1 The LDAP inetOrgPerson Object Class Mark Smith
2 INTERNET-DRAFT Netscape Communications
3 Intended Category: Informational 31 January 2000
6 Definition of the inetOrgPerson LDAP Object Class
7 Filename: draft-smith-ldap-inetorgperson-04.txt
10 1. Status of this Memo
12 This document is an Internet-Draft and is in full conformance with all
13 provisions of Section 10 of RFC2026. Internet-Drafts are working docu-
14 ments of the Internet Engineering Task Force (IETF), its areas, and its
15 working groups. Note that other groups may also distribute working
16 documents as Internet-Drafts.
18 Internet-Drafts are draft documents valid for a maximum of six months
19 and may be updated, replaced, or obsoleted by other documents at any
20 time. It is inappropriate to use Internet-Drafts as reference material
21 or to cite them other than as "work in progress."
23 The list of current Internet-Drafts can be accessed at
24 http://www.ietf.org/ietf/1id-abstracts.txt.
26 The list of Internet-Draft Shadow Directories can be accessed at
27 http://www.ietf.org/shadow.html.
29 This draft document will be submitted to the RFC Editor as an Informa-
30 tional document. Distribution of this memo is unlimited. Please send
31 comments to the author <mcs@netscape.com>.
33 Copyright (C) The Internet Society (1996-2000). All Rights Reserved.
35 Please see the Copyright section near the end of this document for more
38 This Internet Draft expires on 31 July 2000.
43 While the X.500 standards define many useful attribute types [X520] and
44 object classes [X521], they do not define a person object class that
45 meets the requirements found in today's Internet and Intranet directory
46 service deployments. We define a new object class called inetOrgPerson
47 for use in LDAP and X.500 directory services that extends the X.521
48 standard organizationalPerson class to meet these needs.
52 M. Smith Network Working Group [Page 1]
54 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
59 1. Status of this Memo............................................1
60 2. Abstract.......................................................1
61 3. Table of Contents..............................................2
62 4. Background and Intended Usage..................................3
63 5. New Attribute Types Used in the inetOrgPerson Object Class.....3
64 5.1. Vehicle license or registration plate.......................3
65 5.2. Department number...........................................4
66 5.3. Display Name................................................4
67 5.4. Employee Number.............................................4
68 5.5. Employee Type...............................................4
69 5.6. JPEG Photograph.............................................5
70 5.7. Preferred Language..........................................5
71 5.8. User S/MIME Certificate.....................................5
72 5.9. User PKCS #12...............................................6
73 6. Definition of the inetOrgPerson Object Class...................6
74 7. Example of an inetOrgPerson Entry..............................7
75 8. Security Considerations........................................8
76 9. Acknowledgments................................................8
77 10. Copyright......................................................8
78 11. Bibliography...................................................9
79 12. Author's Address...............................................10
80 13. Appendix A - inetOrgPerson Schema Summary......................10
81 13.1. Attribute Types.............................................10
82 13.1.1. New attribute types that are defined in this document....10
83 13.1.2. Attribute types from RFC 2256............................12
84 13.1.3. Attribute types from RFC 1274............................15
85 13.1.4. Attribute type from RFC 2079.............................17
86 13.2. Syntaxes....................................................17
87 13.2.1. Syntaxes from RFC 2252...................................17
88 13.2.2. Syntaxes from RFC 2256...................................18
89 13.3. Matching Rules..............................................18
90 13.3.1. Matching rules from RFC 2252.............................18
91 13.3.2. Matching rule from RFC 2256..............................19
92 13.3.3. Additional matching rules from X.520.....................19
93 13.3.4. Matching rules not defined in any referenced document....20
94 14. Appendix B - Change History....................................20
108 M. Smith Network Working Group [Page 2]
110 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
113 4. Background and Intended Usage
115 The inetOrgPerson object class is a general purpose object class that
116 holds attributes about people. The attributes it holds were chosen to
117 accommodate information requirements found in typical Internet and
118 Intranet directory service deployments. The inetOrgPerson object class
119 is designed to be used within directory services based on the LDAP
120 [RFC2251] and the X.500 family of protocols, and it should be useful in
121 other contexts as well. There is no requirement for directory services
122 implementors to use the inetOrgPerson object class; it is simply
123 presented as well-documented class that implementors can choose to use
124 if they find it useful.
126 The attribute type and object class definitions in this document are
127 written using the BNF form of AttributeTypeDescription and
128 ObjectClassDescription given in [RFC2252]. In some cases lines have
129 been folded for readability.
131 Attributes that are referenced but not defined in this document are
132 included in one of the following documents:
134 The COSINE and Internet X.500 Schema [RFC1274]
136 Definition of an X.500 Attribute Type and an Object Class to Hold
137 Uniform Resource Identifiers (URIs) [RFC2079]
139 A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
141 See Appendix A for a summary of the attribute types, associated syn-
142 taxes, and matching rules used in this document.
145 5. New Attribute Types Used in the inetOrgPerson Object Class
148 5.1. Vehicle license or registration plate.
150 This multivalued field is used to record the values of the license or
151 registration plate associated with an individual.
153 ( 2.16.840.1.113730.3.1.1 NAME 'carLicense'
154 DESC 'vehicle license or registration plate'
155 EQUALITY caseIgnoreMatch
156 SUBSTR caseIgnoreSubstringsMatch
157 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
164 M. Smith Network Working Group [Page 3]
166 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
169 5.2. Department number
171 Code for department to which a person belongs. This can also be
172 strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).
174 ( 2.16.840.1.113730.3.1.2
175 NAME 'departmentNumber'
176 DESC 'identifies a department within an organization'
177 EQUALITY caseIgnoreMatch
178 SUBSTR caseIgnoreSubstringsMatch
179 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
184 When displaying an entry, especially within a one-line summary list, it
185 is useful to be able to identify a name to be used. Since other attri-
186 bute types such as 'cn' are multivalued, an additional attribute type is
187 needed. Display name is defined for this purpose.
189 ( 2.16.840.1.113730.3.1.241
191 DESC 'preferred name of a person to be used when displaying entries'
192 EQUALITY caseIgnoreMatch
193 SUBSTR caseIgnoreSubstringsMatch
194 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
200 Numeric or alphanumeric identifier assigned to a person, typically based
201 on order of hire or association with an organization. Single valued.
203 ( 2.16.840.1.113730.3.1.3
204 NAME 'employeeNumber'
205 DESC 'numerically identifies an employee within an organization'
206 EQUALITY caseIgnoreMatch
207 SUBSTR caseIgnoreSubstringsMatch
208 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
214 Used to identify the employer to employee relationship. Typical values
215 used will be "Contractor", "Employee", "Intern", "Temp", "External", and
216 "Unknown" but any value may be used.
220 M. Smith Network Working Group [Page 4]
222 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
225 ( 2.16.840.1.113730.3.1.4
227 DESC 'type of employment for a person'
228 EQUALITY caseIgnoreMatch
229 SUBSTR caseIgnoreSubstringsMatch
230 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
235 Used to store one or more images of a person using the JPEG File Inter-
236 change Format [JFIF].
238 ( 0.9.2342.19200300.100.1.60
241 SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
243 Note that the jpegPhoto attribute type was defined for use in the Inter-
244 net X.500 pilots but no referencable definition for it could be located.
247 5.7. Preferred Language
249 Used to indicate an individual's preferred written or spoken language.
250 This is useful for international correspondence or human-computer
251 interaction. Values for this attribute type MUST conform to the defini-
252 tion of the Accept-Language header field defined in [RFC2068] with one
253 exception: the sequence "Accept-Language" ":" should be omitted. This
254 is a single valued attribute type.
256 ( 2.16.840.1.113730.3.1.39
257 NAME 'preferredLanguage'
258 DESC 'preferred written or spoken language for a person'
259 EQUALITY caseIgnoreMatch
260 SUBSTR caseIgnoreSubstringsMatch
261 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
266 5.8. User S/MIME Certificate
268 A PKCS#7 [RFC2315] SignedData, where the content that is signed is
269 ignored by consumers of userSMIMECertificate values. It is recommended
270 that values have a `contentType' of data with an absent `content' field.
271 Values of this attribute contain a person's entire certificate chain and
272 an smimeCapabilities field [RFC2633] that at a minimum describes their
276 M. Smith Network Working Group [Page 5]
278 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
281 SMIME algorithm capabilities. Values for this attribute are to be
282 stored and requested in binary form, as 'userSMIMECertificate;binary'.
283 If available, this attribute is preferred over the userCertificate
284 attribute for S/MIME applications.
286 ( 2.16.840.1.113730.3.1.40
287 NAME 'userSMIMECertificate'
288 DESC 'PKCS#7 SignedData used to support S/MIME'
289 SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
294 PKCS #12 [PKCS12] provides a format for exchange of personal identity
295 information. When such information is stored in a directory service,
296 the userPKCS12 attribute should be used. This attribute is to be stored
297 and requested in binary form, as 'userPKCS12;binary'. The attribute
298 values are PFX PDUs stored as binary data.
300 ( 2.16.840.1.113730.3.1.216
302 DESC 'PKCS #12 PFX PDU for exchange of personal identity information'
303 SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
306 6. Definition of the inetOrgPerson Object Class
308 The inetOrgPerson represents people who are associated with an organiza-
309 tion in some way. It is a structural class and is derived from the
310 organizationalPerson class which is defined in X.521 [X521].
312 ( 2.16.840.1.113730.3.2.2
314 SUP organizationalPerson
317 audio $ businessCategory $ carLicense $ departmentNumber $
318 displayName $ employeeNumber $ employeeType $ givenName $ homePhone $
319 homePostalAddress $ initials $ jpegPhoto $ labeledURI $
320 mail $ manager $ mobile $ o $ pager $
321 photo $ roomNumber $ secretary $ uid $ userCertificate $
322 x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $
328 For reference, we list the following additional attribute types that are
332 M. Smith Network Working Group [Page 6]
334 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
337 part of the inetOrgPerson object class. These attribute types are
338 inherited from organizationalPerson (which in turn is derived from the
339 person object class):
342 cn $ objectClass $ sn
345 description $ destinationIndicator $ facsimileTelephoneNumber $
346 internationaliSDNNumber $ l $ ou $ physicalDeliveryOfficeName $
347 postalAddress $ postalCode $ postOfficeBox $
348 preferredDeliveryMethod $ registeredAddress $ seeAlso $
349 st $ street $ telephoneNumber $ teletexTerminalIdentifier $
350 telexNumber $ title $ userPassword $ x121Address
354 7. Example of an inetOrgPerson Entry
356 The following example is expressed using the LDIF notation defined in
360 dn: cn=Barbara Jensen,ou=Product Development,dc=siroe,dc=com
363 objectClass: organizationalPerson
364 objectClass: inetOrgPerson
367 displayName: Babs Jensen
371 title: manager, product development
373 mail: bjensen@siroe.com
374 telephoneNumber: +1 408 555 1862
375 facsimileTelephoneNumber: +1 408 555 1992
376 mobile: +1 408 555 1941
380 ou: Product Development
381 departmentNumber: 2604
383 employeeType: full time
384 preferredLanguage: fr, en-gb;q=0.8, en;q=0.7
388 M. Smith Network Working Group [Page 7]
390 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
393 labeledURI: http://www.siroe.com/users/bjensen My Home Page
396 8. Security Considerations
398 Attributes of directory entries are used to provide descriptive informa-
399 tion about the real-world objects they represent, which can be people,
400 organizations or devices. Most countries have privacy laws regarding
401 the publication of information about people.
403 Transfer of cleartext passwords are strongly discouraged where the
404 underlying transport service cannot guarantee confidentiality and may
405 result in disclosure of the password to unauthorized parties.
410 The Netscape Directory Server team created the inetOrgPerson object
411 class based on experience and customer requirements. Anil Bhavnani and
412 John Kristian in particular deserve credit for all of the early design
415 Many members of the Internet community, in particular those in the IETF
416 ASID and LDAPEXT groups, also contributed to the design of this object
422 Copyright (C) The Internet Society (1996-2000). All Rights Reserved.
424 This document and translations of it may be copied and furnished to oth-
425 ers, and derivative works that comment on or otherwise explain it or
426 assist in its implementation may be prepared, copied, published and dis-
427 tributed, in whole or in part, without restriction of any kind, provided
428 that the above copyright notice and this paragraph are included on all
429 such copies and derivative works. However, this document itself may not
430 be modified in any way, such as by removing the copyright notice or
431 references to the Internet Society or other Internet organizations,
432 except as needed for the purpose of developing Internet standards in
433 which case the procedures for copyrights defined in the Internet Stan-
434 dards process must be followed, or as required to translate it into
435 languages other than English.
437 The limited permissions granted above are perpetual and will not be
438 revoked by the Internet Society or its successors or assigns.
440 This document and the information contained herein is provided on an "AS
444 M. Smith Network Working Group [Page 8]
446 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
449 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
450 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
451 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
452 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FIT-
453 NESS FOR A PARTICULAR PURPOSE.
460 E. Hamilton, "JPEG File Interchange Format (Version 1.02)", C-Cube
461 Microsystems, Milpitas, CA, September 1, 1992.
464 G. Good, "The LDAP Data Interchange Format (LDIF) - Technical
465 Specification" INTERNET-DRAFT <draft-good-ldap-ldif-05.txt>, 19
470 "PKCS #12: Personal Information Exchange Standard", Version 1.0
471 DRAFT, 30 April 1997.
474 P. Barker, S. Kille, "The COSINE and Internet X.500 Schema", RFC
478 J. Galvin, S. Murphy, S. Crocker, N. Freed, "Security Multiparts
479 for MIME: Multipart/Signed and Multipart/Encrypted", RFC 1847,
483 R. Fielding, J. Gettys, J. Mogul, H. Frystyk, T. Berners-Lee,
484 "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2068, January 1997.
487 M. Smith, "Definition of an X.500 Attribute Type and an Object
488 Class to Hold Uniform Resource Identifiers (URIs)", RFC 2079, Janu-
492 M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access Protocol
493 (v3)", RFC 2251, December 1997.
496 M. Wahl, A. Coulbeck, T. Howes, S. Kille, W. Yeong, C. Robbins,
500 M. Smith Network Working Group [Page 9]
502 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
505 "Lightweight Directory Access Protocol (v3): Attribute Syntax
506 Definitions", RFC 2252, December 1997.
509 M. Wahl, "A Summary of the X.500(96) User Schema for use with
510 LDAPv3", RFC 2256, December 1997.
513 B. Kaliski, "PKCS #7: Cryptographic Message Syntax Version 1.5",
514 RFC 2315, March 1998.
517 B. Ramsdell, "S/MIME Version 3 Message Specification", RFC 2633,
521 ITU-T Rec. X.520, "The Directory: Selected Attribute Types", 1996.
524 ITU-T Rec. X.521, "The Directory: Selected Object Classes",
531 Netscape Communications Corp.
532 501 E. Middlefield Rd., Mailstop MV068
533 Mountain View, CA 94043, USA
534 Phone: +1 650 937-3477
535 EMail: mcs@netscape.com
538 13. Appendix A - inetOrgPerson Schema Summary
540 This appendix provides definitions of all the attribute types included
541 in the inetOrgPerson object class along with their associated syntaxes
544 13.1. Attribute Types
547 13.1.1. New attribute types that are defined in this document
549 ( 2.16.840.1.113730.3.1.1 NAME 'carLicense'
550 DESC 'vehicle license or registration plate'
551 EQUALITY caseIgnoreMatch
552 SUBSTR caseIgnoreSubstringsMatch
556 M. Smith Network Working Group [Page 10]
558 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
561 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
563 ( 2.16.840.1.113730.3.1.2
564 NAME 'departmentNumber'
565 DESC 'identifies a department within an organization'
566 EQUALITY caseIgnoreMatch
567 SUBSTR caseIgnoreSubstringsMatch
568 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
570 ( 2.16.840.1.113730.3.1.241
572 DESC 'preferred name of a person to be used when displaying entries'
573 EQUALITY caseIgnoreMatch
574 SUBSTR caseIgnoreSubstringsMatch
575 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
578 ( 2.16.840.1.113730.3.1.3
579 NAME 'employeeNumber'
580 DESC 'numerically identifies an employee within an organization'
581 EQUALITY caseIgnoreMatch
582 SUBSTR caseIgnoreSubstringsMatch
583 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
586 ( 2.16.840.1.113730.3.1.4
588 DESC 'type of employment for a person'
589 EQUALITY caseIgnoreMatch
590 SUBSTR caseIgnoreSubstringsMatch
591 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
593 ( 0.9.2342.19200300.100.1.60
596 SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
597 Note: The jpegPhoto attribute type was defined for use in the
598 Internet X.500 pilots but no referencable definition for it
601 ( 2.16.840.1.113730.3.1.39
602 NAME 'preferredLanguage'
603 DESC 'preferred written or spoken language for a person'
604 EQUALITY caseIgnoreMatch
605 SUBSTR caseIgnoreSubstringsMatch
606 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
612 M. Smith Network Working Group [Page 11]
614 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
617 ( 2.16.840.1.113730.3.1.40
618 NAME 'userSMIMECertificate'
619 DESC 'signed message used to support S/MIME'
620 SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
622 ( 2.16.840.1.113730.3.1.216
624 DESC 'PKCS #12 PFX PDU for exchange of personal identity information'
625 SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
628 13.1.2. Attribute types from RFC 2256
630 Note that the original definitions of these types can be found in X.520.
633 NAME 'businessCategory'
634 EQUALITY caseIgnoreMatch
635 SUBSTR caseIgnoreSubstringsMatch
636 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
644 EQUALITY caseIgnoreMatch
645 SUBSTR caseIgnoreSubstringsMatch
646 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
649 NAME 'destinationIndicator'
650 EQUALITY caseIgnoreMatch
651 SUBSTR caseIgnoreSubstringsMatch
652 SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
655 NAME 'facsimileTelephoneNumber'
656 SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
668 M. Smith Network Working Group [Page 12]
670 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
674 NAME 'internationaliSDNNumber'
675 EQUALITY numericStringMatch
676 SUBSTR numericStringSubstringsMatch
677 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
685 EQUALITY objectIdentifierMatch
686 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
697 NAME 'physicalDeliveryOfficeName'
698 EQUALITY caseIgnoreMatch
699 SUBSTR caseIgnoreSubstringsMatch
700 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
704 EQUALITY caseIgnoreMatch
705 SUBSTR caseIgnoreSubstringsMatch
706 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
710 EQUALITY caseIgnoreListMatch
711 SUBSTR caseIgnoreListSubstringsMatch
712 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
716 EQUALITY caseIgnoreMatch
717 SUBSTR caseIgnoreSubstringsMatch
718 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
724 M. Smith Network Working Group [Page 13]
726 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
729 NAME 'preferredDeliveryMethod'
730 SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
734 NAME 'registeredAddress'
736 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
740 SUP distinguishedName )
752 EQUALITY caseIgnoreMatch
753 SUBSTR caseIgnoreSubstringsMatch
754 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
757 NAME 'telephoneNumber'
758 EQUALITY telephoneNumberMatch
759 SUBSTR telephoneNumberSubstringsMatch
760 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
763 NAME 'teletexTerminalIdentifier'
764 SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
768 SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
775 NAME 'userCertificate'
776 SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
780 M. Smith Network Working Group [Page 14]
782 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
787 EQUALITY octetStringMatch
788 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
792 EQUALITY numericStringMatch
793 SUBSTR numericStringSubstringsMatch
794 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
797 NAME 'x500UniqueIdentifier'
798 EQUALITY bitStringMatch
799 SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
801 Some attribute types included in inetOrgPerson are derived from the
802 'name' and 'distinguishedName' attribute supertypes:
806 EQUALITY caseIgnoreMatch
807 SUBSTR caseIgnoreSubstringsMatch
808 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
811 NAME 'distinguishedName'
812 EQUALITY distinguishedNameMatch
813 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
816 13.1.3. Attribute types from RFC 1274
818 ( 0.9.2342.19200300.100.1.55
820 EQUALITY octetStringMatch
821 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{250000} )
822 Note: The syntax used here for the audio attribute type is Octet
823 String. RFC 1274 uses a syntax called audio which is not defined
826 ( 0.9.2342.19200300.100.1.20
828 EQUALITY telephoneNumberMatch
829 SUBSTR telephoneNumberSubstringsMatch
830 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
831 Note: RFC 1274 uses the longer name 'homeTelephoneNumber'.
836 M. Smith Network Working Group [Page 15]
838 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
841 ( 0.9.2342.19200300.100.1.39
842 NAME 'homePostalAddress'
843 EQUALITY caseIgnoreListMatch
844 SUBSTR caseIgnoreListSubstringsMatch
845 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
847 ( 0.9.2342.19200300.100.1.3
849 EQUALITY caseIgnoreIA5Match
850 SUBSTR caseIgnoreIA5SubstringsMatch
851 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
852 Note: RFC 1274 uses the longer name 'rfc822Mailbox' and syntax OID
853 of 0.9.2342.19200300.100.3.5. All recent LDAP documents and most
854 deployed LDAP implementations refer to this attribute as 'mail'
855 and define the IA5 String syntax using using the OID
856 1.3.6.1.4.1.1466.115.121.1.26, as is done here.
858 ( 0.9.2342.19200300.100.1.10
860 EQUALITY distinguishedNameMatch
861 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
863 ( 0.9.2342.19200300.100.1.41
865 EQUALITY telephoneNumberMatch
866 SUBSTR telephoneNumberSubstringsMatch
867 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
868 Note: RFC 1274 uses the longer name 'mobileTelephoneNumber'.
870 ( 0.9.2342.19200300.100.1.42
872 EQUALITY telephoneNumberMatch
873 SUBSTR telephoneNumberSubstringsMatch
874 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
875 Note: RFC 1274 uses the longer name 'pagerTelephoneNumber'.
877 ( 0.9.2342.19200300.100.1.7
879 Note: Photo attribute values are encoded in G3 fax format with an
880 ASN.1 wrapper. Please refer to RFC 1274 section 9.3.7 for
881 detailed syntax information for this attribute.
883 ( 0.9.2342.19200300.100.1.6
885 EQUALITY caseIgnoreMatch
886 SUBSTR caseIgnoreSubstringsMatch
887 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
892 M. Smith Network Working Group [Page 16]
894 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
897 ( 0.9.2342.19200300.100.1.21
899 EQUALITY distinguishedNameMatch
900 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
902 ( 0.9.2342.19200300.100.1.1
904 EQUALITY caseIgnoreMatch
905 SUBSTR caseIgnoreSubstringsMatch
906 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
907 Note: RFC 1274 uses the longer name 'userid'.
910 13.1.4. Attribute type from RFC 2079
912 ( 1.3.6.1.4.1.250.1.57
914 EQUALITY caseExactMatch
915 SUBSTR caseExactSubstringsMatch
916 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
922 13.2.1. Syntaxes from RFC 2252
924 ( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' )
926 ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )
928 ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' )
930 ( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' )
932 ( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' )
934 ( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Number' )
936 ( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' )
938 ( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' )
940 ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )
942 ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )
944 ( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )
948 M. Smith Network Working Group [Page 17]
950 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
953 ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )
955 ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' )
958 13.2.2. Syntaxes from RFC 2256
960 ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )
962 ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' )
964 ( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identifier' )
966 ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' )
973 13.3.1. Matching rules from RFC 2252
975 Note that the original definition of many of these matching rules can be
978 ( 2.5.13.16 NAME 'bitStringMatch'
979 SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
981 ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match'
982 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
984 ( 2.5.13.11 NAME 'caseIgnoreListMatch'
985 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
987 ( 2.5.13.2 NAME 'caseIgnoreMatch'
988 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
990 ( 2.5.13.1 NAME 'distinguishedNameMatch'
991 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
993 ( 2.5.13.8 NAME 'numericStringMatch'
994 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
996 ( 2.5.13.0 NAME 'objectIdentifierMatch'
997 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
999 ( 2.5.13.20 NAME 'telephoneNumberMatch'
1000 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
1004 M. Smith Network Working Group [Page 18]
1006 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
1009 13.3.2. Matching rule from RFC 2256
1011 Note that the original definition of this matching rule can be found in
1014 ( 2.5.13.17 NAME 'octetStringMatch'
1015 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
1019 13.3.3. Additional matching rules from X.520
1023 ( 2.5.13.5 NAME 'caseExactMatch'
1024 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1026 This rule determines whether a presented string exactly matches an
1027 attribute value of syntax DirectoryString. It is identical to caseIg-
1028 noreMatch except that case is not ignored. Multiple adjoining whi-
1029 tespace characters are treated the same as an individual space, and
1030 leading and trailing whitespace is ignored.
1033 caseExactSubstringsMatch
1035 ( 2.5.13.7 NAME 'caseExactSubstringsMatch'
1036 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1038 This rules determines whether the initial, any and final substring ele-
1039 ments in a presented value are present in an attribute value of syntax
1040 DirectoryString. It is identical to caseIgnoreSubstringsMatch except
1041 that case is not ignored.
1044 caseIgnoreListSubstringsMatch
1046 ( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch'
1047 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
1049 This rule compares a presented substring with an attribute value which
1050 is a sequence of DirectoryStrings, but where the case of letters is not
1051 significant for comparison purposes. A presented value matches a stored
1052 value if and only if the presented value matches the string formed by
1053 concatenating the strings of the stored value. Matching is done accord-
1054 ing to the caseIgnoreSubstringsMatch rule except that none of the ini-
1055 tial, final, or any values of the presented value match a substring of
1056 the concatenated string which spans more than one of the strings of the
1060 M. Smith Network Working Group [Page 19]
1062 INTERNET-DRAFT The LDAP inetOrgPerson Object Class 31 January 2000
1068 13.3.4. Matching rules not defined in any referenced document
1070 caseIgnoreIA5SubstringsMatch
1072 ( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch'
1073 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
1075 This rules determines whether the initial, any and final substring ele-
1076 ments in a presented value are present in an attribute value of syntax
1077 IA5 String without regard to the case of the letters in the strings. It
1078 is expected that this matching rule will be added to an update of RFC
1082 14. Appendix B - Change History
1084 Changes since draft-smith-ldap-inetorgperson-03.txt:
1086 Replaced the definition of the User S/MIME Certificate attribute type
1087 (userSMIMECertificate) with a much more precise definition (section
1088 5.8). The new definition required two new references to be added:
1089 RFC 2315 and RFC 2633 (section 11).
1091 Removed extra closing parenthesis `)' after the userPKCS12 definition
1094 Updated the [LDIF] reference to point to the latest draft (section
1095 11) and added a "version: 1" line to the LDIF example (section 7).
1096 Also replaced all occurrences of "Airius" and with "Siroe" in the
1097 example since we don't have permission to use the Airius name.
1099 Corrected the SYNTAX OIDs for userSMIMECertificate and userPKCS12 in
1100 Appendix A to match that used in the main text (section 13.1.1).
1102 Improved the note included in Appendix A that discusses the
1103 `rfc822Mailbox' vs. `mail' issue (section 13.1.3).
1105 Updated the copyright year range to includ 2000 (sections 1 and 10).
1108 This Internet Draft expires on 31 July 2000.
1116 M. Smith Network Working Group [Page 20]