMatch determines whether the asserted value are
substrings of an attribute value of DirectoryString syntax. The rule
is identical to the caseIgnoreSubstringsMatch [RFC2252] rule except
that case is not ignored. (Source: X.520)
......@@ -130,19 +219,14 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
3.4. numericStringOrderingMatch
2.4. caseIgnoreListSubstringsMatch
NumericStringOrderingMatch compares the collation order of the
asserted string with an attribute value of NumericString syntax. The
rule is identical to the caseIgnoreOrderingMatch [RFC2252] rule except
that all space characters are skipped during comparison (case is
irrelevant as characters are numeric). (Source: X.520)
( 2.5.13.9 NAME 'NumericStringOrderingMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 4]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
3.5. caseIgnoreListSubstringsMatch
CaseIgnoreListSubstringMatch compares the asserted substring with an
attribute value which is a sequence of DirectoryStrings, but where the
......@@ -159,44 +243,66 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
3.6. storedPrefixMatch
2.5. directoryStringFirstComponentMatch
StoredPrefixMatch determines whether an attribute value, whose syntax
is DirectoryString, is a prefix (i.e. initial substring) of the
asserted value, without regard to the case (upper or lower) of the
DirectoryStringFirstComponentMatch compares for equality the asserted
DirectoryString value with an attribute value of type SEQUENCE whose
first component is mandatory and of type DirectoryString. The rule
returns TRUE if and only if the attribute value has a first component
whose value matches the asserted DirectoryString using the rules of
caseIgnoreMatch [RFC2252]. A value of the assertion syntax is derived
from a value of the attribute syntax by using the value of the first
component of the SEQUENCE. (Source: X.520)
( 2.5.13.31 NAME 'directoryStringFirstComponentMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
2.6. integerOrderingMatch
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 3]
The integerOrderingMatch rule compares the ordering of the asserted
integer with an attribute value of Integer syntax. The rule returns
True if the attribute value is less than the asserted value. (Source:
X.520)
( 2.5.13.15 NAME 'integerOrderingMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
2.7. keywordMatch
The keywordMatch rule compares the asserted string with keywords in an
attribute value of DirectoryString syntax. The rule returns TRUE if
and only if the asserted value matches any keyword in the attribute
value. The identification of keywords in an attribute value and of
the exactness of match are both implementation specific. (Source:
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 5]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
strings. The rule returns TRUE if and only if the attribute value is
an initial substring of the asserted value with corresponding
characters identical except possibly with regard to case. (Source:
X.520)
( 2.5.13.41 NAME 'storedPrefixMatch'
( 2.5.13.32 NAME 'keywordMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Note: This rule can be used, for example, to compare values in the
Directory which are telephone area codes with a purported value
which is a telephone number.
3.7. booleanMatch
2.8. numericStringOrderingMatch
BooleanMatch compares for equality a asserted Boolean value with an
attribute value of BOOLEAN syntax. The rule returns TRUE if and only
if the values are the same, i.e. both are TRUE or both are FALSE.
(Source: X.520)
NumericStringOrderingMatch compares the collation order of the
asserted string with an attribute value of NumericString syntax. The
rule is identical to the caseIgnoreOrderingMatch [RFC2252] rule except
that all space characters are skipped during comparison (case is
irrelevant as characters are numeric). (Source: X.520)
( 2.5.13.13 NAME 'booleanMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
( 2.5.13.9 NAME 'NumericStringOrderingMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
3.8. octetStringOrderingMatch
2.9. octetStringOrderingMatch
OctetStringOrderingMatch compares the collation order of the asserted
octet string with an attribute value of OCTET STRING syntax. The rule
......@@ -205,35 +311,39 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
The first occurrence of a different bit determines the ordering of the
strings. A zero bit precedes a one bit. If the strings are identical
but contain different numbers of octets, the shorter string precedes
the longer string. (Source: X.520)
the longer string. (Source: X.520)
( 2.5.13.18 NAME 'octetStringOrderingMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
3.9. directoryStringFirstComponentMatch
2.10. storedPrefixMatch
DirectoryStringFirstComponentMatch compares for equality the asserted
DirectoryString value with an attribute value of type SEQUENCE whose
first component is mandatory and of type DirectoryString. The rule
returns TRUE if and only if the attribute value has a first component
whose value matches the asserted DirectoryString using the rules of
caseIgnoreMatch [RFC2252]. A value of the assertion syntax is derived
from a value of the attribute syntax by using the value of the first
StoredPrefixMatch determines whether an attribute value, whose syntax
is DirectoryString, is a prefix (i.e. initial substring) of the
asserted value, without regard to the case (upper or lower) of the
strings. The rule returns TRUE if and only if the attribute value is
an initial substring of the asserted value with corresponding
characters identical except possibly with regard to case. (Source:
X.520)
( 2.5.13.41 NAME 'storedPrefixMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Note: This rule can be used, for example, to compare values in the
Directory which are telephone area codes with a purported value
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 4]
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 6]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
component of the SEQUENCE. (Source: X.520)
which is a telephone number.
( 2.5.13.31 NAME 'directoryStringFirstComponentMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
3.10. wordMatch
2.11. wordMatch
The wordMatch rule compares the asserted string with words in an
attribute value of DirectoryString syntax. The rule returns TRUE if
......@@ -246,22 +356,13 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
3.11. keywordMatch
3. Attribute Types
The keywordMatch rule compares the asserted string with keywords in an
attribute value of DirectoryString syntax. The rule returns TRUE if
and only if the asserted value matches any keyword in the attribute
value. The identification of keywords in an attribute value and of
the exactness of match are both implementation specific. (Source:
X.520)
( 2.5.13.32 NAME 'keywordMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
This section details attribute types for use in LDAP based upon their
X.500 descriptions.
4. Attribute Types
4.1. associatedDomain
3.1. associatedDomain
The associatedDomain attribute type specifies a DNS domain [RFC1034]
which is associated with an object. For example, the entry in the DIT
......@@ -274,17 +375,9 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
4.2. associatedName
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 5]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
3.2. associatedName
The Associated Name attribute type specifies an entry in the
The associatedName attribute type specifies an entry in the
organizational DIT associated with a DNS domain [RFC1034]. (Source:
RFC 1274)
......@@ -293,7 +386,15 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
4.4. buildingName
3.3. buildingName
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 7]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
The buildingName attribute type specifies the name of the building
where an organization or organizational unit is based. (Source: RFC
......@@ -305,7 +406,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
4.5. co
3.3. co
The co (Friendly Country Name) attribute type specifies names of
countries in human readable format. The standard attribute country
......@@ -319,7 +420,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
4.6. destinationIndicator
3.4. destinationIndicator
The destinationIndicator attribute type specifies (according to CCITT
Recommendation F.1 and CCITT Recommendation F.31) the country and city
......@@ -330,17 +431,11 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
( 2.5.4.27 NAME 'destinationIndicator'
EQUALITY caseIgnoreMatch
SUBSTRINGS caseIgnoreSubstringsMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 6]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
4.7. documentAuthor
3.5. documentAuthor
The documentAuthor attribute type specifies the distinguished name of
the author of a document. (Source: RFC 1274)
......@@ -350,7 +445,14 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
4.8. documentIdentifier
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 8]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
3.6. documentIdentifier
The documentIdentifier attribute type specifies a unique identifier
for a document. (Source: RFC 1274)
......@@ -361,7 +463,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
4.9. documentLocation
3.7. documentLocation
The documentLocation attribute type specifies the location of the
document original. (Source: RFC 1274)
......@@ -372,7 +474,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
4.10. documentPublisher
3.8. documentPublisher
The documentPublisher attribute is the person and/or organization that
published a document. (Source: RFC 1274)
......@@ -383,37 +485,36 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
4.11. documentTitle
3.9. documentTitle
The documentTitle attribute type specifies the title of a document.
(Source: RFC 1274)
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 7]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
4.12. documentVersion
3.10. documentVersion
The documentVersion attribute type specifies the version number of a
document. (Source: RFC 1274)
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 9]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
4.13. drink
3.11. drink
The drink (Favourite Drink) attribute type specifies the favorite
drink of an object (or person). (Source: RFC 1274)
......@@ -424,7 +525,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
4.14. houseIdentifier
3.12. houseIdentifier
The houseIdentifier attribute type specifies a linguistic construct
used to identify a particular building, for example a house number or
......@@ -438,20 +539,12 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
4.15. homePhone
3.13. homePhone
The homePhone (Home Telephone Number) attribute type specifies a home
telephone number (e.g., "+44 71 123 4567") associated with a person.
(Source: RFC 1274)
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 8]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
( 0.9.2342.19200300.100.1.20
NAME ( 'homePhone' 'homeTelephoneNumber' )
EQUALITY telephoneNumberMatch
......@@ -459,10 +552,18 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
4.16. homePostalAddress
3.14. homePostalAddress
The homePostalAddress attribute type specifies a home postal address
for an object. This should be limited to up to 6 lines of 30
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 10]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
characters each. (Source: RFC 1274)
( 0.9.2342.19200300.100.1.39
......@@ -472,7 +573,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
4.17. host
3.15. host
The host attribute type specifies a host computer. (Source: RFC 1274)
......@@ -482,7 +583,8 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
4.18. info
3.16. info
The info (Information) attribute type specifies any general
information pertinent to an object. It is RECOMMENDED that specific
......@@ -498,29 +600,30 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
4.19. mail
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 9]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
3.17. mail
The mail (rfc822mailbox) attribute type holds an the electronic mail
address in RFC822 form (e.g.: user@example.com). Note that this
attribute SHOULD NOT be used to hold non-Internet addresses. (Source:
RFC 1274)
( 0.9.2342.19200300.100.1.3
NAME ( 'mail' 'rfc822Mailbox' )
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 11]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
4.20. manager
3.18. manager
The Manager attribute type specifies the manager of an object
represented by an entry. (Source: RFC 1274)
......@@ -531,7 +634,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
4.21. mobile
3.19. mobile
The mobile (Mobile Telephone Number) attribute type specifies a mobile
telephone number (e.g., "+44 71 123 4567") associated with a person.
......@@ -544,7 +647,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
4.22. organizationalStatus
3.20. organizationalStatus
The organizationalStatus attribute type specifies a category by which
a person is often referred to in an organization. Examples of usage
......@@ -556,23 +659,23 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
(Source: RFC 1274)
( 0.9.2342.19200300.100.1.45
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 10]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
NAME 'organizationalStatus'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
4.23. otherMailbox
3.21. otherMailbox
The otherMailbox attribute type specifies values for electronic
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 12]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
mailbox types other than X.400 and RFC822. (Source: RFC 1274)
( 0.9.2342.19200300.100.1.22
......@@ -580,7 +683,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
4.24. pager
3.22. pager
The pager (Pager Telephone Number) attribute type specifies a pager
telephone number (e.g., "+44 71 123 4567") for an object. (Source:
......@@ -593,7 +696,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
4.25. personalTitle
3.23. personalTitle
The personalTitle attribute type specifies a personal title for a
person. Examples of personal titles are "Frau", "Dr", "Herr", and
......@@ -606,20 +709,12 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
4.26. roomNumber
3.24. roomNumber
The roomNumber attribute type specifies the room number of an object.
Note that the cn (commonName) attribute should be used for naming room
objects. (Source: RFC 1274)
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 11]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
( 0.9.2342.19200300.100.1.6
NAME 'roomNumber'
EQUALITY caseIgnoreMatch
......@@ -627,7 +722,15 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
4.27. secretary
3.25. secretary
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 13]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
The secretary attribute type specifies the secretary of a person. The
attribute value for Secretary is a distinguished name. (Source: RFC
......@@ -639,7 +742,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
4.28. uid
3.26. uid
The uid (userid) attribute type specifies a computer system login
name. (Source: RFC 1274)
......@@ -651,39 +754,40 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
4.29. uniqueIdentifier
The uniqueIdentifier attribute type specifies an identifier which may
be used to distinguish between object references when a distinguished
name has been reused. It may be, for example, an encoded object
identifier, certificate, date, timestamp, or some other form of
certification on the validity of the distinguished name.
3.27. uniqueIdentifier
An attribute value for uniqueIdentifier is a bitString. (Source:
X.520)
The Unique Identifier attribute type specifies a "unique identifier"
for an object represented in the Directory. The domain within which
the identifier is unique, and the exact semantics of the identifier,
are for local definition. For a person, this might be an institution-
wide payroll number. For an organizational unit, it might be a
department code. An attribute value for uniqueIdentifier is a
directoryString. (Source: RFC 1274)
( 2.5.4.45 NAME 'uniqueIdentifier'
EQUALITY bitStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
Note: RFC 1274 describes a variant of this attribute which is not
Note: X.520 describes an attribute also called 'uniqueIdentifier'
(2.5.4.45) which is called 'x500UniqueIdentifier' in LDAP
[RFC2256]. The attribute detailed here ought not be confused
with x500UniqueIdentifier.
3.28. userClass
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 12]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
The userClass attribute type specifies a category of computer user.
The semantics placed on this attribute are for local interpretation.
Examples of current usage od this attribute in academia are
used.
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 14]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
4.30. userClass
The userClass attribute type specifies a category of computer user.
The semantics placed on this attribute are for local interpretation.
Examples of current usage od this attribute in academia are
undergraduate student, researcher, lecturer, etc. Note that the
organizationalStatus attribute may now often be preferred as it makes
no distinction between computer users and others. (Source: RFC 1274)
......@@ -694,9 +798,12 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
5. Object Classes
4. Object Classes
5.1. account
This section details attribute types for use in LDAP based upon their
X.500 descriptions.
4.1. account
The account object class is used to define entries representing
computer accounts. The uid (userid) attribute should be used for
......@@ -709,7 +816,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
MAY ( description $ seeAlso $ l $ o $ ou $ host ) )
5.2. document
4.2. document
The document object class is used to define entries which represent
documents. (Source: RFC 1274)
......@@ -723,18 +830,19 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
documentLocation $ documentPublisher ) )
5.3. documentSeries
4.3. documentSeries
The documentSeries object class is used to define an entry which
represents a series of documents (e.g., The Request For Comments
memos). (Source: RFC 1274)
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 13]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
The documentSeries object class is used to define an entry which
represents a series of documents (e.g., The Request For Comments
memos). (Source: RFC 1274)
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 15]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
( 0.9.2342.19200300.100.4.9
NAME 'documentSeries'
......@@ -744,7 +852,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
telephonenumber ) )
5.4. domainRelatedObject
4.4. domainRelatedObject
The domainRelatedObject object class is used to define entries which
represent DNS domains which are "equivalent" to an X.500 domain: e.g.,
......@@ -756,7 +864,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
MUST associatedDomain )
5.5. friendlyCountry
4.5. friendlyCountry
The friendlyCountry object class is used to define country entries in
the DIT. The object class is used to allow friendlier naming of
......@@ -770,7 +878,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
MUST co )
5.6. rFC822LocalPart
4.6. rFC822LocalPart
The rFC822LocalPart object class is used to define entries which
represent the local part of RFC822 mail addresses. This treats this
......@@ -780,23 +888,23 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
NAME 'rFC822localPart'
SUP domain STRUCTURAL
MAY ( cn $ description $ destinationIndicator $
facsimileTelephoneNumber $ internationaliSDNNumber $
physicalDeliveryOfficeName $ postalAddress $
postalCode $ postOfficeBox $ preferredDeliveryMethod $
registeredAddress $ seeAlso $ sn $ street $
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 14]
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 16]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
facsimileTelephoneNumber $ internationaliSDNNumber $
physicalDeliveryOfficeName $ postalAddress $
postalCode $ postOfficeBox $ preferredDeliveryMethod $
registeredAddress $ seeAlso $ sn $ street $
telephoneNumber $ teletexTerminalIdentifier $
telexNumber $ x121Address ) )
5.7. room
4.7. room
The room object class is used to define entries representing rooms.
The cn (commonName) attribute should be used for naming entries of
......@@ -809,7 +917,7 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
seeAlso $ telephoneNumber ) )
5.8. simpleSecurityObject
4.8. simpleSecurityObject
The simpleSecurityObject object class is used to allow an entry to
have a userPassword attribute when an entry's principal object classes
......@@ -819,32 +927,34 @@ INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
SUP top AUXILIARY
MUST userPassword )
Note: Security considerations related to simple authentication
mechanisms in LDAP are discussed in RFC 2829 [RFC2829].
Note: Security considerations related to the use of simple
authentication mechanisms in LDAP are discussed in RFC 2829
[RFC2829].
6. Security Considerations
5. Security Considerations
General LDAP security considerations [RFC2251][RFC2252][RFC2256] is
applicable to the use of this schema. Additional considerations are
noted above where appropriate.
General LDAP security considerations [LDAPTS] is applicable to the use
of this schema. Additional considerations are noted above where
appropriate.
7. Acknowledgements
6. Acknowledgements
This document borrows from a number of IETF documents including RFC
1274 and RFC 2252. This document also borrows from a number of ITU
documents including X.501 and X.520.
1274 by Paul Barker and Steve Kille. This document also borrows from
a number of ITU documents including X.520.
7. Author's Address
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 15]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 17]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
8. Author's Address
Kurt D. Zeilenga
OpenLDAP Foundation
......@@ -866,15 +976,12 @@ References
November 1991.
[RFC2219] S. Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997.
Requirement Levels", RFC 2119 (also BCP 14), March 1997.
[RFC2247] S. Kille, M. Wahl, A. Grimstad, R. Huber, S. Sataluri,
"Using Domains in LDAP/X.500 Distinguished Names", January
1998.
[RFC2251] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access
Protocol (v3)", RFC 2251, December 1997.
[RFC2252] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight
Directory Access Protocol (v3): Attribute Syntax
Definitions", RFC 2252, December 1997.
......@@ -882,11 +989,14 @@ References
[RFC2256] M. Wahl, "A Summary of the X.500(96) User Schema for use
with LDAPv3", RFC 2256, December 1997.
[RFC2798] M. Smith, "The LDAP inetOrgPerson Object Class", RFC 2798,
April 2000.
[RFC2829] M. Wahl, H. Alvestrand, J. Hodges, R. Morgan,
"Authentication Methods for LDAP", May 2000
"Authentication Methods for LDAP", RFC 2829, May 2000.
[LDAPTS] J. Hodges, R.L. Morgan, "Lightweight Directory Access
Protocol (v3): Technical Specification", draft-ietf-ldapbis-
[LDAPTS] J. Hodges, R. Morgan, "Lightweight Directory Access Protocol
(v3): Technical Specification", draft-ietf-ldapbis-
ldapv3-ts-00.txt.
[X.520] "The Directory: Selected Attribute Types", ITU
......@@ -895,9 +1005,11 @@ References
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 16]
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 18]
INTERNET-DRAFT LDAPv3: A Collection of User Schema 26 June 2001
INTERNET-DRAFT LDAPv3: A Collection of User Schema 20 October 2001
Full Copyright
......@@ -951,5 +1063,5 @@ Full Copyright
Zeilenga draft-zeilenga-ldap-user-schema-01 [Page 17]
Zeilenga draft-zeilenga-ldap-user-schema-03 [Page 19]
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment